diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java')
-rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java | 245 |
1 files changed, 142 insertions, 103 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index f4121b0..813d28e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -21,13 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; -import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; -import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; -import iaik.server.cmspdfverify.CertificateValidationResult; - import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; @@ -41,28 +36,35 @@ import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.common.TslInfos; import at.gv.egovernment.moa.spss.server.config.TrustProfile; +import iaik.server.cmspdfverify.CertificateValidationResult; +import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; /** * A class to build a <code>VerifyCMSSignatureResponse</code> object. - * - * <p>Via subsequent calls to <code>addResult()</code> a number of results from - * a CMS signature verification can be added to the response.</p> - * - * <p>The <code>getResponseElement()</code> method then returns the - * <code>VerifyCMSSignatureResponse</code> built so far.</p> - * + * + * <p> + * Via subsequent calls to <code>addResult()</code> a number of results from a + * CMS signature verification can be added to the response. + * </p> + * + * <p> + * The <code>getResponseElement()</code> method then returns the + * <code>VerifyCMSSignatureResponse</code> built so far. + * </p> + * * @author Patrick Peck * @version $Id$ */ public class VerifyCMSSignatureResponseBuilder { /** The <code>SPSSFactory</code> for creating API objects. */ - private SPSSFactory factory = SPSSFactory.getInstance(); + private final SPSSFactory factory = SPSSFactory.getInstance(); /** The elements making up the response. */ - private List responseElements = new ArrayList(); + private final List responseElements = new ArrayList(); /** * Get the <code>VerifyCMSSignatureResponse</code> built so far. - * + * * @return The <code>VerifyCMSSignatureResponse</code> built so far. */ public VerifyCMSSignatureResponse getResponse() { @@ -71,112 +73,146 @@ public class VerifyCMSSignatureResponseBuilder { /** * Add a verification result to the response. - * - * @param result The result to add. - * @param trustprofile The actual trustprofile - * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the - * certificate as qualified, otherwise <code>false</code>. - * @param checkSSCD <code>true</code>, if the TSL check verifies the - * signature based on a SSDC, otherwise <code>false</code>. - * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, - * otherwise <code>false</code>. - * @throws MOAException + * + * @param result The result to add. + * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise + * <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from + * the TSL, otherwise <code>false</code>. + * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, - ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos) - throws MOAException { - - CertificateValidationResult certResult = - result.getCertificateValidationResult(); - int signatureCheckCode = - result.getSignatureValueVerificationCode().intValue(); - int certificateCheckCode = certResult.getValidationResultCode().intValue(); - + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, + boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, + List adesResults, + ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, + boolean extendedVerification) + throws MOAException { + + final int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); + final CertificateValidationResult certResult = result.getCertificateValidationResult(); + VerifyCMSSignatureResponseElement responseElement; - SignerInfo signerInfo; + SignerInfo signerInfo = null; CheckResult signatureCheck; CheckResult certificateCheck; - boolean qualifiedCertificate = checkQC; - - // add SignerInfo element - signerInfo = - factory.createSignerInfo( - (X509Certificate) certResult.getCertificateChain().get(0), - qualifiedCertificate, - qcSourceTSL, - certResult.isPublicAuthorityCertificate(), - certResult.getPublicAuthorityID(), - checkSSCD, - sscdSourceTSL, - issuerCountryCode, - result.getSigningTime(), - tslInfos); + final boolean qualifiedCertificate = checkQC; + + // add signature algorithm name in case of extended validation + String sigAlgName = null; + if (extendedVerification) { + sigAlgName = result.getSignatureAlgorithmName(); + + } + + // set code 99 if not certcheckresult exists + int certificateCheckCode = 99; + if (certResult != null) { + certificateCheckCode = certResult.getValidationResultCode().intValue(); + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode, + result.getSigningTime(), + tslInfos); + } // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); - + // build the response element responseElement = - factory.createVerifyCMSSignatureResponseElement( - signerInfo, - signatureCheck, - certificateCheck, - adesResults, - extendedCertificateCheckResult); + factory.createVerifyCMSSignatureResponseElement( + signerInfo, + signatureCheck, + certificateCheck, + adesResults, + extendedCertificateCheckResult, + sigAlgName, + null, + null); responseElements.add(responseElement); } - + /** - * Add a verification result to the response. * - * @param result The result to add. - * @param trustprofile The actual trustprofile - * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the - * certificate as qualified, otherwise <code>false</code>. - * @param checkSSCD <code>true</code>, if the TSL check verifies the - * signature based on a SSDC, otherwise <code>false</code>. - * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, - * otherwise <code>false</code>. - * @throws MOAException + * @param result + * @param trustProfile + * @param checkQC + * @param qcSourceTSL + * @param checkSSCD + * @param sscdSourceTSL + * @param issuerCountryCode + * @param adesResults + * @param extendedCertificateCheckResult + * @param tslInfos + * @param extendedVerification + * @throws MOAException */ - public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, - ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos) - throws MOAException { - - CertificateValidationResult certResult = - result.getCertificateValidationResult(); - int signatureCheckCode = - result.getSignatureValueVerificationCode().intValue(); - + public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, + boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, + List adesResults, + ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, + boolean extendedVerification) + throws MOAException { + + final CertificateValidationResult certResult = + result.getCertificateValidationResult(); + final int signatureCheckCode = + result.getSignatureValueVerificationCode().intValue(); + VerifyCMSSignatureResponseElement responseElement; SignerInfo signerInfo = null; CheckResult signatureCheck; CheckResult certificateCheck; - boolean qualifiedCertificate = checkQC; - - //set code 99 if not certcheckresult exists + final boolean qualifiedCertificate = checkQC; + + // add signature algorithm name in case of extended validation + String sigAlgName = null; + Boolean coversFullDoc = null; + int[] sigByteRange = null; + + if (extendedVerification) { + sigAlgName = result.getSignatureAlgorithmName(); + coversFullDoc = result.byteRangeCoversWholeDocument(); + sigByteRange = result.getByteRange(); + + } + + // set code 99 if not certcheckresult exists int certificateCheckCode = 99; if (certResult != null) { - certificateCheckCode = certResult.getValidationResultCode().intValue(); - - // add SignerInfo element - signerInfo = - factory.createSignerInfo( - (X509Certificate) certResult.getCertificateChain().get(0), - qualifiedCertificate, - qcSourceTSL, - certResult.isPublicAuthorityCertificate(), - certResult.getPublicAuthorityID(), - checkSSCD, - sscdSourceTSL, - issuerCountryCode, - result.getSigningTime(), - tslInfos); + certificateCheckCode = certResult.getValidationResultCode().intValue(); + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode, + result.getSigningTime(), + tslInfos); } // add SignatureCheck element @@ -184,15 +220,18 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); - + // build the response element responseElement = - factory.createVerifyCMSSignatureResponseElement( - signerInfo, - signatureCheck, - certificateCheck, - adesResults, - extendedCertificateCheckResult); + factory.createVerifyCMSSignatureResponseElement( + signerInfo, + signatureCheck, + certificateCheck, + adesResults, + extendedCertificateCheckResult, + sigAlgName, + coversFullDoc, + sigByteRange); responseElements.add(responseElement); } |