From 8aba1b4f18f5fbfebdf239b4b4945b628e439905 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Tue, 9 Jul 2019 14:11:47 +0200 Subject: Refactor Needles Interfaces and Rename "process" to "backend" Reason: - Interfaces with a single method can be replaced with interfaces from java.util.function. - Less interfaces = less code = less maintenance! - Spring can inject beans by name so we name dependencies correctly to prevent ambiguity. Others: - Rename process to backend since backend gives a better description of its components. --- .../moazs/verify/MoaSPSSSignatureVerifier.java | 111 --------------------- .../gv/egiz/moazs/verify/MsgResponseVerifier.java | 54 ---------- .../at/gv/egiz/moazs/verify/SignatureVerifier.java | 13 --- 3 files changed, 178 deletions(-) delete mode 100644 src/main/java/at/gv/egiz/moazs/verify/MoaSPSSSignatureVerifier.java delete mode 100644 src/main/java/at/gv/egiz/moazs/verify/MsgResponseVerifier.java delete mode 100644 src/main/java/at/gv/egiz/moazs/verify/SignatureVerifier.java (limited to 'src/main/java/at/gv/egiz/moazs/verify') diff --git a/src/main/java/at/gv/egiz/moazs/verify/MoaSPSSSignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/verify/MoaSPSSSignatureVerifier.java deleted file mode 100644 index 5220c3b..0000000 --- a/src/main/java/at/gv/egiz/moazs/verify/MoaSPSSSignatureVerifier.java +++ /dev/null @@ -1,111 +0,0 @@ -package at.gv.egiz.moazs.verify; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import static at.gv.egiz.moazs.MoaZSException.moaZSException; -import static at.gv.egiz.moazs.MoaZSException.moaZSExceptionBuilder; -import static java.lang.String.*; - -public class MoaSPSSSignatureVerifier implements SignatureVerifier { - - private static final Logger log = LoggerFactory.getLogger(MoaSPSSSignatureVerifier.class); - - private final ISignatureVerificationService service; - - private final String trustProfile; - - private final boolean isManifestCheckActive; - - private static final int OK_CODE = 0; - - public MoaSPSSSignatureVerifier(ISignatureVerificationService service, - String trustProfile, boolean isManifestCheckActive) { - this.service = service; - this.trustProfile = trustProfile; - this.isManifestCheckActive = isManifestCheckActive; - } - - @Override - public void verify(byte[] signedXMLdocument) { - - try { - var response = service.verifyXMLSignature(signedXMLdocument, trustProfile); - - if (log.isDebugEnabled()) { - print(response); - } - - if (response == null) { - throw moaZSException("MOA SPSS could not find the signature. "); - } - - var builder = new StringBuilder(); - - if (response.getSignatureCheckCode() != OK_CODE) { - builder.append(format("Signature is not valid; SignatureCheckCode was %d. ", - response.getSignatureCheckCode())); - } - - if (response.getCertificateCheckCode() != OK_CODE) { - builder.append(format("Certificate chain is not valid; CertificateCheckCode was %d. ", - response.getCertificateCheckCode())); - } - - if (response.getSignatureManifestCheckCode() != OK_CODE) { - var signatureManifestErrorMsg = format("Signature Manifest is not valid; " + - "SignatureManifestCheckCode was %d. ", response.getSignatureManifestCheckCode()); - if (isManifestCheckActive) { - builder.append(signatureManifestErrorMsg); - } else { - log.warn(signatureManifestErrorMsg); - } - } - - if (response.isXmlDSIGManigest() && response.getXmlDSIGManifestCheckCode() != OK_CODE) { - var xmlDSIGManifestErrorMsg = format("XmlDSIGManifest Manifest is not valid; " + - "XmlDSIGManifest was %d. ", response.getXmlDSIGManifestCheckCode()); - if (isManifestCheckActive) { - builder.append(xmlDSIGManifestErrorMsg); - } else { - log.warn(xmlDSIGManifestErrorMsg); - } - } - - var msg = builder.toString(); - - if(msg.length() > 0) { - throw moaZSException(msg); - } - - } catch (MOASigServiceException e) { - throw moaZSExceptionBuilder("Could not verify the XML signature.") - .withCause(e) - .build(); - } - - } - - private void print(IXMLSignatureVerificationResponse response) { - log.debug("Response:"); - - if (response == null) { - log.debug("null"); - return; - } - - log.debug(" XmlDsigSubjectName: {}", response.getXmlDsigSubjectName()); - log.debug(" SignatureManifestCheckCode: {}", response.getSignatureManifestCheckCode()); - log.debug(" XmlDSIGManifestCheckCode: {}", response.getXmlDSIGManifestCheckCode()); - log.debug(" CertificateCheckCode: {}", response.getCertificateCheckCode()); - log.debug(" SignatureCheckCode: {}", response.getSignatureCheckCode()); - log.debug(" SigningDateTime: {}", response.getSigningDateTime()); - log.debug(" isXmlDSIGManigest: {}", response.isXmlDSIGManigest()); - log.debug(" isPublicAuthority: {}", response.isPublicAuthority()); - log.debug(" isQualifiedCertificate: {}", response.isQualifiedCertificate()); - log.debug(" getPublicAuthorityCode: {}", response.getPublicAuthorityCode()); - } -} diff --git a/src/main/java/at/gv/egiz/moazs/verify/MsgResponseVerifier.java b/src/main/java/at/gv/egiz/moazs/verify/MsgResponseVerifier.java deleted file mode 100644 index 9c8b17c..0000000 --- a/src/main/java/at/gv/egiz/moazs/verify/MsgResponseVerifier.java +++ /dev/null @@ -1,54 +0,0 @@ -package at.gv.egiz.moazs.verify; - -import at.gv.egiz.moazs.MoaZSException; -import at.gv.egiz.moazs.repository.DeliveryRepository; -import at.gv.egiz.moazs.scheme.MsgResponse; -import at.gv.egiz.moazs.service.MsgService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import static at.gv.egiz.moazs.MoaZSException.moaZSExceptionBuilder; -import static java.lang.String.format; - -@Component -public class MsgResponseVerifier { - - private static final Logger log = LoggerFactory.getLogger(MsgService.class); - public static final String MOASP_SIGNATURE_INVALID_ERROR_MSG = "Signature of Msg Response " + - "with AppDeliveryID=%s is not valid."; - - private final DeliveryRepository repository; - private final SignatureVerifier verifier; - - @Autowired - public MsgResponseVerifier(DeliveryRepository repository, SignatureVerifier verifier) { - this.repository = repository; - this.verifier = verifier; - } - - public MsgResponse verify(String responseID) { - - var response = repository.retrieveResponse(responseID).get(); - var builder = moaZSExceptionBuilder().withAllParametersInAnswer(response.getAnswer()); - - var binaryResponse = repository.retrieveBinaryResponse(responseID).get(); - - try { - verifier.verify(binaryResponse); - return response; - } catch (MoaZSException ex) { - log.error(ex.getMessage(), ex); - var wrappingEx = builder - .withMessage(format(MOASP_SIGNATURE_INVALID_ERROR_MSG, response.getAppDeliveryID())) - .withErrorCode(MoaZSException.ERROR_MOASP_SIGNATURE_INVALID) - .withCause(ex) - .build(); - - return response.generateError(wrappingEx); - } - - } - -} diff --git a/src/main/java/at/gv/egiz/moazs/verify/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/verify/SignatureVerifier.java deleted file mode 100644 index a31c4cf..0000000 --- a/src/main/java/at/gv/egiz/moazs/verify/SignatureVerifier.java +++ /dev/null @@ -1,13 +0,0 @@ -package at.gv.egiz.moazs.verify; - -@FunctionalInterface -public interface SignatureVerifier { - - /** - * Verifies the signature of a signed XML document. Throws a at.gv.egiz.moazs.MoaZSException exception - * if the validation fails. - * @param signedXMLdocument - * @throws at.gv.egiz.moazs.MoaZSException - */ - void verify(byte[] signedXMLdocument); -} -- cgit v1.2.3