From acf1b849ab835bc6797adfb91f8ab4fa88f0aff5 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 15 Jun 2016 08:41:10 +0200 Subject: extended validation result --- .../invoke/CMSSignatureVerificationInvoker.java | 47 +++++++++++++++------- .../invoke/VerifyCMSSignatureResponseBuilder.java | 13 ++++-- .../invoke/VerifyXMLSignatureResponseBuilder.java | 10 ++++- .../invoke/XMLSignatureVerificationInvoker.java | 29 +++++++++---- 4 files changed, 72 insertions(+), 27 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index f5d2826..ba0474c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; @@ -258,15 +259,13 @@ public class CMSSignatureVerificationInvoker { CMSSignatureVerificationResult cmsResult = null; List adesResults = null; + ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { Logger.info("Got ExtendedCMSSignatureVerificationResult"); ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; cmsResult = result.getCMSSignatureVerificationResult(); - try { - adesResults = getAdESResult(result); - } catch (ConfigurationException e) { - Logger.warn("Failed to provide extended validation results: " + e.getMessage()); - } + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + if (adesResults != null) { Iterator adesIterator = adesResults.iterator(); @@ -274,6 +273,17 @@ public class CMSSignatureVerificationInvoker { Logger.info("ADES Formresults: " + adesIterator.next().toString()); } } + try { + //Logger.info("Extended Validation Report: " + result.getName()); + Logger.info("Extended Validation Code: " + result.getResultCode().toString()); + Logger.info("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + } catch (ConfigurationException e) { + Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); + } catch (NullPointerException e) { + Logger.info("No extendend validation result available."); + } } else { Logger.info("Got CMSSignatureVerificationResult"); cmsResult = (CMSSignatureVerificationResult) resultObject; @@ -302,7 +312,7 @@ public class CMSSignatureVerificationInvoker { } responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult); } private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, @@ -316,17 +326,14 @@ public class CMSSignatureVerificationInvoker { PDFSignatureVerificationResult cmsResult = null; List adesResults = null; + + ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { Logger.info("Got ExtendedPDFSignatureVerificationResult"); ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; cmsResult = result.getPDFSignatureVerificationResult(); - try { - adesResults = getAdESResult(result); - } catch (ConfigurationException e) { - Logger.warn("Failed to provide extended validation results", e); - //throw new MOARuntimeException("config.52", null); - } - + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + if (adesResults != null) { Iterator adesIterator = adesResults.iterator(); while (adesIterator.hasNext()) { @@ -334,6 +341,17 @@ public class CMSSignatureVerificationInvoker { } } cmsResult = result.getPDFSignatureVerificationResult(); + try { + //Logger.info("Extended Validation Report: " + result.getName()); + Logger.info("Extended Validation Code: " + result.getResultCode().toString()); + Logger.info("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + } catch (ConfigurationException e) { + Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); + } catch (NullPointerException e) { + Logger.info("No extendend validation result available."); + } } else { Logger.info("Got PDFSignatureVerificationResult"); cmsResult = (PDFSignatureVerificationResult) resultObject; @@ -361,7 +379,8 @@ public class CMSSignatureVerificationInvoker { } responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, + extCheckResult); } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 3e18c2a..7b4a350 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.server.config.TrustProfile; @@ -80,7 +81,8 @@ public class VerifyCMSSignatureResponseBuilder { * otherwise false. * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults) + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, + ExtendedCertificateCheckResult extendedCertificateCheckResult) throws MOAException { CertificateValidationResult certResult = @@ -120,7 +122,8 @@ public class VerifyCMSSignatureResponseBuilder { signerInfo, signatureCheck, certificateCheck, - adesResults); + adesResults, + extendedCertificateCheckResult); responseElements.add(responseElement); } @@ -137,7 +140,8 @@ public class VerifyCMSSignatureResponseBuilder { * otherwise false. * @throws MOAException */ - public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults) + public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, + ExtendedCertificateCheckResult extendedCertificateCheckResult) throws MOAException { CertificateValidationResult certResult = @@ -177,7 +181,8 @@ public class VerifyCMSSignatureResponseBuilder { signerInfo, signatureCheck, certificateCheck, - adesResults); + adesResults, + extendedCertificateCheckResult); responseElements.add(responseElement); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index a6e8971..7bd7c27 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -42,6 +42,7 @@ import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl; @@ -101,7 +102,7 @@ public class VerifyXMLSignatureResponseBuilder { /** The result of the certificate check. */ private CheckResult certificateCheck; private List adesFormResults = null; - + private ExtendedCertificateCheckResult extCheckResult = null; /** * Get the VerifyMLSignatureResponse built so far. * @@ -116,7 +117,12 @@ public class VerifyXMLSignatureResponseBuilder { signatureManifestCheck, xmlDsigManifestChecks, certificateCheck, - adesFormResults); + adesFormResults, + extCheckResult); + } + + public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extCheckResult) { + this.extCheckResult = extCheckResult; } public void setAdESFormResults(List adesForm) { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 5d7b852..c3ebda4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -37,6 +37,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import javax.xml.ws.soap.AddressingFeature.Responses; + import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -45,6 +47,7 @@ import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; @@ -235,14 +238,11 @@ public class XMLSignatureVerificationInvoker { throw moaException; } + ExtendedCertificateCheckResult extCheckResult; if(result != null) { - List adesResults = null;//getAdESResult(result.getFormVerificationResult()); + List adesResults = null;// - try { - adesResults = getAdESResult(result); - } catch (ConfigurationException e) { - Logger.warn("Failed to provide extended validation results", e); - } + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); if (adesResults != null) { Iterator adesIterator = adesResults.iterator(); @@ -252,6 +252,19 @@ public class XMLSignatureVerificationInvoker { } responseBuilder.setAdESFormResults(adesResults); + + try { + //Logger.info("Extended Validation Report: " + result.getName()); + Logger.info("Extended Validation Code: " + result.getResultCode().toString()); + Logger.info("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + responseBuilder.setExtendedCertificateCheckResult(extCheckResult); + } catch (ConfigurationException e) { + Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); + } catch (NullPointerException e) { + Logger.info("No extendend validation result available."); + } } // QC/SSCD check List list = plainResult.getCertificateValidationResult().getCertificateChain(); @@ -313,11 +326,13 @@ public class XMLSignatureVerificationInvoker { * trustProfile cannot be read from the file * system. */ - private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile) + private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, + TrustProfile trustProfile) throws MOAException { MessageProvider msg = MessageProvider.getInstance(); int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue(); + if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) { X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult() .getCertificateChain().get(0); -- cgit v1.2.3