Renamed and Simplified SignatureVerifier

author: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> 2019-07-12 08:31:42 +0200
committer: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> 2019-07-12 08:40:38 +0200
commit: 9dc0e72571a895e34a55c11d015c5d359b485aff (patch)
tree: db7a3fc270b55722b218b0c890eed38ac93a7f3b /src
parent: 8aba1b4f18f5fbfebdf239b4b4945b628e439905 (diff)
download: moa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.tar.gz
moa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.tar.bz2
moa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.zip
5 files changed, 41 insertions, 31 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java
index e9c5387..f9bbeb3 100644
--- a/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java
+++ b/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java
@@ -16,6 +16,23 @@ public class SignatureVerifier implements Consumer<byte[]> {
 
     private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class);
     private static final int OK_CODE = 0;
+    private static final String MOASPSS_FAILED_ERROR_MSG = "MOA SPSS could not find the signature. ";
+    private static final String SIGNATURE_CODE_ERROR_MSG = "Signature is not valid: Check code was %d. ";
+    private static final String CERT_CODE_ERROR_MSG = "Certificate chain is not valid: Check code was %d. ";
+    private static final String MANIFEST_CODE_ERROR_MSG = "Signature Manifest is not valid: Check code was %d. ";
+    private static final String XMLMANIFEST_CODE_ERROR_MSG = "XmlDSIGManifest is not valid: Check code was %d. ";
+    private static final String XML_SIGNATURE_RESPONSE_TEMPLATE =
+            "  XmlDsigSubjectName: %s\n" +
+            "  SignatureManifestCheckCode: %s\n" +
+            "  XmlDSIGManifestCheckCode: %s\n" +
+            "  CertificateCheckCode: %s\n" +
+            "  SignatureCheckCode: %s\n" +
+            "  SigningDateTime: %s\n" +
+            "  isXmlDSIGManigest: %s\n" +
+            "  isPublicAuthority: %s\n" +
+            "  isQualifiedCertificate: %s\n" +
+            "  getPublicAuthorityCode: %s\n";
+    private static final String MOASIG_SERVICE_ERROR_MSG = "MOA SPSS could not accept the XML signature. ";
 
     private final ISignatureVerificationService service;
     private final String trustProfile;
@@ -40,29 +57,24 @@ public class SignatureVerifier implements Consumer<byte[]> {
         try {
             var response = service.verifyXMLSignature(signedXMLdocument, trustProfile);
 
-            if (log.isDebugEnabled()) {
-                print(response);
-            }
+            debug(response);
 
             if (response == null) {
-                throw moaZSException("MOA SPSS could not find the signature. ");
+                throw moaZSException(MOASPSS_FAILED_ERROR_MSG);
             }
 
             var builder = new StringBuilder();
 
             if (response.getSignatureCheckCode() != OK_CODE) {
-                builder.append(format("Signature is not valid; SignatureCheckCode was %d. ",
-                        response.getSignatureCheckCode()));
+                builder.append(format(SIGNATURE_CODE_ERROR_MSG, response.getSignatureCheckCode()));
             }
 
             if (response.getCertificateCheckCode() != OK_CODE) {
-                builder.append(format("Certificate chain is not valid; CertificateCheckCode was %d. ",
-                        response.getCertificateCheckCode()));
+                builder.append(format(CERT_CODE_ERROR_MSG, response.getCertificateCheckCode()));
             }
 
             if (response.getSignatureManifestCheckCode() != OK_CODE) {
-                var signatureManifestErrorMsg = format("Signature Manifest is not valid; " +
-                        "SignatureManifestCheckCode was %d. ", response.getSignatureManifestCheckCode());
+                var signatureManifestErrorMsg = format(MANIFEST_CODE_ERROR_MSG, response.getSignatureManifestCheckCode());
                 if (isManifestCheckActive) {
                     builder.append(signatureManifestErrorMsg);
                 } else {
@@ -71,8 +83,7 @@ public class SignatureVerifier implements Consumer<byte[]> {
             }
 
             if (response.isXmlDSIGManigest() && response.getXmlDSIGManifestCheckCode() != OK_CODE) {
-                var xmlDSIGManifestErrorMsg = format("XmlDSIGManifest Manifest is not valid; " +
-                        "XmlDSIGManifest was %d. ", response.getXmlDSIGManifestCheckCode());
+                var xmlDSIGManifestErrorMsg = format(XMLMANIFEST_CODE_ERROR_MSG, response.getXmlDSIGManifestCheckCode());
                 if (isManifestCheckActive) {
                     builder.append(xmlDSIGManifestErrorMsg);
                 } else {
@@ -87,30 +98,28 @@ public class SignatureVerifier implements Consumer<byte[]> {
             }
 
         } catch (MOASigServiceException e) {
-            throw moaZSExceptionBuilder("Could not accept the XML signature.")
+            throw moaZSExceptionBuilder(MOASIG_SERVICE_ERROR_MSG)
                     .withCause(e)
                     .build();
         }
 
     }
 
-    private void print(IXMLSignatureVerificationResponse response) {
-        log.debug("Response:");
+    public static void debug(IXMLSignatureVerificationResponse response) {
+        if (log.isDebugEnabled()) {
+            var builder = new StringBuilder("Response: \n");
+            if (response == null) {
+                builder.append("null");
+            } else {
+                var objects = new Object[]{response.getXmlDsigSubjectName(), response.getSignatureManifestCheckCode(),
+                        response.getXmlDSIGManifestCheckCode(), response.getCertificateCheckCode(),
+                        response.getSignatureCheckCode(), response.getSigningDateTime(), response.isXmlDSIGManigest(),
+                        response.isPublicAuthority(), response.isQualifiedCertificate(),
+                        response.getPublicAuthorityCode()};
+                builder.append(String.format(XML_SIGNATURE_RESPONSE_TEMPLATE, objects));
+            }
 
-        if (response == null) {
-            log.debug("null");
-            return;
+            log.debug(builder.toString());
         }
-
-        log.debug("  XmlDsigSubjectName: {}", response.getXmlDsigSubjectName());
-        log.debug("  SignatureManifestCheckCode: {}", response.getSignatureManifestCheckCode());
-        log.debug("  XmlDSIGManifestCheckCode: {}", response.getXmlDSIGManifestCheckCode());
-        log.debug("  CertificateCheckCode: {}", response.getCertificateCheckCode());
-        log.debug("  SignatureCheckCode: {}", response.getSignatureCheckCode());
-        log.debug("  SigningDateTime: {}", response.getSigningDateTime());
-        log.debug("  isXmlDSIGManigest: {}", response.isXmlDSIGManigest());
-        log.debug("  isPublicAuthority: {}", response.isPublicAuthority());
-        log.debug("  isQualifiedCertificate: {}", response.isQualifiedCertificate());
-        log.debug("  getPublicAuthorityCode: {}", response.getPublicAuthorityCode());
     }
 }
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index ca8221c..0e7b67e 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -55,6 +55,7 @@ logging:
     org.springframework: WARN
     at.gv: INFO #DEBUG
     iaik: INFO #DEBUG
+    at.gv.egiz.moazs.backend.SignatureVerifier: DEBUG
 
 # default type for java's ssl key/trust store
 javax.net.ssl:
diff --git a/src/test/java/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest.java b/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java
index 34f4e1b..e4dbec7 100644
--- a/src/test/java/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest.java
+++ b/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java
@@ -17,9 +17,9 @@ import java.nio.file.Files;
 //Note: Certificate that signed these delivery responses expires in 2023-09-27.
 @RunWith(SpringRunner.class)
 @SpringBootTest
-    public class ITMoaSPSSSignatureVerifierTest {
+    public class ITSignatureVerifierTest {
 
-    private final String resourcesPath = "src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/";
+    private final String resourcesPath = "src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/";
 
     @TestConfiguration
     public class Config{
diff --git a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/invalid-signed-delivery-response.xml
index b850145..b850145 100644
--- a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml
+++ b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/invalid-signed-delivery-response.xml
diff --git a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/valid-signed-delivery-response.xml b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-delivery-response.xml
index 59a90cf..59a90cf 100644
--- a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/valid-signed-delivery-response.xml
+++ b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-delivery-response.xml
author	Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>	2019-07-12 08:31:42 +0200
committer	Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>	2019-07-12 08:40:38 +0200
commit	9dc0e72571a895e34a55c11d015c5d359b485aff (patch)
tree	db7a3fc270b55722b218b0c890eed38ac93a7f3b /src
parent	8aba1b4f18f5fbfebdf239b4b4945b628e439905 (diff)
download	moa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.tar.gz moa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.tar.bz2 moa-zs-9dc0e72571a895e34a55c11d015c5d359b485aff.zip