feat(cades): update create CAdES request-processing for data-by-reference

Reason: call-by-reference feature can be use to include data sended by using SOAP attachements
author: Thomas <> 2024-06-27 08:03:55 +0200
committer: Thomas <> 2024-06-27 08:03:55 +0200
commit: 275692a8608c99b77c0875d619f9b91044a5b009 (patch)
tree: 7f9a73ec07cc76f10249f75bd2d4b7fdcde8330d
parent: eb2742866807fa84db08a2d9b6b32427a970de87 (diff)
download: moa-sig-275692a8608c99b77c0875d619f9b91044a5b009.tar.gz
moa-sig-275692a8608c99b77c0875d619f9b91044a5b009.tar.bz2
moa-sig-275692a8608c99b77c0875d619f9b91044a5b009.zip
1 files changed, 51 insertions, 20 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 2e7445e..5624f45 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -40,6 +40,7 @@ import java.util.Map;
 import java.util.Set;
 
 import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
 
 import at.gv.egovernment.moa.spss.MOAApplicationException;
 import at.gv.egovernment.moa.spss.MOAException;
@@ -74,6 +75,8 @@ import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
 import iaik.server.modules.keys.KeyEntryID;
 import iaik.server.modules.keys.KeyModule;
 import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
 
 /**
  * A class providing an API based interface to the
@@ -190,26 +193,7 @@ public class CMSSignatureCreationInvoker {
         Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature");
       }
 
-      final CMSContent content = dataobject.getContent();
-      InputStream contentIs = null;
-      // build the content data
-      switch (content.getContentType()) {
-        case CMSContent.EXPLICIT_CONTENT:
-          contentIs = ((CMSContentExcplicit) content).getBinaryContent();
-          break;
-        case CMSContent.REFERENCE_CONTENT:
-          final String reference = ((CMSContentReference) content).getReference();
-          if (!"".equals(reference)) {
-            final ExternalURIResolver resolver = new ExternalURIResolver();
-            contentIs = resolver.resolve(reference);
-          } else {
-            throw new MOAApplicationException("2301", null);
-          }
-          break;
-        default: {
-          throw new MOAApplicationException("2301", null);
-        }
-      }
+      InputStream contentIs = readContentToSign(dataobject.getContent(), context);
 
       // create CMSSignatureCreationModuleFactory
       final CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance();
@@ -291,6 +275,53 @@ public class CMSSignatureCreationInvoker {
     return responseBuilder.getResponse();
   }
 
+  private InputStream readContentToSign(CMSContent content, TransactionContext context)
+      throws MOAApplicationException {
+    InputStream contentIs = null;
+    // build the content data
+    switch (content.getContentType()) {
+      case CMSContent.EXPLICIT_CONTENT:
+        contentIs = ((CMSContentExcplicit) content).getBinaryContent();
+        break;
+
+      case CMSContent.REFERENCE_CONTENT:
+        final String reference = ((CMSContentReference) content).getReference();
+        if (StringUtils.isNotEmpty(reference) && reference.startsWith("cid:")) {
+          try {
+            URI uri = new URI(reference);
+            Logger.trace("Selecting attachement with Id: " + uri.getPath() + " ...");
+            contentIs = context.getAttachmentInputStream(uri);
+            if (contentIs == null) {
+              Logger.warn("No attachment with Id: " + reference);
+              throw new MOAApplicationException("2301", null);
+
+            }
+
+          } catch (URIException e) {
+            Logger.warn("Can not get attachment with Id: " + reference);
+            throw new MOAApplicationException("2301", null, e);
+
+          }
+
+        } else if (StringUtils.isNotEmpty(reference)) {
+          final ExternalURIResolver resolver = new ExternalURIResolver();
+          contentIs = resolver.resolve(reference);
+
+        } else {
+          throw new MOAApplicationException("2301", null);
+
+        }
+        break;
+
+      default: {
+        throw new MOAApplicationException("2301", null);
+      }
+    }
+
+    return contentIs;
+
+  }
+
   private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
     final BigDecimal from = dataobject.getExcludeByteRangeFrom();
     final BigDecimal to = dataobject.getExcludeByteRangeTo();
author	Thomas <>	2024-06-27 08:03:55 +0200
committer	Thomas <>	2024-06-27 08:03:55 +0200
commit	275692a8608c99b77c0875d619f9b91044a5b009 (patch)
tree	7f9a73ec07cc76f10249f75bd2d4b7fdcde8330d
parent	eb2742866807fa84db08a2d9b6b32427a970de87 (diff)
download	moa-sig-275692a8608c99b77c0875d619f9b91044a5b009.tar.gz moa-sig-275692a8608c99b77c0875d619f9b91044a5b009.tar.bz2 moa-sig-275692a8608c99b77c0875d619f9b91044a5b009.zip