From 9dc0e72571a895e34a55c11d015c5d359b485aff Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Fri, 12 Jul 2019 08:31:42 +0200 Subject: Renamed and Simplified SignatureVerifier --- .../gv/egiz/moazs/backend/SignatureVerifier.java | 67 ++++++++++++---------- src/main/resources/application.yaml | 1 + 2 files changed, 39 insertions(+), 29 deletions(-) (limited to 'src/main') diff --git a/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java index e9c5387..f9bbeb3 100644 --- a/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java +++ b/src/main/java/at/gv/egiz/moazs/backend/SignatureVerifier.java @@ -16,6 +16,23 @@ public class SignatureVerifier implements Consumer { private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class); private static final int OK_CODE = 0; + private static final String MOASPSS_FAILED_ERROR_MSG = "MOA SPSS could not find the signature. "; + private static final String SIGNATURE_CODE_ERROR_MSG = "Signature is not valid: Check code was %d. "; + private static final String CERT_CODE_ERROR_MSG = "Certificate chain is not valid: Check code was %d. "; + private static final String MANIFEST_CODE_ERROR_MSG = "Signature Manifest is not valid: Check code was %d. "; + private static final String XMLMANIFEST_CODE_ERROR_MSG = "XmlDSIGManifest is not valid: Check code was %d. "; + private static final String XML_SIGNATURE_RESPONSE_TEMPLATE = + " XmlDsigSubjectName: %s\n" + + " SignatureManifestCheckCode: %s\n" + + " XmlDSIGManifestCheckCode: %s\n" + + " CertificateCheckCode: %s\n" + + " SignatureCheckCode: %s\n" + + " SigningDateTime: %s\n" + + " isXmlDSIGManigest: %s\n" + + " isPublicAuthority: %s\n" + + " isQualifiedCertificate: %s\n" + + " getPublicAuthorityCode: %s\n"; + private static final String MOASIG_SERVICE_ERROR_MSG = "MOA SPSS could not accept the XML signature. "; private final ISignatureVerificationService service; private final String trustProfile; @@ -40,29 +57,24 @@ public class SignatureVerifier implements Consumer { try { var response = service.verifyXMLSignature(signedXMLdocument, trustProfile); - if (log.isDebugEnabled()) { - print(response); - } + debug(response); if (response == null) { - throw moaZSException("MOA SPSS could not find the signature. "); + throw moaZSException(MOASPSS_FAILED_ERROR_MSG); } var builder = new StringBuilder(); if (response.getSignatureCheckCode() != OK_CODE) { - builder.append(format("Signature is not valid; SignatureCheckCode was %d. ", - response.getSignatureCheckCode())); + builder.append(format(SIGNATURE_CODE_ERROR_MSG, response.getSignatureCheckCode())); } if (response.getCertificateCheckCode() != OK_CODE) { - builder.append(format("Certificate chain is not valid; CertificateCheckCode was %d. ", - response.getCertificateCheckCode())); + builder.append(format(CERT_CODE_ERROR_MSG, response.getCertificateCheckCode())); } if (response.getSignatureManifestCheckCode() != OK_CODE) { - var signatureManifestErrorMsg = format("Signature Manifest is not valid; " + - "SignatureManifestCheckCode was %d. ", response.getSignatureManifestCheckCode()); + var signatureManifestErrorMsg = format(MANIFEST_CODE_ERROR_MSG, response.getSignatureManifestCheckCode()); if (isManifestCheckActive) { builder.append(signatureManifestErrorMsg); } else { @@ -71,8 +83,7 @@ public class SignatureVerifier implements Consumer { } if (response.isXmlDSIGManigest() && response.getXmlDSIGManifestCheckCode() != OK_CODE) { - var xmlDSIGManifestErrorMsg = format("XmlDSIGManifest Manifest is not valid; " + - "XmlDSIGManifest was %d. ", response.getXmlDSIGManifestCheckCode()); + var xmlDSIGManifestErrorMsg = format(XMLMANIFEST_CODE_ERROR_MSG, response.getXmlDSIGManifestCheckCode()); if (isManifestCheckActive) { builder.append(xmlDSIGManifestErrorMsg); } else { @@ -87,30 +98,28 @@ public class SignatureVerifier implements Consumer { } } catch (MOASigServiceException e) { - throw moaZSExceptionBuilder("Could not accept the XML signature.") + throw moaZSExceptionBuilder(MOASIG_SERVICE_ERROR_MSG) .withCause(e) .build(); } } - private void print(IXMLSignatureVerificationResponse response) { - log.debug("Response:"); + public static void debug(IXMLSignatureVerificationResponse response) { + if (log.isDebugEnabled()) { + var builder = new StringBuilder("Response: \n"); + if (response == null) { + builder.append("null"); + } else { + var objects = new Object[]{response.getXmlDsigSubjectName(), response.getSignatureManifestCheckCode(), + response.getXmlDSIGManifestCheckCode(), response.getCertificateCheckCode(), + response.getSignatureCheckCode(), response.getSigningDateTime(), response.isXmlDSIGManigest(), + response.isPublicAuthority(), response.isQualifiedCertificate(), + response.getPublicAuthorityCode()}; + builder.append(String.format(XML_SIGNATURE_RESPONSE_TEMPLATE, objects)); + } - if (response == null) { - log.debug("null"); - return; + log.debug(builder.toString()); } - - log.debug(" XmlDsigSubjectName: {}", response.getXmlDsigSubjectName()); - log.debug(" SignatureManifestCheckCode: {}", response.getSignatureManifestCheckCode()); - log.debug(" XmlDSIGManifestCheckCode: {}", response.getXmlDSIGManifestCheckCode()); - log.debug(" CertificateCheckCode: {}", response.getCertificateCheckCode()); - log.debug(" SignatureCheckCode: {}", response.getSignatureCheckCode()); - log.debug(" SigningDateTime: {}", response.getSigningDateTime()); - log.debug(" isXmlDSIGManigest: {}", response.isXmlDSIGManigest()); - log.debug(" isPublicAuthority: {}", response.isPublicAuthority()); - log.debug(" isQualifiedCertificate: {}", response.isQualifiedCertificate()); - log.debug(" getPublicAuthorityCode: {}", response.getPublicAuthorityCode()); } } diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index ca8221c..0e7b67e 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -55,6 +55,7 @@ logging: org.springframework: WARN at.gv: INFO #DEBUG iaik: INFO #DEBUG + at.gv.egiz.moazs.backend.SignatureVerifier: DEBUG # default type for java's ssl key/trust store javax.net.ssl: -- cgit v1.2.3