From ece7d18cf35374bf4e26d041799cda8f791c89f8 Mon Sep 17 00:00:00 2001
From: gregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Mon, 7 Jul 2003 10:58:37 +0000
Subject: Initial commit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@2 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../moa/spss/server/service/AxisHandler.java       | 252 +++++++++++++++++++++
 .../spss/server/service/ConfigurationServlet.java  | 120 ++++++++++
 .../server/service/RevocationArchiveCleaner.java   |  83 +++++++
 .../moa/spss/server/service/ServiceUtils.java      |  72 ++++++
 .../server/service/SignatureCreationService.java   |  90 ++++++++
 .../service/SignatureVerificationService.java      | 130 +++++++++++
 6 files changed, 747 insertions(+)
 create mode 100644 spss.server/src/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
 create mode 100644 spss.server/src/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
 create mode 100644 spss.server/src/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java
 create mode 100644 spss.server/src/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
 create mode 100644 spss.server/src/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
 create mode 100644 spss.server/src/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java

(limited to 'spss.server/src/at/gv/egovernment/moa/spss/server/service')

diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss.server/src/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
new file mode 100644
index 000000000..9d6b255c2
--- /dev/null
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -0,0 +1,252 @@
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.X509Certificate;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.axis.AxisFault;
+import org.apache.axis.MessageContext;
+import org.apache.axis.handlers.BasicHandler;
+import org.apache.axis.transport.http.HTTPConstants;
+import org.apache.axis.utils.Messages;
+import org.apache.axis.utils.XMLUtils;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * An handler that is invoked on each web service request and performs some
+ * central message handling.
+ * 
+ * Mainly sets up the <code>TransactionContext</code> for the current
+ * transaction (i.e. web service request).
+ * 
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class AxisHandler extends BasicHandler {
+
+  /** The property name for accessing the HTTP request. */
+  private static final String REQUEST_PROPERTY =
+    HTTPConstants.MC_HTTP_SERVLETREQUEST;
+  /** The property name for accessing the X509 client certificate chain. */
+  private static final String X509_CERTIFICATE_PROPERTY =
+    "javax.servlet.request.X509Certificate";
+  /** The property name for accessing the SOAP action header. */
+  private static final String SOAP_ACTION_HEADER = "soapaction";
+
+  /**
+   * Handle an invocation of this handler. 
+   * 
+   * @param msgContext Information about this request/response.
+   * @throws AxisFault An error occurred during processing of the request.
+   * @see org.apache.axis.Handler#invoke(MessageContext)
+   */
+  public void invoke(MessageContext msgContext) throws AxisFault {
+    if (!msgContext.getPastPivot()) {
+      handleRequest(msgContext);
+    } else {
+      handleResponse(msgContext);
+    }
+  }
+
+  /**
+   * This method is called by <code>invoke</code> to handle incoming requests.
+   * 
+   * @param msgContext The context as provided to <code>invoke</code>.
+   * @throws AxisFault An error occurred during processing of the request.
+   */
+  private void handleRequest(MessageContext msgContext) throws AxisFault {
+    try {
+      // generate a unique transaction id and build the TransactionContext
+      // for this request
+      HttpServletRequest request =
+        (HttpServletRequest) msgContext.getProperty(REQUEST_PROPERTY);
+
+      X509Certificate[] clientCert =
+        (X509Certificate[]) request.getAttribute(X509_CERTIFICATE_PROPERTY);
+
+      ConfigurationProvider configuration =
+        ConfigurationProvider.getInstance();
+
+      TransactionContext context =
+        new TransactionContext(
+          TransactionIDGenerator.nextID(),
+          clientCert,
+          configuration);
+
+      context.setRequestName((String) request.getHeader(SOAP_ACTION_HEADER));
+
+      setUpContexts(context);
+      
+      // log some information about the request
+      info(
+        "handler.00",
+        new Object[] {
+          context.getTransactionID(),
+          msgContext.getTargetService()});
+      info("handler.01", new Object[] { request.getRemoteAddr()});
+      if (clientCert != null) {
+        info(
+          "handler.02",
+          new Object[] {
+            clientCert[0].getSubjectDN(),
+            clientCert[0].getSerialNumber(),
+            clientCert[0].getIssuerDN()});
+
+      } else {
+        info("handler.03", null);
+      }
+      if (Logger.isDebugEnabled()) {
+        String msg = msgContext.getCurrentMessage().getSOAPPartAsString();
+        Logger.debug(new LogMsg(msg));
+      }
+    } catch (MOASystemException e) {
+      MOASystemException se = new MOASystemException("2900", null, e);
+      AxisFault fault = AxisFault.makeFault(se);
+      fault.setFaultDetail(new Element[] { se.toErrorResponse()});
+      throw fault;
+    } catch (Throwable t) {
+      MOASystemException e = new MOASystemException("2900", null, t);
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      throw fault;
+    }
+  }
+
+  /**
+   * This method is called by <code>invoke</code> to handle outgoing
+   * responses.
+   * 
+   * @param msgContext The context as provided to <code>invoke</code>.
+   * @throws AxisFault An error occurred during processing of the response.
+   */
+  private void handleResponse(MessageContext msgContext) throws AxisFault {
+    info("handler.04", null);
+    if (Logger.isDebugEnabled()) {
+      String msg = msgContext.getCurrentMessage().getSOAPPartAsString();
+      Logger.debug(new LogMsg(msg));
+    }
+    tearDownContexts();
+  }
+
+  /**
+   * Called, when the processing of the web service fails.
+   * 
+   * @param msgContext Information about the current request.
+   * @see org.apache.axis.Handler#onFault(org.apache.axis.MessageContext)
+   */
+  public void onFault(MessageContext msgContext) {
+    info("handler.05", null);
+    tearDownContexts();
+  }
+
+  /**
+   * Set up the thread-local contexts (<code>TransactionContext</code> and
+   * <code>LoggingContext</code>).
+   * 
+   * @param context The <code>TransactionContext</code> to set for the current
+   * request.
+   */
+  private void setUpContexts(TransactionContext context) {
+    // set the transaction context in the TransactionContextManager
+    TransactionContextManager tcm = TransactionContextManager.getInstance();
+    tcm.setTransactionContext(context);
+
+    // set the logging context in the LoggingContextManager
+    LoggingContextManager lcm = LoggingContextManager.getInstance();
+    LoggingContext lc = new LoggingContext(context.getTransactionID());
+    lcm.setLoggingContext(lc);
+  }
+
+  /**
+   * Tear down the thread-local contexts.
+   */
+  private void tearDownContexts() {
+    // unset the transaction context
+    TransactionContextManager tcm = TransactionContextManager.getInstance();
+    tcm.setTransactionContext(null);
+
+    // unset the logging context
+    LoggingContextManager lcm = LoggingContextManager.getInstance();
+    lcm.setLoggingContext(null);
+  }
+
+  /**
+   * Generate the WSDL into the <code>msgContext</code>.
+   * 
+   * The code of this method is more or less copied from the 
+   * <code>org.apache.axis.handlers.soap.SOAPService</code> class contained in
+   * the 1.1 release of Axis to allow for a missing <code>wsdlFile</code> (so
+   * that a resource by the same name is searched for in the classpath). The
+   * implementation of this method should be obsolete if Axis 1.1 or higher is
+   * used.
+   * 
+   * @param msgContext The <code>MessageContext</code> that will contain the
+   * WSDL description of the current web service.
+   * @throws AxisFault An error occurred producing the WSDL.
+   */
+  public void generateWSDL(MessageContext msgContext) throws AxisFault {
+    InputStream instream = null;
+
+    // Got a WSDL file in the service description, so try and read it
+    try {
+      String filename = "/resources/wsdl/MOA-SP-SS-1.0-20020829.wsdl";
+        msgContext.getService().getServiceDescription().getWSDLFile();
+      File file = new File(filename);
+      if (file.exists()) {
+        //if this resolves to a file, load it
+        instream = new FileInputStream(filename);
+      } else {
+        //else load a named resource in our classloader. 
+        instream = this.getClass().getResourceAsStream(filename);
+        if (instream == null) {
+          String errorText = Messages.getMessage("wsdlFileMissing", filename);
+          throw new AxisFault(errorText);
+        }
+      }
+      Document doc = XMLUtils.newDocument(instream);
+      msgContext.setProperty("WSDL", doc);
+    } catch (Exception e) {
+      throw AxisFault.makeFault(e);
+    } finally {
+      if (instream != null) {
+        try {
+          instream.close();
+        } catch (IOException e) {
+          // ok to do nothing here
+        }
+      }
+    }
+  }
+
+  /**
+   * Utility function to issue an info message to the log.
+   * 
+   * @param messageId The ID of the message to log.
+   * @param parameters Additional message parameters.
+   */
+  private static void info(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+
+}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/spss.server/src/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
new file mode 100644
index 000000000..7783ed3f6
--- /dev/null
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -0,0 +1,120 @@
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.init.*;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * A servlet to initialize and update the MOA configuration.
+ * 
+ * @author Fatemeh Philippi
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationServlet extends HttpServlet {
+  /** The document type of the HTML to generate. */
+  private static final String DOC_TYPE =
+    "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
+
+  /**
+   * Handle a HTTP GET request, used to indicated that the MOA
+   * configuration needs to be updated (reloaded).
+   * 
+   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+   */
+  public void doGet(HttpServletRequest request, HttpServletResponse response)
+    throws ServletException, IOException {
+
+    MessageProvider msg = MessageProvider.getInstance();
+    PrintWriter out;
+
+    // set up a logging context for logging the reconfiguration
+    LoggingContextManager.getInstance().setLoggingContext(
+      new LoggingContext("configuration update"));
+
+    response.setContentType("text/html");
+    out = response.getWriter();
+    out.println(DOC_TYPE);
+    out.println("<head><title>MOA configuration update</title></head>");
+    out.println("<body bgcolor=\"#FFFFFF\">");
+    try {
+      // reconfigure the system
+      ConfigurationProvider config = ConfigurationProvider.reload();
+      IaikConfigurator iaikConfigurator = new IaikConfigurator();
+
+      iaikConfigurator.configure(config);
+
+      // print a status message
+      out.println("<p><b>" + msg.getMessage("config.06", null) + "</b></p>");
+      Logger.info(new LogMsg(msg.getMessage("config.06", null)));
+
+      if (!config.getWarnings().isEmpty()) {
+        // print the warnings
+        List allWarnings = new ArrayList();
+        Iterator iter;
+        
+        allWarnings.addAll(config.getWarnings());
+        allWarnings.addAll(iaikConfigurator.getWarnings());
+        
+        out.println("<p><b>" + msg.getMessage("config.29", null) + "</b></p>");
+        for (iter = allWarnings.iterator(); iter.hasNext();) {
+          out.println(iter.next() + "<br />");
+        }
+        out.println("<p><b>" + msg.getMessage("config.28", null) + "</b></p>");
+      }
+
+    } catch (Throwable t) {
+      out.println("<p><b>" + msg.getMessage("config.20", null) + "</b></p>");
+      out.println("<p><b>" + msg.getMessage("config.28", null) + "</b></p>");
+      Logger.warn(new LogMsg(msg.getMessage("config.20", null)), t);
+    }
+    out.println("</body>");
+
+    out.flush();
+    out.close();
+    
+    // tear down the logging context
+    LoggingContextManager.getInstance().setLoggingContext(null);
+  }
+
+  /**
+   * Do the same as <code>doGet</code>.
+   * 
+   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+   */
+  public void doPost(HttpServletRequest request, HttpServletResponse response)
+    throws ServletException, IOException {
+    doGet(request, response);
+  }
+
+  /**
+   * Perform some initial initialization tasks for the MOA web services
+   * application.
+   * 
+   * Does an initial load of the MOA configuration to test if a working web
+   * service can be provided.
+   * 
+   * @see javax.servlet.GenericServlet#init()
+   */
+  public void init() throws ServletException {
+    SystemInitializer.init();
+  }
+
+}
\ No newline at end of file
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java b/spss.server/src/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java
new file mode 100644
index 000000000..997375305
--- /dev/null
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java
@@ -0,0 +1,83 @@
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.util.Date;
+
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.revocation.archive.Archive;
+import iaik.pki.store.revocation.archive.ArchiveFactory;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * A <code>Runnable</code> for periodically cleaning up the revocation archive. 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationArchiveCleaner implements Runnable {
+
+  /** The inverval between two clean-ups of the revocation archive. */
+  private long archiveCleanupInterval;
+
+  /**
+   * Create a new <code>RevocationArchiveCleaner</code>.
+   * 
+   * @param archiveCleanupInterval The interval between two clean-ups of the
+   * revocation archive.
+   */
+  public RevocationArchiveCleaner(long archiveCleanupInterval) {
+    this.archiveCleanupInterval = archiveCleanupInterval;
+  }
+
+  /**
+   * Run the <code>RevocationArchiveCleaner</code> in its own 
+   * <code>Thread</code>.
+   */
+  public void run() {
+    while (true) {
+      try {
+        ConfigurationProvider config =
+          ConfigurationProvider.getInstance();
+        String archiveInfo =
+          config.getGenericConfiguration(
+            ConfigurationProvider.ARCHIVE_REVOCATION_INFO_PROPERTY,
+            "false");
+
+        if (BoolUtils.valueOf(archiveInfo)) {
+          Archive archive = ArchiveFactory.getInstance().getArchive();
+          long archiveDurationMillis =
+            (long) config.getCRLArchiveDuration() * 86400000;
+
+          // delete old archive data
+          if (archiveDurationMillis > 0) {
+            Date olderThan =
+              new Date(System.currentTimeMillis() - archiveDurationMillis);
+
+            archive.deleteOldArchiveEntries(
+              RevocationSourceTypes.CRL,
+              olderThan,
+              new TransactionId("RevocationArchiveCleaner"));
+          }
+        }
+
+      } catch (Exception e) {
+        MessageProvider msg = MessageProvider.getInstance();
+        Logger.error(new LogMsg(msg.getMessage("init.02", null)), e);
+      }
+
+      // sleep 
+      try {
+        Thread.sleep(archiveCleanupInterval * 1000);
+      } catch (InterruptedException e) {
+        // ok to do nothing here
+      }
+
+    }
+  }
+
+}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss.server/src/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
new file mode 100644
index 000000000..4224f5665
--- /dev/null
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.io.ByteArrayInputStream;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+
+/**
+ * Helper methods for the Service classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ServiceUtils {
+
+  /**
+   * Schema-validate a request.
+   * 
+   * @param request The request to validate.
+   * @throws MOAApplicationException An error occurred validating the requst.
+   */
+  public static void validateRequest(Element[] request)
+    throws MOAApplicationException {
+
+    // validate the request
+    try {
+      DOMUtils.validateElement(
+        request[0],
+        Constants.ALL_SCHEMA_LOCATIONS,
+        null);
+    } catch (Exception e) {
+      throw new MOAApplicationException(
+        "1100",
+        new Object[] { e.getMessage()},
+        e);
+    }
+  }
+
+  /**
+   * Reparse the request with schema-validation turned on so that ID references
+   * are resolved.
+   * 
+   * @param request The request to reparse.
+   * @return The reparsed request.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public static Element reparseRequest(Element request)
+    throws MOAApplicationException {
+
+    try {
+      byte[] requestBytes = DOMUtils.serializeNode(request, "UTF-8");
+      Document validatedRequest =
+        DOMUtils.parseDocument(
+          new ByteArrayInputStream(requestBytes),
+          true,
+          Constants.ALL_SCHEMA_LOCATIONS,
+          null);
+      return validatedRequest.getDocumentElement();
+    } catch (Exception e) {
+      throw new MOAApplicationException(
+        "1100",
+        new Object[] { e.getMessage()},
+        e);
+    }
+  }
+
+}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/spss.server/src/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
new file mode 100644
index 000000000..07d7ab371
--- /dev/null
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -0,0 +1,90 @@
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.util.Collections;
+
+import javax.xml.namespace.QName;
+
+import org.w3c.dom.Element;
+
+import org.apache.axis.AxisFault;
+import org.apache.axis.i18n.Messages;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker;
+
+/**
+ * The service endpoint for the <code>SignatureCreation</code> web service.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SignatureCreationService {
+
+  /**
+   * Handle a <code>CreateXMLSignatureRequest</code>.
+   * 
+   * @param request The <code>CreateXMLSignatureRequest</code> to work on
+   * (contained in the 0th element of the array).
+   * @return A <code>CreateXMLSignatureResponse</code> as the only element of
+   * the <code>Element</code> array.
+   * @throws AxisFault An error occurred during handling of the message.
+   */
+  public Element[] CreateXMLSignatureRequest(Element[] request)
+    throws AxisFault {
+    XMLSignatureCreationInvoker invoker =
+      XMLSignatureCreationInvoker.getInstance();
+    Element[] response = new Element[1];
+
+    // check that we have a CreateXMLSignatureRequest; if not, create an
+    // AxisFault, just like the org.apache.axis.providers.java.MsgProvider
+    if (request[0].getNodeName() != "CreateXMLSignatureRequest") {
+      QName qname =
+        new QName(request[0].getNamespaceURI(), request[0].getNodeName());
+      throw new AxisFault(
+        Messages.getMessage("noOperationForQName", qname.toString()));
+    }
+
+    // handle the request
+    try {
+      // create a parser and builder for binding API objects to/from XML
+      CreateXMLSignatureRequestParser requestParser =
+        new CreateXMLSignatureRequestParser();
+      CreateXMLSignatureResponseBuilder responseBuilder =
+        new CreateXMLSignatureResponseBuilder();
+      Element reparsedReq;
+      CreateXMLSignatureRequest requestObj;
+      CreateXMLSignatureResponse responseObj;
+
+      // validate the request
+      reparsedReq = ServiceUtils.reparseRequest(request[0]);
+
+      // convert to API objects
+      requestObj = requestParser.parse(reparsedReq);
+
+      // invoke the core logic
+      responseObj =
+        invoker.createXMLSignature(requestObj, Collections.EMPTY_SET);
+
+      // map back to XML
+      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+
+    } catch (MOAException e) {
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      throw fault;
+    } catch (Throwable t) {
+      MOASystemException e = new MOASystemException("2900", null, t);
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      throw fault;
+    }
+
+    return response;
+  }
+
+}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java b/spss.server/src/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
new file mode 100644
index 000000000..adb09ca0a
--- /dev/null
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
@@ -0,0 +1,130 @@
+package at.gv.egovernment.moa.spss.server.service;
+
+import org.w3c.dom.Element;
+
+import org.apache.axis.AxisFault;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
+
+/**
+ * The service endpoint for the <code>SignatureVerification</code> web service.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SignatureVerificationService {
+
+  /**
+   * Handle a <code>VerifyCMSSignatureRequest</code>.
+   * 
+   * @param request The <code>VerifyCMSSignatureRequest</code> to work on
+   * (contained in the 0th element of the array).
+   * @return A <code>VerifyCMSSignatureResponse</code> as the only element of
+   * the <code>Element</code> array.
+   * @throws AxisFault An error occurred during handling of the message.
+   */
+  public Element[] VerifyCMSSignatureRequest(Element[] request)
+    throws AxisFault {
+    CMSSignatureVerificationInvoker invoker =
+      CMSSignatureVerificationInvoker.getInstance();
+    Element[] response = new Element[1];
+
+    try {
+      // create a parser and builder for binding API objects to/from XML
+      VerifyCMSSignatureRequestParser requestParser =
+        new VerifyCMSSignatureRequestParser();
+      VerifyCMSSignatureResponseBuilder responseBuilder =
+        new VerifyCMSSignatureResponseBuilder();
+      Element reparsedReq;
+      VerifyCMSSignatureRequest requestObj;
+      VerifyCMSSignatureResponse responseObj;
+
+      // validate the request
+      reparsedReq = ServiceUtils.reparseRequest(request[0]);
+      
+      // convert to API objects
+      requestObj = requestParser.parse(reparsedReq);
+
+      // invoke the core logic
+      responseObj = invoker.verifyCMSSignature(requestObj);
+
+      // map back to XML
+      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+
+    } catch (MOAException e) {
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      throw fault;
+    } catch (Throwable t) {
+      MOASystemException e = new MOASystemException("2900", null, t);
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      throw fault;
+    }
+
+    return response;
+  }
+
+  /**
+   * Handle a <code>VerifyXMLSignatureRequest</code>.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> to work on
+   * (contained in the 0th element of the array).
+   * @return A <code>VerifyXMLSignatureResponse</code> as the only element of
+   * the <code>Element</code> array.
+   * @throws AxisFault An error occurred during handling of the message.
+   */
+  public Element[] VerifyXMLSignatureRequest(Element[] request)
+    throws AxisFault {
+    XMLSignatureVerificationInvoker invoker =
+      XMLSignatureVerificationInvoker.getInstance();
+    Element[] response = new Element[1];
+
+    try {
+      // create a parser and builder for binding API objects to/from XML
+      VerifyXMLSignatureRequestParser requestParser =
+        new VerifyXMLSignatureRequestParser();
+      VerifyXMLSignatureResponseBuilder responseBuilder =
+        new VerifyXMLSignatureResponseBuilder();
+      Element reparsedReq;
+      VerifyXMLSignatureRequest requestObj;
+      VerifyXMLSignatureResponse responseObj;
+
+      // validate the request
+      reparsedReq = ServiceUtils.reparseRequest(request[0]);
+      
+      // convert to API objects
+      requestObj = requestParser.parse(reparsedReq);
+      
+      // invoke the core logic
+      responseObj = invoker.verifyXMLSignature(requestObj);
+
+      // map back to XML
+      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+
+    } catch (MOAException e) {
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      throw fault;
+    } catch (Throwable t) {
+      MOASystemException e = new MOASystemException("2900", null, t);
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      throw fault;
+    }
+
+    return response;
+  }
+
+}
-- 
cgit v1.2.3