1 files changed, 161 insertions, 0 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
new file mode 100644
index 000000000..45369ff49
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
@@ -0,0 +1,161 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlverify.XMLSignatureVerificationProfileImpl;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * A factory to create a <code>XMLSignatureVerificationProfile</code> from a
+ * <code>VerifyXMLSignatureRequest</code>, based on the current MOA
+ * configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationProfileFactory {
+
+  /** The <code>VerifyXMLSignatureRequest</code> for which to create profile
+   * information. */
+  private VerifyXMLSignatureRequest request;
+
+  /**
+   * Create a new <code>XMLSignatureVerificationProfileFactory</code>.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> to extract 
+   * profile data from.
+   */
+  public XMLSignatureVerificationProfileFactory(VerifyXMLSignatureRequest request) {
+    this.request = request;
+  }
+
+  /**
+   * Create a <code>XMLSignatureCreationProfile</code> from the
+   * <code>VerifyXMLSignaturesRequest</code> and the current MOA configuration.
+   * 
+   * @return The <code>XMLSignatureVerificationProfile</code> containing
+   * additional information for verifying an XML signature.
+   * @throws MOASystemException A system error occurred building the profile.
+   * @throws MOAApplicationException An error occurred building the profile.
+   */
+  public XMLSignatureVerificationProfile createProfile()
+    throws MOASystemException, MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    XMLSignatureVerificationProfileImpl profile =
+      new XMLSignatureVerificationProfileImpl();
+    SignatureManifestCheckParams checkParams;
+    String trustProfileID;
+
+    // set whether to check XMLDsig manifests
+    profile.setCheckXMLDsigManifests(true);
+
+    // set the certificate validation profile
+    trustProfileID = request.getTrustProfileId();
+    profile.setCertificateValidationProfile(
+      new PKIProfileImpl(config, trustProfileID));
+
+    // set whether hash input data is to be included
+    profile.setIncludeHashInputData(request.getReturnHashInputData());
+
+    // set the security layer manifest check parameters
+    // and transformation supplements (if present) 
+    checkParams = request.getSignatureManifestCheckParams();
+    profile.setCheckSecurityLayerManifest(true);
+    profile.setIncludeReferenceInputData(checkParams != null ? checkParams.getReturnReferenceInputData() : false);
+    if (checkParams != null) {
+        List transformationSupplements;
+        transformationSupplements = buildTransformationSupplements();
+        profile.setTransformationSupplements(transformationSupplements);
+    } else {
+        profile.setTransformationSupplements(Collections.EMPTY_LIST);
+    }
+    
+    profile.setPermitFileURIs(config.getPermitFileURIs());
+    
+    return profile;
+  }
+
+  /**
+   * Build supplemental data objects used in the transformations.
+   * 
+   * @return A <code>List</code> of <code>DataObject</code>s providing
+   * supplemental data to the transformations.
+   * @throws MOASystemException A system error occurred building one of the
+   * transformations.
+   * @throws MOAApplicationException An error occurred building one of the
+   * transformations.
+   */
+  public List buildTransformationSupplements()
+    throws MOASystemException, MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    SignatureManifestCheckParams checkParams =
+      request.getSignatureManifestCheckParams();
+    List transformsProfiles = new ArrayList();
+    List transformationSupplements = new ArrayList();
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    List refInfos = checkParams.getReferenceInfos();
+    Iterator refIter;
+    Iterator prIter;
+    Iterator trIter;
+
+    // build the list of all VerifyTransformsInfoProfiles in all ReferenceInfos
+    refInfos = checkParams.getReferenceInfos();
+    for (refIter = refInfos.iterator(); refIter.hasNext();) {
+      ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
+      List profiles = refInfo.getVerifyTransformsInfoProfiles();
+
+      transformsProfiles.addAll(
+        ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config));
+    }
+
+    // build the DataObjects
+    for (prIter = transformsProfiles.iterator(); prIter.hasNext();) {
+      VerifyTransformsInfoProfileExplicit profile =
+        (VerifyTransformsInfoProfileExplicit) prIter.next();
+      List transformParameters = profile.getTransformParameters();
+
+      for (trIter = transformParameters.iterator(); trIter.hasNext();) {
+        TransformParameter trParam = (TransformParameter) trIter.next();
+        transformationSupplements.add(
+          factory.createFromTransformParameter(trParam));
+      }
+    }
+    
+    return transformationSupplements;
+  }
+
+}