private SignatureData getFromCmsSignature(
SignatureVerificationRequest signatureVerificationRequest,
SignatureVerificationResponse response)
throws CMSException {
String signature = signatureVerificationRequest.getSignature();
byte[] decoded = Base64.decode(signature);
CMSSignedData cmsSignedData = new CMSSignedData(decoded);
String encodedSignedData = new String((byte[]) cmsSignedData.getSignedContent().getContent());
// Fetch information about the issuers
List<String> certInfos = new ArrayList<String>();
Collection certificates = cmsSignedData.getCertificates().getMatches(null);
for (Object certificate : certificates) {
X509CertificateHolder holder = (X509CertificateHolder) certificate;
certInfos.add(holder.getSubject().toString());
CertificateInfo ci = new CertificateInfo();
ci.setSubjectDn(holder.getSubject().toString());
ci.setValidTo(simpleDateFormat.format(holder.getNotAfter()));
response.getCertificateInfos().getCertificateInfo().add(ci);
}
// Fetch timestamp
Date signingDate = findTimestamp(cmsSignedData);
String dateString = simpleDateFormat.format(signingDate);
response.setSignatureDate(dateString);
// Create the SignatureData to be verified
SignatureData signData = new SignatureData();
signData.setEncodedTbs(encodedSignedData);
signData.setSignature(signature);
ELegType clientType = new ELegType("test", "test", PkiClient.NETMAKER_NETID_4);
signData.setClientType(clientType);
return signData;
}
/**
* Method that verifies an incoming signature and returns the response as application/xml.
*
* @param signatureVerificationRequest the request which is converted to a {@link
* SignatureVerificationRequest} from xml
* @return the {@link SignatureVerificationResponse} as application/xml
*/
@POST
@Path("/verifySignature")
@Consumes("application/xml")
@Produces("application/xml")
public SignatureVerificationResponse verifySignature(
SignatureVerificationRequest signatureVerificationRequest) {
SignatureVerificationResponse response = new SignatureVerificationResponse();
response.setCertificateInfos(new CertificateInfos());
boolean verified = false;
String message = null;
try {
SignatureFormat format = signatureVerificationRequest.getSignatureFormat();
if (SignatureFormat.XMLDIGSIG.equals(format)) {
try {
SignatureData signatureData =
getFromXmlDigSigSignature(signatureVerificationRequest, response);
verified = super.verifySignature(signatureData);
} catch (SignatureException e) {
e.printStackTrace();
message = e.getMessage();
}
} else if (SignatureFormat.CMS.equals(format)) {
SignatureData signData = getFromCmsSignature(signatureVerificationRequest, response);
try {
// Verify
verified = super.verifySignature(signData);
} catch (SignatureException e) {
e.printStackTrace();
message = e.getMessage();
}
}
response.setStatus(verified ? SignatureStatus.SUCCESS : SignatureStatus.FAILURE);
if (message != null) {
response.setMessage(message);
}
} catch (IOException ex) {
throw new WebApplicationException(ex, Response.Status.INTERNAL_SERVER_ERROR);
} catch (MarshalException ex) {
throw new WebApplicationException(ex, Response.Status.INTERNAL_SERVER_ERROR);
} catch (ParserConfigurationException ex) {
throw new WebApplicationException(ex, Response.Status.INTERNAL_SERVER_ERROR);
} catch (SAXException ex) {
throw new WebApplicationException(ex, Response.Status.INTERNAL_SERVER_ERROR);
} catch (CMSException ex) {
throw new WebApplicationException(ex, Response.Status.INTERNAL_SERVER_ERROR);
}
return response;
}
private SignatureData getFromXmlDigSigSignature(
SignatureVerificationRequest signatureVerificationRequest,
SignatureVerificationResponse response)
throws ParserConfigurationException, SAXException, IOException, MarshalException,
SignatureException {
String signature = new String(Base64.decode(signatureVerificationRequest.getSignature()));
InputStream is = new ByteArrayInputStream(signature.getBytes());
Document document = createDocument(is, true);
XMLSignature xmlSignature =
XMLSignatureFactory.getInstance().unmarshalXMLSignature(new DOMStructure(document));
List contentList = xmlSignature.getKeyInfo().getContent();
for (Object content : contentList) {
if (content instanceof X509Data) {
List certificateList = ((X509Data) content).getContent();
for (Object certificateObject : certificateList) {
if (certificateObject instanceof X509Certificate) {
X509Certificate cert = (X509Certificate) certificateObject;
CertificateInfo ci = new CertificateInfo();
ci.setSubjectDn(cert.getSubjectDN().getName());
ci.setValidTo(simpleDateFormat.format(cert.getNotAfter()));
response.getCertificateInfos().getCertificateInfo().add(ci);
}
}
}
}
return createSignatureDataFromXmlDigSig(signature);
}