From acf1b849ab835bc6797adfb91f8ab4fa88f0aff5 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 15 Jun 2016 08:41:10 +0200 Subject: extended validation result --- .../gv/egovernment/moa/spss/OutputConstants.java | 15 ++ .../gv/egovernment/moa/spss/api/SPSSFactory.java | 7 +- .../VerifyCMSSignatureResponseElement.java | 3 + .../api/common/ExtendedCertificateCheckResult.java | 33 +++++ .../impl/ExtendedCertificateCheckResultImpl.java | 44 ++++++ .../moa/spss/api/impl/SPSSFactoryImpl.java | 8 +- .../VerifyCMSSignatureResponseElementImpl.java | 12 ++ .../api/impl/VerifyXMLSignatureResponseImpl.java | 12 ++ .../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 36 +++++ .../xmlbind/VerifyCMSSignatureResponseBuilder.java | 4 + .../xmlbind/VerifyPDFSignatureResponseBuilder.java | 4 + .../xmlbind/VerifyXMLSignatureResponseBuilder.java | 5 + .../api/xmlverify/VerifyXMLSignatureResponse.java | 3 +- .../server/iaik/xml/XSLTTransformationImpl.java | 27 +++- .../invoke/CMSSignatureVerificationInvoker.java | 47 ++++-- .../invoke/VerifyCMSSignatureResponseBuilder.java | 13 +- .../invoke/VerifyXMLSignatureResponseBuilder.java | 10 +- .../invoke/XMLSignatureVerificationInvoker.java | 29 +++- .../egovernment/moa/spss/util/AdESResultUtils.java | 159 ++++++++++++++++++--- 19 files changed, 419 insertions(+), 52 deletions(-) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/OutputConstants.java create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExtendedCertificateCheckResult.java create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExtendedCertificateCheckResultImpl.java (limited to 'moaSig/moa-sig-lib/src/main/java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/OutputConstants.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/OutputConstants.java new file mode 100644 index 0000000..83519d2 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/OutputConstants.java @@ -0,0 +1,15 @@ +package at.gv.egovernment.moa.spss; + +import java.lang.reflect.Field; + +import iaik.server.modules.ResultCode; + +public class OutputConstants { + public static void main(String[] argv) throws IllegalArgumentException, IllegalAccessException { + Field[] fields = ResultCode.class.getFields(); + for(int i = 0; i < fields.length; i++) { + Field f = fields[i]; + System.out.println(f.getName() + " : " + f.get(null)); + } + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index c6a750e..2d19871 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -45,6 +45,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.common.Transform; @@ -576,7 +577,8 @@ public abstract class SPSSFactory { SignerInfo signerInfo, CheckResult signatureCheck, CheckResult certificateCheck, - List adesResult); + List adesResult, + ExtendedCertificateCheckResult extendedCertificateCheckResult); // // Factory methods for verifying XML signatures @@ -866,7 +868,8 @@ public abstract class SPSSFactory { ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, CheckResult certificateCheck, - List adesFormResults); + List adesFormResults, + ExtendedCertificateCheckResult extCheckResult); /** * Create a new ReferencesCheckResult object. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java index 8579a2f..6b08471 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java @@ -27,6 +27,7 @@ package at.gv.egovernment.moa.spss.api.cmsverify; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -64,4 +65,6 @@ public interface VerifyCMSSignatureResponseElement { * @return The result of the AdES Form validation */ public List getAdESFormResults(); + + public ExtendedCertificateCheckResult getExtendedCertificateCheck(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExtendedCertificateCheckResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExtendedCertificateCheckResult.java new file mode 100644 index 0000000..494b216 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExtendedCertificateCheckResult.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.spss.api.common; + +import org.w3c.dom.NodeList; + +public interface ExtendedCertificateCheckResult { + /** + * Gets the result code. + * + * @return The result code. + */ + public int getMajorCode(); + + /** + * Gets descriptive information. + * + * @return Descriptive information. + */ + public String getMajorInfo(); + + /** + * Gets the result code. + * + * @return The result code. + */ + public int getMinorCode(); + + /** + * Gets descriptive information. + * + * @return Descriptive information. + */ + public String getMinorInfo(); +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExtendedCertificateCheckResultImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExtendedCertificateCheckResultImpl.java new file mode 100644 index 0000000..f36760c --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExtendedCertificateCheckResultImpl.java @@ -0,0 +1,44 @@ +package at.gv.egovernment.moa.spss.api.impl; + +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; + +public class ExtendedCertificateCheckResultImpl implements ExtendedCertificateCheckResult { + private int majorCode; + private String majorInfo; + + private int minorCode; + private String minorInfo; + + public ExtendedCertificateCheckResultImpl(int majorCode, String majorInfo) { + this(majorCode, majorInfo, -1, ""); + } + + public ExtendedCertificateCheckResultImpl(int majorCode, String majorInfo, + int minorCode, String minorInfo) { + this.majorCode = majorCode; + this.majorInfo = majorInfo; + this.minorCode = minorCode; + this.minorInfo = minorInfo; + } + + @Override + public int getMajorCode() { + return this.majorCode; + } + + @Override + public String getMajorInfo() { + return this.majorInfo; + } + + @Override + public int getMinorCode() { + return this.minorCode; + } + + @Override + public String getMinorInfo() { + return this.minorInfo; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index 9719c29..4781b8d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -45,6 +45,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.common.Transform; @@ -279,12 +280,14 @@ public class SPSSFactoryImpl extends SPSSFactory { } public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(SignerInfo signerInfo, - CheckResult signatureCheck, CheckResult certificateCheck, List adesResult) { + CheckResult signatureCheck, CheckResult certificateCheck, List adesResult, + ExtendedCertificateCheckResult extendedCertificateCheckResult) { VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); verifyCMSSignatureResponseElement.setAdESFormResults(adesResult); + verifyCMSSignatureResponseElement.setExtendedCertificateCheck(extendedCertificateCheckResult); return verifyCMSSignatureResponseElement; } @@ -375,7 +378,7 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyXMLSignatureResponse createVerifyXMLSignatureResponse(SignerInfo signerInfo, List hashInputDatas, List referenceInputDatas, ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, CheckResult certificateCheck, - List adesFormResults) { + List adesFormResults, ExtendedCertificateCheckResult extCheckResult) { VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = new VerifyXMLSignatureResponseImpl(); verifyXMLSignatureResponse.setSignerInfo(signerInfo); verifyXMLSignatureResponse.setHashInputDatas(hashInputDatas); @@ -385,6 +388,7 @@ public class SPSSFactoryImpl extends SPSSFactory { verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks); verifyXMLSignatureResponse.setCertificateCheck(certificateCheck); verifyXMLSignatureResponse.setAdESFormResults(adesFormResults); + verifyXMLSignatureResponse.setExtendedCertificateCheck(extCheckResult); return verifyXMLSignatureResponse; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java index 3d6b72a..9b7881c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java @@ -28,6 +28,7 @@ import java.util.List; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -46,6 +47,8 @@ public class VerifyCMSSignatureResponseElementImpl /** Information about the certificate check. */ private CheckResult certificateCheck; + private ExtendedCertificateCheckResult extendedResult; + private List adesResults = null; /** @@ -94,5 +97,14 @@ public class VerifyCMSSignatureResponseElementImpl public List getAdESFormResults() { return adesResults; } + + public void setExtendedCertificateCheck(ExtendedCertificateCheckResult r) { + this.extendedResult = r; + } + + @Override + public ExtendedCertificateCheckResult getExtendedCertificateCheck() { + return extendedResult; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java index bfee774..60ac3be 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java @@ -28,6 +28,7 @@ import java.util.Collections; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; @@ -40,6 +41,8 @@ public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureRespons /** Information about the signer certificate. */ private SignerInfo signerInfo; + + private ExtendedCertificateCheckResult extendedResult; /** * The hash input data objects. The list consists of @@ -177,4 +180,13 @@ public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureRespons return this.adesFormResults; } + public void setExtendedCertificateCheck(ExtendedCertificateCheckResult r) { + this.extendedResult = r; + } + + @Override + public ExtendedCertificateCheckResult getExtendedCertificateCheck() { + return extendedResult; + } + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index a6ed83d..193ea33 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -41,6 +41,7 @@ import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moaspss.util.Base64Utils; import at.gv.egovernment.moaspss.util.Constants; @@ -284,6 +285,41 @@ public class ResponseBuilderUtils { root.appendChild(codeInfoElem); } + public static void addExtendendResult(Document response, + Element root, + ExtendedCertificateCheckResult result) { + Element extElem = response.createElementNS(MOA_NS_URI, "ExtendedCertificateCheck"); + + Element extMajorElem = response.createElementNS(MOA_NS_URI, "Major"); + + Element codeMajorCodeElem = response.createElementNS(MOA_NS_URI, "Code"); + Element codeMajorNameElem = response.createElementNS(MOA_NS_URI, "Name"); + codeMajorCodeElem.appendChild(response.createTextNode(Integer.toString( + result.getMajorCode()))); + codeMajorNameElem.appendChild(response.createTextNode(result.getMajorInfo())); + + extMajorElem.appendChild(codeMajorCodeElem); + extMajorElem.appendChild(codeMajorNameElem); + + extElem.appendChild(extMajorElem); + + if(result.getMinorCode() >= 0) { + Element extMinorElem = response.createElementNS(MOA_NS_URI, "Minor"); + Element codeMinorCodeElem = response.createElementNS(MOA_NS_URI, "Code"); + Element codeMinorNameElem = response.createElementNS(MOA_NS_URI, "Name"); + codeMinorCodeElem.appendChild(response.createTextNode(Integer.toString( + result.getMinorCode()))); + codeMinorNameElem.appendChild(response.createTextNode(result.getMinorInfo())); + + extMinorElem.appendChild(codeMinorCodeElem); + extMinorElem.appendChild(codeMinorNameElem); + + extElem.appendChild(extMinorElem); + } + + root.appendChild(extElem); + } + /** * Add an element containing Code and Info * subelements. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index cefecac..6c4667b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -140,6 +140,10 @@ public class VerifyCMSSignatureResponseBuilder { } } + if(responseElement.getExtendedCertificateCheck() != null) { + ResponseBuilderUtils.addExtendendResult(responseDoc, responseElem, responseElement.getExtendedCertificateCheck()); + } + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java index cc44c29..1826ffc 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java @@ -140,6 +140,10 @@ public class VerifyPDFSignatureResponseBuilder { } } + if(responseElement.getExtendedCertificateCheck() != null) { + ResponseBuilderUtils.addExtendendResult(responseDoc, responseElem, responseElement.getExtendedCertificateCheck()); + } + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index 2109b35..5329861 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -149,6 +149,11 @@ public class VerifyXMLSignatureResponseBuilder { } } + + if(response.getExtendedCertificateCheck() != null) { + ResponseBuilderUtils.addExtendendResult(responseDoc, responseElem, response.getExtendedCertificateCheck()); + } + return responseDoc; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java index 63c496a..0ed12bf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java @@ -27,6 +27,7 @@ package at.gv.egovernment.moa.spss.api.xmlverify; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -90,5 +91,5 @@ public interface VerifyXMLSignatureResponse { */ public List getAdESFormResults(); - + public ExtendedCertificateCheckResult getExtendedCertificateCheck(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java index 9e6ed6d..9dc45fc 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java @@ -205,10 +205,31 @@ public class XSLTTransformationImpl extends TransformationImpl implements XSLTTr //CanonicalizationAlgorithm c14n = // new CanonicalizationAlgorithmImplExclusiveCanonicalXML(); - Traverser traverser = new Traverser(element, true, true); - Canonicalizer canonicalizer = new Canonicalizer(traverser, false, true, null); + //Traverser traverser = new Traverser(element, true, true); + //Canonicalizer canonicalizer = new Canonicalizer(traverser, false, true, null); - return new CanonInputStream(canonicalizer); + //return new CanonInputStream(canonicalizer); + + CanonicalizationMethod canonicalizationMethod = + MOAXSecProvider.getXMLSignatureFactory().newCanonicalizationMethod( + CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec()); + + //CanonicalizationAlgorithm c14n = + // new CanonicalizationAlgorithmImplExclusiveCanonicalXML(); + NodeList nodeList; + + try { + nodeList = XPathUtils.selectNodeList(element, + XPathUtils.ALL_NODES_XPATH); + } catch (XPathException e) { + nodeList = new NodeListAdapter(Collections.EMPTY_LIST); + } + //c14n.setInput(nodeList); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + canonicalizationMethod.transform(new + NodeListToNodeSetDataAdapter(nodeList), null, baos); + baos.close(); + return new ByteArrayInputStream(baos.toByteArray()); /* NodeList nodeList; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index f5d2826..ba0474c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; @@ -258,15 +259,13 @@ public class CMSSignatureVerificationInvoker { CMSSignatureVerificationResult cmsResult = null; List adesResults = null; + ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { Logger.info("Got ExtendedCMSSignatureVerificationResult"); ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; cmsResult = result.getCMSSignatureVerificationResult(); - try { - adesResults = getAdESResult(result); - } catch (ConfigurationException e) { - Logger.warn("Failed to provide extended validation results: " + e.getMessage()); - } + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + if (adesResults != null) { Iterator adesIterator = adesResults.iterator(); @@ -274,6 +273,17 @@ public class CMSSignatureVerificationInvoker { Logger.info("ADES Formresults: " + adesIterator.next().toString()); } } + try { + //Logger.info("Extended Validation Report: " + result.getName()); + Logger.info("Extended Validation Code: " + result.getResultCode().toString()); + Logger.info("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + } catch (ConfigurationException e) { + Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); + } catch (NullPointerException e) { + Logger.info("No extendend validation result available."); + } } else { Logger.info("Got CMSSignatureVerificationResult"); cmsResult = (CMSSignatureVerificationResult) resultObject; @@ -302,7 +312,7 @@ public class CMSSignatureVerificationInvoker { } responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult); } private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, @@ -316,17 +326,14 @@ public class CMSSignatureVerificationInvoker { PDFSignatureVerificationResult cmsResult = null; List adesResults = null; + + ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { Logger.info("Got ExtendedPDFSignatureVerificationResult"); ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; cmsResult = result.getPDFSignatureVerificationResult(); - try { - adesResults = getAdESResult(result); - } catch (ConfigurationException e) { - Logger.warn("Failed to provide extended validation results", e); - //throw new MOARuntimeException("config.52", null); - } - + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + if (adesResults != null) { Iterator adesIterator = adesResults.iterator(); while (adesIterator.hasNext()) { @@ -334,6 +341,17 @@ public class CMSSignatureVerificationInvoker { } } cmsResult = result.getPDFSignatureVerificationResult(); + try { + //Logger.info("Extended Validation Report: " + result.getName()); + Logger.info("Extended Validation Code: " + result.getResultCode().toString()); + Logger.info("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + } catch (ConfigurationException e) { + Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); + } catch (NullPointerException e) { + Logger.info("No extendend validation result available."); + } } else { Logger.info("Got PDFSignatureVerificationResult"); cmsResult = (PDFSignatureVerificationResult) resultObject; @@ -361,7 +379,8 @@ public class CMSSignatureVerificationInvoker { } responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, + extCheckResult); } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 3e18c2a..7b4a350 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.server.config.TrustProfile; @@ -80,7 +81,8 @@ public class VerifyCMSSignatureResponseBuilder { * otherwise false. * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults) + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, + ExtendedCertificateCheckResult extendedCertificateCheckResult) throws MOAException { CertificateValidationResult certResult = @@ -120,7 +122,8 @@ public class VerifyCMSSignatureResponseBuilder { signerInfo, signatureCheck, certificateCheck, - adesResults); + adesResults, + extendedCertificateCheckResult); responseElements.add(responseElement); } @@ -137,7 +140,8 @@ public class VerifyCMSSignatureResponseBuilder { * otherwise false. * @throws MOAException */ - public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults) + public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, + ExtendedCertificateCheckResult extendedCertificateCheckResult) throws MOAException { CertificateValidationResult certResult = @@ -177,7 +181,8 @@ public class VerifyCMSSignatureResponseBuilder { signerInfo, signatureCheck, certificateCheck, - adesResults); + adesResults, + extendedCertificateCheckResult); responseElements.add(responseElement); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index a6e8971..7bd7c27 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -42,6 +42,7 @@ import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl; @@ -101,7 +102,7 @@ public class VerifyXMLSignatureResponseBuilder { /** The result of the certificate check. */ private CheckResult certificateCheck; private List adesFormResults = null; - + private ExtendedCertificateCheckResult extCheckResult = null; /** * Get the VerifyMLSignatureResponse built so far. * @@ -116,7 +117,12 @@ public class VerifyXMLSignatureResponseBuilder { signatureManifestCheck, xmlDsigManifestChecks, certificateCheck, - adesFormResults); + adesFormResults, + extCheckResult); + } + + public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extCheckResult) { + this.extCheckResult = extCheckResult; } public void setAdESFormResults(List adesForm) { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 5d7b852..c3ebda4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -37,6 +37,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import javax.xml.ws.soap.AddressingFeature.Responses; + import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -45,6 +47,7 @@ import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; @@ -235,14 +238,11 @@ public class XMLSignatureVerificationInvoker { throw moaException; } + ExtendedCertificateCheckResult extCheckResult; if(result != null) { - List adesResults = null;//getAdESResult(result.getFormVerificationResult()); + List adesResults = null;// - try { - adesResults = getAdESResult(result); - } catch (ConfigurationException e) { - Logger.warn("Failed to provide extended validation results", e); - } + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); if (adesResults != null) { Iterator adesIterator = adesResults.iterator(); @@ -252,6 +252,19 @@ public class XMLSignatureVerificationInvoker { } responseBuilder.setAdESFormResults(adesResults); + + try { + //Logger.info("Extended Validation Report: " + result.getName()); + Logger.info("Extended Validation Code: " + result.getResultCode().toString()); + Logger.info("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + responseBuilder.setExtendedCertificateCheckResult(extCheckResult); + } catch (ConfigurationException e) { + Logger.warn("Cannot generate Extendend Result. Check SVA Configuration!", e); + } catch (NullPointerException e) { + Logger.info("No extendend validation result available."); + } } // QC/SSCD check List list = plainResult.getCertificateValidationResult().getCertificateChain(); @@ -313,11 +326,13 @@ public class XMLSignatureVerificationInvoker { * trustProfile cannot be read from the file * system. */ - private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile) + private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, + TrustProfile trustProfile) throws MOAException { MessageProvider msg = MessageProvider.getInstance(); int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue(); + if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) { X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult() .getCertificateChain().get(0); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java index 90722b8..4903391 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java @@ -1,15 +1,20 @@ package at.gv.egovernment.moa.spss.util; +import java.util.ArrayList; import java.util.Iterator; import java.util.List; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl; +import at.gv.egovernment.moa.spss.api.impl.ExtendedCertificateCheckResultImpl; import at.gv.egovernment.moaspss.logging.Logger; import iaik.esi.sva.validation.ValidationReport; import iaik.server.ConfigurationException; +import iaik.server.modules.AdESVerificationResult; import iaik.server.modules.ResultCode; import iaik.server.modules.ResultCodeInvalid; import iaik.server.modules.ResultCodeValid; +import iaik.server.modules.SignatureVerificationProfile; import iaik.server.modules.SignatureVerificationResult; public class AdESResultUtils { @@ -17,39 +22,159 @@ public class AdESResultUtils { public static Integer getResultCode(Integer adesCode) { return adesCode; } - - public static void buildResult(ValidationReport report, List adesList) { + + public static ExtendedCertificateCheckResult getExtendedResult(iaik.server.modules.ResultCode resultCode) { + ExtendedCertificateCheckResult check = null; + + int majorCode = -1; + String majorInfo = ""; + int minorCode = -1; + String minorInfo = ""; + + Logger.debug("Generating extendend validation result: " + resultCode.toString()); - if(report == null) { + if (resultCode instanceof ResultCodeValid) { + majorCode = SignatureVerificationResult.VALID; + majorInfo = "VALID"; + } else if (resultCode instanceof ResultCodeInvalid) { + majorCode = SignatureVerificationResult.INVALID; + majorInfo = "INVALID"; + } else { + majorCode = SignatureVerificationResult.INDETERMINATE; + majorInfo = "INDETERMINATE"; + } + + if (resultCode.getCode() != null) { + minorCode = resultCode.getCode(); + if (resultCode.getCode().equals(ResultCode.CODE_CHAIN_CONSTRAINTS_FAILURE)) { + minorInfo = "CHAIN_CONSTRAINTS_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_CRYPTO_CONSTRAINTS_FAILURE)) { + minorInfo = "CRYPTO_CONSTRAINTS_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_CRYPTO_CONSTRAINTS_FAILURE_NO_POE)) { + minorInfo = "CRYPTO_CONSTRAINTS_FAILURE_NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_EXPIRED)) { + minorInfo = "EXPIRED"; + } else if (resultCode.getCode().equals(ResultCode.CODE_FORMAT_FAILURE)) { + minorInfo = "FORMAT_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_GENERIC)) { + minorInfo = "GENERIC"; + } else if (resultCode.getCode().equals(ResultCode.CODE_HASH_FAILURE)) { + minorInfo = "HASH_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_NO_CERTIFICATE_CHAIN_FOUND)) { + minorInfo = "NO_CERTIFICATE_CHAIN_FOUND"; + } else if (resultCode.getCode().equals(ResultCode.CODE_NO_POE)) { + minorInfo = "NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_NO_POLICY)) { + minorInfo = "NO_POLICY"; + } else if (resultCode.getCode().equals(ResultCode.CODE_NOT_YET_VALID)) { + minorInfo = "NOT_YET_VALID"; + } else if (resultCode.getCode().equals(ResultCode.CODE_OUT_OF_BOUNDS_NO_POE)) { + minorInfo = "OUT_OF_BOUNDS_NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_POLICY_PROCESSING_ERROR)) { + minorInfo = "POLICY_PROCESSING_ERROR"; + } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED)) { + minorInfo = "REVOKED"; + } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED_CA_NO_POE)) { + minorInfo = "REVOKED_CA_NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED_NO_POE)) { + minorInfo = "REVOKED_NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_SIG_CONSTRAINTS_FAILURE)) { + minorInfo = "SIG_CONSTRAINTS_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_SIG_CRYPTO_FAILURE)) { + minorInfo = "SIG_CRYPTO_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_SIGNED_DATA_NOT_FOUND)) { + minorInfo = "SIGNED_DATA_NOT_FOUND"; + } else if (resultCode.getCode().equals(ResultCode.CODE_TIMESTAMP_ORDER_FAILURE)) { + minorInfo = "TIMESTAMP_ORDER_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_TRY_LATER)) { + minorInfo = "TRY_LATER"; + } else if (resultCode.getCode().equals(ResultCode.CODE_UNKNOWN_COMMITMENT_TYPE)) { + minorInfo = "UNKNOWN_COMMITMENT_TYPE"; + } else if (resultCode.getCode().equals(ResultCode.SUCCESS)) { + minorInfo = "SUCCESS"; + } + } + + check = new ExtendedCertificateCheckResultImpl(majorCode, majorInfo, minorCode, + minorInfo); + + return check; + + } + + public static List getAdESResult(iaik.server.modules.AdESFormVerificationResult adesFormVerification) { + if (adesFormVerification == null) { + // no form information + return null; + } + + List adesList = new ArrayList(); + + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), + SignatureVerificationProfile.LEVEL_LTA, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), + SignatureVerificationProfile.LEVEL_LT, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), + SignatureVerificationProfile.LEVEL_T, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), + SignatureVerificationProfile.LEVEL_B, adesList); + + return adesList; + } + + public static void buildResult(ValidationReport report, List adesList) { + + if (report == null) { return; } - - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + + AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); adESFormResultsImpl.setCode(report.getStatus().ordinal()); adESFormResultsImpl.setInfo(report.getLongText()); adESFormResultsImpl.setName(report.getValidationName()); adesList.add(adESFormResultsImpl); - - if(report.getSubValidationReports() != null && !report.getSubValidationReports().isEmpty()) { + + if (report.getSubValidationReports() != null && !report.getSubValidationReports().isEmpty()) { Iterator reportIt = report.getSubValidationReports().iterator(); - while(reportIt.hasNext()) { + while (reportIt.hasNext()) { buildResult(reportIt.next(), adesList); } } - + + } + + public static void checkSubResult(AdESVerificationResult subResult, String level, List adesList) { + if (subResult != null) { + Logger.info("Checking Level: " + level); + try { + + AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + adESFormResultsImpl.setCode(subResult.getResultCode()); + Logger.info("RESULT: " + String.valueOf(subResult.getResultCode())); + adESFormResultsImpl.setInfo(subResult.getInfo()); + adESFormResultsImpl.setName(level); + + adesList.add(adESFormResultsImpl); + } catch (NullPointerException e) { + Logger.warn("Catching NullPointer Exception, of invalid Form Results", e); + } + } else { + Logger.info("Subresult Level: " + level + " not available"); + } } - - public static void checkSubResult(SignatureVerificationResult subResult, String level, List adesList) throws ConfigurationException { + + public static void checkSubResult(SignatureVerificationResult subResult, String level, List adesList) + throws ConfigurationException { if (subResult != null) { Logger.info("Checking Level: " + level); try { - - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + + AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); ResultCode resultCode = subResult.getResultCode(); - if(resultCode instanceof ResultCodeValid) { - adESFormResultsImpl.setCode(SignatureVerificationResult.VALID);//.getResultCode().getCode())); - } else if(resultCode instanceof ResultCodeInvalid) { + if (resultCode instanceof ResultCodeValid) { + adESFormResultsImpl.setCode(SignatureVerificationResult.VALID);// .getResultCode().getCode())); + } else if (resultCode instanceof ResultCodeInvalid) { adESFormResultsImpl.setCode(SignatureVerificationResult.INVALID); } else { adESFormResultsImpl.setCode(SignatureVerificationResult.INDETERMINATE); @@ -66,5 +191,5 @@ public class AdESResultUtils { Logger.info("Subresult Level: " + level + " not available"); } } - + } -- cgit v1.2.3