diff options
Diffstat (limited to 'spss/server/serverlib/src')
18 files changed, 416 insertions, 28 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index 0aedba6a6..1a778ad2b 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -22,17 +22,17 @@ import java.util.Date; import java.util.List; import java.util.Map; +import org.apache.commons.discovery.tools.DiscoverClass; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import org.apache.commons.discovery.tools.DiscoverClass; - import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -434,6 +434,7 @@ public abstract class SPSSFactory { * @param signerInfo Information about the signer certificate. * @param signatureCheck Result of the singature value check. * @param certificateCheck Result of the certificate status check. + * @param tslCheck Result of the TSL check * @return The new <code>VerifyCMSSignatureResponseElement</code> containing * the above data. * @@ -444,7 +445,8 @@ public abstract class SPSSFactory { public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck); + CheckResult certificateCheck, + CheckTSLResult tslCheck); // // Factory methods for verifying XML signatures @@ -698,7 +700,8 @@ public abstract class SPSSFactory { ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, - CheckResult certificateCheck); + CheckResult certificateCheck, + CheckTSLResult tslCheck); /** * Create a new <code>ReferencesCheckResult</code> object. @@ -988,6 +991,19 @@ public abstract class SPSSFactory { public abstract CheckResult createCheckResult(int code, NodeList info); /** + * Create a new <code>CheckTSLResult</code> object. + * + * @param code The numerical error code. + * @param info Verbose error information. + * @return The new <code>CheckTSLResult</code> containing the above data. + * + * @pre code >= 0 + * @pre info != null + * @post return != null + */ + public abstract CheckTSLResult createCheckTSLResult(int code, String info); + + /** * Create a new <code>SignerInfo</code> object. * * @param signerCertificate The signer certificate in binary form. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java index 26fd5911d..e2f44c540 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java @@ -16,6 +16,7 @@ package at.gv.egovernment.moa.spss.api.cmsverify; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -44,4 +45,10 @@ public interface VerifyCMSSignatureResponseElement { * @return The result of the certificate verification. */ public CheckResult getCertificateCheck(); + /** + * Gets the result of the TSL verification + * + * @return The result of the TSL verification + */ + public CheckTSLResult getTSLCheck(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java new file mode 100644 index 000000000..f31512cdb --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java @@ -0,0 +1,40 @@ +/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Object encapsulating the result of a TSL verification.
+ *
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id: CheckResult.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public interface CheckTSLResult {
+ /**
+ * Gets the result code.
+ *
+ * @return The result code.
+ */
+ public int getCode();
+ /**
+ * Gets descriptive information.
+ *
+ * @return Descriptive information.
+ */
+ public String getInfo();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java new file mode 100644 index 000000000..62f3ab979 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java @@ -0,0 +1,66 @@ +/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
+
+/**
+ * Default implementation of <code>CheckTSLResult</code>.
+ *
+ * @author Fatemeh Philippi
+ * @author Klaus Stranacher
+ * @version $Id: CheckResultImpl.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public class CheckTSLResultImpl implements CheckTSLResult {
+ /** The result code. */
+ private int code;
+
+ /** Additional information. */
+ private String info;
+
+ /**
+ * Sets a result code.
+ *
+ * @param code The result code.
+ */
+ public void setCode(int code) {
+ this.code = code;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getCode()
+ */
+ public int getCode() {
+ return code;
+ }
+
+ /**
+ * Sets a descriptive information.
+ *
+ * @param info The descriptive information.
+ */
+ public void setInfo(String info) {
+ this.info = info;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getInfo()
+ */
+ public String getInfo() {
+ return info;
+ }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index f0d16046c..8cf06bb15 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -259,12 +260,15 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck) { + CheckResult certificateCheck, + CheckTSLResult tslCheck) { VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); + verifyCMSSignatureResponseElement.setTSLCheck(tslCheck); + return verifyCMSSignatureResponseElement; } @@ -390,7 +394,8 @@ public class SPSSFactoryImpl extends SPSSFactory { ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, - CheckResult certificateCheck) { + CheckResult certificateCheck, + CheckTSLResult tslCheck) { VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = new VerifyXMLSignatureResponseImpl(); verifyXMLSignatureResponse.setSignerInfo(signerInfo); @@ -401,6 +406,8 @@ public class SPSSFactoryImpl extends SPSSFactory { signatureManifestCheck); verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks); verifyXMLSignatureResponse.setCertificateCheck(certificateCheck); + verifyXMLSignatureResponse.setTSLCheck(tslCheck); + return verifyXMLSignatureResponse; } @@ -557,6 +564,13 @@ public class SPSSFactoryImpl extends SPSSFactory { checkResult.setInfo(info); return checkResult; } + + public CheckTSLResult createCheckTSLResult(int code, String info) { + CheckTSLResultImpl checkTSLResult = new CheckTSLResultImpl(); + checkTSLResult.setCode(code); + checkTSLResult.setInfo(info); + return checkTSLResult; + } public SignerInfo createSignerInfo( X509Certificate signerCertificate, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java index 322e83baa..f80c4ace2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java @@ -17,6 +17,7 @@ package at.gv.egovernment.moa.spss.api.impl; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -34,7 +35,9 @@ public class VerifyCMSSignatureResponseElementImpl private CheckResult signatureCheck; /** Information about the certificate check. */ private CheckResult certificateCheck; - + /** Information about the TSL check */ + private CheckTSLResult tslCheck; + /** * Sets a SignerInfo element according to CMS. * @@ -73,5 +76,17 @@ public class VerifyCMSSignatureResponseElementImpl public CheckResult getCertificateCheck() { return certificateCheck; } + + /** + * Sets a result of the TSL verification. + * + * @param tslCheck The result of the TSL verification. + */ + public void setTSLCheck(CheckTSLResult tslCheck) { + this.tslCheck = tslCheck; + } + public CheckTSLResult getTSLCheck() { + return tslCheck; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java index 3777e8958..ea6a180a7 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java @@ -20,6 +20,7 @@ import java.util.Collections; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; @@ -52,7 +53,9 @@ public class VerifyXMLSignatureResponseImpl private List xmlDsigManifestChecks = new ArrayList(); /** Information about the certificate check. */ private CheckResult certificateCheck; - + /** Information about the TSL check. */ + private CheckTSLResult tslCheck; + /** * Sets information about the signer certificate. * @@ -136,6 +139,18 @@ public class VerifyXMLSignatureResponseImpl public CheckResult getCertificateCheck() { return certificateCheck; } + /** + * Sets the result of the TSL verification. + * + * @param certificateCheck The result of the TSL verification. + */ + public void setTSLCheck(CheckTSLResult tslCheck) { + this.tslCheck = tslCheck; + } + + public CheckTSLResult getTSLCheck() { + return tslCheck; + } /** * Sets the XMLDSigManifestChecks. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index 3bef8659a..30d19023a 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -217,5 +217,40 @@ class ResponseBuilderUtils { } root.appendChild(codeInfoElem); } + + /** + * Add an element containing <code>Code</code> and <code>Info</code> + * subelements. + * + * @param response The response document, in order to create new elements in + * it. + * @param root The root element into which to insert the newly created + * element. + * @param elementName The name of the newly created element. + * @param code The content of the <code>Code</code> subelement. + * @param info The content of the <code>Info</code> subelement. + */ + public static void addCodeInfoElement( + Document response, + Element root, + String elementName, + int code, + String info) { + + Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName); + Element codeElem = response.createElementNS(MOA_NS_URI, "Code"); + Element infoElem; + int i; + + codeElem.appendChild(response.createTextNode(Integer.toString(code))); + codeInfoElem.appendChild(codeElem); + + if (info != null) { + infoElem = response.createElementNS(MOA_NS_URI, "Info"); + infoElem.appendChild(response.createTextNode(info)); + codeInfoElem.appendChild(infoElem); + } + root.appendChild(codeInfoElem); + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 80d8575f9..2e4a95a89 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -25,6 +25,7 @@ import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -89,6 +90,7 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo = responseElement.getSignerInfo(); CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); + CheckTSLResult tslCheck = responseElement.getTSLCheck(); ResponseBuilderUtils.addSignerInfo( responseDoc, @@ -111,6 +113,13 @@ public class VerifyCMSSignatureResponseBuilder { "CertificateCheck", certCheck.getCode(), certCheck.getInfo()); + + ResponseBuilderUtils.addCodeInfoElement( + responseDoc, + responseElem, + "TSLCheck", + tslCheck.getCode(), + tslCheck.getInfo()); } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index a8be59766..dedb1dc88 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -135,6 +135,13 @@ public class VerifyXMLSignatureResponseBuilder { "CertificateCheck", response.getCertificateCheck().getCode(), response.getCertificateCheck().getInfo()); + + ResponseBuilderUtils.addCodeInfoElement( + responseDoc, + responseElem, + "TSLCheck", + response.getTSLCheck().getCode(), + response.getTSLCheck().getInfo()); return responseDoc; } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java index 01fe9cf2c..63da503cb 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java @@ -18,6 +18,7 @@ package at.gv.egovernment.moa.spss.api.xmlverify; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -71,5 +72,14 @@ public interface VerifyXMLSignatureResponse { * @return The result of the certificate verification. */ public CheckResult getCertificateCheck(); + + /** + * Gets the result of the TSL verification. + * + * @return The result of the TSL verification. + */ + public CheckTSLResult getTSLCheck(); + + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 3ad7b761f..51669026f 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -949,7 +949,8 @@ public class ConfigurationPartsBuilder { String id = getElementValue(profileElem, CONF + "Id", null); String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - + String tslLocStr = getElementValue(profileElem, CONF + "TSLLocation", null); + URI trustAnchorsLocURI = null; try { @@ -973,6 +974,34 @@ public class ConfigurationPartsBuilder { warn("config.27", new Object[] { "uri", id }); continue; } + + + URI tslLocURI = null; + if (tslLocStr != null) { + + try + { + tslLocURI = new URI(tslLocStr); + if (!tslLocURI.isAbsolute()) { // make it absolute to the config file + tslLocURI = new URI(configRoot_.toURL() + tslLocStr); + } + } + catch (URIException e) { + warn("config.14", new Object[] { "uriTSL", id, tslLocStr }, e); + continue; + } + catch (MalformedURLException e) + { + warn("config.33", new Object[] {id}, e); + continue; + } + + File profileDirTSL = new File(tslLocURI.getPath()); + if (!profileDirTSL.exists() || !profileDirTSL.isDirectory()) { + warn("config.27", new Object[] { "uriTSL", id }); + continue; + } + } if (trustProfiles.containsKey(id)) { warn("config.04", new Object[] { "TrustProfile", id }); @@ -1004,7 +1033,10 @@ public class ConfigurationPartsBuilder { } signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr); + String tslLocURIString = null; + if (tslLocURI != null) + tslLocURIString = tslLocURI.toString(); + TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslLocURIString); trustProfiles.put(id, profile); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index 85d3947aa..66c08e34e 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -28,7 +28,9 @@ public class TrustProfile { private String uri; /** The URI giving the location of the allowed signer certificates. */ private String signerCertsUri; - + /** The URI giving the location of the TSLs */ + private String uriTSL; + /** * Create a <code>TrustProfile</code>. * @@ -36,11 +38,13 @@ public class TrustProfile { * @param uri The URI of the <code>TrustProfile</code> to create. * @param signerCertsUri The URI of the location of the allowed signer * certificates of the <code>TrustProfile</code> to create. + * @param uriTSL The URI to the TSLs */ - public TrustProfile(String id, String uri, String signerCertsUri) { + public TrustProfile(String id, String uri, String signerCertsUri, String uriTSL) { this.id = id; this.uri = uri; this.signerCertsUri = signerCertsUri; + this.uriTSL = uriTSL; } /** @@ -70,4 +74,12 @@ public class TrustProfile { public String getSignerCertsUri() { return signerCertsUri; } + + /** + * Return the URI of the location of the TSLS + * @return The URI of the location of the TSLS + */ + public String getUriTSL() { + return uriTSL; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 96c8b984e..b5c1023ab 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; @@ -113,7 +114,11 @@ public class CMSSignatureVerificationInvoker { // get the signature signature = request.getCMSSignature(); + // get the actual trustprofile + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + try { + // get the signed content signedContent = getSignedContent(request); @@ -169,7 +174,7 @@ public class CMSSignatureVerificationInvoker { for (resultIter = results.iterator(); resultIter.hasNext();) { result = (CMSSignatureVerificationResult) resultIter.next(); - responseBuilder.addResult(result); + responseBuilder.addResult(result, trustProfile); } } else { int i; @@ -180,7 +185,7 @@ public class CMSSignatureVerificationInvoker { try { result = (CMSSignatureVerificationResult) results.get(signatories[i] - 1); - responseBuilder.addResult(result); + responseBuilder.addResult(result, trustProfile); } catch (IndexOutOfBoundsException e) { throw new MOAApplicationException( "2249", @@ -188,7 +193,7 @@ public class CMSSignatureVerificationInvoker { } } } - + return responseBuilder.getResponse(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 8a0b3de13..b7bdbc9b8 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -15,19 +15,25 @@ */ package at.gv.egovernment.moa.spss.server.invoke; +import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.server.modules.cmsverify.CertificateValidationResult; +import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; + import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; - -import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; -import iaik.server.modules.cmsverify.CertificateValidationResult; +import java.util.ListIterator; import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; +import at.gv.egovernment.moa.spss.util.MessageProvider; /** * A class to build a <code>VerifyCMSSignatureResponse</code> object. @@ -60,21 +66,24 @@ public class VerifyCMSSignatureResponseBuilder { * Add a verification result to the response. * * @param result The result to add. - * @throws MOAApplicationException An error occurred adding the result. + * @param trustprofile The actual trustprofile + * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result) - throws MOAApplicationException { + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException { CertificateValidationResult certResult = result.getCertificateValidationResult(); int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); int certificateCheckCode = certResult.getValidationResultCode().intValue(); + VerifyCMSSignatureResponseElement responseElement; SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - + CheckTSLResult tslCheck; + // add SignerInfo element signerInfo = factory.createSignerInfo( @@ -88,14 +97,55 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); + + // add TSL check + tslCheck = validateTSL(result, trustProfile); + // build the response element responseElement = factory.createVerifyCMSSignatureResponseElement( signerInfo, signatureCheck, - certificateCheck); + certificateCheck, + tslCheck); responseElements.add(responseElement); } + + /** + * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs + * + * @param result The result produced by the <code>XMLSignatureVerificationModule</code>. + * + * @param trustProfile The trust profile the signer certificate is validated against. + * + * @return The overal result of the TSL validation. + * + * @throws MOAException + */ + private CheckTSLResult validateTSL(CMSSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException +{ + MessageProvider msg = MessageProvider.getInstance(); + //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()}); + + // TODO KS: TSL initialisieren, TSL abfrage mit chain + + List chain = result.getCertificateValidationResult().getCertificateChain(); + String uriTSL = trustProfile.getUriTSL(); + //System.out.println("Size: " + chain.size()); + ListIterator it = chain.listIterator(); + while(it.hasNext()) { + X509Certificate cert = (X509Certificate) it.next(); + //System.out.println(cert.getSubjectDN()); + } + //System.out.println("URL-TSL: " + uriTSL); + + int resultCode = 0; + String resultInfo = msg.getMessage("tsl.00", null); + + SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckTSLResult(resultCode, resultInfo); +} } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 1250fcad5..68ba4ad7e 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -42,6 +42,7 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -86,6 +87,9 @@ public class VerifyXMLSignatureResponseBuilder { private List xmlDsigManifestChecks; /** The result of the certificate check. */ private CheckResult certificateCheck; + /** The result of the TSL check. */ + private CheckTSLResult tslCheck; + /** * Get the <code>VerifyMLSignatureResponse</code> built so far. @@ -100,7 +104,8 @@ public class VerifyXMLSignatureResponseBuilder { signatureCheck, signatureManifestCheck, xmlDsigManifestChecks, - certificateCheck); + certificateCheck, + tslCheck); } /** @@ -113,14 +118,16 @@ public class VerifyXMLSignatureResponseBuilder { * @param profile The profile used for verifying the signature. * @param transformsSignatureManifestCheck The overall result for the signature * manifest check. - * @param certificateCheck The overall result for the certificate check. + * @param certificateCheck The overall result for the certificate check. + * @param tslCheck The result of the TSL check * @throws MOAApplicationException An error occurred adding the result. */ public void setResult( XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile, ReferencesCheckResult transformsSignatureManifestCheck, - CheckResult certificateCheck) + CheckResult certificateCheck, + CheckTSLResult tslCheck) throws MOAApplicationException { CertificateValidationResult certResult = @@ -284,6 +291,10 @@ public class VerifyXMLSignatureResponseBuilder { // create the certificate check this.certificateCheck = certificateCheck; + + // create the tsl check + this.tslCheck = tslCheck; + } /** diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index f08588ecb..765a48e79 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -43,6 +43,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; +import java.util.ListIterator; import java.util.Map; import java.util.Set; @@ -58,6 +59,7 @@ import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; @@ -225,6 +227,7 @@ public class XMLSignatureVerificationInvoker { signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); } + // check the result signatureManifestCheck = validateSignatureManifest(request, result, profile); @@ -233,8 +236,11 @@ public class XMLSignatureVerificationInvoker { TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); CheckResult certificateCheck = validateSignerCertificate(result, trustProfile); + // Check the TSL result + CheckTSLResult tslCheck = validateTSL(result, trustProfile); + // build the response - responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck); + responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, tslCheck); return responseBuilder.getResponse(); } @@ -318,6 +324,42 @@ public class XMLSignatureVerificationInvoker { SPSSFactory factory = SPSSFactory.getInstance(); return factory.createCheckResult(resultCode, null); } + + /** + * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs + * + * @param result The result produced by the <code>XMLSignatureVerificationModule</code>. + * + * @param trustProfile The trust profile the signer certificate is validated against. + * + * @return The overal result of the TSL validation. + * + * @throws MOAException + */ + private CheckTSLResult validateTSL(XMLSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException +{ + MessageProvider msg = MessageProvider.getInstance(); + //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()}); + + // TODO KS: TSL initialisieren, TSL abfrage mit chain + + List chain = result.getCertificateValidationResult().getCertificateChain(); + String uriTSL = trustProfile.getUriTSL(); + //System.out.println("Size: " + chain.size()); + ListIterator it = chain.listIterator(); + while(it.hasNext()) { + X509Certificate cert = (X509Certificate) it.next(); + //System.out.println(cert.getSubjectDN()); + } + //System.out.println("URL-TSL: " + uriTSL); + + int resultCode = 0; + String resultInfo = msg.getMessage("tsl.00", null); + + SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckTSLResult(resultCode, resultInfo); +} /** * Select the <code>dsig:Signature</code> DOM element within the signature diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index 9b896c059..4c9d11f63 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -134,7 +134,7 @@ config.28=Einen detaillierten Fehlerbericht entnehmen Sie bitte der Log-Datei. config.29=Es sind folgende leichte Fehler aufgetreten:
config.31=Fehler in der Konfiguration der KeyGroup mit id={0}: Der Schlüssel im KeyModule id={1} mit IssuerName={2} und SerialNumber={3} konnte nicht geladen werden
config.32=Fehler in der Konfiguration: Verzeichnisangabe für den Zertifikatsspeicher ist ungültig ({0}).
-
+config.33=Fehler beim Erstellen des TrustProfile id={0}: Name des TSL-Verzeichnisses konnte nicht in eine URL umgewandet werden
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
@@ -149,3 +149,5 @@ invoker.00=Das Signature Environment konnte nicht validierend geparst werden invoker.01=Keine passende Transformationskette gefunden (Index={0})
invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
+
+tsl.00 = Das Zertifikat konnte erfolgreich gegen die TSL verifiziert werden
\ No newline at end of file |