diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke')
20 files changed, 3262 insertions, 3265 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 8e9380e..2e7445e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -21,19 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; -import iaik.server.modules.algorithms.HashAlgorithms; -import iaik.server.modules.cmssign.CMSSignature; -import iaik.server.modules.cmssign.CMSSignatureCreationException; -import iaik.server.modules.cmssign.CMSSignatureCreationModule; -import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory; -import iaik.server.modules.cmssign.CMSSignatureCreationProfile; -import iaik.server.modules.keys.KeyEntryID; -import iaik.server.modules.keys.KeyModule; -import iaik.server.modules.keys.KeyModuleFactory; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; @@ -76,38 +65,46 @@ import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.Constants; +import iaik.server.modules.algorithms.HashAlgorithms; +import iaik.server.modules.cmssign.CMSSignature; +import iaik.server.modules.cmssign.CMSSignatureCreationException; +import iaik.server.modules.cmssign.CMSSignatureCreationModule; +import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory; +import iaik.server.modules.cmssign.CMSSignatureCreationProfile; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; /** * A class providing an API based interface to the * <code>CMSSignatureCreationModule</code>. - * - * This class performs the invocation of the + * + * This class performs the invocation of the * <code>iaik.server.modules.cmssign.CMSSignatureCreationModule</code> from a * <code>CreateCMSSignatureRequest</code> given as an API object. The result of * the invocation is integrated into a <code>CreateCMSSignatureResponse</code> * and returned. - * + * * @version $Id$ */ public class CMSSignatureCreationInvoker { - - private static Map HASH_ALGORITHM_MAPPING; - - static { - HASH_ALGORITHM_MAPPING = new HashMap(); - HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1); - HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256); - HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384); - HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512); - } - + + private static Map HASH_ALGORITHM_MAPPING; + + static { + HASH_ALGORITHM_MAPPING = new HashMap(); + HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1); + HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256); + HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384); + HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512); + } /** The single instance of this class. */ private static CMSSignatureCreationInvoker instance = null; /** * Get the only instance of this class. - * + * * @return The only instance of this class. */ public static synchronized CMSSignatureCreationInvoker getInstance() { @@ -119,290 +116,271 @@ public class CMSSignatureCreationInvoker { /** * Create a new <code>CMSSignatureCreationInvoker</code>. - * + * * Protected to disallow multiple instances. */ protected CMSSignatureCreationInvoker() { } - - /** * Process the <code>CreateCMSSignatureRequest<code> message and invoke the * <code>XMLSignatureCreationModule</code> for every * <code>SingleSignatureInfo</code> contained in the request. - * + * * @param request A <code>CreateCMSSignatureRequest<code> API object * containing the information for creating the signature(s). - * @param reserved A <code>Set</code> of reserved object IDs. - * - * @return A <code>CreateCMSSignatureResponse</code> API object containing - * the created signature(s). The response contains either a - * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code> - * for each <code>SingleSignatureInfo</code> in the request. - * @throws MOAException An error occurred during signature creation. + * @param reserved A <code>Set</code> of reserved object IDs. + * + * @return A <code>CreateCMSSignatureResponse</code> API object containing the + * created signature(s). The response contains either a + * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code> for + * each <code>SingleSignatureInfo</code> in the request. + * @throws MOAException An error occurred during signature creation. */ public CreateCMSSignatureResponse createCMSSignature( - CreateCMSSignatureRequest request, - Set reserved) - throws MOAException { + CreateCMSSignatureRequest request, + Set reserved) + throws MOAException { + + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + // LoggingContext loggingCtx = + // LoggingContextManager.getInstance().getLoggingContext(); - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - //LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + final CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder(); + final CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl(); - CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder(); - CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl(); + boolean isSecurityLayerConform = false; + boolean isPAdESConformRequired = false; + String structure = null; + String mimetype = null; - boolean isSecurityLayerConform = false; - String structure = null; - String mimetype = null; - - // select the SingleSignatureInfo elements - Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator(); + // select the SingleSignatureInfo elements + final Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator(); // iterate over all the SingleSignatureInfo elements in the request - while (singleSignatureInfoIter.hasNext()) { - SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next(); - isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform(); - - - DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo(); - structure = dataObjectInfo.getStructure(); - - CMSDataObject dataobject = dataObjectInfo.getDataObject(); - MetaInfo metainfo = dataobject.getMetaInfo(); - mimetype = metainfo.getMimeType(); - - CMSContent content = dataobject.getContent(); - InputStream contentIs = null; - // build the content data - switch (content.getContentType()) { - case CMSContent.EXPLICIT_CONTENT : - contentIs = ((CMSContentExcplicit) content).getBinaryContent(); - break; - case CMSContent.REFERENCE_CONTENT : - String reference = ((CMSContentReference) content).getReference(); - if (!"".equals(reference)) { - ExternalURIResolver resolver = new ExternalURIResolver(); - contentIs = resolver.resolve(reference); - } else { - throw new MOAApplicationException("2301", null); - } - break; - default : { - throw new MOAApplicationException("2301", null); - } - } - - // create CMSSignatureCreationModuleFactory - CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance(); - - List signedProperties = null; - boolean includeData = true; - if (structure.compareTo("enveloping") == 0) - includeData = true; - if (structure.compareTo("detached") == 0) - includeData = false; - - ConfigurationProvider config = context.getConfiguration(); - - // get the key group id - String keyGroupID = request.getKeyIdentifier(); - // set the key set - Set keySet = buildKeySet(keyGroupID); - if (keySet == null) { - throw new MOAApplicationException("2231", null); - } else if (keySet.size() == 0) { - throw new MOAApplicationException("2232", null); - } - - // get digest algorithm - String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); - - // create CMSSignatureCreation profile: - CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( - keySet, - digestAlgorithm, - signedProperties, - isSecurityLayerConform, - includeData, - mimetype); - - // create CMSSignature from the CMSSignatureCreationModule - // build the additionalSignedProperties - List additionalSignedProperties = buildAdditionalSignedProperties(); - TransactionId tid = new TransactionId(context.getTransactionID()); - try { - CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid); - ByteArrayOutputStream out = new ByteArrayOutputStream(); - // get CMS SignedData output stream from the CMSSignature and wrap it around out - boolean base64 = true; - OutputStream signedDataStream = signature.getSignature(out, base64); - - // now write the data to be signed to the signedDataStream - - // - int byteRead; - /* - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - ByteArrayOutputStream filteredStream = new ByteArrayOutputStream(); - - while ((byteRead=contentIs.read()) >= 0) { - //System.out.println("counterXX: " + counter); - - // Wrong behaviour < 3 - // excluded bytes should not be part of the signature as 0 bytes - // they should be not part of the signature at all! - -// if (inRange(counter, dataobject)) -// filteredStream.write(0); -// else -// filteredStream.write(byteRead); -// - - // correct behaviour - if (!inRange(counter, dataobject)) { - filteredStream.write(byteRead); - } - - counter = counter.add(one); - } - byte[] data = filteredStream.toByteArray(); - signedDataStream.write(data, 0, data.length); - */ - // Stream based, this should have a better performance - FilteredOutputStream filteredOuputStream = new FilteredOutputStream( - signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(), - dataobject.getExcludeByteRangeTo()); - - IOUtils.copyLarge(contentIs, filteredOuputStream); - filteredOuputStream.flush(); -// byte[] buf = new byte[4096]; -// int bytesRead; -// while ((bytesRead = contentIs.read(buf)) >= 0) { -// signedDataStream.write(buf, 0, bytesRead); -// } -// - // finish SignedData processing by closing signedDataStream - signedDataStream.close(); - String base64value = out.toString(); - - responseBuilder.addCMSSignature(base64value); - - - } catch (CMSSignatureCreationException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - - responseBuilder.addError( - moaException.getMessageId(), - moaException.getMessage()); - Logger.warn(moaException.getMessage(), e); - - } - catch (IOException e) { - throw new MOAApplicationException("2301", null, e); - } - - } - + while (singleSignatureInfoIter.hasNext()) { + final SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next(); + isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform(); + isPAdESConformRequired = singleSignatureInfo.isPAdESConform(); + + // PAdES conformity always requires SecurityLayer conformity, because + // certificates must be included + if (isPAdESConformRequired && !isSecurityLayerConform) { + isSecurityLayerConform = isPAdESConformRequired; + Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested"); + + } + + final DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo(); + structure = dataObjectInfo.getStructure(); + + final CMSDataObject dataobject = dataObjectInfo.getDataObject(); + final MetaInfo metainfo = dataobject.getMetaInfo(); + + /* + * TODO: do not set SigningTime in IAIK-MOA request or any other API + * method/parameter when IAIK-MOA API is updated. Maybe also update mimetype + * solution below + */ + // does not set mimetype if PAdES conformity is requested + if (!isPAdESConformRequired) { + mimetype = metainfo.getMimeType(); + + } else { + Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature"); + } + + final CMSContent content = dataobject.getContent(); + InputStream contentIs = null; + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT: + contentIs = ((CMSContentExcplicit) content).getBinaryContent(); + break; + case CMSContent.REFERENCE_CONTENT: + final String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + final ExternalURIResolver resolver = new ExternalURIResolver(); + contentIs = resolver.resolve(reference); + } else { + throw new MOAApplicationException("2301", null); + } + break; + default: { + throw new MOAApplicationException("2301", null); + } + } + + // create CMSSignatureCreationModuleFactory + final CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance(); + + final List signedProperties = null; + boolean includeData = true; + if (structure.compareTo("enveloping") == 0) { + includeData = true; + } + if (structure.compareTo("detached") == 0) { + includeData = false; + } + + final ConfigurationProvider config = context.getConfiguration(); + + // get the key group id + final String keyGroupID = request.getKeyIdentifier(); + // set the key set + final Set keySet = buildKeySet(keyGroupID); + if (keySet == null) { + throw new MOAApplicationException("2231", null); + } else if (keySet.size() == 0) { + throw new MOAApplicationException("2232", null); + } + + // get digest algorithm + final String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); + + // create CMSSignatureCreation profile: + final CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( + keySet, + digestAlgorithm, + signedProperties, + isSecurityLayerConform, + includeData, + mimetype, + isPAdESConformRequired); + + // create CMSSignature from the CMSSignatureCreationModule + // build the additionalSignedProperties + final List additionalSignedProperties = buildAdditionalSignedProperties(); + final TransactionId tid = new TransactionId(context.getTransactionID()); + try { + final CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid); + final ByteArrayOutputStream out = new ByteArrayOutputStream(); + // get CMS SignedData output stream from the CMSSignature and wrap it around out + final boolean base64 = true; + final OutputStream signedDataStream = signature.getSignature(out, base64); + + // now write the data to be signed to the signedDataStream + // Stream based, this should have a better performance + final FilteredOutputStream filteredOuputStream = new FilteredOutputStream( + signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(), + dataobject.getExcludeByteRangeTo()); + + IOUtils.copyLarge(contentIs, filteredOuputStream); + filteredOuputStream.flush(); + + // finish SignedData processing by closing signedDataStream + signedDataStream.close(); + final String base64value = out.toString(); + + responseBuilder.addCMSSignature(base64value); + + } catch (final CMSSignatureCreationException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + + responseBuilder.addError( + moaException.getMessageId(), + moaException.getMessage()); + Logger.warn(moaException.getMessage(), e); + + } catch (final IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } return responseBuilder.getResponse(); } - + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return false; - - int compare = counter.compareTo(from); - if (compare == -1) - return false; - else { - compare = counter.compareTo(to); - if (compare == 1) - return false; - else - return true; - } - - - + final BigDecimal from = dataobject.getExcludeByteRangeFrom(); + final BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if (from == null || to == null) { + return false; + } + + int compare = counter.compareTo(from); + if (compare == -1) { + return false; + } else { + compare = counter.compareTo(to); + if (compare == 1) { + return false; + } else { + return true; + } + } + } - - private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException { - // get digest method on key group level (if configured) - String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm(); - // get default digest method (if configured) - String configDigestMethod = config.getDigestMethodAlgorithmName(); - - - String digestMethod = null; - if (configDigestMethodKG != null) { - // if KG specific digest method is configured - digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG); - if (digestMethod == null) { - error( - "config.17", - new Object[] { configDigestMethodKG}); - throw new MOASystemException("2900", null); - } - Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)"); - } - else { - // else get default configured digest method - digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod); - if (digestMethod == null) { - error( - "config.17", - new Object[] { configDigestMethod}); - throw new MOASystemException("2900", null); - } - Logger.debug("Digest algorithm: " + digestMethod + "(default)"); - - } - return digestMethod; + private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) + throws MOASystemException { + // get digest method on key group level (if configured) + final String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm(); + // get default digest method (if configured) + final String configDigestMethod = config.getDigestMethodAlgorithmName(); + + String digestMethod = null; + if (configDigestMethodKG != null) { + // if KG specific digest method is configured + digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG); + if (digestMethod == null) { + error( + "config.17", + new Object[] { configDigestMethodKG }); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)"); + } else { + // else get default configured digest method + digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod); + if (digestMethod == null) { + error( + "config.17", + new Object[] { configDigestMethod }); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethod + "(default)"); + + } + return digestMethod; } - + /** * Utility function to issue an error message to the log. - * - * @param messageId The ID of the message to log. + * + * @param messageId The ID of the message to log. * @param parameters Additional message parameters. */ private static void error(String messageId, Object[] parameters) { - MessageProvider msg = MessageProvider.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); Logger.error(new LogMsg(msg.getMessage(messageId, parameters))); } - + /** * Build the set of <code>KeyEntryID</code>s available to the given * <code>keyGroupID</code>. - * + * * @param keyGroupID The keygroup ID for which the available keys should be - * returned. - * @return The <code>Set</code> of <code>KeyEntryID</code>s - * identifying the available keys. + * returned. + * @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the + * available keys. */ private Set buildKeySet(String keyGroupID) { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); Set keyGroupEntries; // get the KeyGroup entries from the configuration if (context.getClientCertificate() != null) { - X509Certificate cert = context.getClientCertificate()[0]; - Principal issuer = cert.getIssuerDN(); - BigInteger serialNumber = cert.getSerialNumber(); + final X509Certificate cert = context.getClientCertificate()[0]; + final Principal issuer = cert.getIssuerDN(); + final BigInteger serialNumber = cert.getSerialNumber(); keyGroupEntries = - config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); + config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); } else { keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); } @@ -413,23 +391,23 @@ public class CMSSignatureCreationInvoker { } else if (keyGroupEntries.size() == 0) { return Collections.EMPTY_SET; } else { - KeyModule module = - KeyModuleFactory.getInstance( - new TransactionId(context.getTransactionID())); - Set keyEntryIDs = module.getPrivateKeyEntryIDs(); - Set keySet = new HashSet(); + final KeyModule module = + KeyModuleFactory.getInstance( + new TransactionId(context.getTransactionID())); + final Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + final Set keySet = new HashSet(); Iterator iter; // filter out the keys that do not exist in the IAIK configuration // by walking through the key entries and checking if the exist in the // keyGroupEntries for (iter = keyEntryIDs.iterator(); iter.hasNext();) { - KeyEntryID entryID = (KeyEntryID) iter.next(); - KeyGroupEntry entry = - new KeyGroupEntry( - entryID.getModuleID(), - entryID.getCertificateIssuer(), - entryID.getCertificateSerialNumber()); + final KeyEntryID entryID = (KeyEntryID) iter.next(); + final KeyGroupEntry entry = + new KeyGroupEntry( + entryID.getModuleID(), + entryID.getCertificateIssuer(), + entryID.getCertificateSerialNumber()); if (keyGroupEntries.contains(entry)) { keySet.add(entryID); } @@ -440,18 +418,18 @@ public class CMSSignatureCreationInvoker { /** * Build the list of additional signed properties. - * + * * Based on the generic configuration setting - * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a - * constant <code>SigningTime</code> will be added to the properties. - * + * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a constant + * <code>SigningTime</code> will be added to the properties. + * * @return The <code>List</code> of additional signed properties. */ private List buildAdditionalSignedProperties() { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - List additionalSignedProperties = Collections.EMPTY_LIST; + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final List additionalSignedProperties = Collections.EMPTY_LIST; return additionalSignedProperties; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index c0beced..e18f957 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -28,11 +28,11 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.math.BigDecimal; -import java.util.ArrayList; import java.util.Date; import java.util.Iterator; import java.util.List; +import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; @@ -54,12 +54,8 @@ import at.gv.egovernment.moa.spss.util.QCSSCDResult; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; -import iaik.server.ConfigurationException; -import iaik.server.modules.AdESConstants; -import iaik.server.modules.AdESFormVerificationResult; import iaik.server.modules.IAIKException; import iaik.server.modules.IAIKRuntimeException; -import iaik.server.modules.SignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationModule; import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; @@ -74,474 +70,459 @@ import iaik.x509.X509Certificate; /** * A class providing an interface to the * <code>CMSSignatureVerificationModule</code>. - * + * * This class performs the invocation of the * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code> * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation * is integrated into a <code>VerifyCMSSignatureResponse</code> returned. - * + * * @author Patrick Peck * @version $Id$ */ public class CMSSignatureVerificationInvoker { - /** The single instance of this class. */ - private static CMSSignatureVerificationInvoker instance = null; - - /** - * Return the only instance of this class. - * - * @return The only instance of this class. - */ - public static synchronized CMSSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new CMSSignatureVerificationInvoker(); - } - return instance; - } - - /** - * Create a new <code>CMSSignatureVerificationInvoker</code>. - * - * Protected to disallow multiple instances. - */ - protected CMSSignatureVerificationInvoker() { - } - - /** - * Verify a CMS signature. - * - * @param request - * The <code>VerifyCMSSignatureRequest</code> containing the CMS - * signature, as well as additional data needed for verification. - * @return Element A <code>VerifyCMSSignatureResponse</code> containing the - * answer to the <code>VerifyCMSSignatureRequest</code>. - * @throws MOAException - * An error occurred while processing the request. - */ - public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) throws MOAException { - - CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(request); - VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); - InputStream signature; - InputStream signedContent = null; - Date signingTime; - List results; - int[] signatories; - InputStream input; - byte[] buf = new byte[2048]; - - // get the signature - signature = request.getCMSSignature(); - - // get the actual trustprofile - TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - - try { - // get the signing time - signingTime = request.getDateTime(); - - // build the profile - if (request.isPDF()) { - PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile(); - Logger.info("Sending PDFSignatureVerificationProfile to IAIK-MOA"); - - PDFSignatureVerificationModule module = iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory - .getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - //Logger.info(" Available: " + signature.available()); - module.init(signature, profile, new TransactionId(context.getTransactionID())); - - // input = module.getInputStream(); - - // while (input.read(buf) > 0); - if(request.isExtended()) { - Logger.info("Running extended validation"); - results = module.verifyPAdESSignature(signingTime); - } else { - Logger.info("Running not extended validation"); - results = module.verifySignature(signingTime); - } - - } else { - // get the signed content - signedContent = getSignedContent(request); - CMSSignatureVerificationProfile profile = profileFactory.createProfile(); - Logger.info("Sending CMSSignatureVerificationProfile to IAIK-MOA"); - - // verify the signature - CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - - module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID())); - input = module.getInputStream(); - - while (input.read(buf) > 0) - ; - - if(request.isExtended()) { - Logger.info("Running extended validation"); - results = module.verifyCAdESSignature(signingTime); - } else { - Logger.info("Running not extended validation"); - results = module.verifySignature(signingTime); - } - // results = module.verifySignature(signingTime); - } - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IOException e) { - throw new MOAApplicationException("2244", null, e); - } catch (MOAException e) { - throw e; - } finally { - try { - if (signedContent != null) - signedContent.close(); - } catch (Throwable t) { - // Intentionally do nothing here - } - } - - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - // build the response: for each signatory add the result to the response - signatories = request.getSignatories(); - if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { - Iterator resultIter; - - for (resultIter = results.iterator(); resultIter.hasNext();) { - Object resultObject = resultIter.next(); - if (!request.isPDF()) { - handleCMSResult(resultObject, responseBuilder, trustProfile); - } else { - handlePDFResult(resultObject, responseBuilder, trustProfile); - } - } - } else { - int i; - - for (i = 0; i < signatories.length; i++) { - int sigIndex = signatories[i] - 1; - - try { - Object resultObject = results.get(signatories[i] - 1); - if (!request.isPDF()) { - handleCMSResult(resultObject, responseBuilder, trustProfile); - } else { - handlePDFResult(resultObject, responseBuilder, trustProfile); - } - } catch (IndexOutOfBoundsException e) { - throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); - } - } - } - - return responseBuilder.getResponse(); - } - - private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, - TrustProfile trustProfile) throws MOAException { - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - if(resultObject == null) { - Logger.warn("Result Object is null!"); - return; - } - - CMSSignatureVerificationResult cmsResult = null; - List adesResults = null; - ExtendedCertificateCheckResult extCheckResult = null; - if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { - Logger.info("Got ExtendedCMSSignatureVerificationResult"); - ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; - cmsResult = result.getCMSSignatureVerificationResult(); - adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); - - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - try { - //Logger.info("Extended Validation Report: " + result.getName()); - Logger.info("Extended Validation Code: " + result.getResultCode().toString()); - Logger.info("Extended Validation Info: " + result.getInfo()); - - extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); - } catch (ConfigurationException e) { - Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); - } catch (NullPointerException e) { - Logger.info("No extendend validation result available."); - } - } else { - Logger.info("Got CMSSignatureVerificationResult"); - cmsResult = (CMSSignatureVerificationResult) resultObject; - } - - String issuerCountryCode = null; - // QC/SSCD check - - if(cmsResult.getCertificateValidationResult() != null) { - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); - } - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult, - qcsscdresult.getTslInfos()); - } - - private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, - TrustProfile trustProfile) throws MOAException { - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - if(resultObject == null) { - Logger.warn("Result Object is null!"); - return; - } - - PDFSignatureVerificationResult cmsResult = null; - List adesResults = null; - - ExtendedCertificateCheckResult extCheckResult = null; - if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { - Logger.info("Got ExtendedPDFSignatureVerificationResult"); - ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; - cmsResult = result.getPDFSignatureVerificationResult(); - adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - cmsResult = result.getPDFSignatureVerificationResult(); - try { - //Logger.info("Extended Validation Report: " + result.getName()); - Logger.info("Extended Validation Code: " + result.getResultCode().toString()); - Logger.info("Extended Validation Info: " + result.getInfo()); - - extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); - } catch (ConfigurationException e) { - Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); - } catch (NullPointerException e) { - Logger.info("No extendend validation result available."); - } - } else { - Logger.info("Got PDFSignatureVerificationResult"); - cmsResult = (PDFSignatureVerificationResult) resultObject; - } - - String issuerCountryCode = null; - // QC/SSCD check - - if (cmsResult.getCertificateValidationResult() != null) { - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); - - } - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, - extCheckResult, qcsscdresult.getTslInfos()); - } - - /** - * Get the signed content contained either in the request itself or given as - * a reference to external data. - * - * @param request - * The <code>VerifyCMSSignatureRequest</code> containing the - * signed content (or the reference to the signed content). - * @return InputStream A stream providing the signed content data, or - * <code>null</code> if no signed content was provided with the - * request. - * @throws MOAApplicationException - * An error occurred building the stream. - */ - private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException { - - InputStream is = null; - CMSDataObject dataObj; - CMSContent content; - - // select the Content element - dataObj = request.getDataObject(); - if (dataObj == null) { - return null; - } - content = dataObj.getContent(); - - // build the content data - switch (content.getContentType()) { - case CMSContent.EXPLICIT_CONTENT: - is = ((CMSContentExcplicit) content).getBinaryContent(); - is = excludeByteRange(is, request); - return is; - case CMSContent.REFERENCE_CONTENT: - String reference = ((CMSContentReference) content).getReference(); - if (!"".equals(reference)) { - ExternalURIResolver resolver = new ExternalURIResolver(); - is = resolver.resolve(reference); - is = excludeByteRange(is, request); - return is; - } else { - return null; - } - default: - return null; - } - - } - - private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) - throws MOAApplicationException { - - int byteRead; - - ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); - - CMSDataObject dataobject = request.getDataObject(); - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ((from == null) || (to == null)) - return contentIs; - - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - try { - while ((byteRead = contentIs.read()) >= 0) { - - if (inRange(counter, dataobject)) { - // if byte is in byte range, set byte to 0x00 - contentOs.write(0); - } else - contentOs.write(byteRead); - - counter = counter.add(one); - } - - InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); - - return is; - - } catch (IOException e) { - throw new MOAApplicationException("2301", null, e); - } - - } - - private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ((from == null) || (to == null)) - return false; - - int compare = counter.compareTo(from); - if (compare == -1) - return false; - else { - compare = counter.compareTo(to); - if (compare == 1) - return false; - else - return true; - } - - } - - private List getAdESResult(ExtendedCMSSignatureVerificationResult adesFormVerification) throws ConfigurationException { - if (adesFormVerification == null) { - // no form information - return null; - } - - List adesList = new ArrayList(); - Logger.info("Checking AdES Results:"); - - //AdESResultUtils.buildResult(adesFormVerification.getDetailedExtendedReport(), adesList); - - //AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), - // SignatureVerificationProfile.LEVEL_LTA, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), - SignatureVerificationProfile.LEVEL_LT, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.ADES_T_VALIDATION), - SignatureVerificationProfile.LEVEL_T, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), - SignatureVerificationProfile.LEVEL_B, adesList); - - return adesList; - } - - private List getAdESResult(ExtendedPDFSignatureVerificationResult adesFormVerification) throws ConfigurationException { - if (adesFormVerification == null) { - // no form information - return null; - } - - List adesList = new ArrayList(); - - /*checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), - SignatureVerificationProfile.LEVEL_LTA, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), - SignatureVerificationProfile.LEVEL_LT, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), - SignatureVerificationProfile.LEVEL_T, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), - SignatureVerificationProfile.LEVEL_B, adesList); - */ - - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), - SignatureVerificationProfile.LEVEL_LT, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.ADES_T_VALIDATION), - SignatureVerificationProfile.LEVEL_T, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), - SignatureVerificationProfile.LEVEL_B, adesList); - - return adesList; - } + /** The single instance of this class. */ + private static CMSSignatureVerificationInvoker instance = null; + + /** + * Return the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>CMSSignatureVerificationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureVerificationInvoker() { + } + + /** + * Verify a CMS signature. + * + * @param request The <code>VerifyCMSSignatureRequest</code> containing the CMS + * signature, as well as additional data needed for verification. + * @return Element A <code>VerifyCMSSignatureResponse</code> containing the + * answer to the <code>VerifyCMSSignatureRequest</code>. + * @throws MOAException An error occurred while processing the request. + */ + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) + throws MOAException { + + final CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory( + request); + final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + InputStream signature; + InputStream signedContent = null; + Date signingTime; + List results; + int[] signatories; + InputStream input; + final byte[] buf = new byte[2048]; + + // get the signature + signature = request.getCMSSignature(); + + // get the actual trustprofile + final TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + + try { + // get the signing time + signingTime = request.getDateTime(); + + // build the profile + if (request.isPDF()) { + final PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile(); + Logger.debug("Sending PDFSignatureVerificationProfile to IAIK-MOA"); + + final PDFSignatureVerificationModule module = + iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory + .getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + // Logger.info(" Available: " + signature.available()); + module.init(signature, profile, new TransactionId(context.getTransactionID())); + + // input = module.getInputStream(); + + // while (input.read(buf) > 0); + if (request.isExtended()) { + Logger.info("Running extended validation"); + results = module.verifyPAdESSignature(signingTime); + } else { + Logger.info("Running not extended validation"); + results = module.verifySignature(signingTime); + } + + // PAdES module had to be closed manually + module.closeModule(); + + } else { + // get the signed content + signedContent = getSignedContent(request); + final CMSSignatureVerificationProfile profile = profileFactory.createProfile(); + Logger.debug("Sending CMSSignatureVerificationProfile to IAIK-MOA"); + + // verify the signature + final CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID())); + input = module.getInputStream(); + + while (input.read(buf) > 0) { + ; + } + + if (request.isExtended()) { + Logger.info("Running extended validation"); + results = module.verifyCAdESSignature(signingTime); + } else { + Logger.info("Running not extended validation"); + results = module.verifySignature(signingTime); + } + // results = module.verifySignature(signingTime); + } + + } catch (final IAIKException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (final IAIKRuntimeException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (final IOException e) { + throw new MOAApplicationException("2244", null, e); + } catch (final MOAException e) { + throw e; + } finally { + try { + if (signedContent != null) { + signedContent.close(); + } + + if (signature != null) { + signature.close(); + } + + } catch (final Throwable t) { + // Intentionally do nothing here + } + } + + final QCSSCDResult qcsscdresult = new QCSSCDResult(); + + // build the response: for each signatory add the result to the response + signatories = request.getSignatories(); + if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { + Iterator resultIter; + + for (resultIter = results.iterator(); resultIter.hasNext();) { + final Object resultObject = resultIter.next(); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } + } else { + int i; + + for (i = 0; i < signatories.length; i++) { + final int sigIndex = signatories[i] - 1; + + try { + final Object resultObject = results.get(signatories[i] - 1); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } catch (final IndexOutOfBoundsException e) { + throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); + } + } + } + + return responseBuilder.getResponse(); + } + + private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + if (resultObject == null) { + Logger.warn("Result Object is null!"); + return; + } + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + boolean extendedVerification = false; + + ExtendedCertificateCheckResult extCheckResult = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + Logger.info("Got ExtendedCMSSignatureVerificationResult"); + extendedVerification = true; + final ExtendedCMSSignatureVerificationResult result = + (ExtendedCMSSignatureVerificationResult) resultObject; + cmsResult = result.getCMSSignatureVerificationResult(); + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + + if (Logger.isDebugEnabled() && adesResults != null) { + final Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.debug("ADES Formresults: " + adesIterator.next().toString()); + } + + } + + try { + // Logger.info("Extended Validation Report: " + result.getName()); + Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); + Logger.debug("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + + } catch (final NullPointerException e) { + Logger.info("No extendend validation result available."); + + } + } else { + Logger.debug("Got CMSSignatureVerificationResult"); + cmsResult = (CMSSignatureVerificationResult) resultObject; + + } + + String issuerCountryCode = null; + // QC/SSCD check + + if (cmsResult.getCertificateValidationResult() != null) { + final List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + final X509Certificate[] chain = new X509Certificate[list.size()]; + + final Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile + .isTSLEnabled(), ConfigurationProvider.getInstance()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + } + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult, + qcsscdresult.getTslInfos(), extendedVerification); + } + + private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + if (resultObject == null) { + Logger.warn("Result Object is null!"); + return; + } + + PDFSignatureVerificationResult cmsResult = null; + List adesResults = null; + boolean extendedVerification = false; + final Boolean coversFullDoc = null; + final int[] sigByteRange = null; + + ExtendedCertificateCheckResult extCheckResult = null; + if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { + Logger.info("Got ExtendedPDFSignatureVerificationResult"); + extendedVerification = true; + final ExtendedPDFSignatureVerificationResult result = + (ExtendedPDFSignatureVerificationResult) resultObject; + cmsResult = result.getPDFSignatureVerificationResult(); + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + + if (Logger.isDebugEnabled() && adesResults != null) { + final Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.debug("ADES Formresults: " + adesIterator.next().toString()); + } + + } + + try { + Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); + + if (result.getDetailedExtendedReport() != null) { + Logger.debug("Extended Validation Info: " + result.getDetailedExtendedReport().getMessage()); + } else { + Logger.debug("Extended Validation Info: " + result.getInfo()); + } + + Logger.debug("Full extended Validation Infos: " + result.getInfo()); + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + + } catch (final NullPointerException e) { + Logger.info("No extendend validation result available."); + + } + + } else { + Logger.debug("Got PDFSignatureVerificationResult"); + cmsResult = (PDFSignatureVerificationResult) resultObject; + } + + if (MiscUtil.isNotEmpty(cmsResult.getError())) { + Logger.info("Signature validation stopped with an error: " + cmsResult.getError()); + } + + String issuerCountryCode = null; + // QC/SSCD check + + if (cmsResult.getCertificateValidationResult() != null) { + final List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + final X509Certificate[] chain = new X509Certificate[list.size()]; + + final Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile + .isTSLEnabled(), ConfigurationProvider.getInstance()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, + extCheckResult, qcsscdresult.getTslInfos(), extendedVerification); + } + + /** + * Get the signed content contained either in the request itself or given as a + * reference to external data. + * + * @param request The <code>VerifyCMSSignatureRequest</code> containing the + * signed content (or the reference to the signed content). + * @return InputStream A stream providing the signed content data, or + * <code>null</code> if no signed content was provided with the request. + * @throws MOAApplicationException An error occurred building the stream. + */ + private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException { + + InputStream is = null; + CMSDataObject dataObj; + CMSContent content; + + // select the Content element + dataObj = request.getDataObject(); + if (dataObj == null) { + return null; + } + content = dataObj.getContent(); + + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT: + is = ((CMSContentExcplicit) content).getBinaryContent(); + is = excludeByteRange(is, request); + return is; + case CMSContent.REFERENCE_CONTENT: + final String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + final ExternalURIResolver resolver = new ExternalURIResolver(); + is = resolver.resolve(reference); + is = excludeByteRange(is, request); + return is; + } else { + return null; + } + default: + return null; + } + + } + + private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) + throws MOAApplicationException { + + int byteRead; + + final ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); + + final CMSDataObject dataobject = request.getDataObject(); + final BigDecimal from = dataobject.getExcludeByteRangeFrom(); + final BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if (from == null || to == null) { + return contentIs; + } + + BigDecimal counter = new BigDecimal("0"); + final BigDecimal one = new BigDecimal("1"); + + try { + while ((byteRead = contentIs.read()) >= 0) { + + if (inRange(counter, dataobject)) { + // if byte is in byte range, set byte to 0x00 + contentOs.write(0); + } else { + contentOs.write(byteRead); + } + + counter = counter.add(one); + } + + final InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); + + return is; + + } catch (final IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { + final BigDecimal from = dataobject.getExcludeByteRangeFrom(); + final BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if (from == null || to == null) { + return false; + } + + int compare = counter.compareTo(from); + if (compare == -1) { + return false; + } else { + compare = counter.compareTo(to); + if (compare == 1) { + return false; + } else { + return true; + } + } + + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java index bd5db6d..5e343c4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import at.gv.egovernment.moa.spss.MOAException; @@ -39,71 +38,71 @@ import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; * A factory to create a <code>CMSSignatureVerificationProfile</code> from a * <code>VerifyCMSSignatureRequest</code> and the current MOA configuration * data. - * + * * @author Patrick Peck * @version $Id$ */ public class CMSSignatureVerificationProfileFactory { - /** The <code>VerifyCMSSignatureRequest</code> to draw profile data from. */ - private VerifyCMSSignatureRequest request; + /** The <code>VerifyCMSSignatureRequest</code> to draw profile data from. */ + private final VerifyCMSSignatureRequest request; /** * Create a new <code>CMSSignatureVerificationProfileFactory</code>. * - * @param request The <code>VerifyCMSSignatureRequest</code> to draw profile - * data from. + * @param request The <code>VerifyCMSSignatureRequest</code> to draw profile + * data from. */ public CMSSignatureVerificationProfileFactory(VerifyCMSSignatureRequest request) { this.request = request; } /** - * Create a <code>CMSSignatureVerificationProfile</code> from the given - * request and the current MOA configuration. - * + * Create a <code>CMSSignatureVerificationProfile</code> from the given request + * and the current MOA configuration. + * * @return The <code>CMSSignatureVerificationProfile</code> for the - * <code>request</code>, based on the current configuration. + * <code>request</code>, based on the current configuration. * @throws MOAException An error occurred creating the profile. */ public PDFSignatureVerificationProfile createPDFProfile() - throws MOAException { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - PDFSignatureVerificationProfileImpl profile = - new PDFSignatureVerificationProfileImpl(); + throws MOAException { + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final PDFSignatureVerificationProfileImpl profile = + new PDFSignatureVerificationProfileImpl(); String trustProfileID; // set the certificate validation profile trustProfileID = request.getTrustProfileId(); profile.setCertificateValidationProfile( - new PKIProfileImpl(config, trustProfileID)); + new PKIProfileImpl(config, trustProfileID)); return profile; } - + /** - * Create a <code>CMSSignatureVerificationProfile</code> from the given - * request and the current MOA configuration. - * + * Create a <code>CMSSignatureVerificationProfile</code> from the given request + * and the current MOA configuration. + * * @return The <code>CMSSignatureVerificationProfile</code> for the - * <code>request</code>, based on the current configuration. + * <code>request</code>, based on the current configuration. * @throws MOAException An error occurred creating the profile. */ public CMSSignatureVerificationProfile createProfile() - throws MOAException { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - CMSSignatureVerificationProfileImpl profile = - new CMSSignatureVerificationProfileImpl(); + throws MOAException { + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final CMSSignatureVerificationProfileImpl profile = + new CMSSignatureVerificationProfileImpl(); String trustProfileID; // set the certificate validation profile trustProfileID = request.getTrustProfileId(); profile.setCertificateValidationProfile( - new PKIProfileImpl(config, trustProfileID)); + new PKIProfileImpl(config, trustProfileID)); return profile; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java index aa52fe0..bc5d884 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import java.util.ArrayList; @@ -34,29 +33,33 @@ import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; /** * A class to build a <code>CreateCMSSignatureResponse</code>. - * - * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be + * + * <p> + * The methods <code>addSignature()</code> and <code>addError()</code> may be * called in any combination to add <code>CMSignature</code> and * <code>ErrorResponse</code> elements to the response. One of these functions - * must be called at least once to produce a - * <code>CreateCMSSignatureResponse</code>.</p> - * - * <p>The <code>getResponseElement()</code> method then returns the - * <code>CreateXMLSignatureResponse</code> built so far.</p> - * + * must be called at least once to produce a + * <code>CreateCMSSignatureResponse</code>. + * </p> + * + * <p> + * The <code>getResponseElement()</code> method then returns the + * <code>CreateXMLSignatureResponse</code> built so far. + * </p> + * * @author Patrick Peck * @version $Id$ */ public class CreateCMSSignatureResponseBuilder { /** The <code>SPSSFactory</code> for creating API objects. */ - private SPSSFactory factory = SPSSFactory.getInstance(); + private final SPSSFactory factory = SPSSFactory.getInstance(); /** The elements to add to the response. */ - private List responseElements = new ArrayList(); + private final List responseElements = new ArrayList(); /** * Get the <code>CreateCMSSignatureResponse</code> built so far. - * + * * @return The <code>CreateCMSSignatureResponse</code> built so far. */ public CreateCMSSignatureResponse getResponse() { @@ -65,28 +68,29 @@ public class CreateCMSSignatureResponseBuilder { /** * Add a <code>SignatureEnvironment</code> element to the response. - * + * * @param signatureEnvironment The content to put under the - * <code>SignatureEnvironment</code> element. This should either be a - * <code>dsig:Signature</code> element (in case of a detached signature) or - * the signature environment containing the signature (in case of - * an enveloping signature). + * <code>SignatureEnvironment</code> element. This + * should either be a <code>dsig:Signature</code> + * element (in case of a detached signature) or the + * signature environment containing the signature + * (in case of an enveloping signature). */ public void addCMSSignature(String base64value) { - CMSSignatureResponse responseElement = - factory.createCMSSignatureResponse(base64value); + final CMSSignatureResponse responseElement = + factory.createCMSSignatureResponse(base64value); responseElements.add(responseElement); } /** * Add a <code>ErrorResponse</code> element to the response. - * + * * @param errorCode The error code. - * @param info Additional information about the error. + * @param info Additional information about the error. */ public void addError(String errorCode, String info) { - ErrorResponse errorResponse = - factory.createErrorResponse(Integer.parseInt(errorCode), info); + final ErrorResponse errorResponse = + factory.createErrorResponse(Integer.parseInt(errorCode), info); responseElements.add(errorResponse); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java index 7a7161d..0a7e70d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import java.util.ArrayList; @@ -36,29 +35,33 @@ import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse; /** * A class to build a <code>CreateXMLSignatureResponse</code>. - * - * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be + * + * <p> + * The methods <code>addSignature()</code> and <code>addError()</code> may be * called in any combination to add <code>SignatureEnvironment</code> and * <code>ErrorResponse</code> elements to the response. One of these functions - * must be called at least once to produce a - * <code>CreateXMLSignatureResponse</code>.</p> - * - * <p>The <code>getResponseElement()</code> method then returns the - * <code>CreateXMLSignatureResponse</code> built so far.</p> - * + * must be called at least once to produce a + * <code>CreateXMLSignatureResponse</code>. + * </p> + * + * <p> + * The <code>getResponseElement()</code> method then returns the + * <code>CreateXMLSignatureResponse</code> built so far. + * </p> + * * @author Patrick Peck * @version $Id$ */ public class CreateXMLSignatureResponseBuilder { /** The <code>SPSSFactory</code> for creating API objects. */ - private SPSSFactory factory = SPSSFactory.getInstance(); + private final SPSSFactory factory = SPSSFactory.getInstance(); /** The elements to add to the response. */ - private List responseElements = new ArrayList(); + private final List responseElements = new ArrayList(); /** * Get the <code>CreateXMLSignatureResponse</code> built so far. - * + * * @return The <code>CreateXMLSignatureResponse</code> built so far. */ public CreateXMLSignatureResponse getResponse() { @@ -67,28 +70,29 @@ public class CreateXMLSignatureResponseBuilder { /** * Add a <code>SignatureEnvironment</code> element to the response. - * + * * @param signatureEnvironment The content to put under the - * <code>SignatureEnvironment</code> element. This should either be a - * <code>dsig:Signature</code> element (in case of a detached signature) or - * the signature environment containing the signature (in case of - * an enveloping signature). + * <code>SignatureEnvironment</code> element. This + * should either be a <code>dsig:Signature</code> + * element (in case of a detached signature) or the + * signature environment containing the signature + * (in case of an enveloping signature). */ public void addSignatureEnvironment(Element signatureEnvironment) { - SignatureEnvironmentResponse responseElement = - factory.createSignatureEnvironmentResponse(signatureEnvironment); + final SignatureEnvironmentResponse responseElement = + factory.createSignatureEnvironmentResponse(signatureEnvironment); responseElements.add(responseElement); } /** * Add a <code>ErrorResponse</code> element to the response. - * + * * @param errorCode The error code. - * @param info Additional information about the error. + * @param info Additional information about the error. */ public void addError(String errorCode, String info) { - ErrorResponse errorResponse = - factory.createErrorResponse(Integer.parseInt(errorCode), info); + final ErrorResponse errorResponse = + factory.createErrorResponse(Integer.parseInt(errorCode), info); responseElements.add(errorResponse); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java index 0740a73..b8d4df5 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -21,10 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -84,8 +82,8 @@ import iaik.server.modules.xml.XMLDataObject; import iaik.xml.crypto.utils.URIDereferencerImpl; /** - * A class to create <code>DataObject</code>s contained in different - * locations of the MOA XML request format. + * A class to create <code>DataObject</code>s contained in different locations + * of the MOA XML request format. * * @author Patrick Peck * @author Gregor Karlinger @@ -94,15 +92,15 @@ import iaik.xml.crypto.utils.URIDereferencerImpl; public class DataObjectFactory { /** - * XPATH for registering ID attributes of known schemas if - * validating parsing fails. + * XPATH for registering ID attributes of known schemas if validating parsing + * fails. */ private static final String XPATH = - "descendant-or-self::node()[" + - "namespace-uri()='http://www.w3.org/2000/09/xmldsig#' " + - "or namespace-uri()='http://reference.e-government.gv.at/namespace/persondata/20020228#' " + - "or starts-with(namespace-uri(), 'http://uri.etsi.org/01903/')" + - "]/attribute::Id"; + "descendant-or-self::node()[" + + "namespace-uri()='http://www.w3.org/2000/09/xmldsig#' " + + "or namespace-uri()='http://reference.e-government.gv.at/namespace/persondata/20020228#' " + + "or starts-with(namespace-uri(), 'http://uri.etsi.org/01903/')" + + "]/attribute::Id"; /** The single instance of this class. */ private static DataObjectFactory instance = null; @@ -128,26 +126,27 @@ public class DataObjectFactory { } /** - * Return the signature environment, i.e., the root element of the - * document, into which the signature will be inserted (if created) or which - * contains the signature (if verified). + * Return the signature environment, i.e., the root element of the document, + * into which the signature will be inserted (if created) or which contains the + * signature (if verified). * - * @param content The <code>Content</code> object containing the signature - * environment. + * @param content The <code>Content</code> object containing the signature + * environment. * @param supplements Additional schema or DTD information. - * @return The signature environment or <code>null</code>, if no - * signature environment exists. - * @throws MOASystemException A system error occurred building the signature - * environment (see message for details). + * @return The signature environment or <code>null</code>, if no signature + * environment exists. + * @throws MOASystemException A system error occurred building the + * signature environment (see message for + * details). * @throws MOAApplicationException An error occurred building the signature - * environment (see message for details). + * environment (see message for details). */ public XMLDataObject createSignatureEnvironment( - Content content, - List supplements) - throws MOASystemException, MOAApplicationException { + Content content, + List supplements) + throws MOASystemException, MOAApplicationException { - String reference = content.getReference(); + final String reference = content.getReference(); EntityResolver entityResolver; byte[] contentBytes; @@ -155,10 +154,10 @@ public class DataObjectFactory { checkAllowContentAndReference(content, false); // build the EntityResolver for validating parsing - if ((supplements == null) || supplements.isEmpty()) { + if (supplements == null || supplements.isEmpty()) { entityResolver = new MOASPSSEntityResolver(); } else { - EntityResolverChain chain = new EntityResolverChain(); + final EntityResolverChain chain = new EntityResolverChain(); chain.addEntityResolver(buildSupplementEntityResolver(supplements)); chain.addEntityResolver(new MOASPSSEntityResolver()); @@ -168,83 +167,70 @@ public class DataObjectFactory { // convert the content into a byte array try { switch (content.getContentType()) { - case Content.BINARY_CONTENT : - { - InputStream is = ((ContentBinary) content).getBinaryContent(); - contentBytes = StreamUtils.readStream(is); - break; - } - case Content.LOCREF_CONTENT: - { - String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); - InputStream is = null; - try - { - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - is = context.ResolveURI(locRefURI); - if (is == null) { - ExternalURIResolver uriResolver = new ExternalURIResolver(); - is = uriResolver.resolve(locRefURI); - } - contentBytes = StreamUtils.readStream(is); - } - catch (MOAApplicationException e) - { - throw new MOAApplicationException("3203", new Object[]{reference, locRefURI}, e); - } - finally - { - closeInputStream(is); + case Content.BINARY_CONTENT: { + final InputStream is = ((ContentBinary) content).getBinaryContent(); + contentBytes = StreamUtils.readStream(is); + break; + } + case Content.LOCREF_CONTENT: { + final String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + InputStream is = null; + try { + final TransactionContext context = TransactionContextManager.getInstance() + .getTransactionContext(); + is = context.ResolveURI(locRefURI); + if (is == null) { + final ExternalURIResolver uriResolver = new ExternalURIResolver(); + is = uriResolver.resolve(locRefURI); } - break; + contentBytes = StreamUtils.readStream(is); + } catch (final MOAApplicationException e) { + throw new MOAApplicationException("3203", new Object[] { reference, locRefURI }, e); + } finally { + closeInputStream(is); } - case Content.REFERENCE_CONTENT : - { - ExternalURIResolver uriResolver = new ExternalURIResolver(); - InputStream is = null; - try - { - is = uriResolver.resolve(reference); - contentBytes = StreamUtils.readStream(is); - } - catch (Exception e) - { - throw e; - } - finally - { - closeInputStream(is); - } - break; + break; + } + case Content.REFERENCE_CONTENT: { + final ExternalURIResolver uriResolver = new ExternalURIResolver(); + InputStream is = null; + try { + is = uriResolver.resolve(reference); + contentBytes = StreamUtils.readStream(is); + } catch (final Exception e) { + throw e; + } finally { + closeInputStream(is); } - case Content.XML_CONTENT : - { - Element element = + break; + } + case Content.XML_CONTENT: { + final Element element = checkForSingleElement(((ContentXML) content).getXMLContent()); - contentBytes = DOMUtils.serializeNode(element, "UTF-8"); + contentBytes = DOMUtils.serializeNode(element, "UTF-8"); - break; - } - default : { + break; + } + default: { contentBytes = null; // this will not happen } } - } catch (MOAApplicationException e) { + } catch (final MOAApplicationException e) { throw e; - } catch (Exception e) { + } catch (final Exception e) { throw new MOAApplicationException("2219", null); } if (Logger.isTraceEnabled()) { // For logging in Debug-Mode: Mask baseid with xxx - String logString = new String(contentBytes); + final String logString = new String(contentBytes); // TODO use RegExp - String startS = "<pr:Identification><pr:Value>"; - String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>"; + final String startS = "<pr:Identification><pr:Value>"; + final String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>"; String logWithMaskedBaseid = logString; - int start = logString.indexOf(startS); + final int start = logString.indexOf(startS); if (start > -1) { - int end = logString.indexOf(endS); + final int end = logString.indexOf(endS); if (end > -1) { logWithMaskedBaseid = logString.substring(0, start); logWithMaskedBaseid += startS; @@ -257,37 +243,37 @@ public class DataObjectFactory { Logger.trace(">>> parsing the following content: \n" + logWithMaskedBaseid); } try { - ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); - Document doc = - DOMUtils.parseDocument( - is, - true, - Constants.ALL_SCHEMA_LOCATIONS, - null, - entityResolver, - new MOAErrorHandler()); + final ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); + final Document doc = + DOMUtils.parseDocument( + is, + true, + Constants.ALL_SCHEMA_LOCATIONS, + null, + entityResolver, + new MOAErrorHandler()); Logger.trace("<<< parsed"); return new XMLDataObjectImpl(doc.getDocumentElement()); - } catch (Exception e) { + } catch (final Exception e) { // never mind, we'll try non-validating - MessageProvider msg = MessageProvider.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); Logger.info(new LogMsg(msg.getMessage("invoker.00", null))); Logger.info(new LogMsg(e.getMessage())); } // try to parse non-validating try { - ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); - Document doc = DOMUtils.parseDocument(is, false, null, null); + final ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); + final Document doc = DOMUtils.parseDocument(is, false, null, null); // Since the parse tree will not contain any post schema validation information, // we need to register any attributes known to be of type xsd:Id manually. - NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH); + final NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH); for (int i = 0; i < idAttributes.getLength(); i++) { - Node item = idAttributes.item(i); + final Node item = idAttributes.item(i); if (item instanceof Attr) { - Attr attr = (Attr) item; - Element owner = attr.getOwnerElement(); + final Attr attr = (Attr) item; + final Element owner = attr.getOwnerElement(); // Only available in DOM-Level 3 (Java 1.5): // owner.setIdAttributeNode(attr, true); if (doc instanceof CoreDocumentImpl) { @@ -296,7 +282,7 @@ public class DataObjectFactory { } } return new XMLDataObjectImpl(doc.getDocumentElement()); - } catch (Exception e) { + } catch (final Exception e) { throw new MOAApplicationException("2218", null); } } @@ -305,68 +291,69 @@ public class DataObjectFactory { * Create an <code>XMLDataObject</code> from the given signature environment. * * @param signatureEnvironment The signature environment contained in the - * result. - * @param uri The URI identifying the data. This must be either the empty - * URI, an URI starting with <code>"#xpointer"</code>, <code>"#xmlns"</code> - * or <code>"#element"</code>; or an URI starting with <code>"#"</code> and - * followed by an element ID. - * @param referenceID The reference ID to set for the data object. + * result. + * @param uri The URI identifying the data. This must be either + * the empty URI, an URI starting with + * <code>"#xpointer"</code>, <code>"#xmlns"</code> + * or <code>"#element"</code>; or an URI starting + * with <code>"#"</code> and followed by an element + * ID. + * @param referenceID The reference ID to set for the data object. * @return A data object containing the signature environment. */ public DataObject createFromSignatureEnvironment( - Element signatureEnvironment, - String uri, - String referenceID) - throws MOAApplicationException { + Element signatureEnvironment, + String uri, + String referenceID) + throws MOAApplicationException { DataObjectImpl dataObject = null; if ("".equals(uri)) { dataObject = new XMLDataObjectImpl(signatureEnvironment); - } else if ( - uri.startsWith("#xpointer") + } else if (uri.startsWith("#xpointer") || uri.startsWith("#xmlns") || uri.startsWith("#element")) { try { - // CHANGE IXSIL to XSECT - // maybe use URIDereferencerImpl or XPath ...?? - //XPointerReferenceResolver resolver = new XPointerReferenceResolver(); - URIDereferencerImpl uriDereferencer = new URIDereferencerImpl(); - URIReference uriReference = new URIReferenceImpl(uri, null, signatureEnvironment); - Data returnedData = uriDereferencer.dereference(uriReference, null); - - if(returnedData instanceof NodeSetData) { - NodeSetData nodeSetData = (NodeSetData)returnedData; - Iterator nodesIterator = nodeSetData.iterator(); - List nodeList = new ArrayList(); - - while(nodesIterator.hasNext()) { - nodeList.add(nodesIterator.next()); - } - - NodeList nodes = new NodeListImplementation(nodeList); - dataObject = new XMLNodeListDataObjectImpl(nodes); - } else if(returnedData instanceof OctetStreamData) { - OctetStreamData streamData = (OctetStreamData)returnedData; - dataObject = new ByteStreamDataObjectImpl(streamData.getOctetStream()); + // CHANGE IXSIL to XSECT + // maybe use URIDereferencerImpl or XPath ...?? + // XPointerReferenceResolver resolver = new XPointerReferenceResolver(); + final URIDereferencerImpl uriDereferencer = new URIDereferencerImpl(); + final URIReference uriReference = new URIReferenceImpl(uri, null, signatureEnvironment); + final Data returnedData = uriDereferencer.dereference(uriReference, null); + + if (returnedData instanceof NodeSetData) { + final NodeSetData nodeSetData = (NodeSetData) returnedData; + final Iterator nodesIterator = nodeSetData.iterator(); + final List nodeList = new ArrayList(); + + while (nodesIterator.hasNext()) { + nodeList.add(nodesIterator.next()); + } + + final NodeList nodes = new NodeListImplementation(nodeList); + dataObject = new XMLNodeListDataObjectImpl(nodes); + } else if (returnedData instanceof OctetStreamData) { + final OctetStreamData streamData = (OctetStreamData) returnedData; + dataObject = new ByteStreamDataObjectImpl(streamData.getOctetStream()); } else { - throw new MOAApplicationException("2237", new Object[] { uri }); + throw new MOAApplicationException("2237", new Object[] { uri }); } - - //URI uriObj = new URI(uri); - //NodeList nodes = - // resolver.resolveForest( - // uriObj, - // signatureEnvironment.getOwnerDocument(), - // null); - - } catch (Exception e) { + + // URI uriObj = new URI(uri); + // NodeList nodes = + // resolver.resolveForest( + // uriObj, + // signatureEnvironment.getOwnerDocument(), + // null); + + } catch (final Exception e) { throw new MOAApplicationException("2237", new Object[] { uri }); } } else if (uri.startsWith("#")) { - String id = uri.substring(1); - Element refElem = - signatureEnvironment.getOwnerDocument().getElementById(id); + final String id = uri.substring(1); + final Element refElem = + signatureEnvironment.getOwnerDocument().getElementById(id); if (refElem == null) { throw new MOAApplicationException("2237", new Object[] { id }); @@ -385,87 +372,75 @@ public class DataObjectFactory { * supplements. * * @param supplements The supplements, given as - * <code>XMLDataObjectAssociation</code>s. - * @return A <code>StreamEntityResolver</code> mapping the supplements by - * their reference URI to an <code>InputStream</code> of their respective - * content. + * <code>XMLDataObjectAssociation</code>s. + * @return A <code>StreamEntityResolver</code> mapping the supplements by their + * reference URI to an <code>InputStream</code> of their respective + * content. */ private static StreamEntityResolver buildSupplementEntityResolver(List supplements) - throws MOAApplicationException - { - Map entities = new HashMap(); + throws MOAApplicationException { + final Map entities = new HashMap(); Iterator iter; for (iter = supplements.iterator(); iter.hasNext();) { - XMLDataObjectAssociation supplement = - (XMLDataObjectAssociation) iter.next(); - Content content = supplement.getContent(); - String reference = content.getReference(); + final XMLDataObjectAssociation supplement = + (XMLDataObjectAssociation) iter.next(); + final Content content = supplement.getContent(); + final String reference = content.getReference(); switch (content.getContentType()) { - case Content.BINARY_CONTENT : - { - entities.put(reference, ((ContentBinary) content).getBinaryContent()); - break; + case Content.BINARY_CONTENT: { + entities.put(reference, ((ContentBinary) content).getBinaryContent()); + break; + } + case Content.LOCREF_CONTENT: { + final String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + if (context.FindResolvedEntity(locRefURI) == null) { + + final ExternalURIResolver uriResolver = new ExternalURIResolver(); + InputStream uriStream = null; + byte[] contentBytes; + String contentType = null; + try { + uriStream = uriResolver.resolve(locRefURI); + contentBytes = StreamUtils.readStream(uriStream); + contentType = uriResolver.getContentType(); + } catch (final Exception e) { + throw new MOAApplicationException("3202", new Object[] { reference, locRefURI }, e); + } finally { + closeInputStream(uriStream); + } + context.PutResolvedEntity(locRefURI, contentBytes, contentType); } - case Content.LOCREF_CONTENT: - { - String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); - - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - if (context.FindResolvedEntity(locRefURI)==null) { - - ExternalURIResolver uriResolver = new ExternalURIResolver(); - InputStream uriStream = null; - byte[] contentBytes; - String contentType = null; - try - { - uriStream = uriResolver.resolve(locRefURI); - contentBytes = StreamUtils.readStream(uriStream); - contentType = uriResolver.getContentType(); - } - catch (Exception e) - { - throw new MOAApplicationException("3202", new Object[]{reference, locRefURI}, e); - } - finally - { - closeInputStream(uriStream); - } - context.PutResolvedEntity(locRefURI, contentBytes, contentType); - } - InputStream contentIS = context.ResolveURI(locRefURI); - entities.put(reference, contentIS); - break; + final InputStream contentIS = context.ResolveURI(locRefURI); + entities.put(reference, contentIS); + break; + } + case Content.XML_CONTENT: { + // serialize the first element node that is found in the supplement + // and make it available as a stream + final NodeList nodes = ((ContentXML) content).getXMLContent(); + int i = 0; + + // find the first element node + while (i < nodes.getLength() + && nodes.item(i).getNodeType() != Node.ELEMENT_NODE) { + i++; } - case Content.XML_CONTENT : - { - // serialize the first element node that is found in the supplement - // and make it available as a stream - NodeList nodes = ((ContentXML) content).getXMLContent(); - int i = 0; - - // find the first element node - while ((i < nodes.getLength()) - && (nodes.item(i).getNodeType() != Node.ELEMENT_NODE)) { - i++; - } - // serialize the node - if (i < nodes.getLength()) { - try - { - byte[] serialized = DOMUtils.serializeNode(nodes.item(i), "UTF-8"); - entities.put(reference, new ByteArrayInputStream(serialized)); - } - catch (Exception e) - { - throw new MOAApplicationException("2281", new Object[]{reference}, e); - } + // serialize the node + if (i < nodes.getLength()) { + try { + final byte[] serialized = DOMUtils.serializeNode(nodes.item(i), "UTF-8"); + entities.put(reference, new ByteArrayInputStream(serialized)); + } catch (final Exception e) { + throw new MOAApplicationException("2281", new Object[] { reference }, e); } - break; } + break; + } } } @@ -475,82 +450,87 @@ public class DataObjectFactory { /** * Create a <code>DataObject</code> from a <code>Content</code> object. * - * @param content The <code>Content</code> object containing the data. - * @param finalDataMetaInfo The meta information corresponding with <code>content</code>. - * @param referenceID The reference ID to set in the resulting - * <code>DataObject</code>. May be <code>null</code>. + * @param content The <code>Content</code> object containing + * the data. + * @param finalDataMetaInfo The meta information corresponding with + * <code>content</code>. + * @param referenceID The reference ID to set in the resulting + * <code>DataObject</code>. May be + * <code>null</code>. * @param allowContentAndReference If <code>true</code>, then - * <code>content</code> is allowed to contain both a <code>Reference</code> - * attribute and content. Otherwise, either a <code>Reference</code> - * attribute or content must be set. - * @param binaryAsXml If <code>true</code>, a content child given as - * <code>Base64Content</code> must contain XML data. - * @param xmlAsNodeList If <code>true</code>, the children of a - * <code>XMLContent</code> child element are returned as a - * <code>XMLNodeListDataObject</code>. Otherwise, <code>XMLContent</code> may - * only contain a single child node, which must be an element and which is - * returned as an <code>XMLDataObject</code>. - * @param referenceAsXml If <code>true</code>, then content loaded from the - * URI given as the <code>Reference</code> attribute must be XML data. - * If <code>false</code>, an attempt is made to parse the data as XML and - * return an <code>XMLDataObject</code> but if this fails, a - * <code>BinaryDataObject</code> is returned containing a byte stream to the - * data. + * <code>content</code> is allowed to contain + * both a <code>Reference</code> attribute and + * content. Otherwise, either a + * <code>Reference</code> attribute or content + * must be set. + * @param binaryAsXml If <code>true</code>, a content child given + * as <code>Base64Content</code> must contain + * XML data. + * @param xmlAsNodeList If <code>true</code>, the children of a + * <code>XMLContent</code> child element are + * returned as a + * <code>XMLNodeListDataObject</code>. + * Otherwise, <code>XMLContent</code> may only + * contain a single child node, which must be an + * element and which is returned as an + * <code>XMLDataObject</code>. + * @param referenceAsXml If <code>true</code>, then content loaded + * from the URI given as the + * <code>Reference</code> attribute must be XML + * data. If <code>false</code>, an attempt is + * made to parse the data as XML and return an + * <code>XMLDataObject</code> but if this fails, + * a <code>BinaryDataObject</code> is returned + * containing a byte stream to the data. * @return A <code>DataObject</code> representing the data in - * <code>content</code>. If <code>base64AsXml==true</code> and - * <code>xmlAsNodeList==false</code> and <code>referenceAsXml==true</code>, - * then the result can safely be cast to an <code>XMLDataObject</code>. - * @throws MOASystemException An error indicating an internal problem. See the - * wrapped exception for details. + * <code>content</code>. If <code>base64AsXml==true</code> and + * <code>xmlAsNodeList==false</code> and + * <code>referenceAsXml==true</code>, then the result can safely be cast + * to an <code>XMLDataObject</code>. + * @throws MOASystemException An error indicating an internal problem. See + * the wrapped exception for details. * @throws MOAApplicationException An error occurred handling the content - * (probably while opening a reference or parsing the data). See the wrapped - * exception for details. + * (probably while opening a reference or + * parsing the data). See the wrapped exception + * for details. */ public DataObject createFromContentOptionalRefType( - Content content, - MetaInfo finalDataMetaInfo, - String referenceID, - boolean allowContentAndReference, - boolean binaryAsXml, - boolean xmlAsNodeList, - boolean referenceAsXml) - throws MOASystemException, MOAApplicationException { - - String reference = content.getReference(); + Content content, + MetaInfo finalDataMetaInfo, + String referenceID, + boolean allowContentAndReference, + boolean binaryAsXml, + boolean xmlAsNodeList, + boolean referenceAsXml) + throws MOASystemException, MOAApplicationException { + + final String reference = content.getReference(); DataObjectImpl dataObject = null; checkAllowContentAndReference(content, allowContentAndReference); // ok, build the data object; use content first, if available - switch (content.getContentType()) - { - case Content.XML_CONTENT : - { - ContentXML contentXml = (ContentXML) content; + switch (content.getContentType()) { + case Content.XML_CONTENT: { + final ContentXML contentXml = (ContentXML) content; dataObject = createFromXmlContent(contentXml, xmlAsNodeList); break; } - case Content.BINARY_CONTENT : - { - ContentBinary contentBinary = (ContentBinary) content; + case Content.BINARY_CONTENT: { + final ContentBinary contentBinary = (ContentBinary) content; dataObject = createFromBinaryContent(contentBinary, binaryAsXml, false); break; } - case Content.LOCREF_CONTENT : - { - String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); - try - { + case Content.LOCREF_CONTENT: { + final String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + try { dataObject = createFromURIImpl(locRefURI, referenceAsXml); - } - catch (MOAApplicationException e) - { - throw new MOAApplicationException("3201", new Object[]{reference, locRefURI}, e); + } catch (final MOAApplicationException e) { + throw new MOAApplicationException("3201", new Object[] { reference, locRefURI }, e); } break; } - case Content.REFERENCE_CONTENT : - { + case Content.REFERENCE_CONTENT: { dataObject = createFromURIImpl(reference, referenceAsXml); break; } @@ -567,97 +547,91 @@ public class DataObjectFactory { } /** - * Check, if content and reference URIs are allowed in the content an throw - * an exception if an illegal combination of the two occurs. + * Check, if content and reference URIs are allowed in the content an throw an + * exception if an illegal combination of the two occurs. * - * @param content The <code>Content</code> to check. - * @param allowContentAndReference Whether explicit content and a reference - * are allowed at the same time. - * @throws MOAApplicationException If <code>allowContentAndRefernece</code> - * is <code>false</code> and both explicit content and reference are set, - * an exception is thrown. + * @param content The <code>Content</code> to check. + * @param allowContentAndReference Whether explicit content and a reference are + * allowed at the same time. + * @throws MOAApplicationException If <code>allowContentAndRefernece</code> is + * <code>false</code> and both explicit content + * and reference are set, an exception is + * thrown. */ private static void checkAllowContentAndReference( - Content content, - boolean allowContentAndReference) - throws MOAApplicationException { - String reference = content.getReference(); + Content content, + boolean allowContentAndReference) + throws MOAApplicationException { + final String reference = content.getReference(); // check for content and reference not being set - if ((content.getContentType() == Content.REFERENCE_CONTENT) - && (reference == null)) { - String errorCode = allowContentAndReference ? "1111" : "1110"; + if (content.getContentType() == Content.REFERENCE_CONTENT + && reference == null) { + final String errorCode = allowContentAndReference ? "1111" : "1110"; throw new MOAApplicationException(errorCode, null); } // if we only allow either content or reference being set at once, check if (!allowContentAndReference - && (content.getContentType() != Content.REFERENCE_CONTENT) - && (reference != null)) { + && content.getContentType() != Content.REFERENCE_CONTENT + && reference != null) { throw new MOAApplicationException("1110", null); } } /** - * Create a <code>DataObject</code> from a - * <code>XMLDataObjectAssociation</code> object. + * Create a <code>DataObject</code> from a <code>XMLDataObjectAssociation</code> + * object. * - * @param xmlDataObjAssoc The <code>XMLDataObjectAssociation</code> object. - * @param xmlContentAllowed Whether the content contained in the - * <code>xmlDataObjAssoc</code> is allowed to be of type - * <code>XML_CONTENT</code>. + * @param xmlDataObjAssoc The <code>XMLDataObjectAssociation</code> + * object. + * @param xmlContentAllowed Whether the content contained in the + * <code>xmlDataObjAssoc</code> is allowed to be + * of type <code>XML_CONTENT</code>. * @param binaryContentRepeatable If binary content must be provided as a - * <code>DataObject</code> that can be read multiple times. + * <code>DataObject</code> that can be read + * multiple times. * @return A <code>DataObject</code> representing the data in - * <code>xmlDataObjAssoc</code>. - * @throws MOASystemException An error indicating an internal problem. See the - * wrapped exception for details. + * <code>xmlDataObjAssoc</code>. + * @throws MOASystemException An error indicating an internal problem. See + * the wrapped exception for details. * @throws MOAApplicationException An error occurred handling the content - * (probably while parsing the data). See the wrapped exception for details. + * (probably while parsing the data). See the + * wrapped exception for details. */ public DataObject createFromXmlDataObjectAssociation( - XMLDataObjectAssociation xmlDataObjAssoc, - boolean xmlContentAllowed, - boolean binaryContentRepeatable) - throws MOASystemException, MOAApplicationException { - - Content content = xmlDataObjAssoc.getContent(); - MetaInfo metaInfo = xmlDataObjAssoc.getMetaInfo(); - String mimeType = metaInfo != null ? metaInfo.getMimeType() : null; + XMLDataObjectAssociation xmlDataObjAssoc, + boolean xmlContentAllowed, + boolean binaryContentRepeatable) + throws MOASystemException, MOAApplicationException { + + final Content content = xmlDataObjAssoc.getContent(); + final MetaInfo metaInfo = xmlDataObjAssoc.getMetaInfo(); + final String mimeType = metaInfo != null ? metaInfo.getMimeType() : null; DataObjectImpl dataObject = null; - switch (content.getContentType()) - { - case Content.XML_CONTENT : - { - if (xmlContentAllowed) - { + switch (content.getContentType()) { + case Content.XML_CONTENT: { + if (xmlContentAllowed) { dataObject = createFromXmlContent((ContentXML) content, true); - } - else - { + } else { throw new MOAApplicationException("2280", null); } break; } - case Content.BINARY_CONTENT : - { + case Content.BINARY_CONTENT: { dataObject = createFromBinaryContent( - (ContentBinary) content, - false, - binaryContentRepeatable); + (ContentBinary) content, + false, + binaryContentRepeatable); break; } - case Content.LOCREF_CONTENT : - { - String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); - try - { + case Content.LOCREF_CONTENT: { + final String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + try { dataObject = createFromURIImpl(locRefURI, false); - } - catch (MOAApplicationException e) - { - throw new MOAApplicationException("3201", new Object[]{content.getReference(), locRefURI}, e); + } catch (final MOAApplicationException e) { + throw new MOAApplicationException("3201", new Object[] { content.getReference(), locRefURI }, e); } break; } @@ -673,53 +647,49 @@ public class DataObjectFactory { * object. * * @param transformParameter The <code>TransformParameter</code> object - * containing the data. - * @return A <code>DataObject</code> representing the data in - * <code>root</code>. - * @throws MOASystemException An error indicating an internal problem. See the - * wrapped exception for details. + * containing the data. + * @return A <code>DataObject</code> representing the data in <code>root</code>. + * @throws MOASystemException An error indicating an internal problem. See + * the wrapped exception for details. * @throws MOAApplicationException An error occurred handling the content - * (probably while opening a reference or parsing the data). See the wrapped - * exception for details. + * (probably while opening a reference or + * parsing the data). See the wrapped exception + * for details. */ public DataObject createFromTransformParameter(TransformParameter transformParameter) - throws MOASystemException, MOAApplicationException { + throws MOASystemException, MOAApplicationException { DataObjectImpl dataObject; switch (transformParameter.getTransformParameterType()) { - case TransformParameter.BINARY_TRANSFORMPARAMETER : - TransformParameterBinary tpBinary = - (TransformParameterBinary) transformParameter; + case TransformParameter.BINARY_TRANSFORMPARAMETER: + final TransformParameterBinary tpBinary = + (TransformParameterBinary) transformParameter; try { - //dataObject = new ByteArrayDataObjectImpl(Base64Utils.encode(tpBinary.getBinaryContent())); + // dataObject = new + // ByteArrayDataObjectImpl(Base64Utils.encode(tpBinary.getBinaryContent())); dataObject = - new ByteArrayDataObjectImpl( - StreamUtils.readStream(tpBinary.getBinaryContent())); - } catch (Exception e) { + new ByteArrayDataObjectImpl( + StreamUtils.readStream(tpBinary.getBinaryContent())); + } catch (final Exception e) { return null; } - //dataObject = new ByteStreamDataObjectImpl(tpBinary.getBinaryContent()); + // dataObject = new ByteStreamDataObjectImpl(tpBinary.getBinaryContent()); break; - default : + default: // resolve uri and build the content - ExternalURIResolver resolver = new ExternalURIResolver(); - InputStream is = resolver.resolve(transformParameter.getURI()); + final ExternalURIResolver resolver = new ExternalURIResolver(); + final InputStream is = resolver.resolve(transformParameter.getURI()); ByteArrayInputStream bis; - try - { + try { bis = new ByteArrayInputStream(StreamUtils.readStream(is)); - } - catch (IOException e) - { - throw new MOAApplicationException("2238", new Object[] {transformParameter.getURI()}, e); - } - finally - { + } catch (final IOException e) { + throw new MOAApplicationException("2238", new Object[] { transformParameter.getURI() }, e); + } finally { closeInputStream(is); } - String contentType = resolver.getContentType(); + final String contentType = resolver.getContentType(); dataObject = new ByteStreamDataObjectImpl(bis); dataObject.setMimeType(contentType); break; @@ -733,62 +703,65 @@ public class DataObjectFactory { /** * Create a <code>DataObject</code> from data located at the given URI. * - * @param uri The <code>URI</code> where the data is located. This method uses - * an <code>ExternalURIResolver</code> to resolve URIs. + * @param uri The <code>URI</code> where the data is located. This method uses + * an <code>ExternalURIResolver</code> to resolve URIs. * @param asXml If <code>true</code>, a <code>DataObject</code> is only - * returned, if the content consists of XML data. If it does not consist of - * XML data, an <code>MOAApplicationException</code> will be thrown. If this - * parameter is <code>false</code> and the content consists of XML data, this - * method will still attempt to parse it. + * returned, if the content consists of XML data. If it does not + * consist of XML data, an <code>MOAApplicationException</code> + * will be thrown. If this parameter is <code>false</code> and the + * content consists of XML data, this method will still attempt to + * parse it. * @return The <code>DataObject</code> contained at the URI. - * @throws MOASystemException A system error parsing the XML content. + * @throws MOASystemException A system error parsing the XML content. * @throws MOAApplicationException An error occurred on opening, reading or - * parsing the data behind the URI. + * parsing the data behind the URI. */ public DataObject createFromURI(String uri, boolean asXml) - throws MOASystemException, MOAApplicationException { + throws MOASystemException, MOAApplicationException { return createFromURIImpl(uri, asXml); } /** * Create a <code>DataObject</code> from data located at the given URI. * - * @param uri The <code>URI</code> where the data is located. This method uses - * an <code>ExternalURIResolver</code> to resolve URIs. + * @param uri The <code>URI</code> where the data is located. This method uses + * an <code>ExternalURIResolver</code> to resolve URIs. * @param asXml If <code>true</code>, a <code>DataObject</code> is only - * returned, if the content consists of XML data. If it does not consist of - * XML data, an <code>MOAApplicationException</code> will be thrown. If this - * parameter is <code>false</code> and the content type is detected as being - * XML data, this method will still attemt to parse it. + * returned, if the content consists of XML data. If it does not + * consist of XML data, an <code>MOAApplicationException</code> + * will be thrown. If this parameter is <code>false</code> and the + * content type is detected as being XML data, this method will + * still attemt to parse it. * @return The <code>DataObject</code> contained at the URI. - * @throws MOASystemException A system error parsing the XML content. + * @throws MOASystemException A system error parsing the XML content. * @throws MOAApplicationException An error occurred on opening, reading or - * parsing the data behind the URI. + * parsing the data behind the URI. */ private DataObjectImpl createFromURIImpl(String uri, boolean asXml) - throws MOASystemException, MOAApplicationException { + throws MOASystemException, MOAApplicationException { Logger.trace(">>> resolving uri \"" + uri + "\""); - ExternalURIResolver resolver = new ExternalURIResolver(); + final ExternalURIResolver resolver = new ExternalURIResolver(); - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); InputStream is = context.ResolveURI(uri); String contentType = null; boolean foundURI = false; if (is == null) { - is = resolver.resolve(uri); - contentType = resolver.getContentType(); + is = resolver.resolve(uri); + contentType = resolver.getContentType(); } else { - foundURI = true; - contentType = (String) context.FindResolvedEntity(uri).get(1); - Logger.trace("found \"" + uri + "\" InputStream in preread Supplements!, do not read any more. Content=" + contentType); + foundURI = true; + contentType = (String) context.FindResolvedEntity(uri).get(1); + Logger.trace("found \"" + uri + "\" InputStream in preread Supplements!, do not read any more. Content=" + + contentType); } DataObjectImpl dataObject; // read the content - if ((contentType != null) && contentTypeIsXml(contentType)) { + if (contentType != null && contentTypeIsXml(contentType)) { Document doc; if (asXml) { @@ -798,15 +771,13 @@ public class DataObjectFactory { is = resolver.resolve(uri); doc = DOMUtils.parseDocument(is, false, null, null); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); - } catch (ParserConfigurationException e) { + } catch (final ParserConfigurationException e) { throw new MOASystemException("1106", null, e); - } catch (SAXException e) { + } catch (final SAXException e) { throw new MOAApplicationException("2209", null, e); - } catch (IOException e) { + } catch (final IOException e) { throw new MOAApplicationException("2210", null, e); - } - finally - { + } finally { closeInputStream(is); } } else { @@ -816,22 +787,17 @@ public class DataObjectFactory { doc = DOMUtils.parseDocument(is, false, null, null); closeInputStream(is); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); - } catch (Exception e) { + } catch (final Exception e) { // this is the last chance: return the data as a byte stream Logger.trace(">>> reading stream for \"" + uri + "\""); is = resolver.resolve(uri); ByteArrayInputStream bis; - try - { + try { bis = new ByteArrayInputStream(StreamUtils.readStream(is)); dataObject = new ByteStreamDataObjectImpl(bis); - } - catch (IOException e1) - { + } catch (final IOException e1) { throw new MOAApplicationException("2210", new Object[] { uri }, e1); - } - finally - { + } finally { closeInputStream(is); } Logger.trace(">>> read stream for \"" + uri + "\""); @@ -839,34 +805,26 @@ public class DataObjectFactory { } } - else if (asXml) - { + else if (asXml) { // if we need XML data, we're in the wrong place here closeInputStream(is); throw new MOAApplicationException("2211", new Object[] { uri }); - } - else - { + } else { // content is binary: make it available as a binary input stream Logger.trace(">>> getting binary input for \"" + uri + "\""); byte[] contentBytes; ByteArrayInputStream bis; - try - { - contentBytes = StreamUtils.readStream(is); - bis = new ByteArrayInputStream(contentBytes); - } - catch (IOException e) - { + try { + contentBytes = StreamUtils.readStream(is); + bis = new ByteArrayInputStream(contentBytes); + } catch (final IOException e) { throw new MOAApplicationException("2210", null, e); - } - finally - { + } finally { closeInputStream(is); } - if (!foundURI) { - context.PutResolvedEntity(uri, contentBytes, contentType); - } + if (!foundURI) { + context.PutResolvedEntity(uri, contentBytes, contentType); + } dataObject = new ByteStreamDataObjectImpl(bis); Logger.trace("<<< got binary input for \"" + uri + "\""); } @@ -884,16 +842,12 @@ public class DataObjectFactory { * * @param is The input stream to be closed. */ - private static void closeInputStream(InputStream is) - { - try - { + private static void closeInputStream(InputStream is) { + try { if (is != null) { is.close(); } - } - catch (Throwable t) - { + } catch (final Throwable t) { // Intentionally do nothing here } } @@ -905,42 +859,43 @@ public class DataObjectFactory { * <code>application/xml</code>. * * @param contentType The content MIME type. - * @return boolean If <code>true</code>, the content type is XML, otherwise - * not. + * @return boolean If <code>true</code>, the content type is XML, otherwise not. */ private static boolean contentTypeIsXml(String contentType) { return contentType.startsWith("text/xml") - || (contentType.startsWith("application/xml")); + || contentType.startsWith("application/xml"); } /** * Create a <code>DataObject</code> from a <code>ContentXML</code> object. * - * @param xmlContent The <code>ContentXML</code> object from - * which the <code>DataObject</code> is to be built. + * @param xmlContent The <code>ContentXML</code> object from which the + * <code>DataObject</code> is to be built. * @param xmlAsNodeList If <code>true</code>, the children of - * <code>xmlContent</code> are returned as a - * <code>XMLNodeListDataObject</code>. Otherwise, - * <code>xmlContent</code> may only contain a single child node, which must be - * an element and which is returned as an <code>XMLDataObject</code>. + * <code>xmlContent</code> are returned as a + * <code>XMLNodeListDataObject</code>. Otherwise, + * <code>xmlContent</code> may only contain a single child + * node, which must be an element and which is returned as + * an <code>XMLDataObject</code>. * @return A <code>DataObject</code> representing the XML content in - * <code>xmlContent</code>. + * <code>xmlContent</code>. * @throws MOAApplicationException If <code>xmlAsNodeList</code> is - * <code>false</code> and <code>xmlContent</code> does not have a single child - * element. + * <code>false</code> and + * <code>xmlContent</code> does not have a + * single child element. */ private DataObjectImpl createFromXmlContent( - ContentXML xmlContent, - boolean xmlAsNodeList) - throws MOAApplicationException { + ContentXML xmlContent, + boolean xmlAsNodeList) + throws MOAApplicationException { DataObjectImpl dataObject; if (xmlAsNodeList) { dataObject = new XMLNodeListDataObjectImpl(xmlContent.getXMLContent()); } else { - NodeList nodes = xmlContent.getXMLContent(); - Element element = checkForSingleElement(nodes); + final NodeList nodes = xmlContent.getXMLContent(); + final Element element = checkForSingleElement(nodes); // build the XMLDataObject dataObject = new XMLDataObjectImpl(element); @@ -955,10 +910,10 @@ public class DataObjectFactory { * @param nodes The <code>NodeList</code> to check for a single element. * @return The single element contained in <code>nodes</code>. * @throws MOAApplicationException Thrown, if <code>nodes</code> does not - * contain exactly 1 element node. + * contain exactly 1 element node. */ private Element checkForSingleElement(NodeList nodes) - throws MOAApplicationException { + throws MOAApplicationException { Element element = null; int i; @@ -986,26 +941,28 @@ public class DataObjectFactory { * Create a <code>DataObject</code> from a <code>ContentBinary</code> object. * * @param binaryContent The <code>ContentBinary</code> object containing the - * data. - * @param asXml If <code>true</code>, <code>binaryContent</code> must - * contain XML data. Otherwise, a <code>BinaryDataObject</code> will be - * returned containing a byte stream to the decoded Base64 data. - * @param repeatable If multiple calls to <code>getInputStream()</code> must - * repeatedly return the content of the data object. + * data. + * @param asXml If <code>true</code>, <code>binaryContent</code> must + * contain XML data. Otherwise, a + * <code>BinaryDataObject</code> will be returned + * containing a byte stream to the decoded Base64 data. + * @param repeatable If multiple calls to <code>getInputStream()</code> must + * repeatedly return the content of the data object. * @return A <code>DataObject</code> representing the content contained in - * <code>binaryContent</code>. - * @throws MOASystemException An error indicating an internal problem. See the - * wrapped exception for details. + * <code>binaryContent</code>. + * @throws MOASystemException An error indicating an internal problem. See + * the wrapped exception for details. * @throws MOAApplicationException An error occurred handling the content - * (probably while parsing the data). See the wrapped exception for details. + * (probably while parsing the data). See the + * wrapped exception for details. */ private DataObjectImpl createFromBinaryContent( - ContentBinary binaryContent, - boolean asXml, - boolean repeatable) - throws MOASystemException, MOAApplicationException { + ContentBinary binaryContent, + boolean asXml, + boolean repeatable) + throws MOASystemException, MOAApplicationException { - InputStream byteStream = binaryContent.getBinaryContent(); + final InputStream byteStream = binaryContent.getBinaryContent(); DataObjectImpl dataObject; if (asXml) { @@ -1014,19 +971,19 @@ public class DataObjectFactory { try { doc = DOMUtils.parseDocument(byteStream, false, null, null); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); - } catch (ParserConfigurationException e) { + } catch (final ParserConfigurationException e) { throw new MOASystemException("1106", null, e); - } catch (SAXException e) { + } catch (final SAXException e) { throw new MOAApplicationException("2209", null, e); - } catch (IOException e) { + } catch (final IOException e) { throw new MOAApplicationException("2210", null, e); } } else { if (repeatable) { try { dataObject = - new ByteArrayDataObjectImpl(StreamUtils.readStream(byteStream)); - } catch (IOException e) { + new ByteArrayDataObjectImpl(StreamUtils.readStream(byteStream)); + } catch (final IOException e) { throw new MOAApplicationException("2210", null); } } else { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java index 933d058..5668a36 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java @@ -21,12 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; -import iaik.xml.crypto.utils.URI; -import iaik.xml.crypto.utils.URIException; - import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; @@ -38,10 +34,12 @@ import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.ExternalURIVerifier; +import iaik.xml.crypto.utils.URI; +import iaik.xml.crypto.utils.URIException; /** * Resolve external URIs and provide them as a stream. - * + * * @author Patrick Peck * @version $Id$ */ @@ -52,14 +50,15 @@ public class ExternalURIResolver { /** * Return a stream to data at the given URI. - * - * This method will try to open an <code>URLConnection</code> to the given - * URI. Access to the file system is disallowed. - * + * + * This method will try to open an <code>URLConnection</code> to the given URI. + * Access to the file system is disallowed. + * * @param uriStr The URI to resolve. * @return InputStream The data contained at the URI. * @throws MOAApplicationException An error occurred resolving the URI (e.g., - * the URI is syntactically incorrect or the stream could not be opened). + * the URI is syntactically incorrect or the + * stream could not be opened). */ public InputStream resolve(String uriStr) throws MOAApplicationException { URI uri; @@ -70,7 +69,7 @@ public class ExternalURIResolver { // build the URI try { uri = new URI(uriStr); - } catch (URIException e) { + } catch (final URIException e) { throw new MOAApplicationException("2207", new Object[] { uriStr }); } @@ -81,30 +80,30 @@ public class ExternalURIResolver { // if we have local content (SOAP with attachments) if ("formdata".equals(uri.getScheme())) { - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - if (context==null) { - //no transaction + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + if (context == null) { + // no transaction throw new MOAApplicationException("2282", new Object[] { uri }); } else { - InputStream attachmentIs = context.getAttachmentInputStream(uri); + final InputStream attachmentIs = context.getAttachmentInputStream(uri); if (attachmentIs != null) { setContentType(context.getAttachmentContentType(uri.getPath())); return attachmentIs; } else { - //maybe attachments provided but no suiting attachment found + // maybe attachments provided but no suiting attachment found throw new MOAApplicationException("2282", new Object[] { uri }); } - } - } - + } + } + // convert URI to URL try { // create the URL url = new URL(uriStr); - //System.out.println("ExternalURIResolver: " + url); + // System.out.println("ExternalURIResolver: " + url); ExternalURIVerifier.verify(url.getHost(), url.getPort()); - - } catch (MalformedURLException e) { + + } catch (final MalformedURLException e) { throw new MOAApplicationException("2214", new Object[] { uriStr }); } @@ -112,7 +111,7 @@ public class ExternalURIResolver { try { connection = url.openConnection(); if ("http".equals(url.getProtocol())) { - HttpURLConnection httpConnection = (HttpURLConnection) connection; + final HttpURLConnection httpConnection = (HttpURLConnection) connection; // disallow redirects httpConnection.setInstanceFollowRedirects(false); @@ -121,33 +120,31 @@ public class ExternalURIResolver { throw new MOAApplicationException("2208", new Object[] { uri }); } } else if ("https".equals(url.getProtocol())) { - /* - * this doesn't work because of some interaction between the IAIK - * JCE and Sun JSSE that results in an "Invalid AVA format" exception + /* + * this doesn't work because of some interaction between the IAIK JCE and Sun + * JSSE that results in an "Invalid AVA format" exception */ /* - HttpsURLConnection httpsConnection = (HttpsURLConnection) connection; - InputStream trustStore = - getClass().getResourceAsStream(DEFAULT_TRUST_STORE); - SSLSocketFactory factory = - SSLUtils.getSSLSocketFactory("jks", trustStore, "changeit"); - httpsConnection.setSSLSocketFactory(factory); - httpsConnection.connect(); - if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) { - throw new MOAApplicationException("2208", new Object[] { uri }); - } - */ + * HttpsURLConnection httpsConnection = (HttpsURLConnection) connection; + * InputStream trustStore = getClass().getResourceAsStream(DEFAULT_TRUST_STORE); + * SSLSocketFactory factory = SSLUtils.getSSLSocketFactory("jks", trustStore, + * "changeit"); httpsConnection.setSSLSocketFactory(factory); + * httpsConnection.connect(); if (httpConnection.getResponseCode() != + * HttpURLConnection.HTTP_OK) { throw new MOAApplicationException("2208", new + * Object[] { uri }); } + */ connection.connect(); } else { connection.connect(); } is = connection.getInputStream(); - } catch (IOException e) { + } catch (final IOException e) { throw new MOAApplicationException("2208", new Object[] { uri }, e); - } /*catch (GeneralSecurityException e) { - throw new MOAApplicationException("2208", new Object[] { uri }, e); - }*/ + } /* + * catch (GeneralSecurityException e) { throw new + * MOAApplicationException("2208", new Object[] { uri }, e); } + */ // set the content type setContentType(connection.getContentType()); @@ -157,7 +154,7 @@ public class ExternalURIResolver { /** * Set the content type of the data at the URI. - * + * * @param contentType The content type to set. */ protected void setContentType(String contentType) { @@ -167,7 +164,7 @@ public class ExternalURIResolver { /** * Return the content type of the data detected at the URI from the previous * call of <code>resolve()</code>. - * + * * @return String The content type. */ public String getContentType() { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java index 6e8448b..8817937 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java @@ -21,12 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; -import iaik.server.modules.IAIKException; -import iaik.server.modules.IAIKRuntimeException; - import java.lang.reflect.Constructor; import java.util.HashMap; import java.util.Map; @@ -34,12 +30,13 @@ import java.util.Map; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; - +import iaik.server.modules.IAIKException; +import iaik.server.modules.IAIKRuntimeException; /** * Map an exception from the <code>iaik</code> namespace to a * <code>MOAException</code>. - * + * * @author Patrick Peck * @version $Id$ */ @@ -47,57 +44,80 @@ public class IaikExceptionMapper { /** The argument classes for <code>MOAException</code>s. */ private static final Class[] CONSTRUCTOR_ARGS = - new Class[] { String.class, Object[].class, Throwable.class }; + new Class[] { String.class, Object[].class, Throwable.class }; /** The exception mapping, as an array. */ private static final Object[][] MESSAGES = - { - { iaik.server.modules.IAIKException.class, "9900", MOASystemException.class }, - { iaik.server.modules.IAIKRuntimeException.class, "9901", MOASystemException.class }, - { iaik.server.modules.xmlsign.XMLSignatureCreationException.class, "2220", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.XMLSignatureCreationRuntimeException.class, "2220", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.InvalidKeyException.class, "2221", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.ManifestException.class, "2222", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.ReferenceException.class, "2223", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.HashUnavailableException.class, "2224", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.SignatureAlgorithmException.class, "2225", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.SignatureEmbeddingException.class, "2226", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.SignatureValueException.class, "2227", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.SignedPropertyException.class, "2228", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.SignerCertificateUnavailableException.class, "2229", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.SupplementException.class, "2230", MOAApplicationException.class }, - { iaik.server.modules.xmlsign.TransformationException.class, "2233", MOAApplicationException.class }, - { iaik.server.modules.cmsverify.CMSSignatureVerificationException.class, "2240", MOAApplicationException.class }, - { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2240", MOAApplicationException.class }, - { iaik.server.modules.cmsverify.AlgorithmNotSupportedException.class, "2241", MOAApplicationException.class }, - { iaik.server.modules.cmsverify.CMSSignatureParsingException.class, "2242", MOAApplicationException.class }, - { iaik.server.modules.cmsverify.SignerCertificateUnavailableException.class, "2243", MOAApplicationException.class }, - { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2247", MOAApplicationException.class }, - { iaik.server.modules.cmsverify.InitException.class, "2248", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.XMLSignatureVerificationException.class, "2240", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.XMLSignatureVerificationRuntimeException.class, "2240", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.AlgorithmNotSupportedException.class, "2241", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.ManifestException.class, "2262", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.PropertiesException.class, "2263", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.ReferenceException.class, "2264", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.HashUnavailableException.class, "2224", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.SignerCertificateUnavailableException.class, "2243", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.SupplementException.class, "2230", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.TransformationException.class, "2265", MOAApplicationException.class }, - { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", MOAApplicationException.class }, - { at.gv.egovernment.moa.sig.tsl.exception.TslException.class, "2290", MOAApplicationException.class }, - { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", MOAApplicationException.class } , - - - }; - + { + { iaik.server.modules.IAIKException.class, "9900", MOASystemException.class }, + { iaik.server.modules.IAIKRuntimeException.class, "9901", MOASystemException.class }, + { iaik.server.modules.xmlsign.XMLSignatureCreationException.class, "2220", + MOAApplicationException.class }, + { iaik.server.modules.xmlsign.XMLSignatureCreationRuntimeException.class, "2220", + MOAApplicationException.class }, + { iaik.server.modules.xmlsign.InvalidKeyException.class, "2221", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.ManifestException.class, "2222", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.ReferenceException.class, "2223", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.HashUnavailableException.class, "2224", + MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignatureAlgorithmException.class, "2225", + MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignatureEmbeddingException.class, "2226", + MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignatureValueException.class, "2227", + MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignedPropertyException.class, "2228", + MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignerCertificateUnavailableException.class, "2229", + MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SupplementException.class, "2230", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.TransformationException.class, "2233", + MOAApplicationException.class }, + { iaik.server.modules.cmsverify.CMSSignatureVerificationException.class, "2240", + MOAApplicationException.class }, + { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2240", + MOAApplicationException.class }, + { iaik.server.modules.cmsverify.AlgorithmNotSupportedException.class, "2241", + MOAApplicationException.class }, + { iaik.server.modules.cmsverify.CMSSignatureParsingException.class, "2242", + MOAApplicationException.class }, + { iaik.server.modules.cmsverify.SignerCertificateUnavailableException.class, "2243", + MOAApplicationException.class }, + { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2247", + MOAApplicationException.class }, + { iaik.server.modules.cmsverify.InitException.class, "2248", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.XMLSignatureVerificationException.class, "2240", + MOAApplicationException.class }, + { iaik.server.modules.xmlverify.XMLSignatureVerificationRuntimeException.class, "2240", + MOAApplicationException.class }, + { iaik.server.modules.xmlverify.AlgorithmNotSupportedException.class, "2241", + MOAApplicationException.class }, + { iaik.server.modules.xmlverify.ManifestException.class, "2262", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.PropertiesException.class, "2263", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.ReferenceException.class, "2264", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.HashUnavailableException.class, "2224", + MOAApplicationException.class }, + { iaik.server.modules.xmlverify.SignerCertificateUnavailableException.class, "2243", + MOAApplicationException.class }, + { iaik.server.modules.xmlverify.SupplementException.class, "2230", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.TransformationException.class, "2265", + MOAApplicationException.class }, + { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", + MOAApplicationException.class }, + { at.gv.egovernment.moa.sig.tsl.exception.TslException.class, "2290", + MOAApplicationException.class }, + { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", + MOAApplicationException.class }, + + }; + /** The single instance of this class. */ private static IaikExceptionMapper instance; /** The exception mapping, as a <code>Map</code> for fast lookup. */ - private Map messages = new HashMap(); + private final Map messages = new HashMap(); /** * Get the single instance of this class. - * + * * @return The single instance of this class. */ public static synchronized IaikExceptionMapper getInstance() { @@ -109,7 +129,7 @@ public class IaikExceptionMapper { /** * Create a new <code>IaikExceptionMapper</code>. - * + * * Protected to disallow multple instances. */ protected IaikExceptionMapper() { @@ -124,59 +144,63 @@ public class IaikExceptionMapper { for (i = 0; i < MESSAGES.length; i++) { registerMessage( - (Class) MESSAGES[i][0], - (String) MESSAGES[i][1], - (Class) MESSAGES[i][2]); + (Class) MESSAGES[i][0], + (String) MESSAGES[i][1], + (Class) MESSAGES[i][2]); } } /** * Register a single <code>IAIKException</code> to message mapping. - * - * @param iaikExceptionClass An exception from the <code>iaik</code> package. - * @param messageId The corresponding error message id. - * @param moaExceptionClass The type of <code>MOAException</code> that the - * <code>IAIKException</code> is mapped to (usually - * <code>MOAApplicationException</code> or <code>MOASystemException</code>). + * + * @param iaikExceptionClass An exception from the <code>iaik</code> package. + * @param messageId The corresponding error message id. + * @param moaExceptionClass The type of <code>MOAException</code> that the + * <code>IAIKException</code> is mapped to (usually + * <code>MOAApplicationException</code> or + * <code>MOASystemException</code>). */ protected void registerMessage( - Class iaikExceptionClass, - String messageId, - Class moaExceptionClass) { + Class iaikExceptionClass, + String messageId, + Class moaExceptionClass) { messages.put( - iaikExceptionClass, - new ExceptionMappingInfo(messageId, moaExceptionClass)); + iaikExceptionClass, + new ExceptionMappingInfo(messageId, moaExceptionClass)); } /** - * Map an <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to a <code>MOAException</code>. - * - * @param tslSearchException The <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to map. - * @return A <code>MOAException</code> containing the message for the - * given <code>IAIKException</code>. + * Map an <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to a + * <code>MOAException</code>. + * + * @param tslSearchException The + * <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> + * to map. + * @return A <code>MOAException</code> containing the message for the given + * <code>IAIKException</code>. */ public MOAException map(at.gv.egovernment.moa.sig.tsl.exception.TslException tslSearchException) { return mapImpl(tslSearchException); } - + /** * Map an <code>IAIKException</code> to a <code>MOAException</code>. - * - * @param iaikException The <code>IAIKException</code> to map. - * @return A <code>MOAException</code> containing the message for the - * given <code>IAIKException</code>. + * + * @param iaikException The <code>IAIKException</code> to map. + * @return A <code>MOAException</code> containing the message for the given + * <code>IAIKException</code>. */ public MOAException map(IAIKException iaikException) { return mapImpl(iaikException); } - + /** * Map an <code>IAIKRuntimeException</code> to a <code>MOAException</code>. - * - * @param iaikException The <code>IAIKException</code> to map. - * @return A <code>MOAException</code> containing the message for the - * given <code>IAIKRuntimeException</code>. + * + * @param iaikException The <code>IAIKException</code> to map. + * @return A <code>MOAException</code> containing the message for the given + * <code>IAIKRuntimeException</code>. */ public MOAException map(IAIKRuntimeException iaikException) { return mapImpl(iaikException); @@ -185,14 +209,14 @@ public class IaikExceptionMapper { /** * Map an <code>IAIKException</code> or <code>IAIKRuntimeException</code> to a * <code>MOAException</code>. - * + * * @param iaikException The <code>IAIKException</code> or - * <code>IAIKRuntimeException</code> to map. - * @return A <code>MOAException</code> containing the message for the - * given <code>IAIKRuntimeException</code>. + * <code>IAIKRuntimeException</code> to map. + * @return A <code>MOAException</code> containing the message for the given + * <code>IAIKRuntimeException</code>. */ private MOAException mapImpl(Exception iaikException) { - MOAException moaException = createMoaException(iaikException); + final MOAException moaException = createMoaException(iaikException); if (moaException == null) { return new MOASystemException("9999", null, iaikException); @@ -201,16 +225,16 @@ public class IaikExceptionMapper { } /** - * Create a <code>MOAException</code> from a given <code>IAIKException</code> - * by looking it up in the mapping. - * + * Create a <code>MOAException</code> from a given <code>IAIKException</code> by + * looking it up in the mapping. + * * @param iaikException The <code>IAIKException</code> to map. - * @return A <code>MOAException</code> with an error code corresponding to - * the given <code>IAIKException</code>. Returns <code>null</code>, if no - * mapping could be found. + * @return A <code>MOAException</code> with an error code corresponding to the + * given <code>IAIKException</code>. Returns <code>null</code>, if no + * mapping could be found. */ protected MOAException createMoaException(Exception iaikException) { - ExceptionMappingInfo info = lookupMessage(iaikException.getClass()); + final ExceptionMappingInfo info = lookupMessage(iaikException.getClass()); Constructor constructor; if (info == null) { @@ -220,13 +244,13 @@ public class IaikExceptionMapper { // instantiate the proper MOAException and return it try { constructor = - info.getMoaExceptionClass().getConstructor(CONSTRUCTOR_ARGS); + info.getMoaExceptionClass().getConstructor(CONSTRUCTOR_ARGS); return (MOAException) constructor.newInstance( - new Object[] { - info.getMessageId(), - new Object[] { iaikException.getMessage()}, - iaikException }); - } catch (Exception e) { + new Object[] { + info.getMessageId(), + new Object[] { iaikException.getMessage() }, + iaikException }); + } catch (final Exception e) { return null; } } @@ -234,19 +258,19 @@ public class IaikExceptionMapper { /** * Recursively look up the message associated with an * <code>IAIKException</code>. - * + * * This method walks up the exception inheritance hierarchy until it finds a * mapping. - * + * * @param iaikExceptionClass The <code>IAIKException</code> to look up. - * @return Information about the message id and - * <code>MOAException</code> class that the <code>iaikExceptionClass</code> - * maps to. If no mapping could be found, <code>null</code> is returned. + * @return Information about the message id and <code>MOAException</code> class + * that the <code>iaikExceptionClass</code> maps to. If no mapping could + * be found, <code>null</code> is returned. */ protected ExceptionMappingInfo lookupMessage(Class iaikExceptionClass) { ExceptionMappingInfo info; - // break if + // break if if (iaikExceptionClass.equals(Exception.class)) { return null; } @@ -264,21 +288,21 @@ public class IaikExceptionMapper { /** * A class containing a mapping from an error message ID to a * <code>MOAException</code> class. - * + * * @author Patrick Peck * @version $Id$ */ class ExceptionMappingInfo { /** The message ID. */ - private String messageId; + private final String messageId; /** The <code>MOAException</code> class. */ - private Class moaExceptionClass; + private final Class moaExceptionClass; /** * Create a new <code>ExceptionMappingInfo</code>. - * - * @param messageId The message ID. - * @param moaExceptionClass The <code>MOAException</code> class. + * + * @param messageId The message ID. + * @param moaExceptionClass The <code>MOAException</code> class. */ public ExceptionMappingInfo(String messageId, Class moaExceptionClass) { this.messageId = messageId; @@ -287,7 +311,7 @@ class ExceptionMappingInfo { /** * Return the message ID. - * + * * @return The message ID. */ public String getMessageId() { @@ -296,7 +320,7 @@ class ExceptionMappingInfo { /** * Returns the <code>MOAException</code> class that the message ID maps to. - * + * * @return The <code>MOAException</code> class. */ public Class getMoaExceptionClass() { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java index 0128e6a..43c993b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import org.w3c.dom.Element; @@ -35,7 +34,7 @@ import at.gv.egovernment.moaspss.util.XPathUtils; /** * Utility methods for invoking the IAIK MOA modules. - * + * * @author Patrick Peck * @version $Id$ */ @@ -43,44 +42,44 @@ public class InvokerUtils { /** * Select the signature parent element. - * - * @param root The root DOM element which contains the signature parent - * element somewhere in its subtree. - * @param location The <code>ElementSelector</code> containing the XPath - * expression to select the signature parent element from the document. - * It is also contains the namespace prefix to URI mapping. + * + * @param root The root DOM element which contains the signature parent + * element somewhere in its subtree. + * @param location The <code>ElementSelector</code> containing the XPath + * expression to select the signature parent element from the + * document. It is also contains the namespace prefix to URI + * mapping. * @return Element The signature parent element. * @throws MOAApplicationException An error occurred evaluating the - * <code>location</code>. + * <code>location</code>. */ public static Element evaluateSignatureLocation( - Element root, - ElementSelector location) - throws MOAApplicationException { + Element root, + ElementSelector location) + throws MOAApplicationException { NodeList nodes; try { nodes = - XPathUtils.selectNodeList( - root, - location.getNamespaceDeclarations(), - location.getXPathExpression()); - } catch (XPathException e) { + XPathUtils.selectNodeList( + root, + location.getNamespaceDeclarations(), + location.getXPathExpression()); + } catch (final XPathException e) { throw new MOAApplicationException( - "2212", - new Object[] { location.getXPathExpression()}, - e); + "2212", + new Object[] { location.getXPathExpression() }, + e); } if (nodes.getLength() != 1 - || !(nodes.item(0).getNodeType() == Node.ELEMENT_NODE)) { + || !(nodes.item(0).getNodeType() == Node.ELEMENT_NODE)) { throw new MOAApplicationException( - "2212", - new Object[] { location.getXPathExpression()}); + "2212", + new Object[] { location.getXPathExpression() }); } return (Element) nodes.item(0); } - } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java index c6eaa4f..474e74b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import java.util.ArrayList; @@ -48,7 +47,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; /** * Map ProfileID objects to their explicit represantation. - * + * * @author Patrick Peck * @version $Id$ */ @@ -58,83 +57,79 @@ public class ProfileMapper { private static ProfileParser profileParser = new ProfileParser(); /** - * Map a <code>CreateTransformsInfoProfile</code> to a + * Map a <code>CreateTransformsInfoProfile</code> to a * <code>CreateTransformsInfoProfileExplicit</code>. - * + * * @param profile The profile object to map. - * @param config The MOA configuration to use for looking up the profile. + * @param config The MOA configuration to use for looking up the profile. * @return <code>profile</code>, if the given profile is of type - * <code>EXPLICIT_CREATETRANSFORMSINFOPROFILE</code>, otherwise the profile - * that is looked up and parsed from the configuration. + * <code>EXPLICIT_CREATETRANSFORMSINFOPROFILE</code>, otherwise the + * profile that is looked up and parsed from the configuration. * @throws MOAApplicationException An error occurred parsing the profile. */ public static CreateTransformsInfoProfileExplicit mapCreateTransformsInfoProfile( - CreateTransformsInfoProfile profile, - ConfigurationProvider config) - throws MOAApplicationException { + CreateTransformsInfoProfile profile, + ConfigurationProvider config) + throws MOAApplicationException { switch (profile.getCreateTransformsInfoProfileType()) { - case CreateTransformsInfoProfile.EXPLICIT_CREATETRANSFORMSINFOPROFILE : + case CreateTransformsInfoProfile.EXPLICIT_CREATETRANSFORMSINFOPROFILE: return (CreateTransformsInfoProfileExplicit) profile; - case CreateTransformsInfoProfile.ID_CREATETRANSFORMSINFOPROFILE : - CreateTransformsInfoProfileID profileIdObj = - (CreateTransformsInfoProfileID) profile; - String profileID = profileIdObj.getCreateTransformsInfoProfileID(); - Element profileElem = config.getCreateTransformsInfoProfile(profileID); + case CreateTransformsInfoProfile.ID_CREATETRANSFORMSINFOPROFILE: + final CreateTransformsInfoProfileID profileIdObj = + (CreateTransformsInfoProfileID) profile; + final String profileID = profileIdObj.getCreateTransformsInfoProfileID(); + final Element profileElem = config.getCreateTransformsInfoProfile(profileID); if (profileElem == null) { throw new MOAApplicationException("2234", new Object[] { profileID }); } - return ( - CreateTransformsInfoProfileExplicit) profileParser + return (CreateTransformsInfoProfileExplicit) profileParser .parseCreateTransformsInfoProfile( - profileElem); + profileElem); } return null; // this will not happen } /** - * Map a <code>CreateSignatureEnvironmentProfile</code> to a + * Map a <code>CreateSignatureEnvironmentProfile</code> to a * <code>CreateSignatureEnvironmentProfileExplicit</code>. - * + * * @param profile The profile object to map. - * @param config The MOA configuration to use for looking up the profile. + * @param config The MOA configuration to use for looking up the profile. * @return <code>profile</code>, if the given profile is of type - * <code>EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE</code>, otherwise the - * profile that is looked up and parsed from the configuration. + * <code>EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE</code>, otherwise + * the profile that is looked up and parsed from the configuration. * @throws MOAApplicationException An error occurred parsing the profile. */ public static CreateSignatureEnvironmentProfileExplicit mapCreateSignatureEnvironmentProfile( - CreateSignatureEnvironmentProfile profile, - ConfigurationProvider config) - throws MOAApplicationException { + CreateSignatureEnvironmentProfile profile, + ConfigurationProvider config) + throws MOAApplicationException { switch (profile.getCreateSignatureEnvironmentProfileType()) { - case CreateSignatureEnvironmentProfile - .EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE : + case CreateSignatureEnvironmentProfile.EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE: return (CreateSignatureEnvironmentProfileExplicit) profile; - case CreateSignatureEnvironmentProfile - .ID_CREATESIGNATUREENVIRONMENTPROFILE : + case CreateSignatureEnvironmentProfile.ID_CREATESIGNATUREENVIRONMENTPROFILE: - CreateSignatureEnvironmentProfileID profileIdObj = - (CreateSignatureEnvironmentProfileID) profile; - String profileID = - profileIdObj.getCreateSignatureEnvironmentProfileID(); - Element profileElem = - config.getCreateSignatureEnvironmentProfile(profileID); + final CreateSignatureEnvironmentProfileID profileIdObj = + (CreateSignatureEnvironmentProfileID) profile; + final String profileID = + profileIdObj.getCreateSignatureEnvironmentProfileID(); + final Element profileElem = + config.getCreateSignatureEnvironmentProfile(profileID); if (profileElem == null) { throw new MOAApplicationException("2236", new Object[] { profileID }); } - return ( - CreateSignatureEnvironmentProfileExplicit) profileParser + return (CreateSignatureEnvironmentProfileExplicit) profileParser .parseCreateSignatureEnvironmentProfile( - profileElem); + profileElem); } return null; @@ -142,25 +137,25 @@ public class ProfileMapper { } /** - * Map a <code>List</code> of <code>SupplementProfile</code>s to their - * explicit representation. - * + * Map a <code>List</code> of <code>SupplementProfile</code>s to their explicit + * representation. + * * @param profiles The profiles to map. - * @param config The MOA configuration to use for looking up profiles. + * @param config The MOA configuration to use for looking up profiles. * @return The mapped profiles. * @throws MOAApplicationException An error occurred mapping one of the - * profiles. + * profiles. */ public static List mapSupplementProfiles( - List profiles, - ConfigurationProvider config) - throws MOAApplicationException { + List profiles, + ConfigurationProvider config) + throws MOAApplicationException { - List mappedProfiles = new ArrayList(); + final List mappedProfiles = new ArrayList(); Iterator iter; for (iter = profiles.iterator(); iter.hasNext();) { - SupplementProfile profile = (SupplementProfile) iter.next(); + final SupplementProfile profile = (SupplementProfile) iter.next(); mappedProfiles.add(mapSupplementProfile(profile, config)); } @@ -168,63 +163,62 @@ public class ProfileMapper { } /** - * Map a <code>SupplementProfile</code> to a + * Map a <code>SupplementProfile</code> to a * <code>SupplementProfileExplicit</code>. - * + * * @param profile The profile object to map. - * @param config The MOA configuration to use for looking up the profile. + * @param config The MOA configuration to use for looking up the profile. * @return <code>profile</code>, if the given profile is of type - * <code>EXPLICIT_SUPPLEMENTPROFILE</code>, otherwise the - * profile that is looked up and parsed from the configuration. + * <code>EXPLICIT_SUPPLEMENTPROFILE</code>, otherwise the profile that + * is looked up and parsed from the configuration. * @throws MOAApplicationException An error occurred parsing the profile. */ public static SupplementProfileExplicit mapSupplementProfile( - SupplementProfile profile, - ConfigurationProvider config) - throws MOAApplicationException { + SupplementProfile profile, + ConfigurationProvider config) + throws MOAApplicationException { switch (profile.getSupplementProfileType()) { - case SupplementProfile.EXPLICIT_SUPPLEMENTPROFILE : + case SupplementProfile.EXPLICIT_SUPPLEMENTPROFILE: return (SupplementProfileExplicit) profile; - case SupplementProfile.ID_SUPPLEMENTPROFILE : - SupplementProfileID profileIdObj = (SupplementProfileID) profile; - String profileID = profileIdObj.getSupplementProfileID(); - Element profileElem = config.getSupplementProfile(profileID); + case SupplementProfile.ID_SUPPLEMENTPROFILE: + final SupplementProfileID profileIdObj = (SupplementProfileID) profile; + final String profileID = profileIdObj.getSupplementProfileID(); + final Element profileElem = config.getSupplementProfile(profileID); if (profileElem == null) { throw new MOAApplicationException("2267", new Object[] { profileID }); } - return ( - SupplementProfileExplicit) profileParser.parseSupplementProfile( - profileElem); + return (SupplementProfileExplicit) profileParser.parseSupplementProfile( + profileElem); } return null; } /** - * Map a <code>List</code> of <code>VerifyTransformsInfoProfile</code>s to - * their explicit representation. - * + * Map a <code>List</code> of <code>VerifyTransformsInfoProfile</code>s to their + * explicit representation. + * * @param profiles The profiles to map. - * @param config The MOA configuration to use for looking up profiles. + * @param config The MOA configuration to use for looking up profiles. * @return The mapped profiles. * @throws MOAApplicationException An error occurred mapping one of the - * profiles. + * profiles. */ public static List mapVerifyTransformsInfoProfiles( - List profiles, - ConfigurationProvider config) - throws MOAApplicationException { + List profiles, + ConfigurationProvider config) + throws MOAApplicationException { - List mappedProfiles = new ArrayList(); + final List mappedProfiles = new ArrayList(); Iterator iter; for (iter = profiles.iterator(); iter.hasNext();) { - VerifyTransformsInfoProfile profile = - (VerifyTransformsInfoProfile) iter.next(); + final VerifyTransformsInfoProfile profile = + (VerifyTransformsInfoProfile) iter.next(); mappedProfiles.add(mapVerifyTransformsInfoProfile(profile, config)); } @@ -232,40 +226,39 @@ public class ProfileMapper { } /** - * Map a <code>VerifyTransformsInfoProfile</code> to a + * Map a <code>VerifyTransformsInfoProfile</code> to a * <code>VerifyTransformsInfoProfileExplicit</code>. - * + * * @param profile The profile object to map. - * @param config The MOA configuration to use for looking up the profile. + * @param config The MOA configuration to use for looking up the profile. * @return <code>profile</code>, if the given profile is of type - * <code>EXPLICIT_VERIFYTRANSFORMSINFOPROFILE</code>, otherwise the - * profile that is looked up and parsed from the configuration. + * <code>EXPLICIT_VERIFYTRANSFORMSINFOPROFILE</code>, otherwise the + * profile that is looked up and parsed from the configuration. * @throws MOAApplicationException An error occurred parsing the profile. */ public static VerifyTransformsInfoProfileExplicit mapVerifyTransformsInfoProfile( - VerifyTransformsInfoProfile profile, - ConfigurationProvider config) - throws MOAApplicationException { + VerifyTransformsInfoProfile profile, + ConfigurationProvider config) + throws MOAApplicationException { switch (profile.getVerifyTransformsInfoProfileType()) { - case VerifyTransformsInfoProfile.EXPLICIT_VERIFYTRANSFORMSINFOPROFILE : + case VerifyTransformsInfoProfile.EXPLICIT_VERIFYTRANSFORMSINFOPROFILE: return (VerifyTransformsInfoProfileExplicit) profile; - case VerifyTransformsInfoProfile.ID_VERIFYTRANSFORMSINFOPROFILE : - VerifyTransformsInfoProfileID profileIdObj = - (VerifyTransformsInfoProfileID) profile; - String profileID = profileIdObj.getVerifyTransformsInfoProfileID(); - Element profileElem = - config.getVerifyTransformsInfoProfile(profileID); - + case VerifyTransformsInfoProfile.ID_VERIFYTRANSFORMSINFOPROFILE: + final VerifyTransformsInfoProfileID profileIdObj = + (VerifyTransformsInfoProfileID) profile; + final String profileID = profileIdObj.getVerifyTransformsInfoProfileID(); + final Element profileElem = + config.getVerifyTransformsInfoProfile(profileID); + if (profileElem == null) { - throw new MOAApplicationException("2268", new Object[] { profileID }); + throw new MOAApplicationException("2268", new Object[] { profileID }); } - return ( - VerifyTransformsInfoProfileExplicit) profileParser + return (VerifyTransformsInfoProfileExplicit) profileParser .parseVerifyTransformsInfoProfile( - profileElem); + profileElem); } return null; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java index 330ffdd..0674103 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; @@ -32,37 +31,38 @@ import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; /** - * A utility class for setting up and tearing down thread-local context + * A utility class for setting up and tearing down thread-local context * information needed for calling the <code>Invoker</code> classes. - * + * * @author Patrick Peck * @version $Id$ */ public class ServiceContextUtils { - + /** - * Set up the thread-local context information needed for calling the various + * Set up the thread-local context information needed for calling the various * <code>Invoker</code> classes. - * - * @throws ConfigurationException An error occurred setting up the - * configuration in the <code>TransactionContext</code>. + * + * @throws ConfigurationException An error occurred setting up the configuration + * in the <code>TransactionContext</code>. */ public static void setUpContexts() throws ConfigurationException { - TransactionContextManager txMgr = TransactionContextManager.getInstance(); - LoggingContextManager logMgr = LoggingContextManager.getInstance(); - String transactionID = Thread.currentThread().getName(); - + final TransactionContextManager txMgr = TransactionContextManager.getInstance(); + final LoggingContextManager logMgr = LoggingContextManager.getInstance(); + final String transactionID = Thread.currentThread().getName(); + if (txMgr.getTransactionContext() == null) { - TransactionContext ctx = new TransactionContext(transactionID, null, ConfigurationProvider.getInstance()); + final TransactionContext ctx = new TransactionContext(transactionID, null, ConfigurationProvider + .getInstance()); txMgr.setTransactionContext(ctx); } - + if (logMgr.getLoggingContext() == null) { - LoggingContext ctx = new LoggingContext(transactionID); + final LoggingContext ctx = new LoggingContext(transactionID); logMgr.setLoggingContext(ctx); } } - + /** * Tear down thread-local context information. */ diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java index b746333..ec4bdd9 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import java.util.Collections; @@ -33,9 +32,9 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse; /** - * An implementation of the <code>SignatureCreationService</code>, using - * the <code>XMLSignatureCreationInvoker</code>. - * + * An implementation of the <code>SignatureCreationService</code>, using the + * <code>XMLSignatureCreationInvoker</code>. + * * @author Patrick Peck * @version $Id$ */ @@ -43,25 +42,26 @@ public class SignatureCreationServiceImpl extends SignatureCreationService { /** * Create an XML signature. - * + * * @param request The <code>CreateXMLSignatureRequest</code> containing - * information about the signature(s) to create. + * information about the signature(s) to create. * @return The created signature(s). * @throws MOAException An error occurred creating the signature(s). */ + @Override public CreateXMLSignatureResponse createXMLSignature(CreateXMLSignatureRequest request) - throws MOAException { + throws MOAException { - XMLSignatureCreationInvoker invoker = - XMLSignatureCreationInvoker.getInstance(); + final XMLSignatureCreationInvoker invoker = + XMLSignatureCreationInvoker.getInstance(); CreateXMLSignatureResponse response; try { - + Configurator.getInstance().init(); ServiceContextUtils.setUpContexts(); response = invoker.createXMLSignature(request, Collections.EMPTY_SET); - + return response; } finally { ServiceContextUtils.tearDownContexts(); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java index 5b6033c..50b7c53 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import at.gv.egovernment.moa.spss.MOAException; @@ -33,36 +32,37 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; /** - * An implementation of the <code>SignatureVerificationService</code> using - * the <code>XMLSignatureVerificationInvoker</code> and the + * An implementation of the <code>SignatureVerificationService</code> using the + * <code>XMLSignatureVerificationInvoker</code> and the * <code>CMSSignatureVerificationInvoker</code>. - * + * * @author Patrick Peck * @version $Id$ */ public class SignatureVerificationServiceImpl - extends SignatureVerificationService { + extends SignatureVerificationService { /** * Verify a CMS signature. - * - * @param request The <code>VerifyCMSSignatureRequest</code> containing - * information about the signature verification. + * + * @param request The <code>VerifyCMSSignatureRequest</code> containing + * information about the signature verification. * @return The result of the signature verification. * @throws MOAException An error occurred during signature verification. */ + @Override public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) - throws MOAException { + throws MOAException { - CMSSignatureVerificationInvoker invoker = - CMSSignatureVerificationInvoker.getInstance(); + final CMSSignatureVerificationInvoker invoker = + CMSSignatureVerificationInvoker.getInstance(); VerifyCMSSignatureResponse response; try { Configurator.getInstance().init(); ServiceContextUtils.setUpContexts(); response = invoker.verifyCMSSignature(request); - + return response; } finally { ServiceContextUtils.tearDownContexts(); @@ -71,26 +71,26 @@ public class SignatureVerificationServiceImpl /** * Verify an XML signature. - * + * * @param request The <code>VerifyXMLSignatureRequest</code> containinig - * information about the signature verification. + * information about the signature verification. * @return The result of the signature verification. * @throws MOAException An error occurred during signature verification. */ + @Override public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) - throws MOAException { + throws MOAException { - XMLSignatureVerificationInvoker invoker = - XMLSignatureVerificationInvoker.getInstance(); + final XMLSignatureVerificationInvoker invoker = + XMLSignatureVerificationInvoker.getInstance(); VerifyXMLSignatureResponse response; try { - Configurator.getInstance().init(); ServiceContextUtils.setUpContexts(); response = invoker.verifyXMLSignature(request); - + return response; } finally { ServiceContextUtils.tearDownContexts(); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java index 7842f14..1eec502 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import java.util.ArrayList; @@ -30,14 +29,6 @@ import java.util.Iterator; import java.util.List; import java.util.Map; -import iaik.server.modules.xml.Base64Transformation; -import iaik.server.modules.xml.Canonicalization; -import iaik.server.modules.xml.EnvelopedSignatureTransformation; -import iaik.server.modules.xml.Transformation; -import iaik.server.modules.xml.XPath2Transformation; -import iaik.server.modules.xml.XPathTransformation; -import iaik.server.modules.xml.XSLTTransformation; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform; import at.gv.egovernment.moa.spss.api.common.Transform; @@ -53,41 +44,49 @@ import at.gv.egovernment.moa.spss.server.iaik.xml.XPath2FilterImpl; import at.gv.egovernment.moa.spss.server.iaik.xml.XPath2TransformationImpl; import at.gv.egovernment.moa.spss.server.iaik.xml.XPathTransformationImpl; import at.gv.egovernment.moa.spss.server.iaik.xml.XSLTTransformationImpl; +import iaik.server.modules.xml.Base64Transformation; +import iaik.server.modules.xml.Canonicalization; +import iaik.server.modules.xml.EnvelopedSignatureTransformation; +import iaik.server.modules.xml.Transformation; +import iaik.server.modules.xml.XPath2Transformation; +import iaik.server.modules.xml.XPathTransformation; +import iaik.server.modules.xml.XSLTTransformation; /** - * A factory to create <code>Transformation</code> objects from + * A factory to create <code>Transformation</code> objects from * <code>Transform</code> objects. - * + * * @author Patrick Peck * @version $Id$ */ public class TransformationFactory { - /** The single instance of this class. */ private static TransformationFactory instance = null; - /** Maps <code>XPathFilter</code> filter types to - * <code>XPath2Transformation</code> filter types. */ + /** + * Maps <code>XPathFilter</code> filter types to + * <code>XPath2Transformation</code> filter types. + */ private static Map FILTER_TYPE_MAPPING; static { FILTER_TYPE_MAPPING = new HashMap(); FILTER_TYPE_MAPPING.put( - XPathFilter.INTERSECT_TYPE, - XPath2Transformation.XPath2Filter.INTERSECTION); + XPathFilter.INTERSECT_TYPE, + XPath2Transformation.XPath2Filter.INTERSECTION); FILTER_TYPE_MAPPING.put( - XPathFilter.SUBTRACT_TYPE, - XPath2Transformation.XPath2Filter.SUBTRACTION); + XPathFilter.SUBTRACT_TYPE, + XPath2Transformation.XPath2Filter.SUBTRACTION); FILTER_TYPE_MAPPING.put( - XPathFilter.UNION_TYPE, - XPath2Transformation.XPath2Filter.UNION); + XPathFilter.UNION_TYPE, + XPath2Transformation.XPath2Filter.UNION); } /** * Get the single instance of the factory. - * + * * @return TransformationFactory The single instance. */ public static synchronized TransformationFactory getInstance() { @@ -99,37 +98,36 @@ public class TransformationFactory { /** * Create a new <code>TransformationFactory</code>. - * + * * Protected to disallow multiple instances. */ protected TransformationFactory() { } /** - * Create a <code>Transformation</code> based on a - * <code>Transform</code> object. - * - * @param transform The <code>Transform</code> object to extract - * transformation data from. - * @return The transformation contained in the <code>transform</code> + * Create a <code>Transformation</code> based on a <code>Transform</code> * object. + * + * @param transform The <code>Transform</code> object to extract transformation + * data from. + * @return The transformation contained in the <code>transform</code> object. * @throws MOAApplicationException An error occured creating the - * <code>Transformation</code>. See exception message for details. + * <code>Transformation</code>. See exception + * message for details. */ public Transformation createTransformation(Transform transform) - throws MOAApplicationException { - String algorithmUri = transform.getAlgorithmURI(); + throws MOAApplicationException { + final String algorithmUri = transform.getAlgorithmURI(); if (Canonicalization.CANONICAL_XML.equals(algorithmUri) - || Canonicalization.CANONICAL_XML_WITH_COMMENTS.equals(algorithmUri)) { + || Canonicalization.CANONICAL_XML_WITH_COMMENTS.equals(algorithmUri)) { return createC14nTransformation(algorithmUri); - } else if ( - Canonicalization.EXCLUSIVE_CANONICAL_XML.equals(algorithmUri) + } else if (Canonicalization.EXCLUSIVE_CANONICAL_XML.equals(algorithmUri) || Canonicalization.EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS.equals( - algorithmUri)) { + algorithmUri)) { return createExclusiveC14nTransformation( - (ExclusiveCanonicalizationTransform) transform); + (ExclusiveCanonicalizationTransform) transform); } else if (Base64Transformation.ALL.contains(algorithmUri)) { return createBase64Transformation(); @@ -147,23 +145,24 @@ public class TransformationFactory { } /** - * Create a <code>List</code> of <code>Transformation</code>s from a + * Create a <code>List</code> of <code>Transformation</code>s from a * <code>List</code> of <code>Transform</code>s. - * - * @param transforms The <code>List</code> containing the - * <code>Transform</code>s. + * + * @param transforms The <code>List</code> containing the + * <code>Transform</code>s. * @return The <code>List</code> of <code>Transformation</code>s corresponding - * to the <code>transforms</code>. + * to the <code>transforms</code>. * @throws MOAApplicationException An error occurred building one of the - * transformations. See exception message for details. + * transformations. See exception message for + * details. */ public List createTransformationList(List transforms) - throws MOAApplicationException { - List transformationList = new ArrayList(); + throws MOAApplicationException { + final List transformationList = new ArrayList(); Iterator trIter; for (trIter = transforms.iterator(); trIter.hasNext();) { - Transform transform = (Transform) trIter.next(); + final Transform transform = (Transform) trIter.next(); transformationList.add(createTransformation(transform)); } @@ -172,7 +171,7 @@ public class TransformationFactory { /** * Create a <code>Canonicalization</code>. - * + * * @param algorithmUri The algorithm URI of the canonicalization. * @return The <code>Canonicalization</code>. */ @@ -182,20 +181,20 @@ public class TransformationFactory { /** * Create a <code>ExclusiveCanonicalization</code>. - * - * @param transform The <code>ExclusiveCanonicalizationTransform</code> - * containing the transformation data. + * + * @param transform The <code>ExclusiveCanonicalizationTransform</code> + * containing the transformation data. * @return The <code>ExclusiveCanonicalization</code>. */ private Transformation createExclusiveC14nTransformation(ExclusiveCanonicalizationTransform transform) { return new ExclusiveCanonicalizationImpl( - transform.getAlgorithmURI(), - transform.getInclusiveNamespacePrefixes()); + transform.getAlgorithmURI(), + transform.getInclusiveNamespacePrefixes()); } /** * Create a <code>Base64Transformation</code>. - * + * * @return The <code></code> */ private Transformation createBase64Transformation() { @@ -204,7 +203,7 @@ public class TransformationFactory { /** * Create an <code>EnvelopedSignatureTransformation</code>. - * + * * @return An <code>EnvelopedSignatureTransformation</code>. */ private Transformation createEnvelopedSignatureTransformation() { @@ -213,47 +212,47 @@ public class TransformationFactory { /** * Create an <code>XPathTransformation</code>. - * - * @param transform The <code>Transform</code> object containing the - * XPath transformation. - * @return An <code>XPathTransformation</code> corresponding the - * transformation given in <code>transform</code>. - * @throws MOAApplicationException An error occurred creating the - * <code>Transformation</code>. + * + * @param transform The <code>Transform</code> object containing the XPath + * transformation. + * @return An <code>XPathTransformation</code> corresponding the transformation + * given in <code>transform</code>. + * @throws MOAApplicationException An error occurred creating the + * <code>Transformation</code>. */ private Transformation createXPathTransformation(XPathTransform transform) - throws MOAApplicationException { + throws MOAApplicationException { return new XPathTransformationImpl( - transform.getXPathExpression(), - transform.getNamespaceDeclarations()); + transform.getXPathExpression(), + transform.getNamespaceDeclarations()); } /** * Create an <code>XPath2Transformation</code>. - * - * @param transform The <code>Transform</code> object containing the - * XPath filter transformation. - * @return An <code>XPath2Transformation</code> corresponding the - * transformation given in <code>transform</code>. + * + * @param transform The <code>Transform</code> object containing the XPath + * filter transformation. + * @return An <code>XPath2Transformation</code> corresponding the transformation + * given in <code>transform</code>. * @throws MOAApplicationException An error occurred creating the - * <code>Transformation</code>. + * <code>Transformation</code>. */ private Transformation createXPath2Transformation(XPathFilter2Transform transform) - throws MOAApplicationException { + throws MOAApplicationException { - XPath2TransformationImpl xpath2 = new XPath2TransformationImpl(); + final XPath2TransformationImpl xpath2 = new XPath2TransformationImpl(); Iterator iter; for (iter = transform.getFilters().iterator(); iter.hasNext();) { - XPathFilter filter = (XPathFilter) iter.next(); - String mappedFilterType = - (String) FILTER_TYPE_MAPPING.get(filter.getFilterType()); - XPath2FilterImpl mappedFilter = - new XPath2FilterImpl( - mappedFilterType, - filter.getXPathExpression(), - filter.getNamespaceDeclarations()); + final XPathFilter filter = (XPathFilter) iter.next(); + final String mappedFilterType = + (String) FILTER_TYPE_MAPPING.get(filter.getFilterType()); + final XPath2FilterImpl mappedFilter = + new XPath2FilterImpl( + mappedFilterType, + filter.getXPathExpression(), + filter.getNamespaceDeclarations()); xpath2.addXPathFilter(mappedFilter); } @@ -266,15 +265,15 @@ public class TransformationFactory { /** * Create an <code>XSLTTransformation</code>. - * + * * @param transform The <code>Transform</code> containing the XSLT stylesheet. * @return An <code>XSLTTransformation</code> corresponding the transformation - * given in <code>transform</code>. + * given in <code>transform</code>. * @throws MOAApplicationException An error occurred creating the - * <code>Transformation</code>. + * <code>Transformation</code>. */ private Transformation createXSLTTransformation(XSLTTransform transform) - throws MOAApplicationException { + throws MOAApplicationException { return new XSLTTransformationImpl(transform.getStylesheet()); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index f4121b0..813d28e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -21,13 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; -import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; -import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; -import iaik.server.cmspdfverify.CertificateValidationResult; - import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; @@ -41,28 +36,35 @@ import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.common.TslInfos; import at.gv.egovernment.moa.spss.server.config.TrustProfile; +import iaik.server.cmspdfverify.CertificateValidationResult; +import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; /** * A class to build a <code>VerifyCMSSignatureResponse</code> object. - * - * <p>Via subsequent calls to <code>addResult()</code> a number of results from - * a CMS signature verification can be added to the response.</p> - * - * <p>The <code>getResponseElement()</code> method then returns the - * <code>VerifyCMSSignatureResponse</code> built so far.</p> - * + * + * <p> + * Via subsequent calls to <code>addResult()</code> a number of results from a + * CMS signature verification can be added to the response. + * </p> + * + * <p> + * The <code>getResponseElement()</code> method then returns the + * <code>VerifyCMSSignatureResponse</code> built so far. + * </p> + * * @author Patrick Peck * @version $Id$ */ public class VerifyCMSSignatureResponseBuilder { /** The <code>SPSSFactory</code> for creating API objects. */ - private SPSSFactory factory = SPSSFactory.getInstance(); + private final SPSSFactory factory = SPSSFactory.getInstance(); /** The elements making up the response. */ - private List responseElements = new ArrayList(); + private final List responseElements = new ArrayList(); /** * Get the <code>VerifyCMSSignatureResponse</code> built so far. - * + * * @return The <code>VerifyCMSSignatureResponse</code> built so far. */ public VerifyCMSSignatureResponse getResponse() { @@ -71,112 +73,146 @@ public class VerifyCMSSignatureResponseBuilder { /** * Add a verification result to the response. - * - * @param result The result to add. - * @param trustprofile The actual trustprofile - * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the - * certificate as qualified, otherwise <code>false</code>. - * @param checkSSCD <code>true</code>, if the TSL check verifies the - * signature based on a SSDC, otherwise <code>false</code>. - * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, - * otherwise <code>false</code>. - * @throws MOAException + * + * @param result The result to add. + * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise + * <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from + * the TSL, otherwise <code>false</code>. + * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, - ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos) - throws MOAException { - - CertificateValidationResult certResult = - result.getCertificateValidationResult(); - int signatureCheckCode = - result.getSignatureValueVerificationCode().intValue(); - int certificateCheckCode = certResult.getValidationResultCode().intValue(); - + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, + boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, + List adesResults, + ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, + boolean extendedVerification) + throws MOAException { + + final int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); + final CertificateValidationResult certResult = result.getCertificateValidationResult(); + VerifyCMSSignatureResponseElement responseElement; - SignerInfo signerInfo; + SignerInfo signerInfo = null; CheckResult signatureCheck; CheckResult certificateCheck; - boolean qualifiedCertificate = checkQC; - - // add SignerInfo element - signerInfo = - factory.createSignerInfo( - (X509Certificate) certResult.getCertificateChain().get(0), - qualifiedCertificate, - qcSourceTSL, - certResult.isPublicAuthorityCertificate(), - certResult.getPublicAuthorityID(), - checkSSCD, - sscdSourceTSL, - issuerCountryCode, - result.getSigningTime(), - tslInfos); + final boolean qualifiedCertificate = checkQC; + + // add signature algorithm name in case of extended validation + String sigAlgName = null; + if (extendedVerification) { + sigAlgName = result.getSignatureAlgorithmName(); + + } + + // set code 99 if not certcheckresult exists + int certificateCheckCode = 99; + if (certResult != null) { + certificateCheckCode = certResult.getValidationResultCode().intValue(); + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode, + result.getSigningTime(), + tslInfos); + } // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); - + // build the response element responseElement = - factory.createVerifyCMSSignatureResponseElement( - signerInfo, - signatureCheck, - certificateCheck, - adesResults, - extendedCertificateCheckResult); + factory.createVerifyCMSSignatureResponseElement( + signerInfo, + signatureCheck, + certificateCheck, + adesResults, + extendedCertificateCheckResult, + sigAlgName, + null, + null); responseElements.add(responseElement); } - + /** - * Add a verification result to the response. * - * @param result The result to add. - * @param trustprofile The actual trustprofile - * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the - * certificate as qualified, otherwise <code>false</code>. - * @param checkSSCD <code>true</code>, if the TSL check verifies the - * signature based on a SSDC, otherwise <code>false</code>. - * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, - * otherwise <code>false</code>. - * @throws MOAException + * @param result + * @param trustProfile + * @param checkQC + * @param qcSourceTSL + * @param checkSSCD + * @param sscdSourceTSL + * @param issuerCountryCode + * @param adesResults + * @param extendedCertificateCheckResult + * @param tslInfos + * @param extendedVerification + * @throws MOAException */ - public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, - ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos) - throws MOAException { - - CertificateValidationResult certResult = - result.getCertificateValidationResult(); - int signatureCheckCode = - result.getSignatureValueVerificationCode().intValue(); - + public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, + boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, + List adesResults, + ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, + boolean extendedVerification) + throws MOAException { + + final CertificateValidationResult certResult = + result.getCertificateValidationResult(); + final int signatureCheckCode = + result.getSignatureValueVerificationCode().intValue(); + VerifyCMSSignatureResponseElement responseElement; SignerInfo signerInfo = null; CheckResult signatureCheck; CheckResult certificateCheck; - boolean qualifiedCertificate = checkQC; - - //set code 99 if not certcheckresult exists + final boolean qualifiedCertificate = checkQC; + + // add signature algorithm name in case of extended validation + String sigAlgName = null; + Boolean coversFullDoc = null; + int[] sigByteRange = null; + + if (extendedVerification) { + sigAlgName = result.getSignatureAlgorithmName(); + coversFullDoc = result.byteRangeCoversWholeDocument(); + sigByteRange = result.getByteRange(); + + } + + // set code 99 if not certcheckresult exists int certificateCheckCode = 99; if (certResult != null) { - certificateCheckCode = certResult.getValidationResultCode().intValue(); - - // add SignerInfo element - signerInfo = - factory.createSignerInfo( - (X509Certificate) certResult.getCertificateChain().get(0), - qualifiedCertificate, - qcSourceTSL, - certResult.isPublicAuthorityCertificate(), - certResult.getPublicAuthorityID(), - checkSSCD, - sscdSourceTSL, - issuerCountryCode, - result.getSigningTime(), - tslInfos); + certificateCheckCode = certResult.getValidationResultCode().intValue(); + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode, + result.getSigningTime(), + tslInfos); } // add SignatureCheck element @@ -184,15 +220,18 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); - + // build the response element responseElement = - factory.createVerifyCMSSignatureResponseElement( - signerInfo, - signatureCheck, - certificateCheck, - adesResults, - extendedCertificateCheckResult); + factory.createVerifyCMSSignatureResponseElement( + signerInfo, + signatureCheck, + certificateCheck, + adesResults, + extendedCertificateCheckResult, + sigAlgName, + coversFullDoc, + sigByteRange); responseElements.add(responseElement); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index d8ebd85..7e882ed 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -21,16 +21,15 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.util.ArrayList; +import java.util.Date; import java.util.Iterator; import java.util.List; -import java.util.Date; import javax.xml.crypto.OctetStreamData; import javax.xml.crypto.dsig.CanonicalizationMethod; @@ -69,25 +68,28 @@ import iaik.server.modules.xmlverify.SecurityLayerManifest; import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; import iaik.x509.X509Certificate; -import iaik.xml.crypto.alg.transform.C14NTransformService; import iaik.xml.crypto.dsig.CanonicalizationMethodImpl; /** * A class to build a <code>VerifyXMLSignatureResponse</code> object. - * - * <p>Via a call to <code>addResult()</code> the only result of the - * signature verification must be added.</p> - * - * <p>The <code>getResponseElement()</code> method then returns the - * <code>VerifyXMLSignatureResponse</code> built so far.</p> - * + * + * <p> + * Via a call to <code>addResult()</code> the only result of the signature + * verification must be added. + * </p> + * + * <p> + * The <code>getResponseElement()</code> method then returns the + * <code>VerifyXMLSignatureResponse</code> built so far. + * </p> + * * @author Patrick Peck * @version $Id$ */ public class VerifyXMLSignatureResponseBuilder { /** The <code>SPSSFactory</code> for creating API objects. */ - private SPSSFactory factory = SPSSFactory.getInstance(); + private final SPSSFactory factory = SPSSFactory.getInstance(); /** Information about the signer certificate. */ private SignerInfo signerInfo; @@ -106,205 +108,203 @@ public class VerifyXMLSignatureResponseBuilder { private List adesFormResults = null; private ExtendedCertificateCheckResult extCheckResult = null; private Date signingTime; + + private String signatureAlgorithm = null; + /** * Get the <code>VerifyMLSignatureResponse</code> built so far. - * + * * @return The <code>VerifyXMLSignatureResponse</code> built so far. */ public VerifyXMLSignatureResponse getResponse() { return factory.createVerifyXMLSignatureResponse( - signerInfo, - hashInputDatas, - referenceInputDatas, - signatureCheck, - signatureManifestCheck, - xmlDsigManifestChecks, - certificateCheck, - adesFormResults, - extCheckResult); + signerInfo, + hashInputDatas, + referenceInputDatas, + signatureCheck, + signatureManifestCheck, + xmlDsigManifestChecks, + certificateCheck, + adesFormResults, + extCheckResult, + signatureAlgorithm); } - + public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extCheckResult) { - this.extCheckResult = extCheckResult; + this.extCheckResult = extCheckResult; } - + public void setAdESFormResults(List adesForm) { - this.adesFormResults = adesForm; + this.adesFormResults = adesForm; } /** * Sets the verification result to the response. - * + * * This method must be called exactly once to ensure a valid * <code>VerifyXMLSignatureResponse</code>. - * - * @param result The result to set for the response. - * @param profile The profile used for verifying the signature. - * @param transformsSignatureManifestCheck The overall result for the signature - * manifest check. - * @param certificateCheck The overall result for the certificate check. - * @param checkQC <code>true</code>, if the certificate is QC, otherwise <code>false</code>. - * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, - * otherwise <code>false</code>. - * @param checkSSCD <code>true</code>, if the signature is created by an SSCD, otherwise <code>false</code>. - * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, - * otherwise <code>false</code>. + * + * @param result The result to set for the response. + * @param profile The profile used for verifying the + * signature. + * @param transformsSignatureManifestCheck The overall result for the signature + * manifest check. + * @param certificateCheck The overall result for the + * certificate check. + * @param checkQC <code>true</code>, if the certificate + * is QC, otherwise <code>false</code>. + * @param qcSourceTSL <code>true</code>, if the QC + * information comes from the TSL, + * otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the signature + * is created by an SSCD, otherwise + * <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD + * information comes from the TSL, + * otherwise <code>false</code>. * @throws MOAApplicationException An error occurred adding the result. */ public void setResult( - XMLSignatureVerificationResult result, - XMLSignatureVerificationProfile profile, - ReferencesCheckResult transformsSignatureManifestCheck, - CheckResult certificateCheck, - boolean checkQC, - boolean qcSourceTSL, - boolean checkSSCD, - boolean sscdSourceTSL, - boolean isTSLEnabledTrustprofile, - String issuerCountryCode, - TslInfos tslInfos) - throws MOAApplicationException { - - CertificateValidationResult certResult = - result.getCertificateValidationResult(); + XMLSignatureVerificationResult result, + XMLSignatureVerificationProfile profile, + ReferencesCheckResult transformsSignatureManifestCheck, + CheckResult certificateCheck, + boolean checkQC, + boolean qcSourceTSL, + boolean checkSSCD, + boolean sscdSourceTSL, + boolean isTSLEnabledTrustprofile, + String issuerCountryCode, + TslInfos tslInfos, + boolean isExtendedValidation) + throws MOAApplicationException { + + final CertificateValidationResult certResult = + result.getCertificateValidationResult(); List referenceDataList; - ReferenceData referenceData; + final ReferenceData referenceData; List dsigManifestList; ReferencesCheckResultInfo checkResultInfo; int[] failedReferences; Iterator iter; boolean qualifiedCertificate = false; - + qualifiedCertificate = checkQC; - + + if (isExtendedValidation) { + signatureAlgorithm = result.getSignatureAlgorithmName(); + } + // create the SignerInfo; signerInfo = - factory.createSignerInfo( - (X509Certificate) certResult.getCertificateChain().get(0), - qualifiedCertificate, - qcSourceTSL, - certResult.isPublicAuthorityCertificate(), - certResult.getPublicAuthorityID(), - checkSSCD, - sscdSourceTSL, - issuerCountryCode, - result.getSigningTime(), - tslInfos); - + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode, + result.getSigningTime(), + tslInfos); + + // TODO: add hash algo. infos // Create HashInputData Content objects referenceDataList = result.getReferenceDataList(); if (profile.includeHashInputData()) { hashInputDatas = new ArrayList(); - + // Include SignedInfo references addHashInputDatas( - hashInputDatas, - referenceDataList, - InputData.CONTAINER_SIGNEDINFO_, - InputData.REFERER_NONE_); - + hashInputDatas, + referenceDataList, + InputData.CONTAINER_SIGNEDINFO_, + InputData.REFERER_NONE_); + // Include XMLDSIGManifest references - List xMLDSIGManifests = result.getDsigManifestList(); - for (iter = xMLDSIGManifests.iterator(); iter.hasNext();) - { - DsigManifest currentMF = (DsigManifest) iter.next(); - List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList(); + final List xMLDSIGManifests = result.getDsigManifestList(); + for (iter = xMLDSIGManifests.iterator(); iter.hasNext();) { + final DsigManifest currentMF = (DsigManifest) iter.next(); + final List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList(); addHashInputDatas( - hashInputDatas, - xMLDSIGMFReferenceDataList, - InputData.CONTAINER_XMLDSIGMANIFEST_, - currentMF.getReferringReferenceInfo().getReferenceIndex()); + hashInputDatas, + xMLDSIGMFReferenceDataList, + InputData.CONTAINER_XMLDSIGMANIFEST_, + currentMF.getReferringReferenceInfo().getReferenceIndex()); } } // Create the ReferenceInputData Content objects if (profile.includeReferenceInputData()) { referenceInputDatas = new ArrayList(); - + // Include SignedInfo references addReferenceInputDatas( - referenceInputDatas, - referenceDataList, - InputData.CONTAINER_SIGNEDINFO_, - InputData.REFERER_NONE_); + referenceInputDatas, + referenceDataList, + InputData.CONTAINER_SIGNEDINFO_, + InputData.REFERER_NONE_); // Include XMLDSIGManifest references - List xMLDSIGManifests = result.getDsigManifestList(); - for (iter = xMLDSIGManifests.iterator(); iter.hasNext();) - { - DsigManifest currentMF = (DsigManifest) iter.next(); - List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList(); + final List xMLDSIGManifests = result.getDsigManifestList(); + for (iter = xMLDSIGManifests.iterator(); iter.hasNext();) { + final DsigManifest currentMF = (DsigManifest) iter.next(); + final List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList(); addReferenceInputDatas( - referenceInputDatas, - xMLDSIGMFReferenceDataList, - InputData.CONTAINER_XMLDSIGMANIFEST_, - currentMF.getReferringReferenceInfo().getReferenceIndex()); + referenceInputDatas, + xMLDSIGMFReferenceDataList, + InputData.CONTAINER_XMLDSIGMANIFEST_, + currentMF.getReferringReferenceInfo().getReferenceIndex()); } } // create the signature check failedReferences = buildFailedReferences(result.getReferenceDataList()); checkResultInfo = - failedReferences != null - ? factory.createReferencesCheckResultInfo(null, failedReferences) - : null; + failedReferences != null + ? factory.createReferencesCheckResultInfo(null, failedReferences) + : null; signatureCheck = - factory.createReferencesCheckResult( - result.getSignatureValueVerificationCode().intValue(), - checkResultInfo); + factory.createReferencesCheckResult( + result.getSignatureValueVerificationCode().intValue(), + checkResultInfo); // create the signature manifest check - if (profile.checkSecurityLayerManifest()) - { - if (transformsSignatureManifestCheck.getCode() == 1) - { + if (profile.checkSecurityLayerManifest()) { + if (transformsSignatureManifestCheck.getCode() == 1) { // checking the transforms failed signatureManifestCheck = transformsSignatureManifestCheck; - } - else if (result.isSecurityLayerManifestRequired()) - { - if (!result.containsSecurityLayerManifest()) - { + } else if (result.isSecurityLayerManifestRequired()) { + if (!result.containsSecurityLayerManifest()) { // required security layer manifest is missing in signature signatureManifestCheck = factory.createReferencesCheckResult(2, null); - } - else - { + } else { // security layer manifest exists, so we have to check its validity - SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); - int verificationResult = slManifest.getManifestVerificationResult().intValue(); + final SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); + final int verificationResult = slManifest.getManifestVerificationResult().intValue(); - if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult) - { + if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult) { // security layer manifest exists and is free of errors signatureManifestCheck = factory.createReferencesCheckResult(0, null); - } - else - { + } else { // security layer manifest exists, but has errors failedReferences = buildFailedReferences(slManifest.getReferenceDataList()); - checkResultInfo = (failedReferences != null) - ? factory.createReferencesCheckResultInfo(null, failedReferences) - : null; - if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult) - { - signatureManifestCheck = factory.createReferencesCheckResult(3, checkResultInfo); - } - else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult) - { - signatureManifestCheck = factory.createReferencesCheckResult(4, checkResultInfo); - } - else - { + checkResultInfo = failedReferences != null + ? factory.createReferencesCheckResultInfo(null, failedReferences) + : null; + if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult) { + signatureManifestCheck = factory.createReferencesCheckResult(3, checkResultInfo); + } else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult) { + signatureManifestCheck = factory.createReferencesCheckResult(4, checkResultInfo); + } else { // Should not happen throw new RuntimeException("Unexpected result from security layer manifest verification."); } } } - } - else - { + } else { // no security layer manifest is required, so the signature manifest check is ok signatureManifestCheck = factory.createReferencesCheckResult(0, null); } @@ -315,165 +315,181 @@ public class VerifyXMLSignatureResponseBuilder { xmlDsigManifestChecks = new ArrayList(); dsigManifestList = result.getDsigManifestList(); for (iter = dsigManifestList.iterator(); iter.hasNext();) { - DsigManifest dsigManifest = (DsigManifest) iter.next(); - int refIndex = - dsigManifest.getReferringReferenceInfo().getReferenceIndex(); + final DsigManifest dsigManifest = (DsigManifest) iter.next(); + final int refIndex = + dsigManifest.getReferringReferenceInfo().getReferenceIndex(); ManifestRefsCheckResultInfo manifestCheckResultInfo; failedReferences = - buildFailedReferences(dsigManifest.getReferenceDataList()); + buildFailedReferences(dsigManifest.getReferenceDataList()); manifestCheckResultInfo = - factory.createManifestRefsCheckResultInfo( - null, - failedReferences, - refIndex); + factory.createManifestRefsCheckResultInfo( + null, + failedReferences, + refIndex); xmlDsigManifestChecks.add( - factory.createManifestRefsCheckResult( - dsigManifest.getManifestVerificationResult().intValue(), - manifestCheckResultInfo)); + factory.createManifestRefsCheckResult( + dsigManifest.getManifestVerificationResult().intValue(), + manifestCheckResultInfo)); } } - // create the certificate check + // create the certificate check this.certificateCheck = certificateCheck; - + this.signingTime = result.getSigningTime(); - + } /** - * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. The content of the entry will - * be created from {@link ReferenceData#getHashInputData()}. - * - * @param inputDatas The list to be amended. - * - * @param referenceDataList The list of {@link ReferenceData} objects to be investigated. - * - * @param containerType The type of container of the {@link InputData} objects to be created. - * - * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created. - * - * @throws MOAApplicationException if creating an {@link InputData} fails. + * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. + * The content of the entry will be created from + * {@link ReferenceData#getHashInputData()}. + * + * @param inputDatas The list to be amended. + * + * @param referenceDataList The list of {@link ReferenceData} objects to be + * investigated. + * + * @param containerType The type of container of the {@link InputData} + * objects to be created. + * + * @param refererNumber The number of the referring reference for the + * {@link InputData} objects to be created. + * + * @throws MOAApplicationException if creating an {@link InputData} fails. */ - private void addHashInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber) - throws MOAApplicationException - { - for (Iterator iter = referenceDataList.iterator(); iter.hasNext();) - { - ReferenceData referenceData = (ReferenceData) iter.next(); + private void addHashInputDatas(List inputDatas, List referenceDataList, String containerType, + int refererNumber) + throws MOAApplicationException { + for (final Object element : referenceDataList) { + final ReferenceData referenceData = (ReferenceData) element; inputDatas.add(buildInputData( - referenceData.getHashInputData(), - containerType, - refererNumber)); + referenceData.getHashInputData(), + containerType, + refererNumber, + referenceData.getHashAlgorithmName())); } } - + /** - * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. The content of the entry will - * be created from {@link ReferenceData#getReferenceInputData()}. - * - * @param inputDatas The list to be amended. - * - * @param referenceDataList The list of {@link ReferenceData} objects to be investigated. - * - * @param containerType The type of container of the {@link InputData} objects to be created. - * - * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created. - * - * @throws MOAApplicationException if creating an {@link InputData} fails. + * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. + * The content of the entry will be created from + * {@link ReferenceData#getReferenceInputData()}. + * + * @param inputDatas The list to be amended. + * + * @param referenceDataList The list of {@link ReferenceData} objects to be + * investigated. + * + * @param containerType The type of container of the {@link InputData} + * objects to be created. + * + * @param refererNumber The number of the referring reference for the + * {@link InputData} objects to be created. + * + * @throws MOAApplicationException if creating an {@link InputData} fails. */ - private void addReferenceInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber) - throws MOAApplicationException - { - for (Iterator iter = referenceDataList.iterator(); iter.hasNext();) - { - ReferenceData referenceData = (ReferenceData) iter.next(); + private void addReferenceInputDatas(List inputDatas, List referenceDataList, String containerType, + int refererNumber) + throws MOAApplicationException { + for (final Object element : referenceDataList) { + final ReferenceData referenceData = (ReferenceData) element; inputDatas.add(buildInputData( - referenceData.getReferenceInputData(), - containerType, - refererNumber)); + referenceData.getReferenceInputData(), + containerType, + refererNumber, + referenceData.getHashAlgorithmName())); } } /** * Build a <code>InputDataBinaryImpl</code> or an <code>InputDataXMLImpl</code> * object from the given <code>DataObject</code> and the given attributes. - * - * @param dataObject The <code>DataObject</code> from which to build the result. - * Based on the type of this parameter, the type of the result will either be - * <code>InputDataBinaryImpl</code> or <code>InputDataXMLImpl</code>. - * - * @param partof see {@link InputData} - * + * + * @param dataObject The <code>DataObject</code> from which to + * build the result. Based on the type of this + * parameter, the type of the result will either + * be <code>InputDataBinaryImpl</code> or + * <code>InputDataXMLImpl</code>. + * + * @param partof see {@link InputData} + * * @param referringReferenceNumber see {@link InputData} - * + * + * @param hashAlg see {@link InputData} + * * @return The corresponinding input data implementation. - * * @throws MOAApplicationException An error occurred creating the result. */ - private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber) - throws MOAApplicationException { + private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber, + String hashAlg) + throws MOAApplicationException { if (dataObject instanceof BinaryDataObject) { - BinaryDataObject binaryData = (BinaryDataObject) dataObject; + final BinaryDataObject binaryData = (BinaryDataObject) dataObject; return new InputDataBinaryImpl( - factory.createContent(binaryData.getInputStream(), null), - partOf, - referringReferenceNumber); + factory.createContent(binaryData.getInputStream(), null), + partOf, + referringReferenceNumber, + hashAlg); } else if (dataObject instanceof XMLDataObject) { - XMLDataObject xmlData = (XMLDataObject) dataObject; - List nodes = new ArrayList(); + final XMLDataObject xmlData = (XMLDataObject) dataObject; + final List nodes = new ArrayList(); nodes.add(xmlData.getElement()); return new InputDataXMLImpl( - factory.createContent(new NodeListAdapter(nodes), null), - partOf, - referringReferenceNumber); + factory.createContent(new NodeListAdapter(nodes), null), + partOf, + referringReferenceNumber, + hashAlg); } else { // dataObject instanceof XMLNodeListDataObject // if the data in the NodeList can be converted back to valid XML, - // write it as XMLContent; otherwise, write it as Base64Content - XMLNodeListDataObject nodeData = (XMLNodeListDataObject) dataObject; - NodeList nodes = nodeData.getNodeList(); - + // write it as XMLContent; otherwise, write it as Base64Content + final XMLNodeListDataObject nodeData = (XMLNodeListDataObject) dataObject; + final NodeList nodes = nodeData.getNodeList(); + if (DOMUtils.checkAttributeParentsInNodeList(nodes)) { // insert as XMLContent try { - DocumentFragment fragment = DOMUtils.nodeList2DocumentFragment(nodes); + final DocumentFragment fragment = DOMUtils.nodeList2DocumentFragment(nodes); return new InputDataXMLImpl( - factory.createContent(fragment.getChildNodes(), null), - partOf, - referringReferenceNumber); - } catch (Exception e) { + factory.createContent(fragment.getChildNodes(), null), + partOf, + referringReferenceNumber, + hashAlg); + } catch (final Exception e) { // not successful -> fall through to the Base64Content } } - + // insert canonicalized NodeList as binary content try { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - for(int i = 0; i < nodes.getLength(); i++) { - baos.write(DOMUtils.nodeToByteArray(nodes.item(i))); - } - baos.close(); - ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray()); - OctetStreamData inputData = new OctetStreamData(bais); - - CanonicalizationMethodImpl canonicalizationMethodImpl = new CanonicalizationMethodImpl( - CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, new ExcC14NParameterSpec()); - OctetStreamData data = (OctetStreamData)canonicalizationMethodImpl.transform(inputData, null); - bais.close(); - //CanonicalizationAlgorithm c14n = - //new CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments(); - InputStream is = data.getOctetStream(); - - //c14n.setInput(nodes); - //is = c14n.canonicalize(); + final ByteArrayOutputStream baos = new ByteArrayOutputStream(); + for (int i = 0; i < nodes.getLength(); i++) { + baos.write(DOMUtils.nodeToByteArray(nodes.item(i))); + } + baos.close(); + final ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray()); + final OctetStreamData inputData = new OctetStreamData(bais); + + final CanonicalizationMethodImpl canonicalizationMethodImpl = new CanonicalizationMethodImpl( + CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, new ExcC14NParameterSpec()); + final OctetStreamData data = (OctetStreamData) canonicalizationMethodImpl.transform(inputData, null); + bais.close(); + // CanonicalizationAlgorithm c14n = + // new CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments(); + final InputStream is = data.getOctetStream(); + + // c14n.setInput(nodes); + // is = c14n.canonicalize(); return new InputDataBinaryImpl( - factory.createContent(is, null), - partOf, - referringReferenceNumber); - } catch (Exception e) { + factory.createContent(is, null), + partOf, + referringReferenceNumber, + hashAlg); + } catch (final Exception e) { throw new MOAApplicationException("2200", null); } } @@ -481,27 +497,27 @@ public class VerifyXMLSignatureResponseBuilder { /** * Build the failed references. - * + * * Failed references are references for which the <code>isHashValid()</code> * method returns <code>false</code>. - * - * @param refInfos A <code>List</code> containing the - * <code>ReferenceInfo</code> objects to be checked. - * @return The indexes of the failed references. + * + * @param refInfos A <code>List</code> containing the <code>ReferenceInfo</code> + * objects to be checked. + * @return The indexes of the failed references. */ private int[] buildFailedReferences(List refInfos) { - List failedReferencesList = new ArrayList(); + final List failedReferencesList = new ArrayList(); int i; // find out the failed references for (i = 0; i < refInfos.size(); i++) { - ReferenceInfo refInfo = (ReferenceInfo) refInfos.get(i); + final ReferenceInfo refInfo = (ReferenceInfo) refInfos.get(i); try { if (refInfo.isHashCalculated() && !refInfo.isHashValid()) { failedReferencesList.add(new Integer(i + 1)); } - } catch (HashUnavailableException e) { + } catch (final HashUnavailableException e) { // nothing to do here because we called refInfo.isHashCalculated first } } @@ -510,7 +526,7 @@ public class VerifyXMLSignatureResponseBuilder { if (failedReferencesList.isEmpty()) { return null; } else { - int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList); + final int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList); return failedReferences; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java index ecdd811..e039cb9 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java @@ -21,18 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; -import iaik.server.modules.IAIKException; -import iaik.server.modules.IAIKRuntimeException; -import iaik.server.modules.xml.DataObject; -import iaik.server.modules.xml.XMLDataObject; -import iaik.server.modules.xml.XMLSignature; -import iaik.server.modules.xmlsign.XMLSignatureCreationModule; -import iaik.server.modules.xmlsign.XMLSignatureCreationModuleFactory; -import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; - import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -71,17 +61,25 @@ import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.Constants; import at.gv.egovernment.moaspss.util.XPathUtils; +import iaik.server.modules.IAIKException; +import iaik.server.modules.IAIKRuntimeException; +import iaik.server.modules.xml.DataObject; +import iaik.server.modules.xml.XMLDataObject; +import iaik.server.modules.xml.XMLSignature; +import iaik.server.modules.xmlsign.XMLSignatureCreationModule; +import iaik.server.modules.xmlsign.XMLSignatureCreationModuleFactory; +import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; /** * A class providing an API based interface to the * <code>XMLSignatureCreationModule</code>. - * - * This class performs the invocation of the + * + * This class performs the invocation of the * <code>iaik.server.modules.xmlsign.XMLSignatureCreationModule</code> from a * <code>CreateXMLSignatureRequest</code> given as an API object. The result of * the invocation is integrated into a <code>CreateXMLSignatureResponse</code> * and returned. - * + * * @author Patrick Peck * @version $Id$ */ @@ -92,7 +90,7 @@ public class XMLSignatureCreationInvoker { /** * Get the only instance of this class. - * + * * @return The only instance of this class. */ public static synchronized XMLSignatureCreationInvoker getInstance() { @@ -104,7 +102,7 @@ public class XMLSignatureCreationInvoker { /** * Create a new <code>XMLSignatureCreationInvoker</code>. - * + * * Protected to disallow multiple instances. */ protected XMLSignatureCreationInvoker() { @@ -114,31 +112,31 @@ public class XMLSignatureCreationInvoker { * Process the <code>CreateXMLSignatureRequest<code> message and invoke the * <code>XMLSignatureCreationModule</code> for every * <code>SingleSignatureInfo</code> contained in the request. - * + * * @param request A <code>CreateXMLSignatureRequest<code> API object * containing the information for creating the signature(s). - * @param reserved A <code>Set</code> of reserved object IDs. - * - * @return A <code>CreateXMLSignatureResponse</code> API object containing - * the created signature(s). The response contains either a - * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code> - * for each <code>SingleSignatureInfo</code> in the request. - * @throws MOAException An error occurred during signature creation. + * @param reserved A <code>Set</code> of reserved object IDs. + * + * @return A <code>CreateXMLSignatureResponse</code> API object containing the + * created signature(s). The response contains either a + * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code> for + * each <code>SingleSignatureInfo</code> in the request. + * @throws MOAException An error occurred during signature creation. */ public CreateXMLSignatureResponse createXMLSignature( - CreateXMLSignatureRequest request, - Set reserved) - throws MOAException { - - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = - LoggingContextManager.getInstance().getLoggingContext(); + CreateXMLSignatureRequest request, + Set reserved) + throws MOAException { + + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final LoggingContext loggingCtx = + LoggingContextManager.getInstance().getLoggingContext(); reserved = new HashSet(reserved); - XMLSignatureCreationProfileFactory profileFactory = - new XMLSignatureCreationProfileFactory(request, reserved); - CreateXMLSignatureResponseBuilder responseBuilder = - new CreateXMLSignatureResponseBuilder(); + final XMLSignatureCreationProfileFactory profileFactory = + new XMLSignatureCreationProfileFactory(request, reserved); + final CreateXMLSignatureResponseBuilder responseBuilder = + new CreateXMLSignatureResponseBuilder(); int createCount = 1; IdGenerator refIdGen; XMLSignatureCreationModule module; @@ -153,8 +151,8 @@ public class XMLSignatureCreationInvoker { // iterate over all the SingleSignatureInfo elements in the request while (singleSignatureInfoIter.hasNext()) { - SingleSignatureInfo singleSignatureInfo = - (SingleSignatureInfo) singleSignatureInfoIter.next(); + final SingleSignatureInfo singleSignatureInfo = + (SingleSignatureInfo) singleSignatureInfoIter.next(); CreateSignatureInfo createSignatureInfo; List dataObjectList; XMLSignatureCreationProfile profile; @@ -170,44 +168,47 @@ public class XMLSignatureCreationInvoker { // build the signature environment createSignatureInfo = singleSignatureInfo.getCreateSignatureInfo(); if (createSignatureInfo != null) { - DataObjectFactory dataObjFactory = DataObjectFactory.getInstance(); + final DataObjectFactory dataObjFactory = DataObjectFactory.getInstance(); signatureEnvironment = - dataObjFactory.createSignatureEnvironment( - createSignatureInfo.getCreateSignatureEnvironment(), - getCreateSignatureEnvironmentProfileSupplements(singleSignatureInfo)); + dataObjFactory.createSignatureEnvironment( + createSignatureInfo.getCreateSignatureEnvironment(), + getCreateSignatureEnvironmentProfileSupplements(singleSignatureInfo)); } else { signatureEnvironment = null; } - - HashSet sigInfoReservedIDs = new HashSet(); - if (signatureEnvironment != null) - { + + final HashSet sigInfoReservedIDs = new HashSet(); + if (signatureEnvironment != null) { // Find Id attributes of existing XML signatures in signature environment - HashMap nSMap = new HashMap(); - String dsp = Constants.DSIG_PREFIX; - nSMap.put(dsp, Constants.DSIG_NS_URI); - String xPathExpr = "//" + dsp + ":Signature/@Id | //" + dsp + ":Reference/@Id | //" - + dsp + ":Object/@Id | //" + dsp + ":Manifest/@Id"; - NodeList idAttrs = XPathUtils.selectNodeList(signatureEnvironment.getElement(), nSMap, xPathExpr); - - // Add found Id attributes to set of reserved IDs - for (int i = 0; i < idAttrs.getLength(); i++) sigInfoReservedIDs.add(idAttrs.item(i).getNodeValue()); + final HashMap nSMap = new HashMap(); + final String dsp = Constants.DSIG_PREFIX; + nSMap.put(dsp, Constants.DSIG_NS_URI); + final String xPathExpr = "//" + dsp + ":Signature/@Id | //" + dsp + ":Reference/@Id | //" + + dsp + ":Object/@Id | //" + dsp + ":Manifest/@Id"; + final NodeList idAttrs = XPathUtils.selectNodeList(signatureEnvironment.getElement(), nSMap, + xPathExpr); + + // Add found Id attributes to set of reserved IDs + for (int i = 0; i < idAttrs.getLength(); i++) { + sigInfoReservedIDs.add(idAttrs.item(i).getNodeValue()); + } } // create the reference id generator - HashSet allReservedIDs = new HashSet(reserved); + final HashSet allReservedIDs = new HashSet(reserved); allReservedIDs.addAll(sigInfoReservedIDs); refIdGen = new IdGenerator("reference-" + createCount++, allReservedIDs); // build the list of DataObjects - List createTransformsProfiles = profileFactory.getCreateTransformsInfoProfiles(singleSignatureInfo); + final List createTransformsProfiles = profileFactory.getCreateTransformsInfoProfiles( + singleSignatureInfo); dataObjectList = - buildDataObjectList( - singleSignatureInfo, - createTransformsProfiles, - signatureEnvironment, - refIdGen); + buildDataObjectList( + singleSignatureInfo, + createTransformsProfiles, + signatureEnvironment, + refIdGen); // build the XMLSignatureCreationProfile profile = profileFactory.createProfile(singleSignatureInfo, sigInfoReservedIDs); @@ -218,78 +219,78 @@ public class XMLSignatureCreationInvoker { // build the signatureParentElement if (signatureEnvironment != null) { signatureParent = - buildSignatureParentElement( - signatureEnvironment.getElement(), - singleSignatureInfo); + buildSignatureParentElement( + signatureEnvironment.getElement(), + singleSignatureInfo); } else { signatureParent = null; } - // make the signature environment the root of the document, if it is - // not a separate document anyway; this is done to assure that - // canonicalization of the signature environment contains the correct + // make the signature environment the root of the document, if it is + // not a separate document anyway; this is done to assure that + // canonicalization of the signature environment contains the correct // namespace declarations if (signatureEnvironment != null) { - Document requestDoc = - signatureEnvironment.getElement().getOwnerDocument(); + final Document requestDoc = + signatureEnvironment.getElement().getOwnerDocument(); requestElement = requestDoc.getDocumentElement(); if (requestElement != signatureEnvironment.getElement()) { signatureEnvironmentParent = - signatureEnvironment.getElement().getParentNode(); + signatureEnvironment.getElement().getParentNode(); requestElement.getOwnerDocument().replaceChild( - signatureEnvironment.getElement(), - requestElement); + signatureEnvironment.getElement(), + requestElement); } } try { - ConfigurationProvider config = context.getConfiguration(); - String xadesVersion = config.getXAdESVersion(); - - if (xadesVersion!= null && xadesVersion.compareTo(XMLSignatureCreationModule.XADES_VERSION_1_4_2) == 0) { - // create the signature (XAdES 1.4.2) - signature = - module.createSignature( + final ConfigurationProvider config = context.getConfiguration(); + final String xadesVersion = config.getXAdESVersion(); + + if (xadesVersion != null && xadesVersion.compareTo( + XMLSignatureCreationModule.XADES_VERSION_1_4_2) == 0) { + // create the signature (XAdES 1.4.2) + signature = + module.createSignature( dataObjectList, profile, additionalSignedProperties, signatureParent, XMLSignatureCreationModule.XADES_VERSION_1_4_2, new TransactionId(context.getTransactionID())); - } - else { - // create the signature (XAdES 1.1.1 = default) - signature = - module.createSignature( + } else { + // create the signature (XAdES 1.1.1 = default) + signature = + module.createSignature( dataObjectList, profile, additionalSignedProperties, signatureParent, XMLSignatureCreationModule.XADES_VERSION_1_1_1, new TransactionId(context.getTransactionID())); - } + } // insert the result into the response if (signatureParent != null) { responseBuilder.addSignatureEnvironment( - signatureEnvironment.getElement()); + signatureEnvironment.getElement()); } else { responseBuilder.addSignatureEnvironment(signature.getElement()); } - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); + } catch (final IAIKException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); responseBuilder.addError( - moaException.getMessageId(), - moaException.getMessage()); + moaException.getMessageId(), + moaException.getMessage()); Logger.warn(moaException.getMessage(), e); - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); + } catch (final IAIKRuntimeException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); responseBuilder.addError( - moaException.getMessageId(), - moaException.getMessage()); + moaException.getMessageId(), + moaException.getMessage()); Logger.warn(moaException.getMessage(), e); } @@ -297,14 +298,14 @@ public class XMLSignatureCreationInvoker { if (signatureEnvironment != null) { if (requestElement != signatureEnvironment.getElement()) { requestElement.getOwnerDocument().replaceChild( - requestElement, - signatureEnvironment.getElement()); + requestElement, + signatureEnvironment.getElement()); signatureEnvironmentParent.appendChild( - signatureEnvironment.getElement()); + signatureEnvironment.getElement()); } } - } catch (MOAException e) { + } catch (final MOAException e) { responseBuilder.addError(e.getMessageId(), e.getMessage()); Logger.warn(e.getMessage(), e); } @@ -317,85 +318,88 @@ public class XMLSignatureCreationInvoker { /** * Build the list of <code>DataObject</code>s from the given * <code>SingleSignatureInfo</code> object. - * + * * <p> - * Only the following cases of <code>DataObject</code>s are - * valid in case of an enveloping signature: - * + * Only the following cases of <code>DataObject</code>s are valid in case of an + * enveloping signature: + * * <ul> - * <li><code>Reference == null && Content != null</code>: The + * <li><code>Reference == null && Content != null</code>: The * <code>Content</code> will be used in the <code>DataObject</code>.</li> * <li><code>Reference != null && Content == null</code>: Resolve the - * <code>Reference</code> and use it as <code>DataObject</code>. - * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li> + * <code>Reference</code> and use it as <code>DataObject</code>. Set the + * <code>Reference</code> in the <code>DataObject</code> as well.</li> * </ul> * </p> - * + * * <p> - * Only the following cases of <code>DataObject</code>s are valid in case - * of a detached signature: - * + * Only the following cases of <code>DataObject</code>s are valid in case of a + * detached signature: + * * <ul> * <li><code>Reference != null && Content == null</code>: Resolve the - * <code>Reference</code> and use it as <code>DataObject</code>. - * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li> + * <code>Reference</code> and use it as <code>DataObject</code>. Set the + * <code>Reference</code> in the <code>DataObject</code> as well.</li> * <li><code>Reference != null && Content != null</code>: The - * <code>Content</code> will be used in the <code>DataObject</code>. - * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li> + * <code>Content</code> will be used in the <code>DataObject</code>. Set the + * <code>Reference</code> in the <code>DataObject</code> as well.</li> * </ul> * </p> - * + * * <p> * All other cases will lead to an error. * </p> - * - * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object - * containing the <code>DataObjectInfo</code> objects. - * @param createTransformsProfiles A list of objects of type {@link CreateTransformsInfoProfileExplicit}, - * each representing the transforms info profile information for the corresponding <code>DataObject</code>. - * @param signatureEnvironment The - * @param idGen The ID generator for <code>DataObject</code> references. + * + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object + * containing the <code>DataObjectInfo</code> + * objects. + * @param createTransformsProfiles A list of objects of type + * {@link CreateTransformsInfoProfileExplicit}, + * each representing the transforms info profile + * information for the corresponding + * <code>DataObject</code>. + * @param signatureEnvironment The + * @param idGen The ID generator for <code>DataObject</code> + * references. * @return The <code>List</code> of <code>DataObject</code>s contained in the - * given <code>singleSignatureInfo</code>. - * @throws MOASystemException A system error occurred building the data - * objects. - * @throws MOAApplicationException An error occurred building the data - * objects. + * given <code>singleSignatureInfo</code>. + * @throws MOASystemException A system error occurred building the data + * objects. + * @throws MOAApplicationException An error occurred building the data objects. */ private List buildDataObjectList( - SingleSignatureInfo singleSignatureInfo, - List createTransformsProfiles, - XMLDataObject signatureEnvironment, - IdGenerator idGen) - throws MOASystemException, MOAApplicationException { - - List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); - List dataObjects = new ArrayList(); + SingleSignatureInfo singleSignatureInfo, + List createTransformsProfiles, + XMLDataObject signatureEnvironment, + IdGenerator idGen) + throws MOASystemException, MOAApplicationException { + + final List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); + final List dataObjects = new ArrayList(); Iterator dtIter; - Iterator ctpIter = createTransformsProfiles.iterator(); + final Iterator ctpIter = createTransformsProfiles.iterator(); - for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) - { - DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); - String structure = dataObjInfo.getStructure(); - - CreateTransformsInfoProfileExplicit transformsProfile = - (CreateTransformsInfoProfileExplicit) ctpIter.next(); - MetaInfo finalDataMetaInfo = transformsProfile.getCreateTransformsInfo().getFinalDataMetaInfo(); + for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) { + final DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); + final String structure = dataObjInfo.getStructure(); + + final CreateTransformsInfoProfileExplicit transformsProfile = + (CreateTransformsInfoProfileExplicit) ctpIter.next(); + final MetaInfo finalDataMetaInfo = transformsProfile.getCreateTransformsInfo().getFinalDataMetaInfo(); if (DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)) { dataObjects.add( - buildEnvelopingDataObject( - dataObjInfo.getDataObject(), - finalDataMetaInfo, - idGen.uniqueId())); + buildEnvelopingDataObject( + dataObjInfo.getDataObject(), + finalDataMetaInfo, + idGen.uniqueId())); } else if (DataObjectInfo.STRUCTURE_DETACHED.equals(structure)) { dataObjects.add( - buildDetachedDataObject( - dataObjInfo.getDataObject(), - finalDataMetaInfo, - signatureEnvironment, - idGen.uniqueId())); + buildDetachedDataObject( + dataObjInfo.getDataObject(), + finalDataMetaInfo, + signatureEnvironment, + idGen.uniqueId())); } else { throw new MOAApplicationException("1103", new Object[] { structure }); } @@ -406,126 +410,128 @@ public class XMLSignatureCreationInvoker { } /** - * Build a <code>DataObject</code> to be used in an enveloping - * signature. - * - * @param content The <code>Content</code> object containing the data object. - * <code>ContentOptionalRefType</code>. - * @param finalDataMetaInfo The meta information corresponding with <code>content</code>. - * @param referenceID The reference ID to use in the signature for the - * <code>DataObject</code> created. + * Build a <code>DataObject</code> to be used in an enveloping signature. + * + * @param content The <code>Content</code> object containing the data + * object. <code>ContentOptionalRefType</code>. + * @param finalDataMetaInfo The meta information corresponding with + * <code>content</code>. + * @param referenceID The reference ID to use in the signature for the + * <code>DataObject</code> created. * @return The <code>DataObject</code> representing the data contained in - * <code>dataObjectElem</code>. - * @throws MOAApplicationException An error occurred during the creation of - * the <code>DataObject</code>. - * @throws MOASystemException A system error occurred during the creation of - * the <code>DataObject</code>. + * <code>dataObjectElem</code>. + * @throws MOAApplicationException An error occurred during the creation of the + * <code>DataObject</code>. + * @throws MOASystemException A system error occurred during the creation + * of the <code>DataObject</code>. */ private DataObject buildEnvelopingDataObject( - Content content, - MetaInfo finalDataMetaInfo, - String referenceID) - throws MOASystemException, MOAApplicationException { + Content content, + MetaInfo finalDataMetaInfo, + String referenceID) + throws MOASystemException, MOAApplicationException { - DataObjectFactory factory = DataObjectFactory.getInstance(); + final DataObjectFactory factory = DataObjectFactory.getInstance(); DataObject dataObject; dataObject = - factory.createFromContentOptionalRefType( - content, - finalDataMetaInfo, - referenceID, - false, - false, - true, - false); + factory.createFromContentOptionalRefType( + content, + finalDataMetaInfo, + referenceID, + false, + false, + true, + false); return dataObject; } /** * Build a <code>DataObject</code> to be used in a detached signature. - * - * @param content The <code>Content</code> object containing an the data. - * @param finalDataMetaInfo The meta information corresponding with <code>content</code>. + * + * @param content The <code>Content</code> object containing an the + * data. + * @param finalDataMetaInfo The meta information corresponding with + * <code>content</code>. * @param signatureEnvironment The signature environment where the signature - * will be inserted. - * @param referenceID The reference ID to use in the signature for the - * <code>DataObject</code> created. + * will be inserted. + * @param referenceID The reference ID to use in the signature for the + * <code>DataObject</code> created. * @return The <code>DataObject</code> representing the data contained in - * <code>dataObjectElem</code>. - * @throws MOAApplicationException An error occurred during the creation of - * the <code>DataObject</code>. - * @throws MOASystemException A system error occurred during the creation of - * the <code>DataObject</code>. + * <code>dataObjectElem</code>. + * @throws MOAApplicationException An error occurred during the creation of the + * <code>DataObject</code>. + * @throws MOASystemException A system error occurred during the creation + * of the <code>DataObject</code>. */ private DataObject buildDetachedDataObject( - Content content, - MetaInfo finalDataMetaInfo, - XMLDataObject signatureEnvironment, - String referenceID) - throws MOASystemException, MOAApplicationException { - - String reference = content.getReference(); - DataObjectFactory factory = DataObjectFactory.getInstance(); + Content content, + MetaInfo finalDataMetaInfo, + XMLDataObject signatureEnvironment, + String referenceID) + throws MOASystemException, MOAApplicationException { + + final String reference = content.getReference(); + final DataObjectFactory factory = DataObjectFactory.getInstance(); DataObject dataObject; if (reference == null) { throw new MOAApplicationException("1102", null); } else if ("".equals(reference) || reference.startsWith("#")) { dataObject = - factory.createFromSignatureEnvironment( - signatureEnvironment.getElement(), - reference, - referenceID); + factory.createFromSignatureEnvironment( + signatureEnvironment.getElement(), + reference, + referenceID); } else { dataObject = - factory.createFromContentOptionalRefType( - content, - finalDataMetaInfo, - referenceID, - true, - false, - true, - false); + factory.createFromContentOptionalRefType( + content, + finalDataMetaInfo, + referenceID, + true, + false, + true, + false); } return dataObject; } /** * Build the signature parent element. - * - * @param signatureEnvironment The signature environment containing the - * document in which to insert the signature. - * @param singleSignatureInfo The <code>SingleSignatureInfo</code> - * containing the signature parent element. - * @return An <code>XMLDataObject</code> containing the signature parent - * element or <code>null</code>, if the <code>CreateSignatureInfo</code> is - * <code>null</code>. - * @throws MOAApplicationException An error occurred during the creation of - * the signature parent. + * + * @param signatureEnvironment The signature environment containing the document + * in which to insert the signature. + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> containing + * the signature parent element. + * @return An <code>XMLDataObject</code> containing the signature parent element + * or <code>null</code>, if the <code>CreateSignatureInfo</code> is + * <code>null</code>. + * @throws MOAApplicationException An error occurred during the creation of the + * signature parent. */ private XMLDataObject buildSignatureParentElement( - Element signatureEnvironment, - SingleSignatureInfo singleSignatureInfo) - throws MOAApplicationException { + Element signatureEnvironment, + SingleSignatureInfo singleSignatureInfo) + throws MOAApplicationException { - CreateSignatureInfo createInfo = - singleSignatureInfo.getCreateSignatureInfo(); + final CreateSignatureInfo createInfo = + singleSignatureInfo.getCreateSignatureInfo(); // evaluate the CreateSignatureLocation if (createInfo != null) { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - CreateSignatureEnvironmentProfileExplicit createProfile = - ProfileMapper.mapCreateSignatureEnvironmentProfile( - createInfo.getCreateSignatureEnvironmentProfile(), - config); - CreateSignatureLocation location = - createProfile.getCreateSignatureLocation(); - Element signatureParent = - InvokerUtils.evaluateSignatureLocation(signatureEnvironment, location); + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final CreateSignatureEnvironmentProfileExplicit createProfile = + ProfileMapper.mapCreateSignatureEnvironmentProfile( + createInfo.getCreateSignatureEnvironmentProfile(), + config); + final CreateSignatureLocation location = + createProfile.getCreateSignatureLocation(); + final Element signatureParent = + InvokerUtils.evaluateSignatureLocation(signatureEnvironment, location); return new XMLDataObjectImpl(signatureParent); } else { @@ -534,31 +540,31 @@ public class XMLSignatureCreationInvoker { } /** - * Get the supplements contained in the - * <code>CreateSignatureEnvironmentProfile</code> of the given + * Get the supplements contained in the + * <code>CreateSignatureEnvironmentProfile</code> of the given * <code>SingleSignatureInfo</code>. - * - * @param singleSigInfo The <code>SingleSignatureInfo</code> from which - * to extract the supplements. - * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>s - * or <code>null</code>, if the <code>singleSigInfo</code> does not contain - * supplements. - * @throws MOAApplicationException An error occurred parsing the - * <code>CreateSignatureEnvironmentProfile</code>. + * + * @param singleSigInfo The <code>SingleSignatureInfo</code> from which to + * extract the supplements. + * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>s or + * <code>null</code>, if the <code>singleSigInfo</code> does not contain + * supplements. + * @throws MOAApplicationException An error occurred parsing the + * <code>CreateSignatureEnvironmentProfile</code>. */ private List getCreateSignatureEnvironmentProfileSupplements(SingleSignatureInfo singleSigInfo) - throws MOAApplicationException { - CreateSignatureInfo sigInfo = singleSigInfo.getCreateSignatureInfo(); + throws MOAApplicationException { + final CreateSignatureInfo sigInfo = singleSigInfo.getCreateSignatureInfo(); if (sigInfo != null) { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - CreateSignatureEnvironmentProfileExplicit profile = - ProfileMapper.mapCreateSignatureEnvironmentProfile( - sigInfo.getCreateSignatureEnvironmentProfile(), - config); - List supplements = profile.getSupplements(); + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final CreateSignatureEnvironmentProfileExplicit profile = + ProfileMapper.mapCreateSignatureEnvironmentProfile( + sigInfo.getCreateSignatureEnvironmentProfile(), + config); + final List supplements = profile.getSupplements(); return supplements; } @@ -567,18 +573,18 @@ public class XMLSignatureCreationInvoker { /** * Build the list of additional signed properties. - * + * * Based on the generic configuration setting - * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a - * constant <code>SigningTime</code> will be added to the properties. - * + * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a constant + * <code>SigningTime</code> will be added to the properties. + * * @return The <code>List</code> of additional signed properties. */ private List buildAdditionalSignedProperties() { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - List additionalSignedProperties = Collections.EMPTY_LIST; + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final List additionalSignedProperties = Collections.EMPTY_LIST; return additionalSignedProperties; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java index 32eab9e..c097b0c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java @@ -21,18 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; -import iaik.server.modules.algorithms.HashAlgorithms; -import iaik.server.modules.keys.KeyEntryID; -import iaik.server.modules.keys.KeyModule; -import iaik.server.modules.keys.KeyModuleFactory; -import iaik.server.modules.xml.Canonicalization; -import iaik.server.modules.xmlsign.SignatureStructureTypes; -import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; -import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; - import java.math.BigInteger; import java.security.Principal; import java.security.cert.X509Certificate; @@ -70,12 +60,20 @@ import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.Constants; +import iaik.server.modules.algorithms.HashAlgorithms; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; +import iaik.server.modules.xml.Canonicalization; +import iaik.server.modules.xmlsign.SignatureStructureTypes; +import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; +import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; /** * A factory to create <code>XMLSignatureCreationProfile</code>s from a * <code>CreateXMLSignatureRequest</code>, based on the current MOA * configuration. - * + * * @author Patrick Peck * @version $Id$ */ @@ -91,24 +89,25 @@ public class XMLSignatureCreationProfileFactory { HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512); } - /** The <code>CreateXMLSignatureRequest</code> for which to create the - * profile.*/ - private CreateXMLSignatureRequest request; + /** + * The <code>CreateXMLSignatureRequest</code> for which to create the profile. + */ + private final CreateXMLSignatureRequest request; /** How many profiles have been created based on the same request. */ private int createProfileCount; - /** The <code>Set</code> of reserved object IDs.*/ - private Set reserved; + /** The <code>Set</code> of reserved object IDs. */ + private final Set reserved; /** * Create a new <code>XMLSignatureCreationProfileFactory</code>. - * - * @param request The request for which to create profiles. - * @param reserved The <code>Set</code> of reserved object IDs. IDs will - * be added during signature creation. + * + * @param request The request for which to create profiles. + * @param reserved The <code>Set</code> of reserved object IDs. IDs will be + * added during signature creation. */ public XMLSignatureCreationProfileFactory( - CreateXMLSignatureRequest request, - Set reserved) { + CreateXMLSignatureRequest request, + Set reserved) { this.request = request; this.reserved = reserved; createProfileCount = 1; @@ -117,98 +116,98 @@ public class XMLSignatureCreationProfileFactory { /** * Create a <code>XMLSignatureCreationProfile</code> for the given * <code>SingleSignatureInfo</code> object.. - * + * * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object - * containing information about the creation of a signature. - * @param sigInfoReservedIDs The <code>Set</code> of reserved ID attribue values - * for the particular <code>singleSignatureInfo</code>. + * containing information about the creation of a + * signature. + * @param sigInfoReservedIDs The <code>Set</code> of reserved ID attribue + * values for the particular + * <code>singleSignatureInfo</code>. * @return The <code>XMLSignatureCreationProfile</code> containing additional - * information for creating an XML signature. - * @throws MOASystemException A system error occurred during creation of the - * profile. See message for details - * @throws MOAApplicationException An application error occurred during - * creation of the profile. See message for details. + * information for creating an XML signature. + * @throws MOASystemException A system error occurred during creation of + * the profile. See message for details + * @throws MOAApplicationException An application error occurred during creation + * of the profile. See message for details. */ public XMLSignatureCreationProfile createProfile(SingleSignatureInfo singleSignatureInfo, - Set sigInfoReservedIDs) throws MOASystemException, MOAApplicationException { + Set sigInfoReservedIDs) throws MOASystemException, MOAApplicationException { - HashSet allReservedIDs = new HashSet(reserved); + final HashSet allReservedIDs = new HashSet(reserved); allReservedIDs.addAll(sigInfoReservedIDs); - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); List dataObjectTreatmentList; Set keySet; List transformationSupplements; List createTransformsProfiles; // get the key group id - String keyGroupID = request.getKeyIdentifier(); + final String keyGroupID = request.getKeyIdentifier(); // get digest method on key group level (if configured) - KeyGroup keygroup = config.getKeyGroup(keyGroupID); - if(null == keygroup) { - Logger.error("Could not find key group '" + keyGroupID + "'"); - throw new MOAApplicationException("2231", null); + final KeyGroup keygroup = config.getKeyGroup(keyGroupID); + if (null == keygroup) { + Logger.error("Could not find key group '" + keyGroupID + "'"); + throw new MOAApplicationException("2231", null); } - String configDigestMethodKG = keygroup.getDigestMethodAlgorithm(); + final String configDigestMethodKG = keygroup.getDigestMethodAlgorithm(); // get default digest method (if configured) - String configDigestMethod = config.getDigestMethodAlgorithmName(); - - String xadesVersion = config.getXAdESVersion(); - + final String configDigestMethod = config.getDigestMethodAlgorithmName(); + + final String xadesVersion = config.getXAdESVersion(); + String digestMethodXAdES142 = null; boolean isXAdES142 = false; // if XAdES Version 1.4.2 is configured if (xadesVersion != null && xadesVersion.compareTo("1.4.2") == 0) { - isXAdES142 = true; - Logger.debug("XAdES version '" + xadesVersion + "' used"); + isXAdES142 = true; + Logger.debug("XAdES version '" + xadesVersion + "' used"); } - + if (isXAdES142) { - if (configDigestMethodKG != null) { - // if KG specific digest method is configured - digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG); - if (digestMethodXAdES142 == null) { - error( - "config.17", - new Object[] { configDigestMethodKG}); - throw new MOASystemException("2900", null); - } - Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(configured in KeyGroup)"); - } - else { - // else get default configured digest method - digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod); - if (digestMethodXAdES142 == null) { - error( - "config.17", - new Object[] { configDigestMethod}); - throw new MOASystemException("2900", null); - } - Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(default)"); - - } + if (configDigestMethodKG != null) { + // if KG specific digest method is configured + digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG); + if (digestMethodXAdES142 == null) { + error( + "config.17", + new Object[] { configDigestMethodKG }); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(configured in KeyGroup)"); + } else { + // else get default configured digest method + digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod); + if (digestMethodXAdES142 == null) { + error( + "config.17", + new Object[] { configDigestMethod }); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(default)"); + + } } - - XMLSignatureCreationProfileImpl profile = - new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142); - + final XMLSignatureCreationProfileImpl profile = + new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142); + // build the transformation supplements createTransformsProfiles = - getCreateTransformsInfoProfiles(singleSignatureInfo); + getCreateTransformsInfoProfiles(singleSignatureInfo); transformationSupplements = - buildTransformationSupplements(createTransformsProfiles); + buildTransformationSupplements(createTransformsProfiles); // build and set the data object treatment list dataObjectTreatmentList = - buildDataObjectTreatmentList( - singleSignatureInfo, - createTransformsProfiles, - transformationSupplements, - allReservedIDs, - digestMethodXAdES142); + buildDataObjectTreatmentList( + singleSignatureInfo, + createTransformsProfiles, + transformationSupplements, + allReservedIDs, + digestMethodXAdES142); profile.setDataObjectTreatmentList(dataObjectTreatmentList); // set the key set @@ -232,27 +231,28 @@ public class XMLSignatureCreationProfileFactory { // set insertion location profile.setSignatureInsertionLocation( - getSignatureInsertionLocationIndex(singleSignatureInfo)); + getSignatureInsertionLocationIndex(singleSignatureInfo)); // set the canonicalization algorithm - String canonicalizationURI = config.getCanonicalizationAlgorithmName(); + final String canonicalizationURI = config.getCanonicalizationAlgorithmName(); if (Canonicalization.ALL_EXCLUSIVE.contains(canonicalizationURI)) { - ExclusiveCanonicalizationImpl canonicalization = new ExclusiveCanonicalizationImpl(config.getCanonicalizationAlgorithmName(), null); - profile.setSignedInfoCanonicalization(canonicalization); - + final ExclusiveCanonicalizationImpl canonicalization = new ExclusiveCanonicalizationImpl(config + .getCanonicalizationAlgorithmName(), null); + profile.setSignedInfoCanonicalization(canonicalization); + } else { - CanonicalizationImpl canonicalization = - new CanonicalizationImpl(config.getCanonicalizationAlgorithmName()); - profile.setSignedInfoCanonicalization(canonicalization); - + final CanonicalizationImpl canonicalization = + new CanonicalizationImpl(config.getCanonicalizationAlgorithmName()); + profile.setSignedInfoCanonicalization(canonicalization); + } - + // set the signed properties profile.setSignedProperties(Collections.EMPTY_LIST); // set security layer conformity profile.setSecurityLayerConform( - singleSignatureInfo.isSecurityLayerConform()); + singleSignatureInfo.isSecurityLayerConform()); // update the createProfileCount createProfileCount++; @@ -262,31 +262,32 @@ public class XMLSignatureCreationProfileFactory { /** * Get the <code>List</code> of all <code>CreateTransformsInfoProfile</code>s - * contained in all the <code>DataObjectInfo</code>s of the given + * contained in all the <code>DataObjectInfo</code>s of the given * <code>SingleSignatureInfo</code>. - * + * * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object from - * which to extract the <code>CreateTransformsInfoProfile</code>s. - * @return All <code>CreateTransformsInfoProfile</code>s of all - * <code>DataObjectInfo</code>s of <code>singleSignatureInfo</code>. + * which to extract the + * <code>CreateTransformsInfoProfile</code>s. + * @return All <code>CreateTransformsInfoProfile</code>s of all + * <code>DataObjectInfo</code>s of <code>singleSignatureInfo</code>. * @throws MOAApplicationException An error occurred creating one of the - * profiles. + * profiles. */ List getCreateTransformsInfoProfiles(SingleSignatureInfo singleSignatureInfo) - throws MOAApplicationException { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); - List profiles = new ArrayList(); + throws MOAApplicationException { + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); + final List profiles = new ArrayList(); Iterator dtIter; for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) { - DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); - CreateTransformsInfoProfileExplicit profile = - ProfileMapper.mapCreateTransformsInfoProfile( - dataObjInfo.getCreateTransformsInfoProfile(), - config); + final DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); + final CreateTransformsInfoProfileExplicit profile = + ProfileMapper.mapCreateTransformsInfoProfile( + dataObjInfo.getCreateTransformsInfoProfile(), + config); profiles.add(profile); } @@ -296,41 +297,42 @@ public class XMLSignatureCreationProfileFactory { /** * Build the <code>List</code> of transformation supplements contained in a * <code>SingleSignatureInfo</code> object. - * - * @param createTransformsInfoProfiles The - * <code>CreateTransformsInfoProfile</code> object from which to extract the - * transformation supplements. + * + * @param createTransformsInfoProfiles The + * <code>CreateTransformsInfoProfile</code> + * object from which to extract the + * transformation supplements. * @return A <code>List</code> of <code>DataObject</code>s containing the - * transformation supplements. - * @throws MOASystemException A system error occurred creating one of the - * transformation supplements. + * transformation supplements. + * @throws MOASystemException A system error occurred creating one of the + * transformation supplements. * @throws MOAApplicationException An error occurred creating one of the - * transformation supplements. + * transformation supplements. */ private List buildTransformationSupplements(List createTransformsInfoProfiles) - throws MOASystemException, MOAApplicationException { + throws MOASystemException, MOAApplicationException { - List transformationSupplements = new ArrayList(); - DataObjectFactory factory = DataObjectFactory.getInstance(); + final List transformationSupplements = new ArrayList(); + final DataObjectFactory factory = DataObjectFactory.getInstance(); Iterator iter; for (iter = createTransformsInfoProfiles.iterator(); iter.hasNext();) { - CreateTransformsInfoProfileExplicit profile = - (CreateTransformsInfoProfileExplicit) iter.next(); - List supplements = profile.getSupplements(); + final CreateTransformsInfoProfileExplicit profile = + (CreateTransformsInfoProfileExplicit) iter.next(); + final List supplements = profile.getSupplements(); if (supplements != null) { Iterator supplIter; for (supplIter = supplements.iterator(); supplIter.hasNext();) { - XMLDataObjectAssociation supplement = - (XMLDataObjectAssociation) supplIter.next(); + final XMLDataObjectAssociation supplement = + (XMLDataObjectAssociation) supplIter.next(); transformationSupplements.add( - factory.createFromXmlDataObjectAssociation( - supplement, - false, - true)); + factory.createFromXmlDataObjectAssociation( + supplement, + false, + true)); } } } @@ -341,35 +343,40 @@ public class XMLSignatureCreationProfileFactory { /** * Build the <code>List</code> of <code>DataObjectTreatment</code>s for the * given <code>SingleSignatureInfo</code> object.. - * - * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object - * from which to exctract the <code>CreateTransformsInfoProfile</code>s - * containing the data for the <code>DataObjectTreatment</code>s. - * @param createTransformsInfoProfiles The - * <code>CreateTransformsInfoProfile</code>s contained in the - * <code>singleSignatureInfo</code>. - * @param transformationSupplements Additional parameters for - * transformations contained in <code>DataObjectTreatment</code>s. - * @param reservedIDs The <code>Set</code> of reserved object IDs. + * + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> + * object from which to exctract the + * <code>CreateTransformsInfoProfile</code>s + * containing the data for the + * <code>DataObjectTreatment</code>s. + * @param createTransformsInfoProfiles The + * <code>CreateTransformsInfoProfile</code>s + * contained in the + * <code>singleSignatureInfo</code>. + * @param transformationSupplements Additional parameters for transformations + * contained in + * <code>DataObjectTreatment</code>s. + * @param reservedIDs The <code>Set</code> of reserved object + * IDs. * @return A <code>List</code> of <code>DataObjectTreatment</code> objects. * @throws MOAApplicationException An error occurred building one of the - * <code>DataObjectTreatment</code>s. - * @throws MOASystemException A system error occurred building one of the - * <code>DataObjectTreatment</code>s. + * <code>DataObjectTreatment</code>s. + * @throws MOASystemException A system error occurred building one of the + * <code>DataObjectTreatment</code>s. */ private List buildDataObjectTreatmentList( - SingleSignatureInfo singleSignatureInfo, - List createTransformsInfoProfiles, - List transformationSupplements, - Set reservedIDs, - String digestMethodXAdES142) - throws MOASystemException, MOAApplicationException { - - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - List treatments = new ArrayList(); - List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); + SingleSignatureInfo singleSignatureInfo, + List createTransformsInfoProfiles, + List transformationSupplements, + Set reservedIDs, + String digestMethodXAdES142) + throws MOASystemException, MOAApplicationException { + + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final List treatments = new ArrayList(); + final List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); int dataObjectTreatmentCount = 1; String hashAlgorithmName; Iterator dtIter; @@ -377,44 +384,40 @@ public class XMLSignatureCreationProfileFactory { prIter = createTransformsInfoProfiles.iterator(); for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) { - CreateTransformsInfoProfileExplicit profile = - (CreateTransformsInfoProfileExplicit) prIter.next(); - DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); - IdGenerator objIdGen = - new IdGenerator( - ("signed-data-" + createProfileCount) - + ("-" + dataObjectTreatmentCount++), - reservedIDs); - DataObjectTreatmentImpl treatment = new DataObjectTreatmentImpl(objIdGen); + final CreateTransformsInfoProfileExplicit profile = + (CreateTransformsInfoProfileExplicit) prIter.next(); + final DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); + final IdGenerator objIdGen = + new IdGenerator( + "signed-data-" + createProfileCount + + "-" + dataObjectTreatmentCount++, + reservedIDs); + final DataObjectTreatmentImpl treatment = new DataObjectTreatmentImpl(objIdGen); treatment.setFinalContentType( - profile.getCreateTransformsInfo().getFinalDataMetaInfo().getMimeType()); + profile.getCreateTransformsInfo().getFinalDataMetaInfo().getMimeType()); treatment.setTransformationList(buildTransformationList(profile)); treatment.setReferenceInManifest(dataObjInfo.isChildOfManifest()); // if XAdES version is 1.4.2 if (digestMethodXAdES142 != null) { - // use configured digest algorithm - hashAlgorithmName = digestMethodXAdES142; - } - else { - // stay as it is - hashAlgorithmName = (String) HASH_ALGORITHM_MAPPING.get( - config.getDigestMethodAlgorithmName()); - if (hashAlgorithmName == null) { - error( - "config.17", - new Object[] { config.getDigestMethodAlgorithmName()}); - throw new MOASystemException("2900", null); - } + // use configured digest algorithm + hashAlgorithmName = digestMethodXAdES142; + } else { + // stay as it is + hashAlgorithmName = (String) HASH_ALGORITHM_MAPPING.get( + config.getDigestMethodAlgorithmName()); + if (hashAlgorithmName == null) { + error( + "config.17", + new Object[] { config.getDigestMethodAlgorithmName() }); + throw new MOASystemException("2900", null); + } } - - - treatment.setHashAlgorithmName(hashAlgorithmName); treatment.setIncludedInSignature( - DataObjectInfo.STRUCTURE_ENVELOPING.equals(dataObjInfo.getStructure())); + DataObjectInfo.STRUCTURE_ENVELOPING.equals(dataObjInfo.getStructure())); treatment.setTransformationSupplements(transformationSupplements); treatments.add(treatment); @@ -427,48 +430,48 @@ public class XMLSignatureCreationProfileFactory { /** * Build the <code>List</code> of transformations contained in a * <code>CreateTransformsInfoProfile</code> object. - * - * @param profile The <code>CreateTransformsInfoProfile</code> object - * from which to extract the <code>Transform</code>s. - * @return A <code>List</code> of <code>Transformation</code>s contained in - * the given <code>CreateTransformsInfoProfile</code>. + * + * @param profile The <code>CreateTransformsInfoProfile</code> object from which + * to extract the <code>Transform</code>s. + * @return A <code>List</code> of <code>Transformation</code>s contained in the + * given <code>CreateTransformsInfoProfile</code>. * @throws MOAApplicationException An error occurred building one of the - * <code>Transformation</code>s. + * <code>Transformation</code>s. */ private List buildTransformationList(CreateTransformsInfoProfileExplicit profile) - throws MOAApplicationException { + throws MOAApplicationException { - TransformationFactory factory = TransformationFactory.getInstance(); - List transforms = profile.getCreateTransformsInfo().getTransforms(); + final TransformationFactory factory = TransformationFactory.getInstance(); + final List transforms = profile.getCreateTransformsInfo().getTransforms(); return transforms != null - ? factory.createTransformationList(transforms) - : Collections.EMPTY_LIST; + ? factory.createTransformationList(transforms) + : Collections.EMPTY_LIST; } /** * Build the set of <code>KeyEntryID</code>s available to the given * <code>keyGroupID</code>. - * + * * @param keyGroupID The keygroup ID for which the available keys should be - * returned. - * @return The <code>Set</code> of <code>KeyEntryID</code>s - * identifying the available keys. + * returned. + * @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the + * available keys. */ private Set buildKeySet(String keyGroupID) { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); Set keyGroupEntries; // get the KeyGroup entries from the configuration if (context.getClientCertificate() != null) { - X509Certificate cert = context.getClientCertificate()[0]; - Principal issuer = cert.getIssuerDN(); - BigInteger serialNumber = cert.getSerialNumber(); + final X509Certificate cert = context.getClientCertificate()[0]; + final Principal issuer = cert.getIssuerDN(); + final BigInteger serialNumber = cert.getSerialNumber(); keyGroupEntries = - config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); + config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); } else { keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); } @@ -479,23 +482,23 @@ public class XMLSignatureCreationProfileFactory { } else if (keyGroupEntries.size() == 0) { return Collections.EMPTY_SET; } else { - KeyModule module = - KeyModuleFactory.getInstance( - new TransactionId(context.getTransactionID())); - Set keyEntryIDs = module.getPrivateKeyEntryIDs(); - Set keySet = new HashSet(); + final KeyModule module = + KeyModuleFactory.getInstance( + new TransactionId(context.getTransactionID())); + final Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + final Set keySet = new HashSet(); Iterator iter; // filter out the keys that do not exist in the IAIK configuration // by walking through the key entries and checking if the exist in the // keyGroupEntries for (iter = keyEntryIDs.iterator(); iter.hasNext();) { - KeyEntryID entryID = (KeyEntryID) iter.next(); - KeyGroupEntry entry = - new KeyGroupEntry( - entryID.getModuleID(), - entryID.getCertificateIssuer(), - entryID.getCertificateSerialNumber()); + final KeyEntryID entryID = (KeyEntryID) iter.next(); + final KeyGroupEntry entry = + new KeyGroupEntry( + entryID.getModuleID(), + entryID.getCertificateIssuer(), + entryID.getCertificateSerialNumber()); if (keyGroupEntries.contains(entry)) { keySet.add(entryID); } @@ -507,29 +510,31 @@ public class XMLSignatureCreationProfileFactory { /** * Get the signature location index where the signature will be inserted into * the signature parent element. - * + * * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object - * containing the <code>CreateSignatureLocation</code>. + * containing the + * <code>CreateSignatureLocation</code>. * @return The index at which to insert the signature into the signature - * environment. - * @throws MOAApplicationException An error occurred parsing the - * <code>CreateSignatureEnvironmentProfile</code>. + * environment. + * @throws MOAApplicationException An error occurred parsing the + * <code>CreateSignatureEnvironmentProfile</code>. */ - private XMLSignatureInsertionLocation getSignatureInsertionLocationIndex(SingleSignatureInfo singleSignatureInfo) - throws MOAApplicationException { + private XMLSignatureInsertionLocation getSignatureInsertionLocationIndex( + SingleSignatureInfo singleSignatureInfo) + throws MOAApplicationException { - CreateSignatureInfo createInfo = - singleSignatureInfo.getCreateSignatureInfo(); + final CreateSignatureInfo createInfo = + singleSignatureInfo.getCreateSignatureInfo(); if (createInfo != null) { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - CreateSignatureEnvironmentProfileExplicit profile = - ProfileMapper.mapCreateSignatureEnvironmentProfile( - createInfo.getCreateSignatureEnvironmentProfile(), - config); - int index = profile.getCreateSignatureLocation().getIndex(); + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final CreateSignatureEnvironmentProfileExplicit profile = + ProfileMapper.mapCreateSignatureEnvironmentProfile( + createInfo.getCreateSignatureEnvironmentProfile(), + config); + final int index = profile.getCreateSignatureLocation().getIndex(); return new XMLSignatureInsertionLocationImpl(index); } else { @@ -539,12 +544,12 @@ public class XMLSignatureCreationProfileFactory { /** * Utility function to issue an error message to the log. - * - * @param messageId The ID of the message to log. + * + * @param messageId The ID of the message to log. * @param parameters Additional message parameters. */ private static void error(String messageId, Object[] parameters) { - MessageProvider msg = MessageProvider.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); Logger.error(new LogMsg(msg.getMessage(messageId, parameters))); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 827728c..b97cc95 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -37,8 +37,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.xml.ws.soap.AddressingFeature.Responses; - import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -49,7 +47,6 @@ import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; -import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo; @@ -78,12 +75,9 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.CollectionUtils; import at.gv.egovernment.moaspss.util.Constants; import iaik.server.ConfigurationException; -import iaik.server.modules.AdESConstants; -import iaik.server.modules.AdESFormVerificationResult; import iaik.server.modules.IAIKException; import iaik.server.modules.IAIKRuntimeException; import iaik.server.modules.SignatureVerificationProfile; -import iaik.server.modules.SignatureVerificationResult; import iaik.server.modules.xml.DataObject; import iaik.server.modules.xml.XMLDataObject; import iaik.server.modules.xml.XMLSignature; @@ -103,666 +97,667 @@ import iaik.xml.crypto.utils.URIException; /** * A class providing a DOM based interface to the * <code>XMLSignatureVerificationModule</code>. - * + * * This class performs the invocation of the * <code>iaik.server.modules.xmlverify.XMLSignatureVerificationModule</code> * from a <code>VerifyXMLSignatureRequest</code> given as a DOM element. The * result of the invocation is integrated into a * <code>VerifyXMLSignatureResponse</code> and returned. - * + * * @author Patrick Peck * @version $Id$ */ public class XMLSignatureVerificationInvoker { - /** The single instance of this class. */ - private static XMLSignatureVerificationInvoker instance = null; - - private static Set FILTERED_REF_TYPES; - - static { - FILTERED_REF_TYPES = new HashSet(); - FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE); - FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE); - FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD); - FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties"); - FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties"); - } - - /** - * Get the single instance of this class. - * - * @return The single instance of this class. - */ - public static synchronized XMLSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new XMLSignatureVerificationInvoker(); - } - return instance; - } - - /** - * Create a new <code>XMLSignatureCreationInvoker</code>. - * - * Protected to disallow multiple instances. - */ - protected XMLSignatureVerificationInvoker() { - } - - /** - * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the - * <code>XMLSignatureVerificationModule</code>. - * - * @param request - * A <code>VerifyXMLSignatureRequest<code> API object - * containing the data for verifying an XML signature. - * @return A <code>VerifyXMLSignatureResponse</code> containing the answert - * to the <code>VerifyXMLSignatureRequest</code>. MOA schema - * definition. - * @throws MOAException - * An error occurred during signature verification. - */ - public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) throws MOAException { - - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); - XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request); - VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder(); - ExtendedXMLSignatureVerificationResult result = null; - XMLSignatureVerificationResult plainResult; - XMLSignatureVerificationProfile profile; - ReferencesCheckResult signatureManifestCheck; - DataObjectFactory dataObjFactory; - XMLDataObject signatureEnvironment; - Node signatureEnvironmentParent = null; - Element requestElement = null; - XMLSignature xmlSignature; - Date signingTime; - List supplements; - List dataObjectList; - - // get the supplements - supplements = getSupplements(request); - - // build XMLSignature - dataObjFactory = DataObjectFactory.getInstance(); - signatureEnvironment = dataObjFactory - .createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements); - xmlSignature = buildXMLSignature(signatureEnvironment, request); - - // build the list of DataObjects - dataObjectList = buildDataObjectList(supplements); - - // build profile - profile = profileFactory.createProfile(); - - // get the signingTime - signingTime = request.getDateTime(); - - // make the signature environment the root of the document, if it is not - // a - // separate document anyway; this is done to assure that - // canonicalization - // of the signature environment contains the correct namespace - // declarations - requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement(); - if (requestElement != signatureEnvironment.getElement()) { - signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode(); - requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement); - } - - QCSSCDResult qcsscdresult = new QCSSCDResult(); - String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId(); - ConfigurationProvider config = ConfigurationProvider.getInstance(); - TrustProfile tp = config.getTrustProfile(tpID); - - // verify the signature - try { - XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - - if(request.getExtendedValidaiton()) { - result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, - new TransactionId(context.getTransactionID())); - plainResult = result.getXMLSignatureVerificationResult(); - } else { - plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime, - new TransactionId(context.getTransactionID())); - } - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } - - ExtendedCertificateCheckResult extCheckResult; - if(result != null) { - List adesResults = null;// - - adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - - responseBuilder.setAdESFormResults(adesResults); - - try { - //Logger.info("Extended Validation Report: " + result.getName()); - Logger.info("Extended Validation Code: " + result.getResultCode().toString()); - Logger.info("Extended Validation Info: " + result.getInfo()); - - extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); - responseBuilder.setExtendedCertificateCheckResult(extCheckResult); - } catch (ConfigurationException e) { - Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); - } catch (NullPointerException e) { - Logger.info("No extendend validation result available."); - } - } - // QC/SSCD check - List list = plainResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, plainResult.getSigningTime(), tp.isTSLEnabled(), config); - } - - // get signer certificate issuer country code - String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); - - // swap back in the request as root document - if (requestElement != signatureEnvironment.getElement()) { - requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement()); - signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); - } - - // check the result - signatureManifestCheck = validateSignatureManifest(request, plainResult, - profile); - - // Check if signer certificate is in trust profile's allowed signer - // certificates pool - TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - CheckResult certificateCheck = validateSignerCertificate(plainResult, - trustProfile); - - // build the response - responseBuilder.setResult(plainResult, profile, signatureManifestCheck, - certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), - qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos()); - return responseBuilder.getResponse(); - } - - /** - * Checks if the signer certificate matches one of the allowed signer - * certificates specified in the provided <code>trustProfile</code>. - * - * @param result - * The result produced by the - * <code>XMLSignatureVerificationModule</code>. - * - * @param trustProfile - * The trust profile the signer certificate is validated against. - * - * @return The overal result of the certificate validation for the signer - * certificate. - * - * @throws MOAException - * if one of the signer certificates specified in the - * <code>trustProfile</code> cannot be read from the file - * system. - */ - private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, - TrustProfile trustProfile) - throws MOAException { - MessageProvider msg = MessageProvider.getInstance(); - - int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue(); - - if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) { - X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult() - .getCertificateChain().get(0); - - File signerCertsDir = null; - try { - signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath()); - } catch (URIException e) { - throw new MOASystemException("2900", null, e); // Should not - // happen, - // already - // checked at - // loading the - // MOA - // configuration - } - - File[] files = signerCertsDir.listFiles(); - if (files == null) - resultCode = 1; - int i; - for (i = 0; i < files.length; i++) { - if (!files[i].isDirectory()) { - FileInputStream currentFIS = null; - try { - currentFIS = new FileInputStream(files[i]); - } catch (FileNotFoundException e) { - throw new MOASystemException("2900", null, e); - } - - try { - X509Certificate currentCert = new X509Certificate(currentFIS); - currentFIS.close(); - if (currentCert.equals(signerCertificate)) - break; - } catch (Exception e) { - // Simply ignore file if it cannot be interpreted as - // certificate - String logMsg = msg.getMessage("invoker.03", - new Object[] { trustProfile.getId(), files[i].getName() }); - Logger.warn(logMsg); - try { - currentFIS.close(); - } catch (IOException e1) { - // If clean-up fails, do nothing - } - } - } - } - if (i >= files.length) { - resultCode = 1; // No signer certificate from the trustprofile - // pool matches the actual signer certificate - } - } - - SPSSFactory factory = SPSSFactory.getInstance(); - return factory.createCheckResult(resultCode, null); - } - - /** - * Select the <code>dsig:Signature</code> DOM element within the signature - * environment. - * - * @param signatureEnvironment - * The signature environment containing the - * <code>dsig:Signature</code>. - * @param request - * The <code>VerifyXMLSignatureRequest</code> containing the - * signature environment. - * @return The <code>dsig:Signature</code> element wrapped in a - * <code>XMLSignature</code> object. - * @throws MOAApplicationException - * An error occurred locating the <code>dsig:Signature</code>. - */ - private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment, VerifyXMLSignatureRequest request) - throws MOAApplicationException { - - VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation(); - Element signatureParent; - - // evaluate the VerifySignatureLocation to get the signature parent - signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(), signatureLocation); - - // check for signatureParent to be a dsig:Signature element - if (!"Signature".equals(signatureParent.getLocalName()) - || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) { - throw new MOAApplicationException("2266", null); - } - - return new XMLSignatureImpl(signatureParent); - } - - /** - * Build the supplemental data objects contained in the - * <code>VerifyXMLSignatureRequest</code>. - * - * @param supplements - * A <code>List</code> of <code>XMLDataObjectAssociation</code>s - * containing the supplement data. - * @return A <code>List</code> of <code>DataObject</code>s representing the - * supplemental data objects. - * @throws MOASystemException - * A system error occurred building one of the data objects. - * @throws MOAApplicationException - * An error occurred building one of the data objects. - */ - private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException { - List dataObjectList = new ArrayList(); - - DataObjectFactory factory = DataObjectFactory.getInstance(); - DataObject dataObject; - Iterator iter; - - if (supplements != null) { - for (iter = supplements.iterator(); iter.hasNext();) { - XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next(); - dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false); - dataObjectList.add(dataObject); - } - } - - return dataObjectList; - - } - - /** - * Get the supplemental data contained in the - * <code>VerifyXMLSignatureRequest</code>. - * - * @param request - * The <code>VerifyXMLSignatureRequest</code> containing the - * supplemental data. - * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> - * objects containing the supplemental data. - * @throws MOAApplicationException - * An error occurred resolving one of the supplement profiles. - */ - private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException { - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - List supplementProfiles = request.getSupplementProfiles(); - - List supplements = new ArrayList(); - - if (supplementProfiles != null) { - - List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config); - Iterator iter; - - for (iter = mappedProfiles.iterator(); iter.hasNext();) { - SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next(); - supplements.add(profile.getSupplementProfile()); - } - - } - return supplements; - } - - /** - * Perform additional validations of the - * <code>XMLSignatureVerificationResult</code>. - * - * <p> - * In particular, it is verified that: - * <ul> - * <li>Each <code>ReferenceData</code> object contains transformation chain - * that matches one of the <code>Transforms</code> given in the - * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code> - * </li> - * <li>The hash values of the <code>TransformParameter</code>s are valid. - * </li> - * </ul> - * </p> - * - * @param request - * The <code>VerifyXMLSignatureRequest</code> containing the - * signature to verify. - * @param result - * The result produced by - * <code>XMLSignatureVerificationModule</code>. - * @param profile - * The profile used for validating the <code>request</code>. - * @return The result of additional validations of the signature manifest. - * @throws MOAApplicationException - * Post-validation of the - * <code>XMLSignatureVerificaitonResult</code> failed. - */ - private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request, - XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile) - throws MOAApplicationException { - - SPSSFactory factory = SPSSFactory.getInstance(); - MessageProvider msg = MessageProvider.getInstance(); - - // validate that each ReferenceData object contains transforms specified - // in the corresponding SignatureManifestCheckParams/ReferenceInfo - if (request.getSignatureManifestCheckParams() != null) { - List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos(); - List refDatas = filterReferenceInfos(result.getReferenceDataList()); - List failedReferencesList = new ArrayList(); - Iterator refInfoIter; - Iterator refDataIter; - - if (refInfos.size() != refDatas.size()) { - return factory.createReferencesCheckResult(1, null); - } - - refInfoIter = refInfos.iterator(); - refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator(); - - while (refInfoIter.hasNext()) { - ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next(); - ReferenceData refData = (ReferenceData) refDataIter.next(); - List transforms = buildTransformsList(refInfo); - boolean found = false; - Iterator trIter; - - for (trIter = transforms.iterator(); trIter.hasNext() && !found;) { - found = trIter.next().equals(refData.getTransformationList()); - } - - if (!found) { - Integer refIndex = new Integer(refData.getReferenceIndex()); - String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex }); - - failedReferencesList.add(refIndex); - Logger.debug(new LogMsg(logMsg)); - } - } - - if (!failedReferencesList.isEmpty()) { - // at least one reference failed - return their indexes and - // check code 1 - int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList); - ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, failedReferences); - - return factory.createReferencesCheckResult(1, checkInfo); - } - } - - // validate the hashes contained in all the ReferenceInfo objects of the - // security layer manifest - if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) { - Map hashValues = buildTransformParameterHashValues(request); - Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements()); - List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList(); - Iterator refIter; - - for (refIter = referenceInfoList.iterator(); refIter.hasNext();) { - iaik.server.modules.xmlverify.ReferenceInfo ref = (iaik.server.modules.xmlverify.ReferenceInfo) refIter - .next(); - byte[] hash = (byte[]) hashValues.get(ref.getURI()); - - if (!transformParameterURIs.contains(ref.getURI()) - || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) { - - // the transform parameter doesn't exist or the hashs do not - // match - // return the index of the failed reference and check code 1 - int[] failedReferences = new int[] { ref.getReferenceIndex() }; - ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, - failedReferences); - String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref.getReferenceIndex()) }); - - Logger.debug(new LogMsg(logMsg)); - - return factory.createReferencesCheckResult(1, checkInfo); - } - } - } - - return factory.createReferencesCheckResult(0, null); - } - - /** - * Get all <code>Transform</code>s contained in all the - * <code>VerifyTransformsInfoProfile</code>s of the given - * <code>ReferenceInfo</code>. - * - * @param refInfo - * The <code>ReferenceInfo</code> object containing the - * transformations. - * @return A <code>List</code> of <code>List</code>s. Each of the - * <code>List</code>s contains <code>Transformation</code> objects. - * @throws MOAApplicationException - * An error occurred building one of the - * <code>Transformation</code>s. - */ - private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException { - - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - List profiles = refInfo.getVerifyTransformsInfoProfiles(); - List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); - List transformsList = new ArrayList(); - TransformationFactory factory = TransformationFactory.getInstance(); - Iterator iter; - - for (iter = mappedProfiles.iterator(); iter.hasNext();) { - VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next(); - List transforms = profile.getTransforms(); - - if (transforms != null) { - transformsList.add(factory.createTransformationList(transforms)); - } - } - - return transformsList; - } - - /** - * Build the <code>Set</code> of all <code>TransformParameter</code> URIs. - * - * @param transformParameters - * The <code>List</code> of <code>TransformParameter</code>s, as - * provided to the verification. - * @return The <code>Set</code> of all <code>TransformParameter</code> URIs. - */ - private Set buildTransformParameterURIs(List transformParameters) { - Set uris = new HashSet(); - Iterator iter; - - for (iter = transformParameters.iterator(); iter.hasNext();) { - DataObject transformParameter = (DataObject) iter.next(); - uris.add(transformParameter.getURI()); - } - - return uris; - } - - /** - * Build a mapping between <code>TransformParameter</code> URIs (a - * <code>String</code> and <code>dsig:HashValue</code> (a - * <code>byte[]</code>). - * - * @param request - * The <code>VerifyXMLSignatureRequest</code>. - * @return Map The resulting mapping. - * @throws MOAApplicationException - * An error occurred accessing one of the profiles. - */ - private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) throws MOAApplicationException { - - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - Map hashValues = new HashMap(); - List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos(); - Iterator refIter; - - for (refIter = refInfos.iterator(); refIter.hasNext();) { - ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); - List profiles = refInfo.getVerifyTransformsInfoProfiles(); - List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); - Iterator prIter; - - for (prIter = mappedProfiles.iterator(); prIter.hasNext();) { - VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter.next(); - List trParameters = profile.getTransformParameters(); - Iterator trIter; - - for (trIter = trParameters.iterator(); trIter.hasNext();) { - TransformParameter transformParameter = (TransformParameter) trIter.next(); - String uri = transformParameter.getURI(); - - if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) { - hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue()); - } - - } - } - } - return hashValues; - } - - /** - * Filter the <code>ReferenceInfo</code>s returned by the - * <code>VerifyXMLSignatureResult</code> for comparison with the - * <code>ReferenceInfo</code> elements in the request. - * - * @param referenceInfos - * The <code>ReferenceInfo</code>s from the - * <code>VerifyXMLSignatureResult</code>. - * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type - * is not a XMLDsig manifest, Security Layer manifest, or ETSI - * signed property. - */ - private List filterReferenceInfos(List referenceInfos) { - List filtered = new ArrayList(); - Iterator iter; - - for (iter = referenceInfos.iterator(); iter.hasNext();) { - iaik.server.modules.xmlverify.ReferenceInfo refInfo = (iaik.server.modules.xmlverify.ReferenceInfo) iter - .next(); - String refType = refInfo.getReferenceType(); - - if (refType == null || !FILTERED_REF_TYPES.contains(refType)) { - filtered.add(refInfo); - } - } - - return filtered; - } - - private List getAdESResult(ExtendedXMLSignatureVerificationResult adesFormVerification) throws ConfigurationException { - if (adesFormVerification == null) { - // no form information - return null; - } - - List adesList = new ArrayList(); - - /* - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), - SignatureVerificationProfile.LEVEL_LTA, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), - SignatureVerificationProfile.LEVEL_LT, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), - SignatureVerificationProfile.LEVEL_T, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), - SignatureVerificationProfile.LEVEL_B, adesList); - */ - - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), - SignatureVerificationProfile.LEVEL_LT, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.ADES_T_VALIDATION), - SignatureVerificationProfile.LEVEL_T, adesList); - AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), - SignatureVerificationProfile.LEVEL_B, adesList); - - return adesList; - } + /** The single instance of this class. */ + private static XMLSignatureVerificationInvoker instance = null; + + private static Set FILTERED_REF_TYPES; + + static { + FILTERED_REF_TYPES = new HashSet(); + FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE); + FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE); + FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD); + FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties"); + FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties"); + } + + /** + * Get the single instance of this class. + * + * @return The single instance of this class. + */ + public static synchronized XMLSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new XMLSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>XMLSignatureCreationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected XMLSignatureVerificationInvoker() { + } + + /** + * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the + * <code>XMLSignatureVerificationModule</code>. + * + * @param request A <code>VerifyXMLSignatureRequest<code> API object + * containing the data for verifying an XML signature. + * @return A <code>VerifyXMLSignatureResponse</code> containing the answert + * to the <code>VerifyXMLSignatureRequest</code>. MOA schema + * definition. + * @throws MOAException An error occurred during signature verification. + */ + public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) + throws MOAException { + + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + final XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory( + request); + final VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder(); + ExtendedXMLSignatureVerificationResult result = null; + XMLSignatureVerificationResult plainResult; + XMLSignatureVerificationProfile profile; + ReferencesCheckResult signatureManifestCheck; + DataObjectFactory dataObjFactory; + XMLDataObject signatureEnvironment; + Node signatureEnvironmentParent = null; + Element requestElement = null; + XMLSignature xmlSignature; + Date signingTime; + List supplements; + List dataObjectList; + + // get the supplements + supplements = getSupplements(request); + + // build XMLSignature + dataObjFactory = DataObjectFactory.getInstance(); + signatureEnvironment = dataObjFactory + .createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements); + xmlSignature = buildXMLSignature(signatureEnvironment, request); + + // build the list of DataObjects + dataObjectList = buildDataObjectList(supplements); + + // build profile + profile = profileFactory.createProfile(); + + // get the signingTime + signingTime = request.getDateTime(); + + // make the signature environment the root of the document, if it is not + // a + // separate document anyway; this is done to assure that + // canonicalization + // of the signature environment contains the correct namespace + // declarations + requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement(); + if (requestElement != signatureEnvironment.getElement()) { + signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode(); + requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement); + } + + QCSSCDResult qcsscdresult = new QCSSCDResult(); + final String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId(); + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final TrustProfile tp = config.getTrustProfile(tpID); + + // verify the signature + try { + final XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + if (request.getExtendedValidaiton()) { + result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, + new TransactionId(context.getTransactionID())); + plainResult = result.getXMLSignatureVerificationResult(); + } else { + plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime, + new TransactionId(context.getTransactionID())); + } + } catch (final IAIKException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (final IAIKRuntimeException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } + + ExtendedCertificateCheckResult extCheckResult; + if (result != null) { + List adesResults = null;// + + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + + if (Logger.isDebugEnabled()) { + if (adesResults != null) { + final Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.debug("ADES Formresults: " + adesIterator.next().toString()); + } + } + } + + responseBuilder.setAdESFormResults(adesResults); + + try { + // Logger.info("Extended Validation Report: " + result.getName()); + Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); + Logger.debug("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + responseBuilder.setExtendedCertificateCheckResult(extCheckResult); + + } catch (final NullPointerException e) { + Logger.info("No extendend validation result available."); + } + } + // QC/SSCD check + final List list = plainResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + final X509Certificate[] chain = new X509Certificate[list.size()]; + + final Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, plainResult.getSigningTime(), tp.isTSLEnabled(), + config); + } + + // get signer certificate issuer country code + final String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + // swap back in the request as root document + if (requestElement != signatureEnvironment.getElement()) { + requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement()); + signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); + } + + // check the result + signatureManifestCheck = validateSignatureManifest(request, plainResult, + profile); + + // Check if signer certificate is in trust profile's allowed signer + // certificates pool + final TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + final CheckResult certificateCheck = validateSignerCertificate(plainResult, + trustProfile); + + // build the response + responseBuilder.setResult(plainResult, profile, signatureManifestCheck, + certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), + qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos(), + request.getExtendedValidaiton()); + return responseBuilder.getResponse(); + } + + /** + * Checks if the signer certificate matches one of the allowed signer + * certificates specified in the provided <code>trustProfile</code>. + * + * @param result The result produced by the + * <code>XMLSignatureVerificationModule</code>. + * + * @param trustProfile The trust profile the signer certificate is validated + * against. + * + * @return The overal result of the certificate validation for the signer + * certificate. + * + * @throws MOAException if one of the signer certificates specified in the + * <code>trustProfile</code> cannot be read from the file + * system. + */ + private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, + TrustProfile trustProfile) + throws MOAException { + final MessageProvider msg = MessageProvider.getInstance(); + + int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue(); + + if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) { + final X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult() + .getCertificateChain().get(0); + + File signerCertsDir = null; + try { + signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath()); + } catch (final URIException e) { + throw new MOASystemException("2900", null, e); // Should not + // happen, + // already + // checked at + // loading the + // MOA + // configuration + } + + final File[] files = signerCertsDir.listFiles(); + if (files == null) { + resultCode = 1; + } + int i; + for (i = 0; i < files.length; i++) { + if (!files[i].isDirectory()) { + FileInputStream currentFIS = null; + try { + currentFIS = new FileInputStream(files[i]); + } catch (final FileNotFoundException e) { + throw new MOASystemException("2900", null, e); + } + + try { + final X509Certificate currentCert = new X509Certificate(currentFIS); + currentFIS.close(); + if (currentCert.equals(signerCertificate)) { + break; + } + } catch (final Exception e) { + // Simply ignore file if it cannot be interpreted as + // certificate + final String logMsg = msg.getMessage("invoker.03", + new Object[] { trustProfile.getId(), files[i].getName() }); + Logger.warn(logMsg); + try { + currentFIS.close(); + } catch (final IOException e1) { + // If clean-up fails, do nothing + } + } + } + } + if (i >= files.length) { + resultCode = 1; // No signer certificate from the trustprofile + // pool matches the actual signer certificate + } + } + + final SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckResult(resultCode, null); + } + + /** + * Select the <code>dsig:Signature</code> DOM element within the signature + * environment. + * + * @param signatureEnvironment The signature environment containing the + * <code>dsig:Signature</code>. + * @param request The <code>VerifyXMLSignatureRequest</code> + * containing the signature environment. + * @return The <code>dsig:Signature</code> element wrapped in a + * <code>XMLSignature</code> object. + * @throws MOAApplicationException An error occurred locating the + * <code>dsig:Signature</code>. + */ + private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment, + VerifyXMLSignatureRequest request) + throws MOAApplicationException { + + final VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation(); + Element signatureParent; + + // evaluate the VerifySignatureLocation to get the signature parent + signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(), + signatureLocation); + + // check for signatureParent to be a dsig:Signature element + if (!"Signature".equals(signatureParent.getLocalName()) + || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) { + throw new MOAApplicationException("2266", null); + } + + return new XMLSignatureImpl(signatureParent); + } + + /** + * Build the supplemental data objects contained in the + * <code>VerifyXMLSignatureRequest</code>. + * + * @param supplements A <code>List</code> of + * <code>XMLDataObjectAssociation</code>s containing the + * supplement data. + * @return A <code>List</code> of <code>DataObject</code>s representing the + * supplemental data objects. + * @throws MOASystemException A system error occurred building one of the + * data objects. + * @throws MOAApplicationException An error occurred building one of the data + * objects. + */ + private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException { + final List dataObjectList = new ArrayList(); + + final DataObjectFactory factory = DataObjectFactory.getInstance(); + DataObject dataObject; + Iterator iter; + + if (supplements != null) { + for (iter = supplements.iterator(); iter.hasNext();) { + final XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next(); + dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false); + dataObjectList.add(dataObject); + } + } + + return dataObjectList; + + } + + /** + * Get the supplemental data contained in the + * <code>VerifyXMLSignatureRequest</code>. + * + * @param request The <code>VerifyXMLSignatureRequest</code> containing the + * supplemental data. + * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> objects + * containing the supplemental data. + * @throws MOAApplicationException An error occurred resolving one of the + * supplement profiles. + */ + private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException { + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final List supplementProfiles = request.getSupplementProfiles(); + + final List supplements = new ArrayList(); + + if (supplementProfiles != null) { + + final List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config); + Iterator iter; + + for (iter = mappedProfiles.iterator(); iter.hasNext();) { + final SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next(); + supplements.add(profile.getSupplementProfile()); + } + + } + return supplements; + } + + /** + * Perform additional validations of the + * <code>XMLSignatureVerificationResult</code>. + * + * <p> + * In particular, it is verified that: + * <ul> + * <li>Each <code>ReferenceData</code> object contains transformation chain that + * matches one of the <code>Transforms</code> given in the corresponding + * <code>SignatureManifestCheckParams/ReferenceInfo</code></li> + * <li>The hash values of the <code>TransformParameter</code>s are valid.</li> + * </ul> + * </p> + * + * @param request The <code>VerifyXMLSignatureRequest</code> containing the + * signature to verify. + * @param result The result produced by + * <code>XMLSignatureVerificationModule</code>. + * @param profile The profile used for validating the <code>request</code>. + * @return The result of additional validations of the signature manifest. + * @throws MOAApplicationException Post-validation of the + * <code>XMLSignatureVerificaitonResult</code> + * failed. + */ + private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request, + XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile) + throws MOAApplicationException { + + final SPSSFactory factory = SPSSFactory.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); + + // validate that each ReferenceData object contains transforms specified + // in the corresponding SignatureManifestCheckParams/ReferenceInfo + if (request.getSignatureManifestCheckParams() != null) { + final List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos(); + final List refDatas = filterReferenceInfos(result.getReferenceDataList()); + final List failedReferencesList = new ArrayList(); + Iterator refInfoIter; + Iterator refDataIter; + + if (refInfos.size() != refDatas.size()) { + return factory.createReferencesCheckResult(1, null); + } + + refInfoIter = refInfos.iterator(); + refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator(); + + while (refInfoIter.hasNext()) { + final ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next(); + final ReferenceData refData = (ReferenceData) refDataIter.next(); + final List transforms = buildTransformsList(refInfo); + boolean found = false; + Iterator trIter; + + for (trIter = transforms.iterator(); trIter.hasNext() && !found;) { + found = trIter.next().equals(refData.getTransformationList()); + } + + if (!found) { + final Integer refIndex = new Integer(refData.getReferenceIndex()); + final String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex }); + + failedReferencesList.add(refIndex); + Logger.debug(new LogMsg(logMsg)); + } + } + + if (!failedReferencesList.isEmpty()) { + // at least one reference failed - return their indexes and + // check code 1 + final int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList); + final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, + failedReferences); + + return factory.createReferencesCheckResult(1, checkInfo); + } + } + + // validate the hashes contained in all the ReferenceInfo objects of the + // security layer manifest + if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) { + final Map hashValues = buildTransformParameterHashValues(request); + final Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements()); + final List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList(); + Iterator refIter; + + for (refIter = referenceInfoList.iterator(); refIter.hasNext();) { + final iaik.server.modules.xmlverify.ReferenceInfo ref = + (iaik.server.modules.xmlverify.ReferenceInfo) refIter + .next(); + final byte[] hash = (byte[]) hashValues.get(ref.getURI()); + + if (!transformParameterURIs.contains(ref.getURI()) + || hash != null && !Arrays.equals(hash, ref.getHashValue())) { + + // the transform parameter doesn't exist or the hashs do not + // match + // return the index of the failed reference and check code 1 + final int[] failedReferences = new int[] { ref.getReferenceIndex() }; + final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, + failedReferences); + final String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref + .getReferenceIndex()) }); + + Logger.debug(new LogMsg(logMsg)); + + return factory.createReferencesCheckResult(1, checkInfo); + } + } + } + + return factory.createReferencesCheckResult(0, null); + } + + /** + * Get all <code>Transform</code>s contained in all the + * <code>VerifyTransformsInfoProfile</code>s of the given + * <code>ReferenceInfo</code>. + * + * @param refInfo The <code>ReferenceInfo</code> object containing the + * transformations. + * @return A <code>List</code> of <code>List</code>s. Each of the + * <code>List</code>s contains <code>Transformation</code> objects. + * @throws MOAApplicationException An error occurred building one of the + * <code>Transformation</code>s. + */ + private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException { + + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final List profiles = refInfo.getVerifyTransformsInfoProfiles(); + final List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); + final List transformsList = new ArrayList(); + final TransformationFactory factory = TransformationFactory.getInstance(); + Iterator iter; + + for (iter = mappedProfiles.iterator(); iter.hasNext();) { + final VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next(); + final List transforms = profile.getTransforms(); + + if (transforms != null) { + transformsList.add(factory.createTransformationList(transforms)); + } + } + + return transformsList; + } + + /** + * Build the <code>Set</code> of all <code>TransformParameter</code> URIs. + * + * @param transformParameters The <code>List</code> of + * <code>TransformParameter</code>s, as provided to + * the verification. + * @return The <code>Set</code> of all <code>TransformParameter</code> URIs. + */ + private Set buildTransformParameterURIs(List transformParameters) { + final Set uris = new HashSet(); + Iterator iter; + + for (iter = transformParameters.iterator(); iter.hasNext();) { + final DataObject transformParameter = (DataObject) iter.next(); + uris.add(transformParameter.getURI()); + } + + return uris; + } + + /** + * Build a mapping between <code>TransformParameter</code> URIs (a + * <code>String</code> and <code>dsig:HashValue</code> (a <code>byte[]</code>). + * + * @param request The <code>VerifyXMLSignatureRequest</code>. + * @return Map The resulting mapping. + * @throws MOAApplicationException An error occurred accessing one of the + * profiles. + */ + private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) + throws MOAApplicationException { + + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final Map hashValues = new HashMap(); + final List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos(); + Iterator refIter; + + for (refIter = refInfos.iterator(); refIter.hasNext();) { + final ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); + final List profiles = refInfo.getVerifyTransformsInfoProfiles(); + final List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); + Iterator prIter; + + for (prIter = mappedProfiles.iterator(); prIter.hasNext();) { + final VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter + .next(); + final List trParameters = profile.getTransformParameters(); + Iterator trIter; + + for (trIter = trParameters.iterator(); trIter.hasNext();) { + final TransformParameter transformParameter = (TransformParameter) trIter.next(); + final String uri = transformParameter.getURI(); + + if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) { + hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue()); + } + + } + } + } + return hashValues; + } + + /** + * Filter the <code>ReferenceInfo</code>s returned by the + * <code>VerifyXMLSignatureResult</code> for comparison with the + * <code>ReferenceInfo</code> elements in the request. + * + * @param referenceInfos The <code>ReferenceInfo</code>s from the + * <code>VerifyXMLSignatureResult</code>. + * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type is + * not a XMLDsig manifest, Security Layer manifest, or ETSI signed + * property. + */ + private List filterReferenceInfos(List referenceInfos) { + final List filtered = new ArrayList(); + Iterator iter; + + for (iter = referenceInfos.iterator(); iter.hasNext();) { + final iaik.server.modules.xmlverify.ReferenceInfo refInfo = + (iaik.server.modules.xmlverify.ReferenceInfo) iter + .next(); + final String refType = refInfo.getReferenceType(); + + if (refType == null || !FILTERED_REF_TYPES.contains(refType)) { + filtered.add(refInfo); + } + } + + return filtered; + } + + private List getAdESResult(ExtendedXMLSignatureVerificationResult adesFormVerification) + throws ConfigurationException { + if (adesFormVerification == null) { + // no form information + return null; + } + + final List adesList = new ArrayList(); + + /* + * checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile + * .LEVEL_LTA), SignatureVerificationProfile.LEVEL_LTA, adesList); + * checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile + * .LEVEL_LT), SignatureVerificationProfile.LEVEL_LT, adesList); + * checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile + * .LEVEL_T), SignatureVerificationProfile.LEVEL_T, adesList); + * checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile + * .LEVEL_B), SignatureVerificationProfile.LEVEL_B, adesList); + */ + + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult( + iaik.esi.sva.util.Constants.LONG_TERM_VALIDATION), + SignatureVerificationProfile.LEVEL_LT, adesList); + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult( + iaik.esi.sva.util.Constants.ADES_T_VALIDATION), + SignatureVerificationProfile.LEVEL_T, adesList); + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), + SignatureVerificationProfile.LEVEL_B, adesList); + + return adesList; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java index 3e4c712..7fcd0e9 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import java.util.ArrayList; @@ -29,8 +28,6 @@ import java.util.Collections; import java.util.Iterator; import java.util.List; -import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; @@ -43,26 +40,29 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.spss.server.iaik.xmlverify.XMLSignatureVerificationProfileImpl; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; /** * A factory to create a <code>XMLSignatureVerificationProfile</code> from a * <code>VerifyXMLSignatureRequest</code>, based on the current MOA * configuration. - * + * * @author Patrick Peck * @version $Id$ */ public class XMLSignatureVerificationProfileFactory { - /** The <code>VerifyXMLSignatureRequest</code> for which to create profile - * information. */ - private VerifyXMLSignatureRequest request; + /** + * The <code>VerifyXMLSignatureRequest</code> for which to create profile + * information. + */ + private final VerifyXMLSignatureRequest request; /** * Create a new <code>XMLSignatureVerificationProfileFactory</code>. - * - * @param request The <code>VerifyXMLSignatureRequest</code> to extract - * profile data from. + * + * @param request The <code>VerifyXMLSignatureRequest</code> to extract profile + * data from. */ public XMLSignatureVerificationProfileFactory(VerifyXMLSignatureRequest request) { this.request = request; @@ -71,19 +71,19 @@ public class XMLSignatureVerificationProfileFactory { /** * Create a <code>XMLSignatureCreationProfile</code> from the * <code>VerifyXMLSignaturesRequest</code> and the current MOA configuration. - * + * * @return The <code>XMLSignatureVerificationProfile</code> containing - * additional information for verifying an XML signature. - * @throws MOASystemException A system error occurred building the profile. + * additional information for verifying an XML signature. + * @throws MOASystemException A system error occurred building the profile. * @throws MOAApplicationException An error occurred building the profile. */ public XMLSignatureVerificationProfile createProfile() - throws MOASystemException, MOAApplicationException { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - XMLSignatureVerificationProfileImpl profile = - new XMLSignatureVerificationProfileImpl(); + throws MOASystemException, MOAApplicationException { + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final XMLSignatureVerificationProfileImpl profile = + new XMLSignatureVerificationProfileImpl(); SignatureManifestCheckParams checkParams; String trustProfileID; @@ -93,49 +93,50 @@ public class XMLSignatureVerificationProfileFactory { // set the certificate validation profile trustProfileID = request.getTrustProfileId(); profile.setCertificateValidationProfile( - new PKIProfileImpl(config, trustProfileID)); + new PKIProfileImpl(config, trustProfileID)); // set whether hash input data is to be included profile.setIncludeHashInputData(request.getReturnHashInputData()); // set the security layer manifest check parameters - // and transformation supplements (if present) + // and transformation supplements (if present) checkParams = request.getSignatureManifestCheckParams(); profile.setCheckSecurityLayerManifest(true); - profile.setIncludeReferenceInputData(checkParams != null ? checkParams.getReturnReferenceInputData() : false); + profile.setIncludeReferenceInputData(checkParams != null ? checkParams.getReturnReferenceInputData() + : false); if (checkParams != null) { - List transformationSupplements; - transformationSupplements = buildTransformationSupplements(); - profile.setTransformationSupplements(transformationSupplements); + List transformationSupplements; + transformationSupplements = buildTransformationSupplements(); + profile.setTransformationSupplements(transformationSupplements); } else { - profile.setTransformationSupplements(Collections.EMPTY_LIST); + profile.setTransformationSupplements(Collections.EMPTY_LIST); } - + profile.setPermitFileURIs(config.getPermitFileURIs()); - + return profile; } /** * Build supplemental data objects used in the transformations. - * + * * @return A <code>List</code> of <code>DataObject</code>s providing - * supplemental data to the transformations. - * @throws MOASystemException A system error occurred building one of the - * transformations. + * supplemental data to the transformations. + * @throws MOASystemException A system error occurred building one of the + * transformations. * @throws MOAApplicationException An error occurred building one of the - * transformations. + * transformations. */ public List buildTransformationSupplements() - throws MOASystemException, MOAApplicationException { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - ConfigurationProvider config = context.getConfiguration(); - SignatureManifestCheckParams checkParams = - request.getSignatureManifestCheckParams(); - List transformsProfiles = new ArrayList(); - List transformationSupplements = new ArrayList(); - DataObjectFactory factory = DataObjectFactory.getInstance(); + throws MOASystemException, MOAApplicationException { + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final ConfigurationProvider config = context.getConfiguration(); + final SignatureManifestCheckParams checkParams = + request.getSignatureManifestCheckParams(); + final List transformsProfiles = new ArrayList(); + final List transformationSupplements = new ArrayList(); + final DataObjectFactory factory = DataObjectFactory.getInstance(); List refInfos = checkParams.getReferenceInfos(); Iterator refIter; Iterator prIter; @@ -144,26 +145,26 @@ public class XMLSignatureVerificationProfileFactory { // build the list of all VerifyTransformsInfoProfiles in all ReferenceInfos refInfos = checkParams.getReferenceInfos(); for (refIter = refInfos.iterator(); refIter.hasNext();) { - ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); - List profiles = refInfo.getVerifyTransformsInfoProfiles(); + final ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); + final List profiles = refInfo.getVerifyTransformsInfoProfiles(); transformsProfiles.addAll( - ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config)); + ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config)); } // build the DataObjects for (prIter = transformsProfiles.iterator(); prIter.hasNext();) { - VerifyTransformsInfoProfileExplicit profile = - (VerifyTransformsInfoProfileExplicit) prIter.next(); - List transformParameters = profile.getTransformParameters(); + final VerifyTransformsInfoProfileExplicit profile = + (VerifyTransformsInfoProfileExplicit) prIter.next(); + final List transformParameters = profile.getTransformParameters(); for (trIter = transformParameters.iterator(); trIter.hasNext();) { - TransformParameter trParam = (TransformParameter) trIter.next(); + final TransformParameter trParam = (TransformParameter) trIter.next(); transformationSupplements.add( - factory.createFromTransformParameter(trParam)); + factory.createFromTransformParameter(trParam)); } } - + return transformationSupplements; } |