From 0b623988b011df15d88d425449cf8041a48a7457 Mon Sep 17 00:00:00 2001 From: gregor Date: Tue, 8 Jul 2003 10:17:08 +0000 Subject: Bug 3 fixed. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@6 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../invoke/VerifyXMLSignatureResponseBuilder.java | 84 +++++++++++++--------- 1 file changed, 49 insertions(+), 35 deletions(-) (limited to 'spss.server/src/at/gv/egovernment/moa/spss') diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 2f55261d1..543fa3b01 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -51,6 +51,7 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; * @version $Id$ */ public class VerifyXMLSignatureResponseBuilder { + /** The SPSSFactory for creating API objects. */ private SPSSFactory factory = SPSSFactory.getInstance(); @@ -150,45 +151,58 @@ public class VerifyXMLSignatureResponseBuilder { checkResultInfo); // create the signature manifest check - if (profile.checkSecurityLayerManifest()) { - if (transformsSignatureManifestCheck.getCode() == 1) { + if (profile.checkSecurityLayerManifest()) + { + if (transformsSignatureManifestCheck.getCode() == 1) + { // checking the transforms failed signatureManifestCheck = transformsSignatureManifestCheck; - } else if (!result.containsSecurityLayerManifest()) { - // no security layer manifest in signature - signatureManifestCheck = factory.createReferencesCheckResult(2, null); - } else { - // other error codes provided by IAIK signature verification - // need to add 1 to the check code for MOA compatibility - SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); - int verificationResult = - slManifest.getManifestVerificationResult().intValue(); - - switch (verificationResult) { - case 0 : - signatureManifestCheck = - factory.createReferencesCheckResult(0, null); - break; - case 2 : - case 3 : - failedReferences = - buildFailedReferences(slManifest.getReferenceInfoList()); - checkResultInfo = - failedReferences != null - ? factory.createReferencesCheckResultInfo(null, failedReferences) - : null; - signatureManifestCheck = - factory.createReferencesCheckResult( - verificationResult + 1, - checkResultInfo); + } + else if (result.isSecurityLayerManifestRequired()) + { + if (!result.containsSecurityLayerManifest()) + { + // required security layer manifest is missing in signature + signatureManifestCheck = factory.createReferencesCheckResult(2, null); + } + else + { + // security layer manifest exists, so we have to check its validity + SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); + int verificationResult = slManifest.getManifestVerificationResult().intValue(); + + if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult) + { + // security layer manifest exists and is free of errors + signatureManifestCheck = factory.createReferencesCheckResult(0, null); + } + else + { + // security layer manifest exists, but has errors + failedReferences = buildFailedReferences(slManifest.getReferenceInfoList()); + checkResultInfo = (failedReferences != null) + ? factory.createReferencesCheckResultInfo(null, failedReferences) + : null; + if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult) + { + signatureManifestCheck = factory.createReferencesCheckResult(3, checkResultInfo); + } + else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult) + { + signatureManifestCheck = factory.createReferencesCheckResult(4, checkResultInfo); + } + else + { + // Should not happen + throw new RuntimeException("Unexpected result from security layer manifest verification."); + } + } } } - - // Code = 1 prüfen - - if (result.containsSecurityLayerManifest()) { - } else { - // SignatureManifestCheck Code = 2 + else + { + // no security layer manifest is required, so the signature manifest check is ok + signatureManifestCheck = factory.createReferencesCheckResult(0, null); } } -- cgit v1.2.3