From 00e4e0cbaf7fe6b2ecb08011995f00e503981911 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 13 Feb 2018 11:27:02 +0100 Subject: add infos about signature and hash algorithms into responses --- .../invoke/CMSSignatureVerificationInvoker.java | 13 ++++--- .../invoke/VerifyCMSSignatureResponseBuilder.java | 21 +++++++++--- .../invoke/VerifyXMLSignatureResponseBuilder.java | 40 ++++++++++++++++------ .../invoke/XMLSignatureVerificationInvoker.java | 2 +- 4 files changed, 56 insertions(+), 20 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 42d34fc..b2c6717 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -268,9 +268,12 @@ public class CMSSignatureVerificationInvoker { CMSSignatureVerificationResult cmsResult = null; List adesResults = null; + boolean extendedVerification = false; + ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { Logger.info("Got ExtendedCMSSignatureVerificationResult"); + extendedVerification = true; ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; cmsResult = result.getCMSSignatureVerificationResult(); adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); @@ -324,7 +327,7 @@ public class CMSSignatureVerificationInvoker { responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult, - qcsscdresult.getTslInfos()); + qcsscdresult.getTslInfos(), extendedVerification); } private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, @@ -335,13 +338,15 @@ public class CMSSignatureVerificationInvoker { Logger.warn("Result Object is null!"); return; } - + PDFSignatureVerificationResult cmsResult = null; List adesResults = null; - + boolean extendedVerification = false; + ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { Logger.info("Got ExtendedPDFSignatureVerificationResult"); + extendedVerification = true; ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; cmsResult = result.getPDFSignatureVerificationResult(); adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); @@ -405,7 +410,7 @@ public class CMSSignatureVerificationInvoker { responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, - extCheckResult, qcsscdresult.getTslInfos()); + extCheckResult, qcsscdresult.getTslInfos(), extendedVerification); } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index f4121b0..22bae71 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -83,7 +83,7 @@ public class VerifyCMSSignatureResponseBuilder { * @throws MOAException */ public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, - ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos) + ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification) throws MOAException { CertificateValidationResult certResult = @@ -99,6 +99,11 @@ public class VerifyCMSSignatureResponseBuilder { boolean qualifiedCertificate = checkQC; + //add signature algorithm name in case of extended validation + String sigAlgName = null; + if (extendedVerification) + sigAlgName = result.getSignatureAlgorithmName(); + // add SignerInfo element signerInfo = factory.createSignerInfo( @@ -126,7 +131,8 @@ public class VerifyCMSSignatureResponseBuilder { signatureCheck, certificateCheck, adesResults, - extendedCertificateCheckResult); + extendedCertificateCheckResult, + sigAlgName); responseElements.add(responseElement); } @@ -144,7 +150,7 @@ public class VerifyCMSSignatureResponseBuilder { * @throws MOAException */ public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, - ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos) + ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification) throws MOAException { CertificateValidationResult certResult = @@ -159,6 +165,12 @@ public class VerifyCMSSignatureResponseBuilder { boolean qualifiedCertificate = checkQC; + //add signature algorithm name in case of extended validation + String sigAlgName = null; + if (extendedVerification) + sigAlgName = result.getSignatureAlgorithmName(); + + //set code 99 if not certcheckresult exists int certificateCheckCode = 99; if (certResult != null) { @@ -192,7 +204,8 @@ public class VerifyCMSSignatureResponseBuilder { signatureCheck, certificateCheck, adesResults, - extendedCertificateCheckResult); + extendedCertificateCheckResult, + sigAlgName); responseElements.add(responseElement); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index d8ebd85..22ef789 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -106,6 +106,9 @@ public class VerifyXMLSignatureResponseBuilder { private List adesFormResults = null; private ExtendedCertificateCheckResult extCheckResult = null; private Date signingTime; + + private String signatureAlgorithm = null; + /** * Get the VerifyMLSignatureResponse built so far. * @@ -121,7 +124,8 @@ public class VerifyXMLSignatureResponseBuilder { xmlDsigManifestChecks, certificateCheck, adesFormResults, - extCheckResult); + extCheckResult, + signatureAlgorithm); } public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extCheckResult) { @@ -162,7 +166,8 @@ public class VerifyXMLSignatureResponseBuilder { boolean sscdSourceTSL, boolean isTSLEnabledTrustprofile, String issuerCountryCode, - TslInfos tslInfos) + TslInfos tslInfos, + boolean isExtendedValidation) throws MOAApplicationException { CertificateValidationResult certResult = @@ -178,6 +183,9 @@ public class VerifyXMLSignatureResponseBuilder { qualifiedCertificate = checkQC; + if (isExtendedValidation) + signatureAlgorithm = result.getSignatureAlgorithmName(); + // create the SignerInfo; signerInfo = factory.createSignerInfo( @@ -192,6 +200,9 @@ public class VerifyXMLSignatureResponseBuilder { result.getSigningTime(), tslInfos); + + + //TODO: add hash algo. infos // Create HashInputData Content objects referenceDataList = result.getReferenceDataList(); if (profile.includeHashInputData()) { @@ -364,7 +375,8 @@ public class VerifyXMLSignatureResponseBuilder { inputDatas.add(buildInputData( referenceData.getHashInputData(), containerType, - refererNumber)); + refererNumber, + referenceData.getHashAlgorithmName())); } } @@ -391,7 +403,8 @@ public class VerifyXMLSignatureResponseBuilder { inputDatas.add(buildInputData( referenceData.getReferenceInputData(), containerType, - refererNumber)); + refererNumber, + referenceData.getHashAlgorithmName())); } } @@ -407,11 +420,12 @@ public class VerifyXMLSignatureResponseBuilder { * * @param referringReferenceNumber see {@link InputData} * - * @return The corresponinding input data implementation. - * + * @param hashAlg see {@link InputData} + * + * @return The corresponinding input data implementation. * @throws MOAApplicationException An error occurred creating the result. */ - private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber) + private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber, String hashAlg) throws MOAApplicationException { if (dataObject instanceof BinaryDataObject) { @@ -419,7 +433,8 @@ public class VerifyXMLSignatureResponseBuilder { return new InputDataBinaryImpl( factory.createContent(binaryData.getInputStream(), null), partOf, - referringReferenceNumber); + referringReferenceNumber, + hashAlg); } else if (dataObject instanceof XMLDataObject) { XMLDataObject xmlData = (XMLDataObject) dataObject; List nodes = new ArrayList(); @@ -428,7 +443,8 @@ public class VerifyXMLSignatureResponseBuilder { return new InputDataXMLImpl( factory.createContent(new NodeListAdapter(nodes), null), partOf, - referringReferenceNumber); + referringReferenceNumber, + hashAlg); } else { // dataObject instanceof XMLNodeListDataObject // if the data in the NodeList can be converted back to valid XML, // write it as XMLContent; otherwise, write it as Base64Content @@ -443,7 +459,8 @@ public class VerifyXMLSignatureResponseBuilder { return new InputDataXMLImpl( factory.createContent(fragment.getChildNodes(), null), partOf, - referringReferenceNumber); + referringReferenceNumber, + hashAlg); } catch (Exception e) { // not successful -> fall through to the Base64Content } @@ -472,7 +489,8 @@ public class VerifyXMLSignatureResponseBuilder { return new InputDataBinaryImpl( factory.createContent(is, null), partOf, - referringReferenceNumber); + referringReferenceNumber, + hashAlg); } catch (Exception e) { throw new MOAApplicationException("2200", null); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index d3ad086..74c4f0b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -304,7 +304,7 @@ public class XMLSignatureVerificationInvoker { // build the response responseBuilder.setResult(plainResult, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), - qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos()); + qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos(), request.getExtendedValidaiton()); return responseBuilder.getResponse(); } -- cgit v1.2.3