package at.gv.egiz.moazs.verify; import at.gv.egiz.moazs.MoaZSException; import at.gv.egiz.moazs.repository.BinaryRepository; import at.gv.egiz.moazs.repository.DeliveryRepository; import at.gv.egiz.moazs.scheme.MsgResponse; import at.gv.egiz.moazs.service.MsgService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import static at.gv.egiz.moazs.MoaZSException.moaZSExceptionBuilder; import static java.lang.String.format; @Component public class MsgResponseVerifier { private static final Logger log = LoggerFactory.getLogger(MsgService.class); public static final String MOASP_SIGNATURE_INVALID_ERROR_MSG = "Signature of Msg Response " + "with AppDeliveryID=%s is not valid."; private final DeliveryRepository repo; private final BinaryRepository binaryRepo; private final SignatureVerifier verifier; @Autowired public MsgResponseVerifier(DeliveryRepository repo, BinaryRepository binaryStatusRepository, SignatureVerifier verifier) { this.repo = repo; this.binaryRepo = binaryStatusRepository; this.verifier = verifier; } public MsgResponse verify(String id) { var response = repo.getResponse(id).get(); var builder = moaZSExceptionBuilder().withAllParametersInAnswer(response.getAnswer()); var binaryResponse = binaryRepo.get(id).get(); try { verifier.verify(binaryResponse); return response; } catch (MoaZSException ex) { log.error(ex.getMessage(), ex); var wrappingEx = builder .withMessage(format(MOASP_SIGNATURE_INVALID_ERROR_MSG, response.getAppDeliveryID())) .withErrorCode(MoaZSException.ERROR_MOASP_SIGNATURE_INVALID) .withCause(ex) .build(); return response.generateError(wrappingEx); } } }