aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2017-02-09 17:02:37 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2017-02-09 17:02:37 +0100
commit9f691daa2c2b829b6dec0c132a348e0db6ba9488 (patch)
treee0995797bde68ad64703504bd9739d5542a357c0
parentf10add103c0a094e908c5399d9575e7c2f1393d2 (diff)
downloadmoa-sig-9f691daa2c2b829b6dec0c132a348e0db6ba9488.tar.gz
moa-sig-9f691daa2c2b829b6dec0c132a348e0db6ba9488.tar.bz2
moa-sig-9f691daa2c2b829b6dec0c132a348e0db6ba9488.zip
update PDFVerification interface to return signature results that FAILS
-rw-r--r--moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-3.0.0.xsd2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java39
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java32
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java37
4 files changed, 62 insertions, 48 deletions
diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-3.0.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-3.0.0.xsd
index 4916b89..d4ed4a2 100644
--- a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-3.0.0.xsd
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-3.0.0.xsd
@@ -300,7 +300,7 @@
</xsd:complexType>
<xsd:complexType name="PDFSignatureResultType">
<xsd:sequence>
- <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType" minOccurs="0">
<xsd:annotation>
<xsd:documentation>only ds:X509Data and RetrievalMethod is
supported; QualifiedCertificate is included as
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
index 98b54a3..0ca6f8f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
@@ -36,6 +36,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElemen
import at.gv.egovernment.moa.spss.api.common.CheckResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
+import at.gv.egovernment.moaspss.logging.Logger;
/**
* Convert a <code>VerifyCMSSignatureResponse</code> API object into its
@@ -104,22 +105,28 @@ public class VerifyPDFSignatureResponseBuilder {
CheckResult signatureCheck = responseElement.getSignatureCheck();
CheckResult certCheck = responseElement.getCertificateCheck();
- ResponseBuilderUtils.addSignerInfo(
- responseDoc,
- responseElem,
- signerInfo.getSignerCertificate(),
- signerInfo.isQualifiedCertificate(),
- signerInfo.getQCSource(),
- signerInfo.isPublicAuthority(),
- signerInfo.getPublicAuhtorityID(),
- signerInfo.isSSCD(),
- signerInfo.getSSCDSource(),
- signerInfo.getIssuerCountryCode(),
- signerInfo.getTslInfos());
-
- ResponseBuilderUtils.addSigningTime(responseDoc,
- responseElem,
- signerInfo.getSigningTime());
+ if (signerInfo != null) {
+ ResponseBuilderUtils.addSignerInfo(
+ responseDoc,
+ responseElem,
+ signerInfo.getSignerCertificate(),
+ signerInfo.isQualifiedCertificate(),
+ signerInfo.getQCSource(),
+ signerInfo.isPublicAuthority(),
+ signerInfo.getPublicAuhtorityID(),
+ signerInfo.isSSCD(),
+ signerInfo.getSSCDSource(),
+ signerInfo.getIssuerCountryCode(),
+ signerInfo.getTslInfos());
+
+ ResponseBuilderUtils.addSigningTime(responseDoc,
+ responseElem,
+ signerInfo.getSigningTime());
+
+ } else {
+ Logger.info("Find signature result with no 'SignerInfo'. Maybe a signature verification Failed");
+
+ }
ResponseBuilderUtils.addCodeInfoElement(
responseDoc,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 1508b42..c0beced 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -361,25 +361,27 @@ public class CMSSignatureVerificationInvoker {
String issuerCountryCode = null;
// QC/SSCD check
+
+ if (cmsResult.getCertificateValidationResult() != null) {
+ List list = cmsResult.getCertificateValidationResult().getCertificateChain();
+ if (list != null) {
+ X509Certificate[] chain = new X509Certificate[list.size()];
+
+ Iterator it = list.iterator();
+ int i = 0;
+ while (it.hasNext()) {
+ chain[i] = (X509Certificate) it.next();
+ i++;
+ }
- List list = cmsResult.getCertificateValidationResult().getCertificateChain();
- if (list != null) {
- X509Certificate[] chain = new X509Certificate[list.size()];
-
- Iterator it = list.iterator();
- int i = 0;
- while (it.hasNext()) {
- chain[i] = (X509Certificate) it.next();
- i++;
- }
-
- qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance());
+ qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance());
- // get signer certificate issuer country code
- issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
+ // get signer certificate issuer country code
+ issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
+ }
}
-
+
responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults,
extCheckResult, qcsscdresult.getTslInfos());
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 5ada287..f4121b0 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -151,28 +151,33 @@ public class VerifyCMSSignatureResponseBuilder {
result.getCertificateValidationResult();
int signatureCheckCode =
result.getSignatureValueVerificationCode().intValue();
- int certificateCheckCode = certResult.getValidationResultCode().intValue();
-
+
VerifyCMSSignatureResponseElement responseElement;
- SignerInfo signerInfo;
+ SignerInfo signerInfo = null;
CheckResult signatureCheck;
CheckResult certificateCheck;
boolean qualifiedCertificate = checkQC;
- // add SignerInfo element
- signerInfo =
- factory.createSignerInfo(
- (X509Certificate) certResult.getCertificateChain().get(0),
- qualifiedCertificate,
- qcSourceTSL,
- certResult.isPublicAuthorityCertificate(),
- certResult.getPublicAuthorityID(),
- checkSSCD,
- sscdSourceTSL,
- issuerCountryCode,
- result.getSigningTime(),
- tslInfos);
+ //set code 99 if not certcheckresult exists
+ int certificateCheckCode = 99;
+ if (certResult != null) {
+ certificateCheckCode = certResult.getValidationResultCode().intValue();
+
+ // add SignerInfo element
+ signerInfo =
+ factory.createSignerInfo(
+ (X509Certificate) certResult.getCertificateChain().get(0),
+ qualifiedCertificate,
+ qcSourceTSL,
+ certResult.isPublicAuthorityCertificate(),
+ certResult.getPublicAuthorityID(),
+ checkSSCD,
+ sscdSourceTSL,
+ issuerCountryCode,
+ result.getSigningTime(),
+ tslInfos);
+ }
// add SignatureCheck element
signatureCheck = factory.createCheckResult(signatureCheckCode, null);