aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2015-11-05 14:01:45 +0100
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2015-11-05 14:01:45 +0100
commit6c09d652d6317d1514924518c3186470498247a9 (patch)
tree02347bacaf505431c03cda6accc1316307bc3729 /moaSig/moa-sig-lib/src/main
parent0872d2d8a64fd701776b272f49222428d8def07f (diff)
downloadmoa-sig-6c09d652d6317d1514924518c3186470498247a9.tar.gz
moa-sig-6c09d652d6317d1514924518c3186470498247a9.tar.bz2
moa-sig-6c09d652d6317d1514924518c3186470498247a9.zip
PDF-AS integration, AdES Form validation results from IAIK-MOA, for XAdES
Diffstat (limited to 'moaSig/moa-sig-lib/src/main')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java3
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java42
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java266
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java33
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java17
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java7
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java8
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java1288
13 files changed, 914 insertions, 770 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 4c57b13..b725422 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -797,7 +797,8 @@ public abstract class SPSSFactory {
ReferencesCheckResult signatureCheck,
ReferencesCheckResult signatureManifestCheck,
List xmlDsigManifestChecks,
- CheckResult certificateCheck);
+ CheckResult certificateCheck,
+ List adesFormResults);
/**
* Create a new <code>ReferencesCheckResult</code> object.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java
new file mode 100644
index 0000000..c186c54
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
+
+public class AdESFormResultsImpl implements AdESFormResults {
+
+ private Integer code;
+ private String info;
+ private String name;
+
+ public synchronized void setCode(Integer code) {
+ this.code = code;
+ }
+
+ public synchronized void setInfo(String info) {
+ this.info = info;
+ }
+
+ public synchronized void setName(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public Integer getCode() {
+ return this.code;
+ }
+
+ @Override
+ public String getInfo() {
+ return this.info;
+ }
+
+ @Override
+ public String getName() {
+ return this.name;
+ }
+
+ @Override
+ public String toString() {
+ return "AdESFormResultsImpl [code=" + code + ", info=" + info + ", name=" + name + "]";
+ }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index ac3d4c9..8a46219 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -453,7 +453,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
ReferencesCheckResult signatureCheck,
ReferencesCheckResult signatureManifestCheck,
List xmlDsigManifestChecks,
- CheckResult certificateCheck) {
+ CheckResult certificateCheck,
+ List adesFormResults) {
VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse =
new VerifyXMLSignatureResponseImpl();
verifyXMLSignatureResponse.setSignerInfo(signerInfo);
@@ -464,7 +465,7 @@ public class SPSSFactoryImpl extends SPSSFactory {
signatureManifestCheck);
verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
verifyXMLSignatureResponse.setCertificateCheck(certificateCheck);
-
+ verifyXMLSignatureResponse.setAdESFormResults(adesFormResults);
return verifyXMLSignatureResponse;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
index 46fd517..bfee774 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -21,7 +21,6 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.spss.api.impl;
import java.util.ArrayList;
@@ -37,130 +36,145 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
* @author Fatemeh Philippi
* @version $Id$
*/
-public class VerifyXMLSignatureResponseImpl
- implements VerifyXMLSignatureResponse {
-
- /** Information about the signer certificate. */
- private SignerInfo signerInfo;
-
- /**
- * The hash input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
- * */
- private List hashInputDatas = new ArrayList();
-
- /**
- * The reference input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
- * */
- private List referenceInputDatas = new ArrayList();
-
- /** Information about the signature check. */
- private ReferencesCheckResult signatureCheck;
- /** Information about the signature manifest check. */
- private ReferencesCheckResult signatureManifestCheck;
- /** Information about the XMLDsig manifest check. */
- private List xmlDsigManifestChecks = new ArrayList();
- /** Information about the certificate check. */
- private CheckResult certificateCheck;
-
- /**
- * Sets information about the signer certificate.
- *
- * @param signerInfo Information about the signer certificate.
- */
- public void setSignerInfo(SignerInfo signerInfo) {
- this.signerInfo = signerInfo;
- }
-
- public SignerInfo getSignerInfo() {
- return signerInfo;
- }
-
- /**
- * Sets data signed by the signatory.
- *
- * @param hashInputDatas The signed datas.
- */
- public void setHashInputDatas(List hashInputDatas) {
- this.hashInputDatas =
- hashInputDatas != null
- ? Collections.unmodifiableList(new ArrayList(hashInputDatas))
- : null;
- }
-
- public List getHashInputDatas() {
- return hashInputDatas;
- }
-
- /**
- * Sets the source data elements.
- *
- * @param referenceInputDatas The source data elements.
- */
- public void setReferenceInputDatas(List referenceInputDatas) {
- this.referenceInputDatas =
- referenceInputDatas != null
- ? Collections.unmodifiableList(new ArrayList(referenceInputDatas))
- : null;
- }
-
- public List getReferenceInputDatas() {
- return referenceInputDatas;
- }
-
- /**
- * Sets the result of the signature verification.
- *
- * @param signatureCheck The result of the signature verification.
- */
- public void setSignatureCheck(ReferencesCheckResult signatureCheck) {
- this.signatureCheck = signatureCheck;
- }
-
- public ReferencesCheckResult getSignatureCheck() {
- return signatureCheck;
- }
-
- /**
- * Sets the result of the signature manifest verification.
- *
- * @param signatureManifestCheck The result of the signature manifest verification.
- */
- public void setSignatureManifestCheck(ReferencesCheckResult signatureManifestCheck) {
- this.signatureManifestCheck = signatureManifestCheck;
- }
-
- public ReferencesCheckResult getSignatureManifestCheck() {
- return signatureManifestCheck;
- }
-
- /**
- * Sets the result of the certification verification.
- *
- * @param certificateCheck The result of the certificate verification.
- */
- public void setCertificateCheck(CheckResult certificateCheck) {
- this.certificateCheck = certificateCheck;
- }
-
- public CheckResult getCertificateCheck() {
- return certificateCheck;
- }
-
-
- /**
- * Sets the XMLDSigManifestChecks.
- *
- * @param xmlDsigManifestChecks The XMLDSigManifestChecks.
- */
- public void setXMLDsigManifestChecks(List xmlDsigManifestChecks) {
- this.xmlDsigManifestChecks =
- xmlDsigManifestChecks != null
- ? Collections.unmodifiableList(new ArrayList(xmlDsigManifestChecks))
- : null;
- }
-
- public List getXMLDsigManifestChecks() {
- return xmlDsigManifestChecks;
- }
+public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureResponse {
+
+ /** Information about the signer certificate. */
+ private SignerInfo signerInfo;
+
+ /**
+ * The hash input data objects. The list consists of
+ * {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
+ */
+ private List hashInputDatas = new ArrayList();
+
+ /**
+ * The reference input data objects. The list consists of
+ * {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
+ */
+ private List referenceInputDatas = new ArrayList();
+
+ /**
+ * The list of form validation results
+ */
+ private List adesFormResults = new ArrayList();
+
+ /** Information about the signature check. */
+ private ReferencesCheckResult signatureCheck;
+ /** Information about the signature manifest check. */
+ private ReferencesCheckResult signatureManifestCheck;
+ /** Information about the XMLDsig manifest check. */
+ private List xmlDsigManifestChecks = new ArrayList();
+ /** Information about the certificate check. */
+ private CheckResult certificateCheck;
+
+ /**
+ * Sets information about the signer certificate.
+ *
+ * @param signerInfo
+ * Information about the signer certificate.
+ */
+ public void setSignerInfo(SignerInfo signerInfo) {
+ this.signerInfo = signerInfo;
+ }
+
+ public SignerInfo getSignerInfo() {
+ return signerInfo;
+ }
+
+ /**
+ * Sets data signed by the signatory.
+ *
+ * @param hashInputDatas
+ * The signed datas.
+ */
+ public void setHashInputDatas(List hashInputDatas) {
+ this.hashInputDatas = hashInputDatas != null ? Collections.unmodifiableList(new ArrayList(hashInputDatas))
+ : null;
+ }
+
+ public List getHashInputDatas() {
+ return hashInputDatas;
+ }
+
+ /**
+ * Sets the source data elements.
+ *
+ * @param referenceInputDatas
+ * The source data elements.
+ */
+ public void setReferenceInputDatas(List referenceInputDatas) {
+ this.referenceInputDatas = referenceInputDatas != null
+ ? Collections.unmodifiableList(new ArrayList(referenceInputDatas)) : null;
+ }
+
+ public List getReferenceInputDatas() {
+ return referenceInputDatas;
+ }
+
+ /**
+ * Sets the result of the signature verification.
+ *
+ * @param signatureCheck
+ * The result of the signature verification.
+ */
+ public void setSignatureCheck(ReferencesCheckResult signatureCheck) {
+ this.signatureCheck = signatureCheck;
+ }
+
+ public ReferencesCheckResult getSignatureCheck() {
+ return signatureCheck;
+ }
+
+ /**
+ * Sets the result of the signature manifest verification.
+ *
+ * @param signatureManifestCheck
+ * The result of the signature manifest verification.
+ */
+ public void setSignatureManifestCheck(ReferencesCheckResult signatureManifestCheck) {
+ this.signatureManifestCheck = signatureManifestCheck;
+ }
+
+ public ReferencesCheckResult getSignatureManifestCheck() {
+ return signatureManifestCheck;
+ }
+
+ /**
+ * Sets the result of the certification verification.
+ *
+ * @param certificateCheck
+ * The result of the certificate verification.
+ */
+ public void setCertificateCheck(CheckResult certificateCheck) {
+ this.certificateCheck = certificateCheck;
+ }
+
+ public CheckResult getCertificateCheck() {
+ return certificateCheck;
+ }
+
+ /**
+ * Sets the XMLDSigManifestChecks.
+ *
+ * @param xmlDsigManifestChecks
+ * The XMLDSigManifestChecks.
+ */
+ public void setXMLDsigManifestChecks(List xmlDsigManifestChecks) {
+ this.xmlDsigManifestChecks = xmlDsigManifestChecks != null
+ ? Collections.unmodifiableList(new ArrayList(xmlDsigManifestChecks)) : null;
+ }
+
+ public List getXMLDsigManifestChecks() {
+ return xmlDsigManifestChecks;
+ }
+
+ public void setAdESFormResults(List adesFormResults) {
+ this.adesFormResults = adesFormResults;
+ }
+
+ @Override
+ public List getAdESFormResults() {
+ return this.adesFormResults;
+ }
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index b5ec20f..eaafe00 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -286,4 +286,37 @@ public class ResponseBuilderUtils {
root.appendChild(codeInfoElem);
}
+ /**
+ * Add an element containing <code>Code</code> and <code>Info</code>
+ * subelements.
+ *
+ * @param response The response document, in order to create new elements in
+ * it.
+ * @param root The root element into which to insert the newly created
+ * element.
+ * @param elementName The name of the newly created element.
+ * @param code The content of the <code>Code</code> subelement.
+ * @param info The content of the <code>Info</code> subelement.
+ */
+ public static void addFormCheckElement(
+ Document response,
+ Element root,
+ String elementName,
+ int code,
+ String name) {
+
+ Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+ Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+ Element infoElem;
+
+ codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+ codeInfoElem.appendChild(codeElem);
+
+ infoElem = response.createElementNS(MOA_NS_URI, "Name");
+ infoElem.appendChild(response.createTextNode(name));
+ codeInfoElem.appendChild(infoElem);
+
+ root.appendChild(codeInfoElem);
+ }
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index dd4e13a..27a42c8 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -42,6 +42,7 @@ import at.gv.egovernment.moa.spss.api.common.Content;
import at.gv.egovernment.moa.spss.api.common.ContentBinary;
import at.gv.egovernment.moa.spss.api.common.ContentXML;
import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
@@ -150,6 +151,22 @@ public class VerifyXMLSignatureResponseBuilder {
response.getCertificateCheck().getInfo());
+ if(response.getAdESFormResults() != null) {
+
+ Iterator formIterator = response.getAdESFormResults().iterator();
+
+ while(formIterator.hasNext()) {
+ AdESFormResults adESFormResult = (AdESFormResults)formIterator.next();
+ // add the CertificateCheck
+ ResponseBuilderUtils.addFormCheckElement(
+ responseDoc,
+ responseElem,
+ "FormCheckResult",
+ adESFormResult.getCode().intValue(),
+ adESFormResult.getName());
+
+ }
+ }
return responseDoc;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java
new file mode 100644
index 0000000..e12c39b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+public interface AdESFormResults {
+ public Integer getCode();
+ public String getInfo();
+ public String getName();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
index d107dc9..63c496a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -81,7 +81,14 @@ public interface VerifyXMLSignatureResponse {
*/
public CheckResult getCertificateCheck();
-
+ /**
+ * Gets AdES Form results
+ *
+ * This might be null!
+ *
+ * @return The result of the AdES Form validation
+ */
+ public List getAdESFormResults();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index af67d30..cb840ae 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -102,7 +102,7 @@ public class ConfigurationPartsBuilder {
private static final String ROOT = "/" + CONF + "MOAConfiguration/";
private static final String PDFAS_CONFIGURATION_XPATH =
- ROOT + CONF + "PDFASConfig";
+ ROOT + CONF + "Common/" + CONF + "PDFASConfig";
private static final String DIGEST_METHOD_XPATH =
ROOT + CONF + "SignatureCreation/"
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
index f4c9126..0ad3d79 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -172,6 +172,6 @@ public class XMLSignatureVerificationProfileImpl
@Override
public String getTargetLevel() {
- return XMLSignatureVerificationProfile.LEVEL_B;
+ return XMLSignatureVerificationProfile.LEVEL_LTA;
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index f2663cf..37569c5 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -78,7 +78,7 @@ public class SystemInitializer {
private static void runInitializer(ConfigurationProvider configurationProvider) {
Iterator<ExternalInitializer> initializerIterator = initializerServices.iterator();
-
+ logger.info("Running external initializers");
while(initializerIterator.hasNext()) {
ExternalInitializer externalInitializer = initializerIterator.next();
externalInitializer.initialize(configurationProvider);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 9021785..7bcf723 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -100,6 +100,7 @@ public class VerifyXMLSignatureResponseBuilder {
private List xmlDsigManifestChecks;
/** The result of the certificate check. */
private CheckResult certificateCheck;
+ private List adesFormResults = null;
/**
* Get the <code>VerifyMLSignatureResponse</code> built so far.
@@ -114,7 +115,12 @@ public class VerifyXMLSignatureResponseBuilder {
signatureCheck,
signatureManifestCheck,
xmlDsigManifestChecks,
- certificateCheck);
+ certificateCheck,
+ adesFormResults);
+ }
+
+ public void setAdESFormResults(List adesForm) {
+ this.adesFormResults = adesForm;
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 2b158dd..c09740c 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -21,26 +21,8 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.spss.server.invoke;
-import iaik.xml.crypto.utils.URI;
-import iaik.xml.crypto.utils.URIException;
-import iaik.server.modules.IAIKException;
-import iaik.server.modules.IAIKRuntimeException;
-import iaik.server.modules.xml.DataObject;
-import iaik.server.modules.xml.XMLDataObject;
-import iaik.server.modules.xml.XMLSignature;
-import iaik.server.modules.xmlsign.XMLConstants;
-import iaik.server.modules.xmlverify.DsigManifest;
-import iaik.server.modules.xmlverify.ReferenceData;
-import iaik.server.modules.xmlverify.SecurityLayerManifest;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
-import iaik.x509.X509Certificate;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -68,6 +50,7 @@ import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
@@ -90,12 +73,32 @@ import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.spss.util.QCSSCDResult;
import at.gv.egovernment.moa.util.CollectionUtils;
import at.gv.egovernment.moa.util.Constants;
+import iaik.server.modules.AdESFormVerificationResult;
+import iaik.server.modules.AdESVerificationResult;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.SignatureVerificationProfile;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLSignature;
+import iaik.server.modules.xmlsign.XMLConstants;
+import iaik.server.modules.xmlverify.DsigManifest;
+import iaik.server.modules.xmlverify.ExtendedXMLSignatureVerificationResult;
+import iaik.server.modules.xmlverify.ReferenceData;
+import iaik.server.modules.xmlverify.SecurityLayerManifest;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
/**
* A class providing a DOM based interface to the
* <code>XMLSignatureVerificationModule</code>.
*
- * This class performs the invocation of the
+ * This class performs the invocation of the
* <code>iaik.server.modules.xmlverify.XMLSignatureVerificationModule</code>
* from a <code>VerifyXMLSignatureRequest</code> given as a DOM element. The
* result of the invocation is integrated into a
@@ -106,622 +109,635 @@ import at.gv.egovernment.moa.util.Constants;
*/
public class XMLSignatureVerificationInvoker {
- /** The single instance of this class. */
- private static XMLSignatureVerificationInvoker instance = null;
-
- private static Set FILTERED_REF_TYPES;
-
- static {
- FILTERED_REF_TYPES = new HashSet();
- FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
- FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
- FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
- FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
- FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
- }
-
- /**
- * Get the single instance of this class.
- *
- * @return The single instance of this class.
- */
- public static synchronized XMLSignatureVerificationInvoker getInstance() {
- if (instance == null) {
- instance = new XMLSignatureVerificationInvoker();
- }
- return instance;
- }
-
- /**
- * Create a new <code>XMLSignatureCreationInvoker</code>.
- *
- * Protected to disallow multiple instances.
- */
- protected XMLSignatureVerificationInvoker() {
- }
-
- /**
- * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
- * <code>XMLSignatureVerificationModule</code>.
- *
- * @param request A <code>VerifyXMLSignatureRequest<code> API object
- * containing the data for verifying an XML signature.
- * @return A <code>VerifyXMLSignatureResponse</code> containing the
- * answert to the <code>VerifyXMLSignatureRequest</code>.
- * MOA schema definition.
- * @throws MOAException An error occurred during signature verification.
- */
- public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
- throws MOAException {
-
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- LoggingContext loggingCtx =
- LoggingContextManager.getInstance().getLoggingContext();
- XMLSignatureVerificationProfileFactory profileFactory =
- new XMLSignatureVerificationProfileFactory(request);
- VerifyXMLSignatureResponseBuilder responseBuilder =
- new VerifyXMLSignatureResponseBuilder();
- XMLSignatureVerificationResult result;
- XMLSignatureVerificationProfile profile;
- ReferencesCheckResult signatureManifestCheck;
- DataObjectFactory dataObjFactory;
- XMLDataObject signatureEnvironment;
- Node signatureEnvironmentParent = null;
- Element requestElement = null;
- XMLSignature xmlSignature;
- Date signingTime;
- List supplements;
- List dataObjectList;
-
- // get the supplements
- supplements = getSupplements(request);
-
- // build XMLSignature
- dataObjFactory = DataObjectFactory.getInstance();
- signatureEnvironment =
- dataObjFactory.createSignatureEnvironment(
- request.getSignatureInfo().getVerifySignatureEnvironment(),
- supplements);
- xmlSignature = buildXMLSignature(signatureEnvironment, request);
-
- // build the list of DataObjects
- dataObjectList = buildDataObjectList(supplements);
-
- // build profile
- profile = profileFactory.createProfile();
-
- // get the signingTime
- signingTime = request.getDateTime();
-
- // make the signature environment the root of the document, if it is not a
- // separate document anyway; this is done to assure that canonicalization
- // of the signature environment contains the correct namespace declarations
- requestElement =
- signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
- if (requestElement != signatureEnvironment.getElement()) {
- signatureEnvironmentParent =
- signatureEnvironment.getElement().getParentNode();
- requestElement.getOwnerDocument().replaceChild(
- signatureEnvironment.getElement(),
- requestElement);
- }
-
- QCSSCDResult qcsscdresult = new QCSSCDResult();
- String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- TrustProfile tp = config.getTrustProfile(tpID);
-
- // verify the signature
- try {
- XMLSignatureVerificationModule module =
- XMLSignatureVerificationModuleFactory.getInstance();
-
- module.setLog(new IaikLog(loggingCtx.getNodeID()));
-
- result =
- module.verifySignature(
- xmlSignature,
- dataObjectList,
- profile,
- signingTime,
- new TransactionId(context.getTransactionID()));
- } catch (IAIKException e) {
- MOAException moaException = IaikExceptionMapper.getInstance().map(e);
- throw moaException;
- } catch (IAIKRuntimeException e) {
- MOAException moaException = IaikExceptionMapper.getInstance().map(e);
- throw moaException;
- }
-
-
- // QC/SSCD check
- List list = result.getCertificateValidationResult().getCertificateChain();
- if (list != null) {
- X509Certificate[] chain = new X509Certificate[list.size()];
-
- Iterator it = list.iterator();
- int i = 0;
- while(it.hasNext()) {
- chain[i] = (X509Certificate)it.next();
- i++;
- }
-
- qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
- }
-
-
- // get signer certificate issuer country code
- String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
-
- // swap back in the request as root document
- if (requestElement != signatureEnvironment.getElement()) {
- requestElement.getOwnerDocument().replaceChild(
- requestElement,
- signatureEnvironment.getElement());
- signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
- }
-
- // check the result
- signatureManifestCheck =
- validateSignatureManifest(request, result, profile);
-
- // Check if signer certificate is in trust profile's allowed signer certificates pool
- TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
- CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
-
-
- // build the response
- responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
- return responseBuilder.getResponse();
- }
-
- /**
- * Checks if the signer certificate matches one of the allowed signer certificates specified
- * in the provided <code>trustProfile</code>.
- *
- * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
- *
- * @param trustProfile The trust profile the signer certificate is validated against.
- *
- * @return The overal result of the certificate validation for the signer certificate.
- *
- * @throws MOAException if one of the signer certificates specified in the <code>trustProfile</code>
- * cannot be read from the file system.
- */
- private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
- throws MOAException
- {
- MessageProvider msg = MessageProvider.getInstance();
-
- int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
- if (resultCode == 0 && trustProfile.getSignerCertsUri() != null)
- {
- X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult().getCertificateChain().get(0);
-
- File signerCertsDir = null;
- try
- {
- signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
- }
- catch (URIException e)
- {
- throw new MOASystemException("2900", null, e); // Should not happen, already checked at loading the MOA configuration
- }
-
- File[] files = signerCertsDir.listFiles();
- if (files == null) resultCode = 1;
- int i;
- for (i = 0; i < files.length; i++)
- {
- if (!files[i].isDirectory())
- {
- FileInputStream currentFIS = null;
- try
- {
- currentFIS = new FileInputStream(files[i]);
- }
- catch (FileNotFoundException e) {
- throw new MOASystemException("2900", null, e);
- }
-
- try
- {
- X509Certificate currentCert = new X509Certificate(currentFIS);
- currentFIS.close();
- if (currentCert.equals(signerCertificate)) break;
- }
- catch (Exception e)
- {
- // Simply ignore file if it cannot be interpreted as certificate
- String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()});
- Logger.warn(logMsg);
- try
- {
- currentFIS.close();
- }
- catch (IOException e1) {
- // If clean-up fails, do nothing
- }
- }
- }
- }
- if (i >= files.length)
- {
- resultCode = 1; // No signer certificate from the trustprofile pool matches the actual signer certificate
- }
- }
-
- SPSSFactory factory = SPSSFactory.getInstance();
- return factory.createCheckResult(resultCode, null);
- }
-
-
-
- /**
- * Select the <code>dsig:Signature</code> DOM element within the signature
- * environment.
- *
- * @param signatureEnvironment The signature environment containing the
- * <code>dsig:Signature</code>.
- * @param request The <code>VerifyXMLSignatureRequest</code> containing the
- * signature environment.
- * @return The <code>dsig:Signature</code> element wrapped in a
- * <code>XMLSignature</code> object.
- * @throws MOAApplicationException An error occurred locating the
- * <code>dsig:Signature</code>.
- */
- private XMLSignature buildXMLSignature(
- XMLDataObject signatureEnvironment,
- VerifyXMLSignatureRequest request)
- throws MOAApplicationException {
-
- VerifySignatureLocation signatureLocation =
- request.getSignatureInfo().getVerifySignatureLocation();
- Element signatureParent;
-
- // evaluate the VerifySignatureLocation to get the signature parent
- signatureParent =
- InvokerUtils.evaluateSignatureLocation(
- signatureEnvironment.getElement(),
- signatureLocation);
-
- // check for signatureParent to be a dsig:Signature element
- if (!"Signature".equals(signatureParent.getLocalName())
- || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
- throw new MOAApplicationException("2266", null);
- }
-
- return new XMLSignatureImpl(signatureParent);
- }
-
- /**
- * Build the supplemental data objects contained in the
- * <code>VerifyXMLSignatureRequest</code>.
- *
- * @param supplements A <code>List</code> of
- * <code>XMLDataObjectAssociation</code>s containing the supplement data.
- * @return A <code>List</code> of <code>DataObject</code>s representing the
- * supplemental data objects.
- * @throws MOASystemException A system error occurred building one of the data
- * objects.
- * @throws MOAApplicationException An error occurred building one of the data
- * objects.
- */
- private List buildDataObjectList(List supplements)
- throws MOASystemException, MOAApplicationException {
- List dataObjectList = new ArrayList();
-
- DataObjectFactory factory = DataObjectFactory.getInstance();
- DataObject dataObject;
- Iterator iter;
-
- if (supplements != null) {
- for (iter = supplements.iterator(); iter.hasNext();) {
- XMLDataObjectAssociation supplement =
- (XMLDataObjectAssociation) iter.next();
- dataObject =
- factory.createFromXmlDataObjectAssociation(supplement, true, false);
- dataObjectList.add(dataObject);
- }
- }
-
- return dataObjectList;
-
- }
-
- /**
- * Get the supplemental data contained in the
- * <code>VerifyXMLSignatureRequest</code>.
- *
- * @param request The <code>VerifyXMLSignatureRequest</code> containing the
- * supplemental data.
- * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>
- * objects containing the supplemental data.
- * @throws MOAApplicationException An error occurred resolving one of the
- * supplement profiles.
- */
- private List getSupplements(VerifyXMLSignatureRequest request)
- throws MOAApplicationException {
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- ConfigurationProvider config = context.getConfiguration();
- List supplementProfiles = request.getSupplementProfiles();
-
- List supplements = new ArrayList();
-
- if (supplementProfiles != null) {
-
- List mappedProfiles =
- ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
- Iterator iter;
-
- for (iter = mappedProfiles.iterator(); iter.hasNext();) {
- SupplementProfileExplicit profile =
- (SupplementProfileExplicit) iter.next();
- supplements.add(profile.getSupplementProfile());
- }
-
- }
- return supplements;
- }
-
- /**
- * Perform additional validations of the
- * <code>XMLSignatureVerificationResult</code>.
- *
- * <p> In particular, it is verified that:
- * <ul>
- * <li>Each <code>ReferenceData</code> object contains transformation
- * chain that matches one of the <code>Transforms</code> given in the
- * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code></li>
- * <li>The hash values of the <code>TransformParameter</code>s are valid.
- * </li>
- * </ul>
- * </p>
- *
- * @param request The <code>VerifyXMLSignatureRequest</code> containing the
- * signature to verify.
- * @param result The result produced by
- * <code>XMLSignatureVerificationModule</code>.
- * @param profile The profile used for validating the <code>request</code>.
- * @return The result of additional validations of the signature manifest.
- * @throws MOAApplicationException Post-validation of the
- * <code>XMLSignatureVerificaitonResult</code> failed.
- */
- private ReferencesCheckResult validateSignatureManifest(
- VerifyXMLSignatureRequest request,
- XMLSignatureVerificationResult result,
- XMLSignatureVerificationProfile profile)
- throws MOAApplicationException {
-
- SPSSFactory factory = SPSSFactory.getInstance();
- MessageProvider msg = MessageProvider.getInstance();
-
- // validate that each ReferenceData object contains transforms specified
- // in the corresponding SignatureManifestCheckParams/ReferenceInfo
- if (request.getSignatureManifestCheckParams() != null) {
- List refInfos =
- request.getSignatureManifestCheckParams().getReferenceInfos();
- List refDatas = filterReferenceInfos(result.getReferenceDataList());
- List failedReferencesList = new ArrayList();
- Iterator refInfoIter;
- Iterator refDataIter;
-
- if (refInfos.size() != refDatas.size()) {
- return factory.createReferencesCheckResult(1, null);
- }
-
- refInfoIter = refInfos.iterator();
- refDataIter =
- filterReferenceInfos(result.getReferenceDataList()).iterator();
-
- while (refInfoIter.hasNext()) {
- ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
- ReferenceData refData = (ReferenceData) refDataIter.next();
- List transforms = buildTransformsList(refInfo);
- boolean found = false;
- Iterator trIter;
-
- for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
- found = trIter.next().equals(refData.getTransformationList());
- }
-
- if (!found) {
- Integer refIndex = new Integer(refData.getReferenceIndex());
- String logMsg =
- msg.getMessage("invoker.01", new Object[] { refIndex });
-
- failedReferencesList.add(refIndex);
- Logger.debug(new LogMsg(logMsg));
- }
- }
-
- if (!failedReferencesList.isEmpty()) {
- // at least one reference failed - return their indexes and check code 1
- int[] failedReferences =
- CollectionUtils.toIntArray(failedReferencesList);
- ReferencesCheckResultInfo checkInfo =
- factory.createReferencesCheckResultInfo(null, failedReferences);
-
- return factory.createReferencesCheckResult(1, checkInfo);
- }
- }
-
- // validate the hashes contained in all the ReferenceInfo objects of the
- // security layer manifest
- if (request.getSignatureManifestCheckParams() != null
- && result.containsSecurityLayerManifest()) {
- Map hashValues = buildTransformParameterHashValues(request);
- Set transformParameterURIs =
- buildTransformParameterURIs(profile.getTransformationSupplements());
- List referenceInfoList =
- result.getSecurityLayerManifest().getReferenceDataList();
- Iterator refIter;
-
- for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
- iaik.server.modules.xmlverify.ReferenceInfo ref =
- (iaik.server.modules.xmlverify.ReferenceInfo) refIter.next();
- byte[] hash = (byte[]) hashValues.get(ref.getURI());
-
- if (!transformParameterURIs.contains(ref.getURI())
- || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
-
- // the transform parameter doesn't exist or the hashs do not match
- // return the index of the failed reference and check code 1
- int[] failedReferences = new int[] { ref.getReferenceIndex()};
- ReferencesCheckResultInfo checkInfo =
- factory.createReferencesCheckResultInfo(null, failedReferences);
- String logMsg =
- msg.getMessage(
- "invoker.02",
- new Object[] { new Integer(ref.getReferenceIndex())});
-
- Logger.debug(new LogMsg(logMsg));
-
- return factory.createReferencesCheckResult(1, checkInfo);
- }
- }
- }
-
- return factory.createReferencesCheckResult(0, null);
- }
-
- /**
- * Get all <code>Transform</code>s contained in all the
- * <code>VerifyTransformsInfoProfile</code>s of the given
- * <code>ReferenceInfo</code>.
- *
- * @param refInfo The <code>ReferenceInfo</code> object containing
- * the transformations.
- * @return A <code>List</code> of <code>List</code>s. Each of the
- * <code>List</code>s contains <code>Transformation</code> objects.
- * @throws MOAApplicationException An error occurred building one of the
- * <code>Transformation</code>s.
- */
- private List buildTransformsList(ReferenceInfo refInfo)
- throws MOAApplicationException {
-
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- ConfigurationProvider config = context.getConfiguration();
- List profiles = refInfo.getVerifyTransformsInfoProfiles();
- List mappedProfiles =
- ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
- List transformsList = new ArrayList();
- TransformationFactory factory = TransformationFactory.getInstance();
- Iterator iter;
-
- for (iter = mappedProfiles.iterator(); iter.hasNext();) {
- VerifyTransformsInfoProfileExplicit profile =
- (VerifyTransformsInfoProfileExplicit) iter.next();
- List transforms = profile.getTransforms();
-
- if (transforms != null) {
- transformsList.add(factory.createTransformationList(transforms));
- }
- }
-
- return transformsList;
- }
-
- /**
- * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
- *
- * @param transformParameters The <code>List</code> of
- * <code>TransformParameter</code>s, as provided to the verification.
- * @return The <code>Set</code> of all <code>TransformParameter</code> URIs.
- */
- private Set buildTransformParameterURIs(List transformParameters) {
- Set uris = new HashSet();
- Iterator iter;
-
- for (iter = transformParameters.iterator(); iter.hasNext();) {
- DataObject transformParameter = (DataObject) iter.next();
- uris.add(transformParameter.getURI());
- }
-
- return uris;
- }
-
- /**
- * Build a mapping between <code>TransformParameter</code> URIs (a
- * <code>String</code> and <code>dsig:HashValue</code> (a
- * <code>byte[]</code>).
- *
- * @param request The <code>VerifyXMLSignatureRequest</code>.
- * @return Map The resulting mapping.
- * @throws MOAApplicationException An error occurred accessing one of
- * the profiles.
- */
- private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request)
- throws MOAApplicationException {
-
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- ConfigurationProvider config = context.getConfiguration();
- Map hashValues = new HashMap();
- List refInfos =
- request.getSignatureManifestCheckParams().getReferenceInfos();
- Iterator refIter;
-
- for (refIter = refInfos.iterator(); refIter.hasNext();) {
- ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
- List profiles = refInfo.getVerifyTransformsInfoProfiles();
- List mappedProfiles =
- ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
- Iterator prIter;
-
- for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
- VerifyTransformsInfoProfileExplicit profile =
- (VerifyTransformsInfoProfileExplicit) prIter.next();
- List trParameters = profile.getTransformParameters();
- Iterator trIter;
-
- for (trIter = trParameters.iterator(); trIter.hasNext();) {
- TransformParameter transformParameter =
- (TransformParameter) trIter.next();
- String uri = transformParameter.getURI();
-
- if (transformParameter.getTransformParameterType()
- == TransformParameter.HASH_TRANSFORMPARAMETER) {
- hashValues.put(
- uri,
- ((TransformParameterHash) transformParameter).getDigestValue());
- }
-
- }
- }
- }
- return hashValues;
- }
-
- /**
- * Filter the <code>ReferenceInfo</code>s returned by the
- * <code>VerifyXMLSignatureResult</code> for comparison with the
- * <code>ReferenceInfo</code> elements in the request.
- *
- * @param referenceInfos The <code>ReferenceInfo</code>s from the
- * <code>VerifyXMLSignatureResult</code>.
- * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type
- * is not a XMLDsig manifest, Security Layer manifest, or ETSI signed
- * property.
- */
- private List filterReferenceInfos(List referenceInfos) {
- List filtered = new ArrayList();
- Iterator iter;
-
- for (iter = referenceInfos.iterator(); iter.hasNext();) {
- iaik.server.modules.xmlverify.ReferenceInfo refInfo =
- (iaik.server.modules.xmlverify.ReferenceInfo) iter.next();
- String refType = refInfo.getReferenceType();
-
- if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
- filtered.add(refInfo);
- }
- }
-
- return filtered;
- }
+ /** The single instance of this class. */
+ private static XMLSignatureVerificationInvoker instance = null;
+
+ private static Set FILTERED_REF_TYPES;
+
+ static {
+ FILTERED_REF_TYPES = new HashSet();
+ FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
+ FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
+ FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
+ FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
+ FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
+ }
+
+ /**
+ * Get the single instance of this class.
+ *
+ * @return The single instance of this class.
+ */
+ public static synchronized XMLSignatureVerificationInvoker getInstance() {
+ if (instance == null) {
+ instance = new XMLSignatureVerificationInvoker();
+ }
+ return instance;
+ }
+
+ /**
+ * Create a new <code>XMLSignatureCreationInvoker</code>.
+ *
+ * Protected to disallow multiple instances.
+ */
+ protected XMLSignatureVerificationInvoker() {
+ }
+
+ /**
+ * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
+ * <code>XMLSignatureVerificationModule</code>.
+ *
+ * @param request
+ * A <code>VerifyXMLSignatureRequest<code> API object
+ * containing the data for verifying an XML signature.
+ * @return A <code>VerifyXMLSignatureResponse</code> containing the answert
+ * to the <code>VerifyXMLSignatureRequest</code>. MOA schema
+ * definition.
+ * @throws MOAException
+ * An error occurred during signature verification.
+ */
+ public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) throws MOAException {
+
+ TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+ LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
+ XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request);
+ VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder();
+ ExtendedXMLSignatureVerificationResult result;
+ XMLSignatureVerificationProfile profile;
+ ReferencesCheckResult signatureManifestCheck;
+ DataObjectFactory dataObjFactory;
+ XMLDataObject signatureEnvironment;
+ Node signatureEnvironmentParent = null;
+ Element requestElement = null;
+ XMLSignature xmlSignature;
+ Date signingTime;
+ List supplements;
+ List dataObjectList;
+
+ // get the supplements
+ supplements = getSupplements(request);
+
+ // build XMLSignature
+ dataObjFactory = DataObjectFactory.getInstance();
+ signatureEnvironment = dataObjFactory
+ .createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements);
+ xmlSignature = buildXMLSignature(signatureEnvironment, request);
+
+ // build the list of DataObjects
+ dataObjectList = buildDataObjectList(supplements);
+
+ // build profile
+ profile = profileFactory.createProfile();
+
+ // get the signingTime
+ signingTime = request.getDateTime();
+
+ // make the signature environment the root of the document, if it is not
+ // a
+ // separate document anyway; this is done to assure that
+ // canonicalization
+ // of the signature environment contains the correct namespace
+ // declarations
+ requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
+ if (requestElement != signatureEnvironment.getElement()) {
+ signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode();
+ requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement);
+ }
+
+ QCSSCDResult qcsscdresult = new QCSSCDResult();
+ String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ TrustProfile tp = config.getTrustProfile(tpID);
+
+ // verify the signature
+ try {
+ XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance();
+
+ module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+ result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime,
+ new TransactionId(context.getTransactionID()));
+ } catch (IAIKException e) {
+ MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+ throw moaException;
+ } catch (IAIKRuntimeException e) {
+ MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+ throw moaException;
+ }
+
+ List adesResults = getAdESResult(result.getFormVerificationResult());
+
+ if (adesResults != null) {
+ Iterator adesIterator = adesResults.iterator();
+ while (adesIterator.hasNext()) {
+ Logger.info("ADES Formresults: " + adesIterator.next().toString());
+ }
+ }
+
+ responseBuilder.setAdESFormResults(adesResults);
+
+ // QC/SSCD check
+ List list = result.getXMLSignatureVerificationResult().getCertificateValidationResult().getCertificateChain();
+ if (list != null) {
+ X509Certificate[] chain = new X509Certificate[list.size()];
+
+ Iterator it = list.iterator();
+ int i = 0;
+ while (it.hasNext()) {
+ chain[i] = (X509Certificate) it.next();
+ i++;
+ }
+
+ qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
+ }
+
+ // get signer certificate issuer country code
+ String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
+
+ // swap back in the request as root document
+ if (requestElement != signatureEnvironment.getElement()) {
+ requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement());
+ signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
+ }
+
+ // check the result
+ signatureManifestCheck = validateSignatureManifest(request, result.getXMLSignatureVerificationResult(),
+ profile);
+
+ // Check if signer certificate is in trust profile's allowed signer
+ // certificates pool
+ TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+ CheckResult certificateCheck = validateSignerCertificate(result.getXMLSignatureVerificationResult(),
+ trustProfile);
+
+ // build the response
+ responseBuilder.setResult(result.getXMLSignatureVerificationResult(), profile, signatureManifestCheck,
+ certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(),
+ qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
+ return responseBuilder.getResponse();
+ }
+
+ /**
+ * Checks if the signer certificate matches one of the allowed signer
+ * certificates specified in the provided <code>trustProfile</code>.
+ *
+ * @param result
+ * The result produced by the
+ * <code>XMLSignatureVerificationModule</code>.
+ *
+ * @param trustProfile
+ * The trust profile the signer certificate is validated against.
+ *
+ * @return The overal result of the certificate validation for the signer
+ * certificate.
+ *
+ * @throws MOAException
+ * if one of the signer certificates specified in the
+ * <code>trustProfile</code> cannot be read from the file
+ * system.
+ */
+ private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
+ throws MOAException {
+ MessageProvider msg = MessageProvider.getInstance();
+
+ int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
+ if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) {
+ X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult()
+ .getCertificateChain().get(0);
+
+ File signerCertsDir = null;
+ try {
+ signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
+ } catch (URIException e) {
+ throw new MOASystemException("2900", null, e); // Should not
+ // happen,
+ // already
+ // checked at
+ // loading the
+ // MOA
+ // configuration
+ }
+
+ File[] files = signerCertsDir.listFiles();
+ if (files == null)
+ resultCode = 1;
+ int i;
+ for (i = 0; i < files.length; i++) {
+ if (!files[i].isDirectory()) {
+ FileInputStream currentFIS = null;
+ try {
+ currentFIS = new FileInputStream(files[i]);
+ } catch (FileNotFoundException e) {
+ throw new MOASystemException("2900", null, e);
+ }
+
+ try {
+ X509Certificate currentCert = new X509Certificate(currentFIS);
+ currentFIS.close();
+ if (currentCert.equals(signerCertificate))
+ break;
+ } catch (Exception e) {
+ // Simply ignore file if it cannot be interpreted as
+ // certificate
+ String logMsg = msg.getMessage("invoker.03",
+ new Object[] { trustProfile.getId(), files[i].getName() });
+ Logger.warn(logMsg);
+ try {
+ currentFIS.close();
+ } catch (IOException e1) {
+ // If clean-up fails, do nothing
+ }
+ }
+ }
+ }
+ if (i >= files.length) {
+ resultCode = 1; // No signer certificate from the trustprofile
+ // pool matches the actual signer certificate
+ }
+ }
+
+ SPSSFactory factory = SPSSFactory.getInstance();
+ return factory.createCheckResult(resultCode, null);
+ }
+
+ /**
+ * Select the <code>dsig:Signature</code> DOM element within the signature
+ * environment.
+ *
+ * @param signatureEnvironment
+ * The signature environment containing the
+ * <code>dsig:Signature</code>.
+ * @param request
+ * The <code>VerifyXMLSignatureRequest</code> containing the
+ * signature environment.
+ * @return The <code>dsig:Signature</code> element wrapped in a
+ * <code>XMLSignature</code> object.
+ * @throws MOAApplicationException
+ * An error occurred locating the <code>dsig:Signature</code>.
+ */
+ private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment, VerifyXMLSignatureRequest request)
+ throws MOAApplicationException {
+
+ VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation();
+ Element signatureParent;
+
+ // evaluate the VerifySignatureLocation to get the signature parent
+ signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(), signatureLocation);
+
+ // check for signatureParent to be a dsig:Signature element
+ if (!"Signature".equals(signatureParent.getLocalName())
+ || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
+ throw new MOAApplicationException("2266", null);
+ }
+
+ return new XMLSignatureImpl(signatureParent);
+ }
+
+ /**
+ * Build the supplemental data objects contained in the
+ * <code>VerifyXMLSignatureRequest</code>.
+ *
+ * @param supplements
+ * A <code>List</code> of <code>XMLDataObjectAssociation</code>s
+ * containing the supplement data.
+ * @return A <code>List</code> of <code>DataObject</code>s representing the
+ * supplemental data objects.
+ * @throws MOASystemException
+ * A system error occurred building one of the data objects.
+ * @throws MOAApplicationException
+ * An error occurred building one of the data objects.
+ */
+ private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException {
+ List dataObjectList = new ArrayList();
+
+ DataObjectFactory factory = DataObjectFactory.getInstance();
+ DataObject dataObject;
+ Iterator iter;
+
+ if (supplements != null) {
+ for (iter = supplements.iterator(); iter.hasNext();) {
+ XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next();
+ dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false);
+ dataObjectList.add(dataObject);
+ }
+ }
+
+ return dataObjectList;
+
+ }
+
+ /**
+ * Get the supplemental data contained in the
+ * <code>VerifyXMLSignatureRequest</code>.
+ *
+ * @param request
+ * The <code>VerifyXMLSignatureRequest</code> containing the
+ * supplemental data.
+ * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>
+ * objects containing the supplemental data.
+ * @throws MOAApplicationException
+ * An error occurred resolving one of the supplement profiles.
+ */
+ private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException {
+ TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+ ConfigurationProvider config = context.getConfiguration();
+ List supplementProfiles = request.getSupplementProfiles();
+
+ List supplements = new ArrayList();
+
+ if (supplementProfiles != null) {
+
+ List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
+ Iterator iter;
+
+ for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+ SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next();
+ supplements.add(profile.getSupplementProfile());
+ }
+
+ }
+ return supplements;
+ }
+
+ /**
+ * Perform additional validations of the
+ * <code>XMLSignatureVerificationResult</code>.
+ *
+ * <p>
+ * In particular, it is verified that:
+ * <ul>
+ * <li>Each <code>ReferenceData</code> object contains transformation chain
+ * that matches one of the <code>Transforms</code> given in the
+ * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code>
+ * </li>
+ * <li>The hash values of the <code>TransformParameter</code>s are valid.
+ * </li>
+ * </ul>
+ * </p>
+ *
+ * @param request
+ * The <code>VerifyXMLSignatureRequest</code> containing the
+ * signature to verify.
+ * @param result
+ * The result produced by
+ * <code>XMLSignatureVerificationModule</code>.
+ * @param profile
+ * The profile used for validating the <code>request</code>.
+ * @return The result of additional validations of the signature manifest.
+ * @throws MOAApplicationException
+ * Post-validation of the
+ * <code>XMLSignatureVerificaitonResult</code> failed.
+ */
+ private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request,
+ XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile)
+ throws MOAApplicationException {
+
+ SPSSFactory factory = SPSSFactory.getInstance();
+ MessageProvider msg = MessageProvider.getInstance();
+
+ // validate that each ReferenceData object contains transforms specified
+ // in the corresponding SignatureManifestCheckParams/ReferenceInfo
+ if (request.getSignatureManifestCheckParams() != null) {
+ List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
+ List refDatas = filterReferenceInfos(result.getReferenceDataList());
+ List failedReferencesList = new ArrayList();
+ Iterator refInfoIter;
+ Iterator refDataIter;
+
+ if (refInfos.size() != refDatas.size()) {
+ return factory.createReferencesCheckResult(1, null);
+ }
+
+ refInfoIter = refInfos.iterator();
+ refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator();
+
+ while (refInfoIter.hasNext()) {
+ ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
+ ReferenceData refData = (ReferenceData) refDataIter.next();
+ List transforms = buildTransformsList(refInfo);
+ boolean found = false;
+ Iterator trIter;
+
+ for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
+ found = trIter.next().equals(refData.getTransformationList());
+ }
+
+ if (!found) {
+ Integer refIndex = new Integer(refData.getReferenceIndex());
+ String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex });
+
+ failedReferencesList.add(refIndex);
+ Logger.debug(new LogMsg(logMsg));
+ }
+ }
+
+ if (!failedReferencesList.isEmpty()) {
+ // at least one reference failed - return their indexes and
+ // check code 1
+ int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList);
+ ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, failedReferences);
+
+ return factory.createReferencesCheckResult(1, checkInfo);
+ }
+ }
+
+ // validate the hashes contained in all the ReferenceInfo objects of the
+ // security layer manifest
+ if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) {
+ Map hashValues = buildTransformParameterHashValues(request);
+ Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements());
+ List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList();
+ Iterator refIter;
+
+ for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
+ iaik.server.modules.xmlverify.ReferenceInfo ref = (iaik.server.modules.xmlverify.ReferenceInfo) refIter
+ .next();
+ byte[] hash = (byte[]) hashValues.get(ref.getURI());
+
+ if (!transformParameterURIs.contains(ref.getURI())
+ || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
+
+ // the transform parameter doesn't exist or the hashs do not
+ // match
+ // return the index of the failed reference and check code 1
+ int[] failedReferences = new int[] { ref.getReferenceIndex() };
+ ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
+ failedReferences);
+ String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref.getReferenceIndex()) });
+
+ Logger.debug(new LogMsg(logMsg));
+
+ return factory.createReferencesCheckResult(1, checkInfo);
+ }
+ }
+ }
+
+ return factory.createReferencesCheckResult(0, null);
+ }
+
+ /**
+ * Get all <code>Transform</code>s contained in all the
+ * <code>VerifyTransformsInfoProfile</code>s of the given
+ * <code>ReferenceInfo</code>.
+ *
+ * @param refInfo
+ * The <code>ReferenceInfo</code> object containing the
+ * transformations.
+ * @return A <code>List</code> of <code>List</code>s. Each of the
+ * <code>List</code>s contains <code>Transformation</code> objects.
+ * @throws MOAApplicationException
+ * An error occurred building one of the
+ * <code>Transformation</code>s.
+ */
+ private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException {
+
+ TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+ ConfigurationProvider config = context.getConfiguration();
+ List profiles = refInfo.getVerifyTransformsInfoProfiles();
+ List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+ List transformsList = new ArrayList();
+ TransformationFactory factory = TransformationFactory.getInstance();
+ Iterator iter;
+
+ for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+ VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next();
+ List transforms = profile.getTransforms();
+
+ if (transforms != null) {
+ transformsList.add(factory.createTransformationList(transforms));
+ }
+ }
+
+ return transformsList;
+ }
+
+ /**
+ * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
+ *
+ * @param transformParameters
+ * The <code>List</code> of <code>TransformParameter</code>s, as
+ * provided to the verification.
+ * @return The <code>Set</code> of all <code>TransformParameter</code> URIs.
+ */
+ private Set buildTransformParameterURIs(List transformParameters) {
+ Set uris = new HashSet();
+ Iterator iter;
+
+ for (iter = transformParameters.iterator(); iter.hasNext();) {
+ DataObject transformParameter = (DataObject) iter.next();
+ uris.add(transformParameter.getURI());
+ }
+
+ return uris;
+ }
+
+ /**
+ * Build a mapping between <code>TransformParameter</code> URIs (a
+ * <code>String</code> and <code>dsig:HashValue</code> (a
+ * <code>byte[]</code>).
+ *
+ * @param request
+ * The <code>VerifyXMLSignatureRequest</code>.
+ * @return Map The resulting mapping.
+ * @throws MOAApplicationException
+ * An error occurred accessing one of the profiles.
+ */
+ private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) throws MOAApplicationException {
+
+ TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+ ConfigurationProvider config = context.getConfiguration();
+ Map hashValues = new HashMap();
+ List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
+ Iterator refIter;
+
+ for (refIter = refInfos.iterator(); refIter.hasNext();) {
+ ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
+ List profiles = refInfo.getVerifyTransformsInfoProfiles();
+ List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+ Iterator prIter;
+
+ for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
+ VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter.next();
+ List trParameters = profile.getTransformParameters();
+ Iterator trIter;
+
+ for (trIter = trParameters.iterator(); trIter.hasNext();) {
+ TransformParameter transformParameter = (TransformParameter) trIter.next();
+ String uri = transformParameter.getURI();
+
+ if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) {
+ hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue());
+ }
+
+ }
+ }
+ }
+ return hashValues;
+ }
+
+ /**
+ * Filter the <code>ReferenceInfo</code>s returned by the
+ * <code>VerifyXMLSignatureResult</code> for comparison with the
+ * <code>ReferenceInfo</code> elements in the request.
+ *
+ * @param referenceInfos
+ * The <code>ReferenceInfo</code>s from the
+ * <code>VerifyXMLSignatureResult</code>.
+ * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type
+ * is not a XMLDsig manifest, Security Layer manifest, or ETSI
+ * signed property.
+ */
+ private List filterReferenceInfos(List referenceInfos) {
+ List filtered = new ArrayList();
+ Iterator iter;
+
+ for (iter = referenceInfos.iterator(); iter.hasNext();) {
+ iaik.server.modules.xmlverify.ReferenceInfo refInfo = (iaik.server.modules.xmlverify.ReferenceInfo) iter
+ .next();
+ String refType = refInfo.getReferenceType();
+
+ if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
+ filtered.add(refInfo);
+ }
+ }
+
+ return filtered;
+ }
+
+ private List getAdESResult(AdESFormVerificationResult adesFormVerification) {
+ if (adesFormVerification == null) {
+ // no form information
+ return null;
+ }
+
+ List adesList = new ArrayList();
+
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA),
+ SignatureVerificationProfile.LEVEL_LTA, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT),
+ SignatureVerificationProfile.LEVEL_LT, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T),
+ SignatureVerificationProfile.LEVEL_T, adesList);
+ checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B),
+ SignatureVerificationProfile.LEVEL_B, adesList);
+
+ return adesList;
+ }
+
+ private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) {
+ if (subResult != null) {
+ Logger.info("Checking Level: " + level);
+ try {
+ AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl();
+ adESFormResultsImpl.setCode(subResult.getResultCode());
+ adESFormResultsImpl.setInfo(subResult.getInfo());
+ adESFormResultsImpl.setName(subResult.getName());
+
+ adesList.add(adESFormResultsImpl);
+ } catch (NullPointerException e) {
+ Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e);
+ }
+ }
+ }
}