aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-02-13 11:27:02 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-02-13 11:27:02 +0100
commit00e4e0cbaf7fe6b2ecb08011995f00e503981911 (patch)
treea460d18b334c9cc57b31396f9380809c760db3b0
parentc6083bb7ebd59cb5316ee531d30d1c2da583e594 (diff)
downloadmoa-sig-00e4e0cbaf7fe6b2ecb08011995f00e503981911.tar.gz
moa-sig-00e4e0cbaf7fe6b2ecb08011995f00e503981911.tar.bz2
moa-sig-00e4e0cbaf7fe6b2ecb08011995f00e503981911.zip
add infos about signature and hash algorithms into responses
-rw-r--r--moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java9
-rw-r--r--moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/AsicSignedFilesContainer.java39
-rw-r--r--moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java8
-rw-r--r--moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java7
-rw-r--r--moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java7
-rw-r--r--moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java7
-rw-r--r--moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java16
-rw-r--r--moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java6
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java12
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java12
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java6
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java13
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java11
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java20
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java7
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java11
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java13
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java21
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java40
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java2
-rw-r--r--moaSig/moa-sig/build.gradle2
-rw-r--r--moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl2
-rw-r--r--moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd833
-rw-r--r--moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd833
29 files changed, 1911 insertions, 49 deletions
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java
index a350f18..ce8f374 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java
@@ -1,5 +1,6 @@
package at.gv.egiz.asic.api;
+import at.gv.egiz.asic.impl.AsicSignedFilesContainer;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
@@ -11,22 +12,22 @@ import java.util.List;
*/
public class ASiCVerificationResult {
- private List<String> signedFiles = new ArrayList<String>();
+ private List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>();
private VerifyCMSSignatureResponse cmsResult = null;
private VerifyXMLSignatureResponse xmlResult = null;
- public ASiCVerificationResult(List<String> references, VerifyCMSSignatureResponse cmsResult) {
+ public ASiCVerificationResult(List<AsicSignedFilesContainer> references, VerifyCMSSignatureResponse cmsResult) {
this.signedFiles = references;
this.cmsResult = cmsResult;
}
- public ASiCVerificationResult(List<String> references, VerifyXMLSignatureResponse xmlResult) {
+ public ASiCVerificationResult(List<AsicSignedFilesContainer> references, VerifyXMLSignatureResponse xmlResult) {
this.signedFiles = references;
this.xmlResult = xmlResult;
}
- public List<String> getSignedFiles() {
+ public List<AsicSignedFilesContainer> getSignedFiles() {
return signedFiles;
}
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/AsicSignedFilesContainer.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/AsicSignedFilesContainer.java
new file mode 100644
index 0000000..c21960d
--- /dev/null
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/AsicSignedFilesContainer.java
@@ -0,0 +1,39 @@
+package at.gv.egiz.asic.impl;
+
+public class AsicSignedFilesContainer {
+
+ private String uri = null;
+ private String hashAlg = null;
+
+
+ /**
+ * Container element with ASIC signed files information
+ *
+ * @param uri Identifier of the file
+ * @param hashAlg Hash algorithm that is used to hash the file
+ */
+ public AsicSignedFilesContainer(String uri, String hashAlg) {
+ this.uri = uri;
+ this.hashAlg = hashAlg;
+
+ }
+
+ /**
+ * Get file identifier
+ *
+ * @return
+ */
+ public String getUri() {
+ return uri;
+ }
+
+ /**
+ * Get hash algorithm that is used to hash the file
+ *
+ * @return
+ */
+ public String getHashAlg() {
+ return hashAlg;
+ }
+
+}
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java
index 9f16035..c227a9d 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java
@@ -6,6 +6,7 @@ import at.gv.egiz.asic.api.ASiC;
import at.gv.egiz.asic.api.ASiCEntry;
import at.gv.egiz.asic.api.ASiCFormat;
import at.gv.egiz.asic.api.ASiCVerificationResult;
+import at.gv.egiz.asic.impl.AsicSignedFilesContainer;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
@@ -73,14 +74,14 @@ public class ExtendedCAdESVerifier extends CAdESVerifier {
// verify all references
boolean allReferencesValid = true;
- List<String> signedFiles = new ArrayList<String>();
+ List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>();
Iterator<DataObjectReferenceType> dataObjectReferenceTypeIterator = asiCManifestType.getDataObjectReference().iterator();
while (dataObjectReferenceTypeIterator.hasNext()) {
DataObjectReferenceType dataObjectReferenceType = dataObjectReferenceTypeIterator.next();
String mdURI = dataObjectReferenceType.getDigestMethod().getAlgorithm();
String uri = dataObjectReferenceType.getURI();
- signedFiles.add(uri);
+ signedFiles.add(new AsicSignedFilesContainer(uri, mdURI));
Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator();
@@ -149,7 +150,8 @@ public class ExtendedCAdESVerifier extends CAdESVerifier {
signatureCheck,
orig.getCertificateCheck(),
orig.getAdESFormResults(),
- orig.getExtendedCertificateCheck());
+ orig.getExtendedCertificateCheck(),
+ orig.getSignatureAlgorithm());
responseElements.add(responseElement);
}
VerifyCMSSignatureResponse verifyCMSSignatureResponse = SPSSFactory.getInstance().
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java
index c07efd9..86918bf 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java
@@ -7,6 +7,7 @@ import at.gv.egiz.asic.api.ASiC;
import at.gv.egiz.asic.api.ASiCEntry;
import at.gv.egiz.asic.api.ASiCFormat;
import at.gv.egiz.asic.api.ASiCVerificationResult;
+import at.gv.egiz.asic.impl.AsicSignedFilesContainer;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOARuntimeException;
@@ -132,14 +133,14 @@ public class ExtendedXAdESVerifier extends XAdESVerifier {
//JAXBContext jc = JAXBContext.newInstance( "at.gv.egiz.asic" );
//JAXBElement<SignatureType> xmlSignatureJaxb = jc.createUnmarshaller().unmarshal(node, SignatureType.class);
//SignatureType xmlSignature = xmlSignatureJaxb.getValue();
- List<String> signedFiles = new ArrayList<String>();
+ List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>();
//Iterator<ReferenceType> it = xmlSignature.getSignedInfo().getReference().iterator();
Iterator<ReferenceType> it = xmlSignatures.get(i).getSignedInfo().getReference().iterator();
while (it.hasNext()) {
ReferenceType refType = it.next();
- if (!refType.getURI().startsWith("#")) {
- signedFiles.add(refType.getURI());
+ if (!refType.getURI().startsWith("#")) {
+ signedFiles.add(new AsicSignedFilesContainer(refType.getURI(), refType.getDigestMethod().getAlgorithm()));
}
}
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java
index f10fe2f..f1756fa 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java
@@ -4,6 +4,7 @@ import at.gv.egiz.asic.api.ASiC;
import at.gv.egiz.asic.api.ASiCEntry;
import at.gv.egiz.asic.api.ASiCFormat;
import at.gv.egiz.asic.api.ASiCVerificationResult;
+import at.gv.egiz.asic.impl.AsicSignedFilesContainer;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
@@ -32,12 +33,12 @@ public class SimpleCAdESVerifier extends CAdESVerifier {
//get first element
ASiCEntry dataEntry = asic.getDataEntries().iterator().next();
- List<String> signedFiles = new ArrayList<String>();
- signedFiles.add(dataEntry.getEntryName());
+ List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>();
+ signedFiles.add(new AsicSignedFilesContainer(dataEntry.getEntryName(), null));
VerifyCMSSignatureResponse verifyResponse =
this.runCMSVerification(dataEntry.getContents(), cadesSignature.getContents(), trustProfileID, date);
-
+
response.add(new ASiCVerificationResult(signedFiles,
verifyResponse));
}
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java
index a71462c..b378d5b 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java
@@ -6,6 +6,7 @@ import at.gv.egiz.asic.api.ASiC;
import at.gv.egiz.asic.api.ASiCEntry;
import at.gv.egiz.asic.api.ASiCFormat;
import at.gv.egiz.asic.api.ASiCVerificationResult;
+import at.gv.egiz.asic.impl.AsicSignedFilesContainer;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOARuntimeException;
@@ -67,13 +68,13 @@ public class SimpleXAdESVerifier extends XAdESVerifier {
for (int i = 0; i < signatureSize; i++) {
- List<String> signedFiles = new ArrayList<String>();
+ List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>();
Iterator<ReferenceType> it = xAdESSignaturesType.getSignature().get(i).getSignedInfo().getReference().iterator();
while (it.hasNext()) {
ReferenceType refType = it.next();
if (!refType.getURI().startsWith("#")) {
- signedFiles.add(refType.getURI());
+ signedFiles.add(new AsicSignedFilesContainer(refType.getURI(), refType.getDigestMethod().getAlgorithm()));
}
}
@@ -99,7 +100,7 @@ public class SimpleXAdESVerifier extends XAdESVerifier {
supplementsList.add(profile);
if (addAll) {
- signedFiles.add(dataEntry.getEntryName());
+ signedFiles.add(new AsicSignedFilesContainer(dataEntry.getEntryName(), null));
}
}
String location = "(//ds:Signature)[" + (i + 1) + "]";
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
index 50cd261..67d8b05 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
@@ -25,6 +25,7 @@
package at.gv.egiz.asic.xmlbind;
import at.gv.egiz.asic.api.ASiCVerificationResult;
+import at.gv.egiz.asic.impl.AsicSignedFilesContainer;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
@@ -37,6 +38,8 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureResponseBuilder;
import at.gv.egovernment.moaspss.util.Constants;
+import at.gv.egovernment.moaspss.util.MiscUtil;
+
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -96,11 +99,14 @@ public class VerifyASICSignatureResponseBuilder {
throws MOAException {
Element asiCSignatureResultElem = responseDoc.createElementNS(Constants.MOA_NS_URI, "ASiCSignatureResult");
- Iterator<String> signedFiles = aSiCVerificationResult.getSignedFiles().iterator();
+ Iterator<AsicSignedFilesContainer> signedFiles = aSiCVerificationResult.getSignedFiles().iterator();
while (signedFiles.hasNext()) {
- String signedFile = signedFiles.next();
+ AsicSignedFilesContainer signedFile = signedFiles.next();
Element signedFilesElem = responseDoc.createElementNS(Constants.MOA_NS_URI, "signedFiles");
- signedFilesElem.setTextContent(signedFile);
+ signedFilesElem.setTextContent(signedFile.getUri());
+ if (MiscUtil.isNotEmpty(signedFile.getHashAlg()))
+ signedFilesElem.setAttribute("hashAlgorithm", signedFile.getHashAlg());
+
asiCSignatureResultElem.appendChild(signedFilesElem);
}
@@ -141,6 +147,10 @@ public class VerifyASICSignatureResponseBuilder {
signerInfo.getIssuerCountryCode(),
signerInfo.getTslInfos());
+ ResponseBuilderUtils.addSignatureAlgorithm(responseDoc,
+ responseElem,
+ responseElement.getSignatureAlgorithm());
+
ResponseBuilderUtils.addCodeInfoElement(
responseDoc,
responseElem,
diff --git a/moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java b/moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java
index 5005a3b..ec6e902 100644
--- a/moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java
+++ b/moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java
@@ -5,6 +5,7 @@ import at.gv.egiz.asic.api.ASiCFactory;
import at.gv.egiz.asic.api.ASiCFormat;
import at.gv.egiz.asic.api.ASiCVerificationResult;
import at.gv.egiz.asic.impl.ASiCMOAVerifier;
+import at.gv.egiz.asic.impl.AsicSignedFilesContainer;
import at.gv.egiz.asic.xmlbind.VerifyASICSignatureResponseBuilder;
import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
@@ -79,9 +80,9 @@ public class Main {
// Auswertung der Response
System.out.println();
System.out.println("Signierte Eintraege");
- Iterator<String> signedFilesIterator = aSiCVerificationResult.getSignedFiles().iterator();
+ Iterator<AsicSignedFilesContainer> signedFilesIterator = aSiCVerificationResult.getSignedFiles().iterator();
while (signedFilesIterator.hasNext()) {
- System.out.println(" " + signedFilesIterator.next());
+ System.out.println(" " + signedFilesIterator.next().getUri());
}
System.out.println();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index a39edf4..36d5461 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -580,7 +580,8 @@ public abstract class SPSSFactory {
CheckResult signatureCheck,
CheckResult certificateCheck,
List adesResult,
- ExtendedCertificateCheckResult extendedCertificateCheckResult);
+ ExtendedCertificateCheckResult extendedCertificateCheckResult,
+ String usedAlgorithm);
//
// Factory methods for verifying XML signatures
@@ -871,7 +872,8 @@ public abstract class SPSSFactory {
List xmlDsigManifestChecks,
CheckResult certificateCheck,
List adesFormResults,
- ExtendedCertificateCheckResult extCheckResult);
+ ExtendedCertificateCheckResult extCheckResult,
+ String signatureAlgorithm);
/**
* Create a new <code>ReferencesCheckResult</code> object.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
index 6b08471..38106e7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
@@ -67,4 +67,6 @@ public interface VerifyCMSSignatureResponseElement {
public List getAdESFormResults();
public ExtendedCertificateCheckResult getExtendedCertificateCheck();
+
+ public String getSignatureAlgorithm();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java
index 8c940cd..8f8a714 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java
@@ -68,4 +68,13 @@ public interface InputData extends Content
* SignatureManifest respectively.
*/
public int getReferringReferenceNumber();
+
+
+ /**
+ * Returns an identifier of the hash algorithm that is used to hash this {@link InputData}
+ *
+ * @return
+ */
+ public String getHashAlgorithm();
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java
index 27f6f85..4b5659e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java
@@ -62,6 +62,8 @@ public class InputDataBinaryImpl implements ContentBinary, InputData
*/
protected int referringReferenceNumber_;
+ protected String hashAlg = null;
+
/**
* Creates a new instance.
*
@@ -70,14 +72,17 @@ public class InputDataBinaryImpl implements ContentBinary, InputData
* @param partOf see {@link InputData}
*
* @param referringReferenceNumber see {@link InputData}
+ *
+ * @param hashAlg see {@link InputData}
*/
- public InputDataBinaryImpl(Content wrapped, String partOf, int referringReferenceNumber) throws MOARuntimeException
+ public InputDataBinaryImpl(Content wrapped, String partOf, int referringReferenceNumber, String hashAlg) throws MOARuntimeException
{
if (wrapped.getContentType() != Content.BINARY_CONTENT) throw new MOARuntimeException("9901", null);
wrapped_ = (ContentBinary) wrapped;
partOf_ = partOf;
referringReferenceNumber_ = referringReferenceNumber;
+ this.hashAlg = hashAlg;
}
/**
@@ -120,4 +125,9 @@ public class InputDataBinaryImpl implements ContentBinary, InputData
return referringReferenceNumber_;
}
+@Override
+public String getHashAlgorithm() {
+ return this.hashAlg;
+}
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java
index 432e1a2..e89976e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java
@@ -62,6 +62,8 @@ public class InputDataXMLImpl implements ContentXML, InputData
*/
protected int referringReferenceNumber_;
+ protected String hashAlg = null;
+
/**
* Creates a new instance.
*
@@ -70,14 +72,17 @@ public class InputDataXMLImpl implements ContentXML, InputData
* @param partOf see {@link InputData}
*
* @param referringReferenceNumber see {@link InputData}
+ *
+ * @param hashAlg see {@link InputData}
*/
- public InputDataXMLImpl(Content wrapped, String partOf, int referringReferenceNumber)
+ public InputDataXMLImpl(Content wrapped, String partOf, int referringReferenceNumber, String hashAlg)
{
if (wrapped.getContentType() != Content.XML_CONTENT) throw new MOARuntimeException("9901", null);
wrapped_ = (ContentXML) wrapped;
partOf_ = partOf;
referringReferenceNumber_ = referringReferenceNumber;
+ this.hashAlg = hashAlg;
}
/**
@@ -120,4 +125,9 @@ public class InputDataXMLImpl implements ContentXML, InputData
return referringReferenceNumber_;
}
+@Override
+public String getHashAlgorithm() {
+ return this.hashAlg;
+}
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index b9fad4f..d743f16 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -283,13 +283,14 @@ public class SPSSFactoryImpl extends SPSSFactory {
public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(SignerInfo signerInfo,
CheckResult signatureCheck, CheckResult certificateCheck, List adesResult,
- ExtendedCertificateCheckResult extendedCertificateCheckResult) {
+ ExtendedCertificateCheckResult extendedCertificateCheckResult, String usedAlgorithm) {
VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl();
verifyCMSSignatureResponseElement.setSignerInfo(signerInfo);
verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck);
verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck);
verifyCMSSignatureResponseElement.setAdESFormResults(adesResult);
verifyCMSSignatureResponseElement.setExtendedCertificateCheck(extendedCertificateCheckResult);
+ verifyCMSSignatureResponseElement.setSignatureAlgorithm(usedAlgorithm);
return verifyCMSSignatureResponseElement;
}
@@ -380,11 +381,12 @@ public class SPSSFactoryImpl extends SPSSFactory {
public VerifyXMLSignatureResponse createVerifyXMLSignatureResponse(SignerInfo signerInfo, List hashInputDatas,
List referenceInputDatas, ReferencesCheckResult signatureCheck,
ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, CheckResult certificateCheck,
- List adesFormResults, ExtendedCertificateCheckResult extCheckResult) {
+ List adesFormResults, ExtendedCertificateCheckResult extCheckResult, String signatureAlgorithm) {
VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = new VerifyXMLSignatureResponseImpl();
verifyXMLSignatureResponse.setSignerInfo(signerInfo);
verifyXMLSignatureResponse.setHashInputDatas(hashInputDatas);
verifyXMLSignatureResponse.setReferenceInputDatas(referenceInputDatas);
+ verifyXMLSignatureResponse.setSignatureAlgorithm(signatureAlgorithm);
verifyXMLSignatureResponse.setSignatureCheck(signatureCheck);
verifyXMLSignatureResponse.setSignatureManifestCheck(signatureManifestCheck);
verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
index 9b7881c..1d40627 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
@@ -51,6 +51,8 @@ public class VerifyCMSSignatureResponseElementImpl
private List adesResults = null;
+ private String usedAlgorithm = null;
+
/**
* Sets a SignerInfo element according to CMS.
*
@@ -106,5 +108,16 @@ public class VerifyCMSSignatureResponseElementImpl
public ExtendedCertificateCheckResult getExtendedCertificateCheck() {
return extendedResult;
}
+
+ @Override
+ public String getSignatureAlgorithm() {
+ return usedAlgorithm;
+ }
+
+ public void setSignatureAlgorithm(String usedAlgorithm) {
+ this.usedAlgorithm = usedAlgorithm;
+ }
+
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
index 60ac3be..0047d44 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -70,6 +70,8 @@ public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureRespons
/** Information about the certificate check. */
private CheckResult certificateCheck;
+ private String signatureAlgorithm = null;
+
/**
* Sets information about the signer certificate.
*
@@ -189,4 +191,13 @@ public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureRespons
return extendedResult;
}
+ public String getSignatureAlgorithm() {
+ return signatureAlgorithm;
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgorithm) {
+ this.signatureAlgorithm = signatureAlgorithm;
+ }
+
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 91dc6b9..a21e693 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -389,6 +389,26 @@ public class ResponseBuilderUtils {
}
}
+ public static void addSignatureAlgorithm(Document response,
+ Element root,
+ String algorithm) {
+ if(algorithm != null) {
+ Element extElem = response.createElementNS(MOA_NS_URI, "SignatureAlgorithm");
+ extElem.appendChild(response.createTextNode(algorithm));
+ root.appendChild(extElem);
+ }
+ }
+
+ public static void addHashAlgorithm(Document response,
+ Element root,
+ String algorithm) {
+ if(algorithm != null) {
+ Element extElem = response.createElementNS(MOA_NS_URI, "HashAlgorithm");
+ extElem.appendChild(response.createTextNode(algorithm));
+ root.appendChild(extElem);
+ }
+}
+
public static void addExtendendResult(Document response,
Element root,
ExtendedCertificateCheckResult result) {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 30bf3c4..de39948 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -132,6 +132,11 @@ public class VerifyCMSSignatureResponseBuilder {
responseElem, signerInfo.getSigningTime());
}
+ ResponseBuilderUtils.addSignatureAlgorithm(responseDoc,
+ responseElem,
+ responseElement.getSignatureAlgorithm());
+
+
ResponseBuilderUtils.addCodeInfoElement(
responseDoc,
responseElem,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
index 0ca6f8f..8b10191 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
@@ -123,11 +123,18 @@ public class VerifyPDFSignatureResponseBuilder {
responseElem,
signerInfo.getSigningTime());
+
} else {
Logger.info("Find signature result with no 'SignerInfo'. Maybe a signature verification Failed");
}
+
+ ResponseBuilderUtils.addSignatureAlgorithm(responseDoc,
+ responseElem,
+ responseElement.getSignatureAlgorithm());
+
+
ResponseBuilderUtils.addCodeInfoElement(
responseDoc,
responseElem,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index 0042464..82d01c0 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -35,6 +35,7 @@ import org.w3c.dom.NodeList;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.util.Base64Utils;
import at.gv.egovernment.moaspss.util.Constants;
+import at.gv.egovernment.moaspss.util.MiscUtil;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.common.Content;
@@ -134,6 +135,9 @@ public class VerifyXMLSignatureResponseBuilder {
}
}
+ //add hash algorithm
+ ResponseBuilderUtils.addSignatureAlgorithm(responseDoc, responseElem, response.getSignatureAlgorithm());
+
// add the SignatureCheck
addReferencesCheckResult("SignatureCheck", response.getSignatureCheck());
@@ -204,6 +208,11 @@ public class VerifyXMLSignatureResponseBuilder {
contentElem.setAttributeNS(null, "ReferringSigReference",
Integer.toString(inputData.getReferringReferenceNumber()));
+ if (MiscUtil.isNotEmpty(inputData.getHashAlgorithm())) {
+ contentElem.setAttribute("HashAlgorithm", inputData.getHashAlgorithm());
+
+ }
+
switch (inputData.getContentType()) {
case Content.XML_CONTENT:
ContentXML contentXml = (ContentXML) inputData;
@@ -236,6 +245,7 @@ public class VerifyXMLSignatureResponseBuilder {
responseElem.appendChild(contentElem);
break;
}
+
}
/**
@@ -267,6 +277,7 @@ public class VerifyXMLSignatureResponseBuilder {
}
ResponseBuilderUtils.addCodeInfoElement(responseDoc, responseElem, elementName, checkResult.getCode(), info);
+
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
index 0ed12bf..0f42903 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -92,4 +92,6 @@ public interface VerifyXMLSignatureResponse {
public List getAdESFormResults();
public ExtendedCertificateCheckResult getExtendedCertificateCheck();
+
+ public String getSignatureAlgorithm();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 42d34fc..b2c6717 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -268,9 +268,12 @@ public class CMSSignatureVerificationInvoker {
CMSSignatureVerificationResult cmsResult = null;
List adesResults = null;
+ boolean extendedVerification = false;
+
ExtendedCertificateCheckResult extCheckResult = null;
if (resultObject instanceof ExtendedCMSSignatureVerificationResult) {
Logger.info("Got ExtendedCMSSignatureVerificationResult");
+ extendedVerification = true;
ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject;
cmsResult = result.getCMSSignatureVerificationResult();
adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult());
@@ -324,7 +327,7 @@ public class CMSSignatureVerificationInvoker {
responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult,
- qcsscdresult.getTslInfos());
+ qcsscdresult.getTslInfos(), extendedVerification);
}
private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder,
@@ -335,13 +338,15 @@ public class CMSSignatureVerificationInvoker {
Logger.warn("Result Object is null!");
return;
}
-
+
PDFSignatureVerificationResult cmsResult = null;
List adesResults = null;
-
+ boolean extendedVerification = false;
+
ExtendedCertificateCheckResult extCheckResult = null;
if (resultObject instanceof ExtendedPDFSignatureVerificationResult) {
Logger.info("Got ExtendedPDFSignatureVerificationResult");
+ extendedVerification = true;
ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject;
cmsResult = result.getPDFSignatureVerificationResult();
adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult());
@@ -405,7 +410,7 @@ public class CMSSignatureVerificationInvoker {
responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults,
- extCheckResult, qcsscdresult.getTslInfos());
+ extCheckResult, qcsscdresult.getTslInfos(), extendedVerification);
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index f4121b0..22bae71 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -83,7 +83,7 @@ public class VerifyCMSSignatureResponseBuilder {
* @throws MOAException
*/
public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults,
- ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos)
+ ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification)
throws MOAException {
CertificateValidationResult certResult =
@@ -99,6 +99,11 @@ public class VerifyCMSSignatureResponseBuilder {
boolean qualifiedCertificate = checkQC;
+ //add signature algorithm name in case of extended validation
+ String sigAlgName = null;
+ if (extendedVerification)
+ sigAlgName = result.getSignatureAlgorithmName();
+
// add SignerInfo element
signerInfo =
factory.createSignerInfo(
@@ -126,7 +131,8 @@ public class VerifyCMSSignatureResponseBuilder {
signatureCheck,
certificateCheck,
adesResults,
- extendedCertificateCheckResult);
+ extendedCertificateCheckResult,
+ sigAlgName);
responseElements.add(responseElement);
}
@@ -144,7 +150,7 @@ public class VerifyCMSSignatureResponseBuilder {
* @throws MOAException
*/
public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults,
- ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos)
+ ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification)
throws MOAException {
CertificateValidationResult certResult =
@@ -159,6 +165,12 @@ public class VerifyCMSSignatureResponseBuilder {
boolean qualifiedCertificate = checkQC;
+ //add signature algorithm name in case of extended validation
+ String sigAlgName = null;
+ if (extendedVerification)
+ sigAlgName = result.getSignatureAlgorithmName();
+
+
//set code 99 if not certcheckresult exists
int certificateCheckCode = 99;
if (certResult != null) {
@@ -192,7 +204,8 @@ public class VerifyCMSSignatureResponseBuilder {
signatureCheck,
certificateCheck,
adesResults,
- extendedCertificateCheckResult);
+ extendedCertificateCheckResult,
+ sigAlgName);
responseElements.add(responseElement);
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index d8ebd85..22ef789 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -106,6 +106,9 @@ public class VerifyXMLSignatureResponseBuilder {
private List adesFormResults = null;
private ExtendedCertificateCheckResult extCheckResult = null;
private Date signingTime;
+
+ private String signatureAlgorithm = null;
+
/**
* Get the <code>VerifyMLSignatureResponse</code> built so far.
*
@@ -121,7 +124,8 @@ public class VerifyXMLSignatureResponseBuilder {
xmlDsigManifestChecks,
certificateCheck,
adesFormResults,
- extCheckResult);
+ extCheckResult,
+ signatureAlgorithm);
}
public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extCheckResult) {
@@ -162,7 +166,8 @@ public class VerifyXMLSignatureResponseBuilder {
boolean sscdSourceTSL,
boolean isTSLEnabledTrustprofile,
String issuerCountryCode,
- TslInfos tslInfos)
+ TslInfos tslInfos,
+ boolean isExtendedValidation)
throws MOAApplicationException {
CertificateValidationResult certResult =
@@ -178,6 +183,9 @@ public class VerifyXMLSignatureResponseBuilder {
qualifiedCertificate = checkQC;
+ if (isExtendedValidation)
+ signatureAlgorithm = result.getSignatureAlgorithmName();
+
// create the SignerInfo;
signerInfo =
factory.createSignerInfo(
@@ -192,6 +200,9 @@ public class VerifyXMLSignatureResponseBuilder {
result.getSigningTime(),
tslInfos);
+
+
+ //TODO: add hash algo. infos
// Create HashInputData Content objects
referenceDataList = result.getReferenceDataList();
if (profile.includeHashInputData()) {
@@ -364,7 +375,8 @@ public class VerifyXMLSignatureResponseBuilder {
inputDatas.add(buildInputData(
referenceData.getHashInputData(),
containerType,
- refererNumber));
+ refererNumber,
+ referenceData.getHashAlgorithmName()));
}
}
@@ -391,7 +403,8 @@ public class VerifyXMLSignatureResponseBuilder {
inputDatas.add(buildInputData(
referenceData.getReferenceInputData(),
containerType,
- refererNumber));
+ refererNumber,
+ referenceData.getHashAlgorithmName()));
}
}
@@ -407,11 +420,12 @@ public class VerifyXMLSignatureResponseBuilder {
*
* @param referringReferenceNumber see {@link InputData}
*
- * @return The corresponinding input data implementation.
- *
+ * @param hashAlg see {@link InputData}
+ *
+ * @return The corresponinding input data implementation.
* @throws MOAApplicationException An error occurred creating the result.
*/
- private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber)
+ private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber, String hashAlg)
throws MOAApplicationException {
if (dataObject instanceof BinaryDataObject) {
@@ -419,7 +433,8 @@ public class VerifyXMLSignatureResponseBuilder {
return new InputDataBinaryImpl(
factory.createContent(binaryData.getInputStream(), null),
partOf,
- referringReferenceNumber);
+ referringReferenceNumber,
+ hashAlg);
} else if (dataObject instanceof XMLDataObject) {
XMLDataObject xmlData = (XMLDataObject) dataObject;
List nodes = new ArrayList();
@@ -428,7 +443,8 @@ public class VerifyXMLSignatureResponseBuilder {
return new InputDataXMLImpl(
factory.createContent(new NodeListAdapter(nodes), null),
partOf,
- referringReferenceNumber);
+ referringReferenceNumber,
+ hashAlg);
} else { // dataObject instanceof XMLNodeListDataObject
// if the data in the NodeList can be converted back to valid XML,
// write it as XMLContent; otherwise, write it as Base64Content
@@ -443,7 +459,8 @@ public class VerifyXMLSignatureResponseBuilder {
return new InputDataXMLImpl(
factory.createContent(fragment.getChildNodes(), null),
partOf,
- referringReferenceNumber);
+ referringReferenceNumber,
+ hashAlg);
} catch (Exception e) {
// not successful -> fall through to the Base64Content
}
@@ -472,7 +489,8 @@ public class VerifyXMLSignatureResponseBuilder {
return new InputDataBinaryImpl(
factory.createContent(is, null),
partOf,
- referringReferenceNumber);
+ referringReferenceNumber,
+ hashAlg);
} catch (Exception e) {
throw new MOAApplicationException("2200", null);
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index d3ad086..74c4f0b 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -304,7 +304,7 @@ public class XMLSignatureVerificationInvoker {
// build the response
responseBuilder.setResult(plainResult, profile, signatureManifestCheck,
certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(),
- qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos());
+ qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos(), request.getExtendedValidaiton());
return responseBuilder.getResponse();
}
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index 60a7285..7555d9d 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -78,7 +78,7 @@ task jaxb () {
ant.xjc(
destdir: jaxbTargetDir.path,
package: 'at.gv.egiz.moasig',
- schema: 'src/main/resources/resources/schemas/MOA-SPSS-3.0.0.xsd'
+ schema: 'src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd'
)
}
}
diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl
index 6e91a2d..b0a7e3e 100644
--- a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl
+++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Web Service Description for MOA SP/SS 1.4 -->
<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
- <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../schemas/MOA-SPSS-3.1.0.xsd"/>
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../schemas/MOA-SPSS-3.1.1.xsd"/>
<message name="CreateCMSSignatureInput">
<part name="body" element="moa:CreateCMSSignatureRequest"/>
</message>
diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd
new file mode 100644
index 0000000..d8f45fa
--- /dev/null
+++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd
@@ -0,0 +1,833 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- MOA SP/SS 2.0.0 Schema -->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+ <!--########## Create CMS Signature ### -->
+ <!--### Create CMS Signature Request ### -->
+ <xsd:element name="CreateCMSSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CreateCMSSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="CreateCMSSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+ <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ermöglichung der Stapelsignatur durch
+ wiederholte Angabe dieses Elements</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="DataObjectInfo">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CMSDataObjectInfoType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+ <xsd:attribute name="PAdESConformity" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Create CMS Signature Response ### -->
+ <xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+ <xsd:complexType name="CreateCMSSignatureResponseType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine
+ Stapelsignatur-Anfrage</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="CMSSignature" type="xsd:base64Binary">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung
+ erfolgreich war</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="ErrorResponse"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <!--########## Create XML Signature ### -->
+ <!--### Create XML Signature Request ### -->
+ <xsd:element name="CreateXMLSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CreateXMLSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="CreateXMLSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+ <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ermöglichung der Stapelsignatur durch
+ wiederholte Angabe dieses Elements</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="DataObjectInfoType">
+ <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="CreateSignatureInfo" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+ <xsd:choice>
+ <xsd:annotation>
+ <xsd:documentation>Auswahl: Entweder explizite Angabe des
+ Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit
+ der Signaturumgebung, oder Verweis auf ein benanntes Profil
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="CreateSignatureEnvironmentProfile"/>
+ <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Create XML Signature Response ### -->
+ <xsd:complexType name="CreateXMLSignatureResponseType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine
+ Stapelsignatur-Anfrage</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="SignatureEnvironment">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung
+ erfolgreich war</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="lax"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element ref="ErrorResponse"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+ <!--########## Create PDF Signature ### -->
+ <!--### Create PDF Signature Request ### -->
+ <xsd:element name="CreatePDFSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CreatePDFSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="CreatePDFSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+ <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ermöglichung der Stapelsignatur durch
+ wiederholte Angabe dieses Elements</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="PDFDocument" type="xsd:base64Binary"/>
+ <xsd:element name="SignatureProfile" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignaturePosition" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Create PDF Signature Response ### -->
+ <xsd:element name="CreatePDFSignatureResponse" type="CreatePDFSignatureResponseType"/>
+ <xsd:complexType name="CreatePDFSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="PDFSignature" type="PDFSignedRepsonse" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify CMS Signature ### -->
+ <!--### Verifiy CMS Signature Request ### -->
+ <xsd:element name="VerifyCMSSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="VerifyCMSSignatureRequestType">
+ <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="VerifyCMSSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+ <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+ <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+ <xsd:element name="TrustProfileID" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify CMS Signature Response ### -->
+ <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+ <xsd:complexType name="VerifyCMSSignatureResponseType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and RetrievalMethod is
+ supported; QualifiedCertificate is included as
+ X509Data/any;publicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SignatureAlgorithm" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignatureCheck" type="CheckResultType"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyASICCMSSignatureResponseType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and RetrievalMethod is
+ supported; QualifiedCertificate is included as
+ X509Data/any;publicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any,
+ TSLInformation is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="SignatureCheck" type="CheckResultType"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify PDF Signature ### -->
+ <!--### Verifiy PDF Signature Request ### -->
+ <xsd:element name="VerifyPDFSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="VerifyPDFSignatureRequestType">
+ <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="VerifyPDFSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+ <xsd:element name="PDFSignature" type="xsd:base64Binary"/>
+ <xsd:element name="TrustProfileID" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify PDF Signature ### -->
+ <!--### Verifiy ASIC Signature Request ### -->
+ <xsd:element name="VerifyASICSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="VerifyASICSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="VerifyASICSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+ <xsd:element name="ASICSignature" type="xsd:base64Binary"/>
+ <xsd:element name="ASICExtension" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>asics or asice</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="TrustProfileID" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify ASIC Signature Response ### -->
+ <xsd:element name="VerifyASICSignatureResponse" type="VerifyASICSignatureResponseType"/>
+ <xsd:complexType name="VerifyASICSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="ASiCSignatureResult" type="ASICResultType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--xsd:complexType name="signedFilesType">
+ <xsd:sequence>
+ <xsd:element name="signedFiles" type="xsd:string">
+ </xsd:sequence>
+ <xsd:attribute name="hashAlgorithm" type="xsd:string" use="optional"/>
+ </xsd:complexType-->
+
+ <xsd:complexType name="ASICResultType">
+ <xsd:sequence>
+ <xsd:element name="signedFiles" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="hashAlgorithm" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="XMLSignatureResult" type="VerifyASICXMLSignatureResponseType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="CMSSignatureResult" type="VerifyASICCMSSignatureResponseType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify CMS Signature Response ### -->
+ <xsd:element name="VerifyPDFSignatureResponse" type="VerifyPDFSignatureResponseType"/>
+ <xsd:complexType name="VerifyPDFSignatureResponseType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="SignatureResult" type="PDFSignatureResultType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="PDFSignatureResultType">
+ <xsd:sequence>
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and RetrievalMethod is
+ supported; QualifiedCertificate is included as
+ X509Data/any;publicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="SignatureAlgorithm" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignatureCheck" type="CheckResultType"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify XML Signature ### -->
+ <!--### Verify XML Signature Request ### -->
+ <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+ <xsd:complexType name="VerifyXMLSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+ <xsd:element name="VerifySignatureInfo">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+ <xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:choice minOccurs="0" maxOccurs="unbounded">
+ <xsd:element ref="SupplementProfile"/>
+ <xsd:element name="SupplementProfileID" type="xsd:string"/>
+ </xsd:choice>
+ <xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Pro dsig:Reference-Element in der zu
+ überprüfenden XML-Signatur muss hier ein
+ ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen
+ ReferenceInfo Elemente entspricht jener der dsig:Reference
+ Elemente in der XML-Signatur.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ReturnHashInputData" minOccurs="0"/>
+ <xsd:element name="TrustProfileID" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify XML Signature Response ### -->
+ <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+ <xsd:complexType name="VerifyXMLSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is
+ supported; QualifiedCertificate is included as X509Data/any;
+ PublicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="SignatureAlgorithm" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+ <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+ <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyASICXMLSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is
+ supported; QualifiedCertificate is included as X509Data/any;
+ PublicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+ <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+ <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:simpleType name="ProfileIdentifierType">
+ <xsd:restriction base="xsd:token"/>
+ </xsd:simpleType>
+ <xsd:complexType name="InputDataType">
+ <xsd:complexContent>
+ <xsd:extension base="ContentExLocRefBaseType">
+ <xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SignedInfo"/>
+ <xsd:enumeration value="XMLDSIGManifest"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+ <xsd:attribute name="HashAlgorithm" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="MimeType" type="MimeTypeType"/>
+ <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="FinalDataMetaInfoType">
+ <xsd:complexContent>
+ <xsd:extension base="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="DataObjectInfoType">
+ <xsd:sequence>
+ <xsd:element name="DataObject">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="ContentOptionalRefType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:annotation>
+ <xsd:documentation>Auswahl: Entweder explizite Angabe EINER
+ Transformationskette inklusive ggf. sinnvoller Supplements oder
+ Verweis auf ein benanntes Profil</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="CreateTransformsInfoProfile"/>
+ <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+ </xsd:choice>
+ </xsd:sequence>
+ <xsd:attribute name="Structure" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="detached"/>
+ <xsd:enumeration value="enveloping"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="CMSDataObjectInfoType">
+ <xsd:sequence>
+ <xsd:element name="DataObject">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CMSDataObjectRequiredMetaType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="Structure" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="detached"/>
+ <xsd:enumeration value="enveloping"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:sequence>
+ <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+ <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="XMLDataObjectAssociationType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+ <xsd:element name="Content" type="ContentRequiredRefType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="PDFSignedRepsonse">
+ <xsd:sequence>
+ <xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:choice maxOccurs="1">
+ <xsd:element name="PDFSignature" type="xsd:base64Binary">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung
+ erfolgreich war</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="ErrorResponse"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSDataObjectOptionalMetaType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+ <xsd:element name="Content" type="CMSContentBaseType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSDataObjectRequiredMetaType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType"/>
+ <xsd:element name="Content" type="CMSContentBaseType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSContentBaseType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentOptionalRefType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ </xsd:choice>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="FormResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="IndicationResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ExtendedCertificateCheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Major" type="IndicationResultType" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Minor" type="IndicationResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ReferencesCheckResultType">
+ <xsd:complexContent>
+ <xsd:restriction base="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+ <xsd:complexContent>
+ <xsd:restriction base="AnyChildrenType">
+ <xsd:sequence>
+ <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ManifestRefsCheckResultType">
+ <xsd:complexContent>
+ <xsd:restriction base="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+ <xsd:complexContent>
+ <xsd:restriction base="AnyChildrenType">
+ <xsd:sequence>
+ <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <!--########## Error Response ### -->
+ <xsd:element name="ErrorResponse" type="ErrorResponseType">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert
+ ist</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:complexType name="ErrorResponseType">
+ <xsd:sequence>
+ <xsd:element name="ErrorCode" type="xsd:integer"/>
+ <xsd:element name="Info" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Auxiliary Types ### -->
+ <xsd:simpleType name="KeyIdentifierType">
+ <xsd:restriction base="xsd:string"/>
+ </xsd:simpleType>
+ <xsd:simpleType name="KeyStorageType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="Software"/>
+ <xsd:enumeration value="Hardware"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MimeTypeType">
+ <xsd:restriction base="xsd:token"/>
+ </xsd:simpleType>
+ <xsd:complexType name="AnyChildrenType" mixed="true">
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="XMLContentType" mixed="true">
+ <xsd:complexContent>
+ <xsd:extension base="AnyChildrenType">
+ <xsd:attribute ref="xml:space" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentBaseType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:complexType name="ContentExLocRefBaseType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentBaseType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ </xsd:choice>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentOptionalRefType">
+ <xsd:complexContent>
+ <xsd:extension base="ContentBaseType">
+ <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentRequiredRefType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentOptionalRefType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+ </xsd:choice>
+ <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyTransformsDataType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ein oder mehrere Transformationswege können von
+ der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur
+ hat zumindest einem dieser Transformationswege zu entsprechen. Die
+ Angabe kann explizit oder als Profilbezeichner erfolgen.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="VerifyTransformsInfoProfile"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>Profilbezeichner für einen Transformationsweg
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="QualifiedCertificate">
+ <xsd:complexType>
+ <xsd:attribute name="source" use="optional">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="TSL"/>
+ <xsd:enumeration value="Certificate"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SecureSignatureCreationDevice">
+ <xsd:complexType>
+ <xsd:attribute name="source" use="optional">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="TSL"/>
+ <xsd:enumeration value="Certificate"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IssuingCountry" type="xsd:token"/>
+ <xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+ <xsd:complexType name="PublicAuthorityType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:simpleType name="SignatoriesType">
+ <xsd:union memberTypes="AllSignatoriesType">
+ <xsd:simpleType>
+ <xsd:list itemType="xsd:positiveInteger"/>
+ </xsd:simpleType>
+ </xsd:union>
+ </xsd:simpleType>
+ <xsd:simpleType name="AllSignatoriesType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="all"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:complexType name="CreateSignatureLocationType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:token">
+ <xsd:attribute name="Index" type="xsd:integer" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="TransformParameterType">
+ <xsd:choice minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Die Angabe des Transformationsparameters
+ (explizit oder als Hashwert) kann unterlassen werden, wenn die
+ Applikation von der Unveränderlichkeit des Inhalts der in
+ "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen
+ kann.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="Base64Content" type="xsd:base64Binary">
+ <xsd:annotation>
+ <xsd:documentation>Der Transformationsparameter explizit angegeben.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="Hash">
+ <xsd:annotation>
+ <xsd:documentation>Der Hashwert des Transformationsparameters.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="dsig:DigestMethod"/>
+ <xsd:element ref="dsig:DigestValue"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:element name="CreateSignatureEnvironmentProfile">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+ <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyTransformsInfoProfile">
+ <xsd:annotation>
+ <xsd:documentation>Explizite Angabe des Transformationswegs
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+ <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Alle impliziten Transformationsparameter, die
+ zum Durchlaufen der oben angeführten Transformationskette
+ bekannt sein müssen, müssen hier angeführt werden. Das
+ Attribut "URI" bezeichnet den Transformationsparameter in exakt
+ jener Weise, wie er in der zu überprüfenden Signatur gebraucht
+ wird.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+ <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+ <xsd:element name="CreateTransformsInfoProfile">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+ <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+</xsd:schema>
diff --git a/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd b/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd
new file mode 100644
index 0000000..d8f45fa
--- /dev/null
+++ b/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd
@@ -0,0 +1,833 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- MOA SP/SS 2.0.0 Schema -->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+ <!--########## Create CMS Signature ### -->
+ <!--### Create CMS Signature Request ### -->
+ <xsd:element name="CreateCMSSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CreateCMSSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="CreateCMSSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+ <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ermöglichung der Stapelsignatur durch
+ wiederholte Angabe dieses Elements</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="DataObjectInfo">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CMSDataObjectInfoType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+ <xsd:attribute name="PAdESConformity" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Create CMS Signature Response ### -->
+ <xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+ <xsd:complexType name="CreateCMSSignatureResponseType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine
+ Stapelsignatur-Anfrage</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="CMSSignature" type="xsd:base64Binary">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung
+ erfolgreich war</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="ErrorResponse"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <!--########## Create XML Signature ### -->
+ <!--### Create XML Signature Request ### -->
+ <xsd:element name="CreateXMLSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CreateXMLSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="CreateXMLSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+ <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ermöglichung der Stapelsignatur durch
+ wiederholte Angabe dieses Elements</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="DataObjectInfoType">
+ <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="CreateSignatureInfo" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+ <xsd:choice>
+ <xsd:annotation>
+ <xsd:documentation>Auswahl: Entweder explizite Angabe des
+ Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit
+ der Signaturumgebung, oder Verweis auf ein benanntes Profil
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="CreateSignatureEnvironmentProfile"/>
+ <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Create XML Signature Response ### -->
+ <xsd:complexType name="CreateXMLSignatureResponseType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine
+ Stapelsignatur-Anfrage</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="SignatureEnvironment">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung
+ erfolgreich war</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="lax"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element ref="ErrorResponse"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+ <!--########## Create PDF Signature ### -->
+ <!--### Create PDF Signature Request ### -->
+ <xsd:element name="CreatePDFSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CreatePDFSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="CreatePDFSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+ <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ermöglichung der Stapelsignatur durch
+ wiederholte Angabe dieses Elements</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="PDFDocument" type="xsd:base64Binary"/>
+ <xsd:element name="SignatureProfile" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignaturePosition" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Create PDF Signature Response ### -->
+ <xsd:element name="CreatePDFSignatureResponse" type="CreatePDFSignatureResponseType"/>
+ <xsd:complexType name="CreatePDFSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="PDFSignature" type="PDFSignedRepsonse" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify CMS Signature ### -->
+ <!--### Verifiy CMS Signature Request ### -->
+ <xsd:element name="VerifyCMSSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="VerifyCMSSignatureRequestType">
+ <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="VerifyCMSSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+ <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+ <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+ <xsd:element name="TrustProfileID" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify CMS Signature Response ### -->
+ <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+ <xsd:complexType name="VerifyCMSSignatureResponseType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and RetrievalMethod is
+ supported; QualifiedCertificate is included as
+ X509Data/any;publicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SignatureAlgorithm" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignatureCheck" type="CheckResultType"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyASICCMSSignatureResponseType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and RetrievalMethod is
+ supported; QualifiedCertificate is included as
+ X509Data/any;publicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any,
+ TSLInformation is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="SignatureCheck" type="CheckResultType"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify PDF Signature ### -->
+ <!--### Verifiy PDF Signature Request ### -->
+ <xsd:element name="VerifyPDFSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="VerifyPDFSignatureRequestType">
+ <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="VerifyPDFSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+ <xsd:element name="PDFSignature" type="xsd:base64Binary"/>
+ <xsd:element name="TrustProfileID" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify PDF Signature ### -->
+ <!--### Verifiy ASIC Signature Request ### -->
+ <xsd:element name="VerifyASICSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="VerifyASICSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="VerifyASICSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+ <xsd:element name="ASICSignature" type="xsd:base64Binary"/>
+ <xsd:element name="ASICExtension" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>asics or asice</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="TrustProfileID" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify ASIC Signature Response ### -->
+ <xsd:element name="VerifyASICSignatureResponse" type="VerifyASICSignatureResponseType"/>
+ <xsd:complexType name="VerifyASICSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="ASiCSignatureResult" type="ASICResultType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--xsd:complexType name="signedFilesType">
+ <xsd:sequence>
+ <xsd:element name="signedFiles" type="xsd:string">
+ </xsd:sequence>
+ <xsd:attribute name="hashAlgorithm" type="xsd:string" use="optional"/>
+ </xsd:complexType-->
+
+ <xsd:complexType name="ASICResultType">
+ <xsd:sequence>
+ <xsd:element name="signedFiles" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="hashAlgorithm" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="XMLSignatureResult" type="VerifyASICXMLSignatureResponseType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="CMSSignatureResult" type="VerifyASICCMSSignatureResponseType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify CMS Signature Response ### -->
+ <xsd:element name="VerifyPDFSignatureResponse" type="VerifyPDFSignatureResponseType"/>
+ <xsd:complexType name="VerifyPDFSignatureResponseType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="SignatureResult" type="PDFSignatureResultType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="PDFSignatureResultType">
+ <xsd:sequence>
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and RetrievalMethod is
+ supported; QualifiedCertificate is included as
+ X509Data/any;publicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="SignatureAlgorithm" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignatureCheck" type="CheckResultType"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify XML Signature ### -->
+ <!--### Verify XML Signature Request ### -->
+ <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+ <xsd:complexType name="VerifyXMLSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+ <xsd:element name="VerifySignatureInfo">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+ <xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:choice minOccurs="0" maxOccurs="unbounded">
+ <xsd:element ref="SupplementProfile"/>
+ <xsd:element name="SupplementProfileID" type="xsd:string"/>
+ </xsd:choice>
+ <xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Pro dsig:Reference-Element in der zu
+ überprüfenden XML-Signatur muss hier ein
+ ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen
+ ReferenceInfo Elemente entspricht jener der dsig:Reference
+ Elemente in der XML-Signatur.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ReturnHashInputData" minOccurs="0"/>
+ <xsd:element name="TrustProfileID" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von
+ vertrauenswürdigen Wurzelzertifikaten spezifiziert
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify XML Signature Response ### -->
+ <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+ <xsd:complexType name="VerifyXMLSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is
+ supported; QualifiedCertificate is included as X509Data/any;
+ PublicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="SignatureAlgorithm" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+ <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+ <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyASICXMLSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is
+ supported; QualifiedCertificate is included as X509Data/any;
+ PublicAuthority is included as X509Data/any;
+ SecureSignatureCreationDevice is included as X509Data/any,
+ IssuingCountry is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+ <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+ <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ <xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:simpleType name="ProfileIdentifierType">
+ <xsd:restriction base="xsd:token"/>
+ </xsd:simpleType>
+ <xsd:complexType name="InputDataType">
+ <xsd:complexContent>
+ <xsd:extension base="ContentExLocRefBaseType">
+ <xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SignedInfo"/>
+ <xsd:enumeration value="XMLDSIGManifest"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+ <xsd:attribute name="HashAlgorithm" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="MimeType" type="MimeTypeType"/>
+ <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="FinalDataMetaInfoType">
+ <xsd:complexContent>
+ <xsd:extension base="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="DataObjectInfoType">
+ <xsd:sequence>
+ <xsd:element name="DataObject">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="ContentOptionalRefType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:annotation>
+ <xsd:documentation>Auswahl: Entweder explizite Angabe EINER
+ Transformationskette inklusive ggf. sinnvoller Supplements oder
+ Verweis auf ein benanntes Profil</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="CreateTransformsInfoProfile"/>
+ <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+ </xsd:choice>
+ </xsd:sequence>
+ <xsd:attribute name="Structure" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="detached"/>
+ <xsd:enumeration value="enveloping"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="CMSDataObjectInfoType">
+ <xsd:sequence>
+ <xsd:element name="DataObject">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CMSDataObjectRequiredMetaType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="Structure" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="detached"/>
+ <xsd:enumeration value="enveloping"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:sequence>
+ <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+ <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="XMLDataObjectAssociationType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+ <xsd:element name="Content" type="ContentRequiredRefType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="PDFSignedRepsonse">
+ <xsd:sequence>
+ <xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:choice maxOccurs="1">
+ <xsd:element name="PDFSignature" type="xsd:base64Binary">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung
+ erfolgreich war</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="ErrorResponse"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSDataObjectOptionalMetaType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+ <xsd:element name="Content" type="CMSContentBaseType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSDataObjectRequiredMetaType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType"/>
+ <xsd:element name="Content" type="CMSContentBaseType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSContentBaseType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentOptionalRefType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ </xsd:choice>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="FormResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="IndicationResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ExtendedCertificateCheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Major" type="IndicationResultType" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Minor" type="IndicationResultType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ReferencesCheckResultType">
+ <xsd:complexContent>
+ <xsd:restriction base="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+ <xsd:complexContent>
+ <xsd:restriction base="AnyChildrenType">
+ <xsd:sequence>
+ <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ManifestRefsCheckResultType">
+ <xsd:complexContent>
+ <xsd:restriction base="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+ <xsd:complexContent>
+ <xsd:restriction base="AnyChildrenType">
+ <xsd:sequence>
+ <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <!--########## Error Response ### -->
+ <xsd:element name="ErrorResponse" type="ErrorResponseType">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert
+ ist</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:complexType name="ErrorResponseType">
+ <xsd:sequence>
+ <xsd:element name="ErrorCode" type="xsd:integer"/>
+ <xsd:element name="Info" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Auxiliary Types ### -->
+ <xsd:simpleType name="KeyIdentifierType">
+ <xsd:restriction base="xsd:string"/>
+ </xsd:simpleType>
+ <xsd:simpleType name="KeyStorageType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="Software"/>
+ <xsd:enumeration value="Hardware"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MimeTypeType">
+ <xsd:restriction base="xsd:token"/>
+ </xsd:simpleType>
+ <xsd:complexType name="AnyChildrenType" mixed="true">
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="XMLContentType" mixed="true">
+ <xsd:complexContent>
+ <xsd:extension base="AnyChildrenType">
+ <xsd:attribute ref="xml:space" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentBaseType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:complexType name="ContentExLocRefBaseType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentBaseType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ </xsd:choice>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentOptionalRefType">
+ <xsd:complexContent>
+ <xsd:extension base="ContentBaseType">
+ <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentRequiredRefType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentOptionalRefType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+ </xsd:choice>
+ <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyTransformsDataType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ein oder mehrere Transformationswege können von
+ der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur
+ hat zumindest einem dieser Transformationswege zu entsprechen. Die
+ Angabe kann explizit oder als Profilbezeichner erfolgen.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="VerifyTransformsInfoProfile"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>Profilbezeichner für einen Transformationsweg
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="QualifiedCertificate">
+ <xsd:complexType>
+ <xsd:attribute name="source" use="optional">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="TSL"/>
+ <xsd:enumeration value="Certificate"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SecureSignatureCreationDevice">
+ <xsd:complexType>
+ <xsd:attribute name="source" use="optional">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="TSL"/>
+ <xsd:enumeration value="Certificate"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IssuingCountry" type="xsd:token"/>
+ <xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+ <xsd:complexType name="PublicAuthorityType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:simpleType name="SignatoriesType">
+ <xsd:union memberTypes="AllSignatoriesType">
+ <xsd:simpleType>
+ <xsd:list itemType="xsd:positiveInteger"/>
+ </xsd:simpleType>
+ </xsd:union>
+ </xsd:simpleType>
+ <xsd:simpleType name="AllSignatoriesType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="all"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:complexType name="CreateSignatureLocationType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:token">
+ <xsd:attribute name="Index" type="xsd:integer" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="TransformParameterType">
+ <xsd:choice minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Die Angabe des Transformationsparameters
+ (explizit oder als Hashwert) kann unterlassen werden, wenn die
+ Applikation von der Unveränderlichkeit des Inhalts der in
+ "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen
+ kann.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="Base64Content" type="xsd:base64Binary">
+ <xsd:annotation>
+ <xsd:documentation>Der Transformationsparameter explizit angegeben.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="Hash">
+ <xsd:annotation>
+ <xsd:documentation>Der Hashwert des Transformationsparameters.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="dsig:DigestMethod"/>
+ <xsd:element ref="dsig:DigestValue"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:element name="CreateSignatureEnvironmentProfile">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+ <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyTransformsInfoProfile">
+ <xsd:annotation>
+ <xsd:documentation>Explizite Angabe des Transformationswegs
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+ <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Alle impliziten Transformationsparameter, die
+ zum Durchlaufen der oben angeführten Transformationskette
+ bekannt sein müssen, müssen hier angeführt werden. Das
+ Attribut "URI" bezeichnet den Transformationsparameter in exakt
+ jener Weise, wie er in der zu überprüfenden Signatur gebraucht
+ wird.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+ <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+ <xsd:element name="CreateTransformsInfoProfile">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+ <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+</xsd:schema>