From 0b623988b011df15d88d425449cf8041a48a7457 Mon Sep 17 00:00:00 2001 From: gregor Date: Tue, 8 Jul 2003 10:17:08 +0000 Subject: Bug 3 fixed. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@6 d688527b-c9ab-4aba-bd8d-4036d912da1d --- spss.server/.classpath | 14 ++-- spss.server/.cvsignore | 1 + spss.server/build.xml | 2 +- .../invoke/VerifyXMLSignatureResponseBuilder.java | 84 +++++++++++++--------- 4 files changed, 58 insertions(+), 43 deletions(-) diff --git a/spss.server/.classpath b/spss.server/.classpath index 4e9b30cf1..ac7c752a3 100644 --- a/spss.server/.classpath +++ b/spss.server/.classpath @@ -24,13 +24,13 @@ - - - - - - - + + + + + + + diff --git a/spss.server/.cvsignore b/spss.server/.cvsignore index ba077a403..7c18d5ded 100644 --- a/spss.server/.cvsignore +++ b/spss.server/.cvsignore @@ -1 +1,2 @@ bin +tmp diff --git a/spss.server/build.xml b/spss.server/build.xml index 0d0dc1d18..29abc56e1 100644 --- a/spss.server/build.xml +++ b/spss.server/build.xml @@ -42,7 +42,7 @@ - + diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 2f55261d1..543fa3b01 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -51,6 +51,7 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; * @version $Id$ */ public class VerifyXMLSignatureResponseBuilder { + /** The SPSSFactory for creating API objects. */ private SPSSFactory factory = SPSSFactory.getInstance(); @@ -150,45 +151,58 @@ public class VerifyXMLSignatureResponseBuilder { checkResultInfo); // create the signature manifest check - if (profile.checkSecurityLayerManifest()) { - if (transformsSignatureManifestCheck.getCode() == 1) { + if (profile.checkSecurityLayerManifest()) + { + if (transformsSignatureManifestCheck.getCode() == 1) + { // checking the transforms failed signatureManifestCheck = transformsSignatureManifestCheck; - } else if (!result.containsSecurityLayerManifest()) { - // no security layer manifest in signature - signatureManifestCheck = factory.createReferencesCheckResult(2, null); - } else { - // other error codes provided by IAIK signature verification - // need to add 1 to the check code for MOA compatibility - SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); - int verificationResult = - slManifest.getManifestVerificationResult().intValue(); - - switch (verificationResult) { - case 0 : - signatureManifestCheck = - factory.createReferencesCheckResult(0, null); - break; - case 2 : - case 3 : - failedReferences = - buildFailedReferences(slManifest.getReferenceInfoList()); - checkResultInfo = - failedReferences != null - ? factory.createReferencesCheckResultInfo(null, failedReferences) - : null; - signatureManifestCheck = - factory.createReferencesCheckResult( - verificationResult + 1, - checkResultInfo); + } + else if (result.isSecurityLayerManifestRequired()) + { + if (!result.containsSecurityLayerManifest()) + { + // required security layer manifest is missing in signature + signatureManifestCheck = factory.createReferencesCheckResult(2, null); + } + else + { + // security layer manifest exists, so we have to check its validity + SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); + int verificationResult = slManifest.getManifestVerificationResult().intValue(); + + if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult) + { + // security layer manifest exists and is free of errors + signatureManifestCheck = factory.createReferencesCheckResult(0, null); + } + else + { + // security layer manifest exists, but has errors + failedReferences = buildFailedReferences(slManifest.getReferenceInfoList()); + checkResultInfo = (failedReferences != null) + ? factory.createReferencesCheckResultInfo(null, failedReferences) + : null; + if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult) + { + signatureManifestCheck = factory.createReferencesCheckResult(3, checkResultInfo); + } + else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult) + { + signatureManifestCheck = factory.createReferencesCheckResult(4, checkResultInfo); + } + else + { + // Should not happen + throw new RuntimeException("Unexpected result from security layer manifest verification."); + } + } } } - - // Code = 1 prüfen - - if (result.containsSecurityLayerManifest()) { - } else { - // SignatureManifestCheck Code = 2 + else + { + // no security layer manifest is required, so the signature manifest check is ok + signatureManifestCheck = factory.createReferencesCheckResult(0, null); } } -- cgit v1.2.3