aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2016-06-15 08:41:10 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2016-06-15 08:41:10 +0200
commitacf1b849ab835bc6797adfb91f8ab4fa88f0aff5 (patch)
tree825c5c033f0a104dad27abc25cf3be3a481a8dd8 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server
parent606fd125e82b532f2e75dc787edb1f535dacfae9 (diff)
downloadmoa-sig-acf1b849ab835bc6797adfb91f8ab4fa88f0aff5.tar.gz
moa-sig-acf1b849ab835bc6797adfb91f8ab4fa88f0aff5.tar.bz2
moa-sig-acf1b849ab835bc6797adfb91f8ab4fa88f0aff5.zip
extended validation result
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java27
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java47
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java13
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java10
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java29
5 files changed, 96 insertions, 30 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
index 9e6ed6d..9dc45fc 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
@@ -205,10 +205,31 @@ public class XSLTTransformationImpl extends TransformationImpl implements XSLTTr
//CanonicalizationAlgorithm c14n =
// new CanonicalizationAlgorithmImplExclusiveCanonicalXML();
- Traverser traverser = new Traverser(element, true, true);
- Canonicalizer canonicalizer = new Canonicalizer(traverser, false, true, null);
+ //Traverser traverser = new Traverser(element, true, true);
+ //Canonicalizer canonicalizer = new Canonicalizer(traverser, false, true, null);
- return new CanonInputStream(canonicalizer);
+ //return new CanonInputStream(canonicalizer);
+
+ CanonicalizationMethod canonicalizationMethod =
+ MOAXSecProvider.getXMLSignatureFactory().newCanonicalizationMethod(
+ CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec());
+
+ //CanonicalizationAlgorithm c14n =
+ // new CanonicalizationAlgorithmImplExclusiveCanonicalXML();
+ NodeList nodeList;
+
+ try {
+ nodeList = XPathUtils.selectNodeList(element,
+ XPathUtils.ALL_NODES_XPATH);
+ } catch (XPathException e) {
+ nodeList = new NodeListAdapter(Collections.EMPTY_LIST);
+ }
+ //c14n.setInput(nodeList);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ canonicalizationMethod.transform(new
+ NodeListToNodeSetDataAdapter(nodeList), null, baos);
+ baos.close();
+ return new ByteArrayInputStream(baos.toByteArray());
/*
NodeList nodeList;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index f5d2826..ba0474c 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
@@ -258,15 +259,13 @@ public class CMSSignatureVerificationInvoker {
CMSSignatureVerificationResult cmsResult = null;
List adesResults = null;
+ ExtendedCertificateCheckResult extCheckResult = null;
if (resultObject instanceof ExtendedCMSSignatureVerificationResult) {
Logger.info("Got ExtendedCMSSignatureVerificationResult");
ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject;
cmsResult = result.getCMSSignatureVerificationResult();
- try {
- adesResults = getAdESResult(result);
- } catch (ConfigurationException e) {
- Logger.warn("Failed to provide extended validation results: " + e.getMessage());
- }
+ adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult());
+
if (adesResults != null) {
Iterator adesIterator = adesResults.iterator();
@@ -274,6 +273,17 @@ public class CMSSignatureVerificationInvoker {
Logger.info("ADES Formresults: " + adesIterator.next().toString());
}
}
+ try {
+ //Logger.info("Extended Validation Report: " + result.getName());
+ Logger.info("Extended Validation Code: " + result.getResultCode().toString());
+ Logger.info("Extended Validation Info: " + result.getInfo());
+
+ extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode());
+ } catch (ConfigurationException e) {
+ Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e);
+ } catch (NullPointerException e) {
+ Logger.info("No extendend validation result available.");
+ }
} else {
Logger.info("Got CMSSignatureVerificationResult");
cmsResult = (CMSSignatureVerificationResult) resultObject;
@@ -302,7 +312,7 @@ public class CMSSignatureVerificationInvoker {
}
responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
- qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
+ qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult);
}
private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder,
@@ -316,17 +326,14 @@ public class CMSSignatureVerificationInvoker {
PDFSignatureVerificationResult cmsResult = null;
List adesResults = null;
+
+ ExtendedCertificateCheckResult extCheckResult = null;
if (resultObject instanceof ExtendedPDFSignatureVerificationResult) {
Logger.info("Got ExtendedPDFSignatureVerificationResult");
ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject;
cmsResult = result.getPDFSignatureVerificationResult();
- try {
- adesResults = getAdESResult(result);
- } catch (ConfigurationException e) {
- Logger.warn("Failed to provide extended validation results", e);
- //throw new MOARuntimeException("config.52", null);
- }
-
+ adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult());
+
if (adesResults != null) {
Iterator adesIterator = adesResults.iterator();
while (adesIterator.hasNext()) {
@@ -334,6 +341,17 @@ public class CMSSignatureVerificationInvoker {
}
}
cmsResult = result.getPDFSignatureVerificationResult();
+ try {
+ //Logger.info("Extended Validation Report: " + result.getName());
+ Logger.info("Extended Validation Code: " + result.getResultCode().toString());
+ Logger.info("Extended Validation Info: " + result.getInfo());
+
+ extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode());
+ } catch (ConfigurationException e) {
+ Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e);
+ } catch (NullPointerException e) {
+ Logger.info("No extendend validation result available.");
+ }
} else {
Logger.info("Got PDFSignatureVerificationResult");
cmsResult = (PDFSignatureVerificationResult) resultObject;
@@ -361,7 +379,8 @@ public class CMSSignatureVerificationInvoker {
}
responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
- qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
+ qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults,
+ extCheckResult);
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 3e18c2a..7b4a350 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
@@ -80,7 +81,8 @@ public class VerifyCMSSignatureResponseBuilder {
* otherwise <code>false</code>.
* @throws MOAException
*/
- public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults)
+ public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults,
+ ExtendedCertificateCheckResult extendedCertificateCheckResult)
throws MOAException {
CertificateValidationResult certResult =
@@ -120,7 +122,8 @@ public class VerifyCMSSignatureResponseBuilder {
signerInfo,
signatureCheck,
certificateCheck,
- adesResults);
+ adesResults,
+ extendedCertificateCheckResult);
responseElements.add(responseElement);
}
@@ -137,7 +140,8 @@ public class VerifyCMSSignatureResponseBuilder {
* otherwise <code>false</code>.
* @throws MOAException
*/
- public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults)
+ public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults,
+ ExtendedCertificateCheckResult extendedCertificateCheckResult)
throws MOAException {
CertificateValidationResult certResult =
@@ -177,7 +181,8 @@ public class VerifyCMSSignatureResponseBuilder {
signerInfo,
signatureCheck,
certificateCheck,
- adesResults);
+ adesResults,
+ extendedCertificateCheckResult);
responseElements.add(responseElement);
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index a6e8971..7bd7c27 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -42,6 +42,7 @@ import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.api.common.InputData;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl;
@@ -101,7 +102,7 @@ public class VerifyXMLSignatureResponseBuilder {
/** The result of the certificate check. */
private CheckResult certificateCheck;
private List adesFormResults = null;
-
+ private ExtendedCertificateCheckResult extCheckResult = null;
/**
* Get the <code>VerifyMLSignatureResponse</code> built so far.
*
@@ -116,7 +117,12 @@ public class VerifyXMLSignatureResponseBuilder {
signatureManifestCheck,
xmlDsigManifestChecks,
certificateCheck,
- adesFormResults);
+ adesFormResults,
+ extCheckResult);
+ }
+
+ public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extCheckResult) {
+ this.extCheckResult = extCheckResult;
}
public void setAdESFormResults(List adesForm) {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 5d7b852..c3ebda4 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -37,6 +37,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.xml.ws.soap.AddressingFeature.Responses;
+
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -45,6 +47,7 @@ import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
@@ -235,14 +238,11 @@ public class XMLSignatureVerificationInvoker {
throw moaException;
}
+ ExtendedCertificateCheckResult extCheckResult;
if(result != null) {
- List adesResults = null;//getAdESResult(result.getFormVerificationResult());
+ List adesResults = null;//
- try {
- adesResults = getAdESResult(result);
- } catch (ConfigurationException e) {
- Logger.warn("Failed to provide extended validation results", e);
- }
+ adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult());
if (adesResults != null) {
Iterator adesIterator = adesResults.iterator();
@@ -252,6 +252,19 @@ public class XMLSignatureVerificationInvoker {
}
responseBuilder.setAdESFormResults(adesResults);
+
+ try {
+ //Logger.info("Extended Validation Report: " + result.getName());
+ Logger.info("Extended Validation Code: " + result.getResultCode().toString());
+ Logger.info("Extended Validation Info: " + result.getInfo());
+
+ extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode());
+ responseBuilder.setExtendedCertificateCheckResult(extCheckResult);
+ } catch (ConfigurationException e) {
+ Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e);
+ } catch (NullPointerException e) {
+ Logger.info("No extendend validation result available.");
+ }
}
// QC/SSCD check
List list = plainResult.getCertificateValidationResult().getCertificateChain();
@@ -313,11 +326,13 @@ public class XMLSignatureVerificationInvoker {
* <code>trustProfile</code> cannot be read from the file
* system.
*/
- private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
+ private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result,
+ TrustProfile trustProfile)
throws MOAException {
MessageProvider msg = MessageProvider.getInstance();
int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
+
if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) {
X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult()
.getCertificateChain().get(0);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 04:34:44 +0000