1 files changed, 82 insertions, 5 deletions

diff --git a/src/main/java/at/gv/egiz/moazs/verify/MoaSPSSSignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/verify/MoaSPSSSignatureVerifier.java
index 518cdb3..0757c5d 100644
--- a/src/main/java/at/gv/egiz/moazs/verify/MoaSPSSSignatureVerifier.java
+++ b/src/main/java/at/gv/egiz/moazs/verify/MoaSPSSSignatureVerifier.java
@@ -1,10 +1,15 @@
 package at.gv.egiz.moazs.verify;
 
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static at.gv.egiz.moazs.MoaZSException.moaZSException;
+import static at.gv.egiz.moazs.MoaZSException.moaZSExceptionBuilder;
+import static java.lang.String.*;
+
 public class MoaSPSSSignatureVerifier implements SignatureVerifier {
 
     private static final Logger log = LoggerFactory.getLogger(MoaSPSSSignatureVerifier.class);
@@ -13,22 +18,94 @@ public class MoaSPSSSignatureVerifier implements SignatureVerifier {
 
     private final String trustProfile;
 
+    private final boolean isManifestCheckActive;
+
+    private static final int OK_CODE = 0;
+
     public MoaSPSSSignatureVerifier(ISignatureVerificationService service,
-                                    String trustProfile) {
+                                    String trustProfile, boolean isManifestCheckActive) {
         this.service = service;
         this.trustProfile = trustProfile;
+        this.isManifestCheckActive = isManifestCheckActive;
     }
 
     @Override
-    public boolean verify(byte[] signedXMLdocument) {
+    public void verify(byte[] signedXMLdocument) {
 
         try {
             var response = service.verifyXMLSignature(signedXMLdocument, trustProfile);
-            return response != null;
+
+            if (log.isDebugEnabled()) {
+                print(response);
+            }
+
+            if (response == null) {
+                throw moaZSException("MOA SPSS could not find the signature. ");
+            }
+
+            var builder = new StringBuilder();
+
+            if (response.getSignatureCheckCode() != OK_CODE) {
+                builder.append(format("Signature is not valid; SignatureCheckCode was %d. ",
+                        response.getSignatureCheckCode()));
+            }
+
+            if (response.getCertificateCheckCode() != OK_CODE) {
+                builder.append(format("Certificate chain is not valid; CertificateCheckCode was %d. ",
+                        response.getCertificateCheckCode()));
+            }
+
+            if (response.getSignatureManifestCheckCode() != OK_CODE) {
+                var signatureManifestErrorMsg = format("Signature Manifest is not valid; " +
+                        "SignatureManifestCheckCode was %d. ", response.getSignatureManifestCheckCode());
+                if (isManifestCheckActive) {
+                    builder.append(signatureManifestErrorMsg);
+                } else {
+                    log.warn(signatureManifestErrorMsg);
+                }
+            }
+
+            if (response.isXmlDSIGManigest() && response.getXmlDSIGManifestCheckCode() != OK_CODE) {
+                var xmlDSIGManifestErrorMsg = format("XmlDSIGManifest Manifest is not valid; " +
+                        "XmlDSIGManifest was %d. ", response.getXmlDSIGManifestCheckCode());
+                if (isManifestCheckActive) {
+                    builder.append(xmlDSIGManifestErrorMsg);
+                } else {
+                    log.warn(xmlDSIGManifestErrorMsg);
+                }
+            }
+
+            var msg = builder.toString();
+
+            if(msg.length() > 0) {
+                throw moaZSException(msg);
+            }
+
         } catch (MOASigServiceException e) {
-            MoaSPSSSignatureVerifier.log.error("Could not verify the XML signature.", e);
-            return false;
+            throw moaZSExceptionBuilder("Could not verify the XML signature.")
+                    .withCause(e)
+                    .build();
+        }
+
+    }
+
+    private void print(IXMLSignatureVerificationResponse response) {
+        log.debug("Response:");
+
+        if (response == null) {
+            log.debug("null");
+            return;
         }
 
+        log.debug("  XmlDsigSubjectName: " + response.getXmlDsigSubjectName());
+        log.debug("  SignatureManifestCheckCode: " + response.getSignatureManifestCheckCode());
+        log.debug("  XmlDSIGManifestCheckCode: " + response.getXmlDSIGManifestCheckCode());
+        log.debug("  CertificateCheckCode: " + response.getCertificateCheckCode());
+        log.debug("  SignatureCheckCode: " + response.getSignatureCheckCode());
+        log.debug("  SigningDateTime: " + response.getSigningDateTime());
+        log.debug("  isXmlDSIGManigest: " + response.isXmlDSIGManigest());
+        log.debug("  isPublicAuthority: " + response.isPublicAuthority());
+        log.debug("  isQualifiedCertificate: " + response.isQualifiedCertificate());
+        log.debug("  getPublicAuthorityCode: " + response.getPublicAuthorityCode());
     }
 }