Package se.idsec.signservice.integration.process.impl

Class DefaultSignResponseProcessor

java.lang.Object
se.idsec.signservice.integration.process.impl.DefaultSignResponseProcessor
All Implemented Interfaces:
SignResponseProcessor
public class DefaultSignResponseProcessor extends Object implements SignResponseProcessor
Default implementation of the SignResponseProcessor interface.
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Constructor Details

    • DefaultSignResponseProcessor

      public DefaultSignResponseProcessor()
      Constructor.

  • Method Details

    • processSignResponse

      @Nonnull public se.idsec.signservice.integration.SignatureResult processSignResponse(@Nonnull String signResponse, @Nonnull SignatureSessionState sessionState, @Nonnull IntegrationServiceConfiguration config, se.idsec.signservice.integration.SignResponseProcessingParameters parameters) throws se.idsec.signservice.integration.SignResponseErrorStatusException, se.idsec.signservice.integration.core.error.SignServiceIntegrationException
      Processes the supplied SignResponse according to the supplied processing parameters and the session state.
      Specified by:
      processSignResponse in interface SignResponseProcessor
      Parameters:
      signResponse - the encoded SignResponse message
      sessionState - the state
      config - the policy configuration
      parameters - optional processing parameters
      Returns:
      a signature response
      Throws:
      se.idsec.signservice.integration.SignResponseErrorStatusException - if the sign service reported an error
      se.idsec.signservice.integration.core.error.SignServiceIntegrationException - for processing and validation errors

    • processDocument

      protected <T, X extends AdesObject> se.idsec.signservice.integration.document.SignedDocument processDocument(SignedDocumentProcessor<T,X> processor, se.swedenconnect.schemas.csig.dssext_1_1.SignTaskData signTaskData, List<X509Certificate> signerCertificateChain, SignatureSessionState state, SignResponseWrapper signResponse, se.idsec.signservice.integration.SignResponseProcessingParameters parameters) throws se.idsec.signservice.integration.core.error.SignServiceIntegrationException
      Compiles a signed document and validates it.
      Parameters:
      processor - the document processor
      signTaskData - the sign task data
      signerCertificateChain - the certificate chain
      state - the session state
      signResponse - the sign response
      parameters - optional processing parameters
      Returns:
      a signed document
      Throws:
      se.idsec.signservice.integration.core.error.SignServiceIntegrationException - for processing errors

    • validateResponseTime

      protected void validateResponseTime(XMLGregorianCalendar responseTime, XMLGregorianCalendar requestTime, String requestID) throws se.idsec.signservice.integration.core.error.SignServiceIntegrationException
      Validates the response time from the SignResponse is valid. The method also ensures that the server processing time hasn't exceeded or max limit.
      Parameters:
      responseTime - the response time
      requestTime - the time when the request was sent
      requestID - the requestID (for logging)
      Throws:
      se.idsec.signservice.integration.core.error.SignServiceIntegrationException - for expired responses

    • validateReceivedRequest

      protected void validateReceivedRequest(byte[] request, SignRequestWrapper sentRequest) throws se.idsec.signservice.integration.core.error.SignServiceIntegrationException
      Validates the received Request element (throws only if strict processing is active).
      Parameters:
      request - the received Request element
      sentRequest - the request that was actually sent
      Throws:
      se.idsec.signservice.integration.core.error.SignServiceIntegrationException - if the Request is not present or differs from what was sent

    • getSignerCertificateChain

      protected List<X509Certificate> getSignerCertificateChain(se.swedenconnect.schemas.csig.dssext_1_1.SignatureCertificateChain signatureCertificateChain, String requestID) throws se.idsec.signservice.integration.core.error.SignServiceIntegrationException
      Gets a list of X509Certificate by reading the supplied SignatureCertificateChain.
      Parameters:
      signatureCertificateChain - the chain received in the response
      requestID - the request ID for the response
      Returns:
      a list of X509Certificate objects
      Throws:
      se.idsec.signservice.integration.core.error.SignServiceIntegrationException - for decoding errors

    • checkSignTaskData

      protected void checkSignTaskData(se.swedenconnect.schemas.csig.dssext_1_1.SignTaskData signTaskData, SignRequestWrapper signRequest) throws se.idsec.signservice.integration.core.error.SignServiceIntegrationException
      Make checks that the supplied SignTaskData object follows the specs.
      Parameters:
      signTaskData - the object to check
      signRequest - the sign request corresponding to the response in which we received the SignTaskData
      Throws:
      se.idsec.signservice.integration.core.error.SignServiceIntegrationException - for validation errors

    • getTbsDocument

      protected se.idsec.signservice.integration.document.TbsDocument getTbsDocument(se.swedenconnect.schemas.csig.dssext_1_1.SignTaskData signTaskData, SignatureSessionState state) throws se.idsec.signservice.integration.core.error.SignServiceIntegrationException
      Given a SignTaskData the method finds the corresponding TBS document from the session state.
      Parameters:
      signTaskData - the signature
      state - the state holding the TBS documents
      Returns:
      a TbsDocument
      Throws:
      se.idsec.signservice.integration.core.error.SignServiceIntegrationException - if no matching TBS document is found

    • setSignedDocumentProcessors

      public void setSignedDocumentProcessors(List<SignedDocumentProcessor<?,?>> signedDocumentProcessors)
      Assigns the processors for handling the signed documents.
      Parameters:
      signedDocumentProcessors - document processors

    • setSignerAssertionInfoProcessor

      public void setSignerAssertionInfoProcessor(SignerAssertionInfoProcessor signerAssertionInfoProcessor)
      Assigns the processor for handling the signer assertion info from the sign response. If not assigned an instance of DefaultSignerAssertionInfoProcessor will be used.
      Parameters:
      signerAssertionInfoProcessor - signer assertion info processor

    • setProcessingConfiguration

      public void setProcessingConfiguration(SignResponseProcessingConfig processingConfiguration)
      Assigns the processing config settings.
      Parameters:
      processingConfiguration - the processing config settings

    • getProcessingConfiguration

      @Nonnull public SignResponseProcessingConfig getProcessingConfiguration()
      Gets the processing configuration that this processor is configured with.
      Specified by:
      getProcessingConfiguration in interface SignResponseProcessor
      Returns:
      the processing configuration

    • setCertificateValidators

      public void setCertificateValidators(Map<String,CertificateValidator> certificateValidators)
      Assigns a mapping between policies and certificate validators. It does not matter what trust anchor each validator has been configured with since this will be explicitly set for each call. This information is taken from the IntegrationServiceDefaultConfiguration.getTrustAnchors().

      If no mapping for a given policy exists, a default validator will be used (see SimpleCertificateValidator).

      Parameters:
      certificateValidators - policy to certificate validator mappings

    • afterPropertiesSet

      @PostConstruct public void afterPropertiesSet() throws Exception
      Ensures that all required properties have been assigned. The method also makes sure that the processingConfiguration property is assigned (by default SignResponseProcessingConfig.defaultSignResponseProcessingConfig() is used) and that signerAssertionInfoProcessor is set (by default a DefaultSignerAssertionInfoProcessor is used).

      Note: If executing in a Spring Framework environment this method is automatically invoked after all properties have been assigned. Otherwise it should be explicitly invoked.

      Throws:
      Exception - if not all settings are correct