Updated for AIS v1.6

SCS-CBU-CED-IAM · Jul 17, 2014 · 48ec2b9 · 48ec2b9
1 parent 5e83a7e
commit 48ec2b9
Show file tree

Hide file tree

Showing 6 changed files with 599 additions and 300 deletions.
diff --git a/itext/jar/signpdf-1.0.3.jar b/itext/jar/signpdf-1.0.3.jar
diff --git a/itext/src/com/swisscom/ais/itext/Soap.java b/itext/src/com/swisscom/ais/itext/Soap.java
@@ -715,14 +715,13 @@ private SOAPMessage createRequestMessage(@Nonnull Include.RequestType reqType, @
             }
 
             // Always add revocation information
-            // PADES = CMS attribute according to PAdES (OID 1.2.840.113583.1.1.8)
-            // CHAIN = OCSP Response or CRL for the user- and intermediate CA certificate
+            // Type="BOTH" means PADES+CADES
+            // PADES = signed attribute according to PAdES
+            // CADES = unsigned attribute according to CAdES
+            // PADES-attributes are signed and cannot be post-added to an already signed RFC3161-TimeStampToken
+            // So the RevocationInformation (RI) of a trusted timestamp will be delivered via OptionalOutputs
+         	// and they shall be added to the Adobe DSS in order to enable LTV for a Timestamp
 			SOAPElement addRevocationElement = optionalInputsElement.addChildElement("AddRevocationInformation", "sc");
-			addRevocationElement.addAttribute(new QName("Depth"), "CHAIN");
-
-			// PADES-attributes are signed and cannot be post-added to a RFC3161-TimeStampToken
-			// So the RevocationInformation (RI) of a timestamp will be delivered via OptionalOutputs
-			// and they shall be added to the Adobe DSS in order to enable LTV for a Timestamp
 			addRevocationElement.addAttribute(new QName("Type"), "BOTH"); // CADES + PADES attributes
 
             if (responseId != null) {

diff --git a/services/schema/swisscom-ais-profile-schema-v1.0.xsd b/services/schema/swisscom-ais-profile-schema-v1.0.xsd
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<xs:schema xmlns="http://ais.swisscom.ch/1.0/schema" xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
-	xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema"
-	targetNamespace="http://ais.swisscom.ch/1.0/schema" elementFormDefault="qualified"
-	attributeFormDefault="unqualified">
+<xs:schema xmlns="http://ais.swisscom.ch/1.0/schema"
+	xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+	xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://ais.swisscom.ch/1.0/schema"
+	elementFormDefault="qualified" attributeFormDefault="unqualified">
 	<xs:annotation>
 		<xs:documentation xml:lang="en">This Schema defines the
 			Swisscom extensions to the Digital Signature Service Core Protocol
@@ -93,4 +93,45 @@
 	</xs:complexType>
 
 	<xs:element name="AddOcspResponse" type="dss:UpdateSignatureInstructionType" />
+
+
+	<!-- AddRevocationInformation -->
+
+	<xs:simpleType name="AddRevocationInformationTypeType">
+  		<xs:restriction base="xs:string">
+    		<xs:enumeration value="CADES" />
+    		<xs:enumeration value="PADES" />
+    		<xs:enumeration value="BOTH" />
+  		</xs:restriction>
+	</xs:simpleType>
+
+	<xs:element name="AddRevocationInformation" type="AddRevocationInformationType" />
+	<xs:complexType name="AddRevocationInformationType">
+		<xs:attribute name="Type" type="AddRevocationInformationTypeType" use="required" />
+	</xs:complexType>
+
+	<xs:element name="RevocationInformation" type="RevocationInformationType" />
+	<xs:complexType name="RevocationInformationType">
+		<xs:sequence>
+			<xs:element name="CRLs" type="CRLList" minOccurs="0"
+				maxOccurs="1" />
+			<xs:element name="OCSPs" type="OCSPList" minOccurs="0"
+				maxOccurs="1" />
+		</xs:sequence>
+	</xs:complexType>
+
+	<xs:complexType name="CRLList">
+		<xs:sequence>
+			<xs:element name="CRL" type="xs:base64Binary" minOccurs="1"
+				maxOccurs="unbounded" />
+		</xs:sequence>
+	</xs:complexType>
+
+	<xs:complexType name="OCSPList">
+		<xs:sequence>
+			<xs:element name="OCSP" type="xs:base64Binary" minOccurs="1"
+				maxOccurs="unbounded" />
+		</xs:sequence>
+	</xs:complexType>
+
 </xs:schema>
diff --git a/shell/ais-sign.sh b/shell/ais-sign.sh
@@ -187,7 +187,7 @@ case "$MSGTYPE" in
                           <SignatureType>urn:ietf:rfc:3369</SignatureType>
                           '$ONDEMAND'
                           <AddTimestamp Type="urn:ietf:rfc:3161"/>
-                          <sc:AddRevocationInformation Depth="CHAIN" Type="BOTH"/>
+                          <sc:AddRevocationInformation Type="BOTH"/>
                       </OptionalInputs>
                       <InputDocuments>
                           <DocumentHash>
@@ -216,7 +216,7 @@ case "$MSGTYPE" in
               <SignatureType>urn:ietf:rfc:3369</SignatureType>
               '$ONDEMAND'
               <AddTimestamp Type="urn:ietf:rfc:3161"/>
-              <sc:AddRevocationInformation Depth="CHAIN" Type="BOTH"/>
+              <sc:AddRevocationInformation Type="BOTH"/>
           </OptionalInputs>
           <InputDocuments>
               <DocumentHash>
@@ -241,7 +241,7 @@ case "$MSGTYPE" in
               "SignatureType": "urn:ietf:rfc:3369",
               '$ONDEMAND'
               "AddTimestamp": {"@Type": "urn:ietf:rfc:3161"},
-              "sc.AddRevocationInformation": {"@Depth": "CHAIN","@Type": "BOTH"}
+              "sc.AddRevocationInformation": {"@Type": "BOTH"}
           },
           "InputDocuments": {"DocumentHash": {
               "dsig.DigestMethod": {"@Algorithm": "'$DIGEST_ALGO'"},

diff --git a/shell/ais-timestamp.sh b/shell/ais-timestamp.sh
@@ -124,7 +124,7 @@ case "$MSGTYPE" in
                           </ClaimedIdentity>
                           <SignatureType>urn:ietf:rfc:3161</SignatureType>
                           <AdditionalProfile>urn:oasis:names:tc:dss:1.0:profiles:timestamping</AdditionalProfile>
-                          <sc:AddRevocationInformation Depth="CHAIN" Type="BOTH"/>
+                          <sc:AddRevocationInformation Type="BOTH"/>
                       </OptionalInputs>
                       <InputDocuments>
                           <DocumentHash>
@@ -152,7 +152,7 @@ case "$MSGTYPE" in
               </ClaimedIdentity>
               <SignatureType>urn:ietf:rfc:3161</SignatureType>
               <AdditionalProfile>urn:oasis:names:tc:dss:1.0:profiles:timestamping</AdditionalProfile>
-              <sc:AddRevocationInformation Depth="CHAIN" Type="BOTH"/>
+              <sc:AddRevocationInformation Type="BOTH"/>
           </OptionalInputs>
           <InputDocuments>
               <DocumentHash>
@@ -176,7 +176,7 @@ case "$MSGTYPE" in
               },
               "SignatureType": "urn:ietf:rfc:3161",
               "AdditionalProfile": "urn:oasis:names:tc:dss:1.0:profiles:timestamping",
-              "sc.AddRevocationInformation": {"@Depth": "CHAIN","@Type": "BOTH"}
+              "sc.AddRevocationInformation": {"@Type": "BOTH"}
           },
           "InputDocuments": {"DocumentHash": {
               "dsig.DigestMethod": {"@Algorithm": "'$DIGEST_ALGO'"},