From 00e4e0cbaf7fe6b2ecb08011995f00e503981911 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 13 Feb 2018 11:27:02 +0100 Subject: add infos about signature and hash algorithms into responses --- .../gv/egiz/asic/api/ASiCVerificationResult.java | 9 +- .../egiz/asic/impl/AsicSignedFilesContainer.java | 39 + .../asic/impl/verifier/ExtendedCAdESVerifier.java | 8 +- .../asic/impl/verifier/ExtendedXAdESVerifier.java | 7 +- .../asic/impl/verifier/SimpleCAdESVerifier.java | 7 +- .../asic/impl/verifier/SimpleXAdESVerifier.java | 7 +- .../VerifyASICSignatureResponseBuilder.java | 16 +- .../src/test/java/at/gv/egiz/asic/dev/Main.java | 5 +- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 6 +- .../VerifyCMSSignatureResponseElement.java | 2 + .../egovernment/moa/spss/api/common/InputData.java | 9 + .../moa/spss/api/impl/InputDataBinaryImpl.java | 12 +- .../moa/spss/api/impl/InputDataXMLImpl.java | 12 +- .../moa/spss/api/impl/SPSSFactoryImpl.java | 6 +- .../VerifyCMSSignatureResponseElementImpl.java | 13 + .../api/impl/VerifyXMLSignatureResponseImpl.java | 11 + .../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 20 + .../xmlbind/VerifyCMSSignatureResponseBuilder.java | 5 + .../xmlbind/VerifyPDFSignatureResponseBuilder.java | 7 + .../xmlbind/VerifyXMLSignatureResponseBuilder.java | 11 + .../api/xmlverify/VerifyXMLSignatureResponse.java | 2 + .../invoke/CMSSignatureVerificationInvoker.java | 13 +- .../invoke/VerifyCMSSignatureResponseBuilder.java | 21 +- .../invoke/VerifyXMLSignatureResponseBuilder.java | 40 +- .../invoke/XMLSignatureVerificationInvoker.java | 2 +- moaSig/moa-sig/build.gradle | 2 +- .../resources/schemas/MOA-SPSS-2.0.0.wsdl | 2 +- .../resources/resources/schemas/MOA-SPSS-3.1.1.xsd | 833 +++++++++++++++++++++ .../src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd | 833 +++++++++++++++++++++ 29 files changed, 1911 insertions(+), 49 deletions(-) create mode 100644 moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/AsicSignedFilesContainer.java create mode 100644 moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd create mode 100644 moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd (limited to 'moaSig') diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java index a350f18..ce8f374 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/api/ASiCVerificationResult.java @@ -1,5 +1,6 @@ package at.gv.egiz.asic.api; +import at.gv.egiz.asic.impl.AsicSignedFilesContainer; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; @@ -11,22 +12,22 @@ import java.util.List; */ public class ASiCVerificationResult { - private List signedFiles = new ArrayList(); + private List signedFiles = new ArrayList(); private VerifyCMSSignatureResponse cmsResult = null; private VerifyXMLSignatureResponse xmlResult = null; - public ASiCVerificationResult(List references, VerifyCMSSignatureResponse cmsResult) { + public ASiCVerificationResult(List references, VerifyCMSSignatureResponse cmsResult) { this.signedFiles = references; this.cmsResult = cmsResult; } - public ASiCVerificationResult(List references, VerifyXMLSignatureResponse xmlResult) { + public ASiCVerificationResult(List references, VerifyXMLSignatureResponse xmlResult) { this.signedFiles = references; this.xmlResult = xmlResult; } - public List getSignedFiles() { + public List getSignedFiles() { return signedFiles; } diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/AsicSignedFilesContainer.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/AsicSignedFilesContainer.java new file mode 100644 index 0000000..c21960d --- /dev/null +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/AsicSignedFilesContainer.java @@ -0,0 +1,39 @@ +package at.gv.egiz.asic.impl; + +public class AsicSignedFilesContainer { + + private String uri = null; + private String hashAlg = null; + + + /** + * Container element with ASIC signed files information + * + * @param uri Identifier of the file + * @param hashAlg Hash algorithm that is used to hash the file + */ + public AsicSignedFilesContainer(String uri, String hashAlg) { + this.uri = uri; + this.hashAlg = hashAlg; + + } + + /** + * Get file identifier + * + * @return + */ + public String getUri() { + return uri; + } + + /** + * Get hash algorithm that is used to hash the file + * + * @return + */ + public String getHashAlg() { + return hashAlg; + } + +} diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java index 9f16035..c227a9d 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java @@ -6,6 +6,7 @@ import at.gv.egiz.asic.api.ASiC; import at.gv.egiz.asic.api.ASiCEntry; import at.gv.egiz.asic.api.ASiCFormat; import at.gv.egiz.asic.api.ASiCVerificationResult; +import at.gv.egiz.asic.impl.AsicSignedFilesContainer; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -73,14 +74,14 @@ public class ExtendedCAdESVerifier extends CAdESVerifier { // verify all references boolean allReferencesValid = true; - List signedFiles = new ArrayList(); + List signedFiles = new ArrayList(); Iterator dataObjectReferenceTypeIterator = asiCManifestType.getDataObjectReference().iterator(); while (dataObjectReferenceTypeIterator.hasNext()) { DataObjectReferenceType dataObjectReferenceType = dataObjectReferenceTypeIterator.next(); String mdURI = dataObjectReferenceType.getDigestMethod().getAlgorithm(); String uri = dataObjectReferenceType.getURI(); - signedFiles.add(uri); + signedFiles.add(new AsicSignedFilesContainer(uri, mdURI)); Iterator dataEntryIterator = asic.getDataEntries().iterator(); @@ -149,7 +150,8 @@ public class ExtendedCAdESVerifier extends CAdESVerifier { signatureCheck, orig.getCertificateCheck(), orig.getAdESFormResults(), - orig.getExtendedCertificateCheck()); + orig.getExtendedCertificateCheck(), + orig.getSignatureAlgorithm()); responseElements.add(responseElement); } VerifyCMSSignatureResponse verifyCMSSignatureResponse = SPSSFactory.getInstance(). diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java index c07efd9..86918bf 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java @@ -7,6 +7,7 @@ import at.gv.egiz.asic.api.ASiC; import at.gv.egiz.asic.api.ASiCEntry; import at.gv.egiz.asic.api.ASiCFormat; import at.gv.egiz.asic.api.ASiCVerificationResult; +import at.gv.egiz.asic.impl.AsicSignedFilesContainer; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOARuntimeException; @@ -132,14 +133,14 @@ public class ExtendedXAdESVerifier extends XAdESVerifier { //JAXBContext jc = JAXBContext.newInstance( "at.gv.egiz.asic" ); //JAXBElement xmlSignatureJaxb = jc.createUnmarshaller().unmarshal(node, SignatureType.class); //SignatureType xmlSignature = xmlSignatureJaxb.getValue(); - List signedFiles = new ArrayList(); + List signedFiles = new ArrayList(); //Iterator it = xmlSignature.getSignedInfo().getReference().iterator(); Iterator it = xmlSignatures.get(i).getSignedInfo().getReference().iterator(); while (it.hasNext()) { ReferenceType refType = it.next(); - if (!refType.getURI().startsWith("#")) { - signedFiles.add(refType.getURI()); + if (!refType.getURI().startsWith("#")) { + signedFiles.add(new AsicSignedFilesContainer(refType.getURI(), refType.getDigestMethod().getAlgorithm())); } } diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java index f10fe2f..f1756fa 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java @@ -4,6 +4,7 @@ import at.gv.egiz.asic.api.ASiC; import at.gv.egiz.asic.api.ASiCEntry; import at.gv.egiz.asic.api.ASiCFormat; import at.gv.egiz.asic.api.ASiCVerificationResult; +import at.gv.egiz.asic.impl.AsicSignedFilesContainer; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; @@ -32,12 +33,12 @@ public class SimpleCAdESVerifier extends CAdESVerifier { //get first element ASiCEntry dataEntry = asic.getDataEntries().iterator().next(); - List signedFiles = new ArrayList(); - signedFiles.add(dataEntry.getEntryName()); + List signedFiles = new ArrayList(); + signedFiles.add(new AsicSignedFilesContainer(dataEntry.getEntryName(), null)); VerifyCMSSignatureResponse verifyResponse = this.runCMSVerification(dataEntry.getContents(), cadesSignature.getContents(), trustProfileID, date); - + response.add(new ASiCVerificationResult(signedFiles, verifyResponse)); } diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java index a71462c..b378d5b 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java @@ -6,6 +6,7 @@ import at.gv.egiz.asic.api.ASiC; import at.gv.egiz.asic.api.ASiCEntry; import at.gv.egiz.asic.api.ASiCFormat; import at.gv.egiz.asic.api.ASiCVerificationResult; +import at.gv.egiz.asic.impl.AsicSignedFilesContainer; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOARuntimeException; @@ -67,13 +68,13 @@ public class SimpleXAdESVerifier extends XAdESVerifier { for (int i = 0; i < signatureSize; i++) { - List signedFiles = new ArrayList(); + List signedFiles = new ArrayList(); Iterator it = xAdESSignaturesType.getSignature().get(i).getSignedInfo().getReference().iterator(); while (it.hasNext()) { ReferenceType refType = it.next(); if (!refType.getURI().startsWith("#")) { - signedFiles.add(refType.getURI()); + signedFiles.add(new AsicSignedFilesContainer(refType.getURI(), refType.getDigestMethod().getAlgorithm())); } } @@ -99,7 +100,7 @@ public class SimpleXAdESVerifier extends XAdESVerifier { supplementsList.add(profile); if (addAll) { - signedFiles.add(dataEntry.getEntryName()); + signedFiles.add(new AsicSignedFilesContainer(dataEntry.getEntryName(), null)); } } String location = "(//ds:Signature)[" + (i + 1) + "]"; diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java index 50cd261..67d8b05 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java @@ -25,6 +25,7 @@ package at.gv.egiz.asic.xmlbind; import at.gv.egiz.asic.api.ASiCVerificationResult; +import at.gv.egiz.asic.impl.AsicSignedFilesContainer; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -37,6 +38,8 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureResponseBuilder; import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.MiscUtil; + import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -96,11 +99,14 @@ public class VerifyASICSignatureResponseBuilder { throws MOAException { Element asiCSignatureResultElem = responseDoc.createElementNS(Constants.MOA_NS_URI, "ASiCSignatureResult"); - Iterator signedFiles = aSiCVerificationResult.getSignedFiles().iterator(); + Iterator signedFiles = aSiCVerificationResult.getSignedFiles().iterator(); while (signedFiles.hasNext()) { - String signedFile = signedFiles.next(); + AsicSignedFilesContainer signedFile = signedFiles.next(); Element signedFilesElem = responseDoc.createElementNS(Constants.MOA_NS_URI, "signedFiles"); - signedFilesElem.setTextContent(signedFile); + signedFilesElem.setTextContent(signedFile.getUri()); + if (MiscUtil.isNotEmpty(signedFile.getHashAlg())) + signedFilesElem.setAttribute("hashAlgorithm", signedFile.getHashAlg()); + asiCSignatureResultElem.appendChild(signedFilesElem); } @@ -141,6 +147,10 @@ public class VerifyASICSignatureResponseBuilder { signerInfo.getIssuerCountryCode(), signerInfo.getTslInfos()); + ResponseBuilderUtils.addSignatureAlgorithm(responseDoc, + responseElem, + responseElement.getSignatureAlgorithm()); + ResponseBuilderUtils.addCodeInfoElement( responseDoc, responseElem, diff --git a/moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java b/moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java index 5005a3b..ec6e902 100644 --- a/moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java +++ b/moaSig/moa-asic/src/test/java/at/gv/egiz/asic/dev/Main.java @@ -5,6 +5,7 @@ import at.gv.egiz.asic.api.ASiCFactory; import at.gv.egiz.asic.api.ASiCFormat; import at.gv.egiz.asic.api.ASiCVerificationResult; import at.gv.egiz.asic.impl.ASiCMOAVerifier; +import at.gv.egiz.asic.impl.AsicSignedFilesContainer; import at.gv.egiz.asic.xmlbind.VerifyASICSignatureResponseBuilder; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; @@ -79,9 +80,9 @@ public class Main { // Auswertung der Response System.out.println(); System.out.println("Signierte Eintraege"); - Iterator signedFilesIterator = aSiCVerificationResult.getSignedFiles().iterator(); + Iterator signedFilesIterator = aSiCVerificationResult.getSignedFiles().iterator(); while (signedFilesIterator.hasNext()) { - System.out.println(" " + signedFilesIterator.next()); + System.out.println(" " + signedFilesIterator.next().getUri()); } System.out.println(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index a39edf4..36d5461 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -580,7 +580,8 @@ public abstract class SPSSFactory { CheckResult signatureCheck, CheckResult certificateCheck, List adesResult, - ExtendedCertificateCheckResult extendedCertificateCheckResult); + ExtendedCertificateCheckResult extendedCertificateCheckResult, + String usedAlgorithm); // // Factory methods for verifying XML signatures @@ -871,7 +872,8 @@ public abstract class SPSSFactory { List xmlDsigManifestChecks, CheckResult certificateCheck, List adesFormResults, - ExtendedCertificateCheckResult extCheckResult); + ExtendedCertificateCheckResult extCheckResult, + String signatureAlgorithm); /** * Create a new ReferencesCheckResult object. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java index 6b08471..38106e7 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java @@ -67,4 +67,6 @@ public interface VerifyCMSSignatureResponseElement { public List getAdESFormResults(); public ExtendedCertificateCheckResult getExtendedCertificateCheck(); + + public String getSignatureAlgorithm(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java index 8c940cd..8f8a714 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java @@ -68,4 +68,13 @@ public interface InputData extends Content * SignatureManifest respectively. */ public int getReferringReferenceNumber(); + + + /** + * Returns an identifier of the hash algorithm that is used to hash this {@link InputData} + * + * @return + */ + public String getHashAlgorithm(); + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java index 27f6f85..4b5659e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java @@ -62,6 +62,8 @@ public class InputDataBinaryImpl implements ContentBinary, InputData */ protected int referringReferenceNumber_; + protected String hashAlg = null; + /** * Creates a new instance. * @@ -70,14 +72,17 @@ public class InputDataBinaryImpl implements ContentBinary, InputData * @param partOf see {@link InputData} * * @param referringReferenceNumber see {@link InputData} + * + * @param hashAlg see {@link InputData} */ - public InputDataBinaryImpl(Content wrapped, String partOf, int referringReferenceNumber) throws MOARuntimeException + public InputDataBinaryImpl(Content wrapped, String partOf, int referringReferenceNumber, String hashAlg) throws MOARuntimeException { if (wrapped.getContentType() != Content.BINARY_CONTENT) throw new MOARuntimeException("9901", null); wrapped_ = (ContentBinary) wrapped; partOf_ = partOf; referringReferenceNumber_ = referringReferenceNumber; + this.hashAlg = hashAlg; } /** @@ -120,4 +125,9 @@ public class InputDataBinaryImpl implements ContentBinary, InputData return referringReferenceNumber_; } +@Override +public String getHashAlgorithm() { + return this.hashAlg; +} + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java index 432e1a2..e89976e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java @@ -62,6 +62,8 @@ public class InputDataXMLImpl implements ContentXML, InputData */ protected int referringReferenceNumber_; + protected String hashAlg = null; + /** * Creates a new instance. * @@ -70,14 +72,17 @@ public class InputDataXMLImpl implements ContentXML, InputData * @param partOf see {@link InputData} * * @param referringReferenceNumber see {@link InputData} + * + * @param hashAlg see {@link InputData} */ - public InputDataXMLImpl(Content wrapped, String partOf, int referringReferenceNumber) + public InputDataXMLImpl(Content wrapped, String partOf, int referringReferenceNumber, String hashAlg) { if (wrapped.getContentType() != Content.XML_CONTENT) throw new MOARuntimeException("9901", null); wrapped_ = (ContentXML) wrapped; partOf_ = partOf; referringReferenceNumber_ = referringReferenceNumber; + this.hashAlg = hashAlg; } /** @@ -120,4 +125,9 @@ public class InputDataXMLImpl implements ContentXML, InputData return referringReferenceNumber_; } +@Override +public String getHashAlgorithm() { + return this.hashAlg; +} + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index b9fad4f..d743f16 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -283,13 +283,14 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(SignerInfo signerInfo, CheckResult signatureCheck, CheckResult certificateCheck, List adesResult, - ExtendedCertificateCheckResult extendedCertificateCheckResult) { + ExtendedCertificateCheckResult extendedCertificateCheckResult, String usedAlgorithm) { VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); verifyCMSSignatureResponseElement.setAdESFormResults(adesResult); verifyCMSSignatureResponseElement.setExtendedCertificateCheck(extendedCertificateCheckResult); + verifyCMSSignatureResponseElement.setSignatureAlgorithm(usedAlgorithm); return verifyCMSSignatureResponseElement; } @@ -380,11 +381,12 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyXMLSignatureResponse createVerifyXMLSignatureResponse(SignerInfo signerInfo, List hashInputDatas, List referenceInputDatas, ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, CheckResult certificateCheck, - List adesFormResults, ExtendedCertificateCheckResult extCheckResult) { + List adesFormResults, ExtendedCertificateCheckResult extCheckResult, String signatureAlgorithm) { VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = new VerifyXMLSignatureResponseImpl(); verifyXMLSignatureResponse.setSignerInfo(signerInfo); verifyXMLSignatureResponse.setHashInputDatas(hashInputDatas); verifyXMLSignatureResponse.setReferenceInputDatas(referenceInputDatas); + verifyXMLSignatureResponse.setSignatureAlgorithm(signatureAlgorithm); verifyXMLSignatureResponse.setSignatureCheck(signatureCheck); verifyXMLSignatureResponse.setSignatureManifestCheck(signatureManifestCheck); verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java index 9b7881c..1d40627 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java @@ -51,6 +51,8 @@ public class VerifyCMSSignatureResponseElementImpl private List adesResults = null; + private String usedAlgorithm = null; + /** * Sets a SignerInfo element according to CMS. * @@ -106,5 +108,16 @@ public class VerifyCMSSignatureResponseElementImpl public ExtendedCertificateCheckResult getExtendedCertificateCheck() { return extendedResult; } + + @Override + public String getSignatureAlgorithm() { + return usedAlgorithm; + } + + public void setSignatureAlgorithm(String usedAlgorithm) { + this.usedAlgorithm = usedAlgorithm; + } + + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java index 60ac3be..0047d44 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java @@ -70,6 +70,8 @@ public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureRespons /** Information about the certificate check. */ private CheckResult certificateCheck; + private String signatureAlgorithm = null; + /** * Sets information about the signer certificate. * @@ -189,4 +191,13 @@ public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureRespons return extendedResult; } + public String getSignatureAlgorithm() { + return signatureAlgorithm; + } + + public void setSignatureAlgorithm(String signatureAlgorithm) { + this.signatureAlgorithm = signatureAlgorithm; + } + + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index 91dc6b9..a21e693 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -389,6 +389,26 @@ public class ResponseBuilderUtils { } } + public static void addSignatureAlgorithm(Document response, + Element root, + String algorithm) { + if(algorithm != null) { + Element extElem = response.createElementNS(MOA_NS_URI, "SignatureAlgorithm"); + extElem.appendChild(response.createTextNode(algorithm)); + root.appendChild(extElem); + } + } + + public static void addHashAlgorithm(Document response, + Element root, + String algorithm) { + if(algorithm != null) { + Element extElem = response.createElementNS(MOA_NS_URI, "HashAlgorithm"); + extElem.appendChild(response.createTextNode(algorithm)); + root.appendChild(extElem); + } +} + public static void addExtendendResult(Document response, Element root, ExtendedCertificateCheckResult result) { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 30bf3c4..de39948 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -132,6 +132,11 @@ public class VerifyCMSSignatureResponseBuilder { responseElem, signerInfo.getSigningTime()); } + ResponseBuilderUtils.addSignatureAlgorithm(responseDoc, + responseElem, + responseElement.getSignatureAlgorithm()); + + ResponseBuilderUtils.addCodeInfoElement( responseDoc, responseElem, diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java index 0ca6f8f..8b10191 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java @@ -123,11 +123,18 @@ public class VerifyPDFSignatureResponseBuilder { responseElem, signerInfo.getSigningTime()); + } else { Logger.info("Find signature result with no 'SignerInfo'. Maybe a signature verification Failed"); } + + ResponseBuilderUtils.addSignatureAlgorithm(responseDoc, + responseElem, + responseElement.getSignatureAlgorithm()); + + ResponseBuilderUtils.addCodeInfoElement( responseDoc, responseElem, diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index 0042464..82d01c0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -35,6 +35,7 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.Base64Utils; import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.MiscUtil; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.common.Content; @@ -134,6 +135,9 @@ public class VerifyXMLSignatureResponseBuilder { } } + //add hash algorithm + ResponseBuilderUtils.addSignatureAlgorithm(responseDoc, responseElem, response.getSignatureAlgorithm()); + // add the SignatureCheck addReferencesCheckResult("SignatureCheck", response.getSignatureCheck()); @@ -204,6 +208,11 @@ public class VerifyXMLSignatureResponseBuilder { contentElem.setAttributeNS(null, "ReferringSigReference", Integer.toString(inputData.getReferringReferenceNumber())); + if (MiscUtil.isNotEmpty(inputData.getHashAlgorithm())) { + contentElem.setAttribute("HashAlgorithm", inputData.getHashAlgorithm()); + + } + switch (inputData.getContentType()) { case Content.XML_CONTENT: ContentXML contentXml = (ContentXML) inputData; @@ -236,6 +245,7 @@ public class VerifyXMLSignatureResponseBuilder { responseElem.appendChild(contentElem); break; } + } /** @@ -267,6 +277,7 @@ public class VerifyXMLSignatureResponseBuilder { } ResponseBuilderUtils.addCodeInfoElement(responseDoc, responseElem, elementName, checkResult.getCode(), info); + } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java index 0ed12bf..0f42903 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java @@ -92,4 +92,6 @@ public interface VerifyXMLSignatureResponse { public List getAdESFormResults(); public ExtendedCertificateCheckResult getExtendedCertificateCheck(); + + public String getSignatureAlgorithm(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 42d34fc..b2c6717 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -268,9 +268,12 @@ public class CMSSignatureVerificationInvoker { CMSSignatureVerificationResult cmsResult = null; List adesResults = null; + boolean extendedVerification = false; + ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { Logger.info("Got ExtendedCMSSignatureVerificationResult"); + extendedVerification = true; ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; cmsResult = result.getCMSSignatureVerificationResult(); adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); @@ -324,7 +327,7 @@ public class CMSSignatureVerificationInvoker { responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult, - qcsscdresult.getTslInfos()); + qcsscdresult.getTslInfos(), extendedVerification); } private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, @@ -335,13 +338,15 @@ public class CMSSignatureVerificationInvoker { Logger.warn("Result Object is null!"); return; } - + PDFSignatureVerificationResult cmsResult = null; List adesResults = null; - + boolean extendedVerification = false; + ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { Logger.info("Got ExtendedPDFSignatureVerificationResult"); + extendedVerification = true; ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; cmsResult = result.getPDFSignatureVerificationResult(); adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); @@ -405,7 +410,7 @@ public class CMSSignatureVerificationInvoker { responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, - extCheckResult, qcsscdresult.getTslInfos()); + extCheckResult, qcsscdresult.getTslInfos(), extendedVerification); } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index f4121b0..22bae71 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -83,7 +83,7 @@ public class VerifyCMSSignatureResponseBuilder { * @throws MOAException */ public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, - ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos) + ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification) throws MOAException { CertificateValidationResult certResult = @@ -99,6 +99,11 @@ public class VerifyCMSSignatureResponseBuilder { boolean qualifiedCertificate = checkQC; + //add signature algorithm name in case of extended validation + String sigAlgName = null; + if (extendedVerification) + sigAlgName = result.getSignatureAlgorithmName(); + // add SignerInfo element signerInfo = factory.createSignerInfo( @@ -126,7 +131,8 @@ public class VerifyCMSSignatureResponseBuilder { signatureCheck, certificateCheck, adesResults, - extendedCertificateCheckResult); + extendedCertificateCheckResult, + sigAlgName); responseElements.add(responseElement); } @@ -144,7 +150,7 @@ public class VerifyCMSSignatureResponseBuilder { * @throws MOAException */ public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, - ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos) + ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification) throws MOAException { CertificateValidationResult certResult = @@ -159,6 +165,12 @@ public class VerifyCMSSignatureResponseBuilder { boolean qualifiedCertificate = checkQC; + //add signature algorithm name in case of extended validation + String sigAlgName = null; + if (extendedVerification) + sigAlgName = result.getSignatureAlgorithmName(); + + //set code 99 if not certcheckresult exists int certificateCheckCode = 99; if (certResult != null) { @@ -192,7 +204,8 @@ public class VerifyCMSSignatureResponseBuilder { signatureCheck, certificateCheck, adesResults, - extendedCertificateCheckResult); + extendedCertificateCheckResult, + sigAlgName); responseElements.add(responseElement); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index d8ebd85..22ef789 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -106,6 +106,9 @@ public class VerifyXMLSignatureResponseBuilder { private List adesFormResults = null; private ExtendedCertificateCheckResult extCheckResult = null; private Date signingTime; + + private String signatureAlgorithm = null; + /** * Get the VerifyMLSignatureResponse built so far. * @@ -121,7 +124,8 @@ public class VerifyXMLSignatureResponseBuilder { xmlDsigManifestChecks, certificateCheck, adesFormResults, - extCheckResult); + extCheckResult, + signatureAlgorithm); } public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extCheckResult) { @@ -162,7 +166,8 @@ public class VerifyXMLSignatureResponseBuilder { boolean sscdSourceTSL, boolean isTSLEnabledTrustprofile, String issuerCountryCode, - TslInfos tslInfos) + TslInfos tslInfos, + boolean isExtendedValidation) throws MOAApplicationException { CertificateValidationResult certResult = @@ -178,6 +183,9 @@ public class VerifyXMLSignatureResponseBuilder { qualifiedCertificate = checkQC; + if (isExtendedValidation) + signatureAlgorithm = result.getSignatureAlgorithmName(); + // create the SignerInfo; signerInfo = factory.createSignerInfo( @@ -192,6 +200,9 @@ public class VerifyXMLSignatureResponseBuilder { result.getSigningTime(), tslInfos); + + + //TODO: add hash algo. infos // Create HashInputData Content objects referenceDataList = result.getReferenceDataList(); if (profile.includeHashInputData()) { @@ -364,7 +375,8 @@ public class VerifyXMLSignatureResponseBuilder { inputDatas.add(buildInputData( referenceData.getHashInputData(), containerType, - refererNumber)); + refererNumber, + referenceData.getHashAlgorithmName())); } } @@ -391,7 +403,8 @@ public class VerifyXMLSignatureResponseBuilder { inputDatas.add(buildInputData( referenceData.getReferenceInputData(), containerType, - refererNumber)); + refererNumber, + referenceData.getHashAlgorithmName())); } } @@ -407,11 +420,12 @@ public class VerifyXMLSignatureResponseBuilder { * * @param referringReferenceNumber see {@link InputData} * - * @return The corresponinding input data implementation. - * + * @param hashAlg see {@link InputData} + * + * @return The corresponinding input data implementation. * @throws MOAApplicationException An error occurred creating the result. */ - private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber) + private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber, String hashAlg) throws MOAApplicationException { if (dataObject instanceof BinaryDataObject) { @@ -419,7 +433,8 @@ public class VerifyXMLSignatureResponseBuilder { return new InputDataBinaryImpl( factory.createContent(binaryData.getInputStream(), null), partOf, - referringReferenceNumber); + referringReferenceNumber, + hashAlg); } else if (dataObject instanceof XMLDataObject) { XMLDataObject xmlData = (XMLDataObject) dataObject; List nodes = new ArrayList(); @@ -428,7 +443,8 @@ public class VerifyXMLSignatureResponseBuilder { return new InputDataXMLImpl( factory.createContent(new NodeListAdapter(nodes), null), partOf, - referringReferenceNumber); + referringReferenceNumber, + hashAlg); } else { // dataObject instanceof XMLNodeListDataObject // if the data in the NodeList can be converted back to valid XML, // write it as XMLContent; otherwise, write it as Base64Content @@ -443,7 +459,8 @@ public class VerifyXMLSignatureResponseBuilder { return new InputDataXMLImpl( factory.createContent(fragment.getChildNodes(), null), partOf, - referringReferenceNumber); + referringReferenceNumber, + hashAlg); } catch (Exception e) { // not successful -> fall through to the Base64Content } @@ -472,7 +489,8 @@ public class VerifyXMLSignatureResponseBuilder { return new InputDataBinaryImpl( factory.createContent(is, null), partOf, - referringReferenceNumber); + referringReferenceNumber, + hashAlg); } catch (Exception e) { throw new MOAApplicationException("2200", null); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index d3ad086..74c4f0b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -304,7 +304,7 @@ public class XMLSignatureVerificationInvoker { // build the response responseBuilder.setResult(plainResult, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), - qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos()); + qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos(), request.getExtendedValidaiton()); return responseBuilder.getResponse(); } diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle index 60a7285..7555d9d 100644 --- a/moaSig/moa-sig/build.gradle +++ b/moaSig/moa-sig/build.gradle @@ -78,7 +78,7 @@ task jaxb () { ant.xjc( destdir: jaxbTargetDir.path, package: 'at.gv.egiz.moasig', - schema: 'src/main/resources/resources/schemas/MOA-SPSS-3.0.0.xsd' + schema: 'src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd' ) } } diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl index 6e91a2d..b0a7e3e 100644 --- a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl +++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl @@ -1,7 +1,7 @@ - + diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd new file mode 100644 index 0000000..d8f45fa --- /dev/null +++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-3.1.1.xsd @@ -0,0 +1,833 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch + wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine + Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung + erfolgreich war + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch + wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des + Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit + der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine + Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung + erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch + wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + only ds:X509Data and RetrievalMethod is + supported; QualifiedCertificate is included as + X509Data/any;publicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + only ds:X509Data and RetrievalMethod is + supported; QualifiedCertificate is included as + X509Data/any;publicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any, + TSLInformation is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + + + + + + + + + + + asics or asice + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + only ds:X509Data and RetrievalMethod is + supported; QualifiedCertificate is included as + X509Data/any;publicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu + überprüfenden XML-Signatur muss hier ein + ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen + ReferenceInfo Elemente entspricht jener der dsig:Reference + Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is + supported; QualifiedCertificate is included as X509Data/any; + PublicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is + supported; QualifiedCertificate is included as X509Data/any; + PublicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER + Transformationskette inklusive ggf. sinnvoller Supplements oder + Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung + erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert + ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von + der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur + hat zumindest einem dieser Transformationswege zu entsprechen. Die + Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters + (explizit oder als Hashwert) kann unterlassen werden, wenn die + Applikation von der Unveränderlichkeit des Inhalts der in + "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen + kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + + Alle impliziten Transformationsparameter, die + zum Durchlaufen der oben angeführten Transformationskette + bekannt sein müssen, müssen hier angeführt werden. Das + Attribut "URI" bezeichnet den Transformationsparameter in exakt + jener Weise, wie er in der zu überprüfenden Signatur gebraucht + wird. + + + + + + + + + + + + + + + + diff --git a/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd b/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd new file mode 100644 index 0000000..d8f45fa --- /dev/null +++ b/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-3.1.1.xsd @@ -0,0 +1,833 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch + wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine + Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung + erfolgreich war + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch + wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des + Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit + der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine + Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung + erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch + wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + only ds:X509Data and RetrievalMethod is + supported; QualifiedCertificate is included as + X509Data/any;publicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + only ds:X509Data and RetrievalMethod is + supported; QualifiedCertificate is included as + X509Data/any;publicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any, + TSLInformation is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + + + + + + + + + + + asics or asice + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + only ds:X509Data and RetrievalMethod is + supported; QualifiedCertificate is included as + X509Data/any;publicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu + überprüfenden XML-Signatur muss hier ein + ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen + ReferenceInfo Elemente entspricht jener der dsig:Reference + Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is + supported; QualifiedCertificate is included as X509Data/any; + PublicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is + supported; QualifiedCertificate is included as X509Data/any; + PublicAuthority is included as X509Data/any; + SecureSignatureCreationDevice is included as X509Data/any, + IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER + Transformationskette inklusive ggf. sinnvoller Supplements oder + Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung + erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert + ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von + der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur + hat zumindest einem dieser Transformationswege zu entsprechen. Die + Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters + (explizit oder als Hashwert) kann unterlassen werden, wenn die + Applikation von der Unveränderlichkeit des Inhalts der in + "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen + kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + + Alle impliziten Transformationsparameter, die + zum Durchlaufen der oben angeführten Transformationskette + bekannt sein müssen, müssen hier angeführt werden. Das + Attribut "URI" bezeichnet den Transformationsparameter in exakt + jener Weise, wie er in der zu überprüfenden Signatur gebraucht + wird. + + + + + + + + + + + + + + + + -- cgit v1.2.3