From 606fd125e82b532f2e75dc787edb1f535dacfae9 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Tue, 7 Jun 2016 14:57:27 +0200 Subject: 3.0.0-RC2 signature form results adapted --- moaSig/build.gradle | 2 +- .../invoke/CMSSignatureVerificationInvoker.java | 137 ++++----------------- .../invoke/XMLSignatureVerificationInvoker.java | 60 ++------- .../egovernment/moa/spss/util/AdESResultUtils.java | 70 +++++++++++ 4 files changed, 107 insertions(+), 162 deletions(-) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java diff --git a/moaSig/build.gradle b/moaSig/build.gradle index b7ed724..2b3b909 100644 --- a/moaSig/build.gradle +++ b/moaSig/build.gradle @@ -21,7 +21,7 @@ subprojects { testCompile 'junit:junit:4.8.2' } - version = '3.0.0-RC1' + version = '3.0.0-RC2' jar { manifest.attributes provider: 'EGIZ' diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 0480316..f5d2826 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -35,31 +35,29 @@ import java.util.List; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.MOARuntimeException; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; -import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl; import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.AdESResultUtils; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.QCSSCDResult; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.server.ConfigurationException; +import iaik.server.modules.AdESConstants; import iaik.server.modules.AdESFormVerificationResult; -import iaik.server.modules.AdESVerificationResult; import iaik.server.modules.IAIKException; import iaik.server.modules.IAIKRuntimeException; import iaik.server.modules.SignatureVerificationProfile; -import iaik.server.modules.SignatureVerificationResult; import iaik.server.modules.cmsverify.CMSSignatureVerificationModule; import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; @@ -159,8 +157,10 @@ public class CMSSignatureVerificationInvoker { // while (input.read(buf) > 0); if(request.isExtended()) { + Logger.info("Running extended validation"); results = module.verifyPAdESSignature(signingTime); } else { + Logger.info("Running not extended validation"); results = module.verifySignature(signingTime); } @@ -182,8 +182,10 @@ public class CMSSignatureVerificationInvoker { ; if(request.isExtended()) { + Logger.info("Running extended validation"); results = module.verifyCAdESSignature(signingTime); } else { + Logger.info("Running not extended validation"); results = module.verifySignature(signingTime); } // results = module.verifySignature(signingTime); @@ -257,12 +259,13 @@ public class CMSSignatureVerificationInvoker { CMSSignatureVerificationResult cmsResult = null; List adesResults = null; if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + Logger.info("Got ExtendedCMSSignatureVerificationResult"); ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; cmsResult = result.getCMSSignatureVerificationResult(); try { adesResults = getAdESResult(result); } catch (ConfigurationException e) { - Logger.warn("Failed to provide extended validation results", e); + Logger.warn("Failed to provide extended validation results: " + e.getMessage()); } if (adesResults != null) { @@ -272,6 +275,7 @@ public class CMSSignatureVerificationInvoker { } } } else { + Logger.info("Got CMSSignatureVerificationResult"); cmsResult = (CMSSignatureVerificationResult) resultObject; } @@ -301,53 +305,6 @@ public class CMSSignatureVerificationInvoker { qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); } - private void handleCMSEXTResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, - TrustProfile trustProfile) throws MOAException { - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - CMSSignatureVerificationResult cmsResult = null; - List adesResults = null; - if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { - ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; - - adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - cmsResult = result.getCMSSignatureVerificationResult(); - } else { - cmsResult = (CMSSignatureVerificationResult) resultObject; - } - - String issuerCountryCode = null; - // QC/SSCD check - - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); - - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } - private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, TrustProfile trustProfile) throws MOAException { QCSSCDResult qcsscdresult = new QCSSCDResult(); @@ -360,6 +317,7 @@ public class CMSSignatureVerificationInvoker { PDFSignatureVerificationResult cmsResult = null; List adesResults = null; if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { + Logger.info("Got ExtendedPDFSignatureVerificationResult"); ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; cmsResult = result.getPDFSignatureVerificationResult(); try { @@ -377,6 +335,7 @@ public class CMSSignatureVerificationInvoker { } cmsResult = result.getPDFSignatureVerificationResult(); } else { + Logger.info("Got PDFSignatureVerificationResult"); cmsResult = (PDFSignatureVerificationResult) resultObject; } @@ -519,14 +478,17 @@ public class CMSSignatureVerificationInvoker { } List adesList = new ArrayList(); - - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), - SignatureVerificationProfile.LEVEL_LTA, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), + Logger.info("Checking AdES Results:"); + + //AdESResultUtils.buildResult(adesFormVerification.getDetailedExtendedReport(), adesList); + + //AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), + // SignatureVerificationProfile.LEVEL_LTA, adesList); + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), SignatureVerificationProfile.LEVEL_LT, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.ADES_T_VALIDATION), SignatureVerificationProfile.LEVEL_T, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), SignatureVerificationProfile.LEVEL_B, adesList); return adesList; @@ -540,7 +502,7 @@ public class CMSSignatureVerificationInvoker { List adesList = new ArrayList(); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), + /*checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), SignatureVerificationProfile.LEVEL_LTA, adesList); checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), SignatureVerificationProfile.LEVEL_LT, adesList); @@ -548,60 +510,15 @@ public class CMSSignatureVerificationInvoker { SignatureVerificationProfile.LEVEL_T, adesList); checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), SignatureVerificationProfile.LEVEL_B, adesList); - - return adesList; - } - - private List getAdESResult(AdESFormVerificationResult adesFormVerification) { - if (adesFormVerification == null) { - // no form information - return null; - } - - List adesList = new ArrayList(); - - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), - SignatureVerificationProfile.LEVEL_LTA, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), + */ + + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), SignatureVerificationProfile.LEVEL_LT, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.ADES_T_VALIDATION), SignatureVerificationProfile.LEVEL_T, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), SignatureVerificationProfile.LEVEL_B, adesList); - + return adesList; } - - private void checkSubResult(SignatureVerificationResult subResult, String level, List adesList) throws ConfigurationException { - if (subResult != null) { - Logger.info("Checking Level: " + level); - try { - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); - adESFormResultsImpl.setCode(subResult.getResultCode().getCode()); - adESFormResultsImpl.setInfo(subResult.getInfo()); - adESFormResultsImpl.setName(subResult.getName()); - - adesList.add(adESFormResultsImpl); - } catch (NullPointerException e) { - Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e); - } - } - } - - private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) { - if (subResult != null) { - Logger.info("Checking Level: " + level); - try { - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); - adESFormResultsImpl.setCode(subResult.getResultCode()); - adESFormResultsImpl.setInfo(subResult.getInfo()); - adESFormResultsImpl.setName(subResult.getName()); - - adesList.add(adESFormResultsImpl); - } catch (NullPointerException e) { - Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e); - } - } - } - } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index bea66b0..5d7b852 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -64,6 +64,7 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.AdESResultUtils; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.spss.util.QCSSCDResult; @@ -74,8 +75,8 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.CollectionUtils; import at.gv.egovernment.moaspss.util.Constants; import iaik.server.ConfigurationException; +import iaik.server.modules.AdESConstants; import iaik.server.modules.AdESFormVerificationResult; -import iaik.server.modules.AdESVerificationResult; import iaik.server.modules.IAIKException; import iaik.server.modules.IAIKRuntimeException; import iaik.server.modules.SignatureVerificationProfile; @@ -728,6 +729,7 @@ public class XMLSignatureVerificationInvoker { List adesList = new ArrayList(); + /* checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), SignatureVerificationProfile.LEVEL_LTA, adesList); checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), @@ -736,60 +738,16 @@ public class XMLSignatureVerificationInvoker { SignatureVerificationProfile.LEVEL_T, adesList); checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), SignatureVerificationProfile.LEVEL_B, adesList); - - return adesList; - } - - private void checkSubResult(SignatureVerificationResult subResult, String level, List adesList) throws ConfigurationException { - if (subResult != null) { - Logger.info("Checking Level: " + level); - try { - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); - adESFormResultsImpl.setCode(subResult.getResultCode().getCode()); - adESFormResultsImpl.setInfo(subResult.getInfo()); - adESFormResultsImpl.setName(subResult.getName()); - - adesList.add(adESFormResultsImpl); - } catch (NullPointerException e) { - Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e); - } - } - } - - private List getAdESResult(AdESFormVerificationResult adesFormVerification) { - if (adesFormVerification == null) { - // no form information - return null; - } - - List adesList = new ArrayList(); - - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), - SignatureVerificationProfile.LEVEL_LTA, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), + */ + + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION), SignatureVerificationProfile.LEVEL_LT, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.ADES_T_VALIDATION), SignatureVerificationProfile.LEVEL_T, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), + AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"), SignatureVerificationProfile.LEVEL_B, adesList); - + return adesList; } - private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) { - if (subResult != null) { - Logger.info("Checking Level: " + level); - try { - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); - adESFormResultsImpl.setCode(subResult.getResultCode()); - adESFormResultsImpl.setInfo(subResult.getInfo()); - adESFormResultsImpl.setName(subResult.getName()); - - adesList.add(adESFormResultsImpl); - } catch (NullPointerException e) { - Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e); - } - } - } - } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java new file mode 100644 index 0000000..90722b8 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java @@ -0,0 +1,70 @@ +package at.gv.egovernment.moa.spss.util; + +import java.util.Iterator; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl; +import at.gv.egovernment.moaspss.logging.Logger; +import iaik.esi.sva.validation.ValidationReport; +import iaik.server.ConfigurationException; +import iaik.server.modules.ResultCode; +import iaik.server.modules.ResultCodeInvalid; +import iaik.server.modules.ResultCodeValid; +import iaik.server.modules.SignatureVerificationResult; + +public class AdESResultUtils { + + public static Integer getResultCode(Integer adesCode) { + return adesCode; + } + + public static void buildResult(ValidationReport report, List adesList) { + + if(report == null) { + return; + } + + AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + adESFormResultsImpl.setCode(report.getStatus().ordinal()); + adESFormResultsImpl.setInfo(report.getLongText()); + adESFormResultsImpl.setName(report.getValidationName()); + + adesList.add(adESFormResultsImpl); + + if(report.getSubValidationReports() != null && !report.getSubValidationReports().isEmpty()) { + Iterator reportIt = report.getSubValidationReports().iterator(); + while(reportIt.hasNext()) { + buildResult(reportIt.next(), adesList); + } + } + + } + + public static void checkSubResult(SignatureVerificationResult subResult, String level, List adesList) throws ConfigurationException { + if (subResult != null) { + Logger.info("Checking Level: " + level); + try { + + AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + ResultCode resultCode = subResult.getResultCode(); + if(resultCode instanceof ResultCodeValid) { + adESFormResultsImpl.setCode(SignatureVerificationResult.VALID);//.getResultCode().getCode())); + } else if(resultCode instanceof ResultCodeInvalid) { + adESFormResultsImpl.setCode(SignatureVerificationResult.INVALID); + } else { + adESFormResultsImpl.setCode(SignatureVerificationResult.INDETERMINATE); + } + Logger.info("RESULT: " + resultCode.toString()); + adESFormResultsImpl.setInfo(subResult.getInfo()); + adESFormResultsImpl.setName(level); + + adesList.add(adESFormResultsImpl); + } catch (NullPointerException e) { + Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e); + } + } else { + Logger.info("Subresult Level: " + level + " not available"); + } + } + +} -- cgit v1.2.3