Finalize moa-sig-lib's Integration and Add Testcase

- Interpret `ISignatureVerificationService` response properly (by following security layer spec [1] and moaspss handbook [2]). - Add config flag `moa.spss.is-manifest-check-active` - Change SignatureVerifier Interface: Remove @return boolean, just throw an exception when a validation error occurs. Reason: In case the signature cannot be validated, the application always needs the reason for the validation error, which requires the verifier to throw an exception. In turn, the only valid return value for `verify()` becomes `true`, which can be omitted at that point. - Add testcase for verifying a valid enveloped xml signature - Remove Certificates that are not needed. [1] https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html [2] https://apps.egiz.gv.at/handbooks/moa-spss/handbook/handbook/usage/usage.html
author: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> 2019-06-19 10:46:15 +0200
committer: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> 2019-06-19 10:46:15 +0200
commit: 5d183fd9535d80e5066647e0501da881bcac4d58 (patch)
tree: 5de251fdde379644e36bace245cf831805faac5d /src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java
parent: 2a765b9c3a0d20bf2794c569f584bde05fb21d16 (diff)
download: moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.tar.gz
moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.tar.bz2
moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.zip
1 files changed, 8 insertions, 4 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java b/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java
index 9f2b6d4..920e90d 100644
--- a/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java
+++ b/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java
@@ -75,11 +75,12 @@ public class SameThreadDeliveryPipeline implements DeliveryPipeline {
             status = msgClientFactory.create(msgRequest, mzsRequest.getConfig(), interceptor).send();
 
             var signedStatus = repository.getSignedDeliveryRequestStatus(appDeliveryId).get();
-            if (verifier.verify(signedStatus)) {
-                repository.add(status);
-            } else {
+
+            try {
+                verifier.verify(signedStatus);
+            } catch (Exception ex) {
                 throw moaZSExceptionBuilder("Signature of DeliveryRequestStatus with AppDeliveryId={} " +
-                        "is invalid.", appDeliveryId)
+                        " is not valid.", appDeliveryId)
                         .withErrorCode(MoaZSException.ERROR_MOASP_SIGNATURE_INVALID)
                         .withMzsRequest(mzsRequest)
                         .withTnvzResult(tnvzResult)
@@ -87,6 +88,9 @@ public class SameThreadDeliveryPipeline implements DeliveryPipeline {
                         .withMsgResult(status)
                         .build();
             }
+
+            repository.add(status);
+
         } catch (MoaZSException exception) {
             var errorStatus = generateErrorStatus(exception, appDeliveryId);
             repository.add(errorStatus);
author	Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>	2019-06-19 10:46:15 +0200
committer	Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>	2019-06-19 10:46:15 +0200
commit	5d183fd9535d80e5066647e0501da881bcac4d58 (patch)
tree	5de251fdde379644e36bace245cf831805faac5d /src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java
parent	2a765b9c3a0d20bf2794c569f584bde05fb21d16 (diff)
download	moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.tar.gz moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.tar.bz2 moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.zip