diff options
| author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2016-03-14 16:29:03 +0100 |
|---|---|---|
| committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2016-03-14 16:29:03 +0100 |
| commit | 84293bd12f63b59852026cab02035fc9ebee626a (patch) | |
| tree | 6a118418f618af68f5d884e2eb7eac2fb660a136 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server | |
| parent | 7510ab5173001711ecb5d6c8834878e7cce63ff9 (diff) | |
| download | moa-sig-84293bd12f63b59852026cab02035fc9ebee626a.tar.gz moa-sig-84293bd12f63b59852026cab02035fc9ebee626a.tar.bz2 moa-sig-84293bd12f63b59852026cab02035fc9ebee626a.zip | |
A lot of moa sig stuff
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server')
28 files changed, 687 insertions, 446 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java index bb2589a..b2389a4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java @@ -31,10 +31,9 @@ import java.util.HashMap; import java.util.Map; import java.util.StringTokenizer; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; - import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; /** * A class representing a CRL distribution point. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 6bc6f0b..3c7bf6a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -31,6 +31,7 @@ import iaik.pki.revocation.RevocationSourceTypes; import iaik.server.modules.xml.BlackListEntry; import iaik.server.modules.xml.ExternalReferenceChecker; import iaik.server.modules.xml.WhiteListEntry; +import iaik.util.logging.Log; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; import iaik.xml.crypto.utils.URI; @@ -62,16 +63,16 @@ import org.w3c.dom.Element; import org.w3c.dom.traversal.NodeIterator; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; import at.gv.egovernment.moa.spss.api.impl.TSLConfigurationImpl; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.FileUtils; +import at.gv.egovernment.moaspss.util.StringUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A class that builds configuration data from a DOM based representation. @@ -259,6 +260,16 @@ public class ConfigurationPartsBuilder { ROOT + CONF + "SignatureVerification/" + CONF + "PermitFileURIs"; + private static final String CONNECTION_TIMEOUT_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "ConnectionTimeout"; + + private static final String READ_TIMEOUT_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "ReadTimeout"; + private static final String TSL_CONFIGURATION_XPATH = ROOT + CONF + "SignatureVerification/" + CONF + "CertificateValidation/" @@ -408,6 +419,51 @@ public class ConfigurationPartsBuilder { return pdfasConfiguration; } + /** + * Returns the digest method algorithm name. + * + * @return The digest method algorithm name from the configuration. + */ + public int getConnectionTimeout() + { + String connectionTimeout = getElementValue(getConfigElem(), CONNECTION_TIMEOUT_XPATH_, "30"); + int defaultConnectionTimeout = 30; + + if(connectionTimeout != null) { + try { + defaultConnectionTimeout = Integer.parseInt(connectionTimeout); + } catch(NumberFormatException e) { + Log.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); + } + } + + if(defaultConnectionTimeout < 0) { + defaultConnectionTimeout = 30; + } + + return defaultConnectionTimeout; + } + + public int getReadTimeout() + { + String connectionTimeout = getElementValue(getConfigElem(), READ_TIMEOUT_XPATH_, "30"); + int defaultConnectionTimeout = 30; + + if(connectionTimeout != null) { + try { + defaultConnectionTimeout = Integer.parseInt(connectionTimeout); + } catch(NumberFormatException e) { + Log.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); + } + } + + if(defaultConnectionTimeout < 0) { + defaultConnectionTimeout = 30; + } + + return defaultConnectionTimeout; + } + public boolean getAdesFormResult() { String enableArchiving = getElementValue(getConfigElem(), FORMRESULT_CONFIGURATION_XPATH, null); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 578f2fd..d777d8f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -46,11 +46,11 @@ import java.util.Set; import org.w3c.dom.Element; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.DOMUtils; /** * A class providing access to the MOA configuration data. @@ -107,6 +107,9 @@ public class ConfigurationProvider /** PDF AS Configuration */ private String pdfAsConfiguration; + private int connectionTimeout; + private int readTimeout; + /** * A <code>List</code> of <code>HardwareCryptoModule</code> objects for * configuring hardware modules. @@ -376,6 +379,8 @@ public class ConfigurationProvider keyGroupMappings = builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); + connectionTimeout = builder.getConnectionTimeout(); + readTimeout = builder.getReadTimeout(); pdfAsConfiguration = builder.getPDFASConfiguration(); adesFormResults = builder.getAdesFormResult(); xadesVersion = builder.getXAdESVersion(); @@ -553,8 +558,16 @@ public class ConfigurationProvider } public String getPDFASConfiguration() { - return pdfAsConfiguration; - } + return pdfAsConfiguration; + } + + public int getConnectionTimeout() { + return this.connectionTimeout; + } + + public int getReadTimeout() { + return this.readTimeout; + } public boolean getAdesFormResults() { return this.adesFormResults; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java index 49e5ecc..2dc047a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -35,10 +35,10 @@ import iaik.server.modules.keys.UnknownKeyException; import java.util.List; import java.util.Set; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moaspss.logging.Logger; /** * An object providing auxiliary information for creating a CMS signature. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java index 9189597..785c85b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.spss.server.iaik.cmsverify; -import iaik.server.modules.cmsverify.PDFSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; public class PDFSignatureVerificationProfileImpl extends CMSSignatureVerificationProfileImpl implements PDFSignatureVerificationProfile { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java index 304a7d3..d752a63 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java @@ -33,11 +33,12 @@ import iaik.pki.ldap.Handler; import java.io.InputStream; import java.net.MalformedURLException; import java.net.URL; +import java.net.URLConnection; import java.net.URLStreamHandler; import java.util.Collection; import java.util.Date; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moaspss.logging.Logger; /** * A customized implementation of @@ -51,6 +52,11 @@ import at.gv.egovernment.moa.logging.Logger; * @version $$ */ public class CRLRetriever implements RevocationInfoRetriever { + + private int connectTimeout = 5; + private int readTimeout = 5; + + public void update(RevocationSource source, Collection supplementalRequestData, TransactionId tid) throws RevocationStoreException { if (source == null) { @@ -70,8 +76,10 @@ public class CRLRetriever implements RevocationInfoRetriever { URLStreamHandler handler = new Handler(); crlUrl = new URL(null, source.getUri(), handler); } - - InputStream crlInputStream = crlUrl.openStream(); + URLConnection con = crlUrl.openConnection(); + con.setConnectTimeout(connectTimeout); + con.setReadTimeout(readTimeout); + InputStream crlInputStream = con.getInputStream(); source.readFrom(crlInputStream, tid); source.setDownloadTime(new Date()); crlInputStream.close(); @@ -83,11 +91,11 @@ public class CRLRetriever implements RevocationInfoRetriever { @Override public void setConnectTimeout(int arg0) { - // TODO AFITZEK IMPLEMENT THIS METHOD + this.connectTimeout = arg0; } @Override public void setReadTimeout(int arg0) { - // TODO AFITZEK IMPLEMENT THIS METHOD + this.readTimeout = arg0; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index ef9ddeb..c49004b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -43,8 +43,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.config.KeyGroup; @@ -53,6 +51,8 @@ import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.util.CertStoreConverter; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.spss.util.SecProviderUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; /** * A class responsible for configuring the IAIK MOA modules. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java index 3fb842f..317fcca 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java @@ -26,11 +26,10 @@ package at.gv.egovernment.moa.spss.server.iaik.config; import java.util.Properties; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.logging.LogConfigurationException; import iaik.logging.LoggerConfig; -import at.gv.egovernment.moa.logging.LoggingContextManager; - /** * Default implementation of the <code>LoggerConfig</code> interface. * diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java index fe0de1f..6341609 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java @@ -47,6 +47,8 @@ public class PKIConfigurationImpl implements PKIConfiguration { private ArchiveConfiguration archiveConfiguration; /** The certificate validation configuration. */ private ValidationConfiguration validationConfiguration; + private int connectionTimeout; + private int readTimeout; /** * Create a new <code>PKIConfigurationImpl</code>. @@ -68,6 +70,8 @@ public class PKIConfigurationImpl implements PKIConfiguration { } this.validationConfiguration = new ValidationConfigurationImpl(config); + this.connectionTimeout = config.getConnectionTimeout(); + this.readTimeout = config.getReadTimeout(); } /** @@ -100,14 +104,12 @@ public class PKIConfigurationImpl implements PKIConfiguration { @Override public int getConnectTimeout() { - // TODO AFITZEK IMPLEMENT THIS METHOD - return 0; + return this.connectionTimeout; } @Override public int getReadTimeout() { - // TODO AFITZEK IMPLEMENT THIS METHOD - return 0; + return this.readTimeout; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java index a09a701..5df84c9 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java @@ -27,6 +27,7 @@ import iaik.pki.revocation.RevocationConfiguration; import iaik.pki.revocation.dbcrl.config.DBCrlConfig; import java.security.cert.X509Certificate; +import java.util.Collections; import java.util.Date; import java.util.Map; import java.util.Set; @@ -100,7 +101,7 @@ public class RevocationConfigurationImpl extends AbstractObservableConfiguration @Override public Set getPositiveOCSPResponders() { // TODO AFITZEK IMPLEMENT THIS METHOD - return null; + return Collections.EMPTY_SET; } @Override diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java index 937f32f..1aed76e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java @@ -30,12 +30,10 @@ import java.io.InputStream; import iaik.server.modules.keys.ConfigurationException; import iaik.server.modules.keys.SoftwareKeyModuleConfiguration; - -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; - import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule; import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; /** * An implementation of the <code>SoftwareKeyModuleConfiguration</code> wrapping diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java index 1c5d26a..9e6ed6d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java @@ -39,12 +39,16 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.util.NodeListToNodeSetDataAdapter; -import at.gv.egovernment.moa.util.NodeListAdapter; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.XPathException; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.util.NodeListAdapter; +import at.gv.egovernment.moaspss.util.StreamUtils; +import at.gv.egovernment.moaspss.util.XPathException; +import at.gv.egovernment.moaspss.util.XPathUtils; +import iaik.server.modules.xml.MOAXSecProvider; import iaik.server.modules.xml.XSLTTransformation; import iaik.xml.crypto.dsig.XMLSignatureFactory; +import iaik.xml.filter.impl.dsig.CanonInputStream; +import iaik.xml.filter.impl.dsig.Canonicalizer; +import iaik.xml.filter.impl.dsig.Traverser; /** * A <code>Transformation</code> containing an XSLT transformation. @@ -195,12 +199,18 @@ public class XSLTTransformationImpl extends TransformationImpl implements XSLTTr */ private static InputStream canonicalize(Element element) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, TransformException { - CanonicalizationMethod canonicalizationMethod = XMLSignatureFactory.getInstance().newCanonicalizationMethod( - CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec()); + // CanonicalizationMethod canonicalizationMethod = + // MOAXSecProvider.getXMLSignatureFactory().newCanonicalizationMethod( + // CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec()); //CanonicalizationAlgorithm c14n = // new CanonicalizationAlgorithmImplExclusiveCanonicalXML(); - NodeList nodeList; + Traverser traverser = new Traverser(element, true, true); + Canonicalizer canonicalizer = new Canonicalizer(traverser, false, true, null); + + return new CanonInputStream(canonicalizer); + /* + NodeList nodeList; try { nodeList = XPathUtils.selectNodeList(element, XPathUtils.ALL_NODES_XPATH); @@ -211,7 +221,7 @@ public class XSLTTransformationImpl extends TransformationImpl implements XSLTTr ByteArrayOutputStream baos = new ByteArrayOutputStream(); canonicalizationMethod.transform(new NodeListToNodeSetDataAdapter(nodeList), null, baos); baos.close(); - return new ByteArrayInputStream(baos.toByteArray()); + return new ByteArrayInputStream(baos.toByteArray());*/ } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index 7d0c5a0..9d6e3d2 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -37,11 +37,11 @@ import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; import java.util.List; import java.util.Set; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.util.IdGenerator; +import at.gv.egovernment.moaspss.logging.Logger; /** * An object providing auxiliary information for creating an XML signature. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 37569c5..094e446 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -36,25 +36,28 @@ import java.util.Timer; import org.slf4j.LoggerFactory; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.spss.server.service.RevocationArchiveCleaner; +import at.gv.egovernment.moa.spss.tsl.connector.MOATSLVerifier; import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector; import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; import iaik.pki.store.certstore.CertStoreException; import iaik.pki.store.truststore.TrustStoreException; import iaik.server.ConfigurationData; +import iaik.xml.crypto.tsl.SecuredSAXParserFactoryImpl; import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; import iaik.xml.crypto.tsl.ex.TSLSearchException; +import iaik.xml.crypto.tsl.verify.ITSLVerifierFactory; /** * MOA SP/SS web service initialization. @@ -93,8 +96,8 @@ public class SystemInitializer { logger.info("##############################################################################"); logger.info("##############################################################################"); logger.info("### ###"); - logger.info("### LOADING MOA-SIG ###"); - logger.info("### =============== ###"); + logger.info("### LOADING MOA-SPSS ###"); + logger.info("### ================ ###"); logger.info("### ###"); logger.info("##############################################################################"); logger.info("##############################################################################"); @@ -153,7 +156,11 @@ public class SystemInitializer { TSLConnector tslconnector = new TSLConnector(); if (tslconfig != null) { //Logger.info(new LogMsg(msg.getMessage("init.01", null))); + SecuredSAXParserFactoryImpl.newInstance(); Logger.info(new LogMsg(msg.getMessage("config.41", null))); + + ITSLVerifierFactory.setITSLVerifier(new MOATSLVerifier()); + tslconnector.initialize(tslconfig.getEuTSLUrl(), tslconfig.getWorkingDirectory(), null, null); } @@ -188,6 +195,11 @@ public class SystemInitializer { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); } catch (CertificateException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } catch (Throwable e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + throw e; + } finally { + logger.info("Configuration initialized"); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index df04434..8e9380e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -52,8 +52,6 @@ import java.util.Set; import org.apache.commons.io.IOUtils; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -75,7 +73,9 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.FilteredOutputStream; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; /** * A class providing an API based interface to the diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 905254e..906abbe 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import iaik.server.modules.AdESFormVerificationResult; @@ -34,6 +33,11 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; +import iaik.util.logging.Log; +import iaik.server.modules.pdfverify.ExtendedPDFSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationModule; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -50,10 +54,8 @@ import java.util.List; import org.apache.commons.codec.binary.Hex; import org.apache.commons.io.HexDump; import org.apache.commons.io.IOUtils; +import org.slf4j.LoggerFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; @@ -70,14 +72,17 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.QCSSCDResult; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; /** * A class providing an interface to the * <code>CMSSignatureVerificationModule</code>. * - * This class performs the invocation of the + * This class performs the invocation of the * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code> - * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation + * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation * is integrated into a <code>VerifyCMSSignatureResponse</code> returned. * * @author Patrick Peck @@ -85,338 +90,414 @@ import at.gv.egovernment.moa.spss.util.QCSSCDResult; */ public class CMSSignatureVerificationInvoker { - /** The single instance of this class. */ - private static CMSSignatureVerificationInvoker instance = null; - - /** - * Return the only instance of this class. - * - * @return The only instance of this class. - */ - public static synchronized CMSSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new CMSSignatureVerificationInvoker(); - } - return instance; - } - - /** - * Create a new <code>CMSSignatureVerificationInvoker</code>. - * - * Protected to disallow multiple instances. - */ - protected CMSSignatureVerificationInvoker() { - } - - /** - * Verify a CMS signature. - * - * @param request The <code>VerifyCMSSignatureRequest</code> containing the - * CMS signature, as well as additional data needed for verification. - * @return Element A <code>VerifyCMSSignatureResponse</code> containing the - * answer to the <code>VerifyCMSSignatureRequest</code>. - * @throws MOAException An error occurred while processing the request. - */ - public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) - throws MOAException { - - CMSSignatureVerificationProfileFactory profileFactory = - new CMSSignatureVerificationProfileFactory(request); - VerifyCMSSignatureResponseBuilder responseBuilder = - new VerifyCMSSignatureResponseBuilder(); - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = - LoggingContextManager.getInstance().getLoggingContext(); - InputStream signature; - InputStream signedContent = null; - CMSSignatureVerificationProfile profile; - Date signingTime; - List results; - ExtendedCMSSignatureVerificationResult result; - int[] signatories; - InputStream input; - byte[] buf = new byte[2048]; - - // get the signature - signature = request.getCMSSignature(); - - // get the actual trustprofile - TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - - try { - // get the signed content - signedContent = getSignedContent(request); - - // build the profile - if(request.isPDF()) { - profile = profileFactory.createPDFProfile(); - } else { - profile = profileFactory.createProfile(); - } - - // get the signing time - signingTime = request.getDateTime(); - - // verify the signature - CMSSignatureVerificationModule module = - CMSSignatureVerificationModuleFactory.getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - - module.init( - signature, - signedContent, - profile, - new TransactionId(context.getTransactionID())); - input = module.getInputStream(); - - while (input.read(buf) > 0); - //results = module.verifyCAdESSignature(signingTime); - results = module.verifySignature(signingTime); - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IOException e) { - throw new MOAApplicationException("2244", null, e); - } catch (MOAException e) - { - throw e; - } - finally - { - try - { - if (signedContent != null) signedContent.close(); - } - catch (Throwable t) - { - // Intentionally do nothing here - } - } - - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - // build the response: for each signatory add the result to the response - signatories = request.getSignatories(); - if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { - Iterator resultIter; - - for (resultIter = results.iterator(); resultIter.hasNext();) { - Object resultObject = resultIter.next(); - CMSSignatureVerificationResult cmsResult = null; - List adesResults = null; - if(resultObject instanceof ExtendedCMSSignatureVerificationResult) { - result = (ExtendedCMSSignatureVerificationResult) resultObject; - - adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - } else { - cmsResult = (CMSSignatureVerificationResult)resultObject; - } - - - String issuerCountryCode = null; - // QC/SSCD check - - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while(it.hasNext()) { - chain[i] = (X509Certificate)it.next(); - i++; - } - - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); - - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } - } else { - int i; - - for (i = 0; i < signatories.length; i++) { - int sigIndex = signatories[i] - 1; - - try { - result = - (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1); - - String issuerCountryCode = null; - - CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult(); - - List adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - - // QC/SSCD check - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int j = 0; - while(it.hasNext()) { - chain[j] = (X509Certificate)it.next(); - j++; - } - - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } catch (IndexOutOfBoundsException e) { - throw new MOAApplicationException( - "2249", - new Object[] { new Integer(sigIndex)}); - } - } - } - - return responseBuilder.getResponse(); - } - - - /** - * Get the signed content contained either in the request itself or given as a - * reference to external data. - * - * @param request The <code>VerifyCMSSignatureRequest</code> containing the - * signed content (or the reference to the signed content). - * @return InputStream A stream providing the signed content data, or - * <code>null</code> if no signed content was provided with the request. - * @throws MOAApplicationException An error occurred building the stream. - */ - private InputStream getSignedContent(VerifyCMSSignatureRequest request) - throws MOAApplicationException { - - InputStream is = null; - CMSDataObject dataObj; - CMSContent content; - - // select the Content element - dataObj = request.getDataObject(); - if (dataObj == null) { - return null; - } - content = dataObj.getContent(); - - // build the content data - switch (content.getContentType()) { - case CMSContent.EXPLICIT_CONTENT : - is = ((CMSContentExcplicit) content).getBinaryContent(); - is = excludeByteRange(is, request); - return is; - case CMSContent.REFERENCE_CONTENT : - String reference = ((CMSContentReference) content).getReference(); - if (!"".equals(reference)) { - ExternalURIResolver resolver = new ExternalURIResolver(); - is = resolver.resolve(reference); - is = excludeByteRange(is, request); - return is; - } else { - return null; - } - default : - return null; - } - - - - } - - private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException { - - int byteRead; - - ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); - - CMSDataObject dataobject = request.getDataObject(); - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return contentIs; - - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - try { - while ((byteRead=contentIs.read()) >= 0) { - - if (inRange(counter, dataobject)) { - // if byte is in byte range, set byte to 0x00 - contentOs.write(0); - } - else - contentOs.write(byteRead); - - counter = counter.add(one); + /** The single instance of this class. */ + private static CMSSignatureVerificationInvoker instance = null; + + /** + * Return the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>CMSSignatureVerificationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureVerificationInvoker() { + } + + /** + * Verify a CMS signature. + * + * @param request + * The <code>VerifyCMSSignatureRequest</code> containing the CMS + * signature, as well as additional data needed for verification. + * @return Element A <code>VerifyCMSSignatureResponse</code> containing the + * answer to the <code>VerifyCMSSignatureRequest</code>. + * @throws MOAException + * An error occurred while processing the request. + */ + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) throws MOAException { + + CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(request); + VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + InputStream signature; + InputStream signedContent = null; + Date signingTime; + List results; + int[] signatories; + InputStream input; + byte[] buf = new byte[2048]; + + // get the signature + signature = request.getCMSSignature(); + + // get the actual trustprofile + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + + try { + // get the signing time + signingTime = request.getDateTime(); + + // build the profile + if (request.isPDF()) { + PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile(); + Logger.info("Sending PDFSignatureVerificationProfile to IAIK-MOA"); + + PDFSignatureVerificationModule module = iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory + .getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, profile, new TransactionId(context.getTransactionID())); + + // input = module.getInputStream(); + + // while (input.read(buf) > 0); + if(request.isExtended()) { + results = module.verifyPAdESSignature(signingTime); + } else { + results = module.verifySignature(signingTime); + } + + } else { + // get the signed content + signedContent = getSignedContent(request); + CMSSignatureVerificationProfile profile = profileFactory.createProfile(); + Logger.info("Sending CMSSignatureVerificationProfile to IAIK-MOA"); + + // verify the signature + CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID())); + input = module.getInputStream(); + + while (input.read(buf) > 0) + ; + + if(request.isExtended()) { + results = module.verifyCAdESSignature(signingTime); + } else { + results = module.verifySignature(signingTime); + } + // results = module.verifySignature(signingTime); + } + + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IOException e) { + throw new MOAApplicationException("2244", null, e); + } catch (MOAException e) { + throw e; + } finally { + try { + if (signedContent != null) + signedContent.close(); + } catch (Throwable t) { + // Intentionally do nothing here + } + } + + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + // build the response: for each signatory add the result to the response + signatories = request.getSignatories(); + if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { + Iterator resultIter; + + for (resultIter = results.iterator(); resultIter.hasNext();) { + Object resultObject = resultIter.next(); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } + } else { + int i; + + for (i = 0; i < signatories.length; i++) { + int sigIndex = signatories[i] - 1; + + try { + Object resultObject = results.get(signatories[i] - 1); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } catch (IndexOutOfBoundsException e) { + throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); + } + } + } + + return responseBuilder.getResponse(); + } + + private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + } else { + cmsResult = (CMSSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + } - - InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); - - return is; - - - } catch (IOException e) { - throw new MOAApplicationException("2301", null, e); + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); } - - } - - - private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return false; - - int compare = counter.compareTo(from); - if (compare == -1) - return false; - else { - compare = counter.compareTo(to); - if (compare == 1) - return false; - else - return true; - } - - - - } - - - private List getAdESResult(AdESFormVerificationResult adesFormVerification) { + + private void handleCMSEXTResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + cmsResult = result.getCMSSignatureVerificationResult(); + } else { + cmsResult = (CMSSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + } + + private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + PDFSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { + ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + cmsResult = result.getPDFSignatureVerificationResult(); + } else { + cmsResult = (PDFSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + } + + /** + * Get the signed content contained either in the request itself or given as + * a reference to external data. + * + * @param request + * The <code>VerifyCMSSignatureRequest</code> containing the + * signed content (or the reference to the signed content). + * @return InputStream A stream providing the signed content data, or + * <code>null</code> if no signed content was provided with the + * request. + * @throws MOAApplicationException + * An error occurred building the stream. + */ + private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException { + + InputStream is = null; + CMSDataObject dataObj; + CMSContent content; + + // select the Content element + dataObj = request.getDataObject(); + if (dataObj == null) { + return null; + } + content = dataObj.getContent(); + + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT: + is = ((CMSContentExcplicit) content).getBinaryContent(); + is = excludeByteRange(is, request); + return is; + case CMSContent.REFERENCE_CONTENT: + String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + ExternalURIResolver resolver = new ExternalURIResolver(); + is = resolver.resolve(reference); + is = excludeByteRange(is, request); + return is; + } else { + return null; + } + default: + return null; + } + + } + + private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) + throws MOAApplicationException { + + int byteRead; + + ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); + + CMSDataObject dataobject = request.getDataObject(); + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ((from == null) || (to == null)) + return contentIs; + + BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); + + try { + while ((byteRead = contentIs.read()) >= 0) { + + if (inRange(counter, dataobject)) { + // if byte is in byte range, set byte to 0x00 + contentOs.write(0); + } else + contentOs.write(byteRead); + + counter = counter.add(one); + } + + InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); + + return is; + + } catch (IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ((from == null) || (to == null)) + return false; + + int compare = counter.compareTo(from); + if (compare == -1) + return false; + else { + compare = counter.compareTo(to); + if (compare == 1) + return false; + else + return true; + } + + } + + private List getAdESResult(AdESFormVerificationResult adesFormVerification) { if (adesFormVerification == null) { // no form information return null; @@ -451,5 +532,5 @@ public class CMSSignatureVerificationInvoker { } } } - + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java index 74b2a89..bd5db6d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; /** * A factory to create a <code>CMSSignatureVerificationProfile</code> from a @@ -65,7 +66,7 @@ public class CMSSignatureVerificationProfileFactory { * <code>request</code>, based on the current configuration. * @throws MOAException An error occurred creating the profile. */ - public CMSSignatureVerificationProfile createPDFProfile() + public PDFSignatureVerificationProfile createPDFProfile() throws MOAException { TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java index d775fdb..1eca7d2 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -49,8 +49,6 @@ import org.w3c.dom.NodeList; import org.xml.sax.EntityResolver; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.common.Content; @@ -70,13 +68,15 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.EntityResolverChain; -import at.gv.egovernment.moa.util.MOAErrorHandler; -import at.gv.egovernment.moa.util.StreamEntityResolver; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.EntityResolverChain; +import at.gv.egovernment.moaspss.util.MOAErrorHandler; +import at.gv.egovernment.moaspss.util.StreamEntityResolver; +import at.gv.egovernment.moaspss.util.StreamUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; import iaik.server.modules.xml.DataObject; import iaik.server.modules.xml.NodeListImplementation; import iaik.server.modules.xml.URIReferenceImpl; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java index 0bca8ae..0128e6a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java @@ -28,11 +28,10 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.util.XPathException; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.common.ElementSelector; +import at.gv.egovernment.moaspss.util.XPathException; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * Utility methods for invoking the IAIK MOA modules. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java index 8f3c075..330ffdd 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java @@ -24,13 +24,12 @@ package at.gv.egovernment.moa.spss.server.invoke; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; /** * A utility class for setting up and tearing down thread-local context diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index f32093a..3e18c2a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -25,7 +25,8 @@ package at.gv.egovernment.moa.spss.server.invoke; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; -import iaik.server.modules.cmsverify.CertificateValidationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; +import iaik.server.cmspdfverify.CertificateValidationResult; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -123,6 +124,61 @@ public class VerifyCMSSignatureResponseBuilder { responseElements.add(responseElement); } - + /** + * Add a verification result to the response. + * + * @param result The result to add. + * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, + * otherwise <code>false</code>. + * @throws MOAException + */ + public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults) + throws MOAException { + + CertificateValidationResult certResult = + result.getCertificateValidationResult(); + int signatureCheckCode = + result.getSignatureValueVerificationCode().intValue(); + int certificateCheckCode = certResult.getValidationResultCode().intValue(); + + VerifyCMSSignatureResponseElement responseElement; + SignerInfo signerInfo; + CheckResult signatureCheck; + CheckResult certificateCheck; + + boolean qualifiedCertificate = checkQC; + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode); + + // add SignatureCheck element + signatureCheck = factory.createCheckResult(signatureCheckCode, null); + + // add CertificateCheck element + certificateCheck = factory.createCheckResult(certificateCheckCode, null); + + // build the response element + responseElement = + factory.createVerifyCMSSignatureResponseElement( + signerInfo, + signatureCheck, + certificateCheck, + adesResults); + responseElements.add(responseElement); + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 7bcf723..a6e8971 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -50,9 +50,9 @@ import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.CollectionUtils; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.NodeListAdapter; +import at.gv.egovernment.moaspss.util.CollectionUtils; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.NodeListAdapter; import iaik.server.modules.xml.BinaryDataObject; import iaik.server.modules.xml.DataObject; import iaik.server.modules.xml.XMLDataObject; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java index 7debb7b..ecdd811 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java @@ -46,9 +46,6 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -69,8 +66,11 @@ import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.util.IdGenerator; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A class providing an API based interface to the diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java index 6a85415..cb77ad1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java @@ -44,8 +44,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; @@ -67,7 +65,9 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.util.IdGenerator; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; /** * A factory to create <code>XMLSignatureCreationProfile</code>s from a diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index c09740c..a8c3ea0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -40,10 +40,6 @@ import java.util.Set; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -71,8 +67,12 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.spss.util.QCSSCDResult; -import at.gv.egovernment.moa.util.CollectionUtils; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.CollectionUtils; +import at.gv.egovernment.moaspss.util.Constants; import iaik.server.modules.AdESFormVerificationResult; import iaik.server.modules.AdESVerificationResult; import iaik.server.modules.IAIKException; @@ -162,7 +162,8 @@ public class XMLSignatureVerificationInvoker { LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request); VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder(); - ExtendedXMLSignatureVerificationResult result; + ExtendedXMLSignatureVerificationResult result = null; + XMLSignatureVerificationResult plainResult; XMLSignatureVerificationProfile profile; ReferencesCheckResult signatureManifestCheck; DataObjectFactory dataObjFactory; @@ -215,8 +216,14 @@ public class XMLSignatureVerificationInvoker { module.setLog(new IaikLog(loggingCtx.getNodeID())); - result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, + if(request.getExtendedValidaiton()) { + result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, new TransactionId(context.getTransactionID())); + plainResult = result.getXMLSignatureVerificationResult(); + } else { + plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime, + new TransactionId(context.getTransactionID())); + } } catch (IAIKException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; @@ -225,19 +232,20 @@ public class XMLSignatureVerificationInvoker { throw moaException; } - List adesResults = getAdESResult(result.getFormVerificationResult()); + if(result != null) { + List adesResults = getAdESResult(result.getFormVerificationResult()); - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } } - } - - responseBuilder.setAdESFormResults(adesResults); + responseBuilder.setAdESFormResults(adesResults); + } // QC/SSCD check - List list = result.getXMLSignatureVerificationResult().getCertificateValidationResult().getCertificateChain(); + List list = plainResult.getCertificateValidationResult().getCertificateChain(); if (list != null) { X509Certificate[] chain = new X509Certificate[list.size()]; @@ -261,17 +269,17 @@ public class XMLSignatureVerificationInvoker { } // check the result - signatureManifestCheck = validateSignatureManifest(request, result.getXMLSignatureVerificationResult(), + signatureManifestCheck = validateSignatureManifest(request, plainResult, profile); // Check if signer certificate is in trust profile's allowed signer // certificates pool TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - CheckResult certificateCheck = validateSignerCertificate(result.getXMLSignatureVerificationResult(), + CheckResult certificateCheck = validateSignerCertificate(plainResult, trustProfile); // build the response - responseBuilder.setResult(result.getXMLSignatureVerificationResult(), profile, signatureManifestCheck, + responseBuilder.setResult(plainResult, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode); return responseBuilder.getResponse(); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java index 64810a8..cca9117 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.spss.server.logging; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.logging.Log; import iaik.logging.LogConfigurationException; import iaik.logging.LogFactory; -import at.gv.egovernment.moa.logging.LoggingContextManager; - /** * An implementation of the <code>iaik.logging.LogFactory</code> abstract * class to log messages to the MOA logging subsystem. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java index f6d84c7..d3a930c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java @@ -30,11 +30,11 @@ import iaik.pki.store.revocation.archive.ArchiveFactory; import java.util.Date; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; /** * A <code>Runnable</code> for periodically cleaning up the revocation archive. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java index 3425dac..4e0d9f6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java @@ -41,9 +41,9 @@ import java.util.Map.Entry; import org.w3c.dom.Element; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moaspss.logging.Logger; /** * Contains information about the current request. |