From a544afcf4ad581ab7b76e85dc597ccf5643cd55a Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Mon, 6 May 2013 21:43:00 +0200 Subject: - Update MOA-SS Interface (CreateCMSignatureRequest) - Whitelisting in MOA-SPSS --- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 87 +++++ .../moa/spss/api/cmssign/CMSSignatureResponse.java | 41 +++ .../api/cmssign/CreateCMSSignatureRequest.java | 49 +++ .../api/cmssign/CreateCMSSignatureResponse.java | 42 +++ .../cmssign/CreateCMSSignatureResponseElement.java | 51 +++ .../moa/spss/api/cmssign/DataObjectInfo.java | 58 +++ .../moa/spss/api/cmssign/SingleSignatureInfo.java | 51 +++ .../spss/api/impl/CMSSignatureResponseImpl.java | 64 ++++ .../api/impl/CreateCMSSignatureRequestImpl.java | 77 ++++ .../api/impl/CreateCMSSignatureResponseImpl.java | 60 ++++ .../moa/spss/api/impl/DataObjectInfoCMSImpl.java | 69 ++++ .../moa/spss/api/impl/SPSSFactoryImpl.java | 49 +++ .../spss/api/impl/SingleSignatureInfoCMSImpl.java | 62 ++++ .../xmlbind/CreateCMSSignatureRequestParser.java | 247 +++++++++++++ .../xmlbind/CreateCMSSignatureResponseBuilder.java | 145 ++++++++ .../server/config/ConfigurationPartsBuilder.java | 3 +- .../cmssign/CMSSignatureCreationProfileImpl.java | 249 +++++++++++++ .../xmlsign/XMLSignatureCreationProfileImpl.java | 2 +- .../server/invoke/CMSSignatureCreationInvoker.java | 396 +++++++++++++++++++++ .../invoke/CMSSignatureVerificationInvoker.java | 3 +- .../invoke/CreateCMSSignatureResponseBuilder.java | 93 +++++ .../spss/server/invoke/IaikExceptionMapper.java | 3 +- .../invoke/VerifyCMSSignatureResponseBuilder.java | 5 +- .../moa/spss/server/service/AxisHandler.java | 3 +- .../server/service/SignatureCreationService.java | 88 +++++ 25 files changed, 1989 insertions(+), 8 deletions(-) create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java (limited to 'spss/server/serverlib/src/main/java/at') diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index fbf40be88..26cce1a82 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -35,6 +35,9 @@ import org.apache.commons.discovery.tools.DiscoverClass; import org.w3c.dom.Element; import org.w3c.dom.NodeList; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -137,6 +140,26 @@ public abstract class SPSSFactory { String keyIdentifier, List singleSignatureInfos); + /** + * Create a new CreateCMSSignatureRequest object. + * + * @param keyIdentifier The identifier for the key group to use for signing. + * @param singleSignatureInfos A List of + * SingleSignatureInfo objects containing information about a + * single signature to be created. + * @return The CreateCMSSignatureRequest containing the above + * data. + * + * @pre keyIdentifier != null && keyIdentifier.length() > 0 + * @pre singleSignatureInfos != null + * @pre forall Object o in singleSignatureInfos | + * o instanceof at.gv.egovernment.moa.spss.api.common.SingleSignatureInfo + * @post return != null + */ + public abstract CreateCMSSignatureRequest createCreateCMSSignatureRequest( + String keyIdentifier, + List singleSignatureInfos); + /** * Create a new SingleSignatureInfo object. * @@ -156,6 +179,23 @@ public abstract class SPSSFactory { public abstract SingleSignatureInfo createSingleSignatureInfo( List dataObjectInfos, CreateSignatureInfo createSignatureInfo, boolean securityLayerConform); + + /** + * Create a new SingleSignatureInfo object. + * + * @param dataObjectInfo The data object that will be signed. + * @param securityLayerConform If true, a Security Layer conform + * signature manifest is created, otherwise not. + * @return The SingleSignatureInfo containing the above data. + * + * @post return != null + */ + public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( + at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, + boolean securityLayerConform); + + + /** * Create a new DataObjectInfo object. @@ -181,6 +221,22 @@ public abstract class SPSSFactory { Content dataObject, CreateTransformsInfoProfile createTransformsInfoProfile); + /** + * Create a new DataObjectInfo object. + * + * @param structure The type of signature to create. + * @param dataObject The data object that will be signed. + * @return The DataObjectInfo containing the above data. + * + * @pre DataObjectInfo.STRUCTURE_DETACHED.equals(structure) || + * DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure) + * @pre dataObject != null + * @post return != null + */ + public abstract at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo( + String structure, + CMSDataObject dataObject); + /** * Create a new CreateTransformsInfoProfile object containing a * reference to a locally stored profile. @@ -321,6 +377,37 @@ public abstract class SPSSFactory { */ public abstract CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements); + + /** + * Create a new CreateCMSSignatureResponse object. + * + * @param responseElements The elements of the response, either + * CMSSignatureResponse objects, or + * ErrorResponse objects. + * @return The new CreateCMSSignatureResponse containing the + * above data. + * + * @pre responseElements != null && responseElements.size() > 0 + * @pre forall Object o in responseElements | + * o instanceof at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse + * @post return != null + */ + public abstract CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements); + + + /** + * Create a new SignatureEnvironmentResponse object. + * + * @param signatureEnvironment The signature environment containing the + * signature. + * @return The SignatureEnvironmentResponse containing the + * signatureEnvironment. + * + * @pre signatureEnvironment != null + * @post return != null + */ + public abstract CMSSignatureResponse createCMSSignatureResponse(String base64value); + /** * Create a new SignatureEnvironmentResponse object. * diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java new file mode 100644 index 000000000..10db67627 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java @@ -0,0 +1,41 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + + +/** + * Contains the signature if the signature creation was successful. + * + * @version $Id$ + */ +public interface CMSSignatureResponse + extends CreateCMSSignatureResponseElement { + /** + * Gets the CMS signature (Base64 encoded). + * + * @return The CMS signature + */ + public String getCMSSignature(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java new file mode 100644 index 000000000..9d5cd7a0d --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java @@ -0,0 +1,49 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + +import java.util.List; + + +/** + * Object that encapsulates a request to create a CMS Signature. + * + * + * @version $Id$ + */ +public interface CreateCMSSignatureRequest { + /** + * Gets the identifier for the keys to be used for the signature. + * + * @return The identifier for the keys to be used. + */ + public String getKeyIdentifier(); + /** + * Gets the information of the singleSignatureInfo elements. + * + * @return The information of singleSignatureInfo elements. + */ + public List getSingleSignatureInfos(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java new file mode 100644 index 000000000..6062a1162 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java @@ -0,0 +1,42 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + +import java.util.List; + +/** + * Object that encapsulates the response on to a + * CreateCMSSignatureRequest to create an XML signature. + * + * @version $Id$ + */ +public interface CreateCMSSignatureResponse { + /** + * Gets the response elements. + * + * @return The response elements. + */ + public List getResponseElements(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java new file mode 100644 index 000000000..8e4e61145 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java @@ -0,0 +1,51 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + +/** + * Base class for CMSSignature and + * ErrorResponse elements in a + * CreateXMLSignatureResponse. + * + * @version $Id$ + */ +public interface CreateCMSSignatureResponseElement { + /** + * Indicates that this object contains a CMSSignature. + */ + public static final int CMS_SIGNATURE = 0; + /** + * Indicates that this objet contains an ErrorResponse. + */ + public static final int ERROR_RESPONSE = 1; + + /** + * Gets the type of response object. + * + * @return The type of response object, either + * CMS_SIGNATURE or ERROR_RESPONSE. + */ + public int getResponseType(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java new file mode 100644 index 000000000..b9f363061 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java @@ -0,0 +1,58 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; + +/** + * Encapsulates information required to create a single signature. + * + * @version $Id$ + */ +public interface DataObjectInfo { + /** + * Indicates that a detached signature will be created. + */ + public static final String STRUCTURE_DETACHED = "detached"; + /** + * Indicates that an enveloping signature will be created. + */ + public static final String STRUCTURE_ENVELOPING = "enveloping"; + + /** + * Gets the structure of the signature. + * + * @return The structure of the signature. + */ + public String getStructure(); + + /** + * Gets information related to a single data object. + * + * @return Information related to a single data object. + */ + public CMSDataObject getDataObject(); + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java new file mode 100644 index 000000000..1f87a50ca --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java @@ -0,0 +1,51 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.cmssign; + + + +/** + * Encapsulates data to create a single signature. + * + * @author Patrick Peck + * @author Stephan Grill + * @version $Id$ + */ +public interface SingleSignatureInfo { + /** + * Gets the dataObjectInfo information. + * + * @return The dataObjectInfo information. + */ + public DataObjectInfo getDataObjectInfo(); + + /** + * Check whether a Security Layer conform signature manifest will be created. + * + * @return true, if a Security Layer conform signature manifest + * will be created, false otherwise. + */ + public boolean isSecurityLayerConform(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java new file mode 100644 index 000000000..b512dd0bd --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java @@ -0,0 +1,64 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; + +/** + * Default implementation of CMSSignatureResponse. + * + * @version $Id$ + */ +public class CMSSignatureResponseImpl + implements CMSSignatureResponse { + + /** The base64 value of the CMS signature. */ + private String cmsSignature; + + /** + * Sets the CMS signature. + * + * @param cmsSignature The Base64 encoded value CMS signature. + */ + public void setCMSSignature(String cmsSignature) { + this.cmsSignature = cmsSignature; + } + + public String getCMSSignature() { + return cmsSignature; + } + + /** + * Gets the type of CreateCMSSignatureResponseElement. + * + * @return CMS_SIGNATURE + */ + public int getResponseType() { + return CMS_SIGNATURE; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java new file mode 100644 index 000000000..e8408bc55 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java @@ -0,0 +1,77 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; + +/** + * Default implementation of CreateCMSSignatureRequest. + * + * @author Fatemeh Philippi + * @version $Id$ + */ +public class CreateCMSSignatureRequestImpl + implements CreateCMSSignatureRequest { + + /** The identifier for selecting the private keys for creating the signature.*/ + private String keyIdentifier; + /** Information for creating a single signature. */ + private List singleSignatureInfos = new ArrayList(); + + /** + * Sets the identifier for selecting the private keys for creating the + * signature. + * + * @param keyIdentifier The identifier for selecting the private keys. + */ + public void setKeyIdentifier(String keyIdentifier) { + this.keyIdentifier = keyIdentifier; + } + + public String getKeyIdentifier() { + return keyIdentifier; + } + + /** + * Sets the information for creating single signatures. + * + * @param singleSignaureInfos The information for creating single signatures. + */ + public void setSingleSignatureInfos(List singleSignaureInfos) { + this.singleSignatureInfos = + singleSignaureInfos != null + ? Collections.unmodifiableList(new ArrayList(singleSignaureInfos)) + : null; + } + + public List getSingleSignatureInfos() { + return singleSignatureInfos; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java new file mode 100644 index 000000000..d596058c6 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; + +/** + * Default implementation of CreateCMSSignatureResponse. + * + * @version $Id$ + */ +public class CreateCMSSignatureResponseImpl + implements CreateCMSSignatureResponse { + + /** The elements contained in the response. */ + private List responseElements = new ArrayList(); + + /** + * Sets the elements contained in the response. + * + * @param responseElements The response elements. + */ + public void setResponseElements(List responseElements) { + this.responseElements = + responseElements != null + ? Collections.unmodifiableList(new ArrayList(responseElements)) + : null; + } + + public List getResponseElements() { + return responseElements; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java new file mode 100644 index 000000000..702086b6f --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java @@ -0,0 +1,69 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; + +/** + * Default implementation of DataObjectInfo for CMS. + * + * @author Fatemeh Philippi + * @version $Id$ + */ +public class DataObjectInfoCMSImpl implements DataObjectInfo { + /** The signature structure type. */ + private String stucture; + /** The data object to be signed. */ + private CMSDataObject dataObject; + + /** + * Sets the signature structure type. + * + * @param structure The signature structure type. + */ + public void setStructure(String structure) { + this.stucture = structure; + } + + public String getStructure() { + return stucture; + } + + + /** + * Sets the data object to be signed. + * + * @param dataObject The data object to be signed. + */ + public void setDataObject(CMSDataObject dataObject) { + this.dataObject = dataObject; + } + + public CMSDataObject getDataObject() { + return dataObject; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index a23a1d98f..7c1208e8f 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.spss.api.impl; import java.io.InputStream; + import java.math.BigInteger; import java.security.cert.X509Certificate; import java.util.Date; @@ -35,6 +36,9 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -90,6 +94,32 @@ public class SPSSFactoryImpl extends SPSSFactory { createXMLSignatureRequest.setSingleSignatureInfos(singleSignatureInfos); return createXMLSignatureRequest; } + + public CreateCMSSignatureRequest createCreateCMSSignatureRequest( + String keyIdentifier, + List singleSignatureInfos) { + CreateCMSSignatureRequestImpl createCMSSignatureRequest = + new CreateCMSSignatureRequestImpl(); + createCMSSignatureRequest.setKeyIdentifier(keyIdentifier); + createCMSSignatureRequest.setSingleSignatureInfos(singleSignatureInfos); + return createCMSSignatureRequest; + + } + + public CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements) { + CreateCMSSignatureResponseImpl createCMSSignatureResponse = new CreateCMSSignatureResponseImpl(); + createCMSSignatureResponse.setResponseElements(responseElements); + return createCMSSignatureResponse; + } + + + public CMSSignatureResponse createCMSSignatureResponse(String base64value) { + CMSSignatureResponseImpl cmsSignatureResponse = new CMSSignatureResponseImpl(); + cmsSignatureResponse.setCMSSignature(base64value); + + return cmsSignatureResponse; + } + public SingleSignatureInfo createSingleSignatureInfo( List dataObjectInfos, @@ -101,6 +131,16 @@ public class SPSSFactoryImpl extends SPSSFactory { singleSignatureInfo.setSecurityLayerConform(securityLayerConform); return singleSignatureInfo; } + + public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( + at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, + boolean securityLayerConform) { + SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl(); + singleSignatureInfo.setDataObjectInfo(dataObjectInfo); + singleSignatureInfo.setSecurityLayerConform(securityLayerConform); + return singleSignatureInfo; + } + public DataObjectInfo createDataObjectInfo( String structure, boolean childOfManifest, @@ -113,6 +153,15 @@ public class SPSSFactoryImpl extends SPSSFactory { dataObjectInfo.setCreateTransformsInfoProfile(createTransformsInfoProfile); return dataObjectInfo; } + + public at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo( + String structure, + CMSDataObject dataObject) { + DataObjectInfoCMSImpl dataObjectInfo = new DataObjectInfoCMSImpl(); + dataObjectInfo.setStructure(structure); + dataObjectInfo.setDataObject(dataObject); + return dataObjectInfo; + } public CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID) { diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java new file mode 100644 index 000000000..cb3651587 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java @@ -0,0 +1,62 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo; + +/** + * @version $Id$ + */ +public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo { + + private DataObjectInfo dataObjectInfo = null; + + + private boolean securityLayerConform = true; + + public void setDataObjectInfo(DataObjectInfo dataObjectInfo) { + this.dataObjectInfo = dataObjectInfo; + } + + public DataObjectInfo getDataObjectInfo() { + return dataObjectInfo; + } + + + + public void setSecurityLayerConform(boolean securityLayerConform) { + this.securityLayerConform = securityLayerConform; + } + + public boolean isSecurityLayerConform() { + return securityLayerConform; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java new file mode 100644 index 000000000..737915ecd --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java @@ -0,0 +1,247 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.xmlbind; + +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; +import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * A parser to parse CreateCMSSignatureRequest DOM trees into + * CreateCMSSignatureRequest API objects. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CreateCMSSignatureRequestParser { + + // + // XPath expresssions to select elements in the CreateCMSSignatureRequest + // + private static final String MOA = Constants.MOA_PREFIX + ":"; + private static final String KEY_IDENTIFIER_XPATH = + "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "KeyIdentifier"; + private static final String SINGLE_SIGNATURE_INFO_XPATH = + "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "SingleSignatureInfo"; + private static final String DATA_OBJECT_INFO_XPATH = MOA + "DataObjectInfo"; + private static final String DATA_OBJECT_XPATH = MOA + "DataObject"; + + private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity"; + + private static final String META_INFO_XPATH = MOA + "MetaInfo"; + private static final String CONTENT_XPATH = MOA + "Content"; + private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content"; + + + /** The factory to create API objects. */ + private SPSSFactory factory; + + /** + * Create a new CreateCMSSignatureRequestParser. + */ + public CreateCMSSignatureRequestParser() { + this.factory = SPSSFactory.getInstance(); + } + + /** + * Parse a CreateCMSSignatureRequest DOM element, as defined + * by the MOA schema. + * + * @param requestElem The CreateCMSSignatureRequest to parse. The + * request must have been successfully parsed against the schema for this + * method to succeed. + * @return A CreateCMSSignatureRequest API object containing + * the data from the DOM element. + * @throws MOAApplicationException An error occurred parsing the request. + */ + public CreateCMSSignatureRequest parse(Element requestElem) + throws MOAApplicationException { + + List singleSignatureInfos = parseSingleSignatureInfos(requestElem); + String keyIdentifier = + XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null); + + return factory.createCreateCMSSignatureRequest( + keyIdentifier, + singleSignatureInfos); + } + + /** + * Parse all SingleSignatureInfo elements of the + * CreateCMSSignatureRequest. + * + * @param requestElem The CreateCMSSignatureRequest to parse. + * @return A List of SingleSignatureInfo API + * objects. + * @throws MOAApplicationException An error occurred parsing on of the + * SingleSignatureInfo elements. + */ + private List parseSingleSignatureInfos(Element requestElem) + throws MOAApplicationException { + + List singleSignatureInfos = new ArrayList(); + NodeIterator sigInfoElems = + XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH); + Element sigInfoElem; + + while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) { + singleSignatureInfos.add(parseSingleSignatureInfo(sigInfoElem)); + } + + return singleSignatureInfos; + } + + /** + * Parse a SingleSignatureInfo DOM element. + * + * @param sigInfoElem The SingleSignatureInfo DOM element to + * parse. + * @return A SingleSignatureInfo API object containing the + * information of sigInfoElem. + * @throws MOAApplicationException An error occurred parsing the + * SingleSignatureInfo. + */ + private SingleSignatureInfo parseSingleSignatureInfo(Element sigInfoElem) + throws MOAApplicationException { + + DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem); + boolean securityLayerConform; + + if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) { + securityLayerConform = + BoolUtils.valueOf(sigInfoElem.getAttribute(SL_CONFORM_ATTR_NAME)); + } else { + securityLayerConform = true; + } + + return factory.createSingleSignatureInfoCMS( + dataObjectInfo, + securityLayerConform); + } + + /** + * Parse the DataObjectInfo DOM elements contained in the given + * SingleSignatureInfo DOM element. + * + * @param sigInfoElem The SingleSignatureInfo DOM element + * whose DataObjectInfos to parse. + * @return A List of DataObjectInfo API objects + * containing the data from the DataObjectInfo DOM elements. + * @throws MOAApplicationException An error occurred parsing one of the + * DataObjectInfos. + */ + private DataObjectInfo parseDataObjectInfo(Element sigInfoElem) + throws MOAApplicationException { + + Element dataObjInfoElem = (Element)XPathUtils.selectSingleNode(sigInfoElem, DATA_OBJECT_INFO_XPATH); + + String structure = dataObjInfoElem.getAttribute("Structure"); + Element dataObjectElem = + (Element) XPathUtils.selectSingleNode(dataObjInfoElem, DATA_OBJECT_XPATH); + + CMSDataObject dataObject = parseDataObject(dataObjectElem); + + return factory.createDataObjectInfo( + structure, + dataObject); + + } + + + + + + /** + * Parse a the DataObject DOM element contained in a given + * CreateCMSSignatureRequest DOM element. + * + * @param requestElem The DataObject DOM element of the VerifyCMSSignatureRequest + * to parse. + * @return The CMSDataObject API object containing the data + * from the DataObject DOM element. + */ + private CMSDataObject parseDataObject(Element dataObjectElem) { + + if (dataObjectElem != null) { + Element metaInfoElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, META_INFO_XPATH); + MetaInfo metaInfo = null; + Element contentElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, CONTENT_XPATH); + CMSContent content = parseContent(contentElem); + + if (metaInfoElem != null) { + metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem); + } + + return factory.createCMSDataObject(metaInfo, content); + } + else { + return null; + } + } + + + + /** + * Parse the content contained in a CMSContentBaseType kind of + * DOM element. + * + * @param contentElem The CMSContentBaseType kind of element to + * parse. + * @return A CMSDataObject API object containing the data + * from the given DOM element. + */ + private CMSContent parseContent(Element contentElem) { + Element base64ContentElem = + (Element) XPathUtils.selectSingleNode(contentElem, BASE64_CONTENT_XPATH); + + if (base64ContentElem != null) { + String base64Str = DOMUtils.getText(base64ContentElem); + InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true); + return factory.createCMSContent(binaryContent); + } else { + return factory.createCMSContent( + contentElem.getAttribute("Reference")); + } + } + +} \ No newline at end of file diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java new file mode 100644 index 000000000..907f90d32 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java @@ -0,0 +1,145 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.api.xmlbind; + +import java.io.IOException; +import java.util.Iterator; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement; +import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; +import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * Convert a CreateCMSSignatureResponse API object into its + * XML representation, according to the MOA XML schema. + * + * @version $Id$ + */ +public class CreateCMSSignatureResponseBuilder { + private static final String MOA_NS_URI = Constants.MOA_NS_URI; + + /** The XML document containing the response element. */ + private Document responseDoc; + /** The response CreateCMSSignatureResponse DOM element. */ + private Element responseElem; + + /** + * Create a new CreateCMSSignatureResponseBuilder: + * + * @throws MOASystemException An error occurred setting up the resulting + * XML document. + */ + public CreateCMSSignatureResponseBuilder() throws MOASystemException { + responseDoc = + ResponseBuilderUtils.createResponse("CreateCMSSignatureResponse"); + responseElem = responseDoc.getDocumentElement(); + } + + /** + * Build a document containing a CreateCMSSignatureResponse + * DOM element being the XML representation of the given + * CreateCMSSignatureResponse API object. + * + * @param response The CreateCMSSignatureResponse to convert + * to XML. + * @return A document containing the CreateCMSSignatureResponse + * DOM element. + */ + public Document build(CreateCMSSignatureResponse response) { + Iterator iter; + + + for (iter = response.getResponseElements().iterator(); iter.hasNext();) { + CreateCMSSignatureResponseElement responseElement = + (CreateCMSSignatureResponseElement) iter.next(); + + switch (responseElement.getResponseType()) { + case CreateCMSSignatureResponseElement.CMS_SIGNATURE : + CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement; + addCMSSignature(cmsSignatureResponse); + break; + + case CreateCMSSignatureResponseElement.ERROR_RESPONSE : + ErrorResponse errorResponse = (ErrorResponse) responseElement; + addErrorResponse(errorResponse); + break; + } + + } + + return responseDoc; + } + + + + /** + * Add a CMSSignature element to the response. + * + * @param cmsSignatureResponse The content to put under the + * CMSSignature element. + */ + private void addCMSSignature(CMSSignatureResponse cmsSignatureResponse) { + String base64Value = cmsSignatureResponse.getCMSSignature(); + + Element cmsSignature = responseDoc.createElementNS(MOA_NS_URI, "CMSSignature"); + cmsSignature.setTextContent(base64Value); + + responseElem.appendChild(cmsSignature); + +} + + /** + * Add a ErrorResponse element to the response. + * + * @param errorResponse The API object containing the information to put into + * the ErrorResponse DOM element. + */ + private void addErrorResponse(ErrorResponse errorResponse) { + Element errorElem = + responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse"); + Element errorCodeElem = + responseDoc.createElementNS(MOA_NS_URI, "ErrorCode"); + Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info"); + String errorCodeStr = Integer.toString(errorResponse.getErrorCode()); + + errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr)); + errorElem.appendChild(errorCodeElem); + infoElem.appendChild(responseDoc.createTextNode(errorResponse.getInfo())); + errorElem.appendChild(errorCodeElem); + errorElem.appendChild(infoElem); + responseElem.appendChild(errorElem); + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index bc53ca4f9..4fcc5daa9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -548,8 +548,7 @@ public class ConfigurationPartsBuilder { } - // set whitelist for iaik-moa - // TODO + // TODO set whitelist for iaik-moa // ExternalReferenceChecker.setWhitelist(whiteListIaikMoa); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java new file mode 100644 index 000000000..49e5ecc10 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -0,0 +1,249 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.cmssign; + +import iaik.server.modules.algorithms.SignatureAlgorithms; +import iaik.server.modules.cmssign.CMSSignatureCreationProfile; +import iaik.server.modules.keys.AlgorithmUnavailableException; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; +import iaik.server.modules.keys.UnknownKeyException; + +import java.util.List; +import java.util.Set; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; + +/** + * An object providing auxiliary information for creating a CMS signature. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CMSSignatureCreationProfileImpl + implements CMSSignatureCreationProfile { + + /** The set of keys available to the signing process. */ + private Set keySet; + /** The MIME type of the data to be signed*/ + private String mimeType; + /** Whether the created signature is to be Security Layer conform. */ + private boolean securityLayerConform; + /** Properties to be signed during signature creation. */ + private List signedProperties; + /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */ + private boolean includeData; + /** Digest Method algorithm */ + private String digestMethod; + + + /** + * Create a new XMLSignatureCreationProfileImpl. + * + * @param createProfileCount Provides external information about the + * number of calls to the signature creation module, using the same request. + * @param reservedIDs The set of IDs that must not be used while generating + * new IDs. + */ + public CMSSignatureCreationProfileImpl( + Set keySet, + String digestMethod, + List signedProperties, + boolean securityLayerConform, + boolean includeData, + String mimeType) { + this.keySet = keySet; + this.signedProperties = signedProperties; + this.securityLayerConform = securityLayerConform; + this.includeData = includeData; + this.mimeType = mimeType; + this.digestMethod = digestMethod; + + } + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet() + */ + public Set getKeySet() { + return keySet; + } + + /** + * Set the set of KeyEntryIDs which may be used for signature + * creation. + * + * @param keySet The set of KeyEntryIDs to set. + */ + public void setKeySet(Set keySet) { + this.keySet = keySet; + } + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID) + */ + public String getSignatureAlgorithmName(KeyEntryID selectedKeyID) + throws AlgorithmUnavailableException { + + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + TransactionId tid = new TransactionId(context.getTransactionID()); + KeyModule module = KeyModuleFactory.getInstance(tid); + Set algorithms; + + try { + algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID); + } catch (UnknownKeyException e) { + throw new AlgorithmUnavailableException( + "Unknown key entry: " + selectedKeyID, + e, + null); + } + + if (digestMethod.compareTo("SHA-1") == 0) { + Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); + + if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { + return SignatureAlgorithms.SHA1_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + + } else if (digestMethod.compareTo("SHA-256") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + return SignatureAlgorithms.SHA256_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { + return SignatureAlgorithms.SHA256_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethod.compareTo("SHA-384") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { + return SignatureAlgorithms.SHA384_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { + return SignatureAlgorithms.SHA384_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethod.compareTo("SHA-512") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + return SignatureAlgorithms.SHA512_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { + return SignatureAlgorithms.SHA512_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } + else { + throw new AlgorithmUnavailableException( + "No signature algorithm found for digest algorithm '" + digestMethod, + null, + null); + } + + + } + + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties() + */ + public List getSignedProperties() { + return signedProperties; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform() + */ + public boolean isSecurityLayerConform() { + return securityLayerConform; + } + + /** + * Sets the security layer conformity. + * + * @param securityLayerConform true, if the created signature + * is to be conform to the Security Layer specification. + */ + public void setSecurityLayerConform(boolean securityLayerConform) { + this.securityLayerConform = securityLayerConform; + } + + + public void setDigestMethod(String digestMethod) { + this.digestMethod = digestMethod; + } + + + public String getMimeType() { + return mimeType; + } + + public boolean includeData() { + return this.includeData; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index edc3922e2..7d0c5a062 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -201,7 +201,7 @@ public class XMLSignatureCreationProfileImpl else { // XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method if (digestMethodXAdES142.compareTo("SHA-1") == 0) { - Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); + Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { return SignatureAlgorithms.SHA1_WITH_RSA; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java new file mode 100644 index 000000000..e058c8a4b --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -0,0 +1,396 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.algorithms.HashAlgorithms; +import iaik.server.modules.cmssign.CMSSignature; +import iaik.server.modules.cmssign.CMSSignatureCreationException; +import iaik.server.modules.cmssign.CMSSignatureCreationModule; +import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory; +import iaik.server.modules.cmssign.CMSSignatureCreationProfile; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; +import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureResponseImpl; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; +import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfileImpl; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.Constants; + +/** + * A class providing an API based interface to the + * CMSSignatureCreationModule. + * + * This class performs the invocation of the + * iaik.server.modules.cmssign.CMSSignatureCreationModule from a + * CreateCMSSignatureRequest given as an API object. The result of + * the invocation is integrated into a CreateCMSSignatureResponse + * and returned. + * + * @version $Id$ + */ +public class CMSSignatureCreationInvoker { + + private static Map HASH_ALGORITHM_MAPPING; + + static { + HASH_ALGORITHM_MAPPING = new HashMap(); + HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1); + HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256); + HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384); + HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512); + } + + + /** The single instance of this class. */ + private static CMSSignatureCreationInvoker instance = null; + + /** + * Get the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureCreationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureCreationInvoker(); + } + return instance; + } + + /** + * Create a new CMSSignatureCreationInvoker. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureCreationInvoker() { + } + + + + /** + * Process the CreateCMSSignatureRequest message and invoke the + * XMLSignatureCreationModule for every + * SingleSignatureInfo contained in the request. + * + * @param request A CreateCMSSignatureRequest API object + * containing the information for creating the signature(s). + * @param reserved A Set of reserved object IDs. + * + * @return A CreateCMSSignatureResponse API object containing + * the created signature(s). The response contains either a + * SignatureEnvironment or a ErrorResponse + * for each SingleSignatureInfo in the request. + * @throws MOAException An error occurred during signature creation. + */ + public CreateCMSSignatureResponse createCMSSignature( + CreateCMSSignatureRequest request, + Set reserved) + throws MOAException { + + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + //LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + + CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder(); + CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl(); + + boolean isSecurityLayerConform = false; + String structure = null; + String mimetype = null; + + // select the SingleSignatureInfo elements + Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator(); + + // iterate over all the SingleSignatureInfo elements in the request + while (singleSignatureInfoIter.hasNext()) { + SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next(); + isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform(); + + + DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo(); + structure = dataObjectInfo.getStructure(); + + CMSDataObject dataobject = dataObjectInfo.getDataObject(); + MetaInfo metainfo = dataobject.getMetaInfo(); + mimetype = metainfo.getMimeType(); + + CMSContent content = dataobject.getContent(); + InputStream contentIs = null; + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT : + contentIs = ((CMSContentExcplicit) content).getBinaryContent(); + break; + case CMSContent.REFERENCE_CONTENT : + String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + ExternalURIResolver resolver = new ExternalURIResolver(); + contentIs = resolver.resolve(reference); + } else { + throw new MOAApplicationException("2301", null); + } + break; + default : { + throw new MOAApplicationException("2301", null); + } + } + + // create CMSSignatureCreationModuleFactory + CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance(); + + List signedProperties = null; + boolean includeData = true; + if (structure.compareTo("enveloping") == 0) + includeData = true; + if (structure.compareTo("detached") == 0) + includeData = false; + + ConfigurationProvider config = context.getConfiguration(); + + // get the key group id + String keyGroupID = request.getKeyIdentifier(); + // set the key set + Set keySet = buildKeySet(keyGroupID); + if (keySet == null) { + throw new MOAApplicationException("2231", null); + } else if (keySet.size() == 0) { + throw new MOAApplicationException("2232", null); + } + + // get digest algorithm + String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); + + // create CMSSignatureCreation profile: + CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( + keySet, + digestAlgorithm, + signedProperties, + isSecurityLayerConform, + includeData, + mimetype); + + // create CMSSignature from the CMSSignatureCreationModule + // build the additionalSignedProperties + List additionalSignedProperties = buildAdditionalSignedProperties(); + TransactionId tid = new TransactionId(context.getTransactionID()); + try { + CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + // get CMS SignedData output stream from the CMSSignature and wrap it around out + boolean base64 = true; + OutputStream signedDataStream = signature.getSignature(out, base64); + + // now write the data to be signed to the signedDataStream + byte[] buf = new byte[4096]; + int bytesRead; + while ((bytesRead = contentIs.read(buf)) >= 0) { + signedDataStream.write(buf, 0, bytesRead); + } + + // finish SignedData processing by closing signedDataStream + signedDataStream.close(); + String base64value = out.toString(); + + responseBuilder.addCMSSignature(base64value); + + + } catch (CMSSignatureCreationException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + + responseBuilder.addError( + moaException.getMessageId(), + moaException.getMessage()); + Logger.warn(moaException.getMessage(), e); + + } + catch (IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + + return responseBuilder.getResponse(); + } + + + private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException { + // get digest method on key group level (if configured) + String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm(); + // get default digest method (if configured) + String configDigestMethod = config.getDigestMethodAlgorithmName(); + + + String digestMethod = null; + if (configDigestMethodKG != null) { + // if KG specific digest method is configured + digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG); + if (digestMethod == null) { + error( + "config.17", + new Object[] { configDigestMethodKG}); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)"); + } + else { + // else get default configured digest method + digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod); + if (digestMethod == null) { + error( + "config.17", + new Object[] { configDigestMethod}); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethod + "(default)"); + + } + return digestMethod; + } + + /** + * Utility function to issue an error message to the log. + * + * @param messageId The ID of the message to log. + * @param parameters Additional message parameters. + */ + private static void error(String messageId, Object[] parameters) { + MessageProvider msg = MessageProvider.getInstance(); + + Logger.error(new LogMsg(msg.getMessage(messageId, parameters))); + } + + /** + * Build the set of KeyEntryIDs available to the given + * keyGroupID. + * + * @param keyGroupID The keygroup ID for which the available keys should be + * returned. + * @return The Set of KeyEntryIDs + * identifying the available keys. + */ + private Set buildKeySet(String keyGroupID) { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + Set keyGroupEntries; + + // get the KeyGroup entries from the configuration + if (context.getClientCertificate() != null) { + X509Certificate cert = context.getClientCertificate()[0]; + Principal issuer = cert.getIssuerDN(); + BigInteger serialNumber = cert.getSerialNumber(); + + keyGroupEntries = + config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); + } else { + keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); + } + + // map the KeyGroup entries to a set of KeyEntryIDs + if (keyGroupEntries == null) { + return null; + } else if (keyGroupEntries.size() == 0) { + return Collections.EMPTY_SET; + } else { + KeyModule module = + KeyModuleFactory.getInstance( + new TransactionId(context.getTransactionID())); + Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + Set keySet = new HashSet(); + Iterator iter; + + // filter out the keys that do not exist in the IAIK configuration + // by walking through the key entries and checking if the exist in the + // keyGroupEntries + for (iter = keyEntryIDs.iterator(); iter.hasNext();) { + KeyEntryID entryID = (KeyEntryID) iter.next(); + KeyGroupEntry entry = + new KeyGroupEntry( + entryID.getModuleID(), + entryID.getCertificateIssuer(), + entryID.getCertificateSerialNumber()); + if (keyGroupEntries.contains(entry)) { + keySet.add(entryID); + } + } + return keySet; + } + } + + /** + * Build the list of additional signed properties. + * + * Based on the generic configuration setting + * ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY, a + * constant SigningTime will be added to the properties. + * + * @return The List of additional signed properties. + */ + private List buildAdditionalSignedProperties() { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + List additionalSignedProperties = Collections.EMPTY_LIST; + + return additionalSignedProperties; + } + +} \ No newline at end of file diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 2c4bbd4eb..c979d8407 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -136,7 +136,7 @@ public class CMSSignatureVerificationInvoker { try { // get the signed content signedContent = getSignedContent(request); - + // build the profile profile = profileFactory.createProfile(); @@ -159,6 +159,7 @@ public class CMSSignatureVerificationInvoker { while (input.read(buf) > 0); results = module.verifySignature(signingTime); + } catch (IAIKException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java new file mode 100644 index 000000000..aa52fe09a --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java @@ -0,0 +1,93 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; + +/** + * A class to build a CreateCMSSignatureResponse. + * + *

The methods addSignature() and addError() may be + * called in any combination to add CMSignature and + * ErrorResponse elements to the response. One of these functions + * must be called at least once to produce a + * CreateCMSSignatureResponse.

+ * + *

The getResponseElement() method then returns the + * CreateXMLSignatureResponse built so far.

+ * + * @author Patrick Peck + * @version $Id$ + */ +public class CreateCMSSignatureResponseBuilder { + + /** The SPSSFactory for creating API objects. */ + private SPSSFactory factory = SPSSFactory.getInstance(); + /** The elements to add to the response. */ + private List responseElements = new ArrayList(); + + /** + * Get the CreateCMSSignatureResponse built so far. + * + * @return The CreateCMSSignatureResponse built so far. + */ + public CreateCMSSignatureResponse getResponse() { + return factory.createCreateCMSSignatureResponse(responseElements); + } + + /** + * Add a SignatureEnvironment element to the response. + * + * @param signatureEnvironment The content to put under the + * SignatureEnvironment element. This should either be a + * dsig:Signature element (in case of a detached signature) or + * the signature environment containing the signature (in case of + * an enveloping signature). + */ + public void addCMSSignature(String base64value) { + CMSSignatureResponse responseElement = + factory.createCMSSignatureResponse(base64value); + responseElements.add(responseElement); + } + + /** + * Add a ErrorResponse element to the response. + * + * @param errorCode The error code. + * @param info Additional information about the error. + */ + public void addError(String errorCode, String info) { + ErrorResponse errorResponse = + factory.createErrorResponse(Integer.parseInt(errorCode), info); + responseElements.add(errorResponse); + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java index 869cfefa1..348cb84aa 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java @@ -85,7 +85,8 @@ public class IaikExceptionMapper { { iaik.server.modules.xmlverify.TransformationException.class, "2265", MOAApplicationException.class }, { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", MOAApplicationException.class }, { iaik.xml.crypto.tsl.ex.TSLEngineDiedException.class, "2290", MOAApplicationException.class }, - { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } + { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } , + { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", MOAApplicationException.class } , }; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 3b82c6caf..605716d5b 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -80,6 +80,7 @@ public class VerifyCMSSignatureResponseBuilder { public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL) throws MOAException { + CertificateValidationResult certResult = result.getCertificateValidationResult(); int signatureCheckCode = @@ -90,8 +91,7 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - - + boolean qualifiedCertificate = false; // verify qualified certificate checks (certificate or TSL) @@ -112,6 +112,7 @@ public class VerifyCMSSignatureResponseBuilder { certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), checkSSCDFromTSL); + // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java index 6bf2317b4..591e26ac2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java @@ -393,6 +393,7 @@ public class AxisHandler extends BasicHandler { try { String filename = MOA_SPSS_WSDL_RESOURCE_; + File file = new File(filename); if (file.exists()) { //if this resolves to a file, load it @@ -400,7 +401,7 @@ public class AxisHandler extends BasicHandler { } else { //else load a named resource in our classloader. instream = this.getClass().getResourceAsStream(filename); - if (instream == null) { + if (instream == null) { String errorText = Messages.getMessage("wsdlFileMissing", filename); throw new AxisFault(errorText); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java index 7a7bb88bb..e5b12bd8c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java @@ -35,10 +35,15 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureRequestParser; +import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; @@ -52,6 +57,89 @@ import at.gv.egovernment.moa.util.StreamUtils; * @version $Id$ */ public class SignatureCreationService { + + /** + * Handle a CreateXMLSignatureRequest. + * + * @param request The CreateXMLSignatureRequest to work on + * (contained in the 0th element of the array). + * @return A CreateXMLSignatureResponse as the only element of + * the Element array. + * @throws AxisFault An error occurred during handling of the message. + */ + public Element[] CreateCMSSignatureRequest(Element[] request) + throws AxisFault { + Logger.trace("---- Entering SignatureCreationService"); + CMSSignatureCreationInvoker invoker = + CMSSignatureCreationInvoker.getInstance(); + Element[] response = new Element[1]; + + // check that we have a CreateXMLSignatureRequest; if not, create an + // AxisFault, just like the org.apache.axis.providers.java.MsgProvider + if (!Constants.MOA_SPSS_CREATE_CMS_REQUEST.equals(request[0].getLocalName()) || + !Constants.MOA_NS_URI.equals(request[0].getNamespaceURI())) + { + QName qname = + new QName(request[0].getNamespaceURI(), request[0].getLocalName()); + throw new AxisFault( + Messages.getMessage("noOperationForQName", qname.toString())); // TODO GK Operation name does not make it into the error repsonse + } + + // handle the request + try { + + // create a parser and builder for binding API objects to/from XML + CreateCMSSignatureRequestParser requestParser = + new CreateCMSSignatureRequestParser(); + CreateCMSSignatureResponseBuilder responseBuilder = + new CreateCMSSignatureResponseBuilder(); + Element reparsedReq; + CreateCMSSignatureRequest requestObj; + CreateCMSSignatureResponse responseObj; + + //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler. + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + + // validate the request + reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest()); + + // convert to API objects + Logger.trace(">>> preparsing Request"); + requestObj = requestParser.parse(reparsedReq); + Logger.trace("<<< preparsed Request"); + + Logger.trace(">>> creating Signature"); + // invoke the core logic + responseObj = invoker.createCMSSignature(requestObj, Collections.EMPTY_SET); + Logger.trace("<<< created Signature"); + + Logger.trace(">>> building Response"); + // map back to XML + response[0] = responseBuilder.build(responseObj).getDocumentElement(); + Logger.trace("<<< built Response"); + + // save response in transaction + context.setResponse(response[0]); + Logger.trace("---- Leaving SignatureCreationService"); + + + } catch (MOAException e) { + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" + + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e)); + throw fault; + } catch (Throwable t) { + MOASystemException e = new MOASystemException("2900", null, t); + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" + + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e)); + throw fault; + } + + return response; + } /** * Handle a CreateXMLSignatureRequest. -- cgit v1.2.3