aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-02-07 12:47:00 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-02-07 12:47:00 +0100
commit9868b02903f950566206ee736bf5e9edbeeac5f3 (patch)
tree6dbdb09bcfb7d3391655e86299a90136e6ac4b09 /moaSig/moa-sig-lib/src/main
parent76f142e223efb9d7e449aaeaed4e3a25881d5d49 (diff)
downloadmoa-sig-9868b02903f950566206ee736bf5e9edbeeac5f3.tar.gz
moa-sig-9868b02903f950566206ee736bf5e9edbeeac5f3.tar.bz2
moa-sig-9868b02903f950566206ee736bf5e9edbeeac5f3.zip
add additional PAdES verification information
and some more small updates
Diffstat (limited to 'moaSig/moa-sig-lib/src/main')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java6
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java4
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java23
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java32
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java19
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java49
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java2
9 files changed, 118 insertions, 27 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 36d5461..d7cd10c 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -566,7 +566,7 @@ public abstract class SPSSFactory {
* Create a new <code>VerifyCMSSignatureResponseElement</code> object.
*
* @param signerInfo Information about the signer certificate.
- * @param signatureCheck Result of the singature value check.
+ * @param signatureCheck Result of the signature value check.
* @param certificateCheck Result of the certificate status check.
* @return The new <code>VerifyCMSSignatureResponseElement</code> containing
* the above data.
@@ -581,7 +581,9 @@ public abstract class SPSSFactory {
CheckResult certificateCheck,
List adesResult,
ExtendedCertificateCheckResult extendedCertificateCheckResult,
- String usedAlgorithm);
+ String usedAlgorithm,
+ Boolean coversFullDocument,
+ int[] byteRangeOfSignature);
//
// Factory methods for verifying XML signatures
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
index 38106e7..ec540bf 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
@@ -69,4 +69,8 @@ public interface VerifyCMSSignatureResponseElement {
public ExtendedCertificateCheckResult getExtendedCertificateCheck();
public String getSignatureAlgorithm();
+
+ public Boolean getCoversFullDocument();
+
+ public int[] getByteRangeOfSignature();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index d743f16..2525a2f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -283,7 +283,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(SignerInfo signerInfo,
CheckResult signatureCheck, CheckResult certificateCheck, List adesResult,
- ExtendedCertificateCheckResult extendedCertificateCheckResult, String usedAlgorithm) {
+ ExtendedCertificateCheckResult extendedCertificateCheckResult, String usedAlgorithm, Boolean coversFullDocument,
+ int[] byteRangeOfSignature) {
VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl();
verifyCMSSignatureResponseElement.setSignerInfo(signerInfo);
verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck);
@@ -291,6 +292,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
verifyCMSSignatureResponseElement.setAdESFormResults(adesResult);
verifyCMSSignatureResponseElement.setExtendedCertificateCheck(extendedCertificateCheckResult);
verifyCMSSignatureResponseElement.setSignatureAlgorithm(usedAlgorithm);
+ verifyCMSSignatureResponseElement.setCoversFullDocument(coversFullDocument);
+ verifyCMSSignatureResponseElement.setByteRangeOfSignature(byteRangeOfSignature);
return verifyCMSSignatureResponseElement;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
index 1d40627..3ea504b 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
@@ -53,6 +53,10 @@ public class VerifyCMSSignatureResponseElementImpl
private String usedAlgorithm = null;
+ private Boolean coversFullDocument = null;
+
+ private int[] byteRangeOfSignature = null;
+
/**
* Sets a SignerInfo element according to CMS.
*
@@ -117,6 +121,25 @@ public class VerifyCMSSignatureResponseElementImpl
public void setSignatureAlgorithm(String usedAlgorithm) {
this.usedAlgorithm = usedAlgorithm;
}
+
+ @Override
+ public Boolean getCoversFullDocument() {
+ return coversFullDocument;
+ }
+
+ public void setCoversFullDocument(Boolean coversFullDocument) {
+ this.coversFullDocument = coversFullDocument;
+ }
+
+ @Override
+ public int[] getByteRangeOfSignature() {
+ return byteRangeOfSignature;
+ }
+
+ public void setByteRangeOfSignature(int[] byteRangeOfSignature) {
+ this.byteRangeOfSignature = byteRangeOfSignature;
+ }
+
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index a21e693..a7113fd 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -38,6 +38,7 @@ import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.apache.commons.lang3.StringUtils;
import org.w3c.dom.DOMImplementation;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -399,6 +400,37 @@ public class ResponseBuilderUtils {
}
}
+ public static void addSignatureCoversFullPDF(Document response,
+ Element root,
+ Boolean coversFull) {
+ if( coversFull != null) {
+ Element extElem = response.createElementNS(MOA_NS_URI, "SignatureCoversFullPDF");
+ extElem.appendChild(response.createTextNode(String.valueOf(coversFull)));
+ root.appendChild(extElem);
+ }
+ }
+
+ public static void addSignatureByteRange(Document response,
+ Element root,
+ int[] byteRange) {
+ if(byteRange != null) {
+ String byteRangeTextual = StringUtils.EMPTY;
+ for (int el : byteRange)
+ byteRangeTextual += "," + String.valueOf(el);
+
+ Element extElem = response.createElementNS(MOA_NS_URI, "SignatureByteRange");
+ extElem.appendChild(response.createTextNode(byteRangeTextual.substring(1)));
+ root.appendChild(extElem);
+ }
+ }
+
+ public static Element createAndAddChildElement(Document response, Element root, String name) {
+ Element element = response.createElementNS(MOA_NS_URI, name);
+ root.appendChild(element);
+ return element;
+
+ }
+
public static void addHashAlgorithm(Document response,
Element root,
String algorithm) {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
index 8b10191..499f514 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
@@ -129,11 +129,9 @@ public class VerifyPDFSignatureResponseBuilder {
}
-
ResponseBuilderUtils.addSignatureAlgorithm(responseDoc,
- responseElem,
- responseElement.getSignatureAlgorithm());
-
+ responseElem,
+ responseElement.getSignatureAlgorithm());
ResponseBuilderUtils.addCodeInfoElement(
responseDoc,
@@ -167,6 +165,19 @@ public class VerifyPDFSignatureResponseBuilder {
ResponseBuilderUtils.addExtendendResult(responseDoc, responseElem, responseElement.getExtendedCertificateCheck());
}
+
+ //add additional PDF signature properteis
+ if (responseElement.getCoversFullDocument() != null ||
+ responseElement.getByteRangeOfSignature() != null) {
+ Element pdfSigProps = ResponseBuilderUtils.createAndAddChildElement(responseDoc, responseElem, "SignatureProperties");
+ ResponseBuilderUtils.addSignatureCoversFullPDF(responseDoc,
+ pdfSigProps,
+ responseElement.getCoversFullDocument());
+ ResponseBuilderUtils.addSignatureByteRange(responseDoc,
+ pdfSigProps,
+ responseElement.getByteRangeOfSignature());
+ }
+
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index b2c6717..74fa9ab 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -342,6 +342,8 @@ public class CMSSignatureVerificationInvoker {
PDFSignatureVerificationResult cmsResult = null;
List adesResults = null;
boolean extendedVerification = false;
+ Boolean coversFullDoc = null;
+ int[] sigByteRange = null;
ExtendedCertificateCheckResult extCheckResult = null;
if (resultObject instanceof ExtendedPDFSignatureVerificationResult) {
@@ -357,8 +359,7 @@ public class CMSSignatureVerificationInvoker {
Logger.debug("ADES Formresults: " + adesIterator.next().toString());
}
-
- cmsResult = result.getPDFSignatureVerificationResult();
+
try {
Logger.debug("Extended Validation Code: " + result.getResultCode().toString());
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 22bae71..2b2e2cf 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -132,23 +132,27 @@ public class VerifyCMSSignatureResponseBuilder {
certificateCheck,
adesResults,
extendedCertificateCheckResult,
- sigAlgName);
+ sigAlgName,
+ null,
+ null);
responseElements.add(responseElement);
}
- /**
- * Add a verification result to the response.
- *
- * @param result The result to add.
- * @param trustprofile The actual trustprofile
- * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the
- * certificate as qualified, otherwise <code>false</code>.
- * @param checkSSCD <code>true</code>, if the TSL check verifies the
- * signature based on a SSDC, otherwise <code>false</code>.
- * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL,
- * otherwise <code>false</code>.
- * @throws MOAException
- */
+/**
+ *
+ * @param result
+ * @param trustProfile
+ * @param checkQC
+ * @param qcSourceTSL
+ * @param checkSSCD
+ * @param sscdSourceTSL
+ * @param issuerCountryCode
+ * @param adesResults
+ * @param extendedCertificateCheckResult
+ * @param tslInfos
+ * @param extendedVerification
+ * @throws MOAException
+ */
public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults,
ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification)
throws MOAException {
@@ -167,10 +171,17 @@ public class VerifyCMSSignatureResponseBuilder {
//add signature algorithm name in case of extended validation
String sigAlgName = null;
- if (extendedVerification)
- sigAlgName = result.getSignatureAlgorithmName();
-
+ Boolean coversFullDoc = null;
+ int[] sigByteRange = null;
+ if (extendedVerification) {
+ sigAlgName = result.getSignatureAlgorithmName();
+ coversFullDoc = result.byteRangeCoversWholeDocument();
+ sigByteRange = result.getByteRange();
+
+ }
+
+
//set code 99 if not certcheckresult exists
int certificateCheckCode = 99;
if (certResult != null) {
@@ -205,7 +216,9 @@ public class VerifyCMSSignatureResponseBuilder {
certificateCheck,
adesResults,
extendedCertificateCheckResult,
- sigAlgName);
+ sigAlgName,
+ coversFullDoc,
+ sigByteRange);
responseElements.add(responseElement);
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
index 5060672..738801c 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
@@ -108,6 +108,8 @@ public class AdESResultUtils {
minorInfo = "UNKNOWN_COMMITMENT_TYPE";
} else if (resultCode.getCode().equals(ResultCode.SUCCESS)) {
minorInfo = "SUCCESS";
+ } else if (resultCode.getCode().equals(ResultCode.ERROR)) {
+ minorInfo = "ERROR";
} else if (resultCode.getCode().equals(ResultCode.UNKNOWN_SUBFILTER)) {
minorInfo = "UNKNOWN_SUBFILTER";