package at.gv.egovernment.moa.id.auth.validator;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import iaik.asn1.structures.Name;
import iaik.utils.RFC2253NameParserException;
import iaik.x509.X509Certificate;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
/**
* This class is used to validate an {@link VerifyXMLSignatureResponse}
* returned by MOA-SPSS
*
* @author Stefan Knirsch
* @version $Id$
*/
public class VerifyXMLSignatureResponseValidator {
/** Identification string for checking identity link */
public static final String CHECK_IDENTITY_LINK = "IdentityLink";
/** Identification string for checking authentication block */
public static final String CHECK_AUTH_BLOCK = "AuthBlock";
/** Singleton instance. null
, if none has been created. */
private static VerifyXMLSignatureResponseValidator instance;
/**
* Constructor for a singleton VerifyXMLSignatureResponseValidator.
*/
public static synchronized VerifyXMLSignatureResponseValidator getInstance()
throws ValidateException {
if (instance == null) {
instance = new VerifyXMLSignatureResponseValidator();
}
return instance;
}
/**
* Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS.
*
* @param verifyXMLSignatureResponse the <VerifyXMLSignatureResponse>
* @param identityLinkSignersSubjectDNNames subject names configured
* @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated
* @throws ValidateException on any validation error
*/
public void validate(
VerifyXMLSignatureResponse verifyXMLSignatureResponse,
String[] identityLinkSignersSubjectDNNames, String whatToCheck)
throws ValidateException {
if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
throw new ValidateException("validator.06", null);
if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
String checkFailedReason ="";
if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1)
checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null);
if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2)
checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null);
if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3)
checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null);
if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4)
checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);
if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5)
checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null);
if (whatToCheck.equals(CHECK_IDENTITY_LINK))
throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
else
throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
}
if (verifyXMLSignatureResponse.isXmlDSIGManigest())
if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0)
throw new ValidateException("validator.08", null);
//Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
if (identityLinkSignersSubjectDNNames != null) {
String subjectDN = "";
X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate();
try {
subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String();
}
catch (RFC2253NameParserException e) {
throw new ValidateException("validator.17", null);
}
boolean found = false;
for (int i = 0; i < identityLinkSignersSubjectDNNames.length; i++) {
if (identityLinkSignersSubjectDNNames[i].equals(subjectDN))
found = true;
}
if (!found)
throw new ValidateException(
"validator.18",
new Object[] { subjectDN });
}
}
/**
* Method validateCertificate.
* @param vsr is the VerifyXMLSignatureResponse
* @param idl
* @throws ValidateException
*/
public void validateCertificate(
VerifyXMLSignatureResponse verifyXMLSignatureResponse,
IdentityLink idl)
throws ValidateException {
X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey();
RSAPublicKey pubKeyResponse = (RSAPublicKey) x509Response.getPublicKey();
boolean found = false;
for (int i = 0; i < pubKeysIdentityLink.length; i++) {
if (idl.getPublicKey()[i]
instanceof java.security.interfaces.RSAPublicKey) {
/* for (int j = 0;
j < idl.getPublicKey()[i].getClass().getInterfaces().length;
j++) {
if (idl.getPublicKey()[i].getClass().getInterfaces()[j].getName()
.equals("java.security.interfaces.RSAPublicKey")) {*/
RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i];
if (rsakey.getModulus().equals(pubKeyResponse.getModulus())
&& rsakey.getPublicExponent().equals(
pubKeyResponse.getPublicExponent()))
found = true;
}
}
if (!found)
throw new ValidateException("validator.09", null);
}
}