From 191ba3411f2db0a48ae8d4243926b33a063bf769 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 2 Dec 2015 15:48:52 +0100 Subject: IAIK Moa CAdES added, cms verification not working --- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 6 +- .../api/cmsverify/VerifyCMSSignatureRequest.java | 2 + .../VerifyCMSSignatureResponseElement.java | 10 ++ .../moa/spss/api/impl/SPSSFactoryImpl.java | 9 +- .../api/impl/VerifyCMSSignatureRequestImpl.java | 10 ++ .../VerifyCMSSignatureResponseElementImpl.java | 12 +++ .../xmlbind/VerifyCMSSignatureRequestParser.java | 3 +- .../CMSSignatureVerificationProfileImpl.java | 39 ++++---- .../PDFSignatureVerificationProfileImpl.java | 8 ++ .../spss/server/iaik/config/IaikConfigurator.java | 2 + .../invoke/CMSSignatureVerificationInvoker.java | 106 ++++++++++++++++++--- .../CMSSignatureVerificationProfileFactory.java | 29 +++++- .../invoke/VerifyCMSSignatureResponseBuilder.java | 5 +- .../moa/spss/server/logging/IaikLog.java | 16 ++-- 14 files changed, 208 insertions(+), 49 deletions(-) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java (limited to 'moaSig/moa-sig-lib/src') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index b725422..d216569 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -467,7 +467,8 @@ public abstract class SPSSFactory { Date dateTime, InputStream cmsSignature, CMSDataObject dataObject, - String trustProfileID); + String trustProfileID, + boolean pdf); /** * Create a new CMSDataObject object from data at a given URI. @@ -543,7 +544,8 @@ public abstract class SPSSFactory { public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck); + CheckResult certificateCheck, + List adesResult); // // Factory methods for verifying XML signatures diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java index 225f685..3adb381 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java @@ -73,4 +73,6 @@ public interface VerifyCMSSignatureRequest { * @return The profile ID of trusted certificates. */ public String getTrustProfileId(); + + public boolean isPDF(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java index a1135ba..8579a2f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.spss.api.cmsverify; +import java.util.List; + import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -54,4 +56,12 @@ public interface VerifyCMSSignatureResponseElement { */ public CheckResult getCertificateCheck(); + /** + * Gets AdES Form results + * + * This might be null! + * + * @return The result of the AdES Form validation + */ + public List getAdESFormResults(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index 8a46219..478dcb4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -260,7 +260,8 @@ public class SPSSFactoryImpl extends SPSSFactory { Date dateTime, InputStream cmsSignature, CMSDataObject dataObject, - String trustProfileID) { + String trustProfileID, + boolean pdf) { VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest = new VerifyCMSSignatureRequestImpl(); verifyCMSSignatureRequest.setDateTime(dateTime); @@ -268,6 +269,7 @@ public class SPSSFactoryImpl extends SPSSFactory { verifyCMSSignatureRequest.setDataObject(dataObject); verifyCMSSignatureRequest.setTrustProfileId(trustProfileID); verifyCMSSignatureRequest.setSignatories(signatories); + verifyCMSSignatureRequest.setPDF(pdf); return verifyCMSSignatureRequest; } @@ -321,13 +323,14 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck) { + CheckResult certificateCheck, + List adesResult) { VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); - + verifyCMSSignatureResponseElement.setAdESFormResults(adesResult); return verifyCMSSignatureResponseElement; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java index c759f5f..78d817b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java @@ -49,6 +49,8 @@ public class VerifyCMSSignatureRequestImpl private InputStream cmsSignature; /** The date for which to verify the signature. */ private Date dateTime; + + private boolean pdf = false; /** * Sets the indexes of the signatories whose signature should be verified. @@ -114,4 +116,12 @@ public class VerifyCMSSignatureRequestImpl return trustProfileId; } + public void setPDF(boolean value) { + this.pdf = value; + } + + public boolean isPDF() { + return this.pdf; + } + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java index f258b3b..3d6b72a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.spss.api.impl; +import java.util.List; + import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -44,6 +46,8 @@ public class VerifyCMSSignatureResponseElementImpl /** Information about the certificate check. */ private CheckResult certificateCheck; + private List adesResults = null; + /** * Sets a SignerInfo element according to CMS. * @@ -82,5 +86,13 @@ public class VerifyCMSSignatureResponseElementImpl public CheckResult getCertificateCheck() { return certificateCheck; } + + public void setAdESFormResults(List adesResults) { + this.adesResults = adesResults; + } + + public List getAdESFormResults() { + return adesResults; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java index 6b3f430..bc92b7a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java @@ -103,7 +103,8 @@ public class VerifyCMSSignatureRequestParser { dateTime, cmsSignature, dataObject, - trustProfileID); + trustProfileID, + false); } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java index 972b540..9fda5e0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.iaik.cmsverify; import iaik.pki.PKIProfile; @@ -35,27 +34,25 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; * @author Patrick Peck * @version $Id$ */ -public class CMSSignatureVerificationProfileImpl - implements CMSSignatureVerificationProfile { - - /** The profile for validating the certificate. */ - private PKIProfile certificateValidationProfile; +public class CMSSignatureVerificationProfileImpl implements CMSSignatureVerificationProfile { + /** The profile for validating the certificate. */ + private PKIProfile certificateValidationProfile; - /** - * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile#getCertificateValidationProfile() - */ - public PKIProfile getCertificateValidationProfile() { - return certificateValidationProfile; - } + /** + * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile#getCertificateValidationProfile() + */ + public PKIProfile getCertificateValidationProfile() { + return certificateValidationProfile; + } - /** - * Sets the profile for validating the signer certificate. - * - * @param certificateValidationProfile The certificate validation profile to - * set. - */ - public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) { - this.certificateValidationProfile = certificateValidationProfile; - } + /** + * Sets the profile for validating the signer certificate. + * + * @param certificateValidationProfile + * The certificate validation profile to set. + */ + public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) { + this.certificateValidationProfile = certificateValidationProfile; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java new file mode 100644 index 0000000..9189597 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java @@ -0,0 +1,8 @@ +package at.gv.egovernment.moa.spss.server.iaik.cmsverify; + +import iaik.server.modules.cmsverify.PDFSignatureVerificationProfile; + +public class PDFSignatureVerificationProfileImpl extends CMSSignatureVerificationProfileImpl + implements PDFSignatureVerificationProfile { + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index 87dd572..ef9ddeb 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.spss.server.iaik.config; +import iaik.cms.IaikCCProvider; import iaik.pki.store.revocation.RevocationFactory; import iaik.pki.store.revocation.RevocationSourceStore; import iaik.pki.store.truststore.TrustStoreFactory; @@ -34,6 +35,7 @@ import iaik.server.modules.keys.KeyEntryID; import iaik.server.modules.keys.KeyModule; import iaik.server.modules.keys.KeyModuleFactory; +import java.security.Provider; import java.security.Security; import java.util.ArrayList; import java.util.Iterator; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index aca6f58..905254e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -24,12 +24,16 @@ package at.gv.egovernment.moa.spss.server.invoke; +import iaik.server.modules.AdESFormVerificationResult; +import iaik.server.modules.AdESVerificationResult; import iaik.server.modules.IAIKException; import iaik.server.modules.IAIKRuntimeException; +import iaik.server.modules.SignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationModule; import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -37,10 +41,17 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.math.BigDecimal; +import java.security.MessageDigest; +import java.util.ArrayList; import java.util.Date; import java.util.Iterator; import java.util.List; +import org.apache.commons.codec.binary.Hex; +import org.apache.commons.io.HexDump; +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; @@ -51,6 +62,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl; import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; @@ -121,14 +133,14 @@ public class CMSSignatureVerificationInvoker { CMSSignatureVerificationProfile profile; Date signingTime; List results; - CMSSignatureVerificationResult result; + ExtendedCMSSignatureVerificationResult result; int[] signatories; InputStream input; - byte[] buf = new byte[256]; + byte[] buf = new byte[2048]; // get the signature signature = request.getCMSSignature(); - + // get the actual trustprofile TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); @@ -137,7 +149,11 @@ public class CMSSignatureVerificationInvoker { signedContent = getSignedContent(request); // build the profile - profile = profileFactory.createProfile(); + if(request.isPDF()) { + profile = profileFactory.createPDFProfile(); + } else { + profile = profileFactory.createProfile(); + } // get the signing time signingTime = request.getDateTime(); @@ -156,9 +172,9 @@ public class CMSSignatureVerificationInvoker { input = module.getInputStream(); while (input.read(buf) > 0); + //results = module.verifyCAdESSignature(signingTime); results = module.verifySignature(signingTime); - } catch (IAIKException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; @@ -191,10 +207,29 @@ public class CMSSignatureVerificationInvoker { Iterator resultIter; for (resultIter = results.iterator(); resultIter.hasNext();) { - result = (CMSSignatureVerificationResult) resultIter.next(); + Object resultObject = resultIter.next(); + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if(resultObject instanceof ExtendedCMSSignatureVerificationResult) { + result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + } else { + cmsResult = (CMSSignatureVerificationResult)resultObject; + } + + String issuerCountryCode = null; // QC/SSCD check - List list = result.getCertificateValidationResult().getCertificateChain(); + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); if (list != null) { X509Certificate[] chain = new X509Certificate[list.size()]; @@ -213,7 +248,7 @@ public class CMSSignatureVerificationInvoker { } - responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode); + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); } } else { int i; @@ -223,11 +258,23 @@ public class CMSSignatureVerificationInvoker { try { result = - (CMSSignatureVerificationResult) results.get(signatories[i] - 1); + (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1); String issuerCountryCode = null; + + CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult(); + + List adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + // QC/SSCD check - List list = result.getCertificateValidationResult().getCertificateChain(); + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); if (list != null) { X509Certificate[] chain = new X509Certificate[list.size()]; @@ -244,7 +291,7 @@ public class CMSSignatureVerificationInvoker { issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); } - responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode); + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); } catch (IndexOutOfBoundsException e) { throw new MOAApplicationException( "2249", @@ -368,4 +415,41 @@ public class CMSSignatureVerificationInvoker { } + + private List getAdESResult(AdESFormVerificationResult adesFormVerification) { + if (adesFormVerification == null) { + // no form information + return null; + } + + List adesList = new ArrayList(); + + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), + SignatureVerificationProfile.LEVEL_LTA, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), + SignatureVerificationProfile.LEVEL_LT, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), + SignatureVerificationProfile.LEVEL_T, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), + SignatureVerificationProfile.LEVEL_B, adesList); + + return adesList; + } + + private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) { + if (subResult != null) { + Logger.info("Checking Level: " + level); + try { + AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + adESFormResultsImpl.setCode(subResult.getResultCode()); + adESFormResultsImpl.setInfo(subResult.getInfo()); + adESFormResultsImpl.setName(subResult.getName()); + + adesList.add(adESFormResultsImpl); + } catch (NullPointerException e) { + Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e); + } + } + } + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java index 5f459ac..74b2a89 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java @@ -24,15 +24,15 @@ package at.gv.egovernment.moa.spss.server.invoke; -import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; - import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.cmsverify.CMSSignatureVerificationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.cmsverify.PDFSignatureVerificationProfileImpl; import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; /** * A factory to create a CMSSignatureVerificationProfile from a @@ -57,6 +57,31 @@ public class CMSSignatureVerificationProfileFactory { this.request = request; } + /** + * Create a CMSSignatureVerificationProfile from the given + * request and the current MOA configuration. + * + * @return The CMSSignatureVerificationProfile for the + * request, based on the current configuration. + * @throws MOAException An error occurred creating the profile. + */ + public CMSSignatureVerificationProfile createPDFProfile() + throws MOAException { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + PDFSignatureVerificationProfileImpl profile = + new PDFSignatureVerificationProfileImpl(); + String trustProfileID; + + // set the certificate validation profile + trustProfileID = request.getTrustProfileId(); + profile.setCertificateValidationProfile( + new PKIProfileImpl(config, trustProfileID)); + + return profile; + } + /** * Create a CMSSignatureVerificationProfile from the given * request and the current MOA configuration. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 1ea10cb..f32093a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -79,7 +79,7 @@ public class VerifyCMSSignatureResponseBuilder { * otherwise false. * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode) + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults) throws MOAException { CertificateValidationResult certResult = @@ -118,7 +118,8 @@ public class VerifyCMSSignatureResponseBuilder { factory.createVerifyCMSSignatureResponseElement( signerInfo, signatureCheck, - certificateCheck); + certificateCheck, + adesResults); responseElements.add(responseElement); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java index 10dc79d..dcb1397 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java @@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.logging; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import iaik.logging.TransactionId; @@ -40,7 +42,7 @@ public class IaikLog implements iaik.logging.Log { /** The hierarchy to log all IAIK output to. */ public static final String IAIK_LOG_HIERARCHY = "iaik.server"; /** The commons-loggin Log to use for logging the messages. */ - private static Log log = LogFactory.getLog(IAIK_LOG_HIERARCHY); + private static Logger log = LoggerFactory.getLogger(IAIK_LOG_HIERARCHY); /** The node ID to use. */ private String nodeId; @@ -66,7 +68,7 @@ public class IaikLog implements iaik.logging.Log { public void debug(TransactionId transactionId, Object message, Throwable t) { IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); - log.debug(msg, t); + log.debug(msg.toString(), t); } /** @@ -82,7 +84,7 @@ public class IaikLog implements iaik.logging.Log { public void info(TransactionId transactionId, Object message, Throwable t) { IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); - log.info(msg, t); + log.info(msg.toString(), t); } /** @@ -98,7 +100,7 @@ public class IaikLog implements iaik.logging.Log { public void warn(TransactionId transactionId, Object message, Throwable t) { IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); - log.warn(msg, t); + log.warn(msg.toString(), t); } /** @@ -114,14 +116,14 @@ public class IaikLog implements iaik.logging.Log { public void error(TransactionId transactionId, Object message, Throwable t) { IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); - log.error(msg, t); + log.error(msg.toString(), t); } /** * @see iaik.logging.Log#isFatalEnabled() */ public boolean isFatalEnabled() { - return log.isFatalEnabled(); + return log.isErrorEnabled(); } /** @@ -130,7 +132,7 @@ public class IaikLog implements iaik.logging.Log { public void fatal(TransactionId transactionId, Object message, Throwable t) { IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); - log.fatal(msg, t); + log.error(msg.toString(), t); } /** -- cgit v1.2.3