Integrate MoaSig Verification into SignatureVerifier

- Verify signature via ISignatureVerificationService.
- Override System Property moa.spss.server.configuration via spring's
  environment (Reason: can configure path to moa SPSS config file via
  application.yaml & moa SPSS needs this parameter to find the config
  file)
- Setup test configuration directory for moaspss in
  src/main/resources/moa-spss
- Readme: Explain how to install moaspss' dependencies into local
  repository.

2 files changed, 58 insertions, 2 deletions

diff --git a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
new file mode 100644
index 0000000..e96d851
--- /dev/null
+++ b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
@@ -0,0 +1,29 @@
+package at.gv.egiz.moazs.config;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class MoaSigConfig {
+
+    private final String defaultTrustProfile;
+
+    public MoaSigConfig(@Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile,
+                        @Value("${moa.spss.server.configuration}") String serverConfigUrl) {
+        this.defaultTrustProfile = defaultTrustProfile;
+        System.getProperties().setProperty("moa.spss.server.configuration", serverConfigUrl);
+    }
+
+    @Bean
+    public String moaSPSSServerDefaultTrustProfile() {
+        return defaultTrustProfile;
+    }
+
+    @Bean
+    public ISignatureVerificationService moaSigVerifyService() {
+        return new SignatureVerificationService();
+    }
+}
diff --git a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
index 12b1ccb..d6311c4 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
@@ -1,13 +1,40 @@
 package at.gv.egiz.moazs.msg;
 
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
 @Component
 public class SignatureVerifier {
 
-    public boolean verify(byte[] signedXMLdocument) {
-        return true;
+    private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class);
+
+    @Autowired
+    @Qualifier("moaSigVerifyService")
+    private final ISignatureVerificationService service;
+
+    @Autowired
+    @Qualifier("moaSPSSServerDefaultTrustProfile")
+    private final String trustProfile;
 
+    public SignatureVerifier(ISignatureVerificationService service,
+                             String trustProfile) {
+        this.service = service;
+        this.trustProfile = trustProfile;
+    }
+
+    public boolean verify(byte[] signedXMLdocument) {
+        try {
+            var response = service.verifyXMLSignature(signedXMLdocument, trustProfile);
+            return response != null;
+        } catch (MOASigServiceException e) {
+            log.error("Could not verify the XML signature.", e);
+            return false;
+        }
     }
 
 }