From 0872d2d8a64fd701776b272f49222428d8def07f Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Tue, 3 Nov 2015 14:38:34 +0100 Subject: initial commit --- .../XMLSignatureVerificationProfileFactory.java | 170 +++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java new file mode 100644 index 0000000..3e4c712 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java @@ -0,0 +1,170 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; + +import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams; +import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.xmlverify.XMLSignatureVerificationProfileImpl; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; + +/** + * A factory to create a XMLSignatureVerificationProfile from a + * VerifyXMLSignatureRequest, based on the current MOA + * configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureVerificationProfileFactory { + + /** The VerifyXMLSignatureRequest for which to create profile + * information. */ + private VerifyXMLSignatureRequest request; + + /** + * Create a new XMLSignatureVerificationProfileFactory. + * + * @param request The VerifyXMLSignatureRequest to extract + * profile data from. + */ + public XMLSignatureVerificationProfileFactory(VerifyXMLSignatureRequest request) { + this.request = request; + } + + /** + * Create a XMLSignatureCreationProfile from the + * VerifyXMLSignaturesRequest and the current MOA configuration. + * + * @return The XMLSignatureVerificationProfile containing + * additional information for verifying an XML signature. + * @throws MOASystemException A system error occurred building the profile. + * @throws MOAApplicationException An error occurred building the profile. + */ + public XMLSignatureVerificationProfile createProfile() + throws MOASystemException, MOAApplicationException { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + XMLSignatureVerificationProfileImpl profile = + new XMLSignatureVerificationProfileImpl(); + SignatureManifestCheckParams checkParams; + String trustProfileID; + + // set whether to check XMLDsig manifests + profile.setCheckXMLDsigManifests(true); + + // set the certificate validation profile + trustProfileID = request.getTrustProfileId(); + profile.setCertificateValidationProfile( + new PKIProfileImpl(config, trustProfileID)); + + // set whether hash input data is to be included + profile.setIncludeHashInputData(request.getReturnHashInputData()); + + // set the security layer manifest check parameters + // and transformation supplements (if present) + checkParams = request.getSignatureManifestCheckParams(); + profile.setCheckSecurityLayerManifest(true); + profile.setIncludeReferenceInputData(checkParams != null ? checkParams.getReturnReferenceInputData() : false); + if (checkParams != null) { + List transformationSupplements; + transformationSupplements = buildTransformationSupplements(); + profile.setTransformationSupplements(transformationSupplements); + } else { + profile.setTransformationSupplements(Collections.EMPTY_LIST); + } + + profile.setPermitFileURIs(config.getPermitFileURIs()); + + return profile; + } + + /** + * Build supplemental data objects used in the transformations. + * + * @return A List of DataObjects providing + * supplemental data to the transformations. + * @throws MOASystemException A system error occurred building one of the + * transformations. + * @throws MOAApplicationException An error occurred building one of the + * transformations. + */ + public List buildTransformationSupplements() + throws MOASystemException, MOAApplicationException { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + SignatureManifestCheckParams checkParams = + request.getSignatureManifestCheckParams(); + List transformsProfiles = new ArrayList(); + List transformationSupplements = new ArrayList(); + DataObjectFactory factory = DataObjectFactory.getInstance(); + List refInfos = checkParams.getReferenceInfos(); + Iterator refIter; + Iterator prIter; + Iterator trIter; + + // build the list of all VerifyTransformsInfoProfiles in all ReferenceInfos + refInfos = checkParams.getReferenceInfos(); + for (refIter = refInfos.iterator(); refIter.hasNext();) { + ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); + List profiles = refInfo.getVerifyTransformsInfoProfiles(); + + transformsProfiles.addAll( + ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config)); + } + + // build the DataObjects + for (prIter = transformsProfiles.iterator(); prIter.hasNext();) { + VerifyTransformsInfoProfileExplicit profile = + (VerifyTransformsInfoProfileExplicit) prIter.next(); + List transformParameters = profile.getTransformParameters(); + + for (trIter = transformParameters.iterator(); trIter.hasNext();) { + TransformParameter trParam = (TransformParameter) trIter.next(); + transformationSupplements.add( + factory.createFromTransformParameter(trParam)); + } + } + + return transformationSupplements; + } + +} -- cgit v1.2.3