diff options
-rw-r--r-- | src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java | 67 | ||||
-rw-r--r-- | src/main/resources/application.yaml | 1 | ||||
-rw-r--r-- | src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java (renamed from src/test/java/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest.java) | 4 | ||||
-rw-r--r-- | src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/invalid-signed-delivery-response.xml (renamed from src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml) | 0 | ||||
-rw-r--r-- | src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-delivery-response.xml (renamed from src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/valid-signed-delivery-response.xml) | 0 |
5 files changed, 41 insertions, 31 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java index e9c5387..f9bbeb3 100644 --- a/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java +++ b/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java @@ -16,6 +16,23 @@ public class SignatureVerifier implements Consumer<byte[]> { private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class); private static final int OK_CODE = 0; + private static final String MOASPSS_FAILED_ERROR_MSG = "MOA SPSS could not find the signature. "; + private static final String SIGNATURE_CODE_ERROR_MSG = "Signature is not valid: Check code was %d. "; + private static final String CERT_CODE_ERROR_MSG = "Certificate chain is not valid: Check code was %d. "; + private static final String MANIFEST_CODE_ERROR_MSG = "Signature Manifest is not valid: Check code was %d. "; + private static final String XMLMANIFEST_CODE_ERROR_MSG = "XmlDSIGManifest is not valid: Check code was %d. "; + private static final String XML_SIGNATURE_RESPONSE_TEMPLATE = + " XmlDsigSubjectName: %s\n" + + " SignatureManifestCheckCode: %s\n" + + " XmlDSIGManifestCheckCode: %s\n" + + " CertificateCheckCode: %s\n" + + " SignatureCheckCode: %s\n" + + " SigningDateTime: %s\n" + + " isXmlDSIGManigest: %s\n" + + " isPublicAuthority: %s\n" + + " isQualifiedCertificate: %s\n" + + " getPublicAuthorityCode: %s\n"; + private static final String MOASIG_SERVICE_ERROR_MSG = "MOA SPSS could not accept the XML signature. "; private final ISignatureVerificationService service; private final String trustProfile; @@ -40,29 +57,24 @@ public class SignatureVerifier implements Consumer<byte[]> { try { var response = service.verifyXMLSignature(signedXMLdocument, trustProfile); - if (log.isDebugEnabled()) { - print(response); - } + debug(response); if (response == null) { - throw moaZSException("MOA SPSS could not find the signature. "); + throw moaZSException(MOASPSS_FAILED_ERROR_MSG); } var builder = new StringBuilder(); if (response.getSignatureCheckCode() != OK_CODE) { - builder.append(format("Signature is not valid; SignatureCheckCode was %d. ", - response.getSignatureCheckCode())); + builder.append(format(SIGNATURE_CODE_ERROR_MSG, response.getSignatureCheckCode())); } if (response.getCertificateCheckCode() != OK_CODE) { - builder.append(format("Certificate chain is not valid; CertificateCheckCode was %d. ", - response.getCertificateCheckCode())); + builder.append(format(CERT_CODE_ERROR_MSG, response.getCertificateCheckCode())); } if (response.getSignatureManifestCheckCode() != OK_CODE) { - var signatureManifestErrorMsg = format("Signature Manifest is not valid; " + - "SignatureManifestCheckCode was %d. ", response.getSignatureManifestCheckCode()); + var signatureManifestErrorMsg = format(MANIFEST_CODE_ERROR_MSG, response.getSignatureManifestCheckCode()); if (isManifestCheckActive) { builder.append(signatureManifestErrorMsg); } else { @@ -71,8 +83,7 @@ public class SignatureVerifier implements Consumer<byte[]> { } if (response.isXmlDSIGManigest() && response.getXmlDSIGManifestCheckCode() != OK_CODE) { - var xmlDSIGManifestErrorMsg = format("XmlDSIGManifest Manifest is not valid; " + - "XmlDSIGManifest was %d. ", response.getXmlDSIGManifestCheckCode()); + var xmlDSIGManifestErrorMsg = format(XMLMANIFEST_CODE_ERROR_MSG, response.getXmlDSIGManifestCheckCode()); if (isManifestCheckActive) { builder.append(xmlDSIGManifestErrorMsg); } else { @@ -87,30 +98,28 @@ public class SignatureVerifier implements Consumer<byte[]> { } } catch (MOASigServiceException e) { - throw moaZSExceptionBuilder("Could not accept the XML signature.") + throw moaZSExceptionBuilder(MOASIG_SERVICE_ERROR_MSG) .withCause(e) .build(); } } - private void print(IXMLSignatureVerificationResponse response) { - log.debug("Response:"); + public static void debug(IXMLSignatureVerificationResponse response) { + if (log.isDebugEnabled()) { + var builder = new StringBuilder("Response: \n"); + if (response == null) { + builder.append("null"); + } else { + var objects = new Object[]{response.getXmlDsigSubjectName(), response.getSignatureManifestCheckCode(), + response.getXmlDSIGManifestCheckCode(), response.getCertificateCheckCode(), + response.getSignatureCheckCode(), response.getSigningDateTime(), response.isXmlDSIGManigest(), + response.isPublicAuthority(), response.isQualifiedCertificate(), + response.getPublicAuthorityCode()}; + builder.append(String.format(XML_SIGNATURE_RESPONSE_TEMPLATE, objects)); + } - if (response == null) { - log.debug("null"); - return; + log.debug(builder.toString()); } - - log.debug(" XmlDsigSubjectName: {}", response.getXmlDsigSubjectName()); - log.debug(" SignatureManifestCheckCode: {}", response.getSignatureManifestCheckCode()); - log.debug(" XmlDSIGManifestCheckCode: {}", response.getXmlDSIGManifestCheckCode()); - log.debug(" CertificateCheckCode: {}", response.getCertificateCheckCode()); - log.debug(" SignatureCheckCode: {}", response.getSignatureCheckCode()); - log.debug(" SigningDateTime: {}", response.getSigningDateTime()); - log.debug(" isXmlDSIGManigest: {}", response.isXmlDSIGManigest()); - log.debug(" isPublicAuthority: {}", response.isPublicAuthority()); - log.debug(" isQualifiedCertificate: {}", response.isQualifiedCertificate()); - log.debug(" getPublicAuthorityCode: {}", response.getPublicAuthorityCode()); } } diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index ca8221c..0e7b67e 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -55,6 +55,7 @@ logging: org.springframework: WARN at.gv: INFO #DEBUG iaik: INFO #DEBUG + at.gv.egiz.moazs.backend.SignatureVerifier: DEBUG # default type for java's ssl key/trust store javax.net.ssl: diff --git a/src/test/java/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest.java b/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java index 34f4e1b..e4dbec7 100644 --- a/src/test/java/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest.java +++ b/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java @@ -17,9 +17,9 @@ import java.nio.file.Files; //Note: Certificate that signed these delivery responses expires in 2023-09-27. @RunWith(SpringRunner.class) @SpringBootTest - public class ITMoaSPSSSignatureVerifierTest { + public class ITSignatureVerifierTest { - private final String resourcesPath = "src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/"; + private final String resourcesPath = "src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/"; @TestConfiguration public class Config{ diff --git a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/invalid-signed-delivery-response.xml index b850145..b850145 100644 --- a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml +++ b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/invalid-signed-delivery-response.xml diff --git a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/valid-signed-delivery-response.xml b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-delivery-response.xml index 59a90cf..59a90cf 100644 --- a/src/test/resources/at/gv/egiz/moazs/ITMoaSPSSSignatureVerifierTest/valid-signed-delivery-response.xml +++ b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-delivery-response.xml |