diff options
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java')
-rw-r--r-- | spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index adaf0d376..290841c66 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -40,6 +40,8 @@ import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory; import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; import iaik.x509.X509Certificate; +import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; +import iaik.xml.crypto.tsl.ex.TSLSearchException; import java.io.File; import java.io.FileInputStream; @@ -85,6 +87,7 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.util.CollectionUtils; import at.gv.egovernment.moa.util.Constants; @@ -188,7 +191,7 @@ public class XMLSignatureVerificationInvoker { // build profile profile = profileFactory.createProfile(); - + // get the signingTime signingTime = request.getDateTime(); @@ -205,6 +208,13 @@ public class XMLSignatureVerificationInvoker { requestElement); } + boolean checkQCFromTSL = false; + boolean checkSSCDFromTSL = false; + + String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId(); + ConfigurationProvider config = ConfigurationProvider.getInstance(); + TrustProfile tp = config.getTrustProfile(tpID); + // verify the signature try { XMLSignatureVerificationModule module = @@ -219,6 +229,24 @@ public class XMLSignatureVerificationInvoker { profile, signingTime, new TransactionId(context.getTransactionID())); + if (tp.isTSLEnabled()) { + List list = result.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + + Iterator it = list.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); + checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); + } + + } } catch (IAIKException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); @@ -226,7 +254,13 @@ public class XMLSignatureVerificationInvoker { } catch (IAIKRuntimeException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; - } + } catch (TSLEngineDiedException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (TSLSearchException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } // swap back in the request as root document if (requestElement != signatureEnvironment.getElement()) { @@ -236,7 +270,6 @@ public class XMLSignatureVerificationInvoker { signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); } - // check the result signatureManifestCheck = validateSignatureManifest(request, result, profile); @@ -244,10 +277,9 @@ public class XMLSignatureVerificationInvoker { // Check if signer certificate is in trust profile's allowed signer certificates pool TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); CheckResult certificateCheck = validateSignerCertificate(result, trustProfile); - // build the response - responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck); + responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQCFromTSL, checkSSCDFromTSL, tp.isTSLEnabled()); return responseBuilder.getResponse(); } |