/*
* Copyright 2003 Federal Chancellery Austria
* MOA-SPSS has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.spss.server.invoke;
import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
import iaik.server.modules.pdfverify.PDFSignatureVerificationResult;
import iaik.server.cmspdfverify.CertificateValidationResult;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
import at.gv.egovernment.moa.spss.api.common.TslInfos;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
/**
* A class to build a VerifyCMSSignatureResponse
object.
*
*
Via subsequent calls to addResult()
a number of results from
* a CMS signature verification can be added to the response.
The getResponseElement()
method then returns the
* VerifyCMSSignatureResponse
built so far.
SPSSFactory
for creating API objects. */
private SPSSFactory factory = SPSSFactory.getInstance();
/** The elements making up the response. */
private List responseElements = new ArrayList();
/**
* Get the VerifyCMSSignatureResponse
built so far.
*
* @return The VerifyCMSSignatureResponse
built so far.
*/
public VerifyCMSSignatureResponse getResponse() {
return factory.createVerifyCMSSignatureResponse(responseElements);
}
/**
* Add a verification result to the response.
*
* @param result The result to add.
* @param trustprofile The actual trustprofile
* @param checkQCFromTSL true
, if the TSL check verifies the
* certificate as qualified, otherwise false
.
* @param checkSSCD true
, if the TSL check verifies the
* signature based on a SSDC, otherwise false
.
* @param sscdSourceTSL true
, if the SSCD information comes from the TSL,
* otherwise false
.
* @throws MOAException
*/
public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults,
ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification)
throws MOAException {
int signatureCheckCode = result.getSignatureValueVerificationCode().intValue();
CertificateValidationResult certResult = result.getCertificateValidationResult();
VerifyCMSSignatureResponseElement responseElement;
SignerInfo signerInfo;
CheckResult signatureCheck;
CheckResult certificateCheck;
boolean qualifiedCertificate = checkQC;
//add signature algorithm name in case of extended validation
String sigAlgName = null;
if (extendedVerification) {
sigAlgName = result.getSignatureAlgorithmName();
}
//set code 99 if not certcheckresult exists
int certificateCheckCode = 99;
if (certResult != null) {
certificateCheckCode = certResult.getValidationResultCode().intValue();
// add SignerInfo element
signerInfo =
factory.createSignerInfo(
(X509Certificate) certResult.getCertificateChain().get(0),
qualifiedCertificate,
qcSourceTSL,
certResult.isPublicAuthorityCertificate(),
certResult.getPublicAuthorityID(),
checkSSCD,
sscdSourceTSL,
issuerCountryCode,
result.getSigningTime(),
tslInfos);
}
// add SignatureCheck element
signatureCheck = factory.createCheckResult(signatureCheckCode, null);
// add CertificateCheck element
certificateCheck = factory.createCheckResult(certificateCheckCode, null);
// build the response element
responseElement =
factory.createVerifyCMSSignatureResponseElement(
signerInfo,
signatureCheck,
certificateCheck,
adesResults,
extendedCertificateCheckResult,
sigAlgName,
null,
null);
responseElements.add(responseElement);
}
/**
*
* @param result
* @param trustProfile
* @param checkQC
* @param qcSourceTSL
* @param checkSSCD
* @param sscdSourceTSL
* @param issuerCountryCode
* @param adesResults
* @param extendedCertificateCheckResult
* @param tslInfos
* @param extendedVerification
* @throws MOAException
*/
public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults,
ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification)
throws MOAException {
CertificateValidationResult certResult =
result.getCertificateValidationResult();
int signatureCheckCode =
result.getSignatureValueVerificationCode().intValue();
VerifyCMSSignatureResponseElement responseElement;
SignerInfo signerInfo = null;
CheckResult signatureCheck;
CheckResult certificateCheck;
boolean qualifiedCertificate = checkQC;
//add signature algorithm name in case of extended validation
String sigAlgName = null;
Boolean coversFullDoc = null;
int[] sigByteRange = null;
if (extendedVerification) {
sigAlgName = result.getSignatureAlgorithmName();
coversFullDoc = result.byteRangeCoversWholeDocument();
sigByteRange = result.getByteRange();
}
//set code 99 if not certcheckresult exists
int certificateCheckCode = 99;
if (certResult != null) {
certificateCheckCode = certResult.getValidationResultCode().intValue();
// add SignerInfo element
signerInfo =
factory.createSignerInfo(
(X509Certificate) certResult.getCertificateChain().get(0),
qualifiedCertificate,
qcSourceTSL,
certResult.isPublicAuthorityCertificate(),
certResult.getPublicAuthorityID(),
checkSSCD,
sscdSourceTSL,
issuerCountryCode,
result.getSigningTime(),
tslInfos);
}
// add SignatureCheck element
signatureCheck = factory.createCheckResult(signatureCheckCode, null);
// add CertificateCheck element
certificateCheck = factory.createCheckResult(certificateCheckCode, null);
// build the response element
responseElement =
factory.createVerifyCMSSignatureResponseElement(
signerInfo,
signatureCheck,
certificateCheck,
adesResults,
extendedCertificateCheckResult,
sigAlgName,
coversFullDoc,
sigByteRange);
responseElements.add(responseElement);
}
}