/*
* Copyright 2003 Federal Chancellery Austria
* MOA-SPSS has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.spss.server.invoke;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterHash;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.iaik.xml.XMLSignatureImpl;
import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.util.AdESResultUtils;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.spss.util.QCSSCDResult;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.CollectionUtils;
import at.gv.egovernment.moaspss.util.Constants;
import iaik.server.ConfigurationException;
import iaik.server.modules.IAIKException;
import iaik.server.modules.IAIKRuntimeException;
import iaik.server.modules.SignatureVerificationProfile;
import iaik.server.modules.xml.DataObject;
import iaik.server.modules.xml.XMLDataObject;
import iaik.server.modules.xml.XMLSignature;
import iaik.server.modules.xmlsign.XMLConstants;
import iaik.server.modules.xmlverify.DsigManifest;
import iaik.server.modules.xmlverify.ExtendedXMLSignatureVerificationResult;
import iaik.server.modules.xmlverify.ReferenceData;
import iaik.server.modules.xmlverify.SecurityLayerManifest;
import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
import iaik.x509.X509Certificate;
import iaik.xml.crypto.utils.URI;
import iaik.xml.crypto.utils.URIException;
/**
* A class providing a DOM based interface to the
*
* In particular, it is verified that:
* XMLSignatureVerificationModule
.
*
* This class performs the invocation of the
* iaik.server.modules.xmlverify.XMLSignatureVerificationModule
* from a VerifyXMLSignatureRequest
given as a DOM element. The
* result of the invocation is integrated into a
* VerifyXMLSignatureResponse
and returned.
*
* @author Patrick Peck
* @version $Id$
*/
public class XMLSignatureVerificationInvoker {
/** The single instance of this class. */
private static XMLSignatureVerificationInvoker instance = null;
private static Set FILTERED_REF_TYPES;
static {
FILTERED_REF_TYPES = new HashSet();
FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
}
/**
* Get the single instance of this class.
*
* @return The single instance of this class.
*/
public static synchronized XMLSignatureVerificationInvoker getInstance() {
if (instance == null) {
instance = new XMLSignatureVerificationInvoker();
}
return instance;
}
/**
* Create a new XMLSignatureCreationInvoker
.
*
* Protected to disallow multiple instances.
*/
protected XMLSignatureVerificationInvoker() {
}
/**
* Process the VerifyXMLSignatureRequest
message and invoke the
*
XMLSignatureVerificationModule
.
*
* @param request A VerifyXMLSignatureRequest
API object
* containing the data for verifying an XML signature.
* @return A
VerifyXMLSignatureResponse
containing the answert
* to the VerifyXMLSignatureRequest
. MOA schema
* definition.
* @throws MOAException An error occurred during signature verification.
*/
public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
throws MOAException {
final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
final XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(
request);
final VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder();
ExtendedXMLSignatureVerificationResult result = null;
XMLSignatureVerificationResult plainResult;
XMLSignatureVerificationProfile profile;
ReferencesCheckResult signatureManifestCheck;
DataObjectFactory dataObjFactory;
XMLDataObject signatureEnvironment;
Node signatureEnvironmentParent = null;
Element requestElement = null;
XMLSignature xmlSignature;
Date signingTime;
List supplements;
List dataObjectList;
// get the supplements
supplements = getSupplements(request);
// build XMLSignature
dataObjFactory = DataObjectFactory.getInstance();
signatureEnvironment = dataObjFactory
.createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements);
xmlSignature = buildXMLSignature(signatureEnvironment, request);
// build the list of DataObjects
dataObjectList = buildDataObjectList(supplements);
// build profile
profile = profileFactory.createProfile();
// get the signingTime
signingTime = request.getDateTime();
// make the signature environment the root of the document, if it is not
// a
// separate document anyway; this is done to assure that
// canonicalization
// of the signature environment contains the correct namespace
// declarations
requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
if (requestElement != signatureEnvironment.getElement()) {
signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode();
requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement);
}
QCSSCDResult qcsscdresult = new QCSSCDResult();
final String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
final ConfigurationProvider config = ConfigurationProvider.getInstance();
final TrustProfile tp = config.getTrustProfile(tpID);
// verify the signature
try {
final XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance();
module.setLog(new IaikLog(loggingCtx.getNodeID()));
if (request.getExtendedValidaiton()) {
result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime,
new TransactionId(context.getTransactionID()));
plainResult = result.getXMLSignatureVerificationResult();
} else {
plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime,
new TransactionId(context.getTransactionID()));
}
} catch (final IAIKException e) {
final MOAException moaException = IaikExceptionMapper.getInstance().map(e);
throw moaException;
} catch (final IAIKRuntimeException e) {
final MOAException moaException = IaikExceptionMapper.getInstance().map(e);
throw moaException;
}
ExtendedCertificateCheckResult extCheckResult;
if (result != null) {
List adesResults = null;//
adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult());
if (Logger.isDebugEnabled()) {
if (adesResults != null) {
final Iterator adesIterator = adesResults.iterator();
while (adesIterator.hasNext()) {
Logger.debug("ADES Formresults: " + adesIterator.next().toString());
}
}
}
responseBuilder.setAdESFormResults(adesResults);
try {
// Logger.info("Extended Validation Report: " + result.getName());
Logger.debug("Extended Validation Code: " + result.getResultCode().toString());
Logger.debug("Extended Validation Info: " + result.getInfo());
extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode());
responseBuilder.setExtendedCertificateCheckResult(extCheckResult);
} catch (final NullPointerException e) {
Logger.info("No extendend validation result available.");
}
}
// QC/SSCD check
final List list = plainResult.getCertificateValidationResult().getCertificateChain();
if (list != null) {
final X509Certificate[] chain = new X509Certificate[list.size()];
final Iterator it = list.iterator();
int i = 0;
while (it.hasNext()) {
chain[i] = (X509Certificate) it.next();
i++;
}
qcsscdresult = CertificateUtils.checkQCSSCD(chain, plainResult.getSigningTime(), tp.isTSLEnabled(),
config);
}
// get signer certificate issuer country code
final String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
// swap back in the request as root document
if (requestElement != signatureEnvironment.getElement()) {
requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement());
signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
}
// check the result
signatureManifestCheck = validateSignatureManifest(request, plainResult,
profile);
// Check if signer certificate is in trust profile's allowed signer
// certificates pool
final TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
final CheckResult certificateCheck = validateSignerCertificate(plainResult,
trustProfile);
// build the response
responseBuilder.setResult(plainResult, profile, signatureManifestCheck,
certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(),
qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode, qcsscdresult.getTslInfos(),
request.getExtendedValidaiton());
return responseBuilder.getResponse();
}
/**
* Checks if the signer certificate matches one of the allowed signer
* certificates specified in the provided trustProfile
.
*
* @param result The result produced by the
* XMLSignatureVerificationModule
.
*
* @param trustProfile The trust profile the signer certificate is validated
* against.
*
* @return The overal result of the certificate validation for the signer
* certificate.
*
* @throws MOAException if one of the signer certificates specified in the
* trustProfile
cannot be read from the file
* system.
*/
private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result,
TrustProfile trustProfile)
throws MOAException {
final MessageProvider msg = MessageProvider.getInstance();
int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) {
final X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult()
.getCertificateChain().get(0);
File signerCertsDir = null;
try {
signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
} catch (final URIException e) {
throw new MOASystemException("2900", null, e); // Should not
// happen,
// already
// checked at
// loading the
// MOA
// configuration
}
final File[] files = signerCertsDir.listFiles();
if (files == null) {
resultCode = 1;
}
int i;
for (i = 0; i < files.length; i++) {
if (!files[i].isDirectory()) {
FileInputStream currentFIS = null;
try {
currentFIS = new FileInputStream(files[i]);
} catch (final FileNotFoundException e) {
throw new MOASystemException("2900", null, e);
}
try {
final X509Certificate currentCert = new X509Certificate(currentFIS);
currentFIS.close();
if (currentCert.equals(signerCertificate)) {
break;
}
} catch (final Exception e) {
// Simply ignore file if it cannot be interpreted as
// certificate
final String logMsg = msg.getMessage("invoker.03",
new Object[] { trustProfile.getId(), files[i].getName() });
Logger.warn(logMsg);
try {
currentFIS.close();
} catch (final IOException e1) {
// If clean-up fails, do nothing
}
}
}
}
if (i >= files.length) {
resultCode = 1; // No signer certificate from the trustprofile
// pool matches the actual signer certificate
}
}
final SPSSFactory factory = SPSSFactory.getInstance();
return factory.createCheckResult(resultCode, null);
}
/**
* Select the dsig:Signature
DOM element within the signature
* environment.
*
* @param signatureEnvironment The signature environment containing the
* dsig:Signature
.
* @param request The VerifyXMLSignatureRequest
* containing the signature environment.
* @return The dsig:Signature
element wrapped in a
* XMLSignature
object.
* @throws MOAApplicationException An error occurred locating the
* dsig:Signature
.
*/
private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment,
VerifyXMLSignatureRequest request)
throws MOAApplicationException {
final VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation();
Element signatureParent;
// evaluate the VerifySignatureLocation to get the signature parent
signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(),
signatureLocation);
// check for signatureParent to be a dsig:Signature element
if (!"Signature".equals(signatureParent.getLocalName())
|| !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
throw new MOAApplicationException("2266", null);
}
return new XMLSignatureImpl(signatureParent);
}
/**
* Build the supplemental data objects contained in the
* VerifyXMLSignatureRequest
.
*
* @param supplements A List
of
* XMLDataObjectAssociation
s containing the
* supplement data.
* @return A List
of DataObject
s representing the
* supplemental data objects.
* @throws MOASystemException A system error occurred building one of the
* data objects.
* @throws MOAApplicationException An error occurred building one of the data
* objects.
*/
private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException {
final List dataObjectList = new ArrayList();
final DataObjectFactory factory = DataObjectFactory.getInstance();
DataObject dataObject;
Iterator iter;
if (supplements != null) {
for (iter = supplements.iterator(); iter.hasNext();) {
final XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next();
dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false);
dataObjectList.add(dataObject);
}
}
return dataObjectList;
}
/**
* Get the supplemental data contained in the
* VerifyXMLSignatureRequest
.
*
* @param request The VerifyXMLSignatureRequest
containing the
* supplemental data.
* @return A List
of XMLDataObjectAssociation
objects
* containing the supplemental data.
* @throws MOAApplicationException An error occurred resolving one of the
* supplement profiles.
*/
private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException {
final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
final ConfigurationProvider config = context.getConfiguration();
final List supplementProfiles = request.getSupplementProfiles();
final List supplements = new ArrayList();
if (supplementProfiles != null) {
final List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
Iterator iter;
for (iter = mappedProfiles.iterator(); iter.hasNext();) {
final SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next();
supplements.add(profile.getSupplementProfile());
}
}
return supplements;
}
/**
* Perform additional validations of the
* XMLSignatureVerificationResult
.
*
*
*
* ReferenceData
object contains transformation chain that
* matches one of the Transforms
given in the corresponding
* SignatureManifestCheckParams/ReferenceInfo
TransformParameter
s are valid.
VerifyXMLSignatureRequest
containing the
* signature to verify.
* @param result The result produced by
* XMLSignatureVerificationModule
.
* @param profile The profile used for validating the request
.
* @return The result of additional validations of the signature manifest.
* @throws MOAApplicationException Post-validation of the
* XMLSignatureVerificaitonResult
* failed.
*/
private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request,
XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile)
throws MOAApplicationException {
final SPSSFactory factory = SPSSFactory.getInstance();
final MessageProvider msg = MessageProvider.getInstance();
// validate that each ReferenceData object contains transforms specified
// in the corresponding SignatureManifestCheckParams/ReferenceInfo
if (request.getSignatureManifestCheckParams() != null) {
final List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
final List refDatas = filterReferenceInfos(result.getReferenceDataList());
final List failedReferencesList = new ArrayList();
Iterator refInfoIter;
Iterator refDataIter;
if (refInfos.size() != refDatas.size()) {
return factory.createReferencesCheckResult(1, null);
}
refInfoIter = refInfos.iterator();
refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator();
while (refInfoIter.hasNext()) {
final ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
final ReferenceData refData = (ReferenceData) refDataIter.next();
final List transforms = buildTransformsList(refInfo);
boolean found = false;
Iterator trIter;
for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
found = trIter.next().equals(refData.getTransformationList());
}
if (!found) {
final Integer refIndex = new Integer(refData.getReferenceIndex());
final String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex });
failedReferencesList.add(refIndex);
Logger.debug(new LogMsg(logMsg));
}
}
if (!failedReferencesList.isEmpty()) {
// at least one reference failed - return their indexes and
// check code 1
final int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList);
final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
failedReferences);
return factory.createReferencesCheckResult(1, checkInfo);
}
}
// validate the hashes contained in all the ReferenceInfo objects of the
// security layer manifest
if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) {
final Map hashValues = buildTransformParameterHashValues(request);
final Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements());
final List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList();
Iterator refIter;
for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
final iaik.server.modules.xmlverify.ReferenceInfo ref =
(iaik.server.modules.xmlverify.ReferenceInfo) refIter
.next();
final byte[] hash = (byte[]) hashValues.get(ref.getURI());
if (!transformParameterURIs.contains(ref.getURI())
|| hash != null && !Arrays.equals(hash, ref.getHashValue())) {
// the transform parameter doesn't exist or the hashs do not
// match
// return the index of the failed reference and check code 1
final int[] failedReferences = new int[] { ref.getReferenceIndex() };
final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
failedReferences);
final String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref
.getReferenceIndex()) });
Logger.debug(new LogMsg(logMsg));
return factory.createReferencesCheckResult(1, checkInfo);
}
}
}
return factory.createReferencesCheckResult(0, null);
}
/**
* Get all Transform
s contained in all the
* VerifyTransformsInfoProfile
s of the given
* ReferenceInfo
.
*
* @param refInfo The ReferenceInfo
object containing the
* transformations.
* @return A List
of List
s. Each of the
* List
s contains Transformation
objects.
* @throws MOAApplicationException An error occurred building one of the
* Transformation
s.
*/
private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException {
final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
final ConfigurationProvider config = context.getConfiguration();
final List profiles = refInfo.getVerifyTransformsInfoProfiles();
final List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
final List transformsList = new ArrayList();
final TransformationFactory factory = TransformationFactory.getInstance();
Iterator iter;
for (iter = mappedProfiles.iterator(); iter.hasNext();) {
final VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next();
final List transforms = profile.getTransforms();
if (transforms != null) {
transformsList.add(factory.createTransformationList(transforms));
}
}
return transformsList;
}
/**
* Build the Set
of all TransformParameter
URIs.
*
* @param transformParameters The List
of
* TransformParameter
s, as provided to
* the verification.
* @return The Set
of all TransformParameter
URIs.
*/
private Set buildTransformParameterURIs(List transformParameters) {
final Set uris = new HashSet();
Iterator iter;
for (iter = transformParameters.iterator(); iter.hasNext();) {
final DataObject transformParameter = (DataObject) iter.next();
uris.add(transformParameter.getURI());
}
return uris;
}
/**
* Build a mapping between TransformParameter
URIs (a
* String
and dsig:HashValue
(a byte[]
).
*
* @param request The VerifyXMLSignatureRequest
.
* @return Map The resulting mapping.
* @throws MOAApplicationException An error occurred accessing one of the
* profiles.
*/
private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request)
throws MOAApplicationException {
final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
final ConfigurationProvider config = context.getConfiguration();
final Map hashValues = new HashMap();
final List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
Iterator refIter;
for (refIter = refInfos.iterator(); refIter.hasNext();) {
final ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
final List profiles = refInfo.getVerifyTransformsInfoProfiles();
final List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
Iterator prIter;
for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
final VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter
.next();
final List trParameters = profile.getTransformParameters();
Iterator trIter;
for (trIter = trParameters.iterator(); trIter.hasNext();) {
final TransformParameter transformParameter = (TransformParameter) trIter.next();
final String uri = transformParameter.getURI();
if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) {
hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue());
}
}
}
}
return hashValues;
}
/**
* Filter the ReferenceInfo
s returned by the
* VerifyXMLSignatureResult
for comparison with the
* ReferenceInfo
elements in the request.
*
* @param referenceInfos The ReferenceInfo
s from the
* VerifyXMLSignatureResult
.
* @return A List
of all ReferenceInfo
s whose type is
* not a XMLDsig manifest, Security Layer manifest, or ETSI signed
* property.
*/
private List filterReferenceInfos(List referenceInfos) {
final List filtered = new ArrayList();
Iterator iter;
for (iter = referenceInfos.iterator(); iter.hasNext();) {
final iaik.server.modules.xmlverify.ReferenceInfo refInfo =
(iaik.server.modules.xmlverify.ReferenceInfo) iter
.next();
final String refType = refInfo.getReferenceType();
if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
filtered.add(refInfo);
}
}
return filtered;
}
private List getAdESResult(ExtendedXMLSignatureVerificationResult adesFormVerification)
throws ConfigurationException {
if (adesFormVerification == null) {
// no form information
return null;
}
final List adesList = new ArrayList();
/*
* checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile
* .LEVEL_LTA), SignatureVerificationProfile.LEVEL_LTA, adesList);
* checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile
* .LEVEL_LT), SignatureVerificationProfile.LEVEL_LT, adesList);
* checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile
* .LEVEL_T), SignatureVerificationProfile.LEVEL_T, adesList);
* checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile
* .LEVEL_B), SignatureVerificationProfile.LEVEL_B, adesList);
*/
AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(
iaik.esi.sva.util.Constants.LONG_TERM_VALIDATION),
SignatureVerificationProfile.LEVEL_LT, adesList);
AdESResultUtils.checkSubResult(adesFormVerification.getSubResult(
iaik.esi.sva.util.Constants.ADES_T_VALIDATION),
SignatureVerificationProfile.LEVEL_T, adesList);
AdESResultUtils.checkSubResult(adesFormVerification.getSubResult("basic report"),
SignatureVerificationProfile.LEVEL_B, adesList);
return adesList;
}
}