From a544afcf4ad581ab7b76e85dc597ccf5643cd55a Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Mon, 6 May 2013 21:43:00 +0200 Subject: - Update MOA-SS Interface (CreateCMSignatureRequest) - Whitelisting in MOA-SPSS --- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 87 ++++ .../moa/spss/api/cmssign/CMSSignatureResponse.java | 41 ++ .../api/cmssign/CreateCMSSignatureRequest.java | 49 +++ .../api/cmssign/CreateCMSSignatureResponse.java | 42 ++ .../cmssign/CreateCMSSignatureResponseElement.java | 51 +++ .../moa/spss/api/cmssign/DataObjectInfo.java | 58 +++ .../moa/spss/api/cmssign/SingleSignatureInfo.java | 51 +++ .../spss/api/impl/CMSSignatureResponseImpl.java | 64 +++ .../api/impl/CreateCMSSignatureRequestImpl.java | 77 ++++ .../api/impl/CreateCMSSignatureResponseImpl.java | 60 +++ .../moa/spss/api/impl/DataObjectInfoCMSImpl.java | 69 +++ .../moa/spss/api/impl/SPSSFactoryImpl.java | 49 +++ .../spss/api/impl/SingleSignatureInfoCMSImpl.java | 62 +++ .../xmlbind/CreateCMSSignatureRequestParser.java | 247 +++++++++++ .../xmlbind/CreateCMSSignatureResponseBuilder.java | 145 +++++++ .../server/config/ConfigurationPartsBuilder.java | 3 +- .../cmssign/CMSSignatureCreationProfileImpl.java | 249 +++++++++++ .../xmlsign/XMLSignatureCreationProfileImpl.java | 2 +- .../server/invoke/CMSSignatureCreationInvoker.java | 396 +++++++++++++++++ .../invoke/CMSSignatureVerificationInvoker.java | 3 +- .../invoke/CreateCMSSignatureResponseBuilder.java | 93 ++++ .../spss/server/invoke/IaikExceptionMapper.java | 3 +- .../invoke/VerifyCMSSignatureResponseBuilder.java | 5 +- .../moa/spss/server/service/AxisHandler.java | 3 +- .../server/service/SignatureCreationService.java | 88 ++++ .../properties/spss_messages_de.properties | 2 + .../resources/resources/wsdl/MOA-SPSS-1.3.wsdl | 105 ----- .../main/resources/resources/wsdl/MOA-SPSS-1.3.xsd | 469 -------------------- .../resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl | 128 ++++++ .../resources/resources/wsdl/MOA-SPSS-1.5.2.xsd | 471 +++++++++++++++++++++ 30 files changed, 2590 insertions(+), 582 deletions(-) create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java delete mode 100644 spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.wsdl delete mode 100644 spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.xsd create mode 100644 spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl create mode 100644 spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.xsd (limited to 'spss/server/serverlib/src') diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index fbf40be88..26cce1a82 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -35,6 +35,9 @@ import org.apache.commons.discovery.tools.DiscoverClass; import org.w3c.dom.Element; import org.w3c.dom.NodeList; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -137,6 +140,26 @@ public abstract class SPSSFactory { String keyIdentifier, List singleSignatureInfos); + /** + * Create a new CreateCMSSignatureRequest object. + * + * @param keyIdentifier The identifier for the key group to use for signing. + * @param singleSignatureInfos A List of + * SingleSignatureInfo objects containing information about a + * single signature to be created. + * @return The CreateCMSSignatureRequest containing the above + * data. + * + * @pre keyIdentifier != null && keyIdentifier.length() > 0 + * @pre singleSignatureInfos != null + * @pre forall Object o in singleSignatureInfos | + * o instanceof at.gv.egovernment.moa.spss.api.common.SingleSignatureInfo + * @post return != null + */ + public abstract CreateCMSSignatureRequest createCreateCMSSignatureRequest( + String keyIdentifier, + List singleSignatureInfos); + /** * Create a new SingleSignatureInfo object. * @@ -156,6 +179,23 @@ public abstract class SPSSFactory { public abstract SingleSignatureInfo createSingleSignatureInfo( List dataObjectInfos, CreateSignatureInfo createSignatureInfo, boolean securityLayerConform); + + /** + * Create a new SingleSignatureInfo object. + * + * @param dataObjectInfo The data object that will be signed. + * @param securityLayerConform If true, a Security Layer conform + * signature manifest is created, otherwise not. + * @return The SingleSignatureInfo containing the above data. + * + * @post return != null + */ + public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( + at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, + boolean securityLayerConform); + + + /** * Create a new DataObjectInfo object. @@ -181,6 +221,22 @@ public abstract class SPSSFactory { Content dataObject, CreateTransformsInfoProfile createTransformsInfoProfile); + /** + * Create a new DataObjectInfo object. + * + * @param structure The type of signature to create. + * @param dataObject The data object that will be signed. + * @return The DataObjectInfo containing the above data. + * + * @pre DataObjectInfo.STRUCTURE_DETACHED.equals(structure) || + * DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure) + * @pre dataObject != null + * @post return != null + */ + public abstract at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo( + String structure, + CMSDataObject dataObject); + /** * Create a new CreateTransformsInfoProfile object containing a * reference to a locally stored profile. @@ -321,6 +377,37 @@ public abstract class SPSSFactory { */ public abstract CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements); + + /** + * Create a new CreateCMSSignatureResponse object. + * + * @param responseElements The elements of the response, either + * CMSSignatureResponse objects, or + * ErrorResponse objects. + * @return The new CreateCMSSignatureResponse containing the + * above data. + * + * @pre responseElements != null && responseElements.size() > 0 + * @pre forall Object o in responseElements | + * o instanceof at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse + * @post return != null + */ + public abstract CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements); + + + /** + * Create a new SignatureEnvironmentResponse object. + * + * @param signatureEnvironment The signature environment containing the + * signature. + * @return The SignatureEnvironmentResponse containing the + * signatureEnvironment. + * + * @pre signatureEnvironment != null + * @post return != null + */ + public abstract CMSSignatureResponse createCMSSignatureResponse(String base64value); + /** * Create a new SignatureEnvironmentResponse object. * diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java new file mode 100644 index 000000000..10db67627 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java @@ -0,0 +1,41 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + + +/** + * Contains the signature if the signature creation was successful. + * + * @version $Id$ + */ +public interface CMSSignatureResponse + extends CreateCMSSignatureResponseElement { + /** + * Gets the CMS signature (Base64 encoded). + * + * @return The CMS signature + */ + public String getCMSSignature(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java new file mode 100644 index 000000000..9d5cd7a0d --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java @@ -0,0 +1,49 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + +import java.util.List; + + +/** + * Object that encapsulates a request to create a CMS Signature. + * + * + * @version $Id$ + */ +public interface CreateCMSSignatureRequest { + /** + * Gets the identifier for the keys to be used for the signature. + * + * @return The identifier for the keys to be used. + */ + public String getKeyIdentifier(); + /** + * Gets the information of the singleSignatureInfo elements. + * + * @return The information of singleSignatureInfo elements. + */ + public List getSingleSignatureInfos(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java new file mode 100644 index 000000000..6062a1162 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java @@ -0,0 +1,42 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + +import java.util.List; + +/** + * Object that encapsulates the response on to a + * CreateCMSSignatureRequest to create an XML signature. + * + * @version $Id$ + */ +public interface CreateCMSSignatureResponse { + /** + * Gets the response elements. + * + * @return The response elements. + */ + public List getResponseElements(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java new file mode 100644 index 000000000..8e4e61145 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java @@ -0,0 +1,51 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + +/** + * Base class for CMSSignature and + * ErrorResponse elements in a + * CreateXMLSignatureResponse. + * + * @version $Id$ + */ +public interface CreateCMSSignatureResponseElement { + /** + * Indicates that this object contains a CMSSignature. + */ + public static final int CMS_SIGNATURE = 0; + /** + * Indicates that this objet contains an ErrorResponse. + */ + public static final int ERROR_RESPONSE = 1; + + /** + * Gets the type of response object. + * + * @return The type of response object, either + * CMS_SIGNATURE or ERROR_RESPONSE. + */ + public int getResponseType(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java new file mode 100644 index 000000000..b9f363061 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java @@ -0,0 +1,58 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; + +/** + * Encapsulates information required to create a single signature. + * + * @version $Id$ + */ +public interface DataObjectInfo { + /** + * Indicates that a detached signature will be created. + */ + public static final String STRUCTURE_DETACHED = "detached"; + /** + * Indicates that an enveloping signature will be created. + */ + public static final String STRUCTURE_ENVELOPING = "enveloping"; + + /** + * Gets the structure of the signature. + * + * @return The structure of the signature. + */ + public String getStructure(); + + /** + * Gets information related to a single data object. + * + * @return Information related to a single data object. + */ + public CMSDataObject getDataObject(); + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java new file mode 100644 index 000000000..1f87a50ca --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java @@ -0,0 +1,51 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + + + +/** + * Encapsulates data to create a single signature. + * + * @author Patrick Peck + * @author Stephan Grill + * @version $Id$ + */ +public interface SingleSignatureInfo { + /** + * Gets the dataObjectInfo information. + * + * @return The dataObjectInfo information. + */ + public DataObjectInfo getDataObjectInfo(); + + /** + * Check whether a Security Layer conform signature manifest will be created. + * + * @return true, if a Security Layer conform signature manifest + * will be created, false otherwise. + */ + public boolean isSecurityLayerConform(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java new file mode 100644 index 000000000..b512dd0bd --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java @@ -0,0 +1,64 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; + +/** + * Default implementation of CMSSignatureResponse. + * + * @version $Id$ + */ +public class CMSSignatureResponseImpl + implements CMSSignatureResponse { + + /** The base64 value of the CMS signature. */ + private String cmsSignature; + + /** + * Sets the CMS signature. + * + * @param cmsSignature The Base64 encoded value CMS signature. + */ + public void setCMSSignature(String cmsSignature) { + this.cmsSignature = cmsSignature; + } + + public String getCMSSignature() { + return cmsSignature; + } + + /** + * Gets the type of CreateCMSSignatureResponseElement. + * + * @return CMS_SIGNATURE + */ + public int getResponseType() { + return CMS_SIGNATURE; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java new file mode 100644 index 000000000..e8408bc55 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java @@ -0,0 +1,77 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; + +/** + * Default implementation of CreateCMSSignatureRequest. + * + * @author Fatemeh Philippi + * @version $Id$ + */ +public class CreateCMSSignatureRequestImpl + implements CreateCMSSignatureRequest { + + /** The identifier for selecting the private keys for creating the signature.*/ + private String keyIdentifier; + /** Information for creating a single signature. */ + private List singleSignatureInfos = new ArrayList(); + + /** + * Sets the identifier for selecting the private keys for creating the + * signature. + * + * @param keyIdentifier The identifier for selecting the private keys. + */ + public void setKeyIdentifier(String keyIdentifier) { + this.keyIdentifier = keyIdentifier; + } + + public String getKeyIdentifier() { + return keyIdentifier; + } + + /** + * Sets the information for creating single signatures. + * + * @param singleSignaureInfos The information for creating single signatures. + */ + public void setSingleSignatureInfos(List singleSignaureInfos) { + this.singleSignatureInfos = + singleSignaureInfos != null + ? Collections.unmodifiableList(new ArrayList(singleSignaureInfos)) + : null; + } + + public List getSingleSignatureInfos() { + return singleSignatureInfos; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java new file mode 100644 index 000000000..d596058c6 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; + +/** + * Default implementation of CreateCMSSignatureResponse. + * + * @version $Id$ + */ +public class CreateCMSSignatureResponseImpl + implements CreateCMSSignatureResponse { + + /** The elements contained in the response. */ + private List responseElements = new ArrayList(); + + /** + * Sets the elements contained in the response. + * + * @param responseElements The response elements. + */ + public void setResponseElements(List responseElements) { + this.responseElements = + responseElements != null + ? Collections.unmodifiableList(new ArrayList(responseElements)) + : null; + } + + public List getResponseElements() { + return responseElements; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java new file mode 100644 index 000000000..702086b6f --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java @@ -0,0 +1,69 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; + +/** + * Default implementation of DataObjectInfo for CMS. + * + * @author Fatemeh Philippi + * @version $Id$ + */ +public class DataObjectInfoCMSImpl implements DataObjectInfo { + /** The signature structure type. */ + private String stucture; + /** The data object to be signed. */ + private CMSDataObject dataObject; + + /** + * Sets the signature structure type. + * + * @param structure The signature structure type. + */ + public void setStructure(String structure) { + this.stucture = structure; + } + + public String getStructure() { + return stucture; + } + + + /** + * Sets the data object to be signed. + * + * @param dataObject The data object to be signed. + */ + public void setDataObject(CMSDataObject dataObject) { + this.dataObject = dataObject; + } + + public CMSDataObject getDataObject() { + return dataObject; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index a23a1d98f..7c1208e8f 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.spss.api.impl; import java.io.InputStream; + import java.math.BigInteger; import java.security.cert.X509Certificate; import java.util.Date; @@ -35,6 +36,9 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -90,6 +94,32 @@ public class SPSSFactoryImpl extends SPSSFactory { createXMLSignatureRequest.setSingleSignatureInfos(singleSignatureInfos); return createXMLSignatureRequest; } + + public CreateCMSSignatureRequest createCreateCMSSignatureRequest( + String keyIdentifier, + List singleSignatureInfos) { + CreateCMSSignatureRequestImpl createCMSSignatureRequest = + new CreateCMSSignatureRequestImpl(); + createCMSSignatureRequest.setKeyIdentifier(keyIdentifier); + createCMSSignatureRequest.setSingleSignatureInfos(singleSignatureInfos); + return createCMSSignatureRequest; + + } + + public CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements) { + CreateCMSSignatureResponseImpl createCMSSignatureResponse = new CreateCMSSignatureResponseImpl(); + createCMSSignatureResponse.setResponseElements(responseElements); + return createCMSSignatureResponse; + } + + + public CMSSignatureResponse createCMSSignatureResponse(String base64value) { + CMSSignatureResponseImpl cmsSignatureResponse = new CMSSignatureResponseImpl(); + cmsSignatureResponse.setCMSSignature(base64value); + + return cmsSignatureResponse; + } + public SingleSignatureInfo createSingleSignatureInfo( List dataObjectInfos, @@ -101,6 +131,16 @@ public class SPSSFactoryImpl extends SPSSFactory { singleSignatureInfo.setSecurityLayerConform(securityLayerConform); return singleSignatureInfo; } + + public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( + at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, + boolean securityLayerConform) { + SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl(); + singleSignatureInfo.setDataObjectInfo(dataObjectInfo); + singleSignatureInfo.setSecurityLayerConform(securityLayerConform); + return singleSignatureInfo; + } + public DataObjectInfo createDataObjectInfo( String structure, boolean childOfManifest, @@ -113,6 +153,15 @@ public class SPSSFactoryImpl extends SPSSFactory { dataObjectInfo.setCreateTransformsInfoProfile(createTransformsInfoProfile); return dataObjectInfo; } + + public at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo( + String structure, + CMSDataObject dataObject) { + DataObjectInfoCMSImpl dataObjectInfo = new DataObjectInfoCMSImpl(); + dataObjectInfo.setStructure(structure); + dataObjectInfo.setDataObject(dataObject); + return dataObjectInfo; + } public CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID) { diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java new file mode 100644 index 000000000..cb3651587 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java @@ -0,0 +1,62 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo; + +/** + * @version $Id$ + */ +public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo { + + private DataObjectInfo dataObjectInfo = null; + + + private boolean securityLayerConform = true; + + public void setDataObjectInfo(DataObjectInfo dataObjectInfo) { + this.dataObjectInfo = dataObjectInfo; + } + + public DataObjectInfo getDataObjectInfo() { + return dataObjectInfo; + } + + + + public void setSecurityLayerConform(boolean securityLayerConform) { + this.securityLayerConform = securityLayerConform; + } + + public boolean isSecurityLayerConform() { + return securityLayerConform; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java new file mode 100644 index 000000000..737915ecd --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java @@ -0,0 +1,247 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.xmlbind; + +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; +import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * A parser to parse CreateCMSSignatureRequest DOM trees into + * CreateCMSSignatureRequest API objects. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CreateCMSSignatureRequestParser { + + // + // XPath expresssions to select elements in the CreateCMSSignatureRequest + // + private static final String MOA = Constants.MOA_PREFIX + ":"; + private static final String KEY_IDENTIFIER_XPATH = + "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "KeyIdentifier"; + private static final String SINGLE_SIGNATURE_INFO_XPATH = + "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "SingleSignatureInfo"; + private static final String DATA_OBJECT_INFO_XPATH = MOA + "DataObjectInfo"; + private static final String DATA_OBJECT_XPATH = MOA + "DataObject"; + + private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity"; + + private static final String META_INFO_XPATH = MOA + "MetaInfo"; + private static final String CONTENT_XPATH = MOA + "Content"; + private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content"; + + + /** The factory to create API objects. */ + private SPSSFactory factory; + + /** + * Create a new CreateCMSSignatureRequestParser. + */ + public CreateCMSSignatureRequestParser() { + this.factory = SPSSFactory.getInstance(); + } + + /** + * Parse a CreateCMSSignatureRequest DOM element, as defined + * by the MOA schema. + * + * @param requestElem The CreateCMSSignatureRequest to parse. The + * request must have been successfully parsed against the schema for this + * method to succeed. + * @return A CreateCMSSignatureRequest API object containing + * the data from the DOM element. + * @throws MOAApplicationException An error occurred parsing the request. + */ + public CreateCMSSignatureRequest parse(Element requestElem) + throws MOAApplicationException { + + List singleSignatureInfos = parseSingleSignatureInfos(requestElem); + String keyIdentifier = + XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null); + + return factory.createCreateCMSSignatureRequest( + keyIdentifier, + singleSignatureInfos); + } + + /** + * Parse all SingleSignatureInfo elements of the + * CreateCMSSignatureRequest. + * + * @param requestElem The CreateCMSSignatureRequest to parse. + * @return A List of SingleSignatureInfo API + * objects. + * @throws MOAApplicationException An error occurred parsing on of the + * SingleSignatureInfo elements. + */ + private List parseSingleSignatureInfos(Element requestElem) + throws MOAApplicationException { + + List singleSignatureInfos = new ArrayList(); + NodeIterator sigInfoElems = + XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH); + Element sigInfoElem; + + while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) { + singleSignatureInfos.add(parseSingleSignatureInfo(sigInfoElem)); + } + + return singleSignatureInfos; + } + + /** + * Parse a SingleSignatureInfo DOM element. + * + * @param sigInfoElem The SingleSignatureInfo DOM element to + * parse. + * @return A SingleSignatureInfo API object containing the + * information of sigInfoElem. + * @throws MOAApplicationException An error occurred parsing the + * SingleSignatureInfo. + */ + private SingleSignatureInfo parseSingleSignatureInfo(Element sigInfoElem) + throws MOAApplicationException { + + DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem); + boolean securityLayerConform; + + if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) { + securityLayerConform = + BoolUtils.valueOf(sigInfoElem.getAttribute(SL_CONFORM_ATTR_NAME)); + } else { + securityLayerConform = true; + } + + return factory.createSingleSignatureInfoCMS( + dataObjectInfo, + securityLayerConform); + } + + /** + * Parse the DataObjectInfo DOM elements contained in the given + * SingleSignatureInfo DOM element. + * + * @param sigInfoElem The SingleSignatureInfo DOM element + * whose DataObjectInfos to parse. + * @return A List of DataObjectInfo API objects + * containing the data from the DataObjectInfo DOM elements. + * @throws MOAApplicationException An error occurred parsing one of the + * DataObjectInfos. + */ + private DataObjectInfo parseDataObjectInfo(Element sigInfoElem) + throws MOAApplicationException { + + Element dataObjInfoElem = (Element)XPathUtils.selectSingleNode(sigInfoElem, DATA_OBJECT_INFO_XPATH); + + String structure = dataObjInfoElem.getAttribute("Structure"); + Element dataObjectElem = + (Element) XPathUtils.selectSingleNode(dataObjInfoElem, DATA_OBJECT_XPATH); + + CMSDataObject dataObject = parseDataObject(dataObjectElem); + + return factory.createDataObjectInfo( + structure, + dataObject); + + } + + + + + + /** + * Parse a the DataObject DOM element contained in a given + * CreateCMSSignatureRequest DOM element. + * + * @param requestElem The DataObject DOM element of the VerifyCMSSignatureRequest + * to parse. + * @return The CMSDataObject API object containing the data + * from the DataObject DOM element. + */ + private CMSDataObject parseDataObject(Element dataObjectElem) { + + if (dataObjectElem != null) { + Element metaInfoElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, META_INFO_XPATH); + MetaInfo metaInfo = null; + Element contentElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, CONTENT_XPATH); + CMSContent content = parseContent(contentElem); + + if (metaInfoElem != null) { + metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem); + } + + return factory.createCMSDataObject(metaInfo, content); + } + else { + return null; + } + } + + + + /** + * Parse the content contained in a CMSContentBaseType kind of + * DOM element. + * + * @param contentElem The CMSContentBaseType kind of element to + * parse. + * @return A CMSDataObject API object containing the data + * from the given DOM element. + */ + private CMSContent parseContent(Element contentElem) { + Element base64ContentElem = + (Element) XPathUtils.selectSingleNode(contentElem, BASE64_CONTENT_XPATH); + + if (base64ContentElem != null) { + String base64Str = DOMUtils.getText(base64ContentElem); + InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true); + return factory.createCMSContent(binaryContent); + } else { + return factory.createCMSContent( + contentElem.getAttribute("Reference")); + } + } + +} \ No newline at end of file diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java new file mode 100644 index 000000000..907f90d32 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java @@ -0,0 +1,145 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.xmlbind; + +import java.io.IOException; +import java.util.Iterator; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement; +import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; +import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * Convert a CreateCMSSignatureResponse API object into its + * XML representation, according to the MOA XML schema. + * + * @version $Id$ + */ +public class CreateCMSSignatureResponseBuilder { + private static final String MOA_NS_URI = Constants.MOA_NS_URI; + + /** The XML document containing the response element. */ + private Document responseDoc; + /** The response CreateCMSSignatureResponse DOM element. */ + private Element responseElem; + + /** + * Create a new CreateCMSSignatureResponseBuilder: + * + * @throws MOASystemException An error occurred setting up the resulting + * XML document. + */ + public CreateCMSSignatureResponseBuilder() throws MOASystemException { + responseDoc = + ResponseBuilderUtils.createResponse("CreateCMSSignatureResponse"); + responseElem = responseDoc.getDocumentElement(); + } + + /** + * Build a document containing a CreateCMSSignatureResponse + * DOM element being the XML representation of the given + * CreateCMSSignatureResponse API object. + * + * @param response The CreateCMSSignatureResponse to convert + * to XML. + * @return A document containing the CreateCMSSignatureResponse + * DOM element. + */ + public Document build(CreateCMSSignatureResponse response) { + Iterator iter; + + + for (iter = response.getResponseElements().iterator(); iter.hasNext();) { + CreateCMSSignatureResponseElement responseElement = + (CreateCMSSignatureResponseElement) iter.next(); + + switch (responseElement.getResponseType()) { + case CreateCMSSignatureResponseElement.CMS_SIGNATURE : + CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement; + addCMSSignature(cmsSignatureResponse); + break; + + case CreateCMSSignatureResponseElement.ERROR_RESPONSE : + ErrorResponse errorResponse = (ErrorResponse) responseElement; + addErrorResponse(errorResponse); + break; + } + + } + + return responseDoc; + } + + + + /** + * Add a CMSSignature element to the response. + * + * @param cmsSignatureResponse The content to put under the + * CMSSignature element. + */ + private void addCMSSignature(CMSSignatureResponse cmsSignatureResponse) { + String base64Value = cmsSignatureResponse.getCMSSignature(); + + Element cmsSignature = responseDoc.createElementNS(MOA_NS_URI, "CMSSignature"); + cmsSignature.setTextContent(base64Value); + + responseElem.appendChild(cmsSignature); + +} + + /** + * Add a ErrorResponse element to the response. + * + * @param errorResponse The API object containing the information to put into + * the ErrorResponse DOM element. + */ + private void addErrorResponse(ErrorResponse errorResponse) { + Element errorElem = + responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse"); + Element errorCodeElem = + responseDoc.createElementNS(MOA_NS_URI, "ErrorCode"); + Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info"); + String errorCodeStr = Integer.toString(errorResponse.getErrorCode()); + + errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr)); + errorElem.appendChild(errorCodeElem); + infoElem.appendChild(responseDoc.createTextNode(errorResponse.getInfo())); + errorElem.appendChild(errorCodeElem); + errorElem.appendChild(infoElem); + responseElem.appendChild(errorElem); + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index bc53ca4f9..4fcc5daa9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -548,8 +548,7 @@ public class ConfigurationPartsBuilder { } - // set whitelist for iaik-moa - // TODO + // TODO set whitelist for iaik-moa // ExternalReferenceChecker.setWhitelist(whiteListIaikMoa); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java new file mode 100644 index 000000000..49e5ecc10 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -0,0 +1,249 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.cmssign; + +import iaik.server.modules.algorithms.SignatureAlgorithms; +import iaik.server.modules.cmssign.CMSSignatureCreationProfile; +import iaik.server.modules.keys.AlgorithmUnavailableException; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; +import iaik.server.modules.keys.UnknownKeyException; + +import java.util.List; +import java.util.Set; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; + +/** + * An object providing auxiliary information for creating a CMS signature. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CMSSignatureCreationProfileImpl + implements CMSSignatureCreationProfile { + + /** The set of keys available to the signing process. */ + private Set keySet; + /** The MIME type of the data to be signed*/ + private String mimeType; + /** Whether the created signature is to be Security Layer conform. */ + private boolean securityLayerConform; + /** Properties to be signed during signature creation. */ + private List signedProperties; + /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */ + private boolean includeData; + /** Digest Method algorithm */ + private String digestMethod; + + + /** + * Create a new XMLSignatureCreationProfileImpl. + * + * @param createProfileCount Provides external information about the + * number of calls to the signature creation module, using the same request. + * @param reservedIDs The set of IDs that must not be used while generating + * new IDs. + */ + public CMSSignatureCreationProfileImpl( + Set keySet, + String digestMethod, + List signedProperties, + boolean securityLayerConform, + boolean includeData, + String mimeType) { + this.keySet = keySet; + this.signedProperties = signedProperties; + this.securityLayerConform = securityLayerConform; + this.includeData = includeData; + this.mimeType = mimeType; + this.digestMethod = digestMethod; + + } + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet() + */ + public Set getKeySet() { + return keySet; + } + + /** + * Set the set of KeyEntryIDs which may be used for signature + * creation. + * + * @param keySet The set of KeyEntryIDs to set. + */ + public void setKeySet(Set keySet) { + this.keySet = keySet; + } + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID) + */ + public String getSignatureAlgorithmName(KeyEntryID selectedKeyID) + throws AlgorithmUnavailableException { + + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + TransactionId tid = new TransactionId(context.getTransactionID()); + KeyModule module = KeyModuleFactory.getInstance(tid); + Set algorithms; + + try { + algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID); + } catch (UnknownKeyException e) { + throw new AlgorithmUnavailableException( + "Unknown key entry: " + selectedKeyID, + e, + null); + } + + if (digestMethod.compareTo("SHA-1") == 0) { + Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); + + if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { + return SignatureAlgorithms.SHA1_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + + } else if (digestMethod.compareTo("SHA-256") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + return SignatureAlgorithms.SHA256_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { + return SignatureAlgorithms.SHA256_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethod.compareTo("SHA-384") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { + return SignatureAlgorithms.SHA384_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { + return SignatureAlgorithms.SHA384_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethod.compareTo("SHA-512") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + return SignatureAlgorithms.SHA512_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { + return SignatureAlgorithms.SHA512_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } + else { + throw new AlgorithmUnavailableException( + "No signature algorithm found for digest algorithm '" + digestMethod, + null, + null); + } + + + } + + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties() + */ + public List getSignedProperties() { + return signedProperties; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform() + */ + public boolean isSecurityLayerConform() { + return securityLayerConform; + } + + /** + * Sets the security layer conformity. + * + * @param securityLayerConform true, if the created signature + * is to be conform to the Security Layer specification. + */ + public void setSecurityLayerConform(boolean securityLayerConform) { + this.securityLayerConform = securityLayerConform; + } + + + public void setDigestMethod(String digestMethod) { + this.digestMethod = digestMethod; + } + + + public String getMimeType() { + return mimeType; + } + + public boolean includeData() { + return this.includeData; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index edc3922e2..7d0c5a062 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -201,7 +201,7 @@ public class XMLSignatureCreationProfileImpl else { // XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method if (digestMethodXAdES142.compareTo("SHA-1") == 0) { - Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); + Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { return SignatureAlgorithms.SHA1_WITH_RSA; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java new file mode 100644 index 000000000..e058c8a4b --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -0,0 +1,396 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.algorithms.HashAlgorithms; +import iaik.server.modules.cmssign.CMSSignature; +import iaik.server.modules.cmssign.CMSSignatureCreationException; +import iaik.server.modules.cmssign.CMSSignatureCreationModule; +import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory; +import iaik.server.modules.cmssign.CMSSignatureCreationProfile; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; +import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureResponseImpl; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; +import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfileImpl; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.Constants; + +/** + * A class providing an API based interface to the + * CMSSignatureCreationModule. + * + * This class performs the invocation of the + * iaik.server.modules.cmssign.CMSSignatureCreationModule from a + * CreateCMSSignatureRequest given as an API object. The result of + * the invocation is integrated into a CreateCMSSignatureResponse + * and returned. + * + * @version $Id$ + */ +public class CMSSignatureCreationInvoker { + + private static Map HASH_ALGORITHM_MAPPING; + + static { + HASH_ALGORITHM_MAPPING = new HashMap(); + HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1); + HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256); + HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384); + HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512); + } + + + /** The single instance of this class. */ + private static CMSSignatureCreationInvoker instance = null; + + /** + * Get the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureCreationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureCreationInvoker(); + } + return instance; + } + + /** + * Create a new CMSSignatureCreationInvoker. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureCreationInvoker() { + } + + + + /** + * Process the CreateCMSSignatureRequest message and invoke the + * XMLSignatureCreationModule for every + * SingleSignatureInfo contained in the request. + * + * @param request A CreateCMSSignatureRequest API object + * containing the information for creating the signature(s). + * @param reserved A Set of reserved object IDs. + * + * @return A CreateCMSSignatureResponse API object containing + * the created signature(s). The response contains either a + * SignatureEnvironment or a ErrorResponse + * for each SingleSignatureInfo in the request. + * @throws MOAException An error occurred during signature creation. + */ + public CreateCMSSignatureResponse createCMSSignature( + CreateCMSSignatureRequest request, + Set reserved) + throws MOAException { + + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + //LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + + CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder(); + CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl(); + + boolean isSecurityLayerConform = false; + String structure = null; + String mimetype = null; + + // select the SingleSignatureInfo elements + Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator(); + + // iterate over all the SingleSignatureInfo elements in the request + while (singleSignatureInfoIter.hasNext()) { + SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next(); + isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform(); + + + DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo(); + structure = dataObjectInfo.getStructure(); + + CMSDataObject dataobject = dataObjectInfo.getDataObject(); + MetaInfo metainfo = dataobject.getMetaInfo(); + mimetype = metainfo.getMimeType(); + + CMSContent content = dataobject.getContent(); + InputStream contentIs = null; + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT : + contentIs = ((CMSContentExcplicit) content).getBinaryContent(); + break; + case CMSContent.REFERENCE_CONTENT : + String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + ExternalURIResolver resolver = new ExternalURIResolver(); + contentIs = resolver.resolve(reference); + } else { + throw new MOAApplicationException("2301", null); + } + break; + default : { + throw new MOAApplicationException("2301", null); + } + } + + // create CMSSignatureCreationModuleFactory + CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance(); + + List signedProperties = null; + boolean includeData = true; + if (structure.compareTo("enveloping") == 0) + includeData = true; + if (structure.compareTo("detached") == 0) + includeData = false; + + ConfigurationProvider config = context.getConfiguration(); + + // get the key group id + String keyGroupID = request.getKeyIdentifier(); + // set the key set + Set keySet = buildKeySet(keyGroupID); + if (keySet == null) { + throw new MOAApplicationException("2231", null); + } else if (keySet.size() == 0) { + throw new MOAApplicationException("2232", null); + } + + // get digest algorithm + String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); + + // create CMSSignatureCreation profile: + CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( + keySet, + digestAlgorithm, + signedProperties, + isSecurityLayerConform, + includeData, + mimetype); + + // create CMSSignature from the CMSSignatureCreationModule + // build the additionalSignedProperties + List additionalSignedProperties = buildAdditionalSignedProperties(); + TransactionId tid = new TransactionId(context.getTransactionID()); + try { + CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + // get CMS SignedData output stream from the CMSSignature and wrap it around out + boolean base64 = true; + OutputStream signedDataStream = signature.getSignature(out, base64); + + // now write the data to be signed to the signedDataStream + byte[] buf = new byte[4096]; + int bytesRead; + while ((bytesRead = contentIs.read(buf)) >= 0) { + signedDataStream.write(buf, 0, bytesRead); + } + + // finish SignedData processing by closing signedDataStream + signedDataStream.close(); + String base64value = out.toString(); + + responseBuilder.addCMSSignature(base64value); + + + } catch (CMSSignatureCreationException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + + responseBuilder.addError( + moaException.getMessageId(), + moaException.getMessage()); + Logger.warn(moaException.getMessage(), e); + + } + catch (IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + + return responseBuilder.getResponse(); + } + + + private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException { + // get digest method on key group level (if configured) + String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm(); + // get default digest method (if configured) + String configDigestMethod = config.getDigestMethodAlgorithmName(); + + + String digestMethod = null; + if (configDigestMethodKG != null) { + // if KG specific digest method is configured + digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG); + if (digestMethod == null) { + error( + "config.17", + new Object[] { configDigestMethodKG}); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)"); + } + else { + // else get default configured digest method + digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod); + if (digestMethod == null) { + error( + "config.17", + new Object[] { configDigestMethod}); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethod + "(default)"); + + } + return digestMethod; + } + + /** + * Utility function to issue an error message to the log. + * + * @param messageId The ID of the message to log. + * @param parameters Additional message parameters. + */ + private static void error(String messageId, Object[] parameters) { + MessageProvider msg = MessageProvider.getInstance(); + + Logger.error(new LogMsg(msg.getMessage(messageId, parameters))); + } + + /** + * Build the set of KeyEntryIDs available to the given + * keyGroupID. + * + * @param keyGroupID The keygroup ID for which the available keys should be + * returned. + * @return The Set of KeyEntryIDs + * identifying the available keys. + */ + private Set buildKeySet(String keyGroupID) { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + Set keyGroupEntries; + + // get the KeyGroup entries from the configuration + if (context.getClientCertificate() != null) { + X509Certificate cert = context.getClientCertificate()[0]; + Principal issuer = cert.getIssuerDN(); + BigInteger serialNumber = cert.getSerialNumber(); + + keyGroupEntries = + config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); + } else { + keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); + } + + // map the KeyGroup entries to a set of KeyEntryIDs + if (keyGroupEntries == null) { + return null; + } else if (keyGroupEntries.size() == 0) { + return Collections.EMPTY_SET; + } else { + KeyModule module = + KeyModuleFactory.getInstance( + new TransactionId(context.getTransactionID())); + Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + Set keySet = new HashSet(); + Iterator iter; + + // filter out the keys that do not exist in the IAIK configuration + // by walking through the key entries and checking if the exist in the + // keyGroupEntries + for (iter = keyEntryIDs.iterator(); iter.hasNext();) { + KeyEntryID entryID = (KeyEntryID) iter.next(); + KeyGroupEntry entry = + new KeyGroupEntry( + entryID.getModuleID(), + entryID.getCertificateIssuer(), + entryID.getCertificateSerialNumber()); + if (keyGroupEntries.contains(entry)) { + keySet.add(entryID); + } + } + return keySet; + } + } + + /** + * Build the list of additional signed properties. + * + * Based on the generic configuration setting + * ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY, a + * constant SigningTime will be added to the properties. + * + * @return The List of additional signed properties. + */ + private List buildAdditionalSignedProperties() { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + List additionalSignedProperties = Collections.EMPTY_LIST; + + return additionalSignedProperties; + } + +} \ No newline at end of file diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 2c4bbd4eb..c979d8407 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -136,7 +136,7 @@ public class CMSSignatureVerificationInvoker { try { // get the signed content signedContent = getSignedContent(request); - + // build the profile profile = profileFactory.createProfile(); @@ -159,6 +159,7 @@ public class CMSSignatureVerificationInvoker { while (input.read(buf) > 0); results = module.verifySignature(signingTime); + } catch (IAIKException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java new file mode 100644 index 000000000..aa52fe09a --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java @@ -0,0 +1,93 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; + +/** + * A class to build a CreateCMSSignatureResponse. + * + *

The methods addSignature() and addError() may be + * called in any combination to add CMSignature and + * ErrorResponse elements to the response. One of these functions + * must be called at least once to produce a + * CreateCMSSignatureResponse.

+ * + *

The getResponseElement() method then returns the + * CreateXMLSignatureResponse built so far.

+ * + * @author Patrick Peck + * @version $Id$ + */ +public class CreateCMSSignatureResponseBuilder { + + /** The SPSSFactory for creating API objects. */ + private SPSSFactory factory = SPSSFactory.getInstance(); + /** The elements to add to the response. */ + private List responseElements = new ArrayList(); + + /** + * Get the CreateCMSSignatureResponse built so far. + * + * @return The CreateCMSSignatureResponse built so far. + */ + public CreateCMSSignatureResponse getResponse() { + return factory.createCreateCMSSignatureResponse(responseElements); + } + + /** + * Add a SignatureEnvironment element to the response. + * + * @param signatureEnvironment The content to put under the + * SignatureEnvironment element. This should either be a + * dsig:Signature element (in case of a detached signature) or + * the signature environment containing the signature (in case of + * an enveloping signature). + */ + public void addCMSSignature(String base64value) { + CMSSignatureResponse responseElement = + factory.createCMSSignatureResponse(base64value); + responseElements.add(responseElement); + } + + /** + * Add a ErrorResponse element to the response. + * + * @param errorCode The error code. + * @param info Additional information about the error. + */ + public void addError(String errorCode, String info) { + ErrorResponse errorResponse = + factory.createErrorResponse(Integer.parseInt(errorCode), info); + responseElements.add(errorResponse); + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java index 869cfefa1..348cb84aa 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java @@ -85,7 +85,8 @@ public class IaikExceptionMapper { { iaik.server.modules.xmlverify.TransformationException.class, "2265", MOAApplicationException.class }, { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", MOAApplicationException.class }, { iaik.xml.crypto.tsl.ex.TSLEngineDiedException.class, "2290", MOAApplicationException.class }, - { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } + { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } , + { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", MOAApplicationException.class } , }; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 3b82c6caf..605716d5b 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -80,6 +80,7 @@ public class VerifyCMSSignatureResponseBuilder { public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL) throws MOAException { + CertificateValidationResult certResult = result.getCertificateValidationResult(); int signatureCheckCode = @@ -90,8 +91,7 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - - + boolean qualifiedCertificate = false; // verify qualified certificate checks (certificate or TSL) @@ -112,6 +112,7 @@ public class VerifyCMSSignatureResponseBuilder { certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), checkSSCDFromTSL); + // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java index 6bf2317b4..591e26ac2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java @@ -393,6 +393,7 @@ public class AxisHandler extends BasicHandler { try { String filename = MOA_SPSS_WSDL_RESOURCE_; + File file = new File(filename); if (file.exists()) { //if this resolves to a file, load it @@ -400,7 +401,7 @@ public class AxisHandler extends BasicHandler { } else { //else load a named resource in our classloader. instream = this.getClass().getResourceAsStream(filename); - if (instream == null) { + if (instream == null) { String errorText = Messages.getMessage("wsdlFileMissing", filename); throw new AxisFault(errorText); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java index 7a7bb88bb..e5b12bd8c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java @@ -35,10 +35,15 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureRequestParser; +import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; @@ -52,6 +57,89 @@ import at.gv.egovernment.moa.util.StreamUtils; * @version $Id$ */ public class SignatureCreationService { + + /** + * Handle a CreateXMLSignatureRequest. + * + * @param request The CreateXMLSignatureRequest to work on + * (contained in the 0th element of the array). + * @return A CreateXMLSignatureResponse as the only element of + * the Element array. + * @throws AxisFault An error occurred during handling of the message. + */ + public Element[] CreateCMSSignatureRequest(Element[] request) + throws AxisFault { + Logger.trace("---- Entering SignatureCreationService"); + CMSSignatureCreationInvoker invoker = + CMSSignatureCreationInvoker.getInstance(); + Element[] response = new Element[1]; + + // check that we have a CreateXMLSignatureRequest; if not, create an + // AxisFault, just like the org.apache.axis.providers.java.MsgProvider + if (!Constants.MOA_SPSS_CREATE_CMS_REQUEST.equals(request[0].getLocalName()) || + !Constants.MOA_NS_URI.equals(request[0].getNamespaceURI())) + { + QName qname = + new QName(request[0].getNamespaceURI(), request[0].getLocalName()); + throw new AxisFault( + Messages.getMessage("noOperationForQName", qname.toString())); // TODO GK Operation name does not make it into the error repsonse + } + + // handle the request + try { + + // create a parser and builder for binding API objects to/from XML + CreateCMSSignatureRequestParser requestParser = + new CreateCMSSignatureRequestParser(); + CreateCMSSignatureResponseBuilder responseBuilder = + new CreateCMSSignatureResponseBuilder(); + Element reparsedReq; + CreateCMSSignatureRequest requestObj; + CreateCMSSignatureResponse responseObj; + + //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler. + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + + // validate the request + reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest()); + + // convert to API objects + Logger.trace(">>> preparsing Request"); + requestObj = requestParser.parse(reparsedReq); + Logger.trace("<<< preparsed Request"); + + Logger.trace(">>> creating Signature"); + // invoke the core logic + responseObj = invoker.createCMSSignature(requestObj, Collections.EMPTY_SET); + Logger.trace("<<< created Signature"); + + Logger.trace(">>> building Response"); + // map back to XML + response[0] = responseBuilder.build(responseObj).getDocumentElement(); + Logger.trace("<<< built Response"); + + // save response in transaction + context.setResponse(response[0]); + Logger.trace("---- Leaving SignatureCreationService"); + + + } catch (MOAException e) { + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" + + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e)); + throw fault; + } catch (Throwable t) { + MOASystemException e = new MOASystemException("2900", null, t); + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" + + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e)); + throw fault; + } + + return response; + } /** * Handle a CreateXMLSignatureRequest. diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index 5919cebbc..1a6e54089 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -81,6 +81,8 @@ 2281=XML-Supplement kann nicht serialisiert werden (Reference="{0}") 2282=Datenobjekt mit der URI={0} wurde dem Request nicht bereit gestellt 2290=Fehler bei der QC bzw. SSCD Prüfung via TSL +2300=Fehler bei der Erstellen der CMS Signatur +2301=Fehler beim Lesen des zu signierenden Datenobjekts 2900=Interner Server-Fehler diff --git a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.wsdl b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.wsdl deleted file mode 100644 index c5cd8fc0f..000000000 --- a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.wsdl +++ /dev/null @@ -1,105 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.xsd b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.xsd deleted file mode 100644 index 756b51279..000000000 --- a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.3.xsd +++ /dev/null @@ -1,469 +0,0 @@ - - - - - - - - - - - - - - - - - - - - Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements - - - - - - - - - - - - - - - - - - - Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil - - - - - - - - - - - - - - - - - - Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage - - - - Resultat, falls die Signaturerstellung erfolgreich war - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert - - - - - - - - - - - only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. - - - - - - - - - - mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert - - - - - - - - - - - only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Resultat, falls die Signaturerstellung gescheitert ist - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. - - - - - Profilbezeichner für einen Transformationsweg - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. - - - - Der Transformationsparameter explizit angegeben. - - - - - Der Hashwert des Transformationsparameters. - - - - - - - - - - - - - - - - - - - - - - Explizite Angabe des Transformationswegs - - - - - - - Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. - - - - - - - - - - - - - - - - diff --git a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl new file mode 100644 index 000000000..be40c110d --- /dev/null +++ b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.wsdl @@ -0,0 +1,128 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.xsd b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.xsd new file mode 100644 index 000000000..4ae327ab3 --- /dev/null +++ b/spss/server/serverlib/src/main/resources/resources/wsdl/MOA-SPSS-1.5.2.xsd @@ -0,0 +1,471 @@ + + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + -- cgit v1.2.3