From e165ef27812874bee7062a4e7ecc8bec99ced328 Mon Sep 17 00:00:00 2001
From: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>
Date: Wed, 29 May 2019 09:49:02 +0200
Subject: Integrate MoaSig Verification into SignatureVerifier

- Verify signature via ISignatureVerificationService.
- Override System Property moa.spss.server.configuration via spring's
  environment (Reason: can configure path to moa SPSS config file via
  application.yaml & moa SPSS needs this parameter to find the config
  file)
- Setup test configuration directory for moaspss in
  src/main/resources/moa-spss
- Readme: Explain how to install moaspss' dependencies into local
  repository.
---
 .../at/gv/egiz/moazs/msg/SignatureVerifier.java    | 31 ++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

(limited to 'src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java')

diff --git a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
index 12b1ccb..d6311c4 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
@@ -1,13 +1,40 @@
 package at.gv.egiz.moazs.msg;
 
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
 @Component
 public class SignatureVerifier {
 
-    public boolean verify(byte[] signedXMLdocument) {
-        return true;
+    private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class);
+
+    @Autowired
+    @Qualifier("moaSigVerifyService")
+    private final ISignatureVerificationService service;
+
+    @Autowired
+    @Qualifier("moaSPSSServerDefaultTrustProfile")
+    private final String trustProfile;
 
+    public SignatureVerifier(ISignatureVerificationService service,
+                             String trustProfile) {
+        this.service = service;
+        this.trustProfile = trustProfile;
+    }
+
+    public boolean verify(byte[] signedXMLdocument) {
+        try {
+            var response = service.verifyXMLSignature(signedXMLdocument, trustProfile);
+            return response != null;
+        } catch (MOASigServiceException e) {
+            log.error("Could not verify the XML signature.", e);
+            return false;
+        }
     }
 
 }
-- 
cgit v1.2.3