/*
* Copyright 2003 Federal Chancellery Austria
* MOA-SPSS has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.spss.server.invoke;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.ws.soap.AddressingFeature.Responses;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterHash;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.iaik.xml.XMLSignatureImpl;
import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.util.AdESResultUtils;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.spss.util.QCSSCDResult;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.CollectionUtils;
import at.gv.egovernment.moaspss.util.Constants;
import iaik.server.ConfigurationException;
import iaik.server.modules.AdESConstants;
import iaik.server.modules.AdESFormVerificationResult;
import iaik.server.modules.IAIKException;
import iaik.server.modules.IAIKRuntimeException;
import iaik.server.modules.SignatureVerificationProfile;
import iaik.server.modules.SignatureVerificationResult;
import iaik.server.modules.xml.DataObject;
import iaik.server.modules.xml.XMLDataObject;
import iaik.server.modules.xml.XMLSignature;
import iaik.server.modules.xmlsign.XMLConstants;
import iaik.server.modules.xmlverify.DsigManifest;
import iaik.server.modules.xmlverify.ExtendedXMLSignatureVerificationResult;
import iaik.server.modules.xmlverify.ReferenceData;
import iaik.server.modules.xmlverify.SecurityLayerManifest;
import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
import iaik.x509.X509Certificate;
import iaik.xml.crypto.utils.URI;
import iaik.xml.crypto.utils.URIException;
/**
* A class providing a DOM based interface to the
*
* In particular, it is verified that:
* XMLSignatureVerificationModule
.
*
* This class performs the invocation of the
* iaik.server.modules.xmlverify.XMLSignatureVerificationModule
* from a VerifyXMLSignatureRequest
given as a DOM element. The
* result of the invocation is integrated into a
* VerifyXMLSignatureResponse
and returned.
*
* @author Patrick Peck
* @version $Id$
*/
public class XMLSignatureVerificationInvoker {
/** The single instance of this class. */
private static XMLSignatureVerificationInvoker instance = null;
private static Set FILTERED_REF_TYPES;
static {
FILTERED_REF_TYPES = new HashSet();
FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
}
/**
* Get the single instance of this class.
*
* @return The single instance of this class.
*/
public static synchronized XMLSignatureVerificationInvoker getInstance() {
if (instance == null) {
instance = new XMLSignatureVerificationInvoker();
}
return instance;
}
/**
* Create a new XMLSignatureCreationInvoker
.
*
* Protected to disallow multiple instances.
*/
protected XMLSignatureVerificationInvoker() {
}
/**
* Process the VerifyXMLSignatureRequest
message and invoke the
*
XMLSignatureVerificationModule
.
*
* @param request
* A VerifyXMLSignatureRequest
API object
* containing the data for verifying an XML signature.
* @return A
VerifyXMLSignatureResponse
containing the answert
* to the VerifyXMLSignatureRequest
. MOA schema
* definition.
* @throws MOAException
* An error occurred during signature verification.
*/
public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) throws MOAException {
TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request);
VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder();
ExtendedXMLSignatureVerificationResult result = null;
XMLSignatureVerificationResult plainResult;
XMLSignatureVerificationProfile profile;
ReferencesCheckResult signatureManifestCheck;
DataObjectFactory dataObjFactory;
XMLDataObject signatureEnvironment;
Node signatureEnvironmentParent = null;
Element requestElement = null;
XMLSignature xmlSignature;
Date signingTime;
List supplements;
List dataObjectList;
// get the supplements
supplements = getSupplements(request);
// build XMLSignature
dataObjFactory = DataObjectFactory.getInstance();
signatureEnvironment = dataObjFactory
.createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements);
xmlSignature = buildXMLSignature(signatureEnvironment, request);
// build the list of DataObjects
dataObjectList = buildDataObjectList(supplements);
// build profile
profile = profileFactory.createProfile();
// get the signingTime
signingTime = request.getDateTime();
// make the signature environment the root of the document, if it is not
// a
// separate document anyway; this is done to assure that
// canonicalization
// of the signature environment contains the correct namespace
// declarations
requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
if (requestElement != signatureEnvironment.getElement()) {
signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode();
requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement);
}
QCSSCDResult qcsscdresult = new QCSSCDResult();
String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
ConfigurationProvider config = ConfigurationProvider.getInstance();
TrustProfile tp = config.getTrustProfile(tpID);
// verify the signature
try {
XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance();
module.setLog(new IaikLog(loggingCtx.getNodeID()));
if(request.getExtendedValidaiton()) {
result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime,
new TransactionId(context.getTransactionID()));
plainResult = result.getXMLSignatureVerificationResult();
} else {
plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime,
new TransactionId(context.getTransactionID()));
}
} catch (IAIKException e) {
MOAException moaException = IaikExceptionMapper.getInstance().map(e);
throw moaException;
} catch (IAIKRuntimeException e) {
MOAException moaException = IaikExceptionMapper.getInstance().map(e);
throw moaException;
}
ExtendedCertificateCheckResult extCheckResult;
if(result != null) {
List adesResults = null;//
adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult());
if (Logger.isDebugEnabled()) {
if (adesResults != null) {
Iterator adesIterator = adesResults.iterator();
while (adesIterator.hasNext()) {
Logger.debug("ADES Formresults: " + adesIterator.next().toString());
}
}
}
responseBuilder.setAdESFormResults(adesResults);
try {
//Logger.info("Extended Validation Report: " + result.getName());
Logger.debug("Extended Validation Code: " + result.getResultCode().toString());
Logger.debug("Extended Validation Info: " + result.getInfo());
extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode());
responseBuilder.setExtendedCertificateCheckResult(extCheckResult);
} catch (NullPointerException e) {
Logger.info("No extendend validation result available.");
}
}
// QC/SSCD check
List list = plainResult.getCertificateValidationResult().getCertificateChain();
if (list != null) {
X509Certificate[] chain = new X509Certificate[list.size()];
Iterator it = list.iterator();
int i = 0;
while (it.hasNext()) {
chain[i] = (X509Certificate) it.next();
i++;
}
qcsscdresult = CertificateUtils.checkQCSSCD(chain, plainResult.getSigningTime(), tp.isTSLEnabled(), config);
}
// get signer certificate issuer country code
String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
// swap back in the request as root document
if (requestElement != signatureEnvironment.getElement()) {
requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement());
signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
}
// check the result
signatureManifestCheck = validateSignatureManifest(request, plainResult,
profile);
// Check if signer certificate is in trust profile's allowed signer
// certificates pool
TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
CheckResult certificateCheck = validateSignerCertificate(plainResult,
trustProfile);
// build the response
responseBuilder.setResult(plainResult, profile, signatureManifestCheck,
certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(),
qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos(), request.getExtendedValidaiton());
return responseBuilder.getResponse();
}
/**
* Checks if the signer certificate matches one of the allowed signer
* certificates specified in the provided trustProfile
.
*
* @param result
* The result produced by the
* XMLSignatureVerificationModule
.
*
* @param trustProfile
* The trust profile the signer certificate is validated against.
*
* @return The overal result of the certificate validation for the signer
* certificate.
*
* @throws MOAException
* if one of the signer certificates specified in the
* trustProfile
cannot be read from the file
* system.
*/
private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result,
TrustProfile trustProfile)
throws MOAException {
MessageProvider msg = MessageProvider.getInstance();
int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) {
X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult()
.getCertificateChain().get(0);
File signerCertsDir = null;
try {
signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
} catch (URIException e) {
throw new MOASystemException("2900", null, e); // Should not
// happen,
// already
// checked at
// loading the
// MOA
// configuration
}
File[] files = signerCertsDir.listFiles();
if (files == null)
resultCode = 1;
int i;
for (i = 0; i < files.length; i++) {
if (!files[i].isDirectory()) {
FileInputStream currentFIS = null;
try {
currentFIS = new FileInputStream(files[i]);
} catch (FileNotFoundException e) {
throw new MOASystemException("2900", null, e);
}
try {
X509Certificate currentCert = new X509Certificate(currentFIS);
currentFIS.close();
if (currentCert.equals(signerCertificate))
break;
} catch (Exception e) {
// Simply ignore file if it cannot be interpreted as
// certificate
String logMsg = msg.getMessage("invoker.03",
new Object[] { trustProfile.getId(), files[i].getName() });
Logger.warn(logMsg);
try {
currentFIS.close();
} catch (IOException e1) {
// If clean-up fails, do nothing
}
}
}
}
if (i >= files.length) {
resultCode = 1; // No signer certificate from the trustprofile
// pool matches the actual signer certificate
}
}
SPSSFactory factory = SPSSFactory.getInstance();
return factory.createCheckResult(resultCode, null);
}
/**
* Select the dsig:Signature
DOM element within the signature
* environment.
*
* @param signatureEnvironment
* The signature environment containing the
* dsig:Signature
.
* @param request
* The VerifyXMLSignatureRequest
containing the
* signature environment.
* @return The dsig:Signature
element wrapped in a
* XMLSignature
object.
* @throws MOAApplicationException
* An error occurred locating the dsig:Signature
.
*/
private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment, VerifyXMLSignatureRequest request)
throws MOAApplicationException {
VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation();
Element signatureParent;
// evaluate the VerifySignatureLocation to get the signature parent
signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(), signatureLocation);
// check for signatureParent to be a dsig:Signature element
if (!"Signature".equals(signatureParent.getLocalName())
|| !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
throw new MOAApplicationException("2266", null);
}
return new XMLSignatureImpl(signatureParent);
}
/**
* Build the supplemental data objects contained in the
* VerifyXMLSignatureRequest
.
*
* @param supplements
* A List
of XMLDataObjectAssociation
s
* containing the supplement data.
* @return A List
of DataObject
s representing the
* supplemental data objects.
* @throws MOASystemException
* A system error occurred building one of the data objects.
* @throws MOAApplicationException
* An error occurred building one of the data objects.
*/
private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException {
List dataObjectList = new ArrayList();
DataObjectFactory factory = DataObjectFactory.getInstance();
DataObject dataObject;
Iterator iter;
if (supplements != null) {
for (iter = supplements.iterator(); iter.hasNext();) {
XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next();
dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false);
dataObjectList.add(dataObject);
}
}
return dataObjectList;
}
/**
* Get the supplemental data contained in the
* VerifyXMLSignatureRequest
.
*
* @param request
* The VerifyXMLSignatureRequest
containing the
* supplemental data.
* @return A List
of XMLDataObjectAssociation
* objects containing the supplemental data.
* @throws MOAApplicationException
* An error occurred resolving one of the supplement profiles.
*/
private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException {
TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
ConfigurationProvider config = context.getConfiguration();
List supplementProfiles = request.getSupplementProfiles();
List supplements = new ArrayList();
if (supplementProfiles != null) {
List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
Iterator iter;
for (iter = mappedProfiles.iterator(); iter.hasNext();) {
SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next();
supplements.add(profile.getSupplementProfile());
}
}
return supplements;
}
/**
* Perform additional validations of the
* XMLSignatureVerificationResult
.
*
*
*
* ReferenceData
object contains transformation chain
* that matches one of the Transforms
given in the
* corresponding SignatureManifestCheckParams/ReferenceInfo
* TransformParameter
s are valid.
*
VerifyXMLSignatureRequest
containing the
* signature to verify.
* @param result
* The result produced by
* XMLSignatureVerificationModule
.
* @param profile
* The profile used for validating the request
.
* @return The result of additional validations of the signature manifest.
* @throws MOAApplicationException
* Post-validation of the
* XMLSignatureVerificaitonResult
failed.
*/
private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request,
XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile)
throws MOAApplicationException {
SPSSFactory factory = SPSSFactory.getInstance();
MessageProvider msg = MessageProvider.getInstance();
// validate that each ReferenceData object contains transforms specified
// in the corresponding SignatureManifestCheckParams/ReferenceInfo
if (request.getSignatureManifestCheckParams() != null) {
List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
List refDatas = filterReferenceInfos(result.getReferenceDataList());
List failedReferencesList = new ArrayList();
Iterator refInfoIter;
Iterator refDataIter;
if (refInfos.size() != refDatas.size()) {
return factory.createReferencesCheckResult(1, null);
}
refInfoIter = refInfos.iterator();
refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator();
while (refInfoIter.hasNext()) {
ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
ReferenceData refData = (ReferenceData) refDataIter.next();
List transforms = buildTransformsList(refInfo);
boolean found = false;
Iterator trIter;
for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
found = trIter.next().equals(refData.getTransformationList());
}
if (!found) {
Integer refIndex = new Integer(refData.getReferenceIndex());
String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex });
failedReferencesList.add(refIndex);
Logger.debug(new LogMsg(logMsg));
}
}
if (!failedReferencesList.isEmpty()) {
// at least one reference failed - return their indexes and
// check code 1
int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList);
ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, failedReferences);
return factory.createReferencesCheckResult(1, checkInfo);
}
}
// validate the hashes contained in all the ReferenceInfo objects of the
// security layer manifest
if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) {
Map hashValues = buildTransformParameterHashValues(request);
Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements());
List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList();
Iterator refIter;
for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
iaik.server.modules.xmlverify.ReferenceInfo ref = (iaik.server.modules.xmlverify.ReferenceInfo) refIter
.next();
byte[] hash = (byte[]) hashValues.get(ref.getURI());
if (!transformParameterURIs.contains(ref.getURI())
|| (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
// the transform parameter doesn't exist or the hashs do not
// match
// return the index of the failed reference and check code 1
int[] failedReferences = new int[] { ref.getReferenceIndex() };
ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
failedReferences);
String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref.getReferenceIndex()) });
Logger.debug(new LogMsg(logMsg));
return factory.createReferencesCheckResult(1, checkInfo);
}
}
}
return factory.createReferencesCheckResult(0, null);
}
/**
* Get all Transform
s contained in all the
* VerifyTransformsInfoProfile
s of the given
* ReferenceInfo
.
*
* @param refInfo
* The ReferenceInfo
object containing the
* transformations.
* @return A List
of List
s. Each of the
* List
s contains Transformation
objects.
* @throws MOAApplicationException
* An error occurred building one of the
* Transformation
s.
*/
private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException {
TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
ConfigurationProvider config = context.getConfiguration();
List profiles = refInfo.getVerifyTransformsInfoProfiles();
List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
List transformsList = new ArrayList();
TransformationFactory factory = TransformationFactory.getInstance();
Iterator iter;
for (iter = mappedProfiles.iterator(); iter.hasNext();) {
VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next();
List transforms = profile.getTransforms();
if (transforms != null) {
transformsList.add(factory.createTransformationList(transforms));
}
}
return transformsList;
}
/**
* Build the Set
of all TransformParameter
URIs.
*
* @param transformParameters
* The List
of TransformParameter
s, as
* provided to the verification.
* @return The Set
of all TransformParameter
URIs.
*/
private Set buildTransformParameterURIs(List transformParameters) {
Set uris = new HashSet();
Iterator iter;
for (iter = transformParameters.iterator(); iter.hasNext();) {
DataObject transformParameter = (DataObject) iter.next();
uris.add(transformParameter.getURI());
}
return uris;
}
/**
* Build a mapping between TransformParameter
URIs (a
* String
and dsig:HashValue
(a
* byte[]
).
*
* @param request
* The VerifyXMLSignatureRequest
.
* @return Map The resulting mapping.
* @throws MOAApplicationException
* An error occurred accessing one of the profiles.
*/
private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) throws MOAApplicationException {
TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
ConfigurationProvider config = context.getConfiguration();
Map hashValues = new HashMap();
List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
Iterator refIter;
for (refIter = refInfos.iterator(); refIter.hasNext();) {
ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
List profiles = refInfo.getVerifyTransformsInfoProfiles();
List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
Iterator prIter;
for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter.next();
List trParameters = profile.getTransformParameters();
Iterator trIter;
for (trIter = trParameters.iterator(); trIter.hasNext();) {
TransformParameter transformParameter = (TransformParameter) trIter.next();
String uri = transformParameter.getURI();
if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) {
hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue());
}
}
}
}
return hashValues;
}
/**
* Filter the ReferenceInfo
s returned by the
* VerifyXMLSignatureResult
for comparison with the
* ReferenceInfo
elements in the request.
*
* @param referenceInfos
* The ReferenceInfo
s from the
* VerifyXMLSignatureResult
.
* @return A List
of all ReferenceInfo
s whose type
* is not a XMLDsig manifest, Security Layer manifest, or ETSI
* signed property.
*/
private List filterReferenceInfos(List referenceInfos) {
List filtered = new ArrayList();
Iterator iter;
for (iter = referenceInfos.iterator(); iter.hasNext();) {
iaik.server.modules.xmlverify.ReferenceInfo refInfo = (iaik.server.modules.xmlverify.ReferenceInfo) iter
.next();
String refType = refInfo.getReferenceType();
if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
filtered.add(refInfo);
}
}
return filtered;
}
private List getAdESResult(ExtendedXMLSignatureVerificationResult adesFormVerification) throws ConfigurationException {
if (adesFormVerification == null) {
// no form information
return null;
}
List adesList = new ArrayList();
/*
checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA),
SignatureVerificationProfile.LEVEL_LTA, adesList);
checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT),
SignatureVerificationProfile.LEVEL_LT, adesList);
checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T),
SignatureVerificationProfile.LEVEL_T, adesList);
checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B),
SignatureVerificationProfile.LEVEL_B, adesList);
*/
AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.LONG_TERM_VALIDATION),
SignatureVerificationProfile.LEVEL_LT, adesList);
AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(AdESConstants.ADES_T_VALIDATION),
SignatureVerificationProfile.LEVEL_T, adesList);
AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"),
SignatureVerificationProfile.LEVEL_B, adesList);
return adesList;
}
}