initial commit

1 files changed, 249 insertions, 0 deletions

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
new file mode 100644
index 0000000..49e5ecc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmssign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * An object providing auxiliary information for creating a CMS signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureCreationProfileImpl
+  implements CMSSignatureCreationProfile {
+
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The MIME type of the data to be signed*/
+  private String mimeType;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */
+  private boolean includeData;
+  /** Digest Method algorithm  */
+  private String digestMethod;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public CMSSignatureCreationProfileImpl(
+    Set keySet,
+    String digestMethod,
+    List signedProperties,
+    boolean securityLayerConform,
+    boolean includeData,
+    String mimeType) {
+	  this.keySet = keySet;
+	  this.signedProperties = signedProperties;
+	  this.securityLayerConform = securityLayerConform;
+	  this.includeData = includeData;
+	  this.mimeType = mimeType;
+	  this.digestMethod = digestMethod;
+
+  }
+
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+	  
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+      	if (digestMethod.compareTo("SHA-1") == 0) {
+    		Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethod.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethod,
+         			null,
+         	        null);
+         }
+  
+
+  }
+
+
+ 
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+ 
+  public void setDigestMethod(String digestMethod) {
+	  this.digestMethod = digestMethod;
+  }
+ 
+
+  public String getMimeType() {
+	  return mimeType;
+  }
+
+  public boolean includeData() {
+	return this.includeData;
+  }
+
+}