From dd45e938564249a5e6897bd92dd29808d8990868 Mon Sep 17 00:00:00 2001 From: rudolf Date: Fri, 24 Oct 2003 08:34:56 +0000 Subject: MOA-ID version 1.1 (initial) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../VerifyXMLSignatureResponseValidator.java | 124 +++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java') diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java new file mode 100644 index 000000000..a238d28cb --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -0,0 +1,124 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; + +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; + +/** + * This class is used to validate an {@link VerifyXMLSignatureResponse} + * returned by MOA-SPSS + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureResponseValidator { + + /** Identification string for checking identity link */ + public static final String CHECK_IDENTITY_LINK = "IdentityLink"; + /** Identification string for checking authentication block */ + public static final String CHECK_AUTH_BLOCK = "AuthBlock"; + + /** Singleton instance. null, if none has been created. */ + private static VerifyXMLSignatureResponseValidator instance; + + /** + * Constructor for a singleton VerifyXMLSignatureResponseValidator. + */ + public static synchronized VerifyXMLSignatureResponseValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new VerifyXMLSignatureResponseValidator(); + } + return instance; + } + + /** + * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. + * + * @param verifyXMLSignatureResponse the <VerifyXMLSignatureResponse> + * @param identityLinkSignersSubjectDNNames subject names configured + * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated + * @throws ValidateException on any validation error + */ + public void validate( + VerifyXMLSignatureResponse verifyXMLSignatureResponse, + String[] identityLinkSignersSubjectDNNames, String whatToCheck) + throws ValidateException { + + if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) + throw new ValidateException("validator.06", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) + if (whatToCheck.equals(CHECK_IDENTITY_LINK)) + throw new ValidateException("validator.07", null); + else + throw new ValidateException("validator.19", null); + if (verifyXMLSignatureResponse.isXmlDSIGManigest()) + if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) + throw new ValidateException("validator.08", null); + //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not + if (identityLinkSignersSubjectDNNames != null) { + String subjectDN = ""; + X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); + try { + subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); + } + catch (RFC2253NameParserException e) { + throw new ValidateException("validator.17", null); + } + boolean found = false; + for (int i = 0; i < identityLinkSignersSubjectDNNames.length; i++) { + if (identityLinkSignersSubjectDNNames[i].equals(subjectDN)) + found = true; + } + if (!found) + throw new ValidateException( + "validator.18", + new Object[] { subjectDN }); + } + } + + /** + * Method validateCertificate. + * @param vsr is the VerifyXMLSignatureResponse + * @param idl + * @throws ValidateException + */ + public void validateCertificate( + VerifyXMLSignatureResponse verifyXMLSignatureResponse, + IdentityLink idl) + throws ValidateException { + + X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); + PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); + + RSAPublicKey pubKeyResponse = (RSAPublicKey) x509Response.getPublicKey(); + + boolean found = false; + for (int i = 0; i < pubKeysIdentityLink.length; i++) { + if (idl.getPublicKey()[i] + instanceof java.security.interfaces.RSAPublicKey) { + /* for (int j = 0; + j < idl.getPublicKey()[i].getClass().getInterfaces().length; + j++) { + if (idl.getPublicKey()[i].getClass().getInterfaces()[j].getName() + .equals("java.security.interfaces.RSAPublicKey")) {*/ + RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; + if (rsakey.getModulus().equals(pubKeyResponse.getModulus()) + && rsakey.getPublicExponent().equals( + pubKeyResponse.getPublicExponent())) + found = true; + } + + } + + if (!found) + throw new ValidateException("validator.09", null); + } + +} -- cgit v1.2.3