aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authortlenz <thomas.lenz@egiz.gv.at>2017-11-02 15:39:15 +0100
committertlenz <thomas.lenz@egiz.gv.at>2017-11-02 15:39:15 +0100
commite1725f9162fb687b1cc38ac8a40d952d71fae2fa (patch)
tree4f769e3c532630ccaa9cfbc6ec0a1036a4845844 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment
parent09274bac51619e845cc46e1b9ce0b07ef859fbe5 (diff)
parentccb1e1ed1404e0dc1f3ff026e888f4c105e1bc05 (diff)
downloadmoa-sig-e1725f9162fb687b1cc38ac8a40d952d71fae2fa.tar.gz
moa-sig-e1725f9162fb687b1cc38ac8a40d952d71fae2fa.tar.bz2
moa-sig-e1725f9162fb687b1cc38ac8a40d952d71fae2fa.zip
Merge branch 'nightlybuild' of https://gitlab.iaik.tugraz.at/egiz/moa-sig into nightlybuild
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java3
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java8
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java3
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java39
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java11
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java67
8 files changed, 89 insertions, 60 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index aadaefb..a39edf4 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -190,13 +190,14 @@ public abstract class SPSSFactory {
* @param dataObjectInfo The data object that will be signed.
* @param securityLayerConform If <code>true</code>, a Security Layer conform
* signature manifest is created, otherwise not.
+ * @param isPAdESSignature
* @return The <code>SingleSignatureInfo</code> containing the above data.
*
* @post return != null
*/
public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,
- boolean securityLayerConform);
+ boolean securityLayerConform, boolean isPAdESSignature);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
index 1f87a50..4d56cf3 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
@@ -48,4 +48,12 @@ public interface SingleSignatureInfo {
* will be created, <code>false</code> otherwise.
*/
public boolean isSecurityLayerConform();
+
+ /**
+ * Check whether a PAdES conform CAdES signature will be created
+ *
+ * @return <code>true</code>, if a PAdES conform CAdES signature
+ * will be created, <code>false</code> otherwise.
+ */
+ public boolean isPAdESConform();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index ea8d295..b9fad4f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -124,10 +124,11 @@ public class SPSSFactoryImpl extends SPSSFactory {
}
public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
- at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform) {
+ at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform, boolean isPAdESConform) {
SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl();
singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+ singleSignatureInfo.setPAdESConform(isPAdESConform);
return singleSignatureInfo;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
index cb36515..c8558dc 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
@@ -40,6 +40,7 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
private boolean securityLayerConform = true;
+ private boolean padesConform = false;
public void setDataObjectInfo(DataObjectInfo dataObjectInfo) {
this.dataObjectInfo = dataObjectInfo;
@@ -49,9 +50,15 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
return dataObjectInfo;
}
+ public boolean isPAdESConform() {
+ return padesConform;
+ }
+ public void setPAdESConform(boolean padesConform) {
+ this.padesConform = padesConform;
+ }
- public void setSecurityLayerConform(boolean securityLayerConform) {
+public void setSecurityLayerConform(boolean securityLayerConform) {
this.securityLayerConform = securityLayerConform;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
index 3550c27..a4c4d29 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -67,6 +67,7 @@ public class CreateCMSSignatureRequestParser {
private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+ private static final String IS_PADES_SIGNATURE_ATTR_NAME = "PAdESConformity";
private static final String META_INFO_XPATH = MOA + "MetaInfo";
private static final String CONTENT_XPATH = MOA + "Content";
@@ -149,6 +150,7 @@ public class CreateCMSSignatureRequestParser {
DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem);
boolean securityLayerConform;
+ boolean isPAdESSignature = false;
if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
securityLayerConform =
@@ -157,9 +159,14 @@ public class CreateCMSSignatureRequestParser {
securityLayerConform = true;
}
+ if (sigInfoElem.hasAttribute(IS_PADES_SIGNATURE_ATTR_NAME)) {
+ isPAdESSignature = BoolUtils.valueOf(sigInfoElem.getAttribute(IS_PADES_SIGNATURE_ATTR_NAME));
+ }
+
return factory.createSingleSignatureInfoCMS(
dataObjectInfo,
- securityLayerConform);
+ securityLayerConform,
+ isPAdESSignature);
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
index d808f2b..7ce0871 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
@@ -80,22 +80,35 @@ public class CreateCMSSignatureResponseBuilder {
public Document build(CreateCMSSignatureResponse response) {
Iterator iter;
-
+
+
+
for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
- CreateCMSSignatureResponseElement responseElement =
- (CreateCMSSignatureResponseElement) iter.next();
- switch (responseElement.getResponseType()) {
- case CreateCMSSignatureResponseElement.CMS_SIGNATURE :
- CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement;
+ Object responseObj = iter.next();
+
+ if (responseObj instanceof ErrorResponse) {
+ ErrorResponse errorResponse = (ErrorResponse) responseObj;
+ addErrorResponse(errorResponse);
+
+ } else if (responseObj instanceof CreateCMSSignatureResponseElement) {
+ CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseObj;
addCMSSignature(cmsSignatureResponse);
- break;
-
- case CreateCMSSignatureResponseElement.ERROR_RESPONSE :
- ErrorResponse errorResponse = (ErrorResponse) responseElement;
- addErrorResponse(errorResponse);
- break;
- }
+
+ }
+
+// CreateCMSSignatureResponseElement responseElement =
+// (CreateCMSSignatureResponseElement) iter.next();
+//
+// switch (responseElement.getResponseType()) {
+// case CreateCMSSignatureResponseElement.CMS_SIGNATURE :
+//
+// break;
+//
+// case CreateCMSSignatureResponseElement.ERROR_RESPONSE :
+//
+// break;
+// }
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
index 2dc047a..a465049 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -61,6 +61,7 @@ public class CMSSignatureCreationProfileImpl
private boolean includeData;
/** Digest Method algorithm */
private String digestMethod;
+ private boolean isPAdESConform;
/**
@@ -77,13 +78,15 @@ public class CMSSignatureCreationProfileImpl
List signedProperties,
boolean securityLayerConform,
boolean includeData,
- String mimeType) {
+ String mimeType,
+ boolean isPAdESConform) {
this.keySet = keySet;
this.signedProperties = signedProperties;
this.securityLayerConform = securityLayerConform;
this.includeData = includeData;
this.mimeType = mimeType;
this.digestMethod = digestMethod;
+ this.isPAdESConform = isPAdESConform;
}
@@ -246,4 +249,10 @@ public class CMSSignatureCreationProfileImpl
return this.includeData;
}
+
+@Override
+public boolean isPAdESConform() {
+ return this.isPAdESConform;
+}
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 8e9380e..4050ebc 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -154,6 +154,7 @@ public class CMSSignatureCreationInvoker {
CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
boolean isSecurityLayerConform = false;
+ boolean isPAdESConformRequired = false;
String structure = null;
String mimetype = null;
@@ -164,6 +165,14 @@ public class CMSSignatureCreationInvoker {
while (singleSignatureInfoIter.hasNext()) {
SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+ isPAdESConformRequired = singleSignatureInfo.isPAdESConform();
+
+ //PAdES conformity always requires SecurityLayer conformity, because certificates must be included
+ if (isPAdESConformRequired && !isSecurityLayerConform) {
+ isSecurityLayerConform = isPAdESConformRequired;
+ Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested");
+
+ }
DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
@@ -171,7 +180,17 @@ public class CMSSignatureCreationInvoker {
CMSDataObject dataobject = dataObjectInfo.getDataObject();
MetaInfo metainfo = dataobject.getMetaInfo();
- mimetype = metainfo.getMimeType();
+
+ /*TODO: do not set SigningTime in IAIK-MOA request or any other
+ * API method/parameter when IAIK-MOA API is updated.
+ * Maybe also update mimetype solution below
+ */
+ //does not set mimetype if PAdES conformity is requested
+ if (!isPAdESConformRequired) {
+ mimetype = metainfo.getMimeType();
+
+ } else
+ Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature");
CMSContent content = dataobject.getContent();
InputStream contentIs = null;
@@ -218,7 +237,7 @@ public class CMSSignatureCreationInvoker {
// get digest algorithm
String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
-
+
// create CMSSignatureCreation profile:
CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
keySet,
@@ -226,7 +245,8 @@ public class CMSSignatureCreationInvoker {
signedProperties,
isSecurityLayerConform,
includeData,
- mimetype);
+ mimetype,
+ isPAdESConformRequired);
// create CMSSignature from the CMSSignatureCreationModule
// build the additionalSignedProperties
@@ -239,39 +259,7 @@ public class CMSSignatureCreationInvoker {
boolean base64 = true;
OutputStream signedDataStream = signature.getSignature(out, base64);
- // now write the data to be signed to the signedDataStream
-
- //
- int byteRead;
- /*
- BigDecimal counter = new BigDecimal("0");
- BigDecimal one = new BigDecimal("1");
-
- ByteArrayOutputStream filteredStream = new ByteArrayOutputStream();
-
- while ((byteRead=contentIs.read()) >= 0) {
- //System.out.println("counterXX: " + counter);
-
- // Wrong behaviour < 3
- // excluded bytes should not be part of the signature as 0 bytes
- // they should be not part of the signature at all!
-
-// if (inRange(counter, dataobject))
-// filteredStream.write(0);
-// else
-// filteredStream.write(byteRead);
-//
-
- // correct behaviour
- if (!inRange(counter, dataobject)) {
- filteredStream.write(byteRead);
- }
-
- counter = counter.add(one);
- }
- byte[] data = filteredStream.toByteArray();
- signedDataStream.write(data, 0, data.length);
- */
+ // now write the data to be signed to the signedDataStream
// Stream based, this should have a better performance
FilteredOutputStream filteredOuputStream = new FilteredOutputStream(
signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(),
@@ -279,12 +267,7 @@ public class CMSSignatureCreationInvoker {
IOUtils.copyLarge(contentIs, filteredOuputStream);
filteredOuputStream.flush();
-// byte[] buf = new byte[4096];
-// int bytesRead;
-// while ((bytesRead = contentIs.read(buf)) >= 0) {
-// signedDataStream.write(buf, 0, bytesRead);
-// }
-//
+
// finish SignedData processing by closing signedDataStream
signedDataStream.close();
String base64value = out.toString();