aboutsummaryrefslogtreecommitdiff
path: root/spss/server/serverlib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv/egovernment')
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java5
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java10
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java21
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java8
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java18
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java19
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java57
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java79
8 files changed, 193 insertions, 24 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index b5cc96a04..d41891167 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.spss.api;
import java.io.InputStream;
+import java.math.BigDecimal;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Date;
@@ -481,7 +482,9 @@ public abstract class SPSSFactory {
*/
public abstract CMSDataObject createCMSDataObject(
MetaInfo metaInfo,
- CMSContent content);
+ CMSContent content,
+ BigDecimal excludeByteRangeFrom,
+ BigDecimal excludeByteRangeTo);
/**
* Create a new <code>CMSContent</code> object from the data contained at the
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java
index 0c4b2ce6d..f9a684676 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.spss.api.cmsverify;
+import java.math.BigDecimal;
+
import at.gv.egovernment.moa.spss.api.common.MetaInfo;
/**
@@ -46,4 +48,10 @@ public interface CMSDataObject {
* @return The actual content.
*/
public CMSContent getContent();
-}
+
+
+ public BigDecimal getExcludeByteRangeFrom();
+
+ public BigDecimal getExcludeByteRangeTo();
+
+ }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java
index 0e89885c8..20a9b5654 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.spss.api.impl;
+import java.math.BigDecimal;
+
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.common.MetaInfo;
@@ -40,6 +42,9 @@ public class CMSDataObjectImpl implements CMSDataObject {
private MetaInfo metaInfo;
/** The <code>CMSContent</code> contained in this data object. */
private CMSContent cmsContent;
+
+ private BigDecimal excludeByteRangeFrom;
+ private BigDecimal excludeByteRangeTo;
/**
* Sets the meta information associated with the CMS data object.
@@ -67,4 +72,20 @@ public class CMSDataObjectImpl implements CMSDataObject {
return cmsContent;
}
+ public void setExcludeByteRangeFrom(BigDecimal excludeByteRangeFrom) {
+ this.excludeByteRangeFrom = excludeByteRangeFrom;
+ }
+
+ public BigDecimal getExcludeByteRangeFrom() {
+ return excludeByteRangeFrom;
+ }
+
+ public void setExcludeByteRangeTo(BigDecimal excludeByteRangeTo) {
+ this.excludeByteRangeTo = excludeByteRangeTo;
+ }
+
+ public BigDecimal getExcludeByteRangeTo() {
+ return excludeByteRangeTo;
+ }
+
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index 8e3bb7636..ac3d4c940 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -25,7 +25,7 @@
package at.gv.egovernment.moa.spss.api.impl;
import java.io.InputStream;
-
+import java.math.BigDecimal;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Date;
@@ -273,11 +273,15 @@ public class SPSSFactoryImpl extends SPSSFactory {
public CMSDataObject createCMSDataObject(
MetaInfo metaInfo,
- CMSContent content) {
+ CMSContent content,
+ BigDecimal excludeByteRangeFrom,
+ BigDecimal excludeByteRangeTo) {
CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl();
cmsDataObject.setMetaInfo(metaInfo);
cmsDataObject.setContent(content);
+ cmsDataObject.setExcludeByteRangeFrom(excludeByteRangeFrom);
+ cmsDataObject.setExcludeByteRangeTo(excludeByteRangeTo);
return cmsDataObject;
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
index 737915ecd..a8cae9c4e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.spss.api.xmlbind;
import java.io.InputStream;
+import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.List;
@@ -38,7 +39,6 @@ import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
-import at.gv.egovernment.moa.spss.api.common.Content;
import at.gv.egovernment.moa.spss.api.common.MetaInfo;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.BoolUtils;
@@ -71,6 +71,9 @@ public class CreateCMSSignatureRequestParser {
private static final String META_INFO_XPATH = MOA + "MetaInfo";
private static final String CONTENT_XPATH = MOA + "Content";
private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content";
+ private static final String EXCLUDEBYTERANGE_FROM_XPATH = MOA + "ExcludedByteRange/" + MOA + "From";
+ private static final String EXCLUDEBYTERANGE_TO_XPATH = MOA + "ExcludedByteRange/" + MOA + "To";
+
/** The factory to create API objects. */
@@ -212,7 +215,18 @@ public class CreateCMSSignatureRequestParser {
metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
}
- return factory.createCMSDataObject(metaInfo, content);
+ String excludeByteRangeFromStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_FROM_XPATH, null);
+ String excludeByteRangeToStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_TO_XPATH, null);
+
+ BigDecimal excludeByteRangeFrom = null;
+ BigDecimal excludeByteRangeTo = null;
+
+ if (excludeByteRangeFromStr != null)
+ excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
+ if (excludeByteRangeToStr != null)
+ excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
+
+ return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
}
else {
return null;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index d50a17ffc..6209d8ef9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.spss.api.xmlbind;
import java.io.InputStream;
+import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -65,6 +66,9 @@ public class VerifyCMSSignatureRequestParser {
private static final String META_INFO_XPATH = MOA + "MetaInfo";
private static final String CONTENT_XPATH = MOA + "Content";
private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content";
+ private static final String EXCLUDEBYTERANGE_FROM_XPATH = MOA + "ExcludedByteRange/" + MOA + "From";
+ private static final String EXCLUDEBYTERANGE_TO_XPATH = MOA + "ExcludedByteRange/" + MOA + "To";
+
/** The <code>SPSSFactory</code> for creating new API objects. */
private SPSSFactory factory = SPSSFactory.getInstance();
@@ -161,7 +165,20 @@ public class VerifyCMSSignatureRequestParser {
metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
}
- return factory.createCMSDataObject(metaInfo, content);
+ String excludeByteRangeFromStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_FROM_XPATH, null);
+ String excludeByteRangeToStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_TO_XPATH, null);
+
+ BigDecimal excludeByteRangeFrom = null;
+ BigDecimal excludeByteRangeTo = null;
+
+ if (excludeByteRangeFromStr != null)
+ excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
+ if (excludeByteRangeToStr != null)
+ excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
+
+ return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
+
+
} else {
return null;
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index e058c8a4b..718673a93 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -38,6 +38,7 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.math.BigDecimal;
import java.math.BigInteger;
import java.security.Principal;
import java.security.cert.X509Certificate;
@@ -51,8 +52,6 @@ import java.util.Set;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
@@ -238,12 +237,32 @@ public class CMSSignatureCreationInvoker {
OutputStream signedDataStream = signature.getSignature(out, base64);
// now write the data to be signed to the signedDataStream
- byte[] buf = new byte[4096];
- int bytesRead;
- while ((bytesRead = contentIs.read(buf)) >= 0) {
- signedDataStream.write(buf, 0, bytesRead);
- }
-
+
+ int byteRead;
+ BigDecimal counter = new BigDecimal("0");
+ BigDecimal one = new BigDecimal("1");
+
+ while ((byteRead=contentIs.read()) >= 0) {
+ //System.out.println("counterXX: " + counter);
+
+ if (inRange(counter, dataobject)) {
+ //System.out.println("Lösche...");
+ // set byte to 0x00
+ signedDataStream.write(0);
+ }
+ else
+ signedDataStream.write(byteRead);
+
+ counter = counter.add(one);
+ }
+
+
+// byte[] buf = new byte[4096];
+// int bytesRead;
+// while ((bytesRead = contentIs.read(buf)) >= 0) {
+// signedDataStream.write(buf, 0, bytesRead);
+// }
+//
// finish SignedData processing by closing signedDataStream
signedDataStream.close();
String base64value = out.toString();
@@ -269,6 +288,28 @@ public class CMSSignatureCreationInvoker {
return responseBuilder.getResponse();
}
+
+ private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
+ BigDecimal from = dataobject.getExcludeByteRangeFrom();
+ BigDecimal to = dataobject.getExcludeByteRangeTo();
+
+ if ( (from == null) || (to == null))
+ return false;
+
+ int compare = counter.compareTo(from);
+ if (compare == -1)
+ return false;
+ else {
+ compare = counter.compareTo(to);
+ if (compare == 1)
+ return false;
+ else
+ return true;
+ }
+
+
+
+ }
private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 7a4103957..0e5faf790 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -31,17 +31,16 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
import iaik.x509.X509Certificate;
-import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
-import iaik.xml.crypto.tsl.ex.TSLSearchException;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.math.BigDecimal;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
-import at.gv.egovernment.moa.logging.LogMsg;
-import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.logging.LoggingContext;
import at.gv.egovernment.moa.logging.LoggingContextManager;
import at.gv.egovernment.moa.spss.MOAApplicationException;
@@ -57,9 +56,7 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
-import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
-import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.spss.util.QCSSCDResult;
/**
@@ -273,6 +270,7 @@ public class CMSSignatureVerificationInvoker {
private InputStream getSignedContent(VerifyCMSSignatureRequest request)
throws MOAApplicationException {
+ InputStream is = null;
CMSDataObject dataObj;
CMSContent content;
@@ -282,23 +280,86 @@ public class CMSSignatureVerificationInvoker {
return null;
}
content = dataObj.getContent();
-
+
// build the content data
switch (content.getContentType()) {
case CMSContent.EXPLICIT_CONTENT :
- return ((CMSContentExcplicit) content).getBinaryContent();
+ is = ((CMSContentExcplicit) content).getBinaryContent();
+ is = excludeByteRange(is, request);
+ return is;
case CMSContent.REFERENCE_CONTENT :
String reference = ((CMSContentReference) content).getReference();
if (!"".equals(reference)) {
ExternalURIResolver resolver = new ExternalURIResolver();
- return resolver.resolve(reference);
+ is = resolver.resolve(reference);
+ is = excludeByteRange(is, request);
+ return is;
} else {
return null;
}
default :
return null;
}
+
+
+ }
+
+ private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException {
+
+ int byteRead;
+
+ ByteArrayOutputStream contentOs = new ByteArrayOutputStream();
+
+
+ BigDecimal counter = new BigDecimal("0");
+ BigDecimal one = new BigDecimal("1");
+
+ try {
+ while ((byteRead=contentIs.read()) >= 0) {
+
+ if (inRange(counter, request.getDataObject())) {
+ // if byte is in byte range, set byte to 0x00
+ contentOs.write(0);
+ }
+ else
+ contentOs.write(byteRead);
+
+ counter = counter.add(one);
+ }
+
+ InputStream is = new ByteArrayInputStream(contentOs.toByteArray());
+
+ return is;
+
+
+ } catch (IOException e) {
+ throw new MOAApplicationException("2301", null, e);
+ }
+
+ }
+
+
+ private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
+ BigDecimal from = dataobject.getExcludeByteRangeFrom();
+ BigDecimal to = dataobject.getExcludeByteRangeTo();
+
+ if ( (from == null) || (to == null))
+ return false;
+
+ int compare = counter.compareTo(from);
+ if (compare == -1)
+ return false;
+ else {
+ compare = counter.compareTo(to);
+ if (compare == 1)
+ return false;
+ else
+ return true;
+ }
+
+
+
}
}