aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2015-12-02 15:48:52 +0100
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2015-12-02 15:48:52 +0100
commit191ba3411f2db0a48ae8d4243926b33a063bf769 (patch)
tree944b69da205c85c16fcc710a4dc7eaf921110fe5 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
parentf26449517c01e456f677d3e47edf9cafad6e70e0 (diff)
downloadmoa-sig-191ba3411f2db0a48ae8d4243926b33a063bf769.tar.gz
moa-sig-191ba3411f2db0a48ae8d4243926b33a063bf769.tar.bz2
moa-sig-191ba3411f2db0a48ae8d4243926b33a063bf769.zip
IAIK Moa CAdES added, cms verification not working
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java106
1 files changed, 95 insertions, 11 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index aca6f58..905254e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -24,12 +24,16 @@
package at.gv.egovernment.moa.spss.server.invoke;
+import iaik.server.modules.AdESFormVerificationResult;
+import iaik.server.modules.AdESVerificationResult;
import iaik.server.modules.IAIKException;
import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.SignatureVerificationProfile;
import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
@@ -37,10 +41,17 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigDecimal;
+import java.security.MessageDigest;
+import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.io.HexDump;
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.logging.LoggingContext;
import at.gv.egovernment.moa.logging.LoggingContextManager;
import at.gv.egovernment.moa.spss.MOAApplicationException;
@@ -51,6 +62,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
@@ -121,14 +133,14 @@ public class CMSSignatureVerificationInvoker {
CMSSignatureVerificationProfile profile;
Date signingTime;
List results;
- CMSSignatureVerificationResult result;
+ ExtendedCMSSignatureVerificationResult result;
int[] signatories;
InputStream input;
- byte[] buf = new byte[256];
+ byte[] buf = new byte[2048];
// get the signature
signature = request.getCMSSignature();
-
+
// get the actual trustprofile
TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
@@ -137,7 +149,11 @@ public class CMSSignatureVerificationInvoker {
signedContent = getSignedContent(request);
// build the profile
- profile = profileFactory.createProfile();
+ if(request.isPDF()) {
+ profile = profileFactory.createPDFProfile();
+ } else {
+ profile = profileFactory.createProfile();
+ }
// get the signing time
signingTime = request.getDateTime();
@@ -156,9 +172,9 @@ public class CMSSignatureVerificationInvoker {
input = module.getInputStream();
while (input.read(buf) > 0);
+ //results = module.verifyCAdESSignature(signingTime);
results = module.verifySignature(signingTime);
-
} catch (IAIKException e) {
MOAException moaException = IaikExceptionMapper.getInstance().map(e);
throw moaException;
@@ -191,10 +207,29 @@ public class CMSSignatureVerificationInvoker {
Iterator resultIter;
for (resultIter = results.iterator(); resultIter.hasNext();) {
- result = (CMSSignatureVerificationResult) resultIter.next();
+ Object resultObject = resultIter.next();
+ CMSSignatureVerificationResult cmsResult = null;
+ List adesResults = null;
+ if(resultObject instanceof ExtendedCMSSignatureVerificationResult) {
+ result = (ExtendedCMSSignatureVerificationResult) resultObject;
+
+ adesResults = getAdESResult(result.getFormVerificationResult());
+
+ if (adesResults != null) {
+ Iterator adesIterator = adesResults.iterator();
+ while (adesIterator.hasNext()) {
+ Logger.info("ADES Formresults: " + adesIterator.next().toString());
+ }
+ }
+ } else {
+ cmsResult = (CMSSignatureVerificationResult)resultObject;
+ }
+
+
String issuerCountryCode = null;
// QC/SSCD check
- List list = result.getCertificateValidationResult().getCertificateChain();
+
+ List list = cmsResult.getCertificateValidationResult().getCertificateChain();
if (list != null) {
X509Certificate[] chain = new X509Certificate[list.size()];
@@ -213,7 +248,7 @@ public class CMSSignatureVerificationInvoker {
}
- responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+ responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
}
} else {
int i;
@@ -223,11 +258,23 @@ public class CMSSignatureVerificationInvoker {
try {
result =
- (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
+ (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1);
String issuerCountryCode = null;
+
+ CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult();
+
+ List adesResults = getAdESResult(result.getFormVerificationResult());
+
+ if (adesResults != null) {
+ Iterator adesIterator = adesResults.iterator();
+ while (adesIterator.hasNext()) {
+ Logger.info("ADES Formresults: " + adesIterator.next().toString());
+ }
+ }
+
// QC/SSCD check
- List list = result.getCertificateValidationResult().getCertificateChain();
+ List list = cmsResult.getCertificateValidationResult().getCertificateChain();
if (list != null) {
X509Certificate[] chain = new X509Certificate[list.size()];
@@ -244,7 +291,7 @@ public class CMSSignatureVerificationInvoker {
issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
}
- responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+ responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
} catch (IndexOutOfBoundsException e) {
throw new MOAApplicationException(
"2249",
@@ -368,4 +415,41 @@ public class CMSSignatureVerificationInvoker {
}
+
+ private List getAdESResult(AdESFormVerificationResult adesFormVerification) {
+ if (adesFormVerification == null) {
+ // no form information
+ return null;
+ }
+
+ List adesList = new ArrayList();
+
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA),
+ SignatureVerificationProfile.LEVEL_LTA, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT),
+ SignatureVerificationProfile.LEVEL_LT, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T),
+ SignatureVerificationProfile.LEVEL_T, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B),
+ SignatureVerificationProfile.LEVEL_B, adesList);
+
+ return adesList;
+ }
+
+ private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) {
+ if (subResult != null) {
+ Logger.info("Checking Level: " + level);
+ try {
+ AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl();
+ adESFormResultsImpl.setCode(subResult.getResultCode());
+ adESFormResultsImpl.setInfo(subResult.getInfo());
+ adESFormResultsImpl.setName(subResult.getName());
+
+ adesList.add(adESFormResultsImpl);
+ } catch (NullPointerException e) {
+ Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e);
+ }
+ }
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-04 13:41:18 +0000