From 84293bd12f63b59852026cab02035fc9ebee626a Mon Sep 17 00:00:00 2001 From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> Date: Mon, 14 Mar 2016 16:29:03 +0100 Subject: A lot of moa sig stuff --- .../at/gv/egovernment/moa/spss/MOAException.java | 4 +- .../egovernment/moa/spss/MOARuntimeException.java | 2 +- .../gv/egovernment/moa/spss/api/Configurator.java | 2 +- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 68 +- .../moa/spss/api/SignatureCreationService.java | 2 +- .../moa/spss/api/SignatureVerificationService.java | 2 +- .../api/cmsverify/VerifyCMSSignatureRequest.java | 1 + .../spss/api/common/CanonicalizationTransform.java | 2 +- .../common/ExclusiveCanonicalizationTransform.java | 2 +- .../moa/spss/api/impl/SPSSFactoryImpl.java | 1041 +++++++++----------- .../api/impl/VerifyCMSSignatureRequestImpl.java | 9 + .../api/impl/VerifyXMLSignatureRequestImpl.java | 204 ++-- .../xmlbind/CreateCMSSignatureRequestParser.java | 10 +- .../xmlbind/CreateCMSSignatureResponseBuilder.java | 4 +- .../xmlbind/CreateXMLSignatureRequestParser.java | 9 +- .../xmlbind/CreateXMLSignatureResponseBuilder.java | 3 +- .../moa/spss/api/xmlbind/ProfileParser.java | 9 +- .../moa/spss/api/xmlbind/RequestParserUtils.java | 299 +++--- .../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 6 +- .../moa/spss/api/xmlbind/TransformParser.java | 7 +- .../xmlbind/VerifyCMSSignatureRequestParser.java | 56 +- .../xmlbind/VerifyCMSSignatureResponseBuilder.java | 18 +- .../xmlbind/VerifyPDFSignatureResponseBuilder.java | 145 +++ .../xmlbind/VerifyXMLSignatureRequestParser.java | 415 ++++---- .../xmlbind/VerifyXMLSignatureResponseBuilder.java | 25 +- .../api/xmlverify/VerifyXMLSignatureRequest.java | 8 + .../spss/server/config/CRLDistributionPoint.java | 5 +- .../server/config/ConfigurationPartsBuilder.java | 70 +- .../spss/server/config/ConfigurationProvider.java | 23 +- .../cmssign/CMSSignatureCreationProfileImpl.java | 2 +- .../PDFSignatureVerificationProfileImpl.java | 2 +- .../moa/spss/server/iaik/config/CRLRetriever.java | 18 +- .../spss/server/iaik/config/IaikConfigurator.java | 4 +- .../spss/server/iaik/config/LoggerConfigImpl.java | 3 +- .../server/iaik/config/PKIConfigurationImpl.java | 10 +- .../iaik/config/RevocationConfigurationImpl.java | 3 +- .../config/SoftwareKeyModuleConfigurationImpl.java | 6 +- .../server/iaik/xml/XSLTTransformationImpl.java | 26 +- .../xmlsign/XMLSignatureCreationProfileImpl.java | 2 +- .../moa/spss/server/init/SystemInitializer.java | 28 +- .../server/invoke/CMSSignatureCreationInvoker.java | 6 +- .../invoke/CMSSignatureVerificationInvoker.java | 755 +++++++------- .../CMSSignatureVerificationProfileFactory.java | 3 +- .../moa/spss/server/invoke/DataObjectFactory.java | 18 +- .../moa/spss/server/invoke/InvokerUtils.java | 5 +- .../spss/server/invoke/ServiceContextUtils.java | 5 +- .../invoke/VerifyCMSSignatureResponseBuilder.java | 60 +- .../invoke/VerifyXMLSignatureResponseBuilder.java | 6 +- .../server/invoke/XMLSignatureCreationInvoker.java | 10 +- .../invoke/XMLSignatureCreationProfileFactory.java | 6 +- .../invoke/XMLSignatureVerificationInvoker.java | 48 +- .../moa/spss/server/logging/IaikLogFactory.java | 3 +- .../server/service/RevocationArchiveCleaner.java | 4 +- .../server/transaction/TransactionContext.java | 2 +- .../moa/spss/tsl/config/Configurator.java | 4 +- .../moa/spss/tsl/connector/MOATSLVerifier.java | 265 +++++ .../moa/spss/tsl/connector/MOATslKeySelector.java | 123 +++ .../moa/spss/tsl/connector/TSLConnector.java | 12 +- .../moa/spss/tsl/timer/TSLUpdaterTimerTask.java | 6 +- .../spss/tsl/utils/TSLEUImportFromFileContext.java | 12 +- .../moa/spss/tsl/utils/TSLEvaluationContext.java | 4 +- .../spss/tsl/utils/TSLImportFromFileContext.java | 27 +- .../moa/spss/util/CertificateUtils.java | 4 +- .../moa/spss/util/ExternalURIVerifier.java | 4 +- .../moa/spss/util/MOASPSSEntityResolver.java | 6 +- .../egovernment/moa/spss/util/MessageProvider.java | 2 +- .../moa/spss/util/ResetableInputStreamWrapper.java | 59 ++ 67 files changed, 2456 insertions(+), 1558 deletions(-) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ResetableInputStreamWrapper.java (limited to 'moaSig/moa-sig-lib/src/main/java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java index 803f3fd..bf7f9af 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java @@ -34,10 +34,8 @@ import org.w3c.dom.DOMImplementation; import org.w3c.dom.Document; import org.w3c.dom.Element; -import at.gv.egovernment.moa.util.Constants; - - import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moaspss.util.Constants; /** * Base class of MOA specific exceptions. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java index a3c8565..3a65c48 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java @@ -35,7 +35,7 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.util.Constants; /** * Base class of MOA specific runtime exceptions. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java index 6cbdf7d..59db7b5 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java @@ -52,7 +52,7 @@ public abstract class Configurator { (Configurator) discover.newInstance( Configurator.class, DEFAULT_IMPLEMENTATION);*/ - return new ConfiguratorImpl(); + instance = new ConfiguratorImpl(); } catch (Exception e) { // this can not happen since we provide a valid default // implementation diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index d216569..c6a750e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -109,7 +109,7 @@ public abstract class SPSSFactory { (SPSSFactory) discover.newInstance( SPSSFactory.class, DEFAULT_IMPLEMENTATION);*/ - return new SPSSFactoryImpl(); + instance = new SPSSFactoryImpl(); } catch (Exception e) { // this can not happen since we provide a valid default // implementation @@ -469,6 +469,37 @@ public abstract class SPSSFactory { CMSDataObject dataObject, String trustProfileID, boolean pdf); + + /** + * Create a new <code>VerifyCMSSignatureRequest</code> object. + * + * @param signatories The indexes of the signatories whose signature is to + * be verified. + * @param dateTime The date for which the verification is to be performed. + * May be <code>null</code>. + * @param cmsSignature The CMS signature. + * @param dataObject The signed data. May be <code>null</code>. + * @param trustProfileID The ID of the trust profile containing the trusted + * root certificates. + * @return The <code>VerifyCMSSignatureRequest</code> containing the above + * data. + * + * @pre signatories != null && signatories.length > 0 + * @pre signaturies != VerifyCMSSignatureRequest.ALL_SIGNATORIES implies + * for (int i = 0; i < signatories.length; i++) + * signatories[i] >= 1 + * @pre cmsSignature != null + * @pre trustProfileID != null && trustProfileID.length() > 0 + * @post return != null + */ + public abstract VerifyCMSSignatureRequest createVerifyCMSSignatureRequest( + int[] signatories, + Date dateTime, + InputStream cmsSignature, + CMSDataObject dataObject, + String trustProfileID, + boolean pdf, + boolean extended); /** * Create a new <code>CMSDataObject</code> object from data at a given URI. @@ -583,6 +614,41 @@ public abstract class SPSSFactory { SignatureManifestCheckParams signatureManifestParams, boolean returnHashInputData, String trustProfileID); + + /** + * Create a new <code>VerifyXMLSignatureRequest</code> object. + * + * @param dateTime The date for which the verification is to be performed. + * May be <code>null</code>. + * @param verifySignatureInfo Information about the signature environment and + * the location of the signature. + * @param supplementProfiles Supplemental information for the signature + * environment. May be <code>null</code>. + * @param signatureManifestParams Additional information for checking the + * signature manifest. May be <code>null</code>. + * @param returnHashInputData If <code>true</code>, hash input data will + * be returned in the response, otherwise not. + * @param trustProfileID The ID of the trust profile containing the trusted + * root certificates. + * @param extendedValidation Should the valdation result in forms + * @return The new <code>VerifyXMLSignatureRequest</code> containing the + * above data. + * + * @pre verifySignatureInfo != null + * @pre supplementProfiles != null implies + * forall Object o in supplementProfiles | + * o instanceof at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile + * @pre trustProfileID != null && trustProfileID.length() > 0 + * @post return != null + */ + public abstract VerifyXMLSignatureRequest createVerifyXMLSignatureRequest( + Date dateTime, + VerifySignatureInfo verifySignatureInfo, + List supplementProfiles, + SignatureManifestCheckParams signatureManifestParams, + boolean returnHashInputData, + String trustProfileID, + boolean extendedValidation); /** * Create a new <code>VerifySignatureInfo</code> object. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java index dfdd13d..05271fb 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java @@ -59,7 +59,7 @@ public abstract class SignatureCreationService { (SignatureCreationService) discover.newInstance( SignatureCreationService.class, DEFAULT_IMPLEMENTATION);*/ - return new SignatureCreationServiceImpl(); + instance = new SignatureCreationServiceImpl(); } catch (Exception e) { // this can not happen since we provide a valid default // implementation diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java index 85e2a97..2433e20 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java @@ -60,7 +60,7 @@ public abstract class SignatureVerificationService { (SignatureVerificationService) discover.newInstance( SignatureVerificationService.class, DEFAULT_IMPLEMENTATION);*/ - return new SignatureVerificationServiceImpl(); + instance = new SignatureVerificationServiceImpl(); } catch (Exception e) { // this can not happen since we provide a valid default // implementation diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java index 3adb381..6294fb1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java @@ -75,4 +75,5 @@ public interface VerifyCMSSignatureRequest { public String getTrustProfileId(); public boolean isPDF(); + public boolean isExtended(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java index 988c5bc..05977c5 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.spss.api.common; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.util.Constants; /** * A canonicalization type of <code>Transform</code>. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java index 5c2b633..557ff21 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java @@ -26,7 +26,7 @@ package at.gv.egovernment.moa.spss.api.common; import java.util.List; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.util.Constants; /** * An exclusive canonicalization type of <code>Transform</code>. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index 478dcb4..9719c29 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.api.impl; import java.io.InputStream; @@ -85,576 +84,474 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; */ public class SPSSFactoryImpl extends SPSSFactory { - public CreateXMLSignatureRequest createCreateXMLSignatureRequest( - String keyIdentifier, - List singleSignatureInfos) { - CreateXMLSignatureRequestImpl createXMLSignatureRequest = - new CreateXMLSignatureRequestImpl(); - createXMLSignatureRequest.setKeyIdentifier(keyIdentifier); - createXMLSignatureRequest.setSingleSignatureInfos(singleSignatureInfos); - return createXMLSignatureRequest; - } - - public CreateCMSSignatureRequest createCreateCMSSignatureRequest( - String keyIdentifier, - List singleSignatureInfos) { - CreateCMSSignatureRequestImpl createCMSSignatureRequest = - new CreateCMSSignatureRequestImpl(); - createCMSSignatureRequest.setKeyIdentifier(keyIdentifier); - createCMSSignatureRequest.setSingleSignatureInfos(singleSignatureInfos); - return createCMSSignatureRequest; - - } - - public CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements) { - CreateCMSSignatureResponseImpl createCMSSignatureResponse = new CreateCMSSignatureResponseImpl(); - createCMSSignatureResponse.setResponseElements(responseElements); - return createCMSSignatureResponse; - } - - - public CMSSignatureResponse createCMSSignatureResponse(String base64value) { - CMSSignatureResponseImpl cmsSignatureResponse = new CMSSignatureResponseImpl(); - cmsSignatureResponse.setCMSSignature(base64value); - - return cmsSignatureResponse; - } - - - public SingleSignatureInfo createSingleSignatureInfo( - List dataObjectInfos, - CreateSignatureInfo createSignatureInfo, - boolean securityLayerConform) { - SingleSignatureInfoImpl singleSignatureInfo = new SingleSignatureInfoImpl(); - singleSignatureInfo.setDataObjectInfos(dataObjectInfos); - singleSignatureInfo.setCreateSignatureInfo(createSignatureInfo); - singleSignatureInfo.setSecurityLayerConform(securityLayerConform); - return singleSignatureInfo; - } - - public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( - at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, - boolean securityLayerConform) { - SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl(); - singleSignatureInfo.setDataObjectInfo(dataObjectInfo); - singleSignatureInfo.setSecurityLayerConform(securityLayerConform); - return singleSignatureInfo; - } - - public DataObjectInfo createDataObjectInfo( - String structure, - boolean childOfManifest, - Content dataObject, - CreateTransformsInfoProfile createTransformsInfoProfile) { - DataObjectInfoImpl dataObjectInfo = new DataObjectInfoImpl(); - dataObjectInfo.setStructure(structure); - dataObjectInfo.setChildOfManifest(childOfManifest); - dataObjectInfo.setDataObject(dataObject); - dataObjectInfo.setCreateTransformsInfoProfile(createTransformsInfoProfile); - return dataObjectInfo; - } - - public at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo( - String structure, - CMSDataObject dataObject) { - DataObjectInfoCMSImpl dataObjectInfo = new DataObjectInfoCMSImpl(); - dataObjectInfo.setStructure(structure); - dataObjectInfo.setDataObject(dataObject); - return dataObjectInfo; - } - - public CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID) { - - CreateTransformsInfoProfileIDImpl createTransformsInfoProfile = - new CreateTransformsInfoProfileIDImpl(); - createTransformsInfoProfile.setCreateTransformsInfoProfileID(profileID); - return createTransformsInfoProfile; - } - - public CreateTransformsInfoProfile createCreateTransformsInfoProfile( - CreateTransformsInfo transformsInfo, - List supplements) { - CreateTransformsInfoProfileExplicitImpl createTransformsInfoProfile = - new CreateTransformsInfoProfileExplicitImpl(); - createTransformsInfoProfile.setCreateTransformsInfo(transformsInfo); - createTransformsInfoProfile.setSupplements(supplements); - return createTransformsInfoProfile; - } - - public CreateTransformsInfo createCreateTransformsInfo( - List transforms, - MetaInfo finalDataMetaInfo) { - CreateTransformsInfoImpl createTransformsInfo = - new CreateTransformsInfoImpl(); - - createTransformsInfo.setTransforms(transforms); - createTransformsInfo.setFinalDataMetaInfo(finalDataMetaInfo); - return createTransformsInfo; - } - - public CreateSignatureInfo createCreateSignatureInfo( - Content createSignatureEnvironment, - CreateSignatureEnvironmentProfile createSignatureEnvironmentProfile) { - CreateSignatureInfoImpl createSignatureInfo = new CreateSignatureInfoImpl(); - createSignatureInfo.setCreateSignatureEnvironment( - createSignatureEnvironment); - createSignatureInfo.setCreateSignatureEnvironmentProfile( - createSignatureEnvironmentProfile); - return createSignatureInfo; - } - - public CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile( - CreateSignatureLocation createSignatureLocation, - List supplements) { - CreateSignatureEnvironmentProfileExplicitImpl createSignatureEnvironmentProfile = - new CreateSignatureEnvironmentProfileExplicitImpl(); - createSignatureEnvironmentProfile.setCreateSignatureLocation( - createSignatureLocation); - createSignatureEnvironmentProfile.setSupplements(supplements); - return createSignatureEnvironmentProfile; - } - - public CreateSignatureLocation createCreateSignatureLocation( - String signatureLocationXPath, - int signatureLocationIndex, - Map namespaceDeclarations) { - CreateSignatureLocationImpl createSignatureLocation = - new CreateSignatureLocationImpl(); - createSignatureLocation.setIndex(signatureLocationIndex); - createSignatureLocation.setNamespaceDeclarations(namespaceDeclarations); - createSignatureLocation.setXPathExpression(signatureLocationXPath); - return createSignatureLocation; - } - - public CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(String profileID) { - CreateSignatureEnvironmentProfileIDImpl createSignatureEnvironmentProfile = - new CreateSignatureEnvironmentProfileIDImpl(); - createSignatureEnvironmentProfile.setCreateSignatureEnvironmentProfileID( - profileID); - return createSignatureEnvironmentProfile; - } - - public CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements) { - CreateXMLSignatureResponseImpl createXMLSignatureResponse = - new CreateXMLSignatureResponseImpl(); - createXMLSignatureResponse.setResponseElements(responseElements); - return createXMLSignatureResponse; - } - - public SignatureEnvironmentResponse createSignatureEnvironmentResponse(Element signatureEnvironment) { - SignatureEnvironmentResponseImpl signatureEnvironmentResponse = - new SignatureEnvironmentResponseImpl(); - signatureEnvironmentResponse.setSignatureEnvironment(signatureEnvironment); - return signatureEnvironmentResponse; - } - - public ErrorResponse createErrorResponse(int code, String info) { - ErrorResponseImpl errorResponse = new ErrorResponseImpl(); - errorResponse.setErrorCode(code); - errorResponse.setInfo(info); - return errorResponse; - } - - public VerifyCMSSignatureRequest createVerifyCMSSignatureRequest( - int[] signatories, - Date dateTime, - InputStream cmsSignature, - CMSDataObject dataObject, - String trustProfileID, - boolean pdf) { - VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest = - new VerifyCMSSignatureRequestImpl(); - verifyCMSSignatureRequest.setDateTime(dateTime); - verifyCMSSignatureRequest.setCMSSignature(cmsSignature); - verifyCMSSignatureRequest.setDataObject(dataObject); - verifyCMSSignatureRequest.setTrustProfileId(trustProfileID); - verifyCMSSignatureRequest.setSignatories(signatories); - verifyCMSSignatureRequest.setPDF(pdf); - return verifyCMSSignatureRequest; - } - - public CMSDataObject createCMSDataObject( - MetaInfo metaInfo, - CMSContent content, - BigDecimal excludeByteRangeFrom, - BigDecimal excludeByteRangeTo) { - - CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl(); - cmsDataObject.setMetaInfo(metaInfo); - cmsDataObject.setContent(content); - cmsDataObject.setExcludeByteRangeFrom(excludeByteRangeFrom); - cmsDataObject.setExcludeByteRangeTo(excludeByteRangeTo); - - return cmsDataObject; - } - - public CMSContent createCMSContent(InputStream binaryContent) { - CMSContentExplicitImpl cmsContent = new CMSContentExplicitImpl(); - - cmsContent.setBinaryContent(binaryContent); - return cmsContent; - } - - public CMSContent createCMSContent(String referenceURI) { - CMSContentReferenceImpl cmsContent = new CMSContentReferenceImpl(); - - cmsContent.setReference(referenceURI); - return cmsContent; - } - - - public CMSDataObject createCMSDataObject( - MetaInfo metaInfo, - String referenceURI) { - CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl(); - CMSContentReferenceImpl cmsContent = new CMSContentReferenceImpl(); - cmsDataObject.setMetaInfo(metaInfo); - cmsContent.setReference(referenceURI); - return cmsDataObject; - } - - public VerifyCMSSignatureResponse createVerifyCMSSignatureResponse(List responseElements) { - VerifyCMSSinatureResponseImpl verifyCMSSignatureResponse = - new VerifyCMSSinatureResponseImpl(); - verifyCMSSignatureResponse.setResponseElements(responseElements); - return verifyCMSSignatureResponse; - } - - public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( - SignerInfo signerInfo, - CheckResult signatureCheck, - CheckResult certificateCheck, - List adesResult) { - VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = - new VerifyCMSSignatureResponseElementImpl(); - verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); - verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); - verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); - verifyCMSSignatureResponseElement.setAdESFormResults(adesResult); - return verifyCMSSignatureResponseElement; - } - - public VerifyXMLSignatureRequest createVerifyXMLSignatureRequest( - Date dateTime, - VerifySignatureInfo verifySignatureInfo, - List supplementProfiles, - SignatureManifestCheckParams signatureManifestParams, - boolean returnHashInputData, - String trustProfileID) { - VerifyXMLSignatureRequestImpl verifyXMLSignatureRequest = - new VerifyXMLSignatureRequestImpl(); - verifyXMLSignatureRequest.setDateTime(dateTime); - verifyXMLSignatureRequest.setSignatureInfo(verifySignatureInfo); - verifyXMLSignatureRequest.setSupplementProfiles(supplementProfiles); - verifyXMLSignatureRequest.setSignatureManifestCheckParams( - signatureManifestParams); - verifyXMLSignatureRequest.setReturnHashInputData(returnHashInputData); - verifyXMLSignatureRequest.setTrustProfileId(trustProfileID); - return verifyXMLSignatureRequest; - } - - public VerifySignatureInfo createVerifySignatureInfo( - Content verifySignatureEnvironment, - VerifySignatureLocation verifySignatureLocation) { - VerifySignatureInfoImpl verifySignatureInfo = new VerifySignatureInfoImpl(); - verifySignatureInfo.setVerifySignatureEnvironment( - verifySignatureEnvironment); - verifySignatureInfo.setVerifySignatureLocation(verifySignatureLocation); - return verifySignatureInfo; - } - - public VerifySignatureLocation createVerifySignatureLocation( - String xPathExpression, - Map namespaceDeclarations) { - VerifySignatureLocationImpl verifySignatureLocation = - new VerifySignatureLocationImpl(); - verifySignatureLocation.setXPathExpression(xPathExpression); - verifySignatureLocation.setNamespaceDeclarations(namespaceDeclarations); - return verifySignatureLocation; - } - - public SupplementProfile createSupplementProfile(String profileID) { - SupplementProfileIDImpl supplementProfileID = new SupplementProfileIDImpl(); - supplementProfileID.setSupplementProfileID(profileID); - return supplementProfileID; - } - - public SupplementProfile createSupplementProfile(XMLDataObjectAssociation supplementProfile) { - SupplementProfileExplicitImpl supplementProfileExplicit = - new SupplementProfileExplicitImpl(); - supplementProfileExplicit.setSupplementProfile(supplementProfile); - return supplementProfileExplicit; - } - - public SignatureManifestCheckParams createSignatureManifestCheckParams( - List referenceInfos, - boolean returnReferenceInputData) { - SignatureManifestCheckParamsImpl signatureManifestCheckParams = - new SignatureManifestCheckParamsImpl(); - signatureManifestCheckParams.setReferenceInfos(referenceInfos); - signatureManifestCheckParams.setReturnReferenceInputData( - returnReferenceInputData); - return signatureManifestCheckParams; - } - - public ReferenceInfo createReferenceInfo(List verifyTransformsInfoProfiles) { - ReferenceInfoImpl referenceInfo = new ReferenceInfoImpl(); - referenceInfo.setVerifyTransformsInfoProfiles(verifyTransformsInfoProfiles); - return referenceInfo; - } - - public VerifyTransformsInfoProfile createVerifyTransformsInfoProfile( - List transforms, - List transformParameters) { - VerifyTransformsInfoProfileExplicitImpl verifyTransformsInfoProfile = - new VerifyTransformsInfoProfileExplicitImpl(); - - verifyTransformsInfoProfile.setTransforms(transforms); - verifyTransformsInfoProfile.setTransformParameters(transformParameters); - - return verifyTransformsInfoProfile; - } - - public VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(String profileID) { - VerifyTransformsInfoProfileIDImpl verifyTransformsInfoProfile = - new VerifyTransformsInfoProfileIDImpl(); - verifyTransformsInfoProfile.setVerifyTransformsInfoProfileID(profileID); - return verifyTransformsInfoProfile; - } - - - public TransformParameter createTransformParameter(String URI, String digestMethod, byte[] digestValue) { - TransformPatameterHashImpl transformParameter = - new TransformPatameterHashImpl(); - transformParameter.setURI(URI); - transformParameter.setDigestMethod(digestMethod); - transformParameter.setDigestValue(digestValue); - return transformParameter; - } - - public TransformParameter createTransformParameter( - String URI, - InputStream binaryData) { - TransformParameterBinaryImpl transformParameter = - new TransformParameterBinaryImpl(); - transformParameter.setURI(URI); - transformParameter.setBinaryContent(binaryData); - return transformParameter; - } - - public TransformParameter createTransformParameter(String URI) { - TransformParameterURIImpl transformParameter = - new TransformParameterURIImpl(); - transformParameter.setURI(URI); - return transformParameter; - } - - public VerifyXMLSignatureResponse createVerifyXMLSignatureResponse( - SignerInfo signerInfo, - List hashInputDatas, - List referenceInputDatas, - ReferencesCheckResult signatureCheck, - ReferencesCheckResult signatureManifestCheck, - List xmlDsigManifestChecks, - CheckResult certificateCheck, - List adesFormResults) { - VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = - new VerifyXMLSignatureResponseImpl(); - verifyXMLSignatureResponse.setSignerInfo(signerInfo); - verifyXMLSignatureResponse.setHashInputDatas(hashInputDatas); - verifyXMLSignatureResponse.setReferenceInputDatas(referenceInputDatas); - verifyXMLSignatureResponse.setSignatureCheck(signatureCheck); - verifyXMLSignatureResponse.setSignatureManifestCheck( - signatureManifestCheck); - verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks); - verifyXMLSignatureResponse.setCertificateCheck(certificateCheck); - verifyXMLSignatureResponse.setAdESFormResults(adesFormResults); - return verifyXMLSignatureResponse; - } - - public ReferencesCheckResult createReferencesCheckResult( - int code, - ReferencesCheckResultInfo info) { - ReferencesCheckResultImpl referencesCheckResult = - new ReferencesCheckResultImpl(); - referencesCheckResult.setCode(code); - referencesCheckResult.setInfo(info); - return referencesCheckResult; - } - - public ReferencesCheckResultInfo createReferencesCheckResultInfo( - NodeList anyOtherInfo, - int[] failedReferences) { - ReferencesCheckResultInfoImpl referencesCheckResultInfo = - new ReferencesCheckResultInfoImpl(); - referencesCheckResultInfo.setAnyOtherInfo(anyOtherInfo); - referencesCheckResultInfo.setFailedReferences(failedReferences); - return referencesCheckResultInfo; - } - - public ManifestRefsCheckResult createManifestRefsCheckResult( - int code, - ManifestRefsCheckResultInfo info) { - ManifestRefsCheckResultImpl manifestRefsCheckResult = - new ManifestRefsCheckResultImpl(); - manifestRefsCheckResult.setCode(code); - manifestRefsCheckResult.setInfo(info); - return manifestRefsCheckResult; - } - - public ManifestRefsCheckResultInfo createManifestRefsCheckResultInfo( - NodeList anyOtherInfo, - int[] failedReferences, - int referringSigReference) { - ManifestRefsCheckResultInfoImpl manifestRefsCheckResultInfo = - new ManifestRefsCheckResultInfoImpl(); - manifestRefsCheckResultInfo.setAnyOtherInfo(anyOtherInfo); - manifestRefsCheckResultInfo.setReferringSignatureReference( - referringSigReference); - manifestRefsCheckResultInfo.setFailedReferences(failedReferences); - return manifestRefsCheckResultInfo; - } - - public Content createContent(InputStream binaryData, String referenceURI) { - ContentBinaryImpl content = new ContentBinaryImpl(); - content.setBinaryContent(binaryData); - content.setReference(referenceURI); - return content; - } - - public Content createContent(String locationReferenceURI, String referenceURI) { - ContentLocRefImpl content = new ContentLocRefImpl(); - content.setLocationReferenceURI(locationReferenceURI); - content.setReference(referenceURI); - return content; - } - - public Content createContent(String referenceURI) { - ContentReferenceImpl content = new ContentReferenceImpl(); - content.setReference(referenceURI); - return content; - } - - public Content createContent(NodeList xmlData, String referenceURI) { - ContentXMLImpl content = new ContentXMLImpl(); - content.setXMLContent(xmlData); - content.setReference(referenceURI); - return content; - } - - public XMLDataObjectAssociation createXMLDataObjectAssociation( - MetaInfo metaInfo, - Content xmlContent) { - XMLDataObjectAssociationImpl xmlDataObjectAssociation = - new XMLDataObjectAssociationImpl(); - xmlDataObjectAssociation.setMetaInfo(metaInfo); - xmlDataObjectAssociation.setContent(xmlContent); - return xmlDataObjectAssociation; - } - - public MetaInfo createMetaInfo( - String mimeType, - String description, - NodeList otherInfo, - String type) { - MetaInfoImpl metaInfo = new MetaInfoImpl(); - metaInfo.setMimeType(mimeType); - metaInfo.setDescription(description); - metaInfo.setAnyElements(otherInfo); - metaInfo.setType(type); - return metaInfo; - } - - public Transform createCanonicalizationTransform(String algorithmURI) { - CanonicalizationTransformImpl transform = new CanonicalizationTransformImpl(algorithmURI); - return transform; - } - - public Transform createExclusiveCanonicalizationTransform(String algorithmURI, List inclusiveNamespacePrefixes) { - ExclusiveCanonicalizationTransformImpl transform = new ExclusiveCanonicalizationTransformImpl(algorithmURI); - transform.setInclusiveNamespacePrefixes(inclusiveNamespacePrefixes); - return transform; - } - - public Transform createBase64Transform() { - Base64TransformImpl transform = new Base64TransformImpl(); - return transform; - } - - public Transform createEnvelopedSignatureTransform() { - EnvelopedSignatureTransformImpl transform = - new EnvelopedSignatureTransformImpl(); - return transform; - } - - public Transform createXSLTTransform(Element styleSheet) { - XSLTransformImpl transform = new XSLTransformImpl(); - transform.setStylesheet(styleSheet); - return transform; - } - - public Transform createXPathTransform( - String xPathExpression, - Map namespaceDeclarations) { - XPathTransformImpl transform = new XPathTransformImpl(); - transform.setXPathExpression(xPathExpression); - transform.setNamespaceDelcarations(namespaceDeclarations); - return transform; - } - - public Transform createXPathFilter2Transform(List xPathFilters) { - XPathFilter2TransformImpl transform = new XPathFilter2TransformImpl(); - transform.setFilters(xPathFilters); - return transform; - } - - public XPathFilter createXPathFilter( - String filterType, - String xPathExpression, - Map namespaceDeclarations) { - XPathFilterImpl xPathFilter = new XPathFilterImpl(); - xPathFilter.setFilterType(filterType); - xPathFilter.setXPathExpression(xPathExpression); - xPathFilter.setNamespaceDelcarations(namespaceDeclarations); - return xPathFilter; - } - - public CheckResult createCheckResult(int code, NodeList info) { - CheckResultImpl checkResult = new CheckResultImpl(); - checkResult.setCode(code); - checkResult.setInfo(info); - return checkResult; - } - - - public SignerInfo createSignerInfo( - X509Certificate signerCertificate, - boolean qualifiedCertificate, - boolean qcSourceTSL, - boolean publicAuthority, - String publicAuthorityID, - boolean sscd, - boolean sscdSourceTSL, - String issuerCountryCode) { - SignerInfoImpl signerInfo = new SignerInfoImpl(); - signerInfo.setSignerCertificate(signerCertificate); - signerInfo.setQualifiedCertificate(qualifiedCertificate); - signerInfo.setQCSourceTSL(qcSourceTSL); - signerInfo.setPublicAuthority(publicAuthority); - signerInfo.setPublicAuhtorityID(publicAuthorityID); - signerInfo.setSSCD(sscd); - signerInfo.setSSCDSourceTSL(sscdSourceTSL); - signerInfo.setIssuerCountryCode(issuerCountryCode); - return signerInfo; - } - - public X509IssuerSerial createX509IssuerSerial( - String issuerName, - BigInteger serialNumber) { - X509IssuerSerialImpl x509IssuerSerial = new X509IssuerSerialImpl(); - x509IssuerSerial.setX509IssuerName(issuerName); - x509IssuerSerial.setX509SerialNumber(serialNumber); - return x509IssuerSerial; - } + public CreateXMLSignatureRequest createCreateXMLSignatureRequest(String keyIdentifier, List singleSignatureInfos) { + CreateXMLSignatureRequestImpl createXMLSignatureRequest = new CreateXMLSignatureRequestImpl(); + createXMLSignatureRequest.setKeyIdentifier(keyIdentifier); + createXMLSignatureRequest.setSingleSignatureInfos(singleSignatureInfos); + return createXMLSignatureRequest; + } + + public CreateCMSSignatureRequest createCreateCMSSignatureRequest(String keyIdentifier, List singleSignatureInfos) { + CreateCMSSignatureRequestImpl createCMSSignatureRequest = new CreateCMSSignatureRequestImpl(); + createCMSSignatureRequest.setKeyIdentifier(keyIdentifier); + createCMSSignatureRequest.setSingleSignatureInfos(singleSignatureInfos); + return createCMSSignatureRequest; + + } + + public CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements) { + CreateCMSSignatureResponseImpl createCMSSignatureResponse = new CreateCMSSignatureResponseImpl(); + createCMSSignatureResponse.setResponseElements(responseElements); + return createCMSSignatureResponse; + } + + public CMSSignatureResponse createCMSSignatureResponse(String base64value) { + CMSSignatureResponseImpl cmsSignatureResponse = new CMSSignatureResponseImpl(); + cmsSignatureResponse.setCMSSignature(base64value); + + return cmsSignatureResponse; + } + + public SingleSignatureInfo createSingleSignatureInfo(List dataObjectInfos, CreateSignatureInfo createSignatureInfo, + boolean securityLayerConform) { + SingleSignatureInfoImpl singleSignatureInfo = new SingleSignatureInfoImpl(); + singleSignatureInfo.setDataObjectInfos(dataObjectInfos); + singleSignatureInfo.setCreateSignatureInfo(createSignatureInfo); + singleSignatureInfo.setSecurityLayerConform(securityLayerConform); + return singleSignatureInfo; + } + + public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( + at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform) { + SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl(); + singleSignatureInfo.setDataObjectInfo(dataObjectInfo); + singleSignatureInfo.setSecurityLayerConform(securityLayerConform); + return singleSignatureInfo; + } + + public DataObjectInfo createDataObjectInfo(String structure, boolean childOfManifest, Content dataObject, + CreateTransformsInfoProfile createTransformsInfoProfile) { + DataObjectInfoImpl dataObjectInfo = new DataObjectInfoImpl(); + dataObjectInfo.setStructure(structure); + dataObjectInfo.setChildOfManifest(childOfManifest); + dataObjectInfo.setDataObject(dataObject); + dataObjectInfo.setCreateTransformsInfoProfile(createTransformsInfoProfile); + return dataObjectInfo; + } + + public at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(String structure, + CMSDataObject dataObject) { + DataObjectInfoCMSImpl dataObjectInfo = new DataObjectInfoCMSImpl(); + dataObjectInfo.setStructure(structure); + dataObjectInfo.setDataObject(dataObject); + return dataObjectInfo; + } + + public CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID) { + + CreateTransformsInfoProfileIDImpl createTransformsInfoProfile = new CreateTransformsInfoProfileIDImpl(); + createTransformsInfoProfile.setCreateTransformsInfoProfileID(profileID); + return createTransformsInfoProfile; + } + + public CreateTransformsInfoProfile createCreateTransformsInfoProfile(CreateTransformsInfo transformsInfo, + List supplements) { + CreateTransformsInfoProfileExplicitImpl createTransformsInfoProfile = new CreateTransformsInfoProfileExplicitImpl(); + createTransformsInfoProfile.setCreateTransformsInfo(transformsInfo); + createTransformsInfoProfile.setSupplements(supplements); + return createTransformsInfoProfile; + } + + public CreateTransformsInfo createCreateTransformsInfo(List transforms, MetaInfo finalDataMetaInfo) { + CreateTransformsInfoImpl createTransformsInfo = new CreateTransformsInfoImpl(); + + createTransformsInfo.setTransforms(transforms); + createTransformsInfo.setFinalDataMetaInfo(finalDataMetaInfo); + return createTransformsInfo; + } + + public CreateSignatureInfo createCreateSignatureInfo(Content createSignatureEnvironment, + CreateSignatureEnvironmentProfile createSignatureEnvironmentProfile) { + CreateSignatureInfoImpl createSignatureInfo = new CreateSignatureInfoImpl(); + createSignatureInfo.setCreateSignatureEnvironment(createSignatureEnvironment); + createSignatureInfo.setCreateSignatureEnvironmentProfile(createSignatureEnvironmentProfile); + return createSignatureInfo; + } + + public CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile( + CreateSignatureLocation createSignatureLocation, List supplements) { + CreateSignatureEnvironmentProfileExplicitImpl createSignatureEnvironmentProfile = new CreateSignatureEnvironmentProfileExplicitImpl(); + createSignatureEnvironmentProfile.setCreateSignatureLocation(createSignatureLocation); + createSignatureEnvironmentProfile.setSupplements(supplements); + return createSignatureEnvironmentProfile; + } + + public CreateSignatureLocation createCreateSignatureLocation(String signatureLocationXPath, + int signatureLocationIndex, Map namespaceDeclarations) { + CreateSignatureLocationImpl createSignatureLocation = new CreateSignatureLocationImpl(); + createSignatureLocation.setIndex(signatureLocationIndex); + createSignatureLocation.setNamespaceDeclarations(namespaceDeclarations); + createSignatureLocation.setXPathExpression(signatureLocationXPath); + return createSignatureLocation; + } + + public CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(String profileID) { + CreateSignatureEnvironmentProfileIDImpl createSignatureEnvironmentProfile = new CreateSignatureEnvironmentProfileIDImpl(); + createSignatureEnvironmentProfile.setCreateSignatureEnvironmentProfileID(profileID); + return createSignatureEnvironmentProfile; + } + + public CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements) { + CreateXMLSignatureResponseImpl createXMLSignatureResponse = new CreateXMLSignatureResponseImpl(); + createXMLSignatureResponse.setResponseElements(responseElements); + return createXMLSignatureResponse; + } + + public SignatureEnvironmentResponse createSignatureEnvironmentResponse(Element signatureEnvironment) { + SignatureEnvironmentResponseImpl signatureEnvironmentResponse = new SignatureEnvironmentResponseImpl(); + signatureEnvironmentResponse.setSignatureEnvironment(signatureEnvironment); + return signatureEnvironmentResponse; + } + + public ErrorResponse createErrorResponse(int code, String info) { + ErrorResponseImpl errorResponse = new ErrorResponseImpl(); + errorResponse.setErrorCode(code); + errorResponse.setInfo(info); + return errorResponse; + } + + public VerifyCMSSignatureRequest createVerifyCMSSignatureRequest(int[] signatories, Date dateTime, + InputStream cmsSignature, CMSDataObject dataObject, String trustProfileID, boolean pdf) { + return this.createVerifyCMSSignatureRequest(signatories, dateTime, cmsSignature, dataObject, trustProfileID, pdf, false); + } + + public VerifyCMSSignatureRequest createVerifyCMSSignatureRequest(int[] signatories, Date dateTime, + InputStream cmsSignature, CMSDataObject dataObject, String trustProfileID, boolean pdf, boolean extended) { + VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest = new VerifyCMSSignatureRequestImpl(); + verifyCMSSignatureRequest.setDateTime(dateTime); + verifyCMSSignatureRequest.setCMSSignature(cmsSignature); + verifyCMSSignatureRequest.setDataObject(dataObject); + verifyCMSSignatureRequest.setTrustProfileId(trustProfileID); + verifyCMSSignatureRequest.setSignatories(signatories); + verifyCMSSignatureRequest.setPDF(pdf); + verifyCMSSignatureRequest.setExtended(extended); + return verifyCMSSignatureRequest; + } + + public CMSDataObject createCMSDataObject(MetaInfo metaInfo, CMSContent content, BigDecimal excludeByteRangeFrom, + BigDecimal excludeByteRangeTo) { + + CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl(); + cmsDataObject.setMetaInfo(metaInfo); + cmsDataObject.setContent(content); + cmsDataObject.setExcludeByteRangeFrom(excludeByteRangeFrom); + cmsDataObject.setExcludeByteRangeTo(excludeByteRangeTo); + + return cmsDataObject; + } + + public CMSContent createCMSContent(InputStream binaryContent) { + CMSContentExplicitImpl cmsContent = new CMSContentExplicitImpl(); + + cmsContent.setBinaryContent(binaryContent); + return cmsContent; + } + + public CMSContent createCMSContent(String referenceURI) { + CMSContentReferenceImpl cmsContent = new CMSContentReferenceImpl(); + + cmsContent.setReference(referenceURI); + return cmsContent; + } + + public CMSDataObject createCMSDataObject(MetaInfo metaInfo, String referenceURI) { + CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl(); + CMSContentReferenceImpl cmsContent = new CMSContentReferenceImpl(); + cmsDataObject.setMetaInfo(metaInfo); + cmsContent.setReference(referenceURI); + return cmsDataObject; + } + + public VerifyCMSSignatureResponse createVerifyCMSSignatureResponse(List responseElements) { + VerifyCMSSinatureResponseImpl verifyCMSSignatureResponse = new VerifyCMSSinatureResponseImpl(); + verifyCMSSignatureResponse.setResponseElements(responseElements); + return verifyCMSSignatureResponse; + } + + public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(SignerInfo signerInfo, + CheckResult signatureCheck, CheckResult certificateCheck, List adesResult) { + VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); + verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); + verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); + verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); + verifyCMSSignatureResponseElement.setAdESFormResults(adesResult); + return verifyCMSSignatureResponseElement; + } + + public VerifyXMLSignatureRequest createVerifyXMLSignatureRequest(Date dateTime, + VerifySignatureInfo verifySignatureInfo, List supplementProfiles, + SignatureManifestCheckParams signatureManifestParams, boolean returnHashInputData, String trustProfileID) { + return this.createVerifyXMLSignatureRequest(dateTime, verifySignatureInfo, supplementProfiles, + signatureManifestParams, returnHashInputData, trustProfileID, false); + } + + public VerifySignatureInfo createVerifySignatureInfo(Content verifySignatureEnvironment, + VerifySignatureLocation verifySignatureLocation) { + VerifySignatureInfoImpl verifySignatureInfo = new VerifySignatureInfoImpl(); + verifySignatureInfo.setVerifySignatureEnvironment(verifySignatureEnvironment); + verifySignatureInfo.setVerifySignatureLocation(verifySignatureLocation); + return verifySignatureInfo; + } + + public VerifySignatureLocation createVerifySignatureLocation(String xPathExpression, Map namespaceDeclarations) { + VerifySignatureLocationImpl verifySignatureLocation = new VerifySignatureLocationImpl(); + verifySignatureLocation.setXPathExpression(xPathExpression); + verifySignatureLocation.setNamespaceDeclarations(namespaceDeclarations); + return verifySignatureLocation; + } + + public SupplementProfile createSupplementProfile(String profileID) { + SupplementProfileIDImpl supplementProfileID = new SupplementProfileIDImpl(); + supplementProfileID.setSupplementProfileID(profileID); + return supplementProfileID; + } + + public SupplementProfile createSupplementProfile(XMLDataObjectAssociation supplementProfile) { + SupplementProfileExplicitImpl supplementProfileExplicit = new SupplementProfileExplicitImpl(); + supplementProfileExplicit.setSupplementProfile(supplementProfile); + return supplementProfileExplicit; + } + + public SignatureManifestCheckParams createSignatureManifestCheckParams(List referenceInfos, + boolean returnReferenceInputData) { + SignatureManifestCheckParamsImpl signatureManifestCheckParams = new SignatureManifestCheckParamsImpl(); + signatureManifestCheckParams.setReferenceInfos(referenceInfos); + signatureManifestCheckParams.setReturnReferenceInputData(returnReferenceInputData); + return signatureManifestCheckParams; + } + + public ReferenceInfo createReferenceInfo(List verifyTransformsInfoProfiles) { + ReferenceInfoImpl referenceInfo = new ReferenceInfoImpl(); + referenceInfo.setVerifyTransformsInfoProfiles(verifyTransformsInfoProfiles); + return referenceInfo; + } + + public VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(List transforms, List transformParameters) { + VerifyTransformsInfoProfileExplicitImpl verifyTransformsInfoProfile = new VerifyTransformsInfoProfileExplicitImpl(); + + verifyTransformsInfoProfile.setTransforms(transforms); + verifyTransformsInfoProfile.setTransformParameters(transformParameters); + + return verifyTransformsInfoProfile; + } + + public VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(String profileID) { + VerifyTransformsInfoProfileIDImpl verifyTransformsInfoProfile = new VerifyTransformsInfoProfileIDImpl(); + verifyTransformsInfoProfile.setVerifyTransformsInfoProfileID(profileID); + return verifyTransformsInfoProfile; + } + + public TransformParameter createTransformParameter(String URI, String digestMethod, byte[] digestValue) { + TransformPatameterHashImpl transformParameter = new TransformPatameterHashImpl(); + transformParameter.setURI(URI); + transformParameter.setDigestMethod(digestMethod); + transformParameter.setDigestValue(digestValue); + return transformParameter; + } + + public TransformParameter createTransformParameter(String URI, InputStream binaryData) { + TransformParameterBinaryImpl transformParameter = new TransformParameterBinaryImpl(); + transformParameter.setURI(URI); + transformParameter.setBinaryContent(binaryData); + return transformParameter; + } + + public TransformParameter createTransformParameter(String URI) { + TransformParameterURIImpl transformParameter = new TransformParameterURIImpl(); + transformParameter.setURI(URI); + return transformParameter; + } + + public VerifyXMLSignatureResponse createVerifyXMLSignatureResponse(SignerInfo signerInfo, List hashInputDatas, + List referenceInputDatas, ReferencesCheckResult signatureCheck, + ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, CheckResult certificateCheck, + List adesFormResults) { + VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = new VerifyXMLSignatureResponseImpl(); + verifyXMLSignatureResponse.setSignerInfo(signerInfo); + verifyXMLSignatureResponse.setHashInputDatas(hashInputDatas); + verifyXMLSignatureResponse.setReferenceInputDatas(referenceInputDatas); + verifyXMLSignatureResponse.setSignatureCheck(signatureCheck); + verifyXMLSignatureResponse.setSignatureManifestCheck(signatureManifestCheck); + verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks); + verifyXMLSignatureResponse.setCertificateCheck(certificateCheck); + verifyXMLSignatureResponse.setAdESFormResults(adesFormResults); + return verifyXMLSignatureResponse; + } + + public ReferencesCheckResult createReferencesCheckResult(int code, ReferencesCheckResultInfo info) { + ReferencesCheckResultImpl referencesCheckResult = new ReferencesCheckResultImpl(); + referencesCheckResult.setCode(code); + referencesCheckResult.setInfo(info); + return referencesCheckResult; + } + + public ReferencesCheckResultInfo createReferencesCheckResultInfo(NodeList anyOtherInfo, int[] failedReferences) { + ReferencesCheckResultInfoImpl referencesCheckResultInfo = new ReferencesCheckResultInfoImpl(); + referencesCheckResultInfo.setAnyOtherInfo(anyOtherInfo); + referencesCheckResultInfo.setFailedReferences(failedReferences); + return referencesCheckResultInfo; + } + + public ManifestRefsCheckResult createManifestRefsCheckResult(int code, ManifestRefsCheckResultInfo info) { + ManifestRefsCheckResultImpl manifestRefsCheckResult = new ManifestRefsCheckResultImpl(); + manifestRefsCheckResult.setCode(code); + manifestRefsCheckResult.setInfo(info); + return manifestRefsCheckResult; + } + + public ManifestRefsCheckResultInfo createManifestRefsCheckResultInfo(NodeList anyOtherInfo, int[] failedReferences, + int referringSigReference) { + ManifestRefsCheckResultInfoImpl manifestRefsCheckResultInfo = new ManifestRefsCheckResultInfoImpl(); + manifestRefsCheckResultInfo.setAnyOtherInfo(anyOtherInfo); + manifestRefsCheckResultInfo.setReferringSignatureReference(referringSigReference); + manifestRefsCheckResultInfo.setFailedReferences(failedReferences); + return manifestRefsCheckResultInfo; + } + + public Content createContent(InputStream binaryData, String referenceURI) { + ContentBinaryImpl content = new ContentBinaryImpl(); + content.setBinaryContent(binaryData); + content.setReference(referenceURI); + return content; + } + + public Content createContent(String locationReferenceURI, String referenceURI) { + ContentLocRefImpl content = new ContentLocRefImpl(); + content.setLocationReferenceURI(locationReferenceURI); + content.setReference(referenceURI); + return content; + } + + public Content createContent(String referenceURI) { + ContentReferenceImpl content = new ContentReferenceImpl(); + content.setReference(referenceURI); + return content; + } + + public Content createContent(NodeList xmlData, String referenceURI) { + ContentXMLImpl content = new ContentXMLImpl(); + content.setXMLContent(xmlData); + content.setReference(referenceURI); + return content; + } + + public XMLDataObjectAssociation createXMLDataObjectAssociation(MetaInfo metaInfo, Content xmlContent) { + XMLDataObjectAssociationImpl xmlDataObjectAssociation = new XMLDataObjectAssociationImpl(); + xmlDataObjectAssociation.setMetaInfo(metaInfo); + xmlDataObjectAssociation.setContent(xmlContent); + return xmlDataObjectAssociation; + } + + public MetaInfo createMetaInfo(String mimeType, String description, NodeList otherInfo, String type) { + MetaInfoImpl metaInfo = new MetaInfoImpl(); + metaInfo.setMimeType(mimeType); + metaInfo.setDescription(description); + metaInfo.setAnyElements(otherInfo); + metaInfo.setType(type); + return metaInfo; + } + + public Transform createCanonicalizationTransform(String algorithmURI) { + CanonicalizationTransformImpl transform = new CanonicalizationTransformImpl(algorithmURI); + return transform; + } + + public Transform createExclusiveCanonicalizationTransform(String algorithmURI, List inclusiveNamespacePrefixes) { + ExclusiveCanonicalizationTransformImpl transform = new ExclusiveCanonicalizationTransformImpl(algorithmURI); + transform.setInclusiveNamespacePrefixes(inclusiveNamespacePrefixes); + return transform; + } + + public Transform createBase64Transform() { + Base64TransformImpl transform = new Base64TransformImpl(); + return transform; + } + + public Transform createEnvelopedSignatureTransform() { + EnvelopedSignatureTransformImpl transform = new EnvelopedSignatureTransformImpl(); + return transform; + } + + public Transform createXSLTTransform(Element styleSheet) { + XSLTransformImpl transform = new XSLTransformImpl(); + transform.setStylesheet(styleSheet); + return transform; + } + + public Transform createXPathTransform(String xPathExpression, Map namespaceDeclarations) { + XPathTransformImpl transform = new XPathTransformImpl(); + transform.setXPathExpression(xPathExpression); + transform.setNamespaceDelcarations(namespaceDeclarations); + return transform; + } + + public Transform createXPathFilter2Transform(List xPathFilters) { + XPathFilter2TransformImpl transform = new XPathFilter2TransformImpl(); + transform.setFilters(xPathFilters); + return transform; + } + + public XPathFilter createXPathFilter(String filterType, String xPathExpression, Map namespaceDeclarations) { + XPathFilterImpl xPathFilter = new XPathFilterImpl(); + xPathFilter.setFilterType(filterType); + xPathFilter.setXPathExpression(xPathExpression); + xPathFilter.setNamespaceDelcarations(namespaceDeclarations); + return xPathFilter; + } + + public CheckResult createCheckResult(int code, NodeList info) { + CheckResultImpl checkResult = new CheckResultImpl(); + checkResult.setCode(code); + checkResult.setInfo(info); + return checkResult; + } + + public SignerInfo createSignerInfo(X509Certificate signerCertificate, boolean qualifiedCertificate, + boolean qcSourceTSL, boolean publicAuthority, String publicAuthorityID, boolean sscd, boolean sscdSourceTSL, + String issuerCountryCode) { + SignerInfoImpl signerInfo = new SignerInfoImpl(); + signerInfo.setSignerCertificate(signerCertificate); + signerInfo.setQualifiedCertificate(qualifiedCertificate); + signerInfo.setQCSourceTSL(qcSourceTSL); + signerInfo.setPublicAuthority(publicAuthority); + signerInfo.setPublicAuhtorityID(publicAuthorityID); + signerInfo.setSSCD(sscd); + signerInfo.setSSCDSourceTSL(sscdSourceTSL); + signerInfo.setIssuerCountryCode(issuerCountryCode); + return signerInfo; + } + + public X509IssuerSerial createX509IssuerSerial(String issuerName, BigInteger serialNumber) { + X509IssuerSerialImpl x509IssuerSerial = new X509IssuerSerialImpl(); + x509IssuerSerial.setX509IssuerName(issuerName); + x509IssuerSerial.setX509SerialNumber(serialNumber); + return x509IssuerSerial; + } + + @Override + public VerifyXMLSignatureRequest createVerifyXMLSignatureRequest(Date dateTime, + VerifySignatureInfo verifySignatureInfo, List supplementProfiles, + SignatureManifestCheckParams signatureManifestParams, boolean returnHashInputData, String trustProfileID, + boolean extendedValidation) { + VerifyXMLSignatureRequestImpl verifyXMLSignatureRequest = new VerifyXMLSignatureRequestImpl(); + verifyXMLSignatureRequest.setDateTime(dateTime); + verifyXMLSignatureRequest.setSignatureInfo(verifySignatureInfo); + verifyXMLSignatureRequest.setSupplementProfiles(supplementProfiles); + verifyXMLSignatureRequest.setSignatureManifestCheckParams(signatureManifestParams); + verifyXMLSignatureRequest.setReturnHashInputData(returnHashInputData); + verifyXMLSignatureRequest.setTrustProfileId(trustProfileID); + verifyXMLSignatureRequest.setExtendedValidation(extendedValidation); + return verifyXMLSignatureRequest; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java index 78d817b..e16717d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java @@ -51,6 +51,7 @@ public class VerifyCMSSignatureRequestImpl private Date dateTime; private boolean pdf = false; + private boolean extended = false; /** * Sets the indexes of the signatories whose signature should be verified. @@ -124,4 +125,12 @@ public class VerifyCMSSignatureRequestImpl return this.pdf; } +public synchronized boolean isExtended() { + return extended; +} + +public synchronized void setExtended(boolean extended) { + this.extended = extended; +} + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java index 1b9be35..91d1917 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.api.impl; import java.util.ArrayList; @@ -39,99 +38,114 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; * @author Fatemeh Philippi * @version $Id$ */ -public class VerifyXMLSignatureRequestImpl - implements VerifyXMLSignatureRequest { - /** Date and time for signature verification. */ - private Date dateTime; - /** The signature to be verified. */ - private VerifySignatureInfo verifySignatureInfo; - /** Supplemental information about the singature. */ - private List supplementProfiles; - /** Additional parameters for checking the signature manifest. */ - private SignatureManifestCheckParams signatureManifestCheckParams; - /** Whether to return the hash input data. */ - private boolean returnHashInputData; - /** The profile ID of the trust profile containing the trusted certificates. - */ - private String trustProfileId; - - /** - * Sets the date and time for signature verification. - * - * @param dateTime The date and time for signature verification. - */ - public void setDateTime(Date dateTime) { - this.dateTime = dateTime; - } - - public Date getDateTime() { - return dateTime; - } - - /** - * Sets the signature to be verified. - * - * @param signatureInfo The signature to be verified. - */ - public void setSignatureInfo(VerifySignatureInfo signatureInfo) { - this.verifySignatureInfo = signatureInfo; - } - - public VerifySignatureInfo getSignatureInfo() { - return verifySignatureInfo; - } - - /** - * Sets supplemental information about the singature. - * @param supplementProfiles - */ - public void setSupplementProfiles(List supplementProfiles) { - this.supplementProfiles = - supplementProfiles != null - ? Collections.unmodifiableList(new ArrayList(supplementProfiles)) - : null; - } - - public List getSupplementProfiles() { - return supplementProfiles; - } - - /** - * Sets supplemental information about the singature. - * @param params Supplemental information about the singature. - */ - public void setSignatureManifestCheckParams(SignatureManifestCheckParams params) { - this.signatureManifestCheckParams = params; - } - - public SignatureManifestCheckParams getSignatureManifestCheckParams() { - return signatureManifestCheckParams; - } - - /** - * Sets whether to return hash input data. - * - * @param returnSignedData Whether to return hash input data. - */ - public void setReturnHashInputData(boolean returnSignedData) { - this.returnHashInputData = returnSignedData; - } - - public boolean getReturnHashInputData() { - return returnHashInputData; - } - - /** - * Sets the profile ID of trusted certificates. - * - * @param trustProfileId The profile ID of trusted certificates. - */ - public void setTrustProfileId(String trustProfileId) { - this.trustProfileId = trustProfileId; - } - - public String getTrustProfileId() { - return trustProfileId; - } +public class VerifyXMLSignatureRequestImpl implements VerifyXMLSignatureRequest { + /** Date and time for signature verification. */ + private Date dateTime; + /** The signature to be verified. */ + private VerifySignatureInfo verifySignatureInfo; + /** Supplemental information about the singature. */ + private List supplementProfiles; + /** Additional parameters for checking the signature manifest. */ + private SignatureManifestCheckParams signatureManifestCheckParams; + /** Whether to return the hash input data. */ + private boolean returnHashInputData; + private boolean extendedValidation; + /** + * The profile ID of the trust profile containing the trusted certificates. + */ + private String trustProfileId; + + /** + * Sets the date and time for signature verification. + * + * @param dateTime + * The date and time for signature verification. + */ + public void setDateTime(Date dateTime) { + this.dateTime = dateTime; + } + + public Date getDateTime() { + return dateTime; + } + + /** + * Sets the signature to be verified. + * + * @param signatureInfo + * The signature to be verified. + */ + public void setSignatureInfo(VerifySignatureInfo signatureInfo) { + this.verifySignatureInfo = signatureInfo; + } + + public VerifySignatureInfo getSignatureInfo() { + return verifySignatureInfo; + } + + /** + * Sets supplemental information about the singature. + * + * @param supplementProfiles + */ + public void setSupplementProfiles(List supplementProfiles) { + this.supplementProfiles = supplementProfiles != null + ? Collections.unmodifiableList(new ArrayList(supplementProfiles)) : null; + } + + public List getSupplementProfiles() { + return supplementProfiles; + } + + /** + * Sets supplemental information about the singature. + * + * @param params + * Supplemental information about the singature. + */ + public void setSignatureManifestCheckParams(SignatureManifestCheckParams params) { + this.signatureManifestCheckParams = params; + } + + public SignatureManifestCheckParams getSignatureManifestCheckParams() { + return signatureManifestCheckParams; + } + + /** + * Sets whether to return hash input data. + * + * @param returnSignedData + * Whether to return hash input data. + */ + public void setReturnHashInputData(boolean returnSignedData) { + this.returnHashInputData = returnSignedData; + } + + public boolean getReturnHashInputData() { + return returnHashInputData; + } + + /** + * Sets the profile ID of trusted certificates. + * + * @param trustProfileId + * The profile ID of trusted certificates. + */ + public void setTrustProfileId(String trustProfileId) { + this.trustProfileId = trustProfileId; + } + + public String getTrustProfileId() { + return trustProfileId; + } + + public synchronized void setExtendedValidation(boolean extendedValidation) { + this.extendedValidation = extendedValidation; + } + + @Override + public boolean getExtendedValidaiton() { + return extendedValidation; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java index a8cae9c..3550c27 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java @@ -40,11 +40,11 @@ import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.common.MetaInfo; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.util.Base64Utils; +import at.gv.egovernment.moaspss.util.BoolUtils; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A parser to parse <code>CreateCMSSignatureRequest</code> DOM trees into diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java index 907f90d..d808f2b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java @@ -38,8 +38,8 @@ import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; /** * Convert a <code>CreateCMSSignatureResponse</code> API object into its diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java index 9cea2fc..d677f88 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java @@ -30,11 +30,6 @@ import java.util.List; import org.w3c.dom.Element; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.Content; @@ -44,6 +39,10 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo; import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo; +import at.gv.egovernment.moaspss.util.BoolUtils; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A parser to parse <code>CreateXMLSignatureRequest</code> DOM trees into diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java index 0af1a67..3c93fce 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java @@ -30,13 +30,12 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.util.Constants; - import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponseElement; import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse; +import at.gv.egovernment.moaspss.util.Constants; /** * Convert a <code>CreateXMLSignatureResponse</code> API object into its diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java index 0705c0b..6b34922 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java @@ -33,11 +33,6 @@ import java.util.Map; import org.w3c.dom.Element; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.MetaInfo; @@ -49,6 +44,10 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile; import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile; import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile; +import at.gv.egovernment.moaspss.util.Base64Utils; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * Parse the various profile elements contained in the MOA web service requests diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java index 743a17c..1d53a0c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.api.xmlbind; import java.text.ParseException; @@ -30,17 +29,16 @@ import java.util.Date; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; +import at.gv.egovernment.moaspss.util.Base64Utils; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.DateTimeUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * Utility methods for parsing XML requests definied in the MOA XML schema. @@ -49,133 +47,164 @@ import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; * @version $Id$ */ public class RequestParserUtils { - // - // XPath expressions for parsing parts of a request - // - private static final String MOA = Constants.MOA_PREFIX + ":"; - private static final String REFERENCE_ATTR_NAME = "Reference"; - private static final String MIME_TYPE_XPATH = MOA + "MimeType"; - private static final String DESCRIPTION_XPATH = MOA + "Description"; - private static final String TYPE_XPATH = MOA + "Type"; - private static final String XML_ASSOC_CONTENT_XPATH = MOA + "Content"; - private static final String CONTENT_XPATH = - MOA + "Base64Content | " + MOA + "XMLContent |" + MOA + "LocRefContent"; - private static final String ANY_OTHER_XPATH = - "*[namespace-uri() != \"" + Constants.MOA_NS_URI + "\"]"; - - /** - * Parse a <code>XMLDataObjectAssociationType</code> kind of DOM element. - * - * @param assocElem The <code>XMLDataObjectAssociationType</code> kind of - * DOM elmeent to parse. - * @return The <code>XMLDataObjectAssociation</code> API object containing - * the data from the <code>XMLDataObjectAssociationType</code> DOM element. - */ - public static XMLDataObjectAssociation parseXMLDataObjectAssociation(Element assocElem) { - SPSSFactory factory = SPSSFactory.getInstance(); - MetaInfo metaInfo = parseMetaInfo(assocElem); - Element contentElem = - (Element) XPathUtils.selectSingleNode(assocElem, XML_ASSOC_CONTENT_XPATH); - Content content = parseContent(contentElem); - - return factory.createXMLDataObjectAssociation(metaInfo, content); - } - - /** - * Parse a <code>MetaInfoType</code> kind of DOM element. - * - * @param metaInfoElem The <code>MetaInfoType</code> kind of DOM element. - * @return The <code>MetaInfo</code> API object containing the data from - * the <code>metaInfoElem</code>. - */ - public static MetaInfo parseMetaInfo(Element metaInfoElem) { - SPSSFactory factory = SPSSFactory.getInstance(); - String mimeType = - XPathUtils.getElementValue(metaInfoElem, MIME_TYPE_XPATH, null); - String description = - XPathUtils.getElementValue(metaInfoElem, DESCRIPTION_XPATH, null); - NodeList anyOther = - XPathUtils.selectNodeList(metaInfoElem, ANY_OTHER_XPATH); - String type = - XPathUtils.getElementValue(metaInfoElem, TYPE_XPATH, null); - - return factory.createMetaInfo(mimeType, description, anyOther, type); - } - - /** - * Parse a <code>ContentOptionalRefType</code> or - * <code>ContentRequiredRefType</code> kind of DOM element. - * @param contentParentElem The DOM element being the parent of the - * content element. - * @return The <code>Content</code> API object containing the data from - * the given DOM element. - */ - public static Content parseContent(Element contentParentElem) { - SPSSFactory factory = SPSSFactory.getInstance(); - String referenceURI = - contentParentElem.hasAttribute(REFERENCE_ATTR_NAME) - ? contentParentElem.getAttribute(REFERENCE_ATTR_NAME) - : null; - Element contentElem = - (Element) XPathUtils.selectSingleNode(contentParentElem, CONTENT_XPATH); - - if (contentElem == null) { - return factory.createContent(referenceURI); - } - - if ("Base64Content".equals(contentElem.getLocalName())) { - String base64String = DOMUtils.getText(contentElem); - return factory.createContent( - Base64Utils.decodeToStream(base64String, true), - referenceURI); - } else if ("LocRefContent".equals(contentElem.getLocalName())) { - String locationReferenceURI = DOMUtils.getText(contentElem); - return factory.createContent( - locationReferenceURI, - referenceURI); - } else { // "XMLContent".equals(contentElem.getLocalName()) - return factory.createContent( - contentElem.getChildNodes(), - referenceURI); - } - } - - /** - * Get the signing time from a Verfiy(CMS|XML)SignatureRequest. - * - * @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code> DOM - * element. - * @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element - * within the request. - * @return Date The date and time corresponding to the <code>DateTime</code> - * element in the request. If no <code>DateTime</code> element exists in the - * request, <code>null</code> is returned. - * @throws MOAApplicationException An error occurred during a parsing the - * <code>DateTime</code> element or creating the return value. - */ - public static Date parseDateTime(Element requestElem, String dateTimeXPath) - throws MOAApplicationException { - - Element dateTimeElem; - String dateTimeText; - - // select the DateTime element - dateTimeElem = - (Element) XPathUtils.selectSingleNode(requestElem, dateTimeXPath); - - // parse a date from the element value - if (dateTimeElem != null) { - dateTimeText = DOMUtils.getText(dateTimeElem); - try { - return DateTimeUtils.parseDateTime(dateTimeText); - } catch (ParseException e) { - throw new MOAApplicationException( - "1104", - new Object[] { dateTimeText }); - } - } else { - return null; - } - } + // + // XPath expressions for parsing parts of a request + // + private static final String MOA = Constants.MOA_PREFIX + ":"; + private static final String REFERENCE_ATTR_NAME = "Reference"; + private static final String MIME_TYPE_XPATH = MOA + "MimeType"; + private static final String DESCRIPTION_XPATH = MOA + "Description"; + private static final String TYPE_XPATH = MOA + "Type"; + private static final String XML_ASSOC_CONTENT_XPATH = MOA + "Content"; + private static final String CONTENT_XPATH = MOA + "Base64Content | " + MOA + "XMLContent |" + MOA + "LocRefContent"; + private static final String ANY_OTHER_XPATH = "*[namespace-uri() != \"" + Constants.MOA_NS_URI + "\"]"; + + /** + * Parse a <code>XMLDataObjectAssociationType</code> kind of DOM element. + * + * @param assocElem + * The <code>XMLDataObjectAssociationType</code> kind of DOM + * elmeent to parse. + * @return The <code>XMLDataObjectAssociation</code> API object containing + * the data from the <code>XMLDataObjectAssociationType</code> DOM + * element. + */ + public static XMLDataObjectAssociation parseXMLDataObjectAssociation(Element assocElem) { + SPSSFactory factory = SPSSFactory.getInstance(); + MetaInfo metaInfo = parseMetaInfo(assocElem); + Element contentElem = (Element) XPathUtils.selectSingleNode(assocElem, XML_ASSOC_CONTENT_XPATH); + Content content = parseContent(contentElem); + + return factory.createXMLDataObjectAssociation(metaInfo, content); + } + + /** + * Parse a <code>MetaInfoType</code> kind of DOM element. + * + * @param metaInfoElem + * The <code>MetaInfoType</code> kind of DOM element. + * @return The <code>MetaInfo</code> API object containing the data from the + * <code>metaInfoElem</code>. + */ + public static MetaInfo parseMetaInfo(Element metaInfoElem) { + SPSSFactory factory = SPSSFactory.getInstance(); + String mimeType = XPathUtils.getElementValue(metaInfoElem, MIME_TYPE_XPATH, null); + String description = XPathUtils.getElementValue(metaInfoElem, DESCRIPTION_XPATH, null); + NodeList anyOther = XPathUtils.selectNodeList(metaInfoElem, ANY_OTHER_XPATH); + String type = XPathUtils.getElementValue(metaInfoElem, TYPE_XPATH, null); + + return factory.createMetaInfo(mimeType, description, anyOther, type); + } + + /** + * Parse a <code>ContentOptionalRefType</code> or + * <code>ContentRequiredRefType</code> kind of DOM element. + * + * @param contentParentElem + * The DOM element being the parent of the content element. + * @return The <code>Content</code> API object containing the data from the + * given DOM element. + */ + public static Content parseContent(Element contentParentElem) { + SPSSFactory factory = SPSSFactory.getInstance(); + String referenceURI = contentParentElem.hasAttribute(REFERENCE_ATTR_NAME) + ? contentParentElem.getAttribute(REFERENCE_ATTR_NAME) : null; + Element contentElem = (Element) XPathUtils.selectSingleNode(contentParentElem, CONTENT_XPATH); + + if (contentElem == null) { + return factory.createContent(referenceURI); + } + + if ("Base64Content".equals(contentElem.getLocalName())) { + String base64String = DOMUtils.getText(contentElem); + return factory.createContent(Base64Utils.decodeToStream(base64String, true), referenceURI); + } else if ("LocRefContent".equals(contentElem.getLocalName())) { + String locationReferenceURI = DOMUtils.getText(contentElem); + return factory.createContent(locationReferenceURI, referenceURI); + } else { // "XMLContent".equals(contentElem.getLocalName()) + return factory.createContent(contentElem.getChildNodes(), referenceURI); + } + } + + /** + * Get the signing time from a Verfiy(CMS|XML)SignatureRequest. + * + * @param requestElem + * A <code>Verify(CMS|XML)SignatureRequest</code> DOM element. + * @param dateTimeXPath + * The XPath to lookup the <code>DateTime</code> element within + * the request. + * @return Date The date and time corresponding to the <code>DateTime</code> + * element in the request. If no <code>DateTime</code> element + * exists in the request, <code>null</code> is returned. + * @throws MOAApplicationException + * An error occurred during a parsing the <code>DateTime</code> + * element or creating the return value. + */ + public static Date parseDateTime(Element requestElem, String dateTimeXPath) throws MOAApplicationException { + + Element dateTimeElem; + String dateTimeText; + + // select the DateTime element + dateTimeElem = (Element) XPathUtils.selectSingleNode(requestElem, dateTimeXPath); + + // parse a date from the element value + if (dateTimeElem != null) { + dateTimeText = DOMUtils.getText(dateTimeElem); + try { + return DateTimeUtils.parseDateTime(dateTimeText); + } catch (ParseException e) { + throw new MOAApplicationException("1104", new Object[] { dateTimeText }); + } + } else { + return null; + } + } + + /** + * Get the signing time from a Verfiy(CMS|XML)SignatureRequest. + * + * @param requestElem + * A <code>Verify(CMS|XML)SignatureRequest</code> DOM element. + * @param dateTimeXPath + * The XPath to lookup the <code>DateTime</code> element within + * the request. + * @return Date The date and time corresponding to the <code>DateTime</code> + * element in the request. If no <code>DateTime</code> element + * exists in the request, <code>null</code> is returned. + * @throws MOAApplicationException + * An error occurred during a parsing the <code>DateTime</code> + * element or creating the return value. + */ + public static boolean parseExtendedValidation(Element requestElem, String extendedValidationXPath, + boolean defaultValue) throws MOAApplicationException { + + Element dateTimeElem; + String dateTimeText; + + // select the DateTime element + dateTimeElem = (Element) XPathUtils.selectSingleNode(requestElem, extendedValidationXPath); + + // parse a date from the element value + if (dateTimeElem != null) { + dateTimeText = DOMUtils.getText(dateTimeElem); + String xsdBoolean = dateTimeText.trim(); + if ("".equals(xsdBoolean)) + return defaultValue; + switch (xsdBoolean) { + case "true": + case "1": + return true; + case "false": + case "0": + return false; + default: + return false; + } + } else { + return defaultValue; + } + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index eaafe00..a6ed83d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -39,12 +39,10 @@ import org.w3c.dom.NodeList; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; - -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moaspss.util.Base64Utils; +import at.gv.egovernment.moaspss.util.Constants; /** * Utility methods used by the verious <code>ResponseBuilder</code> classes. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java index 687b0ae..6dc4803 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java @@ -32,10 +32,6 @@ import java.util.StringTokenizer; import org.w3c.dom.Element; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.Base64Transform; @@ -47,6 +43,9 @@ import at.gv.egovernment.moa.spss.api.common.XPathFilter; import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform; import at.gv.egovernment.moa.spss.api.common.XPathTransform; import at.gv.egovernment.moa.spss.api.common.XSLTTransform; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A parser to parse XMLDsig <code>Transform</code> DOM elements into their diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java index bc92b7a..97a2541 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java @@ -33,18 +33,17 @@ import java.util.StringTokenizer; import org.w3c.dom.Element; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.CollectionUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moaspss.util.Base64Utils; +import at.gv.egovernment.moaspss.util.CollectionUtils; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A parser to parse <code>VerifyCMSSignatureRequest</code> DOM trees into @@ -60,6 +59,7 @@ public class VerifyCMSSignatureRequestParser { // private static final String MOA = Constants.MOA_PREFIX + ":"; private static final String DATE_TIME_XPATH = MOA + "DateTime"; + private static final String EXTENDED_VALIDATION_XPATH = MOA + "ExtendedValidation"; private static final String CMS_SIGNATURE_XPATH = MOA + "CMSSignature"; private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID"; private static final String DATA_OBJECT_XPATH = MOA + "DataObject"; @@ -73,6 +73,44 @@ public class VerifyCMSSignatureRequestParser { /** The <code>SPSSFactory</code> for creating new API objects. */ private SPSSFactory factory = SPSSFactory.getInstance(); + /** + * Parse a <code>VerifyCMSSignatureRequest</code> DOM element, as defined + * by the MOA schema. + * + * @param requestElem The <code>VerifyCMSSignatureRequest</code> to parse. The + * request must have been successfully parsed against the schema for this + * method to succeed. + * @return A <code>VerifyCMSSignatureRequest</code> API objects containing + * the data from the DOM element. + * @throws MOAApplicationException An error occurred parsing the request. + */ + public VerifyCMSSignatureRequest parsePDF(Element requestElem) + throws MOAApplicationException { + + int[] signatories = parseSignatories(requestElem); + Date dateTime = + RequestParserUtils.parseDateTime(requestElem, DATE_TIME_XPATH); + boolean extendedValidation = + RequestParserUtils.parseExtendedValidation(requestElem, EXTENDED_VALIDATION_XPATH, false); + + String cmsSignatureStr = + XPathUtils.getElementValue(requestElem, CMS_SIGNATURE_XPATH, ""); + CMSDataObject dataObject = parseDataObject(requestElem); + String trustProfileID = + XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null); + InputStream cmsSignature = + Base64Utils.decodeToStream(cmsSignatureStr, true); + + return factory.createVerifyCMSSignatureRequest( + signatories, + dateTime, + cmsSignature, + dataObject, + trustProfileID, + true, + extendedValidation); + } + /** * Parse a <code>VerifyCMSSignatureRequest</code> DOM element, as defined * by the MOA schema. @@ -90,6 +128,9 @@ public class VerifyCMSSignatureRequestParser { int[] signatories = parseSignatories(requestElem); Date dateTime = RequestParserUtils.parseDateTime(requestElem, DATE_TIME_XPATH); + boolean extendedValidation = + RequestParserUtils.parseExtendedValidation(requestElem, EXTENDED_VALIDATION_XPATH, false); + String cmsSignatureStr = XPathUtils.getElementValue(requestElem, CMS_SIGNATURE_XPATH, ""); CMSDataObject dataObject = parseDataObject(requestElem); @@ -104,7 +145,8 @@ public class VerifyCMSSignatureRequestParser { cmsSignature, dataObject, trustProfileID, - false); + false, + extendedValidation); } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index b11560b..cefecac 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -35,6 +35,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; /** * Convert a <code>VerifyCMSSignatureResponse</code> API object into its @@ -60,7 +61,7 @@ public class VerifyCMSSignatureResponseBuilder { ResponseBuilderUtils.createResponse("VerifyCMSSignatureResponse"); responseElem = responseDoc.getDocumentElement(); } - + /** * Build a document containing a <code>VerifyCMSSignatureResponse</code> * DOM element being the XML representation of the given @@ -82,7 +83,7 @@ public class VerifyCMSSignatureResponseBuilder { (VerifyCMSSignatureResponseElement) iter.next(); addResponseElement(responseElement); } - + return responseDoc; } @@ -125,6 +126,19 @@ public class VerifyCMSSignatureResponseBuilder { certCheck.getCode(), certCheck.getInfo()); + + if (responseElement.getAdESFormResults() != null) { + + Iterator formIterator = responseElement.getAdESFormResults().iterator(); + + while (formIterator.hasNext()) { + AdESFormResults adESFormResult = (AdESFormResults) formIterator.next(); + // add the CertificateCheck + ResponseBuilderUtils.addFormCheckElement(responseDoc, responseElem, "FormCheckResult", + adESFormResult.getCode().intValue(), adESFormResult.getName()); + + } + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java new file mode 100644 index 0000000..cc44c29 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java @@ -0,0 +1,145 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.xmlbind; + +import java.util.Iterator; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; +import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; + +/** + * Convert a <code>VerifyCMSSignatureResponse</code> API object into its + * XML representation, according to the MOA XML schema. + * + * @author Patrick Peck + * @version $Id$ + */ +public class VerifyPDFSignatureResponseBuilder { + /** The XML document containing the response element. */ + private Document responseDoc; + /** The response <code>VerifyCMSSignatureResponse</code> DOM element. */ + private Element responseElem; + + /** + * Create a new <code>VerifyCMSSignatureResponseBuilder</code>: + * + * @throws MOASystemException An error occurred setting up the resulting + * XML document. + */ + public VerifyPDFSignatureResponseBuilder() throws MOASystemException { + responseDoc = + ResponseBuilderUtils.createResponse("VerifyPDFSignatureResponse"); + responseElem = responseDoc.getDocumentElement(); + } + + /** + * Build a document containing a <code>VerifyCMSSignatureResponse</code> + * DOM element being the XML representation of the given + * <code>VerifyCMSSignatureResponse</code> API object. + * + * @param response The <code>VerifyCMSSignatureResponse</code> to convert + * to XML. + * @return A document containing the <code>VerifyCMSSignatureResponse</code> + * DOM element. + * @throws MOAApplicationException An error occurred building the response. + */ + public Document build(VerifyCMSSignatureResponse response) + throws MOAApplicationException { + + Iterator iter; + + for (iter = response.getResponseElements().iterator(); iter.hasNext();) { + VerifyCMSSignatureResponseElement responseElement = + (VerifyCMSSignatureResponseElement) iter.next(); + addResponseElement(responseElement); + } + + return responseDoc; + } + + /** + * Add an element to the response. + * + * @param responseElement The element to add to the response. + * @throws MOAApplicationException An error occurred adding the element. + */ + private void addResponseElement(VerifyCMSSignatureResponseElement responseElement) + throws MOAApplicationException { + + SignerInfo signerInfo = responseElement.getSignerInfo(); + CheckResult signatureCheck = responseElement.getSignatureCheck(); + CheckResult certCheck = responseElement.getCertificateCheck(); + + ResponseBuilderUtils.addSignerInfo( + responseDoc, + responseElem, + signerInfo.getSignerCertificate(), + signerInfo.isQualifiedCertificate(), + signerInfo.getQCSource(), + signerInfo.isPublicAuthority(), + signerInfo.getPublicAuhtorityID(), + signerInfo.isSSCD(), + signerInfo.getSSCDSource(), + signerInfo.getIssuerCountryCode()); + + ResponseBuilderUtils.addCodeInfoElement( + responseDoc, + responseElem, + "SignatureCheck", + signatureCheck.getCode(), + signatureCheck.getInfo()); + + ResponseBuilderUtils.addCodeInfoElement( + responseDoc, + responseElem, + "CertificateCheck", + certCheck.getCode(), + certCheck.getInfo()); + + + if (responseElement.getAdESFormResults() != null) { + + Iterator formIterator = responseElement.getAdESFormResults().iterator(); + + while (formIterator.hasNext()) { + AdESFormResults adESFormResult = (AdESFormResults) formIterator.next(); + // add the CertificateCheck + ResponseBuilderUtils.addFormCheckElement(responseDoc, responseElem, "FormCheckResult", + adESFormResult.getCode().intValue(), adESFormResult.getName()); + + } + } + + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java index 7bd0b9e..f1bb1d7 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.api.xmlbind; import java.util.ArrayList; @@ -32,11 +31,6 @@ import java.util.Map; import org.w3c.dom.Element; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.util.BoolUtils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.Content; @@ -46,6 +40,10 @@ import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile; import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo; import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moaspss.util.BoolUtils; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * @author Patrick Peck @@ -53,32 +51,28 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; */ public class VerifyXMLSignatureRequestParser { - // - // XPath expressions for parsing parts of the request - // - private static final String MOA = Constants.MOA_PREFIX + ":"; - private static final String DATE_TIME_XPATH = MOA + "DateTime"; - private static final String RETURN_HASH_INPUT_DATA_XPATH = - MOA + "ReturnHashInputData"; - private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID"; - private static final String VERIFY_SIGNATURE_ENVIRONMENT_XPATH = - MOA + "VerifySignatureInfo/" + MOA + "VerifySignatureEnvironment"; - private static final String VERIFY_SIGNATURE_LOCATION_XPATH = - MOA + "VerifySignatureInfo/" + MOA + "VerifySignatureLocation"; - private static final String SUPPLEMENT_PROFILE_XPATH = - MOA + "SupplementProfile | " + MOA + "SupplementProfileID"; - private static final String SIGNATURE_MANIFEST_CHECK_PARAMS_XPATH = - MOA + "SignatureManifestCheckParams"; - private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH = - (MOA + "VerifyTransformsInfoProfile | ") - + (MOA + "VerifyTransformsInfoProfileID"); - private static final String REFERENCE_INFO_XPATH = MOA + "ReferenceInfo"; - - /** The <code>SPSSFactory</code> for creating new API objects. */ - private SPSSFactory factory = SPSSFactory.getInstance(); - - - /** + // + // XPath expressions for parsing parts of the request + // + private static final String MOA = Constants.MOA_PREFIX + ":"; + private static final String DATE_TIME_XPATH = MOA + "DateTime"; + private static final String EXTENDED_VALIDATION_XPATH = MOA + "ExtendedValidation"; + private static final String RETURN_HASH_INPUT_DATA_XPATH = MOA + "ReturnHashInputData"; + private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID"; + private static final String VERIFY_SIGNATURE_ENVIRONMENT_XPATH = MOA + "VerifySignatureInfo/" + MOA + + "VerifySignatureEnvironment"; + private static final String VERIFY_SIGNATURE_LOCATION_XPATH = MOA + "VerifySignatureInfo/" + MOA + + "VerifySignatureLocation"; + private static final String SUPPLEMENT_PROFILE_XPATH = MOA + "SupplementProfile | " + MOA + "SupplementProfileID"; + private static final String SIGNATURE_MANIFEST_CHECK_PARAMS_XPATH = MOA + "SignatureManifestCheckParams"; + private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH = (MOA + "VerifyTransformsInfoProfile | ") + + (MOA + "VerifyTransformsInfoProfileID"); + private static final String REFERENCE_INFO_XPATH = MOA + "ReferenceInfo"; + + /** The <code>SPSSFactory</code> for creating new API objects. */ + private SPSSFactory factory = SPSSFactory.getInstance(); + + /** * Parse a <code>VerifyXMLSignatureRequest</code> DOM element, as defined * by the MOA schema. * @@ -94,6 +88,10 @@ public class VerifyXMLSignatureRequestParser { Date dateTime = RequestParserUtils.parseDateTime(requestElem, DATE_TIME_XPATH); + + boolean extendedValidation = + RequestParserUtils.parseExtendedValidation(requestElem, EXTENDED_VALIDATION_XPATH, false); + VerifySignatureInfo verifySignatureInfo = parseVerifySignatureInfo(requestElem); List supplementProfiles = parseSupplementProfiles(requestElem); @@ -111,189 +109,178 @@ public class VerifyXMLSignatureRequestParser { supplementProfiles, signatureManifestCheckParams, returnHashInputData, - trustProfileID); - } - - /** - * Parse the <code>VerifySignatureInfo</code> DOM element contained in - * the <code>VerifyXMLSignatureRequest</code> DOM element. - * - * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element - * containing the <code>VerifySignatureInfo</code> DOM element. - * @return The <code>VerifySignatureInfo</code> API object containing the - * data from the DOM element. - */ - private VerifySignatureInfo parseVerifySignatureInfo(Element requestElem) { - Element verifySignatureEnvironmentElem = - (Element) XPathUtils.selectSingleNode( - requestElem, - VERIFY_SIGNATURE_ENVIRONMENT_XPATH); - Content verifySignatureEnvironment = - RequestParserUtils.parseContent(verifySignatureEnvironmentElem); - VerifySignatureLocation verifySignatureLocation = - parseVerifySignatureLocation(requestElem); - - return factory.createVerifySignatureInfo( - verifySignatureEnvironment, - verifySignatureLocation); - } - - /** - * Parse the <code>VerifySignatureLocation</code> DOM element contained - * in the given <code>VerifyXMLSignatureRequest</code> DOM element. - * - * @param requestElem The <code>VerifyXMLSignatureRequst</code> DOM element. - * @return The <code>VerifySignatureLocation</code> API object containing the - * data from the DOM element. - */ - private VerifySignatureLocation parseVerifySignatureLocation(Element requestElem) { - Element locationElem = - (Element) XPathUtils.selectSingleNode( - requestElem, - VERIFY_SIGNATURE_LOCATION_XPATH); - String xPathExpression = DOMUtils.getText(locationElem); - Map namespaceDeclarations = DOMUtils.getNamespaceDeclarations(locationElem); - - return factory.createVerifySignatureLocation( - xPathExpression, - namespaceDeclarations); - } - - /** - * Parse the supplement profiles contained in the given - * <code>VerifyXMLSignatureRequest</code> DOM element. - * - * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element. - * @return A <code>List</code> of <code>SupplementProfile</code> API objects - * containing the data from the <code>SupplementProfile</code> DOM elements. - */ - private List parseSupplementProfiles(Element requestElem) { - List supplementProfiles = new ArrayList(); - NodeIterator profileElems = - XPathUtils.selectNodeIterator(requestElem, SUPPLEMENT_PROFILE_XPATH); - Element profileElem; - - while ((profileElem = (Element) profileElems.nextNode()) != null) { - SupplementProfile profile; - - if ("SupplementProfile".equals(profileElem.getLocalName())) { - ProfileParser profileParser = new ProfileParser(); - profile = profileParser.parseSupplementProfile(profileElem); - } else { - String profileID = DOMUtils.getText(profileElem); - profile = factory.createSupplementProfile(profileID); - } - supplementProfiles.add(profile); - } - return supplementProfiles; - } - - /** - * Parse the <code>SignatureManifestCheckParams</code> DOM element contained - * in the given <code>VerifyXMLSignatureRequest</code> DOM element. - * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element. - * @return The <code>SignatureManifestCheckParams</code> API object containing - * the data from the <code>SignatureManifestCheckParams</code> DOM element. - * @throws MOAApplicationException An error occurred parsing the - * <code>SignatureManifestCheckParams</code> DOM element. - */ - private SignatureManifestCheckParams parseSignatureManifestCheckParams(Element requestElem) - throws MOAApplicationException { - Element paramsElem = - (Element) XPathUtils.selectSingleNode( - requestElem, - SIGNATURE_MANIFEST_CHECK_PARAMS_XPATH); - - if (paramsElem != null) { - String returnReferenceInputDataStr = - paramsElem.getAttribute("ReturnReferenceInputData"); - boolean returnReferencInputData = - BoolUtils.valueOf(returnReferenceInputDataStr); - List referenceInfos = parseReferenceInfos(paramsElem); - - return factory.createSignatureManifestCheckParams( - referenceInfos, - returnReferencInputData); - } else { - return null; - } + trustProfileID, + extendedValidation); } - /** - * Parse the <code>ReferenceInfo</code> DOM elements contained in a - * <code>SignatureManifestCheckParams</code> DOM element. - * - * @param paramsElem The <code>SignatureManifestCheckParams</code> DOM element - * containing the <code>ReferenceInfo</code> DOM elements. - * @return A <code>List</code> of <code>RefernceInfo</code> API objects - * containing the data from the <code>ReferenceInfo</code> DOM elements. - * @throws MOAApplicationException An error occurred parsing the - * <code>ReferenceInfo</code> DOM elements. - */ - private List parseReferenceInfos(Element paramsElem) - throws MOAApplicationException { - - List referenceInfos = new ArrayList(); - NodeIterator refInfoElems = - XPathUtils.selectNodeIterator(paramsElem, REFERENCE_INFO_XPATH); - Element refInfoElem; - - while ((refInfoElem = (Element) refInfoElems.nextNode()) != null) { - ReferenceInfo referenceInfo = parseReferenceInfo(refInfoElem); - - referenceInfos.add(referenceInfo); - } - - return referenceInfos; - } - - /** - * Parse a <code>ReferenceInfo</code> DOM element. - * - * @param refInfoElem The <code>ReferenceInfo</code> DOM element to parse. - * @return The <code>ReferenceInfo</code> API object containing the data - * from the given <code>ReferenceInfo</code> DOM element. - * @throws MOAApplicationException An error occurred parsing the - * <code>ReferenceInfo</code> DOM element. - */ - private ReferenceInfo parseReferenceInfo(Element refInfoElem) - throws MOAApplicationException { - List profiles = parseVerifyTransformsInfoProfiles(refInfoElem); - return factory.createReferenceInfo(profiles); - } - - /** - * Parse the <code>VerifyTransformsInfoProfile</code> DOM elements contained - * in a <code>ReferenceInfo</code> DOM element. - * - * @param refInfoElem <code>ReferenceInfo</code> DOM element containing - * the <code>VerifyTransformsInfoProfile</code> DOM elements. - * @return A <code>List</code> of <code>VerifyTransformsInfoProfile</code> - * API objects containing the profile data. - * @throws MOAApplicationException An error occurred building the - * <code>VerifyTransformsInfoProfile</code>s. - */ - private List parseVerifyTransformsInfoProfiles(Element refInfoElem) - throws MOAApplicationException { - - List profiles = new ArrayList(); - NodeIterator profileElems = - XPathUtils.selectNodeIterator( - refInfoElem, - VERIFY_TRANSFORMS_INFO_PROFILE_XPATH); - Element profileElem; - - while ((profileElem = (Element) profileElems.nextNode()) != null) { - if ("VerifyTransformsInfoProfile".equals(profileElem.getLocalName())) { - ProfileParser profileParser = new ProfileParser(); - profiles.add( - profileParser.parseVerifyTransformsInfoProfile(profileElem)); - } else { - String profileID = DOMUtils.getText(profileElem); - profiles.add(factory.createVerifyTransformsInfoProfile(profileID)); - } - } - return profiles; - } + /** + * Parse the <code>VerifySignatureInfo</code> DOM element contained in the + * <code>VerifyXMLSignatureRequest</code> DOM element. + * + * @param requestElem + * The <code>VerifyXMLSignatureRequest</code> DOM element + * containing the <code>VerifySignatureInfo</code> DOM element. + * @return The <code>VerifySignatureInfo</code> API object containing the + * data from the DOM element. + */ + private VerifySignatureInfo parseVerifySignatureInfo(Element requestElem) { + Element verifySignatureEnvironmentElem = (Element) XPathUtils.selectSingleNode(requestElem, + VERIFY_SIGNATURE_ENVIRONMENT_XPATH); + Content verifySignatureEnvironment = RequestParserUtils.parseContent(verifySignatureEnvironmentElem); + VerifySignatureLocation verifySignatureLocation = parseVerifySignatureLocation(requestElem); + + return factory.createVerifySignatureInfo(verifySignatureEnvironment, verifySignatureLocation); + } + + /** + * Parse the <code>VerifySignatureLocation</code> DOM element contained in + * the given <code>VerifyXMLSignatureRequest</code> DOM element. + * + * @param requestElem + * The <code>VerifyXMLSignatureRequst</code> DOM element. + * @return The <code>VerifySignatureLocation</code> API object containing + * the data from the DOM element. + */ + private VerifySignatureLocation parseVerifySignatureLocation(Element requestElem) { + Element locationElem = (Element) XPathUtils.selectSingleNode(requestElem, VERIFY_SIGNATURE_LOCATION_XPATH); + String xPathExpression = DOMUtils.getText(locationElem); + Map namespaceDeclarations = DOMUtils.getNamespaceDeclarations(locationElem); + + return factory.createVerifySignatureLocation(xPathExpression, namespaceDeclarations); + } + + /** + * Parse the supplement profiles contained in the given + * <code>VerifyXMLSignatureRequest</code> DOM element. + * + * @param requestElem + * The <code>VerifyXMLSignatureRequest</code> DOM element. + * @return A <code>List</code> of <code>SupplementProfile</code> API objects + * containing the data from the <code>SupplementProfile</code> DOM + * elements. + */ + private List parseSupplementProfiles(Element requestElem) { + List supplementProfiles = new ArrayList(); + NodeIterator profileElems = XPathUtils.selectNodeIterator(requestElem, SUPPLEMENT_PROFILE_XPATH); + Element profileElem; + + while ((profileElem = (Element) profileElems.nextNode()) != null) { + SupplementProfile profile; + + if ("SupplementProfile".equals(profileElem.getLocalName())) { + ProfileParser profileParser = new ProfileParser(); + profile = profileParser.parseSupplementProfile(profileElem); + } else { + String profileID = DOMUtils.getText(profileElem); + profile = factory.createSupplementProfile(profileID); + } + supplementProfiles.add(profile); + } + return supplementProfiles; + } + + /** + * Parse the <code>SignatureManifestCheckParams</code> DOM element contained + * in the given <code>VerifyXMLSignatureRequest</code> DOM element. + * + * @param requestElem + * The <code>VerifyXMLSignatureRequest</code> DOM element. + * @return The <code>SignatureManifestCheckParams</code> API object + * containing the data from the + * <code>SignatureManifestCheckParams</code> DOM element. + * @throws MOAApplicationException + * An error occurred parsing the + * <code>SignatureManifestCheckParams</code> DOM element. + */ + private SignatureManifestCheckParams parseSignatureManifestCheckParams(Element requestElem) + throws MOAApplicationException { + Element paramsElem = (Element) XPathUtils.selectSingleNode(requestElem, SIGNATURE_MANIFEST_CHECK_PARAMS_XPATH); + + if (paramsElem != null) { + String returnReferenceInputDataStr = paramsElem.getAttribute("ReturnReferenceInputData"); + boolean returnReferencInputData = BoolUtils.valueOf(returnReferenceInputDataStr); + List referenceInfos = parseReferenceInfos(paramsElem); + + return factory.createSignatureManifestCheckParams(referenceInfos, returnReferencInputData); + } else { + return null; + } + } + + /** + * Parse the <code>ReferenceInfo</code> DOM elements contained in a + * <code>SignatureManifestCheckParams</code> DOM element. + * + * @param paramsElem + * The <code>SignatureManifestCheckParams</code> DOM element + * containing the <code>ReferenceInfo</code> DOM elements. + * @return A <code>List</code> of <code>RefernceInfo</code> API objects + * containing the data from the <code>ReferenceInfo</code> DOM + * elements. + * @throws MOAApplicationException + * An error occurred parsing the <code>ReferenceInfo</code> DOM + * elements. + */ + private List parseReferenceInfos(Element paramsElem) throws MOAApplicationException { + + List referenceInfos = new ArrayList(); + NodeIterator refInfoElems = XPathUtils.selectNodeIterator(paramsElem, REFERENCE_INFO_XPATH); + Element refInfoElem; + + while ((refInfoElem = (Element) refInfoElems.nextNode()) != null) { + ReferenceInfo referenceInfo = parseReferenceInfo(refInfoElem); + + referenceInfos.add(referenceInfo); + } + + return referenceInfos; + } + + /** + * Parse a <code>ReferenceInfo</code> DOM element. + * + * @param refInfoElem + * The <code>ReferenceInfo</code> DOM element to parse. + * @return The <code>ReferenceInfo</code> API object containing the data + * from the given <code>ReferenceInfo</code> DOM element. + * @throws MOAApplicationException + * An error occurred parsing the <code>ReferenceInfo</code> DOM + * element. + */ + private ReferenceInfo parseReferenceInfo(Element refInfoElem) throws MOAApplicationException { + List profiles = parseVerifyTransformsInfoProfiles(refInfoElem); + return factory.createReferenceInfo(profiles); + } + + /** + * Parse the <code>VerifyTransformsInfoProfile</code> DOM elements contained + * in a <code>ReferenceInfo</code> DOM element. + * + * @param refInfoElem + * <code>ReferenceInfo</code> DOM element containing the + * <code>VerifyTransformsInfoProfile</code> DOM elements. + * @return A <code>List</code> of <code>VerifyTransformsInfoProfile</code> + * API objects containing the profile data. + * @throws MOAApplicationException + * An error occurred building the + * <code>VerifyTransformsInfoProfile</code>s. + */ + private List parseVerifyTransformsInfoProfiles(Element refInfoElem) throws MOAApplicationException { + + List profiles = new ArrayList(); + NodeIterator profileElems = XPathUtils.selectNodeIterator(refInfoElem, VERIFY_TRANSFORMS_INFO_PROFILE_XPATH); + Element profileElem; + + while ((profileElem = (Element) profileElems.nextNode()) != null) { + if ("VerifyTransformsInfoProfile".equals(profileElem.getLocalName())) { + ProfileParser profileParser = new ProfileParser(); + profiles.add(profileParser.parseVerifyTransformsInfoProfile(profileElem)); + } else { + String profileID = DOMUtils.getText(profileElem); + profiles.add(factory.createVerifyTransformsInfoProfile(profileID)); + } + } + return profiles; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index bc949fa..2109b35 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -32,9 +32,9 @@ import org.w3c.dom.DocumentFragment; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Base64Utils; +import at.gv.egovernment.moaspss.util.Constants; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.common.Content; @@ -137,23 +137,18 @@ public class VerifyXMLSignatureResponseBuilder { ResponseBuilderUtils.addCodeInfoElement(responseDoc, responseElem, "CertificateCheck", response.getCertificateCheck().getCode(), response.getCertificateCheck().getInfo()); - try { - if (ConfigurationProvider.getInstance().getAdesFormResults() && response.getAdESFormResults() != null) { + if (response.getAdESFormResults() != null) { - Iterator formIterator = response.getAdESFormResults().iterator(); + Iterator formIterator = response.getAdESFormResults().iterator(); - while (formIterator.hasNext()) { - AdESFormResults adESFormResult = (AdESFormResults) formIterator.next(); - // add the CertificateCheck - ResponseBuilderUtils.addFormCheckElement(responseDoc, responseElem, "FormCheckResult", - adESFormResult.getCode().intValue(), adESFormResult.getName()); + while (formIterator.hasNext()) { + AdESFormResults adESFormResult = (AdESFormResults) formIterator.next(); + // add the CertificateCheck + ResponseBuilderUtils.addFormCheckElement(responseDoc, responseElem, "FormCheckResult", + adESFormResult.getCode().intValue(), adESFormResult.getName()); - } } - } catch (ConfigurationException e) { - Logger.warn("Failed to access configuration to determine if we should return AdES Form Results"); } - return responseDoc; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java index a6272d5..c4a0fd1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java @@ -76,4 +76,12 @@ public interface VerifyXMLSignatureRequest { * @return The id of the trusted certificates. */ public String getTrustProfileId(); + + /** + * Should perform extended validation + * + * @return <code>true</code>, if signed data will be returned, + * otherwise <code>false</code>. + */ + public boolean getExtendedValidaiton(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java index bb2589a..b2389a4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java @@ -31,10 +31,9 @@ import java.util.HashMap; import java.util.Map; import java.util.StringTokenizer; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; - import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; /** * A class representing a CRL distribution point. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 6bc6f0b..3c7bf6a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -31,6 +31,7 @@ import iaik.pki.revocation.RevocationSourceTypes; import iaik.server.modules.xml.BlackListEntry; import iaik.server.modules.xml.ExternalReferenceChecker; import iaik.server.modules.xml.WhiteListEntry; +import iaik.util.logging.Log; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; import iaik.xml.crypto.utils.URI; @@ -62,16 +63,16 @@ import org.w3c.dom.Element; import org.w3c.dom.traversal.NodeIterator; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; import at.gv.egovernment.moa.spss.api.impl.TSLConfigurationImpl; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.FileUtils; +import at.gv.egovernment.moaspss.util.StringUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A class that builds configuration data from a DOM based representation. @@ -259,6 +260,16 @@ public class ConfigurationPartsBuilder { ROOT + CONF + "SignatureVerification/" + CONF + "PermitFileURIs"; + private static final String CONNECTION_TIMEOUT_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "ConnectionTimeout"; + + private static final String READ_TIMEOUT_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "ReadTimeout"; + private static final String TSL_CONFIGURATION_XPATH = ROOT + CONF + "SignatureVerification/" + CONF + "CertificateValidation/" @@ -408,6 +419,51 @@ public class ConfigurationPartsBuilder { return pdfasConfiguration; } + /** + * Returns the digest method algorithm name. + * + * @return The digest method algorithm name from the configuration. + */ + public int getConnectionTimeout() + { + String connectionTimeout = getElementValue(getConfigElem(), CONNECTION_TIMEOUT_XPATH_, "30"); + int defaultConnectionTimeout = 30; + + if(connectionTimeout != null) { + try { + defaultConnectionTimeout = Integer.parseInt(connectionTimeout); + } catch(NumberFormatException e) { + Log.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); + } + } + + if(defaultConnectionTimeout < 0) { + defaultConnectionTimeout = 30; + } + + return defaultConnectionTimeout; + } + + public int getReadTimeout() + { + String connectionTimeout = getElementValue(getConfigElem(), READ_TIMEOUT_XPATH_, "30"); + int defaultConnectionTimeout = 30; + + if(connectionTimeout != null) { + try { + defaultConnectionTimeout = Integer.parseInt(connectionTimeout); + } catch(NumberFormatException e) { + Log.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); + } + } + + if(defaultConnectionTimeout < 0) { + defaultConnectionTimeout = 30; + } + + return defaultConnectionTimeout; + } + public boolean getAdesFormResult() { String enableArchiving = getElementValue(getConfigElem(), FORMRESULT_CONFIGURATION_XPATH, null); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 578f2fd..d777d8f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -46,11 +46,11 @@ import java.util.Set; import org.w3c.dom.Element; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.DOMUtils; /** * A class providing access to the MOA configuration data. @@ -107,6 +107,9 @@ public class ConfigurationProvider /** PDF AS Configuration */ private String pdfAsConfiguration; + private int connectionTimeout; + private int readTimeout; + /** * A <code>List</code> of <code>HardwareCryptoModule</code> objects for * configuring hardware modules. @@ -376,6 +379,8 @@ public class ConfigurationProvider keyGroupMappings = builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); + connectionTimeout = builder.getConnectionTimeout(); + readTimeout = builder.getReadTimeout(); pdfAsConfiguration = builder.getPDFASConfiguration(); adesFormResults = builder.getAdesFormResult(); xadesVersion = builder.getXAdESVersion(); @@ -553,8 +558,16 @@ public class ConfigurationProvider } public String getPDFASConfiguration() { - return pdfAsConfiguration; - } + return pdfAsConfiguration; + } + + public int getConnectionTimeout() { + return this.connectionTimeout; + } + + public int getReadTimeout() { + return this.readTimeout; + } public boolean getAdesFormResults() { return this.adesFormResults; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java index 49e5ecc..2dc047a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -35,10 +35,10 @@ import iaik.server.modules.keys.UnknownKeyException; import java.util.List; import java.util.Set; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moaspss.logging.Logger; /** * An object providing auxiliary information for creating a CMS signature. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java index 9189597..785c85b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.spss.server.iaik.cmsverify; -import iaik.server.modules.cmsverify.PDFSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; public class PDFSignatureVerificationProfileImpl extends CMSSignatureVerificationProfileImpl implements PDFSignatureVerificationProfile { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java index 304a7d3..d752a63 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java @@ -33,11 +33,12 @@ import iaik.pki.ldap.Handler; import java.io.InputStream; import java.net.MalformedURLException; import java.net.URL; +import java.net.URLConnection; import java.net.URLStreamHandler; import java.util.Collection; import java.util.Date; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moaspss.logging.Logger; /** * A customized implementation of @@ -51,6 +52,11 @@ import at.gv.egovernment.moa.logging.Logger; * @version $$ */ public class CRLRetriever implements RevocationInfoRetriever { + + private int connectTimeout = 5; + private int readTimeout = 5; + + public void update(RevocationSource source, Collection supplementalRequestData, TransactionId tid) throws RevocationStoreException { if (source == null) { @@ -70,8 +76,10 @@ public class CRLRetriever implements RevocationInfoRetriever { URLStreamHandler handler = new Handler(); crlUrl = new URL(null, source.getUri(), handler); } - - InputStream crlInputStream = crlUrl.openStream(); + URLConnection con = crlUrl.openConnection(); + con.setConnectTimeout(connectTimeout); + con.setReadTimeout(readTimeout); + InputStream crlInputStream = con.getInputStream(); source.readFrom(crlInputStream, tid); source.setDownloadTime(new Date()); crlInputStream.close(); @@ -83,11 +91,11 @@ public class CRLRetriever implements RevocationInfoRetriever { @Override public void setConnectTimeout(int arg0) { - // TODO AFITZEK IMPLEMENT THIS METHOD + this.connectTimeout = arg0; } @Override public void setReadTimeout(int arg0) { - // TODO AFITZEK IMPLEMENT THIS METHOD + this.readTimeout = arg0; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index ef9ddeb..c49004b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -43,8 +43,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.config.KeyGroup; @@ -53,6 +51,8 @@ import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.util.CertStoreConverter; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.spss.util.SecProviderUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; /** * A class responsible for configuring the IAIK MOA modules. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java index 3fb842f..317fcca 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java @@ -26,11 +26,10 @@ package at.gv.egovernment.moa.spss.server.iaik.config; import java.util.Properties; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.logging.LogConfigurationException; import iaik.logging.LoggerConfig; -import at.gv.egovernment.moa.logging.LoggingContextManager; - /** * Default implementation of the <code>LoggerConfig</code> interface. * diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java index fe0de1f..6341609 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java @@ -47,6 +47,8 @@ public class PKIConfigurationImpl implements PKIConfiguration { private ArchiveConfiguration archiveConfiguration; /** The certificate validation configuration. */ private ValidationConfiguration validationConfiguration; + private int connectionTimeout; + private int readTimeout; /** * Create a new <code>PKIConfigurationImpl</code>. @@ -68,6 +70,8 @@ public class PKIConfigurationImpl implements PKIConfiguration { } this.validationConfiguration = new ValidationConfigurationImpl(config); + this.connectionTimeout = config.getConnectionTimeout(); + this.readTimeout = config.getReadTimeout(); } /** @@ -100,14 +104,12 @@ public class PKIConfigurationImpl implements PKIConfiguration { @Override public int getConnectTimeout() { - // TODO AFITZEK IMPLEMENT THIS METHOD - return 0; + return this.connectionTimeout; } @Override public int getReadTimeout() { - // TODO AFITZEK IMPLEMENT THIS METHOD - return 0; + return this.readTimeout; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java index a09a701..5df84c9 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java @@ -27,6 +27,7 @@ import iaik.pki.revocation.RevocationConfiguration; import iaik.pki.revocation.dbcrl.config.DBCrlConfig; import java.security.cert.X509Certificate; +import java.util.Collections; import java.util.Date; import java.util.Map; import java.util.Set; @@ -100,7 +101,7 @@ public class RevocationConfigurationImpl extends AbstractObservableConfiguration @Override public Set getPositiveOCSPResponders() { // TODO AFITZEK IMPLEMENT THIS METHOD - return null; + return Collections.EMPTY_SET; } @Override diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java index 937f32f..1aed76e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java @@ -30,12 +30,10 @@ import java.io.InputStream; import iaik.server.modules.keys.ConfigurationException; import iaik.server.modules.keys.SoftwareKeyModuleConfiguration; - -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; - import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule; import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; /** * An implementation of the <code>SoftwareKeyModuleConfiguration</code> wrapping diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java index 1c5d26a..9e6ed6d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java @@ -39,12 +39,16 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.util.NodeListToNodeSetDataAdapter; -import at.gv.egovernment.moa.util.NodeListAdapter; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.XPathException; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.util.NodeListAdapter; +import at.gv.egovernment.moaspss.util.StreamUtils; +import at.gv.egovernment.moaspss.util.XPathException; +import at.gv.egovernment.moaspss.util.XPathUtils; +import iaik.server.modules.xml.MOAXSecProvider; import iaik.server.modules.xml.XSLTTransformation; import iaik.xml.crypto.dsig.XMLSignatureFactory; +import iaik.xml.filter.impl.dsig.CanonInputStream; +import iaik.xml.filter.impl.dsig.Canonicalizer; +import iaik.xml.filter.impl.dsig.Traverser; /** * A <code>Transformation</code> containing an XSLT transformation. @@ -195,12 +199,18 @@ public class XSLTTransformationImpl extends TransformationImpl implements XSLTTr */ private static InputStream canonicalize(Element element) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, TransformException { - CanonicalizationMethod canonicalizationMethod = XMLSignatureFactory.getInstance().newCanonicalizationMethod( - CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec()); + // CanonicalizationMethod canonicalizationMethod = + // MOAXSecProvider.getXMLSignatureFactory().newCanonicalizationMethod( + // CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec()); //CanonicalizationAlgorithm c14n = // new CanonicalizationAlgorithmImplExclusiveCanonicalXML(); - NodeList nodeList; + Traverser traverser = new Traverser(element, true, true); + Canonicalizer canonicalizer = new Canonicalizer(traverser, false, true, null); + + return new CanonInputStream(canonicalizer); + /* + NodeList nodeList; try { nodeList = XPathUtils.selectNodeList(element, XPathUtils.ALL_NODES_XPATH); @@ -211,7 +221,7 @@ public class XSLTTransformationImpl extends TransformationImpl implements XSLTTr ByteArrayOutputStream baos = new ByteArrayOutputStream(); canonicalizationMethod.transform(new NodeListToNodeSetDataAdapter(nodeList), null, baos); baos.close(); - return new ByteArrayInputStream(baos.toByteArray()); + return new ByteArrayInputStream(baos.toByteArray());*/ } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index 7d0c5a0..9d6e3d2 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -37,11 +37,11 @@ import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; import java.util.List; import java.util.Set; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.util.IdGenerator; +import at.gv.egovernment.moaspss.logging.Logger; /** * An object providing auxiliary information for creating an XML signature. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 37569c5..094e446 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -36,25 +36,28 @@ import java.util.Timer; import org.slf4j.LoggerFactory; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.spss.server.service.RevocationArchiveCleaner; +import at.gv.egovernment.moa.spss.tsl.connector.MOATSLVerifier; import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector; import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; import iaik.pki.store.certstore.CertStoreException; import iaik.pki.store.truststore.TrustStoreException; import iaik.server.ConfigurationData; +import iaik.xml.crypto.tsl.SecuredSAXParserFactoryImpl; import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; import iaik.xml.crypto.tsl.ex.TSLSearchException; +import iaik.xml.crypto.tsl.verify.ITSLVerifierFactory; /** * MOA SP/SS web service initialization. @@ -93,8 +96,8 @@ public class SystemInitializer { logger.info("##############################################################################"); logger.info("##############################################################################"); logger.info("### ###"); - logger.info("### LOADING MOA-SIG ###"); - logger.info("### =============== ###"); + logger.info("### LOADING MOA-SPSS ###"); + logger.info("### ================ ###"); logger.info("### ###"); logger.info("##############################################################################"); logger.info("##############################################################################"); @@ -153,7 +156,11 @@ public class SystemInitializer { TSLConnector tslconnector = new TSLConnector(); if (tslconfig != null) { //Logger.info(new LogMsg(msg.getMessage("init.01", null))); + SecuredSAXParserFactoryImpl.newInstance(); Logger.info(new LogMsg(msg.getMessage("config.41", null))); + + ITSLVerifierFactory.setITSLVerifier(new MOATSLVerifier()); + tslconnector.initialize(tslconfig.getEuTSLUrl(), tslconfig.getWorkingDirectory(), null, null); } @@ -188,6 +195,11 @@ public class SystemInitializer { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); } catch (CertificateException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } catch (Throwable e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + throw e; + } finally { + logger.info("Configuration initialized"); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index df04434..8e9380e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -52,8 +52,6 @@ import java.util.Set; import org.apache.commons.io.IOUtils; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -75,7 +73,9 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.FilteredOutputStream; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; /** * A class providing an API based interface to the diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 905254e..906abbe 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import iaik.server.modules.AdESFormVerificationResult; @@ -34,6 +33,11 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; +import iaik.util.logging.Log; +import iaik.server.modules.pdfverify.ExtendedPDFSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationModule; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -50,10 +54,8 @@ import java.util.List; import org.apache.commons.codec.binary.Hex; import org.apache.commons.io.HexDump; import org.apache.commons.io.IOUtils; +import org.slf4j.LoggerFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; @@ -70,14 +72,17 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.QCSSCDResult; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; /** * A class providing an interface to the * <code>CMSSignatureVerificationModule</code>. * - * This class performs the invocation of the + * This class performs the invocation of the * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code> - * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation + * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation * is integrated into a <code>VerifyCMSSignatureResponse</code> returned. * * @author Patrick Peck @@ -85,338 +90,414 @@ import at.gv.egovernment.moa.spss.util.QCSSCDResult; */ public class CMSSignatureVerificationInvoker { - /** The single instance of this class. */ - private static CMSSignatureVerificationInvoker instance = null; - - /** - * Return the only instance of this class. - * - * @return The only instance of this class. - */ - public static synchronized CMSSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new CMSSignatureVerificationInvoker(); - } - return instance; - } - - /** - * Create a new <code>CMSSignatureVerificationInvoker</code>. - * - * Protected to disallow multiple instances. - */ - protected CMSSignatureVerificationInvoker() { - } - - /** - * Verify a CMS signature. - * - * @param request The <code>VerifyCMSSignatureRequest</code> containing the - * CMS signature, as well as additional data needed for verification. - * @return Element A <code>VerifyCMSSignatureResponse</code> containing the - * answer to the <code>VerifyCMSSignatureRequest</code>. - * @throws MOAException An error occurred while processing the request. - */ - public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) - throws MOAException { - - CMSSignatureVerificationProfileFactory profileFactory = - new CMSSignatureVerificationProfileFactory(request); - VerifyCMSSignatureResponseBuilder responseBuilder = - new VerifyCMSSignatureResponseBuilder(); - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = - LoggingContextManager.getInstance().getLoggingContext(); - InputStream signature; - InputStream signedContent = null; - CMSSignatureVerificationProfile profile; - Date signingTime; - List results; - ExtendedCMSSignatureVerificationResult result; - int[] signatories; - InputStream input; - byte[] buf = new byte[2048]; - - // get the signature - signature = request.getCMSSignature(); - - // get the actual trustprofile - TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - - try { - // get the signed content - signedContent = getSignedContent(request); - - // build the profile - if(request.isPDF()) { - profile = profileFactory.createPDFProfile(); - } else { - profile = profileFactory.createProfile(); - } - - // get the signing time - signingTime = request.getDateTime(); - - // verify the signature - CMSSignatureVerificationModule module = - CMSSignatureVerificationModuleFactory.getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - - module.init( - signature, - signedContent, - profile, - new TransactionId(context.getTransactionID())); - input = module.getInputStream(); - - while (input.read(buf) > 0); - //results = module.verifyCAdESSignature(signingTime); - results = module.verifySignature(signingTime); - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IOException e) { - throw new MOAApplicationException("2244", null, e); - } catch (MOAException e) - { - throw e; - } - finally - { - try - { - if (signedContent != null) signedContent.close(); - } - catch (Throwable t) - { - // Intentionally do nothing here - } - } - - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - // build the response: for each signatory add the result to the response - signatories = request.getSignatories(); - if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { - Iterator resultIter; - - for (resultIter = results.iterator(); resultIter.hasNext();) { - Object resultObject = resultIter.next(); - CMSSignatureVerificationResult cmsResult = null; - List adesResults = null; - if(resultObject instanceof ExtendedCMSSignatureVerificationResult) { - result = (ExtendedCMSSignatureVerificationResult) resultObject; - - adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - } else { - cmsResult = (CMSSignatureVerificationResult)resultObject; - } - - - String issuerCountryCode = null; - // QC/SSCD check - - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while(it.hasNext()) { - chain[i] = (X509Certificate)it.next(); - i++; - } - - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); - - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } - } else { - int i; - - for (i = 0; i < signatories.length; i++) { - int sigIndex = signatories[i] - 1; - - try { - result = - (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1); - - String issuerCountryCode = null; - - CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult(); - - List adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - - // QC/SSCD check - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int j = 0; - while(it.hasNext()) { - chain[j] = (X509Certificate)it.next(); - j++; - } - - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } catch (IndexOutOfBoundsException e) { - throw new MOAApplicationException( - "2249", - new Object[] { new Integer(sigIndex)}); - } - } - } - - return responseBuilder.getResponse(); - } - - - /** - * Get the signed content contained either in the request itself or given as a - * reference to external data. - * - * @param request The <code>VerifyCMSSignatureRequest</code> containing the - * signed content (or the reference to the signed content). - * @return InputStream A stream providing the signed content data, or - * <code>null</code> if no signed content was provided with the request. - * @throws MOAApplicationException An error occurred building the stream. - */ - private InputStream getSignedContent(VerifyCMSSignatureRequest request) - throws MOAApplicationException { - - InputStream is = null; - CMSDataObject dataObj; - CMSContent content; - - // select the Content element - dataObj = request.getDataObject(); - if (dataObj == null) { - return null; - } - content = dataObj.getContent(); - - // build the content data - switch (content.getContentType()) { - case CMSContent.EXPLICIT_CONTENT : - is = ((CMSContentExcplicit) content).getBinaryContent(); - is = excludeByteRange(is, request); - return is; - case CMSContent.REFERENCE_CONTENT : - String reference = ((CMSContentReference) content).getReference(); - if (!"".equals(reference)) { - ExternalURIResolver resolver = new ExternalURIResolver(); - is = resolver.resolve(reference); - is = excludeByteRange(is, request); - return is; - } else { - return null; - } - default : - return null; - } - - - - } - - private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException { - - int byteRead; - - ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); - - CMSDataObject dataobject = request.getDataObject(); - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return contentIs; - - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - try { - while ((byteRead=contentIs.read()) >= 0) { - - if (inRange(counter, dataobject)) { - // if byte is in byte range, set byte to 0x00 - contentOs.write(0); - } - else - contentOs.write(byteRead); - - counter = counter.add(one); + /** The single instance of this class. */ + private static CMSSignatureVerificationInvoker instance = null; + + /** + * Return the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>CMSSignatureVerificationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureVerificationInvoker() { + } + + /** + * Verify a CMS signature. + * + * @param request + * The <code>VerifyCMSSignatureRequest</code> containing the CMS + * signature, as well as additional data needed for verification. + * @return Element A <code>VerifyCMSSignatureResponse</code> containing the + * answer to the <code>VerifyCMSSignatureRequest</code>. + * @throws MOAException + * An error occurred while processing the request. + */ + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) throws MOAException { + + CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(request); + VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + InputStream signature; + InputStream signedContent = null; + Date signingTime; + List results; + int[] signatories; + InputStream input; + byte[] buf = new byte[2048]; + + // get the signature + signature = request.getCMSSignature(); + + // get the actual trustprofile + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + + try { + // get the signing time + signingTime = request.getDateTime(); + + // build the profile + if (request.isPDF()) { + PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile(); + Logger.info("Sending PDFSignatureVerificationProfile to IAIK-MOA"); + + PDFSignatureVerificationModule module = iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory + .getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, profile, new TransactionId(context.getTransactionID())); + + // input = module.getInputStream(); + + // while (input.read(buf) > 0); + if(request.isExtended()) { + results = module.verifyPAdESSignature(signingTime); + } else { + results = module.verifySignature(signingTime); + } + + } else { + // get the signed content + signedContent = getSignedContent(request); + CMSSignatureVerificationProfile profile = profileFactory.createProfile(); + Logger.info("Sending CMSSignatureVerificationProfile to IAIK-MOA"); + + // verify the signature + CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID())); + input = module.getInputStream(); + + while (input.read(buf) > 0) + ; + + if(request.isExtended()) { + results = module.verifyCAdESSignature(signingTime); + } else { + results = module.verifySignature(signingTime); + } + // results = module.verifySignature(signingTime); + } + + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IOException e) { + throw new MOAApplicationException("2244", null, e); + } catch (MOAException e) { + throw e; + } finally { + try { + if (signedContent != null) + signedContent.close(); + } catch (Throwable t) { + // Intentionally do nothing here + } + } + + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + // build the response: for each signatory add the result to the response + signatories = request.getSignatories(); + if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { + Iterator resultIter; + + for (resultIter = results.iterator(); resultIter.hasNext();) { + Object resultObject = resultIter.next(); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } + } else { + int i; + + for (i = 0; i < signatories.length; i++) { + int sigIndex = signatories[i] - 1; + + try { + Object resultObject = results.get(signatories[i] - 1); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } catch (IndexOutOfBoundsException e) { + throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); + } + } + } + + return responseBuilder.getResponse(); + } + + private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + } else { + cmsResult = (CMSSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + } - - InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); - - return is; - - - } catch (IOException e) { - throw new MOAApplicationException("2301", null, e); + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); } - - } - - - private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return false; - - int compare = counter.compareTo(from); - if (compare == -1) - return false; - else { - compare = counter.compareTo(to); - if (compare == 1) - return false; - else - return true; - } - - - - } - - - private List getAdESResult(AdESFormVerificationResult adesFormVerification) { + + private void handleCMSEXTResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + cmsResult = result.getCMSSignatureVerificationResult(); + } else { + cmsResult = (CMSSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + } + + private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + PDFSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { + ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + cmsResult = result.getPDFSignatureVerificationResult(); + } else { + cmsResult = (PDFSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + } + + /** + * Get the signed content contained either in the request itself or given as + * a reference to external data. + * + * @param request + * The <code>VerifyCMSSignatureRequest</code> containing the + * signed content (or the reference to the signed content). + * @return InputStream A stream providing the signed content data, or + * <code>null</code> if no signed content was provided with the + * request. + * @throws MOAApplicationException + * An error occurred building the stream. + */ + private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException { + + InputStream is = null; + CMSDataObject dataObj; + CMSContent content; + + // select the Content element + dataObj = request.getDataObject(); + if (dataObj == null) { + return null; + } + content = dataObj.getContent(); + + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT: + is = ((CMSContentExcplicit) content).getBinaryContent(); + is = excludeByteRange(is, request); + return is; + case CMSContent.REFERENCE_CONTENT: + String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + ExternalURIResolver resolver = new ExternalURIResolver(); + is = resolver.resolve(reference); + is = excludeByteRange(is, request); + return is; + } else { + return null; + } + default: + return null; + } + + } + + private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) + throws MOAApplicationException { + + int byteRead; + + ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); + + CMSDataObject dataobject = request.getDataObject(); + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ((from == null) || (to == null)) + return contentIs; + + BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); + + try { + while ((byteRead = contentIs.read()) >= 0) { + + if (inRange(counter, dataobject)) { + // if byte is in byte range, set byte to 0x00 + contentOs.write(0); + } else + contentOs.write(byteRead); + + counter = counter.add(one); + } + + InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); + + return is; + + } catch (IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ((from == null) || (to == null)) + return false; + + int compare = counter.compareTo(from); + if (compare == -1) + return false; + else { + compare = counter.compareTo(to); + if (compare == 1) + return false; + else + return true; + } + + } + + private List getAdESResult(AdESFormVerificationResult adesFormVerification) { if (adesFormVerification == null) { // no form information return null; @@ -451,5 +532,5 @@ public class CMSSignatureVerificationInvoker { } } } - + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java index 74b2a89..bd5db6d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; /** * A factory to create a <code>CMSSignatureVerificationProfile</code> from a @@ -65,7 +66,7 @@ public class CMSSignatureVerificationProfileFactory { * <code>request</code>, based on the current configuration. * @throws MOAException An error occurred creating the profile. */ - public CMSSignatureVerificationProfile createPDFProfile() + public PDFSignatureVerificationProfile createPDFProfile() throws MOAException { TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java index d775fdb..1eca7d2 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -49,8 +49,6 @@ import org.w3c.dom.NodeList; import org.xml.sax.EntityResolver; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.common.Content; @@ -70,13 +68,15 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.EntityResolverChain; -import at.gv.egovernment.moa.util.MOAErrorHandler; -import at.gv.egovernment.moa.util.StreamEntityResolver; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.EntityResolverChain; +import at.gv.egovernment.moaspss.util.MOAErrorHandler; +import at.gv.egovernment.moaspss.util.StreamEntityResolver; +import at.gv.egovernment.moaspss.util.StreamUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; import iaik.server.modules.xml.DataObject; import iaik.server.modules.xml.NodeListImplementation; import iaik.server.modules.xml.URIReferenceImpl; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java index 0bca8ae..0128e6a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java @@ -28,11 +28,10 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.util.XPathException; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.common.ElementSelector; +import at.gv.egovernment.moaspss.util.XPathException; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * Utility methods for invoking the IAIK MOA modules. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java index 8f3c075..330ffdd 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java @@ -24,13 +24,12 @@ package at.gv.egovernment.moa.spss.server.invoke; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; /** * A utility class for setting up and tearing down thread-local context diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index f32093a..3e18c2a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -25,7 +25,8 @@ package at.gv.egovernment.moa.spss.server.invoke; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; -import iaik.server.modules.cmsverify.CertificateValidationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; +import iaik.server.cmspdfverify.CertificateValidationResult; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -123,6 +124,61 @@ public class VerifyCMSSignatureResponseBuilder { responseElements.add(responseElement); } - + /** + * Add a verification result to the response. + * + * @param result The result to add. + * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, + * otherwise <code>false</code>. + * @throws MOAException + */ + public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults) + throws MOAException { + + CertificateValidationResult certResult = + result.getCertificateValidationResult(); + int signatureCheckCode = + result.getSignatureValueVerificationCode().intValue(); + int certificateCheckCode = certResult.getValidationResultCode().intValue(); + + VerifyCMSSignatureResponseElement responseElement; + SignerInfo signerInfo; + CheckResult signatureCheck; + CheckResult certificateCheck; + + boolean qualifiedCertificate = checkQC; + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode); + + // add SignatureCheck element + signatureCheck = factory.createCheckResult(signatureCheckCode, null); + + // add CertificateCheck element + certificateCheck = factory.createCheckResult(certificateCheckCode, null); + + // build the response element + responseElement = + factory.createVerifyCMSSignatureResponseElement( + signerInfo, + signatureCheck, + certificateCheck, + adesResults); + responseElements.add(responseElement); + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 7bcf723..a6e8971 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -50,9 +50,9 @@ import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.CollectionUtils; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.NodeListAdapter; +import at.gv.egovernment.moaspss.util.CollectionUtils; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.NodeListAdapter; import iaik.server.modules.xml.BinaryDataObject; import iaik.server.modules.xml.DataObject; import iaik.server.modules.xml.XMLDataObject; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java index 7debb7b..ecdd811 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java @@ -46,9 +46,6 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -69,8 +66,11 @@ import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.util.IdGenerator; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A class providing an API based interface to the diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java index 6a85415..cb77ad1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java @@ -44,8 +44,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; @@ -67,7 +65,9 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.util.IdGenerator; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; /** * A factory to create <code>XMLSignatureCreationProfile</code>s from a diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index c09740c..a8c3ea0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -40,10 +40,6 @@ import java.util.Set; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -71,8 +67,12 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.spss.util.QCSSCDResult; -import at.gv.egovernment.moa.util.CollectionUtils; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.CollectionUtils; +import at.gv.egovernment.moaspss.util.Constants; import iaik.server.modules.AdESFormVerificationResult; import iaik.server.modules.AdESVerificationResult; import iaik.server.modules.IAIKException; @@ -162,7 +162,8 @@ public class XMLSignatureVerificationInvoker { LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request); VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder(); - ExtendedXMLSignatureVerificationResult result; + ExtendedXMLSignatureVerificationResult result = null; + XMLSignatureVerificationResult plainResult; XMLSignatureVerificationProfile profile; ReferencesCheckResult signatureManifestCheck; DataObjectFactory dataObjFactory; @@ -215,8 +216,14 @@ public class XMLSignatureVerificationInvoker { module.setLog(new IaikLog(loggingCtx.getNodeID())); - result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, + if(request.getExtendedValidaiton()) { + result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, new TransactionId(context.getTransactionID())); + plainResult = result.getXMLSignatureVerificationResult(); + } else { + plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime, + new TransactionId(context.getTransactionID())); + } } catch (IAIKException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; @@ -225,19 +232,20 @@ public class XMLSignatureVerificationInvoker { throw moaException; } - List adesResults = getAdESResult(result.getFormVerificationResult()); + if(result != null) { + List adesResults = getAdESResult(result.getFormVerificationResult()); - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } } - } - - responseBuilder.setAdESFormResults(adesResults); + responseBuilder.setAdESFormResults(adesResults); + } // QC/SSCD check - List list = result.getXMLSignatureVerificationResult().getCertificateValidationResult().getCertificateChain(); + List list = plainResult.getCertificateValidationResult().getCertificateChain(); if (list != null) { X509Certificate[] chain = new X509Certificate[list.size()]; @@ -261,17 +269,17 @@ public class XMLSignatureVerificationInvoker { } // check the result - signatureManifestCheck = validateSignatureManifest(request, result.getXMLSignatureVerificationResult(), + signatureManifestCheck = validateSignatureManifest(request, plainResult, profile); // Check if signer certificate is in trust profile's allowed signer // certificates pool TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - CheckResult certificateCheck = validateSignerCertificate(result.getXMLSignatureVerificationResult(), + CheckResult certificateCheck = validateSignerCertificate(plainResult, trustProfile); // build the response - responseBuilder.setResult(result.getXMLSignatureVerificationResult(), profile, signatureManifestCheck, + responseBuilder.setResult(plainResult, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode); return responseBuilder.getResponse(); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java index 64810a8..cca9117 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.spss.server.logging; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.logging.Log; import iaik.logging.LogConfigurationException; import iaik.logging.LogFactory; -import at.gv.egovernment.moa.logging.LoggingContextManager; - /** * An implementation of the <code>iaik.logging.LogFactory</code> abstract * class to log messages to the MOA logging subsystem. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java index f6d84c7..d3a930c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java @@ -30,11 +30,11 @@ import iaik.pki.store.revocation.archive.ArchiveFactory; import java.util.Date; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; /** * A <code>Runnable</code> for periodically cleaning up the revocation archive. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java index 3425dac..4e0d9f6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java @@ -41,9 +41,9 @@ import java.util.Map.Entry; import org.w3c.dom.Element; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moaspss.logging.Logger; /** * Contains information about the current request. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java index defaedd..53e023f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.spss.tsl.config; -import iaik.util.logging._l; +import iaik.util.logging.GeneralLog; import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; import java.net.MalformedURLException; @@ -37,7 +37,7 @@ public class Configurator { try { _euTSLURL = new URL(euTSLURL); } catch (MalformedURLException e) { - _l.err("Bad TSL URL: " + euTSLURL, e); + GeneralLog.err("Bad TSL URL: " + euTSLURL, e); throw new TSLEngineDiedException(e); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java new file mode 100644 index 0000000..39b2f8c --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java @@ -0,0 +1,265 @@ +package at.gv.egovernment.moa.spss.tsl.connector; + +import java.io.IOException; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.security.cert.X509Certificate; +import java.util.Iterator; +import java.util.ListIterator; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBIntrospector; +import javax.xml.crypto.Data; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.NodeSetData; +import javax.xml.crypto.URIReferenceException; +import javax.xml.crypto.dom.DOMCryptoContext; +import javax.xml.crypto.dsig.Reference; +import javax.xml.crypto.dsig.SignedInfo; +import javax.xml.crypto.dsig.Transform; +import javax.xml.crypto.dsig.XMLSignature; +import javax.xml.crypto.dsig.XMLSignatureException; +import javax.xml.crypto.dsig.XMLSignatureFactory; +import javax.xml.crypto.dsig.dom.DOMValidateContext; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import iaik.server.modules.xml.MOAXSecProvider; +import iaik.xml.crypto.tsl.TSLConstants; +import iaik.xml.crypto.tsl.TSLContext; +import iaik.xml.crypto.tsl.TSLEngine; +import iaik.xml.crypto.tsl.ex.SeverityAspect.Severity; +import iaik.xml.crypto.tsl.ex.TSLSecurityException; +import iaik.xml.crypto.tsl.ex.TSLVerificationException; +import iaik.xml.crypto.tsl.gen.TrustStatusListType; +import iaik.xml.crypto.tsl.verify.ITSLVerifier; +import iaik.xml.crypto.utils.URIDereferencerImpl; + +public class MOATSLVerifier implements ITSLVerifier { + + private static final Logger logger = LoggerFactory.getLogger(MOATSLVerifier.class); + + private static iaik.xml.crypto.xmldsig.gen.ObjectFactory dsOf = new iaik.xml.crypto.xmldsig.gen.ObjectFactory(); + + private static JAXBIntrospector JI = TSLEngine.jc.createJAXBIntrospector(); + + public Boolean verifyTSL(Document tslDoc, TSLContext tslContext, + ListIterator<X509Certificate> euTslCertsHash) { + + boolean coreValidity = false; + + try { + // Signature s = new Signature(); + // TrustServiceStatusList tssl = new TrustServiceStatusList(); + JAXBElement<iaik.xml.crypto.xmldsig.gen.SignatureType> s = dsOf.createSignature(new iaik.xml.crypto.xmldsig.gen.SignatureType()); +// _l.debug(""+JI.getElementName(s)); + JAXBElement<TrustStatusListType> tssl = TSLConstants.TSL_OF.createTrustServiceStatusList(new TrustStatusListType()); +// _l.debug(""+JI.getElementName(tssl)); + + Element tsslE = tslDoc.getDocumentElement(); + + if (tsslE == null) { + tslContext.throwException(new TSLVerificationException("Empty XML File", Severity.xml_failed)); + // } else if (!tsslE.getNamespaceURI().equals(tssl.getName().getNamespaceURI())) { + } else if (!tsslE.getNamespaceURI().equals(JI.getElementName(tssl).getNamespaceURI())) { + tslContext.throwException(new TSLVerificationException("Incorrect Namespace", Severity.xml_failed)); + // } else if (!tsslE.getLocalName().equals(tssl.getName().getLocalPart())) { + } else if (!tsslE.getLocalName().equals(JI.getElementName(tssl).getLocalPart())) { + tslContext.throwException(new TSLVerificationException("Wrong Document Element in document "+tslDoc.getDocumentURI(), Severity.xml_failed)); + } + + //now we can be sure the right document element is in place, Schema validation does not assure this for us + //Schema validation however assures that the internal Structure of TrustServicesStatus List is correct + + // B.6 1) It MUST be an enveloped signature. + + Node n = tsslE.getLastChild(); + + while ( n != null && ! (n instanceof Element) ) { + n = n.getPreviousSibling(); + } + + Element sig = (Element) n; + + if (sig == null || + // ! sig.getNamespaceURI().equals(s.getName().getNamespaceURI()) || + // ! sig.getLocalName().equals(s.getName().getLocalPart())) { + ! sig.getNamespaceURI().equals(JI.getElementName(s).getNamespaceURI()) || + ! sig.getLocalName().equals(JI.getElementName(s).getLocalPart())) { + + tslContext.throwException( + new TSLVerificationException( + TSLSecurityException.Type.NO_TSL_SIGNATURE) + ); + + } else { + + NodeList cn = tsslE.getChildNodes(); + + for (int j = 0; j < cn.getLength(); j++) { + cn.item(j); + } + + //TODO assure connection with the PKI Module + DOMValidateContext valContext = new DOMValidateContext( + new MOATslKeySelector(euTslCertsHash, tslContext), + sig); + + if (valContext.getURIDereferencer() == null) { + valContext.setURIDereferencer(new URIDereferencerImpl()); + } + + // valContext.setProperty("iaik.xml.crypto.debug.OutputStream", System.out); + valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); + + XMLSignatureFactory fac = MOAXSecProvider.getXMLSignatureFactory(); + + // unmarshal the XMLSignature + XMLSignature signature = fac.unmarshalXMLSignature(valContext); + + // Validate the XMLSignature (generated above) + coreValidity = signature.validate(valContext); + // Check core validation status + if (coreValidity == false) { + debug(valContext, "Signature failed core validation"); + boolean sv = signature.getSignatureValue().validate(valContext); + debug(valContext, "signature validation status: " + sv); + // check the validation status of each Reference + Iterator it = signature.getSignedInfo().getReferences().iterator(); + for (int j = 0; it.hasNext(); j++) { + boolean refValid = ((Reference) it.next()).validate(valContext); + debug(valContext, "ref[" + j + "] validity status: " + refValid); + } + + tslContext.throwException(new TSLVerificationException("Signature failed core validation", Severity.signature_failed)); + } + + SignedInfo si = signature.getSignedInfo(); + Iterator it = si.getReferences().iterator(); + + + // 2) Its ds:SignedInfo element MUST contain a ds:Reference element with the + // URI attribute set to a value referencing the TrustServiceStatusList + // element enveloping the signature itself. This ds:Reference element MUST + // satisfy the following requirements: + // a) It MUST contain only one ds:Transforms element. + // b) This ds:Transforms element MUST contain two ds:Transform elements. The + // first one will be one whose Algorithm attribute indicates the enveloped + // transformation with the value: + // "http://www.w3.org/2000/09/xmldsig#enveloped-signature". The second one + // will be one whose Algorithm attribute instructs to perform the exclusive + // canonicalization "http://www.w3.org/2001/10/xml-exc-c14n#" + + boolean found_proper_tsslE_reference = false; + + for (int j = 0; it.hasNext(); j++) { + Reference ref = ((Reference) it.next()); + Data d = valContext.getURIDereferencer().dereference(ref, valContext); + + if(!(d instanceof NodeSetData)) { + continue; + } else { + NodeSetData nsd = (NodeSetData) d; + + + if (nsd.iterator().next() == tsslE) { + + //Assured by XMLSchema + //throw new TSLException("B.6 2 a) It MUST contain only one ds:Transforms element."); + + if(ref.getTransforms().size() != 2) { + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) + ); + } else { + + Transform[] transforms = (Transform[]) ref.getTransforms().toArray(new Transform[2]); + + //TODO assign severity, code some heuristic showing the problems + if (! transforms[0].getAlgorithm().equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature")) { + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) + ); + + } + + //TODO assign severity, code some heuristic showing the problems + if (! transforms[1].getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")) { + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) + ); + } + } + + found_proper_tsslE_reference = true; + }//if (nsd.iterator().next() == tsslE) + + } + } + + if(!found_proper_tsslE_reference) { + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) + ); + } + + // 3) ds:CanonicalizationMethod MUST be + // "http://www.w3.org/2001/10/xml-exc-c14n#". + if (! si.getCanonicalizationMethod().getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")){ + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_CANONICALIZATION_METHOD) + ); + } + + // 4) It MAY have other ds:Reference elements. + + } + } catch (URIReferenceException e) { + tslContext.throwException(new TSLVerificationException(e)); + } catch (MarshalException e) { + tslContext.throwException(new TSLVerificationException(e)); + } catch (XMLSignatureException e) { + logger.error("Failed to verify XML Signature for TSL!", e); + return (Boolean) tslContext.throwException( + new TSLSecurityException(TSLSecurityException.Type.ERRORS_IN_TSL_SIGNATURE), + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + null, + new Object[] {tslDoc, tslContext, euTslCertsHash} + ); + } + return coreValidity; + } + + public static void debug(DOMCryptoContext context, String message) { + + Object propDebug = context.getProperty("iaik.xml.crypto.debug.OutputStream"); + + if ( propDebug == null) { + return; + } + + if (! (propDebug instanceof OutputStream)) { + System.err.println("Failed to write to debug output stream. " + + "DOMCryptoContext's Property (\"iaik.xml.crypto.debug.OutputStream\") " + + "has to be of type OutputStream." + ); + } else { + + OutputStream os = (OutputStream) propDebug; + try { + (new OutputStreamWriter(os)).write(message); + } catch (IOException e) { + System.err.println("Failed to write to debug output stream. " + e.getMessage()); + //TODO we cannot close the output stream here ... + } + } + + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java new file mode 100644 index 0000000..efdd877 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java @@ -0,0 +1,123 @@ +package at.gv.egovernment.moa.spss.tsl.connector; + +import java.security.cert.X509Certificate; +import java.util.List; +import java.util.ListIterator; + +import javax.xml.crypto.AlgorithmMethod; +import javax.xml.crypto.KeySelectorException; +import javax.xml.crypto.KeySelectorResult; +import javax.xml.crypto.XMLCryptoContext; +import javax.xml.crypto.dsig.keyinfo.KeyInfo; +import javax.xml.crypto.dsig.keyinfo.X509Data; + +import iaik.server.modules.xmlverify.MOAKeySelector; +import iaik.xml.crypto.tsl.TSLContext; +import iaik.xml.crypto.tsl.ex.TSLSecurityException; +import iaik.xml.crypto.tsl.ex.TSLVerificationException; +import iaik.xml.crypto.tsl.verify.TslKeyInfoHints; +import iaik.xml.crypto.utils.X509KeySelectorResult; + +public class MOATslKeySelector extends MOAKeySelector { + + private final ListIterator<X509Certificate> tslSignerCerts_; + private TSLContext tslContextI_; + + public MOATslKeySelector(ListIterator<X509Certificate> euTslCertsHash, TSLContext tslContext) { + if(euTslCertsHash == null){ + tslContext.throwException( + new TSLVerificationException( + TSLSecurityException.Type.MISSING_INFO_ON_TSL_SIGNER) + ); + } + tslSignerCerts_ = euTslCertsHash; + tslContextI_ = tslContext; + tslContext.toString(); + } + + @Override + protected KeyInfoHints newKeyInfoHints(KeyInfo keyInfo, + XMLCryptoContext context) + throws KeySelectorException { + + return new TslKeyInfoHints(keyInfo, context, tslContextI_, tslSignerCerts_); + + } + + @Override + protected KeySelectorResult select(KeyInfoHints hints, + KeySelectorResult[] results) { + + if (results.length > 1){ + + return (KeySelectorResult) tslContextI_.throwException( + new TSLSecurityException(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER), + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[] {hints, results} + ); + + } else { + KeySelectorResult result = results[0]; + if (result instanceof X509KeySelectorResult) { + result = new MOAX509KeySelectorResult((X509KeySelectorResult)result); + } else { + result = new MOAKeySelectorResult(result.getKey()); + } + return result; + } + } + + @Override + public KeySelectorResult select(X509Data x509Data, + Purpose purpose, + AlgorithmMethod method, + XMLCryptoContext context) throws KeySelectorException { + + X509KeySelectorResult ksr; + try { + ksr = (X509KeySelectorResult) super.select(x509Data, purpose, method, context); + } catch (ClassCastException e) { + ksr = (X509KeySelectorResult) tslContextI_.throwException( + e, + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[]{x509Data, purpose, method, context}); + } + + if (ksr == null){ + //there has been a Problem with the X509Data + ksr = (X509KeySelectorResult) tslContextI_.throwException( + new KeySelectorException(failReason_.replace(". ", ".\n")), + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[]{x509Data, purpose, method, context}); + } + + List l = ksr.getCertificates(); + tslContextI_.securityCheck( + TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER, + (X509Certificate[]) l.toArray(new X509Certificate[l.size()]), + tslSignerCerts_ + ); + + return ksr; + } + + @Override + protected KeySelectorResult select(X509Certificate cert, Purpose purpose, + AlgorithmMethod method, XMLCryptoContext context) + throws KeySelectorException { + + tslContextI_.securityCheck( + TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER, + cert, + tslSignerCerts_ + ); + + return super.select(cert, purpose, method, context); + } +} \ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index 82df37b..fee6ebe 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -29,8 +29,8 @@ import at.gv.egovernment.moa.spss.tsl.utils.TSLEUImportFromFileContext; import at.gv.egovernment.moa.spss.tsl.utils.TSLEvaluationContext; import at.gv.egovernment.moa.spss.tsl.utils.TSLImportFromFileContext; import iaik.asn1.ObjectID; -import iaik.util._15; -import iaik.util.logging._l; +import iaik.util.GeneralUtils15; +import iaik.util.logging.GeneralLog; import iaik.utils.RFC2253NameParser; import iaik.xml.crypto.EccProviderAdapter; import iaik.xml.crypto.XSecProvider; @@ -314,7 +314,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug(Thread.currentThread() + " waiting for other threads ..."); topLevelTslContext.waitForAllOtherThreads(); - log.debug(_15.dumpAllThreads()); + log.debug(GeneralUtils15.dumpAllThreads()); log.debug(Thread.currentThread() + " reactivated after other threads finished ..."); connection = null; @@ -395,7 +395,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug("### SURNAME registered as " + ObjectID.surName + " ###"); RFC2253NameParser.register("SURNAME", ObjectID.surName); - XSecProvider.addAsProvider(false); + //XSecProvider.addAsProvider(false); TSLEngine tslEngine; TslSqlConnectionWrapper connection = null; @@ -557,7 +557,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug(Thread.currentThread() + " waiting for other threads ..."); topLevelTslContext.waitForAllOtherThreads(); - log.debug(_15.dumpAllThreads()); + log.debug(GeneralUtils15.dumpAllThreads()); log.debug(Thread.currentThread() + " reactivated after other threads finished ..."); connection = null; @@ -635,7 +635,7 @@ public class TSLConnector implements TSLConnectorInterface { } catch (TSLEngineFatalException e) { e.printStackTrace(); - _l.err("could not export Certs", e); + GeneralLog.err("could not export Certs", e); throw new TSLEngineDiedException(e); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index e06abe4..5139469 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -21,8 +21,6 @@ import java.util.Iterator; import java.util.Map; import java.util.TimerTask; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; @@ -33,7 +31,9 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStorePro import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.StringUtils; public class TSLUpdaterTimerTask extends TimerTask { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java index 453ee2b..e0fff56 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import java.io.File; +import java.io.FileFilter; import java.io.IOException; import java.lang.reflect.Method; import java.net.URL; @@ -11,7 +12,7 @@ import java.util.List; import org.sqlite.SQLiteErrorCode; import iaik.util.logging.Log; -import iaik.util.logging._l; +import iaik.util.logging.GeneralLog; import iaik.util.logging.Log.MultiThreadLoggingGroup; import iaik.xml.crypto.tsl.DbTables; import iaik.xml.crypto.tsl.TSLImportFromFileContext; @@ -76,7 +77,7 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { parameters[0] instanceof URL ){ - _l.err("Ignoring download error using old: " + parameters[0],null); + GeneralLog.err("Ignoring download error using old: " + parameters[0],null); wrapException(e); return parameters[1]; } @@ -87,7 +88,7 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { TSLExceptionB ve = (TSLExceptionB) e; Severity s = ve.getSeverity(); if ( s != null && s.ordinal() < Severity.insecure.ordinal()){ - _l.err("Ignored Exception: ",ve); + GeneralLog.err("Ignored Exception: ",ve); // if(logExceptions_){ warnings_.add( new ThrowableAndLocatorAndMitigation( @@ -136,5 +137,10 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { public void print(Object msg) { Log.print(msg); } + + @Override + public FileFilter getCertificateFileFilter() { + return null; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java index a656f11..f0723a1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java @@ -2,7 +2,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import iaik.util.logging.Log.MultiThreadLoggingGroup; import iaik.util.logging.Log; -import iaik.util.logging._l; +import iaik.util.logging.GeneralLog; import iaik.xml.crypto.tsl.BaseClass; import iaik.xml.crypto.tsl.SIEExtensionChecker; import iaik.xml.crypto.tsl.constants.Countries; @@ -42,7 +42,7 @@ public final class TSLEvaluationContext extends iaik.xml.crypto.tsl.TSLEvaluatio CriteriaListType criteriaList = (CriteriaListType) parameters[1]; - _l.warn(criteriaList.getDescription()); + GeneralLog.warn(criteriaList.getDescription()); String description = criteriaList.getDescription(); if (description diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java index 5d69f69..eda2b34 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import java.io.BufferedOutputStream; import java.io.File; +import java.io.FileFilter; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.OutputStream; @@ -36,10 +37,10 @@ import org.xml.sax.SAXParseException; import at.gv.egovernment.moa.spss.tsl.exception.MitigatedTSLSecurityException; import iaik.util.logging.Log.MultiThreadLoggingGroup; -import iaik.util.logging._l; +import iaik.util.logging.GeneralLog; import iaik.utils.RFC2253NameParserException; import iaik.utils.Util; -import iaik.util._15; +import iaik.util.GeneralUtils15; import iaik.xml.crypto.dsig.keyinfo.X509DataImpl; import iaik.xml.crypto.tsl.DbTables; import iaik.xml.crypto.tsl.TSLConstants; @@ -243,7 +244,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if (parameters[0] instanceof DOMError) { DOMError domError = (DOMError) parameters[0]; - _l.warn(""+domError.getRelatedData()); + GeneralLog.warn(""+domError.getRelatedData()); // domError.getRelatedData().getClass().getField("") @@ -277,9 +278,9 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String[] rdns = subDN.substring(1, subDN.length()).split("/"); - rdns = (String[]) _15.reverseInPlace(rdns); + rdns = (String[]) GeneralUtils15.reverseInPlace(rdns); - subDN = "/"+_15.implode("/", rdns); + subDN = "/"+GeneralUtils15.implode("/", rdns); //for now we only support properly quoted values or such without quotes @@ -375,7 +376,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF } } - _l.err("Ignoring download error using old: " + parameters[0], null); + GeneralLog.err("Ignoring download error using old: " + parameters[0], null); wrapException(e); return parameters[1]; } @@ -448,7 +449,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF X509Certificate crt = (X509Certificate)parameters[1]; File f = new File("./wrong/"+expectedTerritory_+"/", - iaik.util._15.toHexString(getFingerPrint(crt, + iaik.util.GeneralUtils15.toHexString(getFingerPrint(crt, new byte[TSLConstants.CertHash.LENGTH]))+".der"); File parent = f.getParentFile(); if(!parent.exists() && !parent.mkdirs()){ @@ -571,7 +572,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF li.next(); String sn = (String) li.next(); - _l.err(sn, null); + GeneralLog.err(sn, null); System.exit(1); @@ -796,7 +797,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String msg = e.getMessage(); - _l.info(msg); + GeneralLog.info(msg); return( msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") && msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique") @@ -804,7 +805,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF } @Override - protected Long getLocalLastModified(File targetFile) { + protected File getLocalLastModified(File targetFile) { return super.getLocalLastModified(targetFile); } @Override @@ -830,7 +831,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF synchronized (log) { parentContext_.print("<" + ncName + " state=\"" + currentThread.getState() + "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</" - + ncName + ">" + _15.LB); + + ncName + ">" + GeneralUtils15.LB); parentContext_.flushLog(); log.setLength(0); } @@ -846,5 +847,9 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF log.append(msg); } } + @Override + public FileFilter getCertificateFileFilter() { + return null; + } } \ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index 544ea91..358524d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -17,9 +17,9 @@ import iaik.xml.crypto.tsl.ex.TSLSearchException; import java.security.Principal; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; public class CertificateUtils { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java index 219bb7c..859e7e9 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java @@ -5,11 +5,11 @@ import java.net.UnknownHostException; import java.util.Iterator; import java.util.List; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; public class ExternalURIVerifier { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java index b5f72c4..ee6fe0a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java @@ -31,10 +31,10 @@ import org.xml.sax.EntityResolver; import org.xml.sax.InputSource; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java index 6c8a833..47b8d36 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java @@ -26,7 +26,7 @@ package at.gv.egovernment.moa.spss.util; import java.util.Locale; -import at.gv.egovernment.moa.util.Messages; +import at.gv.egovernment.moaspss.util.Messages; /** * Singleton wrapper around a <code>Messages</code> object. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ResetableInputStreamWrapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ResetableInputStreamWrapper.java new file mode 100644 index 0000000..243cd5d --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ResetableInputStreamWrapper.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.spss.util; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; + +public class ResetableInputStreamWrapper extends InputStream { + + private ByteArrayInputStream bais; + + public ResetableInputStreamWrapper(ByteArrayInputStream bais) { + this.bais = bais; + } + + @Override + public int read() throws IOException { + return this.bais.read(); + } + + @Override + public int read(byte[] b) throws IOException { + return this.bais.read(b); + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + return this.bais.read(b, off, len); + } + + @Override + public long skip(long n) throws IOException { + return this.bais.skip(n); + } + + @Override + public int available() throws IOException { + return this.bais.available(); + } + + @Override + public void close() throws IOException { + this.bais.close(); + } + + @Override + public synchronized void mark(int readlimit) { + this.bais.mark(readlimit); + } + + @Override + public synchronized void reset() throws IOException { + this.bais.reset(); + } + + @Override + public boolean markSupported() { + return this.bais.markSupported(); + } +} -- cgit v1.2.3