aboutsummaryrefslogtreecommitdiff
path: root/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
diff options
context:
space:
mode:
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java')
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java42
1 files changed, 37 insertions, 5 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index adaf0d376..290841c66 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -40,6 +40,8 @@ import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
import iaik.x509.X509Certificate;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
import java.io.File;
import java.io.FileInputStream;
@@ -85,6 +87,7 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.util.CollectionUtils;
import at.gv.egovernment.moa.util.Constants;
@@ -188,7 +191,7 @@ public class XMLSignatureVerificationInvoker {
// build profile
profile = profileFactory.createProfile();
-
+
// get the signingTime
signingTime = request.getDateTime();
@@ -205,6 +208,13 @@ public class XMLSignatureVerificationInvoker {
requestElement);
}
+ boolean checkQCFromTSL = false;
+ boolean checkSSCDFromTSL = false;
+
+ String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ TrustProfile tp = config.getTrustProfile(tpID);
+
// verify the signature
try {
XMLSignatureVerificationModule module =
@@ -219,6 +229,24 @@ public class XMLSignatureVerificationInvoker {
profile,
signingTime,
new TransactionId(context.getTransactionID()));
+ if (tp.isTSLEnabled()) {
+ List list = result.getCertificateValidationResult().getCertificateChain();
+ if (list != null) {
+ X509Certificate[] chain = new X509Certificate[list.size()];
+
+
+ Iterator it = list.iterator();
+ int i = 0;
+ while(it.hasNext()) {
+ chain[i] = (X509Certificate)it.next();
+ i++;
+ }
+
+ checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+ checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+ }
+
+ }
} catch (IAIKException e) {
MOAException moaException = IaikExceptionMapper.getInstance().map(e);
@@ -226,7 +254,13 @@ public class XMLSignatureVerificationInvoker {
} catch (IAIKRuntimeException e) {
MOAException moaException = IaikExceptionMapper.getInstance().map(e);
throw moaException;
- }
+ } catch (TSLEngineDiedException e) {
+ MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+ throw moaException;
+ } catch (TSLSearchException e) {
+ MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+ throw moaException;
+ }
// swap back in the request as root document
if (requestElement != signatureEnvironment.getElement()) {
@@ -236,7 +270,6 @@ public class XMLSignatureVerificationInvoker {
signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
}
-
// check the result
signatureManifestCheck =
validateSignatureManifest(request, result, profile);
@@ -244,10 +277,9 @@ public class XMLSignatureVerificationInvoker {
// Check if signer certificate is in trust profile's allowed signer certificates pool
TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
-
// build the response
- responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck);
+ responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQCFromTSL, checkSSCDFromTSL, tp.isTSLEnabled());
return responseBuilder.getResponse();
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 15:56:44 +0000