aboutsummaryrefslogtreecommitdiff
path: root/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
diff options
context:
space:
mode:
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java')
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java209
1 files changed, 42 insertions, 167 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 6aa34573e..7a4103957 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -60,6 +60,7 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
/**
* A class providing an interface to the
@@ -185,6 +186,8 @@ public class CMSSignatureVerificationInvoker {
}
}
+ QCSSCDResult qcsscdresult = new QCSSCDResult();
+
// build the response: for each signatory add the result to the response
signatories = request.getSignatories();
if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) {
@@ -192,61 +195,28 @@ public class CMSSignatureVerificationInvoker {
for (resultIter = results.iterator(); resultIter.hasNext();) {
result = (CMSSignatureVerificationResult) resultIter.next();
- boolean sscdSourceTSL = false;
- boolean qcSourceTSL = false;
-
- boolean checkQC = false;
- boolean checkSSCD = false;
-
- List chain = result.getCertificateValidationResult().getCertificateChain();
- // check QC and SSCD via TSL (if enabled)
- boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
- boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
-
- if (!checkSSCDFromTSL) {
-
- boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
- boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
-
- if (checkQCPPlus)
- checkSSCD = true;
- if (checkQcEuSSCD)
- checkSSCD = true;
-
- sscdSourceTSL = false;
-
- System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
- System.out.println("checkQCPPlus: " + checkQCPPlus);
- System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
- }
- else {
- checkSSCD = true;
- sscdSourceTSL = true;
- }
-
- if (!checkQCFromTSL) {
-
- boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
- boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
-
- if (checkQCP)
- checkQC = true;
- if (checkQcEuCompliance)
- checkQC = true;
-
- qcSourceTSL = false;
-
- System.out.println("checkQCFromTSL: " + checkQCFromTSL);
- System.out.println("checkQCP: " + checkQCP);
- System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
- }
- else {
- checkQC = true;
- qcSourceTSL = true;
+ String issuerCountryCode = null;
+ // QC/SSCD check
+ List list = result.getCertificateValidationResult().getCertificateChain();
+ if (list != null) {
+ X509Certificate[] chain = new X509Certificate[list.size()];
+
+ Iterator it = list.iterator();
+ int i = 0;
+ while(it.hasNext()) {
+ chain[i] = (X509Certificate)it.next();
+ i++;
+ }
+
+
+ qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+ // get signer certificate issuer country code
+ issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+
}
-
- responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
+ responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
}
} else {
int i;
@@ -257,64 +227,27 @@ public class CMSSignatureVerificationInvoker {
try {
result =
(CMSSignatureVerificationResult) results.get(signatories[i] - 1);
- boolean sscdSourceTSL = false;
- boolean qcSourceTSL = false;
- boolean checkQC = false;
- boolean checkSSCD = false;
-
- List chain = result.getCertificateValidationResult().getCertificateChain();
- // check QC and SSCD via TSL (if enabled)
- boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
- boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
-
- if (!checkSSCDFromTSL) {
-
- boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
- boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
-
- if (checkQCPPlus)
- checkSSCD = true;
- if (checkQcEuSSCD)
- checkSSCD = true;
-
- sscdSourceTSL = false;
-
- System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
- System.out.println("checkQCPPlus: " + checkQCPPlus);
- System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
- }
- else {
- checkSSCD = true;
- sscdSourceTSL = true;
- }
-
- if (!checkQCFromTSL) {
-
- boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
- boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
-
- if (checkQCP)
- checkQC = true;
- if (checkQcEuCompliance)
- checkQC = true;
-
- qcSourceTSL = false;
-
- System.out.println("checkQCFromTSL: " + checkQCFromTSL);
- System.out.println("checkQCP: " + checkQCP);
- System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
-
- }
- else {
- checkQC = true;
- qcSourceTSL = true;
+ String issuerCountryCode = null;
+ // QC/SSCD check
+ List list = result.getCertificateValidationResult().getCertificateChain();
+ if (list != null) {
+ X509Certificate[] chain = new X509Certificate[list.size()];
+
+ Iterator it = list.iterator();
+ int j = 0;
+ while(it.hasNext()) {
+ chain[j] = (X509Certificate)it.next();
+ j++;
+ }
+
+
+ qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+ issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
}
-
-
-
- responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
+ responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
} catch (IndexOutOfBoundsException e) {
throw new MOAApplicationException(
"2249",
@@ -326,65 +259,7 @@ public class CMSSignatureVerificationInvoker {
return responseBuilder.getResponse();
}
- private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) {
- boolean checkQCFromTSL = false;
- try {
- if (tslEnabledTrustProfile) {
- if (chainlist != null) {
- X509Certificate[] chain = new X509Certificate[chainlist.size()];
-
- Iterator it = chainlist.iterator();
- int i = 0;
- while(it.hasNext()) {
- chain[i] = (X509Certificate)it.next();
- i++;
- }
-
- checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
- //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
- }
- }
- }
- catch (TSLEngineDiedException e) {
- MessageProvider msg = MessageProvider.getInstance();
- Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
- } catch (TSLSearchException e) {
- MessageProvider msg = MessageProvider.getInstance();
- Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
- }
-
- return checkQCFromTSL;
- }
-
- private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) {
- boolean checkSSCDFromTSL = false;
- try {
- if (tslEnabledTrustProfile) {
- if (chainlist != null) {
- X509Certificate[] chain = new X509Certificate[chainlist.size()];
-
- Iterator it = chainlist.iterator();
- int i = 0;
- while(it.hasNext()) {
- chain[i] = (X509Certificate)it.next();
- i++;
- }
-
- checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
- }
- }
- }
- catch (TSLEngineDiedException e) {
- MessageProvider msg = MessageProvider.getInstance();
- Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
- } catch (TSLSearchException e) {
- MessageProvider msg = MessageProvider.getInstance();
- Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
- }
-
- return checkSSCDFromTSL;
- }
-
+
/**
* Get the signed content contained either in the request itself or given as a
* reference to external data.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 04:27:20 +0000