diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java | 1310 |
1 files changed, 652 insertions, 658 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 74c4f0b..b97cc95 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -37,8 +37,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.xml.ws.soap.AddressingFeature.Responses; - import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -49,7 +47,6 @@ import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; -import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo; @@ -78,12 +75,9 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.CollectionUtils; import at.gv.egovernment.moaspss.util.Constants; import iaik.server.ConfigurationException; -import iaik.server.modules.AdESConstants; -import iaik.server.modules.AdESFormVerificationResult; import iaik.server.modules.IAIKException; import iaik.server.modules.IAIKRuntimeException; import iaik.server.modules.SignatureVerificationProfile; -import iaik.server.modules.SignatureVerificationResult; import iaik.server.modules.xml.DataObject; import iaik.server.modules.xml.XMLDataObject; import iaik.server.modules.xml.XMLSignature; @@ -103,667 +97,667 @@ import iaik.xml.crypto.utils.URIException; /** * A class providing a DOM based interface to the * <code>XMLSignatureVerificationModule</code>. - * + * * This class performs the invocation of the * <code>iaik.server.modules.xmlverify.XMLSignatureVerificationModule</code> * from a <code>VerifyXMLSignatureRequest</code> given as a DOM element. The * result of the invocation is integrated into a * <code>VerifyXMLSignatureResponse</code> and returned. - * + * * @author Patrick Peck * @version $Id$ */ public class XMLSignatureVerificationInvoker { - /** The single instance of this class. */ - private static XMLSignatureVerificationInvoker instance = null; - - private static Set FILTERED_REF_TYPES; - - static { - FILTERED_REF_TYPES = new HashSet(); - FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE); - FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE); - FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD); - FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties"); - FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties"); - } - - /** - * Get the single instance of this class. - * - * @return The single instance of this class. - */ - public static synchronized XMLSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new XMLSignatureVerificationInvoker(); - } - return instance; - } - - /** - * Create a new <code>XMLSignatureCreationInvoker</code>. - * - * Protected to disallow multiple instances. - */ - protected XMLSignatureVerificationInvoker() { - } - - /** - * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the - * <code>XMLSignatureVerificationModule</code>. - * - * @param request - * A <code>VerifyXMLSignatureRequest<code> API object - * containing the data for verifying an XML signature. - * @return A <code>VerifyXMLSignatureResponse</code> containing the answert - * to the <code>VerifyXMLSignatureRequest</code>. MOA schema - * definition. - * @throws MOAException - * An error occurred during signature verification. - */ - public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) throws MOAException { - - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); - XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request); - VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder(); - ExtendedXMLSignatureVerificationResult result = null; - XMLSignatureVerificationResult plainResult; - XMLSignatureVerificationProfile profile; - ReferencesCheckResult signatureManifestCheck; - DataObjectFactory dataObjFactory; - XMLDataObject signatureEnvironment; - Node signatureEnvironmentParent = null; - Element requestElement = null; - XMLSignature xmlSignature; - Date signingTime; - List supplements; - List dataObjectList; - - // get the supplements - supplements = getSupplements(request); - - // build XMLSignature - dataObjFactory = DataObjectFactory.getInstance(); - signatureEnvironment = dataObjFactory - .createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements); - xmlSignature = buildXMLSignature(signatureEnvironment, request); - - // build the list of DataObjects - dataObjectList = buildDataObjectList(supplements); - - // build profile - profile = profileFactory.createProfile(); - - // get the signingTime - signingTime = request.getDateTime(); - - // make the signature environment the root of the document, if it is not - // a - // separate document anyway; this is done to assure that - // canonicalization - // of the signature environment contains the correct namespace - // declarations - requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement(); - if (requestElement != signatureEnvironment.getElement()) { - signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode(); - requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement); - } - - QCSSCDResult qcsscdresult = new QCSSCDResult(); - String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId(); - ConfigurationProvider config = ConfigurationProvider.getInstance(); - TrustProfile tp = config.getTrustProfile(tpID); - - // verify the signature - try { - XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - - if(request.getExtendedValidaiton()) { - result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, - new TransactionId(context.getTransactionID())); - plainResult = result.getXMLSignatureVerificationResult(); - } else { - plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime, - new TransactionId(context.getTransactionID())); - } - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } - - ExtendedCertificateCheckResult extCheckResult; - if(result != null) { - List adesResults = null;// - - adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); - - if (Logger.isDebugEnabled()) { - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.debug("ADES Formresults: " + adesIterator.next().toString()); - } - } - } - - responseBuilder.setAdESFormResults(adesResults); - - try { - //Logger.info("Extended Validation Report: " + result.getName()); - Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); - Logger.debug("Extended Validation Info: " + result.getInfo()); - - extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); - responseBuilder.setExtendedCertificateCheckResult(extCheckResult); - - } catch (NullPointerException e) { - Logger.info("No extendend validation result available."); - } - } - // QC/SSCD check - List list = plainResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, plainResult.getSigningTime(), tp.isTSLEnabled(), config); - } - - // get signer certificate issuer country code - String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); - - // swap back in the request as root document - if (requestElement != signatureEnvironment.getElement()) { - requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement()); - signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); - } - - // check the result - signatureManifestCheck = validateSignatureManifest(request, plainResult, - profile); - - // Check if signer certificate is in trust profile's allowed signer - // certificates pool - TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - CheckResult certificateCheck = validateSignerCertificate(plainResult, - trustProfile); - - // build the response - responseBuilder.setResult(plainResult, profile, signatureManifestCheck, - certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), - qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos(), request.getExtendedValidaiton()); - return responseBuilder.getResponse(); - } - - /** - * Checks if the signer certificate matches one of the allowed signer - * certificates specified in the provided <code>trustProfile</code>. - * - * @param result - * The result produced by the - * <code>XMLSignatureVerificationModule</code>. - * - * @param trustProfile - * The trust profile the signer certificate is validated against. - * - * @return The overal result of the certificate validation for the signer - * certificate. - * - * @throws MOAException - * if one of the signer certificates specified in the - * <code>trustProfile</code> cannot be read from the file - * system. - */ - private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, - TrustProfile trustProfile) - throws MOAException { - MessageProvider msg = MessageProvider.getInstance(); - - int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue(); - - if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) { - X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult() - .getCertificateChain().get(0); - - File signerCertsDir = null; - try { - signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath()); - } catch (URIException e) { - throw new MOASystemException("2900", null, e); // Should not - // happen, - // already - // checked at - // loading the - // MOA - // configuration - } - - File[] files = signerCertsDir.listFiles(); - if (files == null) - resultCode = 1; - int i; - for (i = 0; i < files.length; i++) { - if (!files[i].isDirectory()) { - FileInputStream currentFIS = null; - try { - currentFIS = new FileInputStream(files[i]); - } catch (FileNotFoundException e) { - throw new MOASystemException("2900", null, e); - } - - try { - X509Certificate currentCert = new X509Certificate(currentFIS); - currentFIS.close(); - if (currentCert.equals(signerCertificate)) - break; - } catch (Exception e) { - // Simply ignore file if it cannot be interpreted as - // certificate - String logMsg = msg.getMessage("invoker.03", - new Object[] { trustProfile.getId(), files[i].getName() }); - Logger.warn(logMsg); - try { - currentFIS.close(); - } catch (IOException e1) { - // If clean-up fails, do nothing - } - } - } - } - if (i >= files.length) { - resultCode = 1; // No signer certificate from the trustprofile - // pool matches the actual signer certificate - } - } - - SPSSFactory factory = SPSSFactory.getInstance(); - return factory.createCheckResult(resultCode, null); - } - - /** - * Select the <code>dsig:Signature</code> DOM element within the signature - * environment. - * - * @param signatureEnvironment - * The signature environment containing the - * <code>dsig:Signature</code>. - * @param request - * The <code>VerifyXMLSignatureRequest</code> containing the - * signature environment. - * @return The <code>dsig:Signature</code> element wrapped in a - * <code>XMLSignature</code> object. - * @throws MOAApplicationException - * An error occurred locating the <code>dsig:Signature</code>. - */ - private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment, VerifyXMLSignatureRequest request) - throws MOAApplicationException { - - VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation(); - Element signatureParent; - - // evaluate the VerifySignatureLocation to get the signature parent - signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(), signatureLocation); - - // check for signatureParent to be a dsig:Signature element - if (!"Signature".equals(signatureParent.getLocalName()) - || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) { - throw new MOAApplicationException("2266", null); - } - - return new XMLSignatureImpl(signatureParent); - } - - /** - * Build the supplemental data objects contained in the - * <code>VerifyXMLSignatureRequest</code>. - * - * @param supplements - * A <code>List</code> of <code>XMLDataObjectAssociation</code>s - * containing the supplement data. - * @return A <code>List</code> of <code>DataObject</code>s representing the - * supplemental data objects. - * @throws MOASystemException - * A system error occurred building one of the data objects. - * @throws MOAApplicationException - * An error occurred building one of the data objects. - */ - private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException { - List dataObjectList = new ArrayList(); - - DataObjectFactory factory = DataObjectFactory.getInstance(); - DataObject dataObject; - Iterator iter; - - if (supplements != null) { - for (iter = supplements.iterator(); iter.hasNext();) { - XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next(); - dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false); - dataObjectList.add(dataObject); - } - } - - return dataObjectList; - - } - - /** - * Get the supplemental data contained in the - * <code>VerifyXMLSignatureRequest</code>. - * - * @param request - * The <code>VerifyXMLSignatureRequest</code> containing the - * supplemental data. - * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> - * objects containing the supplemental data. - * @throws MOAApplicationException - * An error occurred resolving one of the supplement profiles. - */ - private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException { - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - List supplementProfiles = request.getSupplementProfiles(); - - List supplements = new ArrayList(); - - if (supplementProfiles != null) { - - List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config); - Iterator iter; - - for (iter = mappedProfiles.iterator(); iter.hasNext();) { - SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next(); - supplements.add(profile.getSupplementProfile()); - } - - } - return supplements; - } - - /** - * Perform additional validations of the - * <code>XMLSignatureVerificationResult</code>. - * - * <p> - * In particular, it is verified that: - * <ul> - * <li>Each <code>ReferenceData</code> object contains transformation chain - * that matches one of the <code>Transforms</code> given in the - * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code> - * </li> - * <li>The hash values of the <code>TransformParameter</code>s are valid. - * </li> - * </ul> - * </p> - * - * @param request - * The <code>VerifyXMLSignatureRequest</code> containing the - * signature to verify. - * @param result - * The result produced by - * <code>XMLSignatureVerificationModule</code>. - * @param profile - * The profile used for validating the <code>request</code>. - * @return The result of additional validations of the signature manifest. - * @throws MOAApplicationException - * Post-validation of the - * <code>XMLSignatureVerificaitonResult</code> failed. - */ - private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request, - XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile) - throws MOAApplicationException { - - SPSSFactory factory = SPSSFactory.getInstance(); - MessageProvider msg = MessageProvider.getInstance(); - - // validate that each ReferenceData object contains transforms specified - // in the corresponding SignatureManifestCheckParams/ReferenceInfo - if (request.getSignatureManifestCheckParams() != null) { - List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos(); - List refDatas = filterReferenceInfos(result.getReferenceDataList()); - List failedReferencesList = new ArrayList(); - Iterator refInfoIter; - Iterator refDataIter; - - if (refInfos.size() != refDatas.size()) { - return factory.createReferencesCheckResult(1, null); - } - - refInfoIter = refInfos.iterator(); - refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator(); - - while (refInfoIter.hasNext()) { - ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next(); - ReferenceData refData = (ReferenceData) refDataIter.next(); - List transforms = buildTransformsList(refInfo); - boolean found = false; - Iterator trIter; - - for (trIter = transforms.iterator(); trIter.hasNext() && !found;) { - found = trIter.next().equals(refData.getTransformationList()); - } - - if (!found) { - Integer refIndex = new Integer(refData.getReferenceIndex()); - String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex }); - - failedReferencesList.add(refIndex); - Logger.debug(new LogMsg(logMsg)); - } - } - - if (!failedReferencesList.isEmpty()) { - // at least one reference failed - return their indexes and - // check code 1 - int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList); - ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, failedReferences); - - return factory.createReferencesCheckResult(1, checkInfo); - } - } - - // validate the hashes contained in all the ReferenceInfo objects of the - // security layer manifest - if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) { - Map hashValues = buildTransformParameterHashValues(request); - Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements()); - List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList(); - Iterator refIter; - - for (refIter = referenceInfoList.iterator(); refIter.hasNext();) { - iaik.server.modules.xmlverify.ReferenceInfo ref = (iaik.server.modules.xmlverify.ReferenceInfo) refIter - .next(); - byte[] hash = (byte[]) hashValues.get(ref.getURI()); - - if (!transformParameterURIs.contains(ref.getURI()) - || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) { - - // the transform parameter doesn't exist or the hashs do not - // match - // return the index of the failed reference and check code 1 - int[] failedReferences = new int[] { ref.getReferenceIndex() }; - ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, - failedReferences); - String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref.getReferenceIndex()) }); - - Logger.debug(new LogMsg(logMsg)); - - return factory.createReferencesCheckResult(1, checkInfo); - } - } - } - - return factory.createReferencesCheckResult(0, null); - } - - /** - * Get all <code>Transform</code>s contained in all the - * <code>VerifyTransformsInfoProfile</code>s of the given - * <code>ReferenceInfo</code>. - * - * @param refInfo - * The <code>ReferenceInfo</code> object containing the - * transformations. - * @return A <code>List</code> of <code>List</code>s. Each of the - * <code>List</code>s contains <code>Transformation</code> objects. - * @throws MOAApplicationException - * An error occurred building one of the - * <code>Transformation</code>s. - */ - private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException { - - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - List profiles = refInfo.getVerifyTransformsInfoProfiles(); - List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); - List transformsList = new ArrayList(); - TransformationFactory factory = TransformationFactory.getInstance(); - Iterator iter; - - for (iter = mappedProfiles.iterator(); iter.hasNext();) { - VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next(); - List transforms = profile.getTransforms(); - - if (transforms != null) { - transformsList.add(factory.createTransformationList(transforms)); - } - } - - return transformsList; - } - - /** - * Build the <code>Set</code> of all <code>TransformParameter</code> URIs. - * - * @param transformParameters - * The <code>List</code> of <code>TransformParameter</code>s, as - * provided to the verification. - * @return The <code>Set</code> of all <code>TransformParameter</code> URIs. - */ - private Set buildTransformParameterURIs(List transformParameters) { - Set uris = new HashSet(); - Iterator iter; - - for (iter = transformParameters.iterator(); iter.hasNext();) { - DataObject transformParameter = (DataObject) iter.next(); - uris.add(transformParameter.getURI()); - } - - return uris; - } - - /** - * Build a mapping between <code>TransformParameter</code> URIs (a - * <code>String</code> and <code>dsig:HashValue</code> (a - * <code>byte[]</code>). - * - * @param request - * The <code>VerifyXMLSignatureRequest</code>. - * @return Map The resulting mapping. - * @throws MOAApplicationException - * An error occurred accessing one of the profiles. - */ - private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) throws MOAApplicationException { - - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - Map hashValues = new HashMap(); - List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos(); - Iterator refIter; - - for (refIter = refInfos.iterator(); refIter.hasNext();) { - ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); - List profiles = refInfo.getVerifyTransformsInfoProfiles(); - List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); - Iterator prIter; - - for (prIter = mappedProfiles.iterator(); prIter.hasNext();) { - VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter.next(); - List trParameters = profile.getTransformParameters(); - Iterator trIter; - - for (trIter = trParameters.iterator(); trIter.hasNext();) { - TransformParameter transformParameter = (TransformParameter) trIter.next(); - String uri = transformParameter.getURI(); - - if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) { - hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue()); - } - - } - } - } - return hashValues; - } - - /** - * Filter the <code>ReferenceInfo</code>s returned by the - * <code>VerifyXMLSignatureResult</code> for comparison with the - * <code>ReferenceInfo</code> elements in the request. - * - * @param referenceInfos - * The <code>ReferenceInfo</code>s from the - * <code>VerifyXMLSignatureResult</code>. - * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type - * is not a XMLDsig manifest, Security Layer manifest, or ETSI - * signed property. - */ - private List filterReferenceInfos(List referenceInfos) { - List filtered = new ArrayList(); - Iterator iter; - - for (iter = referenceInfos.iterator(); iter.hasNext();) { - iaik.server.modules.xmlverify.ReferenceInfo refInfo = (iaik.server.modules.xmlverify.ReferenceInfo) iter - .next(); - String refType = refInfo.getReferenceType(); - - if (refType == null || !FILTERED_REF_TYPES.contains(refType)) { - filtered.add(refInfo); - } - } - - return filtered; - } - - private List getAdESResult(ExtendedXMLSignatureVerificationResult adesFormVerification) throws ConfigurationException { - if (adesFormVerification == null) { - // no form information - return null; - } - - List adesList = new ArrayList(); - - /* - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), - SignatureVerificationProfile.LEVEL_LTA, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), - SignatureVerificationProfile.LEVEL_LT, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), - SignatureVerificationProfile.LEVEL_T, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), - SignatureVerificationProfile.LEVEL_B, adesList); - */ - - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), - SignatureVerificationProfile.LEVEL_LT, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.ADES_T_VALIDATION), - SignatureVerificationProfile.LEVEL_T, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), - SignatureVerificationProfile.LEVEL_B, adesList); - - return adesList; - } + /** The single instance of this class. */ + private static XMLSignatureVerificationInvoker instance = null; + + private static Set FILTERED_REF_TYPES; + + static { + FILTERED_REF_TYPES = new HashSet(); + FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE); + FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE); + FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD); + FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties"); + FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties"); + } + + /** + * Get the single instance of this class. + * + * @return The single instance of this class. + */ + public static synchronized XMLSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new XMLSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>XMLSignatureCreationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected XMLSignatureVerificationInvoker() { + } + + /** + * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the + * <code>XMLSignatureVerificationModule</code>. + * + * @param request A <code>VerifyXMLSignatureRequest<code> API object + * containing the data for verifying an XML signature. + * @return A <code>VerifyXMLSignatureResponse</code> containing the answert + * to the <code>VerifyXMLSignatureRequest</code>. MOA schema + * definition. + * @throws MOAException An error occurred during signature verification. + */ + public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) + throws MOAException { + + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + final XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory( + request); + final VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder(); + ExtendedXMLSignatureVerificationResult result = null; + XMLSignatureVerificationResult plainResult; + XMLSignatureVerificationProfile profile; + ReferencesCheckResult signatureManifestCheck; + DataObjectFactory dataObjFactory; + XMLDataObject signatureEnvironment; + Node signatureEnvironmentParent = null; + Element requestElement = null; + XMLSignature xmlSignature; + Date signingTime; + List supplements; + List dataObjectList; + + // get the supplements + supplements = getSupplements(request); + + // build XMLSignature + dataObjFactory = DataObjectFactory.getInstance(); + signatureEnvironment = dataObjFactory + .createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements); + xmlSignature = buildXMLSignature(signatureEnvironment, request); + + // build the list of DataObjects + dataObjectList = buildDataObjectList(supplements); + + // build profile + profile = profileFactory.createProfile(); + + // get the signingTime + signingTime = request.getDateTime(); + + // make the signature environment the root of the document, if it is not + // a + // separate document anyway; this is done to assure that + // canonicalization + // of the signature environment contains the correct namespace + // declarations + requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement(); + if (requestElement != signatureEnvironment.getElement()) { + signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode(); + requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement); + } + + QCSSCDResult qcsscdresult = new QCSSCDResult(); + final String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId(); + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final TrustProfile tp = config.getTrustProfile(tpID); + + // verify the signature + try { + final XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + if (request.getExtendedValidaiton()) { + result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, + new TransactionId(context.getTransactionID())); + plainResult = result.getXMLSignatureVerificationResult(); + } else { + plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime, + new TransactionId(context.getTransactionID())); + } + } catch (final IAIKException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (final IAIKRuntimeException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } + + ExtendedCertificateCheckResult extCheckResult; + if (result != null) { + List adesResults = null;// + + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + + if (Logger.isDebugEnabled()) { + if (adesResults != null) { + final Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.debug("ADES Formresults: " + adesIterator.next().toString()); + } + } + } + + responseBuilder.setAdESFormResults(adesResults); + + try { + // Logger.info("Extended Validation Report: " + result.getName()); + Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); + Logger.debug("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + responseBuilder.setExtendedCertificateCheckResult(extCheckResult); + + } catch (final NullPointerException e) { + Logger.info("No extendend validation result available."); + } + } + // QC/SSCD check + final List list = plainResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + final X509Certificate[] chain = new X509Certificate[list.size()]; + + final Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, plainResult.getSigningTime(), tp.isTSLEnabled(), + config); + } + + // get signer certificate issuer country code + final String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + // swap back in the request as root document + if (requestElement != signatureEnvironment.getElement()) { + requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement()); + signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); + } + + // check the result + signatureManifestCheck = validateSignatureManifest(request, plainResult, + profile); + + // Check if signer certificate is in trust profile's allowed signer + // certificates pool + final TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + final CheckResult certificateCheck = validateSignerCertificate(plainResult, + trustProfile); + + // build the response + responseBuilder.setResult(plainResult, profile, signatureManifestCheck, + certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), + qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos(), + request.getExtendedValidaiton()); + return responseBuilder.getResponse(); + } + + /** + * Checks if the signer certificate matches one of the allowed signer + * certificates specified in the provided <code>trustProfile</code>. + * + * @param result The result produced by the + * <code>XMLSignatureVerificationModule</code>. + * + * @param trustProfile The trust profile the signer certificate is validated + * against. + * + * @return The overal result of the certificate validation for the signer + * certificate. + * + * @throws MOAException if one of the signer certificates specified in the + * <code>trustProfile</code> cannot be read from the file + * system. + */ + private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, + TrustProfile trustProfile) + throws MOAException { + final MessageProvider msg = MessageProvider.getInstance(); + + int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue(); + + if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) { + final X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult() + .getCertificateChain().get(0); + + File signerCertsDir = null; + try { + signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath()); + } catch (final URIException e) { + throw new MOASystemException("2900", null, e); // Should not + // happen, + // already + // checked at + // loading the + // MOA + // configuration + } + + final File[] files = signerCertsDir.listFiles(); + if (files == null) { + resultCode = 1; + } + int i; + for (i = 0; i < files.length; i++) { + if (!files[i].isDirectory()) { + FileInputStream currentFIS = null; + try { + currentFIS = new FileInputStream(files[i]); + } catch (final FileNotFoundException e) { + throw new MOASystemException("2900", null, e); + } + + try { + final X509Certificate currentCert = new X509Certificate(currentFIS); + currentFIS.close(); + if (currentCert.equals(signerCertificate)) { + break; + } + } catch (final Exception e) { + // Simply ignore file if it cannot be interpreted as + // certificate + final String logMsg = msg.getMessage("invoker.03", + new Object[] { trustProfile.getId(), files[i].getName() }); + Logger.warn(logMsg); + try { + currentFIS.close(); + } catch (final IOException e1) { + // If clean-up fails, do nothing + } + } + } + } + if (i >= files.length) { + resultCode = 1; // No signer certificate from the trustprofile + // pool matches the actual signer certificate + } + } + + final SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckResult(resultCode, null); + } + + /** + * Select the <code>dsig:Signature</code> DOM element within the signature + * environment. + * + * @param signatureEnvironment The signature environment containing the + * <code>dsig:Signature</code>. + * @param request The <code>VerifyXMLSignatureRequest</code> + * containing the signature environment. + * @return The <code>dsig:Signature</code> element wrapped in a + * <code>XMLSignature</code> object. + * @throws MOAApplicationException An error occurred locating the + * <code>dsig:Signature</code>. + */ + private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment, + VerifyXMLSignatureRequest request) + throws MOAApplicationException { + + final VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation(); + Element signatureParent; + + // evaluate the VerifySignatureLocation to get the signature parent + signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(), + signatureLocation); + + // check for signatureParent to be a dsig:Signature element + if (!"Signature".equals(signatureParent.getLocalName()) + || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) { + throw new MOAApplicationException("2266", null); + } + + return new XMLSignatureImpl(signatureParent); + } + + /** + * Build the supplemental data objects contained in the + * <code>VerifyXMLSignatureRequest</code>. + * + * @param supplements A <code>List</code> of + * <code>XMLDataObjectAssociation</code>s containing the + * supplement data. + * @return A <code>List</code> of <code>DataObject</code>s representing the + * supplemental data objects. + * @throws MOASystemException A system error occurred building one of the + * data objects. + * @throws MOAApplicationException An error occurred building one of the data + * objects. + */ + private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException { + final List dataObjectList = new ArrayList(); + + final DataObjectFactory factory = DataObjectFactory.getInstance(); + DataObject dataObject; + Iterator iter; + + if (supplements != null) { + for (iter = supplements.iterator(); iter.hasNext();) { + final XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next(); + dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false); + dataObjectList.add(dataObject); + } + } + + return dataObjectList; + + } + + /** + * Get the supplemental data contained in the + * <code>VerifyXMLSignatureRequest</code>. + * + * @param request The <code>VerifyXMLSignatureRequest</code> containing the + * supplemental data. + * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> objects + * containing the supplemental data. + * @throws MOAApplicationException An error occurred resolving one of the + * supplement profiles. + */ + private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException { + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final List supplementProfiles = request.getSupplementProfiles(); + + final List supplements = new ArrayList(); + + if (supplementProfiles != null) { + + final List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config); + Iterator iter; + + for (iter = mappedProfiles.iterator(); iter.hasNext();) { + final SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next(); + supplements.add(profile.getSupplementProfile()); + } + + } + return supplements; + } + + /** + * Perform additional validations of the + * <code>XMLSignatureVerificationResult</code>. + * + * <p> + * In particular, it is verified that: + * <ul> + * <li>Each <code>ReferenceData</code> object contains transformation chain that + * matches one of the <code>Transforms</code> given in the corresponding + * <code>SignatureManifestCheckParams/ReferenceInfo</code></li> + * <li>The hash values of the <code>TransformParameter</code>s are valid.</li> + * </ul> + * </p> + * + * @param request The <code>VerifyXMLSignatureRequest</code> containing the + * signature to verify. + * @param result The result produced by + * <code>XMLSignatureVerificationModule</code>. + * @param profile The profile used for validating the <code>request</code>. + * @return The result of additional validations of the signature manifest. + * @throws MOAApplicationException Post-validation of the + * <code>XMLSignatureVerificaitonResult</code> + * failed. + */ + private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request, + XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile) + throws MOAApplicationException { + + final SPSSFactory factory = SPSSFactory.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); + + // validate that each ReferenceData object contains transforms specified + // in the corresponding SignatureManifestCheckParams/ReferenceInfo + if (request.getSignatureManifestCheckParams() != null) { + final List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos(); + final List refDatas = filterReferenceInfos(result.getReferenceDataList()); + final List failedReferencesList = new ArrayList(); + Iterator refInfoIter; + Iterator refDataIter; + + if (refInfos.size() != refDatas.size()) { + return factory.createReferencesCheckResult(1, null); + } + + refInfoIter = refInfos.iterator(); + refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator(); + + while (refInfoIter.hasNext()) { + final ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next(); + final ReferenceData refData = (ReferenceData) refDataIter.next(); + final List transforms = buildTransformsList(refInfo); + boolean found = false; + Iterator trIter; + + for (trIter = transforms.iterator(); trIter.hasNext() && !found;) { + found = trIter.next().equals(refData.getTransformationList()); + } + + if (!found) { + final Integer refIndex = new Integer(refData.getReferenceIndex()); + final String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex }); + + failedReferencesList.add(refIndex); + Logger.debug(new LogMsg(logMsg)); + } + } + + if (!failedReferencesList.isEmpty()) { + // at least one reference failed - return their indexes and + // check code 1 + final int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList); + final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, + failedReferences); + + return factory.createReferencesCheckResult(1, checkInfo); + } + } + + // validate the hashes contained in all the ReferenceInfo objects of the + // security layer manifest + if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) { + final Map hashValues = buildTransformParameterHashValues(request); + final Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements()); + final List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList(); + Iterator refIter; + + for (refIter = referenceInfoList.iterator(); refIter.hasNext();) { + final iaik.server.modules.xmlverify.ReferenceInfo ref = + (iaik.server.modules.xmlverify.ReferenceInfo) refIter + .next(); + final byte[] hash = (byte[]) hashValues.get(ref.getURI()); + + if (!transformParameterURIs.contains(ref.getURI()) + || hash != null && !Arrays.equals(hash, ref.getHashValue())) { + + // the transform parameter doesn't exist or the hashs do not + // match + // return the index of the failed reference and check code 1 + final int[] failedReferences = new int[] { ref.getReferenceIndex() }; + final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, + failedReferences); + final String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref + .getReferenceIndex()) }); + + Logger.debug(new LogMsg(logMsg)); + + return factory.createReferencesCheckResult(1, checkInfo); + } + } + } + + return factory.createReferencesCheckResult(0, null); + } + + /** + * Get all <code>Transform</code>s contained in all the + * <code>VerifyTransformsInfoProfile</code>s of the given + * <code>ReferenceInfo</code>. + * + * @param refInfo The <code>ReferenceInfo</code> object containing the + * transformations. + * @return A <code>List</code> of <code>List</code>s. Each of the + * <code>List</code>s contains <code>Transformation</code> objects. + * @throws MOAApplicationException An error occurred building one of the + * <code>Transformation</code>s. + */ + private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException { + + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final List profiles = refInfo.getVerifyTransformsInfoProfiles(); + final List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); + final List transformsList = new ArrayList(); + final TransformationFactory factory = TransformationFactory.getInstance(); + Iterator iter; + + for (iter = mappedProfiles.iterator(); iter.hasNext();) { + final VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next(); + final List transforms = profile.getTransforms(); + + if (transforms != null) { + transformsList.add(factory.createTransformationList(transforms)); + } + } + + return transformsList; + } + + /** + * Build the <code>Set</code> of all <code>TransformParameter</code> URIs. + * + * @param transformParameters The <code>List</code> of + * <code>TransformParameter</code>s, as provided to + * the verification. + * @return The <code>Set</code> of all <code>TransformParameter</code> URIs. + */ + private Set buildTransformParameterURIs(List transformParameters) { + final Set uris = new HashSet(); + Iterator iter; + + for (iter = transformParameters.iterator(); iter.hasNext();) { + final DataObject transformParameter = (DataObject) iter.next(); + uris.add(transformParameter.getURI()); + } + + return uris; + } + + /** + * Build a mapping between <code>TransformParameter</code> URIs (a + * <code>String</code> and <code>dsig:HashValue</code> (a <code>byte[]</code>). + * + * @param request The <code>VerifyXMLSignatureRequest</code>. + * @return Map The resulting mapping. + * @throws MOAApplicationException An error occurred accessing one of the + * profiles. + */ + private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) + throws MOAApplicationException { + + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final Map hashValues = new HashMap(); + final List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos(); + Iterator refIter; + + for (refIter = refInfos.iterator(); refIter.hasNext();) { + final ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); + final List profiles = refInfo.getVerifyTransformsInfoProfiles(); + final List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); + Iterator prIter; + + for (prIter = mappedProfiles.iterator(); prIter.hasNext();) { + final VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter + .next(); + final List trParameters = profile.getTransformParameters(); + Iterator trIter; + + for (trIter = trParameters.iterator(); trIter.hasNext();) { + final TransformParameter transformParameter = (TransformParameter) trIter.next(); + final String uri = transformParameter.getURI(); + + if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) { + hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue()); + } + + } + } + } + return hashValues; + } + + /** + * Filter the <code>ReferenceInfo</code>s returned by the + * <code>VerifyXMLSignatureResult</code> for comparison with the + * <code>ReferenceInfo</code> elements in the request. + * + * @param referenceInfos The <code>ReferenceInfo</code>s from the + * <code>VerifyXMLSignatureResult</code>. + * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type is + * not a XMLDsig manifest, Security Layer manifest, or ETSI signed + * property. + */ + private List filterReferenceInfos(List referenceInfos) { + final List filtered = new ArrayList(); + Iterator iter; + + for (iter = referenceInfos.iterator(); iter.hasNext();) { + final iaik.server.modules.xmlverify.ReferenceInfo refInfo = + (iaik.server.modules.xmlverify.ReferenceInfo) iter + .next(); + final String refType = refInfo.getReferenceType(); + + if (refType == null || !FILTERED_REF_TYPES.contains(refType)) { + filtered.add(refInfo); + } + } + + return filtered; + } + + private List getAdESResult(ExtendedXMLSignatureVerificationResult adesFormVerification) + throws ConfigurationException { + if (adesFormVerification == null) { + // no form information + return null; + } + + final List adesList = new ArrayList(); + + /* + * checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile + * .LEVEL_LTA), SignatureVerificationProfile.LEVEL_LTA, adesList); + * checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile + * .LEVEL_LT), SignatureVerificationProfile.LEVEL_LT, adesList); + * checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile + * .LEVEL_T), SignatureVerificationProfile.LEVEL_T, adesList); + * checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile + * .LEVEL_B), SignatureVerificationProfile.LEVEL_B, adesList); + */ + + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult( + iaik.esi.sva.util.Constants.LONG_TERM_VALIDATION), + SignatureVerificationProfile.LEVEL_LT, adesList); + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult( + iaik.esi.sva.util.Constants.ADES_T_VALIDATION), + SignatureVerificationProfile.LEVEL_T, adesList); + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), + SignatureVerificationProfile.LEVEL_B, adesList); + + return adesList; + } } |