/* * Copyright 2003 Federal Chancellery Austria * MOA-SPSS has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.spss.server.invoke; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; import iaik.server.cmspdfverify.CertificateValidationResult; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.common.TslInfos; import at.gv.egovernment.moa.spss.server.config.TrustProfile; /** * A class to build a VerifyCMSSignatureResponse object. * *

Via subsequent calls to addResult() a number of results from * a CMS signature verification can be added to the response.

* *

The getResponseElement() method then returns the * VerifyCMSSignatureResponse built so far.

* * @author Patrick Peck * @version $Id$ */ public class VerifyCMSSignatureResponseBuilder { /** The SPSSFactory for creating API objects. */ private SPSSFactory factory = SPSSFactory.getInstance(); /** The elements making up the response. */ private List responseElements = new ArrayList(); /** * Get the VerifyCMSSignatureResponse built so far. * * @return The VerifyCMSSignatureResponse built so far. */ public VerifyCMSSignatureResponse getResponse() { return factory.createVerifyCMSSignatureResponse(responseElements); } /** * Add a verification result to the response. * * @param result The result to add. * @param trustprofile The actual trustprofile * @param checkQCFromTSL true, if the TSL check verifies the * certificate as qualified, otherwise false. * @param checkSSCD true, if the TSL check verifies the * signature based on a SSDC, otherwise false. * @param sscdSourceTSL true, if the SSCD information comes from the TSL, * otherwise false. * @throws MOAException */ public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification) throws MOAException { CertificateValidationResult certResult = result.getCertificateValidationResult(); int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); int certificateCheckCode = certResult.getValidationResultCode().intValue(); VerifyCMSSignatureResponseElement responseElement; SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; boolean qualifiedCertificate = checkQC; //add signature algorithm name in case of extended validation String sigAlgName = null; if (extendedVerification) sigAlgName = result.getSignatureAlgorithmName(); // add SignerInfo element signerInfo = factory.createSignerInfo( (X509Certificate) certResult.getCertificateChain().get(0), qualifiedCertificate, qcSourceTSL, certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), checkSSCD, sscdSourceTSL, issuerCountryCode, result.getSigningTime(), tslInfos); // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); // build the response element responseElement = factory.createVerifyCMSSignatureResponseElement( signerInfo, signatureCheck, certificateCheck, adesResults, extendedCertificateCheckResult, sigAlgName); responseElements.add(responseElement); } /** * Add a verification result to the response. * * @param result The result to add. * @param trustprofile The actual trustprofile * @param checkQCFromTSL true, if the TSL check verifies the * certificate as qualified, otherwise false. * @param checkSSCD true, if the TSL check verifies the * signature based on a SSDC, otherwise false. * @param sscdSourceTSL true, if the SSCD information comes from the TSL, * otherwise false. * @throws MOAException */ public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification) throws MOAException { CertificateValidationResult certResult = result.getCertificateValidationResult(); int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); VerifyCMSSignatureResponseElement responseElement; SignerInfo signerInfo = null; CheckResult signatureCheck; CheckResult certificateCheck; boolean qualifiedCertificate = checkQC; //add signature algorithm name in case of extended validation String sigAlgName = null; if (extendedVerification) sigAlgName = result.getSignatureAlgorithmName(); //set code 99 if not certcheckresult exists int certificateCheckCode = 99; if (certResult != null) { certificateCheckCode = certResult.getValidationResultCode().intValue(); // add SignerInfo element signerInfo = factory.createSignerInfo( (X509Certificate) certResult.getCertificateChain().get(0), qualifiedCertificate, qcSourceTSL, certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), checkSSCD, sscdSourceTSL, issuerCountryCode, result.getSigningTime(), tslInfos); } // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); // build the response element responseElement = factory.createVerifyCMSSignatureResponseElement( signerInfo, signatureCheck, certificateCheck, adesResults, extendedCertificateCheckResult, sigAlgName); responseElements.add(responseElement); } }