aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-07-12 08:31:42 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-07-12 08:40:38 +0200
commit9dc0e72571a895e34a55c11d015c5d359b485aff (patch)
treedb7a3fc270b55722b218b0c890eed38ac93a7f3b
parent8aba1b4f18f5fbfebdf239b4b4945b628e439905 (diff)
downloadmoa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.tar.gz
moa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.tar.bz2
moa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.zip
Renamed and Simplified SignatureVerifier
-rw-r--r--src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java67
-rw-r--r--src/main/resources/application.yaml1
-rw-r--r--src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java (renamed from src/test/java/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest.java)4
-rw-r--r--src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/invalid-signed-delivery-response.xml (renamed from src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml)0
-rw-r--r--src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-delivery-response.xml (renamed from src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/valid-signed-delivery-response.xml)0
5 files changed, 41 insertions, 31 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java
index e9c5387..f9bbeb3 100644
--- a/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java
+++ b/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java
@@ -16,6 +16,23 @@ public class SignatureVerifier implements Consumer<byte[]> {
private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class);
private static final int OK_CODE = 0;
+ private static final String MOASPSS_FAILED_ERROR_MSG = "MOA SPSS could not find the signature. ";
+ private static final String SIGNATURE_CODE_ERROR_MSG = "Signature is not valid: Check code was %d. ";
+ private static final String CERT_CODE_ERROR_MSG = "Certificate chain is not valid: Check code was %d. ";
+ private static final String MANIFEST_CODE_ERROR_MSG = "Signature Manifest is not valid: Check code was %d. ";
+ private static final String XMLMANIFEST_CODE_ERROR_MSG = "XmlDSIGManifest is not valid: Check code was %d. ";
+ private static final String XML_SIGNATURE_RESPONSE_TEMPLATE =
+ " XmlDsigSubjectName: %s\n" +
+ " SignatureManifestCheckCode: %s\n" +
+ " XmlDSIGManifestCheckCode: %s\n" +
+ " CertificateCheckCode: %s\n" +
+ " SignatureCheckCode: %s\n" +
+ " SigningDateTime: %s\n" +
+ " isXmlDSIGManigest: %s\n" +
+ " isPublicAuthority: %s\n" +
+ " isQualifiedCertificate: %s\n" +
+ " getPublicAuthorityCode: %s\n";
+ private static final String MOASIG_SERVICE_ERROR_MSG = "MOA SPSS could not accept the XML signature. ";
private final ISignatureVerificationService service;
private final String trustProfile;
@@ -40,29 +57,24 @@ public class SignatureVerifier implements Consumer<byte[]> {
try {
var response = service.verifyXMLSignature(signedXMLdocument, trustProfile);
- if (log.isDebugEnabled()) {
- print(response);
- }
+ debug(response);
if (response == null) {
- throw moaZSException("MOA SPSS could not find the signature. ");
+ throw moaZSException(MOASPSS_FAILED_ERROR_MSG);
}
var builder = new StringBuilder();
if (response.getSignatureCheckCode() != OK_CODE) {
- builder.append(format("Signature is not valid; SignatureCheckCode was %d. ",
- response.getSignatureCheckCode()));
+ builder.append(format(SIGNATURE_CODE_ERROR_MSG, response.getSignatureCheckCode()));
}
if (response.getCertificateCheckCode() != OK_CODE) {
- builder.append(format("Certificate chain is not valid; CertificateCheckCode was %d. ",
- response.getCertificateCheckCode()));
+ builder.append(format(CERT_CODE_ERROR_MSG, response.getCertificateCheckCode()));
}
if (response.getSignatureManifestCheckCode() != OK_CODE) {
- var signatureManifestErrorMsg = format("Signature Manifest is not valid; " +
- "SignatureManifestCheckCode was %d. ", response.getSignatureManifestCheckCode());
+ var signatureManifestErrorMsg = format(MANIFEST_CODE_ERROR_MSG, response.getSignatureManifestCheckCode());
if (isManifestCheckActive) {
builder.append(signatureManifestErrorMsg);
} else {
@@ -71,8 +83,7 @@ public class SignatureVerifier implements Consumer<byte[]> {
}
if (response.isXmlDSIGManigest() && response.getXmlDSIGManifestCheckCode() != OK_CODE) {
- var xmlDSIGManifestErrorMsg = format("XmlDSIGManifest Manifest is not valid; " +
- "XmlDSIGManifest was %d. ", response.getXmlDSIGManifestCheckCode());
+ var xmlDSIGManifestErrorMsg = format(XMLMANIFEST_CODE_ERROR_MSG, response.getXmlDSIGManifestCheckCode());
if (isManifestCheckActive) {
builder.append(xmlDSIGManifestErrorMsg);
} else {
@@ -87,30 +98,28 @@ public class SignatureVerifier implements Consumer<byte[]> {
}
} catch (MOASigServiceException e) {
- throw moaZSExceptionBuilder("Could not accept the XML signature.")
+ throw moaZSExceptionBuilder(MOASIG_SERVICE_ERROR_MSG)
.withCause(e)
.build();
}
}
- private void print(IXMLSignatureVerificationResponse response) {
- log.debug("Response:");
+ public static void debug(IXMLSignatureVerificationResponse response) {
+ if (log.isDebugEnabled()) {
+ var builder = new StringBuilder("Response: \n");
+ if (response == null) {
+ builder.append("null");
+ } else {
+ var objects = new Object[]{response.getXmlDsigSubjectName(), response.getSignatureManifestCheckCode(),
+ response.getXmlDSIGManifestCheckCode(), response.getCertificateCheckCode(),
+ response.getSignatureCheckCode(), response.getSigningDateTime(), response.isXmlDSIGManigest(),
+ response.isPublicAuthority(), response.isQualifiedCertificate(),
+ response.getPublicAuthorityCode()};
+ builder.append(String.format(XML_SIGNATURE_RESPONSE_TEMPLATE, objects));
+ }
- if (response == null) {
- log.debug("null");
- return;
+ log.debug(builder.toString());
}
-
- log.debug(" XmlDsigSubjectName: {}", response.getXmlDsigSubjectName());
- log.debug(" SignatureManifestCheckCode: {}", response.getSignatureManifestCheckCode());
- log.debug(" XmlDSIGManifestCheckCode: {}", response.getXmlDSIGManifestCheckCode());
- log.debug(" CertificateCheckCode: {}", response.getCertificateCheckCode());
- log.debug(" SignatureCheckCode: {}", response.getSignatureCheckCode());
- log.debug(" SigningDateTime: {}", response.getSigningDateTime());
- log.debug(" isXmlDSIGManigest: {}", response.isXmlDSIGManigest());
- log.debug(" isPublicAuthority: {}", response.isPublicAuthority());
- log.debug(" isQualifiedCertificate: {}", response.isQualifiedCertificate());
- log.debug(" getPublicAuthorityCode: {}", response.getPublicAuthorityCode());
}
}
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index ca8221c..0e7b67e 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -55,6 +55,7 @@ logging:
org.springframework: WARN
at.gv: INFO #DEBUG
iaik: INFO #DEBUG
+ at.gv.egiz.moazs.backend.SignatureVerifier: DEBUG
# default type for java's ssl key/trust store
javax.net.ssl:
diff --git a/src/test/java/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest.java b/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java
index 34f4e1b..e4dbec7 100644
--- a/src/test/java/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest.java
+++ b/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java
@@ -17,9 +17,9 @@ import java.nio.file.Files;
//Note: Certificate that signed these delivery responses expires in 2023-09-27.
@RunWith(SpringRunner.class)
@SpringBootTest
- public class ITMoaSPSSSignatureVerifierTest {
+ public class ITSignatureVerifierTest {
- private final String resourcesPath = "src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/";
+ private final String resourcesPath = "src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/";
@TestConfiguration
public class Config{
diff --git a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/invalid-signed-delivery-response.xml
index b850145..b850145 100644
--- a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml
+++ b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/invalid-signed-delivery-response.xml
diff --git a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/valid-signed-delivery-response.xml b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-delivery-response.xml
index 59a90cf..59a90cf 100644
--- a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/valid-signed-delivery-response.xml
+++ b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-delivery-response.xml