aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2015-11-05 14:01:45 +0100
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2015-11-05 14:01:45 +0100
commit6c09d652d6317d1514924518c3186470498247a9 (patch)
tree02347bacaf505431c03cda6accc1316307bc3729
parent0872d2d8a64fd701776b272f49222428d8def07f (diff)
downloadmoa-sig-6c09d652d6317d1514924518c3186470498247a9.tar.gz
moa-sig-6c09d652d6317d1514924518c3186470498247a9.tar.bz2
moa-sig-6c09d652d6317d1514924518c3186470498247a9.zip
PDF-AS integration, AdES Form validation results from IAIK-MOA, for XAdES
-rw-r--r--moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java2
-rw-r--r--moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.1.xsd354
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java3
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java42
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java266
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java33
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java17
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java7
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java8
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java1288
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java8
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java20
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java9
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java2
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java2
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java1
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java23
-rw-r--r--moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd7
23 files changed, 1318 insertions, 794 deletions
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index e288cfe..5fc0d4d 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -101,7 +101,7 @@ public interface Constants {
/** Local location of the MOA configuration XML schema definition. */
public static final String MOA_CONFIG_SCHEMA_LOCATION =
- SCHEMA_ROOT + "MOA-SPSS-config-2.0.0.xsd";
+ SCHEMA_ROOT + "MOA-SPSS-config-2.0.1.xsd";
/** Local location of the MOA ID configuration XML schema definition. */
public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.1.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.1.xsd
new file mode 100644
index 0000000..d202ac9
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.1.xsd
@@ -0,0 +1,354 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ MOA SP/SS 1.5.1 Configuration Schema
+-->
+<xs:schema xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xs:element name="MOAConfiguration">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Common" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="PDFASConfig" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:choice>
+ <xs:element name="PermitExternalUris" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence minOccurs="0">
+ <xs:element name="BlackListUri" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="IP" type="xs:string"/>
+ <xs:element name="Port" type="xs:int" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="ForbidExternalUris" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="WhiteListUri" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="IP" type="xs:string"/>
+ <xs:element name="Port" type="xs:int" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureCreation" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModules">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="HardwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SoftwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="FileName" type="xs:string"/>
+ <xs:element name="Password" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroup" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="Key">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModuleId" type="xs:token"/>
+ <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ <xs:element name="DigestMethodAlgorithm" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+ <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="XMLDSig">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="XAdES" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Version">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="1.4.2"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureVerification" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CertificateValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="PathConstruction">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="AutoAddCertificates" type="xs:boolean"/>
+ <xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
+ <xs:element name="CertificateStore">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element name="DirectoryStore">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Location" type="xs:token"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="PathValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="ChainingMode">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="DefaultMode" type="config:ChainingModeType"/>
+ <xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Identification" type="dsig:X509IssuerSerialType"/>
+ <xs:element name="Mode" type="config:ChainingModeType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TrustProfile" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
+ <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="EUTSL" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CountrySelection" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <!--
+ <xs:element name="TSLTrustProfile">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
+ <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="EUTSL" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CountrySelection" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ -->
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="RevocationChecking">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="EnableChecking" type="xs:boolean"/>
+ <xs:element name="MaxRevocationAge" type="xs:integer"/>
+ <xs:element name="ServiceOrder" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence maxOccurs="2">
+ <xs:element name="Service">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="OCSP"/>
+ <xs:enumeration value="CRL"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Archiving">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="EnableArchiving" type="xs:boolean"/>
+ <xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>
+ <xs:element name="Archive" minOccurs="0">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element name="DatabaseArchive">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="JDBCURL" type="xs:anyURI"/>
+ <xs:element name="JDBCDriverClassName" type="xs:token"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CAIssuerDN" type="xs:token"/>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="CRLDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Location" type="xs:anyURI"/>
+ <xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="unused"/>
+ <xs:enumeration value="keyCompromise"/>
+ <xs:enumeration value="cACompromise"/>
+ <xs:enumeration value="affiliationChanged"/>
+ <xs:enumeration value="superseded"/>
+ <xs:enumeration value="cessationOfOperation"/>
+ <xs:enumeration value="certificateHold"/>
+ <xs:enumeration value="privilegeWithdrawn"/>
+ <xs:enumeration value="aACompromise"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="OCSPDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Location" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="CrlRetentionIntervals" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="CA">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="X509IssuerName" type="xs:string"/>
+ <xs:element name="Interval" type="xs:integer"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TSLConfiguration" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="EUTSLUrl" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="UpdateSchedule" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="StartTime" type="xs:time"/>
+ <xs:element name="Period" type="xs:unsignedLong"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="WorkingDirectory" type="xs:anyURI" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:simpleType name="ChainingModeType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="chaining"/>
+ <xs:enumeration value="pkix"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:complexType name="ProfileType">
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Location" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 4c57b13..b725422 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -797,7 +797,8 @@ public abstract class SPSSFactory {
ReferencesCheckResult signatureCheck,
ReferencesCheckResult signatureManifestCheck,
List xmlDsigManifestChecks,
- CheckResult certificateCheck);
+ CheckResult certificateCheck,
+ List adesFormResults);
/**
* Create a new <code>ReferencesCheckResult</code> object.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java
new file mode 100644
index 0000000..c186c54
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
+
+public class AdESFormResultsImpl implements AdESFormResults {
+
+ private Integer code;
+ private String info;
+ private String name;
+
+ public synchronized void setCode(Integer code) {
+ this.code = code;
+ }
+
+ public synchronized void setInfo(String info) {
+ this.info = info;
+ }
+
+ public synchronized void setName(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public Integer getCode() {
+ return this.code;
+ }
+
+ @Override
+ public String getInfo() {
+ return this.info;
+ }
+
+ @Override
+ public String getName() {
+ return this.name;
+ }
+
+ @Override
+ public String toString() {
+ return "AdESFormResultsImpl [code=" + code + ", info=" + info + ", name=" + name + "]";
+ }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index ac3d4c9..8a46219 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -453,7 +453,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
ReferencesCheckResult signatureCheck,
ReferencesCheckResult signatureManifestCheck,
List xmlDsigManifestChecks,
- CheckResult certificateCheck) {
+ CheckResult certificateCheck,
+ List adesFormResults) {
VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse =
new VerifyXMLSignatureResponseImpl();
verifyXMLSignatureResponse.setSignerInfo(signerInfo);
@@ -464,7 +465,7 @@ public class SPSSFactoryImpl extends SPSSFactory {
signatureManifestCheck);
verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
verifyXMLSignatureResponse.setCertificateCheck(certificateCheck);
-
+ verifyXMLSignatureResponse.setAdESFormResults(adesFormResults);
return verifyXMLSignatureResponse;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
index 46fd517..bfee774 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -21,7 +21,6 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.spss.api.impl;
import java.util.ArrayList;
@@ -37,130 +36,145 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
* @author Fatemeh Philippi
* @version $Id$
*/
-public class VerifyXMLSignatureResponseImpl
- implements VerifyXMLSignatureResponse {
-
- /** Information about the signer certificate. */
- private SignerInfo signerInfo;
-
- /**
- * The hash input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
- * */
- private List hashInputDatas = new ArrayList();
-
- /**
- * The reference input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
- * */
- private List referenceInputDatas = new ArrayList();
-
- /** Information about the signature check. */
- private ReferencesCheckResult signatureCheck;
- /** Information about the signature manifest check. */
- private ReferencesCheckResult signatureManifestCheck;
- /** Information about the XMLDsig manifest check. */
- private List xmlDsigManifestChecks = new ArrayList();
- /** Information about the certificate check. */
- private CheckResult certificateCheck;
-
- /**
- * Sets information about the signer certificate.
- *
- * @param signerInfo Information about the signer certificate.
- */
- public void setSignerInfo(SignerInfo signerInfo) {
- this.signerInfo = signerInfo;
- }
-
- public SignerInfo getSignerInfo() {
- return signerInfo;
- }
-
- /**
- * Sets data signed by the signatory.
- *
- * @param hashInputDatas The signed datas.
- */
- public void setHashInputDatas(List hashInputDatas) {
- this.hashInputDatas =
- hashInputDatas != null
- ? Collections.unmodifiableList(new ArrayList(hashInputDatas))
- : null;
- }
-
- public List getHashInputDatas() {
- return hashInputDatas;
- }
-
- /**
- * Sets the source data elements.
- *
- * @param referenceInputDatas The source data elements.
- */
- public void setReferenceInputDatas(List referenceInputDatas) {
- this.referenceInputDatas =
- referenceInputDatas != null
- ? Collections.unmodifiableList(new ArrayList(referenceInputDatas))
- : null;
- }
-
- public List getReferenceInputDatas() {
- return referenceInputDatas;
- }
-
- /**
- * Sets the result of the signature verification.
- *
- * @param signatureCheck The result of the signature verification.
- */
- public void setSignatureCheck(ReferencesCheckResult signatureCheck) {
- this.signatureCheck = signatureCheck;
- }
-
- public ReferencesCheckResult getSignatureCheck() {
- return signatureCheck;
- }
-
- /**
- * Sets the result of the signature manifest verification.
- *
- * @param signatureManifestCheck The result of the signature manifest verification.
- */
- public void setSignatureManifestCheck(ReferencesCheckResult signatureManifestCheck) {
- this.signatureManifestCheck = signatureManifestCheck;
- }
-
- public ReferencesCheckResult getSignatureManifestCheck() {
- return signatureManifestCheck;
- }
-
- /**
- * Sets the result of the certification verification.
- *
- * @param certificateCheck The result of the certificate verification.
- */
- public void setCertificateCheck(CheckResult certificateCheck) {
- this.certificateCheck = certificateCheck;
- }
-
- public CheckResult getCertificateCheck() {
- return certificateCheck;
- }
-
-
- /**
- * Sets the XMLDSigManifestChecks.
- *
- * @param xmlDsigManifestChecks The XMLDSigManifestChecks.
- */
- public void setXMLDsigManifestChecks(List xmlDsigManifestChecks) {
- this.xmlDsigManifestChecks =
- xmlDsigManifestChecks != null
- ? Collections.unmodifiableList(new ArrayList(xmlDsigManifestChecks))
- : null;
- }
-
- public List getXMLDsigManifestChecks() {
- return xmlDsigManifestChecks;
- }
+public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureResponse {
+
+ /** Information about the signer certificate. */
+ private SignerInfo signerInfo;
+
+ /**
+ * The hash input data objects. The list consists of
+ * {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
+ */
+ private List hashInputDatas = new ArrayList();
+
+ /**
+ * The reference input data objects. The list consists of
+ * {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
+ */
+ private List referenceInputDatas = new ArrayList();
+
+ /**
+ * The list of form validation results
+ */
+ private List adesFormResults = new ArrayList();
+
+ /** Information about the signature check. */
+ private ReferencesCheckResult signatureCheck;
+ /** Information about the signature manifest check. */
+ private ReferencesCheckResult signatureManifestCheck;
+ /** Information about the XMLDsig manifest check. */
+ private List xmlDsigManifestChecks = new ArrayList();
+ /** Information about the certificate check. */
+ private CheckResult certificateCheck;
+
+ /**
+ * Sets information about the signer certificate.
+ *
+ * @param signerInfo
+ * Information about the signer certificate.
+ */
+ public void setSignerInfo(SignerInfo signerInfo) {
+ this.signerInfo = signerInfo;
+ }
+
+ public SignerInfo getSignerInfo() {
+ return signerInfo;
+ }
+
+ /**
+ * Sets data signed by the signatory.
+ *
+ * @param hashInputDatas
+ * The signed datas.
+ */
+ public void setHashInputDatas(List hashInputDatas) {
+ this.hashInputDatas = hashInputDatas != null ? Collections.unmodifiableList(new ArrayList(hashInputDatas))
+ : null;
+ }
+
+ public List getHashInputDatas() {
+ return hashInputDatas;
+ }
+
+ /**
+ * Sets the source data elements.
+ *
+ * @param referenceInputDatas
+ * The source data elements.
+ */
+ public void setReferenceInputDatas(List referenceInputDatas) {
+ this.referenceInputDatas = referenceInputDatas != null
+ ? Collections.unmodifiableList(new ArrayList(referenceInputDatas)) : null;
+ }
+
+ public List getReferenceInputDatas() {
+ return referenceInputDatas;
+ }
+
+ /**
+ * Sets the result of the signature verification.
+ *
+ * @param signatureCheck
+ * The result of the signature verification.
+ */
+ public void setSignatureCheck(ReferencesCheckResult signatureCheck) {
+ this.signatureCheck = signatureCheck;
+ }
+
+ public ReferencesCheckResult getSignatureCheck() {
+ return signatureCheck;
+ }
+
+ /**
+ * Sets the result of the signature manifest verification.
+ *
+ * @param signatureManifestCheck
+ * The result of the signature manifest verification.
+ */
+ public void setSignatureManifestCheck(ReferencesCheckResult signatureManifestCheck) {
+ this.signatureManifestCheck = signatureManifestCheck;
+ }
+
+ public ReferencesCheckResult getSignatureManifestCheck() {
+ return signatureManifestCheck;
+ }
+
+ /**
+ * Sets the result of the certification verification.
+ *
+ * @param certificateCheck
+ * The result of the certificate verification.
+ */
+ public void setCertificateCheck(CheckResult certificateCheck) {
+ this.certificateCheck = certificateCheck;
+ }
+
+ public CheckResult getCertificateCheck() {
+ return certificateCheck;
+ }
+
+ /**
+ * Sets the XMLDSigManifestChecks.
+ *
+ * @param xmlDsigManifestChecks
+ * The XMLDSigManifestChecks.
+ */
+ public void setXMLDsigManifestChecks(List xmlDsigManifestChecks) {
+ this.xmlDsigManifestChecks = xmlDsigManifestChecks != null
+ ? Collections.unmodifiableList(new ArrayList(xmlDsigManifestChecks)) : null;
+ }
+
+ public List getXMLDsigManifestChecks() {
+ return xmlDsigManifestChecks;
+ }
+
+ public void setAdESFormResults(List adesFormResults) {
+ this.adesFormResults = adesFormResults;
+ }
+
+ @Override
+ public List getAdESFormResults() {
+ return this.adesFormResults;
+ }
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index b5ec20f..eaafe00 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -286,4 +286,37 @@ public class ResponseBuilderUtils {
root.appendChild(codeInfoElem);
}
+ /**
+ * Add an element containing <code>Code</code> and <code>Info</code>
+ * subelements.
+ *
+ * @param response The response document, in order to create new elements in
+ * it.
+ * @param root The root element into which to insert the newly created
+ * element.
+ * @param elementName The name of the newly created element.
+ * @param code The content of the <code>Code</code> subelement.
+ * @param info The content of the <code>Info</code> subelement.
+ */
+ public static void addFormCheckElement(
+ Document response,
+ Element root,
+ String elementName,
+ int code,
+ String name) {
+
+ Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+ Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+ Element infoElem;
+
+ codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+ codeInfoElem.appendChild(codeElem);
+
+ infoElem = response.createElementNS(MOA_NS_URI, "Name");
+ infoElem.appendChild(response.createTextNode(name));
+ codeInfoElem.appendChild(infoElem);
+
+ root.appendChild(codeInfoElem);
+ }
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index dd4e13a..27a42c8 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -42,6 +42,7 @@ import at.gv.egovernment.moa.spss.api.common.Content;
import at.gv.egovernment.moa.spss.api.common.ContentBinary;
import at.gv.egovernment.moa.spss.api.common.ContentXML;
import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
@@ -150,6 +151,22 @@ public class VerifyXMLSignatureResponseBuilder {
response.getCertificateCheck().getInfo());
+ if(response.getAdESFormResults() != null) {
+
+ Iterator formIterator = response.getAdESFormResults().iterator();
+
+ while(formIterator.hasNext()) {
+ AdESFormResults adESFormResult = (AdESFormResults)formIterator.next();
+ // add the CertificateCheck
+ ResponseBuilderUtils.addFormCheckElement(
+ responseDoc,
+ responseElem,
+ "FormCheckResult",
+ adESFormResult.getCode().intValue(),
+ adESFormResult.getName());
+
+ }
+ }
return responseDoc;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java
new file mode 100644
index 0000000..e12c39b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+public interface AdESFormResults {
+ public Integer getCode();
+ public String getInfo();
+ public String getName();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
index d107dc9..63c496a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -81,7 +81,14 @@ public interface VerifyXMLSignatureResponse {
*/
public CheckResult getCertificateCheck();
-
+ /**
+ * Gets AdES Form results
+ *
+ * This might be null!
+ *
+ * @return The result of the AdES Form validation
+ */
+ public List getAdESFormResults();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index af67d30..cb840ae 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -102,7 +102,7 @@ public class ConfigurationPartsBuilder {
private static final String ROOT = "/" + CONF + "MOAConfiguration/";
private static final String PDFAS_CONFIGURATION_XPATH =
- ROOT + CONF + "PDFASConfig";
+ ROOT + CONF + "Common/" + CONF + "PDFASConfig";
private static final String DIGEST_METHOD_XPATH =
ROOT + CONF + "SignatureCreation/"
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
index f4c9126..0ad3d79 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -172,6 +172,6 @@ public class XMLSignatureVerificationProfileImpl
@Override
public String getTargetLevel() {
- return XMLSignatureVerificationProfile.LEVEL_B;
+ return XMLSignatureVerificationProfile.LEVEL_LTA;
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index f2663cf..37569c5 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -78,7 +78,7 @@ public class SystemInitializer {
private static void runInitializer(ConfigurationProvider configurationProvider) {
Iterator<ExternalInitializer> initializerIterator = initializerServices.iterator();
-
+ logger.info("Running external initializers");
while(initializerIterator.hasNext()) {
ExternalInitializer externalInitializer = initializerIterator.next();
externalInitializer.initialize(configurationProvider);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 9021785..7bcf723 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -100,6 +100,7 @@ public class VerifyXMLSignatureResponseBuilder {
private List xmlDsigManifestChecks;
/** The result of the certificate check. */
private CheckResult certificateCheck;
+ private List adesFormResults = null;
/**
* Get the <code>VerifyMLSignatureResponse</code> built so far.
@@ -114,7 +115,12 @@ public class VerifyXMLSignatureResponseBuilder {
signatureCheck,
signatureManifestCheck,
xmlDsigManifestChecks,
- certificateCheck);
+ certificateCheck,
+ adesFormResults);
+ }
+
+ public void setAdESFormResults(List adesForm) {
+ this.adesFormResults = adesForm;
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 2b158dd..c09740c 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -21,26 +21,8 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.spss.server.invoke;
-import iaik.xml.crypto.utils.URI;
-import iaik.xml.crypto.utils.URIException;
-import iaik.server.modules.IAIKException;
-import iaik.server.modules.IAIKRuntimeException;
-import iaik.server.modules.xml.DataObject;
-import iaik.server.modules.xml.XMLDataObject;
-import iaik.server.modules.xml.XMLSignature;
-import iaik.server.modules.xmlsign.XMLConstants;
-import iaik.server.modules.xmlverify.DsigManifest;
-import iaik.server.modules.xmlverify.ReferenceData;
-import iaik.server.modules.xmlverify.SecurityLayerManifest;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
-import iaik.x509.X509Certificate;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -68,6 +50,7 @@ import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
@@ -90,12 +73,32 @@ import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.spss.util.QCSSCDResult;
import at.gv.egovernment.moa.util.CollectionUtils;
import at.gv.egovernment.moa.util.Constants;
+import iaik.server.modules.AdESFormVerificationResult;
+import iaik.server.modules.AdESVerificationResult;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.SignatureVerificationProfile;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLSignature;
+import iaik.server.modules.xmlsign.XMLConstants;
+import iaik.server.modules.xmlverify.DsigManifest;
+import iaik.server.modules.xmlverify.ExtendedXMLSignatureVerificationResult;
+import iaik.server.modules.xmlverify.ReferenceData;
+import iaik.server.modules.xmlverify.SecurityLayerManifest;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
/**
* A class providing a DOM based interface to the
* <code>XMLSignatureVerificationModule</code>.
*
- * This class performs the invocation of the
+ * This class performs the invocation of the
* <code>iaik.server.modules.xmlverify.XMLSignatureVerificationModule</code>
* from a <code>VerifyXMLSignatureRequest</code> given as a DOM element. The
* result of the invocation is integrated into a
@@ -106,622 +109,635 @@ import at.gv.egovernment.moa.util.Constants;
*/
public class XMLSignatureVerificationInvoker {
- /** The single instance of this class. */
- private static XMLSignatureVerificationInvoker instance = null;
-
- private static Set FILTERED_REF_TYPES;
-
- static {
- FILTERED_REF_TYPES = new HashSet();
- FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
- FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
- FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
- FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
- FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
- }
-
- /**
- * Get the single instance of this class.
- *
- * @return The single instance of this class.
- */
- public static synchronized XMLSignatureVerificationInvoker getInstance() {
- if (instance == null) {
- instance = new XMLSignatureVerificationInvoker();
- }
- return instance;
- }
-
- /**
- * Create a new <code>XMLSignatureCreationInvoker</code>.
- *
- * Protected to disallow multiple instances.
- */
- protected XMLSignatureVerificationInvoker() {
- }
-
- /**
- * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
- * <code>XMLSignatureVerificationModule</code>.
- *
- * @param request A <code>VerifyXMLSignatureRequest<code> API object
- * containing the data for verifying an XML signature.
- * @return A <code>VerifyXMLSignatureResponse</code> containing the
- * answert to the <code>VerifyXMLSignatureRequest</code>.
- * MOA schema definition.
- * @throws MOAException An error occurred during signature verification.
- */
- public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
- throws MOAException {
-
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- LoggingContext loggingCtx =
- LoggingContextManager.getInstance().getLoggingContext();
- XMLSignatureVerificationProfileFactory profileFactory =
- new XMLSignatureVerificationProfileFactory(request);
- VerifyXMLSignatureResponseBuilder responseBuilder =
- new VerifyXMLSignatureResponseBuilder();
- XMLSignatureVerificationResult result;
- XMLSignatureVerificationProfile profile;
- ReferencesCheckResult signatureManifestCheck;
- DataObjectFactory dataObjFactory;
- XMLDataObject signatureEnvironment;
- Node signatureEnvironmentParent = null;
- Element requestElement = null;
- XMLSignature xmlSignature;
- Date signingTime;
- List supplements;
- List dataObjectList;
-
- // get the supplements
- supplements = getSupplements(request);
-
- // build XMLSignature
- dataObjFactory = DataObjectFactory.getInstance();
- signatureEnvironment =
- dataObjFactory.createSignatureEnvironment(
- request.getSignatureInfo().getVerifySignatureEnvironment(),
- supplements);
- xmlSignature = buildXMLSignature(signatureEnvironment, request);
-
- // build the list of DataObjects
- dataObjectList = buildDataObjectList(supplements);
-
- // build profile
- profile = profileFactory.createProfile();
-
- // get the signingTime
- signingTime = request.getDateTime();
-
- // make the signature environment the root of the document, if it is not a
- // separate document anyway; this is done to assure that canonicalization
- // of the signature environment contains the correct namespace declarations
- requestElement =
- signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
- if (requestElement != signatureEnvironment.getElement()) {
- signatureEnvironmentParent =
- signatureEnvironment.getElement().getParentNode();
- requestElement.getOwnerDocument().replaceChild(
- signatureEnvironment.getElement(),
- requestElement);
- }
-
- QCSSCDResult qcsscdresult = new QCSSCDResult();
- String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- TrustProfile tp = config.getTrustProfile(tpID);
-
- // verify the signature
- try {
- XMLSignatureVerificationModule module =
- XMLSignatureVerificationModuleFactory.getInstance();
-
- module.setLog(new IaikLog(loggingCtx.getNodeID()));
-
- result =
- module.verifySignature(
- xmlSignature,
- dataObjectList,
- profile,
- signingTime,
- new TransactionId(context.getTransactionID()));
- } catch (IAIKException e) {
- MOAException moaException = IaikExceptionMapper.getInstance().map(e);
- throw moaException;
- } catch (IAIKRuntimeException e) {
- MOAException moaException = IaikExceptionMapper.getInstance().map(e);
- throw moaException;
- }
-
-
- // QC/SSCD check
- List list = result.getCertificateValidationResult().getCertificateChain();
- if (list != null) {
- X509Certificate[] chain = new X509Certificate[list.size()];
-
- Iterator it = list.iterator();
- int i = 0;
- while(it.hasNext()) {
- chain[i] = (X509Certificate)it.next();
- i++;
- }
-
- qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
- }
-
-
- // get signer certificate issuer country code
- String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
-
- // swap back in the request as root document
- if (requestElement != signatureEnvironment.getElement()) {
- requestElement.getOwnerDocument().replaceChild(
- requestElement,
- signatureEnvironment.getElement());
- signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
- }
-
- // check the result
- signatureManifestCheck =
- validateSignatureManifest(request, result, profile);
-
- // Check if signer certificate is in trust profile's allowed signer certificates pool
- TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
- CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
-
-
- // build the response
- responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
- return responseBuilder.getResponse();
- }
-
- /**
- * Checks if the signer certificate matches one of the allowed signer certificates specified
- * in the provided <code>trustProfile</code>.
- *
- * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
- *
- * @param trustProfile The trust profile the signer certificate is validated against.
- *
- * @return The overal result of the certificate validation for the signer certificate.
- *
- * @throws MOAException if one of the signer certificates specified in the <code>trustProfile</code>
- * cannot be read from the file system.
- */
- private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
- throws MOAException
- {
- MessageProvider msg = MessageProvider.getInstance();
-
- int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
- if (resultCode == 0 && trustProfile.getSignerCertsUri() != null)
- {
- X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult().getCertificateChain().get(0);
-
- File signerCertsDir = null;
- try
- {
- signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
- }
- catch (URIException e)
- {
- throw new MOASystemException("2900", null, e); // Should not happen, already checked at loading the MOA configuration
- }
-
- File[] files = signerCertsDir.listFiles();
- if (files == null) resultCode = 1;
- int i;
- for (i = 0; i < files.length; i++)
- {
- if (!files[i].isDirectory())
- {
- FileInputStream currentFIS = null;
- try
- {
- currentFIS = new FileInputStream(files[i]);
- }
- catch (FileNotFoundException e) {
- throw new MOASystemException("2900", null, e);
- }
-
- try
- {
- X509Certificate currentCert = new X509Certificate(currentFIS);
- currentFIS.close();
- if (currentCert.equals(signerCertificate)) break;
- }
- catch (Exception e)
- {
- // Simply ignore file if it cannot be interpreted as certificate
- String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()});
- Logger.warn(logMsg);
- try
- {
- currentFIS.close();
- }
- catch (IOException e1) {
- // If clean-up fails, do nothing
- }
- }
- }
- }
- if (i >= files.length)
- {
- resultCode = 1; // No signer certificate from the trustprofile pool matches the actual signer certificate
- }
- }
-
- SPSSFactory factory = SPSSFactory.getInstance();
- return factory.createCheckResult(resultCode, null);
- }
-
-
-
- /**
- * Select the <code>dsig:Signature</code> DOM element within the signature
- * environment.
- *
- * @param signatureEnvironment The signature environment containing the
- * <code>dsig:Signature</code>.
- * @param request The <code>VerifyXMLSignatureRequest</code> containing the
- * signature environment.
- * @return The <code>dsig:Signature</code> element wrapped in a
- * <code>XMLSignature</code> object.
- * @throws MOAApplicationException An error occurred locating the
- * <code>dsig:Signature</code>.
- */
- private XMLSignature buildXMLSignature(
- XMLDataObject signatureEnvironment,
- VerifyXMLSignatureRequest request)
- throws MOAApplicationException {
-
- VerifySignatureLocation signatureLocation =
- request.getSignatureInfo().getVerifySignatureLocation();
- Element signatureParent;
-
- // evaluate the VerifySignatureLocation to get the signature parent
- signatureParent =
- InvokerUtils.evaluateSignatureLocation(
- signatureEnvironment.getElement(),
- signatureLocation);
-
- // check for signatureParent to be a dsig:Signature element
- if (!"Signature".equals(signatureParent.getLocalName())
- || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
- throw new MOAApplicationException("2266", null);
- }
-
- return new XMLSignatureImpl(signatureParent);
- }
-
- /**
- * Build the supplemental data objects contained in the
- * <code>VerifyXMLSignatureRequest</code>.
- *
- * @param supplements A <code>List</code> of
- * <code>XMLDataObjectAssociation</code>s containing the supplement data.
- * @return A <code>List</code> of <code>DataObject</code>s representing the
- * supplemental data objects.
- * @throws MOASystemException A system error occurred building one of the data
- * objects.
- * @throws MOAApplicationException An error occurred building one of the data
- * objects.
- */
- private List buildDataObjectList(List supplements)
- throws MOASystemException, MOAApplicationException {
- List dataObjectList = new ArrayList();
-
- DataObjectFactory factory = DataObjectFactory.getInstance();
- DataObject dataObject;
- Iterator iter;
-
- if (supplements != null) {
- for (iter = supplements.iterator(); iter.hasNext();) {
- XMLDataObjectAssociation supplement =
- (XMLDataObjectAssociation) iter.next();
- dataObject =
- factory.createFromXmlDataObjectAssociation(supplement, true, false);
- dataObjectList.add(dataObject);
- }
- }
-
- return dataObjectList;
-
- }
-
- /**
- * Get the supplemental data contained in the
- * <code>VerifyXMLSignatureRequest</code>.
- *
- * @param request The <code>VerifyXMLSignatureRequest</code> containing the
- * supplemental data.
- * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>
- * objects containing the supplemental data.
- * @throws MOAApplicationException An error occurred resolving one of the
- * supplement profiles.
- */
- private List getSupplements(VerifyXMLSignatureRequest request)
- throws MOAApplicationException {
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- ConfigurationProvider config = context.getConfiguration();
- List supplementProfiles = request.getSupplementProfiles();
-
- List supplements = new ArrayList();
-
- if (supplementProfiles != null) {
-
- List mappedProfiles =
- ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
- Iterator iter;
-
- for (iter = mappedProfiles.iterator(); iter.hasNext();) {
- SupplementProfileExplicit profile =
- (SupplementProfileExplicit) iter.next();
- supplements.add(profile.getSupplementProfile());
- }
-
- }
- return supplements;
- }
-
- /**
- * Perform additional validations of the
- * <code>XMLSignatureVerificationResult</code>.
- *
- * <p> In particular, it is verified that:
- * <ul>
- * <li>Each <code>ReferenceData</code> object contains transformation
- * chain that matches one of the <code>Transforms</code> given in the
- * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code></li>
- * <li>The hash values of the <code>TransformParameter</code>s are valid.
- * </li>
- * </ul>
- * </p>
- *
- * @param request The <code>VerifyXMLSignatureRequest</code> containing the
- * signature to verify.
- * @param result The result produced by
- * <code>XMLSignatureVerificationModule</code>.
- * @param profile The profile used for validating the <code>request</code>.
- * @return The result of additional validations of the signature manifest.
- * @throws MOAApplicationException Post-validation of the
- * <code>XMLSignatureVerificaitonResult</code> failed.
- */
- private ReferencesCheckResult validateSignatureManifest(
- VerifyXMLSignatureRequest request,
- XMLSignatureVerificationResult result,
- XMLSignatureVerificationProfile profile)
- throws MOAApplicationException {
-
- SPSSFactory factory = SPSSFactory.getInstance();
- MessageProvider msg = MessageProvider.getInstance();
-
- // validate that each ReferenceData object contains transforms specified
- // in the corresponding SignatureManifestCheckParams/ReferenceInfo
- if (request.getSignatureManifestCheckParams() != null) {
- List refInfos =
- request.getSignatureManifestCheckParams().getReferenceInfos();
- List refDatas = filterReferenceInfos(result.getReferenceDataList());
- List failedReferencesList = new ArrayList();
- Iterator refInfoIter;
- Iterator refDataIter;
-
- if (refInfos.size() != refDatas.size()) {
- return factory.createReferencesCheckResult(1, null);
- }
-
- refInfoIter = refInfos.iterator();
- refDataIter =
- filterReferenceInfos(result.getReferenceDataList()).iterator();
-
- while (refInfoIter.hasNext()) {
- ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
- ReferenceData refData = (ReferenceData) refDataIter.next();
- List transforms = buildTransformsList(refInfo);
- boolean found = false;
- Iterator trIter;
-
- for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
- found = trIter.next().equals(refData.getTransformationList());
- }
-
- if (!found) {
- Integer refIndex = new Integer(refData.getReferenceIndex());
- String logMsg =
- msg.getMessage("invoker.01", new Object[] { refIndex });
-
- failedReferencesList.add(refIndex);
- Logger.debug(new LogMsg(logMsg));
- }
- }
-
- if (!failedReferencesList.isEmpty()) {
- // at least one reference failed - return their indexes and check code 1
- int[] failedReferences =
- CollectionUtils.toIntArray(failedReferencesList);
- ReferencesCheckResultInfo checkInfo =
- factory.createReferencesCheckResultInfo(null, failedReferences);
-
- return factory.createReferencesCheckResult(1, checkInfo);
- }
- }
-
- // validate the hashes contained in all the ReferenceInfo objects of the
- // security layer manifest
- if (request.getSignatureManifestCheckParams() != null
- && result.containsSecurityLayerManifest()) {
- Map hashValues = buildTransformParameterHashValues(request);
- Set transformParameterURIs =
- buildTransformParameterURIs(profile.getTransformationSupplements());
- List referenceInfoList =
- result.getSecurityLayerManifest().getReferenceDataList();
- Iterator refIter;
-
- for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
- iaik.server.modules.xmlverify.ReferenceInfo ref =
- (iaik.server.modules.xmlverify.ReferenceInfo) refIter.next();
- byte[] hash = (byte[]) hashValues.get(ref.getURI());
-
- if (!transformParameterURIs.contains(ref.getURI())
- || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
-
- // the transform parameter doesn't exist or the hashs do not match
- // return the index of the failed reference and check code 1
- int[] failedReferences = new int[] { ref.getReferenceIndex()};
- ReferencesCheckResultInfo checkInfo =
- factory.createReferencesCheckResultInfo(null, failedReferences);
- String logMsg =
- msg.getMessage(
- "invoker.02",
- new Object[] { new Integer(ref.getReferenceIndex())});
-
- Logger.debug(new LogMsg(logMsg));
-
- return factory.createReferencesCheckResult(1, checkInfo);
- }
- }
- }
-
- return factory.createReferencesCheckResult(0, null);
- }
-
- /**
- * Get all <code>Transform</code>s contained in all the
- * <code>VerifyTransformsInfoProfile</code>s of the given
- * <code>ReferenceInfo</code>.
- *
- * @param refInfo The <code>ReferenceInfo</code> object containing
- * the transformations.
- * @return A <code>List</code> of <code>List</code>s. Each of the
- * <code>List</code>s contains <code>Transformation</code> objects.
- * @throws MOAApplicationException An error occurred building one of the
- * <code>Transformation</code>s.
- */
- private List buildTransformsList(ReferenceInfo refInfo)
- throws MOAApplicationException {
-
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- ConfigurationProvider config = context.getConfiguration();
- List profiles = refInfo.getVerifyTransformsInfoProfiles();
- List mappedProfiles =
- ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
- List transformsList = new ArrayList();
- TransformationFactory factory = TransformationFactory.getInstance();
- Iterator iter;
-
- for (iter = mappedProfiles.iterator(); iter.hasNext();) {
- VerifyTransformsInfoProfileExplicit profile =
- (VerifyTransformsInfoProfileExplicit) iter.next();
- List transforms = profile.getTransforms();
-
- if (transforms != null) {
- transformsList.add(factory.createTransformationList(transforms));
- }
- }
-
- return transformsList;
- }
-
- /**
- * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
- *
- * @param transformParameters The <code>List</code> of
- * <code>TransformParameter</code>s, as provided to the verification.
- * @return The <code>Set</code> of all <code>TransformParameter</code> URIs.
- */
- private Set buildTransformParameterURIs(List transformParameters) {
- Set uris = new HashSet();
- Iterator iter;
-
- for (iter = transformParameters.iterator(); iter.hasNext();) {
- DataObject transformParameter = (DataObject) iter.next();
- uris.add(transformParameter.getURI());
- }
-
- return uris;
- }
-
- /**
- * Build a mapping between <code>TransformParameter</code> URIs (a
- * <code>String</code> and <code>dsig:HashValue</code> (a
- * <code>byte[]</code>).
- *
- * @param request The <code>VerifyXMLSignatureRequest</code>.
- * @return Map The resulting mapping.
- * @throws MOAApplicationException An error occurred accessing one of
- * the profiles.
- */
- private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request)
- throws MOAApplicationException {
-
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- ConfigurationProvider config = context.getConfiguration();
- Map hashValues = new HashMap();
- List refInfos =
- request.getSignatureManifestCheckParams().getReferenceInfos();
- Iterator refIter;
-
- for (refIter = refInfos.iterator(); refIter.hasNext();) {
- ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
- List profiles = refInfo.getVerifyTransformsInfoProfiles();
- List mappedProfiles =
- ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
- Iterator prIter;
-
- for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
- VerifyTransformsInfoProfileExplicit profile =
- (VerifyTransformsInfoProfileExplicit) prIter.next();
- List trParameters = profile.getTransformParameters();
- Iterator trIter;
-
- for (trIter = trParameters.iterator(); trIter.hasNext();) {
- TransformParameter transformParameter =
- (TransformParameter) trIter.next();
- String uri = transformParameter.getURI();
-
- if (transformParameter.getTransformParameterType()
- == TransformParameter.HASH_TRANSFORMPARAMETER) {
- hashValues.put(
- uri,
- ((TransformParameterHash) transformParameter).getDigestValue());
- }
-
- }
- }
- }
- return hashValues;
- }
-
- /**
- * Filter the <code>ReferenceInfo</code>s returned by the
- * <code>VerifyXMLSignatureResult</code> for comparison with the
- * <code>ReferenceInfo</code> elements in the request.
- *
- * @param referenceInfos The <code>ReferenceInfo</code>s from the
- * <code>VerifyXMLSignatureResult</code>.
- * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type
- * is not a XMLDsig manifest, Security Layer manifest, or ETSI signed
- * property.
- */
- private List filterReferenceInfos(List referenceInfos) {
- List filtered = new ArrayList();
- Iterator iter;
-
- for (iter = referenceInfos.iterator(); iter.hasNext();) {
- iaik.server.modules.xmlverify.ReferenceInfo refInfo =
- (iaik.server.modules.xmlverify.ReferenceInfo) iter.next();
- String refType = refInfo.getReferenceType();
-
- if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
- filtered.add(refInfo);
- }
- }
-
- return filtered;
- }
+ /** The single instance of this class. */
+ private static XMLSignatureVerificationInvoker instance = null;
+
+ private static Set FILTERED_REF_TYPES;
+
+ static {
+ FILTERED_REF_TYPES = new HashSet();
+ FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
+ FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
+ FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
+ FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
+ FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
+ }
+
+ /**
+ * Get the single instance of this class.
+ *
+ * @return The single instance of this class.
+ */
+ public static synchronized XMLSignatureVerificationInvoker getInstance() {
+ if (instance == null) {
+ instance = new XMLSignatureVerificationInvoker();
+ }
+ return instance;
+ }
+
+ /**
+ * Create a new <code>XMLSignatureCreationInvoker</code>.
+ *
+ * Protected to disallow multiple instances.
+ */
+ protected XMLSignatureVerificationInvoker() {
+ }
+
+ /**
+ * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
+ * <code>XMLSignatureVerificationModule</code>.
+ *
+ * @param request
+ * A <code>VerifyXMLSignatureRequest<code> API object
+ * containing the data for verifying an XML signature.
+ * @return A <code>VerifyXMLSignatureResponse</code> containing the answert
+ * to the <code>VerifyXMLSignatureRequest</code>. MOA schema
+ * definition.
+ * @throws MOAException
+ * An error occurred during signature verification.
+ */
+ public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) throws MOAException {
+
+ TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+ LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
+ XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request);
+ VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder();
+ ExtendedXMLSignatureVerificationResult result;
+ XMLSignatureVerificationProfile profile;
+ ReferencesCheckResult signatureManifestCheck;
+ DataObjectFactory dataObjFactory;
+ XMLDataObject signatureEnvironment;
+ Node signatureEnvironmentParent = null;
+ Element requestElement = null;
+ XMLSignature xmlSignature;
+ Date signingTime;
+ List supplements;
+ List dataObjectList;
+
+ // get the supplements
+ supplements = getSupplements(request);
+
+ // build XMLSignature
+ dataObjFactory = DataObjectFactory.getInstance();
+ signatureEnvironment = dataObjFactory
+ .createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements);
+ xmlSignature = buildXMLSignature(signatureEnvironment, request);
+
+ // build the list of DataObjects
+ dataObjectList = buildDataObjectList(supplements);
+
+ // build profile
+ profile = profileFactory.createProfile();
+
+ // get the signingTime
+ signingTime = request.getDateTime();
+
+ // make the signature environment the root of the document, if it is not
+ // a
+ // separate document anyway; this is done to assure that
+ // canonicalization
+ // of the signature environment contains the correct namespace
+ // declarations
+ requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
+ if (requestElement != signatureEnvironment.getElement()) {
+ signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode();
+ requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement);
+ }
+
+ QCSSCDResult qcsscdresult = new QCSSCDResult();
+ String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ TrustProfile tp = config.getTrustProfile(tpID);
+
+ // verify the signature
+ try {
+ XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance();
+
+ module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+ result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime,
+ new TransactionId(context.getTransactionID()));
+ } catch (IAIKException e) {
+ MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+ throw moaException;
+ } catch (IAIKRuntimeException e) {
+ MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+ throw moaException;
+ }
+
+ List adesResults = getAdESResult(result.getFormVerificationResult());
+
+ if (adesResults != null) {
+ Iterator adesIterator = adesResults.iterator();
+ while (adesIterator.hasNext()) {
+ Logger.info("ADES Formresults: " + adesIterator.next().toString());
+ }
+ }
+
+ responseBuilder.setAdESFormResults(adesResults);
+
+ // QC/SSCD check
+ List list = result.getXMLSignatureVerificationResult().getCertificateValidationResult().getCertificateChain();
+ if (list != null) {
+ X509Certificate[] chain = new X509Certificate[list.size()];
+
+ Iterator it = list.iterator();
+ int i = 0;
+ while (it.hasNext()) {
+ chain[i] = (X509Certificate) it.next();
+ i++;
+ }
+
+ qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
+ }
+
+ // get signer certificate issuer country code
+ String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
+
+ // swap back in the request as root document
+ if (requestElement != signatureEnvironment.getElement()) {
+ requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement());
+ signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
+ }
+
+ // check the result
+ signatureManifestCheck = validateSignatureManifest(request, result.getXMLSignatureVerificationResult(),
+ profile);
+
+ // Check if signer certificate is in trust profile's allowed signer
+ // certificates pool
+ TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+ CheckResult certificateCheck = validateSignerCertificate(result.getXMLSignatureVerificationResult(),
+ trustProfile);
+
+ // build the response
+ responseBuilder.setResult(result.getXMLSignatureVerificationResult(), profile, signatureManifestCheck,
+ certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(),
+ qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
+ return responseBuilder.getResponse();
+ }
+
+ /**
+ * Checks if the signer certificate matches one of the allowed signer
+ * certificates specified in the provided <code>trustProfile</code>.
+ *
+ * @param result
+ * The result produced by the
+ * <code>XMLSignatureVerificationModule</code>.
+ *
+ * @param trustProfile
+ * The trust profile the signer certificate is validated against.
+ *
+ * @return The overal result of the certificate validation for the signer
+ * certificate.
+ *
+ * @throws MOAException
+ * if one of the signer certificates specified in the
+ * <code>trustProfile</code> cannot be read from the file
+ * system.
+ */
+ private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
+ throws MOAException {
+ MessageProvider msg = MessageProvider.getInstance();
+
+ int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
+ if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) {
+ X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult()
+ .getCertificateChain().get(0);
+
+ File signerCertsDir = null;
+ try {
+ signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
+ } catch (URIException e) {
+ throw new MOASystemException("2900", null, e); // Should not
+ // happen,
+ // already
+ // checked at
+ // loading the
+ // MOA
+ // configuration
+ }
+
+ File[] files = signerCertsDir.listFiles();
+ if (files == null)
+ resultCode = 1;
+ int i;
+ for (i = 0; i < files.length; i++) {
+ if (!files[i].isDirectory()) {
+ FileInputStream currentFIS = null;
+ try {
+ currentFIS = new FileInputStream(files[i]);
+ } catch (FileNotFoundException e) {
+ throw new MOASystemException("2900", null, e);
+ }
+
+ try {
+ X509Certificate currentCert = new X509Certificate(currentFIS);
+ currentFIS.close();
+ if (currentCert.equals(signerCertificate))
+ break;
+ } catch (Exception e) {
+ // Simply ignore file if it cannot be interpreted as
+ // certificate
+ String logMsg = msg.getMessage("invoker.03",
+ new Object[] { trustProfile.getId(), files[i].getName() });
+ Logger.warn(logMsg);
+ try {
+ currentFIS.close();
+ } catch (IOException e1) {
+ // If clean-up fails, do nothing
+ }
+ }
+ }
+ }
+ if (i >= files.length) {
+ resultCode = 1; // No signer certificate from the trustprofile
+ // pool matches the actual signer certificate
+ }
+ }
+
+ SPSSFactory factory = SPSSFactory.getInstance();
+ return factory.createCheckResult(resultCode, null);
+ }
+
+ /**
+ * Select the <code>dsig:Signature</code> DOM element within the signature
+ * environment.
+ *
+ * @param signatureEnvironment
+ * The signature environment containing the
+ * <code>dsig:Signature</code>.
+ * @param request
+ * The <code>VerifyXMLSignatureRequest</code> containing the
+ * signature environment.
+ * @return The <code>dsig:Signature</code> element wrapped in a
+ * <code>XMLSignature</code> object.
+ * @throws MOAApplicationException
+ * An error occurred locating the <code>dsig:Signature</code>.
+ */
+ private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment, VerifyXMLSignatureRequest request)
+ throws MOAApplicationException {
+
+ VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation();
+ Element signatureParent;
+
+ // evaluate the VerifySignatureLocation to get the signature parent
+ signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(), signatureLocation);
+
+ // check for signatureParent to be a dsig:Signature element
+ if (!"Signature".equals(signatureParent.getLocalName())
+ || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
+ throw new MOAApplicationException("2266", null);
+ }
+
+ return new XMLSignatureImpl(signatureParent);
+ }
+
+ /**
+ * Build the supplemental data objects contained in the
+ * <code>VerifyXMLSignatureRequest</code>.
+ *
+ * @param supplements
+ * A <code>List</code> of <code>XMLDataObjectAssociation</code>s
+ * containing the supplement data.
+ * @return A <code>List</code> of <code>DataObject</code>s representing the
+ * supplemental data objects.
+ * @throws MOASystemException
+ * A system error occurred building one of the data objects.
+ * @throws MOAApplicationException
+ * An error occurred building one of the data objects.
+ */
+ private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException {
+ List dataObjectList = new ArrayList();
+
+ DataObjectFactory factory = DataObjectFactory.getInstance();
+ DataObject dataObject;
+ Iterator iter;
+
+ if (supplements != null) {
+ for (iter = supplements.iterator(); iter.hasNext();) {
+ XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next();
+ dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false);
+ dataObjectList.add(dataObject);
+ }
+ }
+
+ return dataObjectList;
+
+ }
+
+ /**
+ * Get the supplemental data contained in the
+ * <code>VerifyXMLSignatureRequest</code>.
+ *
+ * @param request
+ * The <code>VerifyXMLSignatureRequest</code> containing the
+ * supplemental data.
+ * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>
+ * objects containing the supplemental data.
+ * @throws MOAApplicationException
+ * An error occurred resolving one of the supplement profiles.
+ */
+ private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException {
+ TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+ ConfigurationProvider config = context.getConfiguration();
+ List supplementProfiles = request.getSupplementProfiles();
+
+ List supplements = new ArrayList();
+
+ if (supplementProfiles != null) {
+
+ List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
+ Iterator iter;
+
+ for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+ SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next();
+ supplements.add(profile.getSupplementProfile());
+ }
+
+ }
+ return supplements;
+ }
+
+ /**
+ * Perform additional validations of the
+ * <code>XMLSignatureVerificationResult</code>.
+ *
+ * <p>
+ * In particular, it is verified that:
+ * <ul>
+ * <li>Each <code>ReferenceData</code> object contains transformation chain
+ * that matches one of the <code>Transforms</code> given in the
+ * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code>
+ * </li>
+ * <li>The hash values of the <code>TransformParameter</code>s are valid.
+ * </li>
+ * </ul>
+ * </p>
+ *
+ * @param request
+ * The <code>VerifyXMLSignatureRequest</code> containing the
+ * signature to verify.
+ * @param result
+ * The result produced by
+ * <code>XMLSignatureVerificationModule</code>.
+ * @param profile
+ * The profile used for validating the <code>request</code>.
+ * @return The result of additional validations of the signature manifest.
+ * @throws MOAApplicationException
+ * Post-validation of the
+ * <code>XMLSignatureVerificaitonResult</code> failed.
+ */
+ private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request,
+ XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile)
+ throws MOAApplicationException {
+
+ SPSSFactory factory = SPSSFactory.getInstance();
+ MessageProvider msg = MessageProvider.getInstance();
+
+ // validate that each ReferenceData object contains transforms specified
+ // in the corresponding SignatureManifestCheckParams/ReferenceInfo
+ if (request.getSignatureManifestCheckParams() != null) {
+ List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
+ List refDatas = filterReferenceInfos(result.getReferenceDataList());
+ List failedReferencesList = new ArrayList();
+ Iterator refInfoIter;
+ Iterator refDataIter;
+
+ if (refInfos.size() != refDatas.size()) {
+ return factory.createReferencesCheckResult(1, null);
+ }
+
+ refInfoIter = refInfos.iterator();
+ refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator();
+
+ while (refInfoIter.hasNext()) {
+ ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
+ ReferenceData refData = (ReferenceData) refDataIter.next();
+ List transforms = buildTransformsList(refInfo);
+ boolean found = false;
+ Iterator trIter;
+
+ for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
+ found = trIter.next().equals(refData.getTransformationList());
+ }
+
+ if (!found) {
+ Integer refIndex = new Integer(refData.getReferenceIndex());
+ String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex });
+
+ failedReferencesList.add(refIndex);
+ Logger.debug(new LogMsg(logMsg));
+ }
+ }
+
+ if (!failedReferencesList.isEmpty()) {
+ // at least one reference failed - return their indexes and
+ // check code 1
+ int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList);
+ ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, failedReferences);
+
+ return factory.createReferencesCheckResult(1, checkInfo);
+ }
+ }
+
+ // validate the hashes contained in all the ReferenceInfo objects of the
+ // security layer manifest
+ if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) {
+ Map hashValues = buildTransformParameterHashValues(request);
+ Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements());
+ List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList();
+ Iterator refIter;
+
+ for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
+ iaik.server.modules.xmlverify.ReferenceInfo ref = (iaik.server.modules.xmlverify.ReferenceInfo) refIter
+ .next();
+ byte[] hash = (byte[]) hashValues.get(ref.getURI());
+
+ if (!transformParameterURIs.contains(ref.getURI())
+ || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
+
+ // the transform parameter doesn't exist or the hashs do not
+ // match
+ // return the index of the failed reference and check code 1
+ int[] failedReferences = new int[] { ref.getReferenceIndex() };
+ ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
+ failedReferences);
+ String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref.getReferenceIndex()) });
+
+ Logger.debug(new LogMsg(logMsg));
+
+ return factory.createReferencesCheckResult(1, checkInfo);
+ }
+ }
+ }
+
+ return factory.createReferencesCheckResult(0, null);
+ }
+
+ /**
+ * Get all <code>Transform</code>s contained in all the
+ * <code>VerifyTransformsInfoProfile</code>s of the given
+ * <code>ReferenceInfo</code>.
+ *
+ * @param refInfo
+ * The <code>ReferenceInfo</code> object containing the
+ * transformations.
+ * @return A <code>List</code> of <code>List</code>s. Each of the
+ * <code>List</code>s contains <code>Transformation</code> objects.
+ * @throws MOAApplicationException
+ * An error occurred building one of the
+ * <code>Transformation</code>s.
+ */
+ private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException {
+
+ TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+ ConfigurationProvider config = context.getConfiguration();
+ List profiles = refInfo.getVerifyTransformsInfoProfiles();
+ List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+ List transformsList = new ArrayList();
+ TransformationFactory factory = TransformationFactory.getInstance();
+ Iterator iter;
+
+ for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+ VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next();
+ List transforms = profile.getTransforms();
+
+ if (transforms != null) {
+ transformsList.add(factory.createTransformationList(transforms));
+ }
+ }
+
+ return transformsList;
+ }
+
+ /**
+ * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
+ *
+ * @param transformParameters
+ * The <code>List</code> of <code>TransformParameter</code>s, as
+ * provided to the verification.
+ * @return The <code>Set</code> of all <code>TransformParameter</code> URIs.
+ */
+ private Set buildTransformParameterURIs(List transformParameters) {
+ Set uris = new HashSet();
+ Iterator iter;
+
+ for (iter = transformParameters.iterator(); iter.hasNext();) {
+ DataObject transformParameter = (DataObject) iter.next();
+ uris.add(transformParameter.getURI());
+ }
+
+ return uris;
+ }
+
+ /**
+ * Build a mapping between <code>TransformParameter</code> URIs (a
+ * <code>String</code> and <code>dsig:HashValue</code> (a
+ * <code>byte[]</code>).
+ *
+ * @param request
+ * The <code>VerifyXMLSignatureRequest</code>.
+ * @return Map The resulting mapping.
+ * @throws MOAApplicationException
+ * An error occurred accessing one of the profiles.
+ */
+ private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) throws MOAApplicationException {
+
+ TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+ ConfigurationProvider config = context.getConfiguration();
+ Map hashValues = new HashMap();
+ List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
+ Iterator refIter;
+
+ for (refIter = refInfos.iterator(); refIter.hasNext();) {
+ ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
+ List profiles = refInfo.getVerifyTransformsInfoProfiles();
+ List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+ Iterator prIter;
+
+ for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
+ VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter.next();
+ List trParameters = profile.getTransformParameters();
+ Iterator trIter;
+
+ for (trIter = trParameters.iterator(); trIter.hasNext();) {
+ TransformParameter transformParameter = (TransformParameter) trIter.next();
+ String uri = transformParameter.getURI();
+
+ if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) {
+ hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue());
+ }
+
+ }
+ }
+ }
+ return hashValues;
+ }
+
+ /**
+ * Filter the <code>ReferenceInfo</code>s returned by the
+ * <code>VerifyXMLSignatureResult</code> for comparison with the
+ * <code>ReferenceInfo</code> elements in the request.
+ *
+ * @param referenceInfos
+ * The <code>ReferenceInfo</code>s from the
+ * <code>VerifyXMLSignatureResult</code>.
+ * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type
+ * is not a XMLDsig manifest, Security Layer manifest, or ETSI
+ * signed property.
+ */
+ private List filterReferenceInfos(List referenceInfos) {
+ List filtered = new ArrayList();
+ Iterator iter;
+
+ for (iter = referenceInfos.iterator(); iter.hasNext();) {
+ iaik.server.modules.xmlverify.ReferenceInfo refInfo = (iaik.server.modules.xmlverify.ReferenceInfo) iter
+ .next();
+ String refType = refInfo.getReferenceType();
+
+ if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
+ filtered.add(refInfo);
+ }
+ }
+
+ return filtered;
+ }
+
+ private List getAdESResult(AdESFormVerificationResult adesFormVerification) {
+ if (adesFormVerification == null) {
+ // no form information
+ return null;
+ }
+
+ List adesList = new ArrayList();
+
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA),
+ SignatureVerificationProfile.LEVEL_LTA, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT),
+ SignatureVerificationProfile.LEVEL_LT, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T),
+ SignatureVerificationProfile.LEVEL_T, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B),
+ SignatureVerificationProfile.LEVEL_B, adesList);
+
+ return adesList;
+ }
+
+ private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) {
+ if (subResult != null) {
+ Logger.info("Checking Level: " + level);
+ try {
+ AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl();
+ adESFormResultsImpl.setCode(subResult.getResultCode());
+ adESFormResultsImpl.setInfo(subResult.getInfo());
+ adESFormResultsImpl.setName(subResult.getName());
+
+ adesList.add(adESFormResultsImpl);
+ } catch (NullPointerException e) {
+ Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e);
+ }
+ }
+ }
}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
index bacd7cb..aaa41c1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
@@ -1,14 +1,22 @@
package at.gv.egovernment.moa.spss.server.initializer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.init.ExternalInitializer;
import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker;
public class PDFASInitializer implements ExternalInitializer {
+ private static final Logger logger = LoggerFactory.getLogger(PDFASInitializer.class);
+
@Override
public void initialize(ConfigurationProvider configurationProvider) {
String pdfAsConfiguration = configurationProvider.getPDFASConfiguration();
+
+ logger.info("Running PDFASInitializer with pdf as cfg: {}", pdfAsConfiguration);
+
if(pdfAsConfiguration != null) {
PDFASInvoker
.init(pdfAsConfiguration);
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
index 97bf58b..7f638fa 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
@@ -18,8 +18,11 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.sigs.pades.PAdESSigner;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaConnector;
+import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaVerifier;
import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRequest;
import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRespone;
import at.gv.egovernment.moa.spss.server.xmlbind.PDFSignatureInfo;
@@ -48,7 +51,7 @@ public class PDFASInvoker {
return instance;
}
- public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest, String transactionId) {
+ public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest) throws MOAException {
Configuration pdfConfiguration = this.pdfAS.getConfiguration();
VerifyPDFResponse verifyPDFResponse = new VerifyPDFResponse();
@@ -56,21 +59,14 @@ public class PDFASInvoker {
VerifyParameter verifyParameter = PdfAsFactory.createVerifyParameter(pdfConfiguration, new ByteArrayDataSource(
verifyPDFRequest.getSignedPDF()));
+ pdfConfiguration.setValue(InternalMoaVerifier.MOA_TRUSTPROFILE, verifyPDFRequest.getTrustProfileID());
+
try {
List<VerifyResult> verifyResults = this.pdfAS.verify(verifyParameter);
- verifyPDFResponse.setResponseType(VerifyPDFResponse.SUCCESS_SIGNATURE);
verifyPDFResponse.setVerificationResults(verifyResults);
} catch (Throwable e) {
- if (e instanceof PDFASError) {
- PDFASError pdfAsError = (PDFASError) e;
- Logger.warn("Failed to generate signed PDF document", e);
- verifyPDFResponse.setErrorCode((int) pdfAsError.getCode());
- verifyPDFResponse.setErrorInfo(pdfAsError.getInfo());
- } else {
- Logger.error("Unknown exception!: ", e);
- verifyPDFResponse.setErrorCode(9999);
- verifyPDFResponse.setErrorInfo("Nicht klassifizierter Fehler");
- }
+ Logger.warn("Failed to generate signed PDF document", e);
+ throw new MOAApplicationException("Failed to generate signed PDF document", null, e);
}
return verifyPDFResponse;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
index 6edee0d..f12a2d1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
@@ -13,6 +13,8 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsErrorCarrier;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
@@ -52,9 +54,10 @@ public class InternalMoaConnector implements ISignatureConnector {
this.transactionId = transactionId;
this.clientCert = clientCert;
}
-
+ @SuppressWarnings({ "rawtypes", "unchecked" })
private Set buildKeySet(String keyGroupID, KeyModule module) throws ConfigurationException {
ConfigurationProvider config = ConfigurationProvider.getInstance();
+
Set keyGroupEntries;
// get the KeyGroup entries from the configuration
@@ -95,6 +98,7 @@ public class InternalMoaConnector implements ISignatureConnector {
}
@Override
+ @SuppressWarnings("rawtypes")
public X509Certificate getCertificate(SignParameter parameter) throws PdfAsException {
KeyModule module = KeyModuleFactory.getInstance(this.transactionId);
@@ -161,6 +165,7 @@ public class InternalMoaConnector implements ISignatureConnector {
throw new PdfAsException("Failed to find keys available for Key Identifier: " + this.keyIdentifier);
}
+ @SuppressWarnings("unchecked")
@Override
public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter, RequestedSignature requestedSignature)
throws PdfAsException {
@@ -207,6 +212,8 @@ public class InternalMoaConnector implements ISignatureConnector {
if(createCMSSignatureResponseElement.getResponseType()
== CreateCMSSignatureResponseElement.ERROR_RESPONSE) {
ErrorResponse errorResponse = (ErrorResponse) createCMSSignatureResponseElement;
+ Logger.error("Failed to create signature " + errorResponse.getErrorCode() + " " + errorResponse.getInfo());
+ throw new PdfAsErrorCarrier(new PDFASError(errorResponse.getErrorCode(), errorResponse.getInfo()));
} else if(createCMSSignatureResponseElement.getResponseType()
== CreateCMSSignatureResponseElement.CMS_SIGNATURE ) {
CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) createCMSSignatureResponseElement;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
index f937495..e59fe50 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
@@ -18,7 +18,6 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLeve
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.verify.IVerifier;
import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
-import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
@@ -68,6 +67,7 @@ public class InternalMoaVerifier implements IVerifier {
try {
VerifyCMSSignatureResponse verifyCMSSignatureResponse = CMSSignatureVerificationInvoker.getInstance()
.verifyCMSSignature(verifyCMSSignatureRequest);
+ @SuppressWarnings("rawtypes")
Iterator iter;
for (iter = verifyCMSSignatureResponse.getResponseElements().iterator(); iter.hasNext();) {
VerifyCMSSignatureResponseElement responseElement = (VerifyCMSSignatureResponseElement) iter.next();
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
index c8a0f68..5fe96ef 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
@@ -55,6 +55,7 @@ public class CertificateProviderServlet extends HttpServlet {
* available keys.
* @throws ConfigurationException
*/
+ @SuppressWarnings({ "rawtypes", "unchecked" })
private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module)
throws ConfigurationException {
ConfigurationProvider config = ConfigurationProvider.getInstance();
@@ -108,6 +109,7 @@ public class CertificateProviderServlet extends HttpServlet {
return null;
}
+ @SuppressWarnings("rawtypes")
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
index 8bdfb65..bfefaec 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -67,6 +67,7 @@ public class ConfigurationServlet extends HttpServlet {
*
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
*/
+ @SuppressWarnings({ "rawtypes", "unchecked" })
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
index 40b287d..8f579cb 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
@@ -39,9 +39,14 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker;
import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequest;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequestParser;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponse;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponseBuilder;
import at.gv.egovernment.moa.util.StreamUtils;
/**
@@ -63,20 +68,20 @@ public class SignatureVerificationService {
*/
public Element[] VerifyPDFSignatureRequest(Element[] request)
throws AxisFault {
- CMSSignatureVerificationInvoker invoker =
- CMSSignatureVerificationInvoker.getInstance();
+ PDFASInvoker invoker =
+ PDFASInvoker.getInstance();
Element[] response = new Element[1];
try {
// create a parser and builder for binding API objects to/from XML
- VerifyCMSSignatureRequestParser requestParser =
- new VerifyCMSSignatureRequestParser();
- VerifyCMSSignatureResponseBuilder responseBuilder =
- new VerifyCMSSignatureResponseBuilder();
+ VerifyPDFRequestParser requestParser =
+ new VerifyPDFRequestParser();
+ VerifyPDFResponseBuilder responseBuilder =
+ new VerifyPDFResponseBuilder();
Element reparsedReq;
- VerifyCMSSignatureRequest requestObj;
- VerifyCMSSignatureResponse responseObj;
+ VerifyPDFRequest requestObj;
+ VerifyPDFResponse responseObj;
//since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
@@ -87,7 +92,7 @@ public class SignatureVerificationService {
requestObj = requestParser.parse(reparsedReq);
// invoke the core logic
- responseObj = invoker.verifyCMSSignature(requestObj);
+ responseObj = invoker.verifyPDFSignature(requestObj);
// map back to XML
response[0] = responseBuilder.build(responseObj).getDocumentElement();
diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
index 3b852ca..67a897c 100644
--- a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
+++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
@@ -279,6 +279,7 @@
<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="ProfileIdentifierType">
@@ -412,6 +413,12 @@
<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
+ <xsd:complexType name="FormResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
<xsd:complexType name="ReferencesCheckResultType">
<xsd:complexContent>
<xsd:restriction base="CheckResultType">