From 44d138de959445a619a92608a2133d9558c2a888 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Thu, 21 Apr 2016 08:11:48 +0200
Subject: publishable moa libraries

---
 .../xmlbind/VerifyCMSSignatureRequestParser.java   |  6 +-
 .../CMSSignatureVerificationProfileImpl.java       |  5 ++
 .../spss/server/iaik/config/IaikConfigurator.java  |  3 +
 .../invoke/CMSSignatureVerificationInvoker.java    | 19 ++++-
 moaSig/moa-sig-lib/src/main/resources/sva.config   | 85 ++++++++++++++++++++++
 5 files changed, 113 insertions(+), 5 deletions(-)
 create mode 100644 moaSig/moa-sig-lib/src/main/resources/sva.config

(limited to 'moaSig/moa-sig-lib/src/main')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index 97a2541..cb07b34 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moaspss.logging.Logger;
 import at.gv.egovernment.moaspss.util.Base64Utils;
 import at.gv.egovernment.moaspss.util.CollectionUtils;
 import at.gv.egovernment.moaspss.util.Constants;
@@ -61,6 +62,8 @@ public class VerifyCMSSignatureRequestParser {
   private static final String DATE_TIME_XPATH = MOA + "DateTime";
   private static final String EXTENDED_VALIDATION_XPATH = MOA + "ExtendedValidation";
   private static final String CMS_SIGNATURE_XPATH = MOA + "CMSSignature";
+  private static final String PDF_SIGNATURE_XPATH = MOA + "PDFSignature";
+  
   private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID";
   private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
   private static final String META_INFO_XPATH = MOA + "MetaInfo";
@@ -94,10 +97,11 @@ public class VerifyCMSSignatureRequestParser {
     		RequestParserUtils.parseExtendedValidation(requestElem, EXTENDED_VALIDATION_XPATH, false);
     
     String cmsSignatureStr =
-      XPathUtils.getElementValue(requestElem, CMS_SIGNATURE_XPATH, "");
+      XPathUtils.getElementValue(requestElem, PDF_SIGNATURE_XPATH, "");
     CMSDataObject dataObject = parseDataObject(requestElem);
     String trustProfileID =
       XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null);
+    //Logger.info("CMSSignature: " + cmsSignatureStr);
     InputStream cmsSignature =
       Base64Utils.decodeToStream(cmsSignatureStr, true);
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
index 9fda5e0..ab807ae 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
@@ -55,4 +55,9 @@ public class CMSSignatureVerificationProfileImpl implements CMSSignatureVerifica
 		this.certificateValidationProfile = certificateValidationProfile;
 	}
 
+	@Override
+	public String getTargetLevel() {
+		return CMSSignatureVerificationProfile.LEVEL_LTA;
+	}
+
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index c49004b..44600db 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -25,6 +25,7 @@
 package at.gv.egovernment.moa.spss.server.iaik.config;
 
 import iaik.cms.IaikCCProvider;
+import iaik.esi.sva.Configuration;
 import iaik.pki.store.revocation.RevocationFactory;
 import iaik.pki.store.revocation.RevocationSourceStore;
 import iaik.pki.store.truststore.TrustStoreFactory;
@@ -83,6 +84,8 @@ public class IaikConfigurator {
     try {
       TransactionId transId = new TransactionId("IaikConfigurator");
       
+      //iaik.esi.sva.Configuration config = new Configuration(IaikConfigurator.class.getResourceAsStream("/sva.config"));
+      
       //SecProviderUtils.dumpSecProviders("Starting configuration");
       
       try {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 906abbe..c48cecd 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -157,7 +157,7 @@ public class CMSSignatureVerificationInvoker {
 						.getInstance();
 
 				module.setLog(new IaikLog(loggingCtx.getNodeID()));
-
+				//Logger.info(" Available: " + signature.available());
 				module.init(signature, profile, new TransactionId(context.getTransactionID()));
 
 				// input = module.getInputStream();
@@ -254,11 +254,16 @@ public class CMSSignatureVerificationInvoker {
 			TrustProfile trustProfile) throws MOAException {
 		QCSSCDResult qcsscdresult = new QCSSCDResult();
 
+		if(resultObject == null) {
+			Logger.warn("Result Object is null!");
+			return;
+		}
+		
 		CMSSignatureVerificationResult cmsResult = null;
 		List adesResults = null;
 		if (resultObject instanceof ExtendedCMSSignatureVerificationResult) {
 			ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject;
-
+			cmsResult = result.getCMSSignatureVerificationResult();
 			adesResults = getAdESResult(result.getFormVerificationResult());
 
 			if (adesResults != null) {
@@ -274,6 +279,7 @@ public class CMSSignatureVerificationInvoker {
 		String issuerCountryCode = null;
 		// QC/SSCD check
 
+		if(cmsResult.getCertificateValidationResult() != null) {
 		List list = cmsResult.getCertificateValidationResult().getCertificateChain();
 		if (list != null) {
 			X509Certificate[] chain = new X509Certificate[list.size()];
@@ -289,7 +295,7 @@ public class CMSSignatureVerificationInvoker {
 
 			// get signer certificate issuer country code
 			issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
-
+		}
 		}
 
 		responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
@@ -347,11 +353,16 @@ public class CMSSignatureVerificationInvoker {
 			TrustProfile trustProfile) throws MOAException {
 		QCSSCDResult qcsscdresult = new QCSSCDResult();
 
+		if(resultObject == null) {
+			Logger.warn("Result Object is null!");
+			return;
+		}
+		
 		PDFSignatureVerificationResult cmsResult = null;
 		List adesResults = null;
 		if (resultObject instanceof ExtendedPDFSignatureVerificationResult) {
 			ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject;
-
+			cmsResult = result.getPDFSignatureVerificationResult();
 			adesResults = getAdESResult(result.getFormVerificationResult());
 
 			if (adesResults != null) {
diff --git a/moaSig/moa-sig-lib/src/main/resources/sva.config b/moaSig/moa-sig-lib/src/main/resources/sva.config
new file mode 100644
index 0000000..e41cad5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/resources/sva.config
@@ -0,0 +1,85 @@
+#Fri Jul 27 14:18:37 CEST 2012
+#
+# Format [key]=[value]
+# 
+# Note that if an '=' is used in a key or value it has to be escaped: "\="
+
+##################### WebConfig #######################
+
+#The path to the sva configuration file
+#svaconfig=/data/sigval/incoming/svaconfig
+
+#The directories where to store the collected testdata
+#testdir=/data/sigval/incoming/test/
+
+#The basepath for signature validation
+basepath=
+
+######################################################
+
+#The path prefix for all file system locations
+pathprefix=pathprefix/example/
+
+#The file where the xmldsig core schema is located
+xmlschemaloc=example/schema/xmldsig-core-schema.xsd
+
+#The root folder where truststore and certstore are created later on
+certroot=example/certs
+
+#The folder containing the trustanchors
+trustanchorloc=example/keys_and_certs
+
+#The folder containing the timestampauthority trustanchors
+tsttrustanchorloc=example/keys_and_certs
+
+#The folder containing alternative revocation information (comment out to use
+#infos contained in the certificate)
+#altdp=
+
+#The maximum age of a revocation information of a end user certificate in hours
+endusercertgrace=4382
+
+#The maximum age of a revocation information for a ca certificate in hours
+cacertgrace=4382
+
+tstcoherencetolerance=10
+
+#The maximum time difference (in hours) the signing-time property and a 
+#time stamp
+#timestampdelay=24
+
+# Defines the forbidden hashing algorithms and the inception date
+# Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}...
+hashconstraint={md5, 2000-08-08};{sha1, 2016-08-08}
+
+# Defines the forbidden hashing algorithms for CA Certificates and the inception date
+# Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}...
+cahashconstraint={md5,2000-08-08};{sha1, 2012-08-05}
+
+# Defines the minimum required key lengths
+# Format: {<algorithm name>, <min len>,<inception date>};{...}...
+keylenconstraint={rsa, 1024, 2000-08-08}
+
+# Defines the minimum required key lengths for CA Certificates
+# Format: {<algorithm name>, <min len>,<inception date>};{...}..
+cakeylenconstraint={rsa,512,2000-08-08}
+
+# Defines the minimum required key lengths for timestamps
+# Format: {<algorithm name>, <min len>,<inception date>};{...}...
+tstkeylenconstraint={rsa, 1024, 2000-08-08}
+
+# Defines the mapping for sub indications to main indications.
+# If this property is not present or empty, the default mappings are used.
+# See "ETSI TS 102 853 V1.1.1 (2012-07)"
+# Format: {<sub indication1>, <main indication1>};{...}...
+# Maybe set value to numbers?
+indicationmapping={FORMAT_FAILURE,INDETERMINATE};{SUCCESS, SUCCESS}
+
+# Allows any key usage if set to true, otherwise only dig. signature
+allowanykeyusage=false
+
+# Defines the chaining model for path validation.
+# possible values are:
+#  - All certificates are valid at validationtime (SHELL model)
+#  - All certificates are valid at the time they were used for issuing a certificate (CHAIN model)
+chainingmodel=SHELL
-- 
cgit v1.2.3