aboutsummaryrefslogtreecommitdiff
path: root/moaSig
diff options
context:
space:
mode:
Diffstat (limited to 'moaSig')
-rw-r--r--moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd123
-rw-r--r--moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd59
-rw-r--r--moaSig/libs/iaik_cms.jarbin450450 -> 458630 bytes
-rw-r--r--moaSig/libs/iaik_cpades.jarbin112366 -> 120778 bytes
-rw-r--r--moaSig/libs/iaik_eccelerate.jarbin214094 -> 359608 bytes
-rw-r--r--moaSig/libs/iaik_eccelerate_cms.jarbin4274 -> 4501 bytes
-rw-r--r--moaSig/libs/iaik_jce_full.jarbin1129729 -> 1160539 bytes
-rw-r--r--moaSig/libs/iaik_moa.jarbin521087 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_pki_module.jarbin795075 -> 587331 bytes
-rw-r--r--moaSig/libs/iaik_sigval.jarbin75880 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_sigvallib.jarbin123663 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_tsp.jarbin40487 -> 40487 bytes
-rw-r--r--moaSig/libs/iaik_xades.jarbin432176 -> 312190 bytes
-rw-r--r--moaSig/libs/iaik_xsect.jarbin603047 -> 422263 bytes
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java6
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java3
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java19
-rw-r--r--moaSig/moa-sig-lib/src/main/resources/sva.config85
19 files changed, 262 insertions, 38 deletions
diff --git a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd
index d0ce075..4aa67aa 100644
--- a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd
+++ b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd
@@ -125,8 +125,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/>
<xsd:complexType name="QualifyingPropertiesType">
<xsd:sequence>
- <xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/>
- <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/>
+ <xsd:element ref="SignedProperties" minOccurs="0"/>
+ <xsd:element ref="UnsignedProperties" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="Target" type="xsd:anyURI" use="required"/>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
@@ -136,8 +136,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="SignedProperties" type="SignedPropertiesType"/>
<xsd:complexType name="SignedPropertiesType">
<xsd:sequence>
- <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType" minOccurs="0"/>
- <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/>
+ <xsd:element ref="SignedSignatureProperties" minOccurs="0"/>
+ <xsd:element ref="SignedDataObjectProperties" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
@@ -146,21 +146,26 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType"/>
<xsd:complexType name="UnsignedPropertiesType">
<xsd:sequence>
- <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType" minOccurs="0"/>
- <xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType" minOccurs="0"/>
+ <xsd:element ref="UnsignedSignatureProperties" minOccurs="0"/>
+ <xsd:element ref="UnsignedDataObjectProperties" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
<!-- End UnsignedProperties-->
<!-- Start SignedSignatureProperties-->
+ <!-- Definition changed: added new optional children for EN -->
<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>
<xsd:complexType name="SignedSignaturePropertiesType">
<xsd:sequence>
- <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
- <xsd:element name="SigningCertificate" type="CertIDListType" minOccurs="0"/>
- <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType" minOccurs="0"/>
- <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" minOccurs="0"/>
- <xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/>
+ <xsd:element ref="SigningTime" minOccurs="0"/>
+ <xsd:element ref="SigningCertificate" minOccurs="0"/>
+ <xsd:element ref="SigningCertificateV2" minOccurs="0"/>
+ <xsd:element ref="SignaturePolicyIdentifier" minOccurs="0"/>
+ <xsd:element ref="SignatureProductionPlace" minOccurs="0"/>
+ <xsd:element ref="SignatureProductionPlaceV2" minOccurs="0"/>
+ <xsd:element ref="SignerRole" minOccurs="0"/>
+ <xsd:element ref="SignerRoleV2" minOccurs="0"/>
+ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
@@ -169,10 +174,11 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType"/>
<xsd:complexType name="SignedDataObjectPropertiesType">
<xsd:sequence>
- <xsd:element name="DataObjectFormat" type="DataObjectFormatType" minOccurs="0" maxOccurs="unbounded"/>
- <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType" minOccurs="0" maxOccurs="unbounded"/>
- <xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/>
- <xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="DataObjectFormat" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="CommitmentTypeIndication" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="AllDataObjectsTimeStamp" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="IndividualDataObjectsTimeStamp" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
@@ -181,19 +187,19 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType"/>
<xsd:complexType name="UnsignedSignaturePropertiesType">
<xsd:choice maxOccurs="unbounded">
- <xsd:element name="CounterSignature" type="CounterSignatureType"/>
- <xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/>
- <xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/>
- <xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/>
- <xsd:element name="AttributeCertificateRefs" type="CompleteCertificateRefsType"/>
- <xsd:element name="AttributeRevocationRefs" type="CompleteRevocationRefsType"/>
- <xsd:element name="SigAndRefsTimeStamp" type="XAdESTimeStampType"/>
- <xsd:element name="RefsOnlyTimeStamp" type="XAdESTimeStampType"/>
- <xsd:element name="CertificateValues" type="CertificateValuesType"/>
- <xsd:element name="RevocationValues" type="RevocationValuesType"/>
- <xsd:element name="AttrAuthoritiesCertValues" type="CertificateValuesType"/>
- <xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/>
- <xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/>
+ <xsd:element ref="CounterSignature"/>
+ <xsd:element ref="SignatureTimeStamp"/>
+ <xsd:element ref="CompleteCertificateRefs"/>
+ <xsd:element ref="CompleteRevocationRefs"/>
+ <xsd:element ref="AttributeCertificateRefs"/>
+ <xsd:element ref="AttributeRevocationRefs"/>
+ <xsd:element ref="SigAndRefsTimeStamp"/>
+ <xsd:element ref="RefsOnlyTimeStamp"/>
+ <xsd:element ref="CertificateValues"/>
+ <xsd:element ref="RevocationValues"/>
+ <xsd:element ref="AttrAuthoritiesCertValues"/>
+ <xsd:element ref="AttributeRevocationValues"/>
+ <xsd:element ref="ArchiveTimeStamp"/>
<xsd:any namespace="##other"/>
</xsd:choice>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
@@ -240,6 +246,21 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
</xsd:sequence>
</xsd:complexType>
<!-- End SigningCertificate -->
+ <!-- Start SigningCertificateV2 and CertIDListV2Type -->
+ <xsd:element name="SigningCertificateV2" type="CertIDListV2Type"/>
+ <xsd:complexType name="CertIDListV2Type">
+ <xsd:sequence>
+ <xsd:element name="Cert" type="CertIDTypeV2" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CertIDTypeV2">
+ <xsd:sequence>
+ <xsd:element name="CertDigest" type="DigestAlgAndValueType"/>
+ <xsd:element name="IssuerSerialV2" type="xsd:base64Binary" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>
+ </xsd:complexType>
+ <!-- End SigningCertificateV2 and CertIDListV2Type -->
<!-- Start SignaturePolicyIdentifier -->
<xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>
<xsd:complexType name="SignaturePolicyIdentifierType">
@@ -287,6 +308,7 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:sequence>
<xsd:element ref="ds:Signature"/>
</xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
<!-- End CounterSignature -->
<!-- Start DataObjectFormat -->
@@ -330,6 +352,18 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
</xsd:sequence>
</xsd:complexType>
<!-- End SignatureProductionPlace -->
+ <!-- Start SignatureProductionPlaceV2 and SignatureProductionPlaceV2Type -->
+ <xsd:element name="SignatureProductionPlaceV2" type="SignatureProductionPlaceV2Type"/>
+ <xsd:complexType name="SignatureProductionPlaceV2Type">
+ <xsd:sequence>
+ <xsd:element name="City" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="StreetAddress" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="CountryName" type="xsd:string" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- End SignatureProductionPlace -->
<!-- Start SignerRole -->
<xsd:element name="SignerRole" type="SignerRoleType"/>
<xsd:complexType name="SignerRoleType">
@@ -349,6 +383,38 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
</xsd:sequence>
</xsd:complexType>
<!-- End SignerRole -->
+ <!-- Start SignerRoleV2 and SignerRoleV2Type -->
+ <xsd:element name="SignerRoleV2" type="SignerRoleV2Type"/>
+ <xsd:complexType name="SignerRoleV2Type">
+ <xsd:sequence>
+ <xsd:element ref="ClaimedRoles" minOccurs="0"/>
+ <xsd:element ref="CertifiedRolesV2" minOccurs="0"/>
+ <xsd:element ref="SignedAssertions" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="ClaimedRoles" type="ClaimedRolesListType"/>
+ <xsd:element name="CertifiedRolesV2" type="CertifiedRolesListTypeV2"/>
+ <xsd:element name="SignedAssertions" type="SignedAssertionsListType"/>
+ <xsd:complexType name="CertifiedRolesListTypeV2">
+ <xsd:sequence>
+ <xsd:element name="CertifiedRole" type="CertifiedRoleTypeV2" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CertifiedRoleTypeV2">
+ <xsd:choice>
+ <xsd:element ref="X509AttributeCertificate"/>
+ <xsd:element ref="OtherAttributeCertificate"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="X509AttributeCertificate" type="EncapsulatedPKIDataType"/>
+ <xsd:element name="OtherAttributeCertificate" type="AnyType"/>
+ <xsd:complexType name="SignedAssertionsListType">
+ <xsd:sequence>
+ <xsd:element ref="SignedAssertion" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="SignedAssertion" type="AnyType"/>
+ <!-- End SignerRoleV2 and SignerRoleV2Type -->
<xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType"/>
<xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType"/>
<xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/>
@@ -464,3 +530,4 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/>
<xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/>
</xsd:schema>
+
diff --git a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd
index 383fcbd..4022bc2 100644
--- a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd
+++ b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd
@@ -1,15 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified">
+<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
<xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES-1.3.2.xsd"/>
<!-- Start CertificateValues -->
<xsd:element name="TimeStampValidationData" type="ValidationDataType"/>
<xsd:complexType name="ValidationDataType">
<xsd:sequence>
- <xsd:element ref="xades:CertificateValues" minOccurs="0" />
- <xsd:element ref="xades:RevocationValues" minOccurs="0" />
+ <xsd:element ref="xades:CertificateValues" minOccurs="0"/>
+ <xsd:element ref="xades:RevocationValues" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
- <xsd:attribute name="UR" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>
</xsd:complexType>
- <xsd:element name="ArchiveTimeStampV2" type="xades:XAdESTimeStampType"/>
+ <xsd:element name="SignaturePolicyStore" type="SignaturePolicyStoreType"/>
+ <xsd:complexType name="SignaturePolicyStoreType">
+ <xsd:sequence>
+ <xsd:element ref="SPDocSpecification"/>
+ <xsd:choice>
+ <xsd:element name="SignaturePolicyDocument" type="xsd:base64Binary"/>
+ <xsd:element name="SigPolDocLocalURI" type="xsd:anyURI"/>
+ </xsd:choice>
+ </xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+ </xsd:complexType>
+ <xsd:element name="SPDocSpecification" type="xades:ObjectIdentifierType"/>
+ <!-- -->
+ <!-- Start RenewedDigests-->
+ <!-- -->
+ <xsd:element name="RenewedDigests" type="RenewedDigestsType"/>
+ <xsd:complexType name="RenewedDigestsType">
+ <xsd:sequence>
+ <xsd:element ref="ds:DigestMethod"/>
+ <xsd:element ref="RecomputedDigestValue" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+ </xsd:complexType>
+ <xsd:element name="RecomputedDigestValue" type="RecomputedDigestValueType"/>
+ <xsd:complexType name="RecomputedDigestValueType">
+ <xsd:simpleContent>
+ <xsd:extension base="ds:DigestValueType">
+ <xsd:attribute name="Order" type="xsd:integer" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <!-- -->
+ <!-- End RenewedDigests-->
+ <!-- -->
+ <!-- ArchiveTimeStamp in namespace with URI 'http://uri.etsi.org/01903/v1.4.1#'-->
+ <xsd:element name="ArchiveTimeStamp" type="xades:XAdESTimeStampType"/>
+ <!--CompleteCertificateRefsV2 and AttributeCertificateRefsV2-->
+ <xsd:element name="CompleteCertificateRefsV2" type="CompleteCertificateRefsTypeV2"/>
+ <xsd:element name="AttributeCertificateRefsV2" type="CompleteCertificateRefsTypeV2"/>
+ <xsd:complexType name="CompleteCertificateRefsTypeV2">
+ <xsd:sequence>
+ <xsd:element name="CertRefs" type="xades:CertIDListV2Type"/>
+ </xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+ </xsd:complexType>
+ <!-- SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2-->
+ <xsd:element name="SigAndRefsTimeStampV2" type="xades:XAdESTimeStampType"/>
+ <xsd:element name="RefsOnlyTimeStampV2" type="xades:XAdESTimeStampType"/>
</xsd:schema>
+
diff --git a/moaSig/libs/iaik_cms.jar b/moaSig/libs/iaik_cms.jar
index 11ae6a9..c69f219 100644
--- a/moaSig/libs/iaik_cms.jar
+++ b/moaSig/libs/iaik_cms.jar
Binary files differ
diff --git a/moaSig/libs/iaik_cpades.jar b/moaSig/libs/iaik_cpades.jar
index 3116980..914bc54 100644
--- a/moaSig/libs/iaik_cpades.jar
+++ b/moaSig/libs/iaik_cpades.jar
Binary files differ
diff --git a/moaSig/libs/iaik_eccelerate.jar b/moaSig/libs/iaik_eccelerate.jar
index d8369ea..0ec3110 100644
--- a/moaSig/libs/iaik_eccelerate.jar
+++ b/moaSig/libs/iaik_eccelerate.jar
Binary files differ
diff --git a/moaSig/libs/iaik_eccelerate_cms.jar b/moaSig/libs/iaik_eccelerate_cms.jar
index c2db15e..3c9ac83 100644
--- a/moaSig/libs/iaik_eccelerate_cms.jar
+++ b/moaSig/libs/iaik_eccelerate_cms.jar
Binary files differ
diff --git a/moaSig/libs/iaik_jce_full.jar b/moaSig/libs/iaik_jce_full.jar
index 18cb0a0..736981a 100644
--- a/moaSig/libs/iaik_jce_full.jar
+++ b/moaSig/libs/iaik_jce_full.jar
Binary files differ
diff --git a/moaSig/libs/iaik_moa.jar b/moaSig/libs/iaik_moa.jar
deleted file mode 100644
index 0e4f72a..0000000
--- a/moaSig/libs/iaik_moa.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_pki_module.jar b/moaSig/libs/iaik_pki_module.jar
index eb6b2ad..72b0554 100644
--- a/moaSig/libs/iaik_pki_module.jar
+++ b/moaSig/libs/iaik_pki_module.jar
Binary files differ
diff --git a/moaSig/libs/iaik_sigval.jar b/moaSig/libs/iaik_sigval.jar
deleted file mode 100644
index 1e69ad3..0000000
--- a/moaSig/libs/iaik_sigval.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_sigvallib.jar b/moaSig/libs/iaik_sigvallib.jar
deleted file mode 100644
index cc60786..0000000
--- a/moaSig/libs/iaik_sigvallib.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_tsp.jar b/moaSig/libs/iaik_tsp.jar
index b2d5ce8..5e1936b 100644
--- a/moaSig/libs/iaik_tsp.jar
+++ b/moaSig/libs/iaik_tsp.jar
Binary files differ
diff --git a/moaSig/libs/iaik_xades.jar b/moaSig/libs/iaik_xades.jar
index 07ae769..2ac459c 100644
--- a/moaSig/libs/iaik_xades.jar
+++ b/moaSig/libs/iaik_xades.jar
Binary files differ
diff --git a/moaSig/libs/iaik_xsect.jar b/moaSig/libs/iaik_xsect.jar
index b04dc07..1f93b7c 100644
--- a/moaSig/libs/iaik_xsect.jar
+++ b/moaSig/libs/iaik_xsect.jar
Binary files differ
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index 97a2541..cb07b34 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.util.Base64Utils;
import at.gv.egovernment.moaspss.util.CollectionUtils;
import at.gv.egovernment.moaspss.util.Constants;
@@ -61,6 +62,8 @@ public class VerifyCMSSignatureRequestParser {
private static final String DATE_TIME_XPATH = MOA + "DateTime";
private static final String EXTENDED_VALIDATION_XPATH = MOA + "ExtendedValidation";
private static final String CMS_SIGNATURE_XPATH = MOA + "CMSSignature";
+ private static final String PDF_SIGNATURE_XPATH = MOA + "PDFSignature";
+
private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID";
private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
private static final String META_INFO_XPATH = MOA + "MetaInfo";
@@ -94,10 +97,11 @@ public class VerifyCMSSignatureRequestParser {
RequestParserUtils.parseExtendedValidation(requestElem, EXTENDED_VALIDATION_XPATH, false);
String cmsSignatureStr =
- XPathUtils.getElementValue(requestElem, CMS_SIGNATURE_XPATH, "");
+ XPathUtils.getElementValue(requestElem, PDF_SIGNATURE_XPATH, "");
CMSDataObject dataObject = parseDataObject(requestElem);
String trustProfileID =
XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null);
+ //Logger.info("CMSSignature: " + cmsSignatureStr);
InputStream cmsSignature =
Base64Utils.decodeToStream(cmsSignatureStr, true);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
index 9fda5e0..ab807ae 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
@@ -55,4 +55,9 @@ public class CMSSignatureVerificationProfileImpl implements CMSSignatureVerifica
this.certificateValidationProfile = certificateValidationProfile;
}
+ @Override
+ public String getTargetLevel() {
+ return CMSSignatureVerificationProfile.LEVEL_LTA;
+ }
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index c49004b..44600db 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.spss.server.iaik.config;
import iaik.cms.IaikCCProvider;
+import iaik.esi.sva.Configuration;
import iaik.pki.store.revocation.RevocationFactory;
import iaik.pki.store.revocation.RevocationSourceStore;
import iaik.pki.store.truststore.TrustStoreFactory;
@@ -83,6 +84,8 @@ public class IaikConfigurator {
try {
TransactionId transId = new TransactionId("IaikConfigurator");
+ //iaik.esi.sva.Configuration config = new Configuration(IaikConfigurator.class.getResourceAsStream("/sva.config"));
+
//SecProviderUtils.dumpSecProviders("Starting configuration");
try {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 906abbe..c48cecd 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -157,7 +157,7 @@ public class CMSSignatureVerificationInvoker {
.getInstance();
module.setLog(new IaikLog(loggingCtx.getNodeID()));
-
+ //Logger.info(" Available: " + signature.available());
module.init(signature, profile, new TransactionId(context.getTransactionID()));
// input = module.getInputStream();
@@ -254,11 +254,16 @@ public class CMSSignatureVerificationInvoker {
TrustProfile trustProfile) throws MOAException {
QCSSCDResult qcsscdresult = new QCSSCDResult();
+ if(resultObject == null) {
+ Logger.warn("Result Object is null!");
+ return;
+ }
+
CMSSignatureVerificationResult cmsResult = null;
List adesResults = null;
if (resultObject instanceof ExtendedCMSSignatureVerificationResult) {
ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject;
-
+ cmsResult = result.getCMSSignatureVerificationResult();
adesResults = getAdESResult(result.getFormVerificationResult());
if (adesResults != null) {
@@ -274,6 +279,7 @@ public class CMSSignatureVerificationInvoker {
String issuerCountryCode = null;
// QC/SSCD check
+ if(cmsResult.getCertificateValidationResult() != null) {
List list = cmsResult.getCertificateValidationResult().getCertificateChain();
if (list != null) {
X509Certificate[] chain = new X509Certificate[list.size()];
@@ -289,7 +295,7 @@ public class CMSSignatureVerificationInvoker {
// get signer certificate issuer country code
issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
-
+ }
}
responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
@@ -347,11 +353,16 @@ public class CMSSignatureVerificationInvoker {
TrustProfile trustProfile) throws MOAException {
QCSSCDResult qcsscdresult = new QCSSCDResult();
+ if(resultObject == null) {
+ Logger.warn("Result Object is null!");
+ return;
+ }
+
PDFSignatureVerificationResult cmsResult = null;
List adesResults = null;
if (resultObject instanceof ExtendedPDFSignatureVerificationResult) {
ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject;
-
+ cmsResult = result.getPDFSignatureVerificationResult();
adesResults = getAdESResult(result.getFormVerificationResult());
if (adesResults != null) {
diff --git a/moaSig/moa-sig-lib/src/main/resources/sva.config b/moaSig/moa-sig-lib/src/main/resources/sva.config
new file mode 100644
index 0000000..e41cad5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/resources/sva.config
@@ -0,0 +1,85 @@
+#Fri Jul 27 14:18:37 CEST 2012
+#
+# Format [key]=[value]
+#
+# Note that if an '=' is used in a key or value it has to be escaped: "\="
+
+##################### WebConfig #######################
+
+#The path to the sva configuration file
+#svaconfig=/data/sigval/incoming/svaconfig
+
+#The directories where to store the collected testdata
+#testdir=/data/sigval/incoming/test/
+
+#The basepath for signature validation
+basepath=
+
+######################################################
+
+#The path prefix for all file system locations
+pathprefix=pathprefix/example/
+
+#The file where the xmldsig core schema is located
+xmlschemaloc=example/schema/xmldsig-core-schema.xsd
+
+#The root folder where truststore and certstore are created later on
+certroot=example/certs
+
+#The folder containing the trustanchors
+trustanchorloc=example/keys_and_certs
+
+#The folder containing the timestampauthority trustanchors
+tsttrustanchorloc=example/keys_and_certs
+
+#The folder containing alternative revocation information (comment out to use
+#infos contained in the certificate)
+#altdp=
+
+#The maximum age of a revocation information of a end user certificate in hours
+endusercertgrace=4382
+
+#The maximum age of a revocation information for a ca certificate in hours
+cacertgrace=4382
+
+tstcoherencetolerance=10
+
+#The maximum time difference (in hours) the signing-time property and a
+#time stamp
+#timestampdelay=24
+
+# Defines the forbidden hashing algorithms and the inception date
+# Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}...
+hashconstraint={md5, 2000-08-08};{sha1, 2016-08-08}
+
+# Defines the forbidden hashing algorithms for CA Certificates and the inception date
+# Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}...
+cahashconstraint={md5,2000-08-08};{sha1, 2012-08-05}
+
+# Defines the minimum required key lengths
+# Format: {<algorithm name>, <min len>,<inception date>};{...}...
+keylenconstraint={rsa, 1024, 2000-08-08}
+
+# Defines the minimum required key lengths for CA Certificates
+# Format: {<algorithm name>, <min len>,<inception date>};{...}..
+cakeylenconstraint={rsa,512,2000-08-08}
+
+# Defines the minimum required key lengths for timestamps
+# Format: {<algorithm name>, <min len>,<inception date>};{...}...
+tstkeylenconstraint={rsa, 1024, 2000-08-08}
+
+# Defines the mapping for sub indications to main indications.
+# If this property is not present or empty, the default mappings are used.
+# See "ETSI TS 102 853 V1.1.1 (2012-07)"
+# Format: {<sub indication1>, <main indication1>};{...}...
+# Maybe set value to numbers?
+indicationmapping={FORMAT_FAILURE,INDETERMINATE};{SUCCESS, SUCCESS}
+
+# Allows any key usage if set to true, otherwise only dig. signature
+allowanykeyusage=false
+
+# Defines the chaining model for path validation.
+# possible values are:
+# - All certificates are valid at validationtime (SHELL model)
+# - All certificates are valid at the time they were used for issuing a certificate (CHAIN model)
+chainingmodel=SHELL