aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2017-08-07 16:30:58 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2017-08-07 16:30:58 +0200
commite1535be7c97e86e40e04258cbdaf47f60e6292bf (patch)
tree1f14219d6cdf86e9cb4df9726237ca18732b62a9 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss
parentae378f2293528188235be596af8d68504803e082 (diff)
downloadmoa-sig-e1535be7c97e86e40e04258cbdaf47f60e6292bf.tar.gz
moa-sig-e1535be7c97e86e40e04258cbdaf47f60e6292bf.tar.bz2
moa-sig-e1535be7c97e86e40e04258cbdaf47f60e6292bf.zip
add PAdES conformity flag to CAdES SOAP interface.
Info: additional work is required when IAIK-MOA is updated
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java3
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java8
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java3
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java64
6 files changed, 51 insertions, 45 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index aadaefb..a39edf4 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -190,13 +190,14 @@ public abstract class SPSSFactory {
* @param dataObjectInfo The data object that will be signed.
* @param securityLayerConform If <code>true</code>, a Security Layer conform
* signature manifest is created, otherwise not.
+ * @param isPAdESSignature
* @return The <code>SingleSignatureInfo</code> containing the above data.
*
* @post return != null
*/
public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,
- boolean securityLayerConform);
+ boolean securityLayerConform, boolean isPAdESSignature);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
index 1f87a50..4d56cf3 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
@@ -48,4 +48,12 @@ public interface SingleSignatureInfo {
* will be created, <code>false</code> otherwise.
*/
public boolean isSecurityLayerConform();
+
+ /**
+ * Check whether a PAdES conform CAdES signature will be created
+ *
+ * @return <code>true</code>, if a PAdES conform CAdES signature
+ * will be created, <code>false</code> otherwise.
+ */
+ public boolean isPAdESConform();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index ea8d295..b9fad4f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -124,10 +124,11 @@ public class SPSSFactoryImpl extends SPSSFactory {
}
public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
- at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform) {
+ at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform, boolean isPAdESConform) {
SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl();
singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+ singleSignatureInfo.setPAdESConform(isPAdESConform);
return singleSignatureInfo;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
index cb36515..c8558dc 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
@@ -40,6 +40,7 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
private boolean securityLayerConform = true;
+ private boolean padesConform = false;
public void setDataObjectInfo(DataObjectInfo dataObjectInfo) {
this.dataObjectInfo = dataObjectInfo;
@@ -49,9 +50,15 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
return dataObjectInfo;
}
+ public boolean isPAdESConform() {
+ return padesConform;
+ }
+ public void setPAdESConform(boolean padesConform) {
+ this.padesConform = padesConform;
+ }
- public void setSecurityLayerConform(boolean securityLayerConform) {
+public void setSecurityLayerConform(boolean securityLayerConform) {
this.securityLayerConform = securityLayerConform;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
index 3550c27..a4c4d29 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -67,6 +67,7 @@ public class CreateCMSSignatureRequestParser {
private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+ private static final String IS_PADES_SIGNATURE_ATTR_NAME = "PAdESConformity";
private static final String META_INFO_XPATH = MOA + "MetaInfo";
private static final String CONTENT_XPATH = MOA + "Content";
@@ -149,6 +150,7 @@ public class CreateCMSSignatureRequestParser {
DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem);
boolean securityLayerConform;
+ boolean isPAdESSignature = false;
if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
securityLayerConform =
@@ -157,9 +159,14 @@ public class CreateCMSSignatureRequestParser {
securityLayerConform = true;
}
+ if (sigInfoElem.hasAttribute(IS_PADES_SIGNATURE_ATTR_NAME)) {
+ isPAdESSignature = BoolUtils.valueOf(sigInfoElem.getAttribute(IS_PADES_SIGNATURE_ATTR_NAME));
+ }
+
return factory.createSingleSignatureInfoCMS(
dataObjectInfo,
- securityLayerConform);
+ securityLayerConform,
+ isPAdESSignature);
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 8e9380e..753d769 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -154,6 +154,7 @@ public class CMSSignatureCreationInvoker {
CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
boolean isSecurityLayerConform = false;
+ boolean isPAdESConformRequired = false;
String structure = null;
String mimetype = null;
@@ -164,6 +165,14 @@ public class CMSSignatureCreationInvoker {
while (singleSignatureInfoIter.hasNext()) {
SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+ isPAdESConformRequired = singleSignatureInfo.isPAdESConform();
+
+ //PAdES conformity always requires SecurityLayer conformity, because certificates must be included
+ if (isPAdESConformRequired && !isSecurityLayerConform) {
+ isSecurityLayerConform = isPAdESConformRequired;
+ Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested");
+
+ }
DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
@@ -171,7 +180,17 @@ public class CMSSignatureCreationInvoker {
CMSDataObject dataobject = dataObjectInfo.getDataObject();
MetaInfo metainfo = dataobject.getMetaInfo();
- mimetype = metainfo.getMimeType();
+
+ /*TODO: does not set SigningTime in IAIK-MOA request or any other
+ * API method/parameter when IAIK-MOA API is updated.
+ * Maybe also update mimetype solution below
+ */
+ //does not set mimetype if PAdES conformity is requested
+ if (!isPAdESConformRequired) {
+ mimetype = metainfo.getMimeType();
+
+ } else
+ Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature");
CMSContent content = dataobject.getContent();
InputStream contentIs = null;
@@ -218,7 +237,7 @@ public class CMSSignatureCreationInvoker {
// get digest algorithm
String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
-
+
// create CMSSignatureCreation profile:
CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
keySet,
@@ -239,39 +258,7 @@ public class CMSSignatureCreationInvoker {
boolean base64 = true;
OutputStream signedDataStream = signature.getSignature(out, base64);
- // now write the data to be signed to the signedDataStream
-
- //
- int byteRead;
- /*
- BigDecimal counter = new BigDecimal("0");
- BigDecimal one = new BigDecimal("1");
-
- ByteArrayOutputStream filteredStream = new ByteArrayOutputStream();
-
- while ((byteRead=contentIs.read()) >= 0) {
- //System.out.println("counterXX: " + counter);
-
- // Wrong behaviour < 3
- // excluded bytes should not be part of the signature as 0 bytes
- // they should be not part of the signature at all!
-
-// if (inRange(counter, dataobject))
-// filteredStream.write(0);
-// else
-// filteredStream.write(byteRead);
-//
-
- // correct behaviour
- if (!inRange(counter, dataobject)) {
- filteredStream.write(byteRead);
- }
-
- counter = counter.add(one);
- }
- byte[] data = filteredStream.toByteArray();
- signedDataStream.write(data, 0, data.length);
- */
+ // now write the data to be signed to the signedDataStream
// Stream based, this should have a better performance
FilteredOutputStream filteredOuputStream = new FilteredOutputStream(
signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(),
@@ -279,12 +266,7 @@ public class CMSSignatureCreationInvoker {
IOUtils.copyLarge(contentIs, filteredOuputStream);
filteredOuputStream.flush();
-// byte[] buf = new byte[4096];
-// int bytesRead;
-// while ((bytesRead = contentIs.read(buf)) >= 0) {
-// signedDataStream.write(buf, 0, bytesRead);
-// }
-//
+
// finish SignedData processing by closing signedDataStream
signedDataStream.close();
String base64value = out.toString();