A lot of moa sig stuff

1 files changed, 418 insertions, 337 deletions

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 905254e..906abbe 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -21,7 +21,6 @@
  * that you distribute must include a readable copy of the "NOTICE" text file.
  */
 
-
 package at.gv.egovernment.moa.spss.server.invoke;
 
 import iaik.server.modules.AdESFormVerificationResult;
@@ -34,6 +33,11 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
 import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult;
+import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile;
+import iaik.server.modules.pdfverify.PDFSignatureVerificationResult;
+import iaik.util.logging.Log;
+import iaik.server.modules.pdfverify.ExtendedPDFSignatureVerificationResult;
+import iaik.server.modules.pdfverify.PDFSignatureVerificationModule;
 import iaik.x509.X509Certificate;
 
 import java.io.ByteArrayInputStream;
@@ -50,10 +54,8 @@ import java.util.List;
 import org.apache.commons.codec.binary.Hex;
 import org.apache.commons.io.HexDump;
 import org.apache.commons.io.IOUtils;
+import org.slf4j.LoggerFactory;
 
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
 import at.gv.egovernment.moa.spss.MOAApplicationException;
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
@@ -70,14 +72,17 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
 import at.gv.egovernment.moa.spss.util.CertificateUtils;
 import at.gv.egovernment.moa.spss.util.QCSSCDResult;
+import at.gv.egovernment.moaspss.logging.Logger;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 
 /**
  * A class providing an interface to the
  * <code>CMSSignatureVerificationModule</code>.
  * 
- * This class performs the invocation of the 
+ * This class performs the invocation of the
  * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code>
- * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation 
+ * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation
  * is integrated into a <code>VerifyCMSSignatureResponse</code> returned.
  * 
  * @author Patrick Peck
@@ -85,338 +90,414 @@ import at.gv.egovernment.moa.spss.util.QCSSCDResult;
  */
 public class CMSSignatureVerificationInvoker {
 
-  /** The single instance of this class. */
-  private static CMSSignatureVerificationInvoker instance = null;
-
-  /**
-   * Return the only instance of this class.
-   * 
-   * @return The only instance of this class.
-   */
-  public static synchronized CMSSignatureVerificationInvoker getInstance() {
-    if (instance == null) {
-      instance = new CMSSignatureVerificationInvoker();
-    }
-    return instance;
-  }
-
-  /**
-   * Create a new <code>CMSSignatureVerificationInvoker</code>.
-   * 
-   * Protected to disallow multiple instances.
-   */
-  protected CMSSignatureVerificationInvoker() {
-  }
-
-  /**
-   * Verify a CMS signature.
-   * 
-   * @param request The <code>VerifyCMSSignatureRequest</code> containing the
-   * CMS signature, as well as additional data needed for verification.
-   * @return Element A <code>VerifyCMSSignatureResponse</code> containing the
-   * answer to the <code>VerifyCMSSignatureRequest</code>.
-   * @throws MOAException An error occurred while processing the request.
-   */
-  public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request)
-    throws MOAException {
-	  
-    CMSSignatureVerificationProfileFactory profileFactory =
-      new CMSSignatureVerificationProfileFactory(request);
-    VerifyCMSSignatureResponseBuilder responseBuilder =
-      new VerifyCMSSignatureResponseBuilder();
-    TransactionContext context =
-      TransactionContextManager.getInstance().getTransactionContext();
-    LoggingContext loggingCtx =
-      LoggingContextManager.getInstance().getLoggingContext();
-    InputStream signature;
-    InputStream signedContent = null;
-    CMSSignatureVerificationProfile profile;
-    Date signingTime;
-    List results;
-    ExtendedCMSSignatureVerificationResult result;
-    int[] signatories;
-    InputStream input;
-    byte[] buf = new byte[2048];
-
-    // get the signature
-    signature = request.getCMSSignature();
-    
- // get the actual trustprofile
-    TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
-    
-    try {
-      // get the signed content
-      signedContent = getSignedContent(request);
-      
-      // build the profile
-      if(request.isPDF()) {
-    	  profile = profileFactory.createPDFProfile();
-      } else {
-    	  profile = profileFactory.createProfile();
-      }
-
-      // get the signing time
-      signingTime = request.getDateTime();
-
-      // verify the signature
-      CMSSignatureVerificationModule module =
-        CMSSignatureVerificationModuleFactory.getInstance();
-
-      module.setLog(new IaikLog(loggingCtx.getNodeID()));
-      
-      module.init(
-        signature,
-        signedContent,
-        profile,
-        new TransactionId(context.getTransactionID()));
-      input = module.getInputStream();
-
-      while (input.read(buf) > 0);
-      //results = module.verifyCAdESSignature(signingTime);
-      results = module.verifySignature(signingTime);
-      
-    } catch (IAIKException e) {
-      MOAException moaException = IaikExceptionMapper.getInstance().map(e);
-      throw moaException;
-    } catch (IAIKRuntimeException e) {
-      MOAException moaException = IaikExceptionMapper.getInstance().map(e);
-      throw moaException;
-    } catch (IOException e) {
-      throw new MOAApplicationException("2244", null, e);
-    } catch (MOAException e)
-    {
-      throw e;
-    }
-    finally
-    {
-      try
-      {
-        if (signedContent != null) signedContent.close();
-      }
-      catch (Throwable t)
-      {
-        // Intentionally do nothing here
-      }
-    }
-
-    QCSSCDResult qcsscdresult = new QCSSCDResult();
-    
-    // build the response: for each signatory add the result to the response
-    signatories = request.getSignatories();
-    if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) {
-      Iterator resultIter;
-
-      for (resultIter = results.iterator(); resultIter.hasNext();) {
-    	  Object resultObject = resultIter.next();
-    	  CMSSignatureVerificationResult cmsResult = null;
-    	  List adesResults = null;
-    	  if(resultObject instanceof ExtendedCMSSignatureVerificationResult) {
-    		  result = (ExtendedCMSSignatureVerificationResult) resultObject;
-
-    		  adesResults = getAdESResult(result.getFormVerificationResult());
-
-    			if (adesResults != null) {
-    				Iterator adesIterator = adesResults.iterator();
-    				while (adesIterator.hasNext()) {
-    					Logger.info("ADES Formresults: " + adesIterator.next().toString());
-    				}
-    			}
-    	  } else {
-    		  cmsResult = (CMSSignatureVerificationResult)resultObject;
-    	  }
-    	  
-        
-        String issuerCountryCode = null;
-        // QC/SSCD check
-        
-        List list = cmsResult.getCertificateValidationResult().getCertificateChain();
-        if (list != null) {
-            X509Certificate[] chain = new X509Certificate[list.size()];
-            
-            Iterator it = list.iterator();
-            int i = 0;
-            while(it.hasNext()) {
-            	chain[i] = (X509Certificate)it.next();
-            	i++;
-            }
-            
-            
-            qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
-
-            // get signer certificate issuer country code
-            issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
-
-        }
-        
-        responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
-      }
-    } else {
-      int i;
-
-      for (i = 0; i < signatories.length; i++) {
-        int sigIndex = signatories[i] - 1;
-
-        try {
-          result =
-            (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1);
-          
-          String issuerCountryCode = null;
-          
-          CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult();
-          
-          List adesResults = getAdESResult(result.getFormVerificationResult());
-
-  		if (adesResults != null) {
-  			Iterator adesIterator = adesResults.iterator();
-  			while (adesIterator.hasNext()) {
-  				Logger.info("ADES Formresults: " + adesIterator.next().toString());
-  			}
-  		}
-          
-          // QC/SSCD check
-          List list = cmsResult.getCertificateValidationResult().getCertificateChain();
-          if (list != null) {
-              X509Certificate[] chain = new X509Certificate[list.size()];
-              
-              Iterator it = list.iterator();
-              int j = 0;
-              while(it.hasNext()) {
-              	chain[j] = (X509Certificate)it.next();
-              	j++;
-              }
-              
-              
-              qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
-              
-              issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); 
-          }
-            
-          responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
-        } catch (IndexOutOfBoundsException e) {
-          throw new MOAApplicationException(
-            "2249",
-            new Object[] { new Integer(sigIndex)});
-        }
-      }
-    }
-    
-    return responseBuilder.getResponse();
-  }
-
- 
-  /**
-   * Get the signed content contained either in the request itself or given as a
-   * reference to external data.
-   * 
-   * @param request The <code>VerifyCMSSignatureRequest</code> containing the
-   * signed content (or the reference to the signed content).
-   * @return InputStream A stream providing the signed content data, or
-   * <code>null</code> if no signed content was provided with the request.
-   * @throws MOAApplicationException An error occurred building the stream.
-   */
-  private InputStream getSignedContent(VerifyCMSSignatureRequest request)
-    throws MOAApplicationException {
-
-	  InputStream is = null;
-    CMSDataObject dataObj;
-    CMSContent content;
-
-    // select the Content element
-    dataObj = request.getDataObject();
-    if (dataObj == null) {
-      return null;
-    }
-    content = dataObj.getContent();
-    
-    // build the content data
-    switch (content.getContentType()) {
-      case CMSContent.EXPLICIT_CONTENT :
-        is = ((CMSContentExcplicit) content).getBinaryContent();
-        is = excludeByteRange(is, request);
-        return is;
-      case CMSContent.REFERENCE_CONTENT :
-        String reference = ((CMSContentReference) content).getReference();
-        if (!"".equals(reference)) {
-          ExternalURIResolver resolver = new ExternalURIResolver();
-          is = resolver.resolve(reference);
-          is = excludeByteRange(is, request);
-          return is;          
-        } else {
-          return null;
-        }
-      default :
-        return null;
-    }
-    
-
-
-  }
-  
-  private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException {
-	  
-	  int byteRead;
-	  
-	  ByteArrayOutputStream contentOs = new ByteArrayOutputStream();
-	  
-	  CMSDataObject dataobject = request.getDataObject();
-	  BigDecimal from = dataobject.getExcludeByteRangeFrom();
-	  BigDecimal to = dataobject.getExcludeByteRangeTo();
-	  
-	  if ( (from == null) || (to == null))
-		  return contentIs;
-	  
-	  BigDecimal counter = new BigDecimal("0");
-	  BigDecimal one = new BigDecimal("1");
-	  
-	  try {
-		while ((byteRead=contentIs.read()) >= 0) {
-			
-			if (inRange(counter, dataobject)) {
-				  // if byte is in byte range, set byte to 0x00
-				  contentOs.write(0);
-			  }
-			  else
-				  contentOs.write(byteRead);
-			  
-			  counter = counter.add(one);				  
+	/** The single instance of this class. */
+	private static CMSSignatureVerificationInvoker instance = null;
+
+	/**
+	 * Return the only instance of this class.
+	 * 
+	 * @return The only instance of this class.
+	 */
+	public static synchronized CMSSignatureVerificationInvoker getInstance() {
+		if (instance == null) {
+			instance = new CMSSignatureVerificationInvoker();
+		}
+		return instance;
+	}
+
+	/**
+	 * Create a new <code>CMSSignatureVerificationInvoker</code>.
+	 * 
+	 * Protected to disallow multiple instances.
+	 */
+	protected CMSSignatureVerificationInvoker() {
+	}
+
+	/**
+	 * Verify a CMS signature.
+	 * 
+	 * @param request
+	 *            The <code>VerifyCMSSignatureRequest</code> containing the CMS
+	 *            signature, as well as additional data needed for verification.
+	 * @return Element A <code>VerifyCMSSignatureResponse</code> containing the
+	 *         answer to the <code>VerifyCMSSignatureRequest</code>.
+	 * @throws MOAException
+	 *             An error occurred while processing the request.
+	 */
+	public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) throws MOAException {
+
+		CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(request);
+		VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder();
+		TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+		LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
+		InputStream signature;
+		InputStream signedContent = null;
+		Date signingTime;
+		List results;
+		int[] signatories;
+		InputStream input;
+		byte[] buf = new byte[2048];
+
+		// get the signature
+		signature = request.getCMSSignature();
+
+		// get the actual trustprofile
+		TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+
+		try {
+			// get the signing time
+			signingTime = request.getDateTime();
+
+			// build the profile
+			if (request.isPDF()) {
+				PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile();
+				Logger.info("Sending PDFSignatureVerificationProfile to IAIK-MOA");
+
+				PDFSignatureVerificationModule module = iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory
+						.getInstance();
+
+				module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+				module.init(signature, profile, new TransactionId(context.getTransactionID()));
+
+				// input = module.getInputStream();
+
+				// while (input.read(buf) > 0);
+				if(request.isExtended()) {
+					results = module.verifyPAdESSignature(signingTime);
+				} else {
+					results = module.verifySignature(signingTime);
+				}
+
+			} else {
+				// get the signed content
+				signedContent = getSignedContent(request);
+				CMSSignatureVerificationProfile profile = profileFactory.createProfile();
+				Logger.info("Sending CMSSignatureVerificationProfile to IAIK-MOA");
+
+				// verify the signature
+				CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance();
+
+				module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+				module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID()));
+				input = module.getInputStream();
+
+				while (input.read(buf) > 0)
+					;
+				
+				if(request.isExtended()) {
+					results = module.verifyCAdESSignature(signingTime);
+				} else {
+					results = module.verifySignature(signingTime);
+				}
+				// results = module.verifySignature(signingTime);
+			}
+
+		} catch (IAIKException e) {
+			MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+			throw moaException;
+		} catch (IAIKRuntimeException e) {
+			MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+			throw moaException;
+		} catch (IOException e) {
+			throw new MOAApplicationException("2244", null, e);
+		} catch (MOAException e) {
+			throw e;
+		} finally {
+			try {
+				if (signedContent != null)
+					signedContent.close();
+			} catch (Throwable t) {
+				// Intentionally do nothing here
+			}
+		}
+
+		QCSSCDResult qcsscdresult = new QCSSCDResult();
+
+		// build the response: for each signatory add the result to the response
+		signatories = request.getSignatories();
+		if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) {
+			Iterator resultIter;
+
+			for (resultIter = results.iterator(); resultIter.hasNext();) {
+				Object resultObject = resultIter.next();
+				if (!request.isPDF()) {
+					handleCMSResult(resultObject, responseBuilder, trustProfile);
+				} else {
+					handlePDFResult(resultObject, responseBuilder, trustProfile);
+				}
+			}
+		} else {
+			int i;
+
+			for (i = 0; i < signatories.length; i++) {
+				int sigIndex = signatories[i] - 1;
+
+				try {
+					Object resultObject = results.get(signatories[i] - 1);
+					if (!request.isPDF()) {
+						handleCMSResult(resultObject, responseBuilder, trustProfile);
+					} else {
+						handlePDFResult(resultObject, responseBuilder, trustProfile);
+					}
+				} catch (IndexOutOfBoundsException e) {
+					throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) });
+				}
+			}
+		}
+
+		return responseBuilder.getResponse();
+	}
+
+	private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder,
+			TrustProfile trustProfile) throws MOAException {
+		QCSSCDResult qcsscdresult = new QCSSCDResult();
+
+		CMSSignatureVerificationResult cmsResult = null;
+		List adesResults = null;
+		if (resultObject instanceof ExtendedCMSSignatureVerificationResult) {
+			ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject;
+
+			adesResults = getAdESResult(result.getFormVerificationResult());
+
+			if (adesResults != null) {
+				Iterator adesIterator = adesResults.iterator();
+				while (adesIterator.hasNext()) {
+					Logger.info("ADES Formresults: " + adesIterator.next().toString());
+				}
+			}
+		} else {
+			cmsResult = (CMSSignatureVerificationResult) resultObject;
+		}
+
+		String issuerCountryCode = null;
+		// QC/SSCD check
+
+		List list = cmsResult.getCertificateValidationResult().getCertificateChain();
+		if (list != null) {
+			X509Certificate[] chain = new X509Certificate[list.size()];
+
+			Iterator it = list.iterator();
+			int i = 0;
+			while (it.hasNext()) {
+				chain[i] = (X509Certificate) it.next();
+				i++;
+			}
+
+			qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+			// get signer certificate issuer country code
+			issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
+
 		}
-		
-		InputStream is = new ByteArrayInputStream(contentOs.toByteArray());
-		
-		return is;
-		
-		
-	} catch (IOException e) {
-		  throw new MOAApplicationException("2301", null, e);			  
+
+		responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
+				qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
 	}
-	  
-  }
-  
- 
-  private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
-	  BigDecimal from = dataobject.getExcludeByteRangeFrom();
-	  BigDecimal to = dataobject.getExcludeByteRangeTo();
-	  
-	  if ( (from == null) || (to == null))
-		  return false;
-	  
-	  int compare = counter.compareTo(from);
-	  if (compare == -1)
-		  return false;
-	  else {
-		  compare = counter.compareTo(to);
-		  if (compare == 1)
-			  return false;
-		  else
-			  return true;
-	  }
-				  
-	  
-	  
-  }
-
-  
-  private List getAdESResult(AdESFormVerificationResult adesFormVerification) {
+
+	private void handleCMSEXTResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder,
+			TrustProfile trustProfile) throws MOAException {
+		QCSSCDResult qcsscdresult = new QCSSCDResult();
+
+		CMSSignatureVerificationResult cmsResult = null;
+		List adesResults = null;
+		if (resultObject instanceof ExtendedCMSSignatureVerificationResult) {
+			ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject;
+
+			adesResults = getAdESResult(result.getFormVerificationResult());
+
+			if (adesResults != null) {
+				Iterator adesIterator = adesResults.iterator();
+				while (adesIterator.hasNext()) {
+					Logger.info("ADES Formresults: " + adesIterator.next().toString());
+				}
+			}
+			cmsResult = result.getCMSSignatureVerificationResult();
+		} else {
+			cmsResult = (CMSSignatureVerificationResult) resultObject;
+		}
+
+		String issuerCountryCode = null;
+		// QC/SSCD check
+
+		List list = cmsResult.getCertificateValidationResult().getCertificateChain();
+		if (list != null) {
+			X509Certificate[] chain = new X509Certificate[list.size()];
+
+			Iterator it = list.iterator();
+			int i = 0;
+			while (it.hasNext()) {
+				chain[i] = (X509Certificate) it.next();
+				i++;
+			}
+
+			qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+			// get signer certificate issuer country code
+			issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
+
+		}
+
+		responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
+				qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
+	}
+
+	private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder,
+			TrustProfile trustProfile) throws MOAException {
+		QCSSCDResult qcsscdresult = new QCSSCDResult();
+
+		PDFSignatureVerificationResult cmsResult = null;
+		List adesResults = null;
+		if (resultObject instanceof ExtendedPDFSignatureVerificationResult) {
+			ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject;
+
+			adesResults = getAdESResult(result.getFormVerificationResult());
+
+			if (adesResults != null) {
+				Iterator adesIterator = adesResults.iterator();
+				while (adesIterator.hasNext()) {
+					Logger.info("ADES Formresults: " + adesIterator.next().toString());
+				}
+			}
+			cmsResult = result.getPDFSignatureVerificationResult();
+		} else {
+			cmsResult = (PDFSignatureVerificationResult) resultObject;
+		}
+
+		String issuerCountryCode = null;
+		// QC/SSCD check
+
+		List list = cmsResult.getCertificateValidationResult().getCertificateChain();
+		if (list != null) {
+			X509Certificate[] chain = new X509Certificate[list.size()];
+
+			Iterator it = list.iterator();
+			int i = 0;
+			while (it.hasNext()) {
+				chain[i] = (X509Certificate) it.next();
+				i++;
+			}
+
+			qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+			// get signer certificate issuer country code
+			issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
+
+		}
+
+		responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(),
+				qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
+	}
+
+	/**
+	 * Get the signed content contained either in the request itself or given as
+	 * a reference to external data.
+	 * 
+	 * @param request
+	 *            The <code>VerifyCMSSignatureRequest</code> containing the
+	 *            signed content (or the reference to the signed content).
+	 * @return InputStream A stream providing the signed content data, or
+	 *         <code>null</code> if no signed content was provided with the
+	 *         request.
+	 * @throws MOAApplicationException
+	 *             An error occurred building the stream.
+	 */
+	private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException {
+
+		InputStream is = null;
+		CMSDataObject dataObj;
+		CMSContent content;
+
+		// select the Content element
+		dataObj = request.getDataObject();
+		if (dataObj == null) {
+			return null;
+		}
+		content = dataObj.getContent();
+
+		// build the content data
+		switch (content.getContentType()) {
+		case CMSContent.EXPLICIT_CONTENT:
+			is = ((CMSContentExcplicit) content).getBinaryContent();
+			is = excludeByteRange(is, request);
+			return is;
+		case CMSContent.REFERENCE_CONTENT:
+			String reference = ((CMSContentReference) content).getReference();
+			if (!"".equals(reference)) {
+				ExternalURIResolver resolver = new ExternalURIResolver();
+				is = resolver.resolve(reference);
+				is = excludeByteRange(is, request);
+				return is;
+			} else {
+				return null;
+			}
+		default:
+			return null;
+		}
+
+	}
+
+	private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request)
+			throws MOAApplicationException {
+
+		int byteRead;
+
+		ByteArrayOutputStream contentOs = new ByteArrayOutputStream();
+
+		CMSDataObject dataobject = request.getDataObject();
+		BigDecimal from = dataobject.getExcludeByteRangeFrom();
+		BigDecimal to = dataobject.getExcludeByteRangeTo();
+
+		if ((from == null) || (to == null))
+			return contentIs;
+
+		BigDecimal counter = new BigDecimal("0");
+		BigDecimal one = new BigDecimal("1");
+
+		try {
+			while ((byteRead = contentIs.read()) >= 0) {
+
+				if (inRange(counter, dataobject)) {
+					// if byte is in byte range, set byte to 0x00
+					contentOs.write(0);
+				} else
+					contentOs.write(byteRead);
+
+				counter = counter.add(one);
+			}
+
+			InputStream is = new ByteArrayInputStream(contentOs.toByteArray());
+
+			return is;
+
+		} catch (IOException e) {
+			throw new MOAApplicationException("2301", null, e);
+		}
+
+	}
+
+	private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
+		BigDecimal from = dataobject.getExcludeByteRangeFrom();
+		BigDecimal to = dataobject.getExcludeByteRangeTo();
+
+		if ((from == null) || (to == null))
+			return false;
+
+		int compare = counter.compareTo(from);
+		if (compare == -1)
+			return false;
+		else {
+			compare = counter.compareTo(to);
+			if (compare == 1)
+				return false;
+			else
+				return true;
+		}
+
+	}
+
+	private List getAdESResult(AdESFormVerificationResult adesFormVerification) {
 		if (adesFormVerification == null) {
 			// no form information
 			return null;
@@ -451,5 +532,5 @@ public class CMSSignatureVerificationInvoker {
 			}
 		}
 	}
-  
+
 }