aboutsummaryrefslogtreecommitdiff
path: root/spss/server/serverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv')
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java24
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java7
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java40
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java66
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java18
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java17
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java17
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java35
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java9
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java7
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java10
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java36
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java16
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java11
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java66
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java17
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java44
17 files changed, 413 insertions, 27 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 0aedba6a6..1a778ad2b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -22,17 +22,17 @@ import java.util.Date;
import java.util.List;
import java.util.Map;
+import org.apache.commons.discovery.tools.DiscoverClass;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-import org.apache.commons.discovery.tools.DiscoverClass;
-
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.Content;
import at.gv.egovernment.moa.spss.api.common.MetaInfo;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -434,6 +434,7 @@ public abstract class SPSSFactory {
* @param signerInfo Information about the signer certificate.
* @param signatureCheck Result of the singature value check.
* @param certificateCheck Result of the certificate status check.
+ * @param tslCheck Result of the TSL check
* @return The new <code>VerifyCMSSignatureResponseElement</code> containing
* the above data.
*
@@ -444,7 +445,8 @@ public abstract class SPSSFactory {
public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
SignerInfo signerInfo,
CheckResult signatureCheck,
- CheckResult certificateCheck);
+ CheckResult certificateCheck,
+ CheckTSLResult tslCheck);
//
// Factory methods for verifying XML signatures
@@ -698,7 +700,8 @@ public abstract class SPSSFactory {
ReferencesCheckResult signatureCheck,
ReferencesCheckResult signatureManifestCheck,
List xmlDsigManifestChecks,
- CheckResult certificateCheck);
+ CheckResult certificateCheck,
+ CheckTSLResult tslCheck);
/**
* Create a new <code>ReferencesCheckResult</code> object.
@@ -988,6 +991,19 @@ public abstract class SPSSFactory {
public abstract CheckResult createCheckResult(int code, NodeList info);
/**
+ * Create a new <code>CheckTSLResult</code> object.
+ *
+ * @param code The numerical error code.
+ * @param info Verbose error information.
+ * @return The new <code>CheckTSLResult</code> containing the above data.
+ *
+ * @pre code >= 0
+ * @pre info != null
+ * @post return != null
+ */
+ public abstract CheckTSLResult createCheckTSLResult(int code, String info);
+
+ /**
* Create a new <code>SignerInfo</code> object.
*
* @param signerCertificate The signer certificate in binary form.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
index 26fd5911d..e2f44c540 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
@@ -16,6 +16,7 @@
package at.gv.egovernment.moa.spss.api.cmsverify;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
/**
@@ -44,4 +45,10 @@ public interface VerifyCMSSignatureResponseElement {
* @return The result of the certificate verification.
*/
public CheckResult getCertificateCheck();
+ /**
+ * Gets the result of the TSL verification
+ *
+ * @return The result of the TSL verification
+ */
+ public CheckTSLResult getTSLCheck();
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java
new file mode 100644
index 000000000..f31512cdb
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java
@@ -0,0 +1,40 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Object encapsulating the result of a TSL verification.
+ *
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id: CheckResult.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public interface CheckTSLResult {
+ /**
+ * Gets the result code.
+ *
+ * @return The result code.
+ */
+ public int getCode();
+ /**
+ * Gets descriptive information.
+ *
+ * @return Descriptive information.
+ */
+ public String getInfo();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java
new file mode 100644
index 000000000..62f3ab979
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java
@@ -0,0 +1,66 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
+
+/**
+ * Default implementation of <code>CheckTSLResult</code>.
+ *
+ * @author Fatemeh Philippi
+ * @author Klaus Stranacher
+ * @version $Id: CheckResultImpl.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public class CheckTSLResultImpl implements CheckTSLResult {
+ /** The result code. */
+ private int code;
+
+ /** Additional information. */
+ private String info;
+
+ /**
+ * Sets a result code.
+ *
+ * @param code The result code.
+ */
+ public void setCode(int code) {
+ this.code = code;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getCode()
+ */
+ public int getCode() {
+ return code;
+ }
+
+ /**
+ * Sets a descriptive information.
+ *
+ * @param info The descriptive information.
+ */
+ public void setInfo(String info) {
+ this.info = info;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getInfo()
+ */
+ public String getInfo() {
+ return info;
+ }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index f0d16046c..8cf06bb15 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -32,6 +32,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.Content;
import at.gv.egovernment.moa.spss.api.common.MetaInfo;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -259,12 +260,15 @@ public class SPSSFactoryImpl extends SPSSFactory {
public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
SignerInfo signerInfo,
CheckResult signatureCheck,
- CheckResult certificateCheck) {
+ CheckResult certificateCheck,
+ CheckTSLResult tslCheck) {
VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement =
new VerifyCMSSignatureResponseElementImpl();
verifyCMSSignatureResponseElement.setSignerInfo(signerInfo);
verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck);
verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck);
+ verifyCMSSignatureResponseElement.setTSLCheck(tslCheck);
+
return verifyCMSSignatureResponseElement;
}
@@ -390,7 +394,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
ReferencesCheckResult signatureCheck,
ReferencesCheckResult signatureManifestCheck,
List xmlDsigManifestChecks,
- CheckResult certificateCheck) {
+ CheckResult certificateCheck,
+ CheckTSLResult tslCheck) {
VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse =
new VerifyXMLSignatureResponseImpl();
verifyXMLSignatureResponse.setSignerInfo(signerInfo);
@@ -401,6 +406,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
signatureManifestCheck);
verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
verifyXMLSignatureResponse.setCertificateCheck(certificateCheck);
+ verifyXMLSignatureResponse.setTSLCheck(tslCheck);
+
return verifyXMLSignatureResponse;
}
@@ -557,6 +564,13 @@ public class SPSSFactoryImpl extends SPSSFactory {
checkResult.setInfo(info);
return checkResult;
}
+
+ public CheckTSLResult createCheckTSLResult(int code, String info) {
+ CheckTSLResultImpl checkTSLResult = new CheckTSLResultImpl();
+ checkTSLResult.setCode(code);
+ checkTSLResult.setInfo(info);
+ return checkTSLResult;
+ }
public SignerInfo createSignerInfo(
X509Certificate signerCertificate,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
index 322e83baa..f80c4ace2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
@@ -17,6 +17,7 @@ package at.gv.egovernment.moa.spss.api.impl;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
/**
@@ -34,7 +35,9 @@ public class VerifyCMSSignatureResponseElementImpl
private CheckResult signatureCheck;
/** Information about the certificate check. */
private CheckResult certificateCheck;
-
+ /** Information about the TSL check */
+ private CheckTSLResult tslCheck;
+
/**
* Sets a SignerInfo element according to CMS.
*
@@ -73,5 +76,17 @@ public class VerifyCMSSignatureResponseElementImpl
public CheckResult getCertificateCheck() {
return certificateCheck;
}
+
+ /**
+ * Sets a result of the TSL verification.
+ *
+ * @param tslCheck The result of the TSL verification.
+ */
+ public void setTSLCheck(CheckTSLResult tslCheck) {
+ this.tslCheck = tslCheck;
+ }
+ public CheckTSLResult getTSLCheck() {
+ return tslCheck;
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
index 3777e8958..ea6a180a7 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -20,6 +20,7 @@ import java.util.Collections;
import java.util.List;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
@@ -52,7 +53,9 @@ public class VerifyXMLSignatureResponseImpl
private List xmlDsigManifestChecks = new ArrayList();
/** Information about the certificate check. */
private CheckResult certificateCheck;
-
+ /** Information about the TSL check. */
+ private CheckTSLResult tslCheck;
+
/**
* Sets information about the signer certificate.
*
@@ -136,6 +139,18 @@ public class VerifyXMLSignatureResponseImpl
public CheckResult getCertificateCheck() {
return certificateCheck;
}
+ /**
+ * Sets the result of the TSL verification.
+ *
+ * @param certificateCheck The result of the TSL verification.
+ */
+ public void setTSLCheck(CheckTSLResult tslCheck) {
+ this.tslCheck = tslCheck;
+ }
+
+ public CheckTSLResult getTSLCheck() {
+ return tslCheck;
+ }
/**
* Sets the XMLDSigManifestChecks.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 3bef8659a..30d19023a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -217,5 +217,40 @@ class ResponseBuilderUtils {
}
root.appendChild(codeInfoElem);
}
+
+ /**
+ * Add an element containing <code>Code</code> and <code>Info</code>
+ * subelements.
+ *
+ * @param response The response document, in order to create new elements in
+ * it.
+ * @param root The root element into which to insert the newly created
+ * element.
+ * @param elementName The name of the newly created element.
+ * @param code The content of the <code>Code</code> subelement.
+ * @param info The content of the <code>Info</code> subelement.
+ */
+ public static void addCodeInfoElement(
+ Document response,
+ Element root,
+ String elementName,
+ int code,
+ String info) {
+
+ Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+ Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+ Element infoElem;
+ int i;
+
+ codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+ codeInfoElem.appendChild(codeElem);
+
+ if (info != null) {
+ infoElem = response.createElementNS(MOA_NS_URI, "Info");
+ infoElem.appendChild(response.createTextNode(info));
+ codeInfoElem.appendChild(infoElem);
+ }
+ root.appendChild(codeInfoElem);
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 80d8575f9..2e4a95a89 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -25,6 +25,7 @@ import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
/**
@@ -89,6 +90,7 @@ public class VerifyCMSSignatureResponseBuilder {
SignerInfo signerInfo = responseElement.getSignerInfo();
CheckResult signatureCheck = responseElement.getSignatureCheck();
CheckResult certCheck = responseElement.getCertificateCheck();
+ CheckTSLResult tslCheck = responseElement.getTSLCheck();
ResponseBuilderUtils.addSignerInfo(
responseDoc,
@@ -111,6 +113,13 @@ public class VerifyCMSSignatureResponseBuilder {
"CertificateCheck",
certCheck.getCode(),
certCheck.getInfo());
+
+ ResponseBuilderUtils.addCodeInfoElement(
+ responseDoc,
+ responseElem,
+ "TSLCheck",
+ tslCheck.getCode(),
+ tslCheck.getInfo());
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index a8be59766..dedb1dc88 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -135,6 +135,13 @@ public class VerifyXMLSignatureResponseBuilder {
"CertificateCheck",
response.getCertificateCheck().getCode(),
response.getCertificateCheck().getInfo());
+
+ ResponseBuilderUtils.addCodeInfoElement(
+ responseDoc,
+ responseElem,
+ "TSLCheck",
+ response.getTSLCheck().getCode(),
+ response.getTSLCheck().getInfo());
return responseDoc;
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
index 01fe9cf2c..63da503cb 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -18,6 +18,7 @@ package at.gv.egovernment.moa.spss.api.xmlverify;
import java.util.List;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
/**
@@ -71,5 +72,14 @@ public interface VerifyXMLSignatureResponse {
* @return The result of the certificate verification.
*/
public CheckResult getCertificateCheck();
+
+ /**
+ * Gets the result of the TSL verification.
+ *
+ * @return The result of the TSL verification.
+ */
+ public CheckTSLResult getTSLCheck();
+
+
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 3ad7b761f..51669026f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -949,7 +949,8 @@ public class ConfigurationPartsBuilder {
String id = getElementValue(profileElem, CONF + "Id", null);
String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
-
+ String tslLocStr = getElementValue(profileElem, CONF + "TSLLocation", null);
+
URI trustAnchorsLocURI = null;
try
{
@@ -973,6 +974,34 @@ public class ConfigurationPartsBuilder {
warn("config.27", new Object[] { "uri", id });
continue;
}
+
+
+ URI tslLocURI = null;
+ if (tslLocStr != null) {
+
+ try
+ {
+ tslLocURI = new URI(tslLocStr);
+ if (!tslLocURI.isAbsolute()) { // make it absolute to the config file
+ tslLocURI = new URI(configRoot_.toURL() + tslLocStr);
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "uriTSL", id, tslLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e)
+ {
+ warn("config.33", new Object[] {id}, e);
+ continue;
+ }
+
+ File profileDirTSL = new File(tslLocURI.getPath());
+ if (!profileDirTSL.exists() || !profileDirTSL.isDirectory()) {
+ warn("config.27", new Object[] { "uriTSL", id });
+ continue;
+ }
+ }
if (trustProfiles.containsKey(id)) {
warn("config.04", new Object[] { "TrustProfile", id });
@@ -1004,7 +1033,10 @@ public class ConfigurationPartsBuilder {
}
signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
- TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr);
+ String tslLocURIString = null;
+ if (tslLocURI != null)
+ tslLocURIString = tslLocURI.toString();
+ TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslLocURIString);
trustProfiles.put(id, profile);
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 85d3947aa..66c08e34e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -28,7 +28,9 @@ public class TrustProfile {
private String uri;
/** The URI giving the location of the allowed signer certificates. */
private String signerCertsUri;
-
+ /** The URI giving the location of the TSLs */
+ private String uriTSL;
+
/**
* Create a <code>TrustProfile</code>.
*
@@ -36,11 +38,13 @@ public class TrustProfile {
* @param uri The URI of the <code>TrustProfile</code> to create.
* @param signerCertsUri The URI of the location of the allowed signer
* certificates of the <code>TrustProfile</code> to create.
+ * @param uriTSL The URI to the TSLs
*/
- public TrustProfile(String id, String uri, String signerCertsUri) {
+ public TrustProfile(String id, String uri, String signerCertsUri, String uriTSL) {
this.id = id;
this.uri = uri;
this.signerCertsUri = signerCertsUri;
+ this.uriTSL = uriTSL;
}
/**
@@ -70,4 +74,12 @@ public class TrustProfile {
public String getSignerCertsUri() {
return signerCertsUri;
}
+
+ /**
+ * Return the URI of the location of the TSLS
+ * @return The URI of the location of the TSLS
+ */
+ public String getUriTSL() {
+ return uriTSL;
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 96c8b984e..b5c1023ab 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
@@ -113,7 +114,11 @@ public class CMSSignatureVerificationInvoker {
// get the signature
signature = request.getCMSSignature();
+ // get the actual trustprofile
+ TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+
try {
+
// get the signed content
signedContent = getSignedContent(request);
@@ -169,7 +174,7 @@ public class CMSSignatureVerificationInvoker {
for (resultIter = results.iterator(); resultIter.hasNext();) {
result = (CMSSignatureVerificationResult) resultIter.next();
- responseBuilder.addResult(result);
+ responseBuilder.addResult(result, trustProfile);
}
} else {
int i;
@@ -180,7 +185,7 @@ public class CMSSignatureVerificationInvoker {
try {
result =
(CMSSignatureVerificationResult) results.get(signatories[i] - 1);
- responseBuilder.addResult(result);
+ responseBuilder.addResult(result, trustProfile);
} catch (IndexOutOfBoundsException e) {
throw new MOAApplicationException(
"2249",
@@ -188,7 +193,7 @@ public class CMSSignatureVerificationInvoker {
}
}
}
-
+
return responseBuilder.getResponse();
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 8a0b3de13..b7bdbc9b8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -15,19 +15,25 @@
*/
package at.gv.egovernment.moa.spss.server.invoke;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.server.modules.cmsverify.CertificateValidationResult;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
-
-import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
-import iaik.server.modules.cmsverify.CertificateValidationResult;
+import java.util.ListIterator;
import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
/**
* A class to build a <code>VerifyCMSSignatureResponse</code> object.
@@ -60,21 +66,24 @@ public class VerifyCMSSignatureResponseBuilder {
* Add a verification result to the response.
*
* @param result The result to add.
- * @throws MOAApplicationException An error occurred adding the result.
+ * @param trustprofile The actual trustprofile
+ * @throws MOAException
*/
- public void addResult(CMSSignatureVerificationResult result)
- throws MOAApplicationException {
+ public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile)
+ throws MOAException {
CertificateValidationResult certResult =
result.getCertificateValidationResult();
int signatureCheckCode =
result.getSignatureValueVerificationCode().intValue();
int certificateCheckCode = certResult.getValidationResultCode().intValue();
+
VerifyCMSSignatureResponseElement responseElement;
SignerInfo signerInfo;
CheckResult signatureCheck;
CheckResult certificateCheck;
-
+ CheckTSLResult tslCheck;
+
// add SignerInfo element
signerInfo =
factory.createSignerInfo(
@@ -88,14 +97,55 @@ public class VerifyCMSSignatureResponseBuilder {
// add CertificateCheck element
certificateCheck = factory.createCheckResult(certificateCheckCode, null);
+
+ // add TSL check
+ tslCheck = validateTSL(result, trustProfile);
+
// build the response element
responseElement =
factory.createVerifyCMSSignatureResponseElement(
signerInfo,
signatureCheck,
- certificateCheck);
+ certificateCheck,
+ tslCheck);
responseElements.add(responseElement);
}
+
+ /**
+ * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs
+ *
+ * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
+ *
+ * @param trustProfile The trust profile the signer certificate is validated against.
+ *
+ * @return The overal result of the TSL validation.
+ *
+ * @throws MOAException
+ */
+ private CheckTSLResult validateTSL(CMSSignatureVerificationResult result, TrustProfile trustProfile)
+ throws MOAException
+{
+ MessageProvider msg = MessageProvider.getInstance();
+ //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()});
+
+ // TODO KS: TSL initialisieren, TSL abfrage mit chain
+
+ List chain = result.getCertificateValidationResult().getCertificateChain();
+ String uriTSL = trustProfile.getUriTSL();
+ //System.out.println("Size: " + chain.size());
+ ListIterator it = chain.listIterator();
+ while(it.hasNext()) {
+ X509Certificate cert = (X509Certificate) it.next();
+ //System.out.println(cert.getSubjectDN());
+ }
+ //System.out.println("URL-TSL: " + uriTSL);
+
+ int resultCode = 0;
+ String resultInfo = msg.getMessage("tsl.00", null);
+
+ SPSSFactory factory = SPSSFactory.getInstance();
+ return factory.createCheckTSLResult(resultCode, resultInfo);
+}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 1250fcad5..68ba4ad7e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -42,6 +42,7 @@ import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.Content;
import at.gv.egovernment.moa.spss.api.common.InputData;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -86,6 +87,9 @@ public class VerifyXMLSignatureResponseBuilder {
private List xmlDsigManifestChecks;
/** The result of the certificate check. */
private CheckResult certificateCheck;
+ /** The result of the TSL check. */
+ private CheckTSLResult tslCheck;
+
/**
* Get the <code>VerifyMLSignatureResponse</code> built so far.
@@ -100,7 +104,8 @@ public class VerifyXMLSignatureResponseBuilder {
signatureCheck,
signatureManifestCheck,
xmlDsigManifestChecks,
- certificateCheck);
+ certificateCheck,
+ tslCheck);
}
/**
@@ -113,14 +118,16 @@ public class VerifyXMLSignatureResponseBuilder {
* @param profile The profile used for verifying the signature.
* @param transformsSignatureManifestCheck The overall result for the signature
* manifest check.
- * @param certificateCheck The overall result for the certificate check.
+ * @param certificateCheck The overall result for the certificate check.
+ * @param tslCheck The result of the TSL check
* @throws MOAApplicationException An error occurred adding the result.
*/
public void setResult(
XMLSignatureVerificationResult result,
XMLSignatureVerificationProfile profile,
ReferencesCheckResult transformsSignatureManifestCheck,
- CheckResult certificateCheck)
+ CheckResult certificateCheck,
+ CheckTSLResult tslCheck)
throws MOAApplicationException {
CertificateValidationResult certResult =
@@ -284,6 +291,10 @@ public class VerifyXMLSignatureResponseBuilder {
// create the certificate check
this.certificateCheck = certificateCheck;
+
+ // create the tsl check
+ this.tslCheck = tslCheck;
+
}
/**
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index f08588ecb..765a48e79 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -43,6 +43,7 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
+import java.util.ListIterator;
import java.util.Map;
import java.util.Set;
@@ -58,6 +59,7 @@ import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
@@ -225,6 +227,7 @@ public class XMLSignatureVerificationInvoker {
signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
}
+
// check the result
signatureManifestCheck =
validateSignatureManifest(request, result, profile);
@@ -233,8 +236,11 @@ public class XMLSignatureVerificationInvoker {
TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
+ // Check the TSL result
+ CheckTSLResult tslCheck = validateTSL(result, trustProfile);
+
// build the response
- responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck);
+ responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, tslCheck);
return responseBuilder.getResponse();
}
@@ -318,6 +324,42 @@ public class XMLSignatureVerificationInvoker {
SPSSFactory factory = SPSSFactory.getInstance();
return factory.createCheckResult(resultCode, null);
}
+
+ /**
+ * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs
+ *
+ * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
+ *
+ * @param trustProfile The trust profile the signer certificate is validated against.
+ *
+ * @return The overal result of the TSL validation.
+ *
+ * @throws MOAException
+ */
+ private CheckTSLResult validateTSL(XMLSignatureVerificationResult result, TrustProfile trustProfile)
+ throws MOAException
+{
+ MessageProvider msg = MessageProvider.getInstance();
+ //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()});
+
+ // TODO KS: TSL initialisieren, TSL abfrage mit chain
+
+ List chain = result.getCertificateValidationResult().getCertificateChain();
+ String uriTSL = trustProfile.getUriTSL();
+ //System.out.println("Size: " + chain.size());
+ ListIterator it = chain.listIterator();
+ while(it.hasNext()) {
+ X509Certificate cert = (X509Certificate) it.next();
+ //System.out.println(cert.getSubjectDN());
+ }
+ //System.out.println("URL-TSL: " + uriTSL);
+
+ int resultCode = 0;
+ String resultInfo = msg.getMessage("tsl.00", null);
+
+ SPSSFactory factory = SPSSFactory.getInstance();
+ return factory.createCheckTSLResult(resultCode, resultInfo);
+}
/**
* Select the <code>dsig:Signature</code> DOM element within the signature