diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2015-12-04 13:12:24 +0100 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2015-12-04 13:12:24 +0100 |
commit | 7510ab5173001711ecb5d6c8834878e7cce63ff9 (patch) | |
tree | e07bba24e87b9b3d1e8d8275c68809a59c3e067d /moaSig | |
parent | 191ba3411f2db0a48ae8d4243926b33a063bf769 (diff) | |
download | moa-sig-7510ab5173001711ecb5d6c8834878e7cce63ff9.tar.gz moa-sig-7510ab5173001711ecb5d6c8834878e7cce63ff9.tar.bz2 moa-sig-7510ab5173001711ecb5d6c8834878e7cce63ff9.zip |
CMS verification
Diffstat (limited to 'moaSig')
10 files changed, 128 insertions, 23 deletions
diff --git a/moaSig/libs/iaik_moa.jar b/moaSig/libs/iaik_moa.jar Binary files differindex 7ffc47e..8d274c6 100644 --- a/moaSig/libs/iaik_moa.jar +++ b/moaSig/libs/iaik_moa.jar diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java index 981ea05..304a7d3 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java @@ -83,11 +83,11 @@ public class CRLRetriever implements RevocationInfoRetriever { @Override public void setConnectTimeout(int arg0) { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD } @Override public void setReadTimeout(int arg0) { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java index 9dd0ffe..39da9cf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java @@ -108,7 +108,7 @@ public class DirectoryCertStoreParametersImpl @Override public Set getVirtualStores() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return Collections.EMPTY_SET; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java index 5e29b5c..fe0de1f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java @@ -100,13 +100,13 @@ public class PKIConfigurationImpl implements PKIConfiguration { @Override public int getConnectTimeout() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return 0; } @Override public int getReadTimeout() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return 0; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java index b03c4a2..a09a701 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java @@ -87,25 +87,25 @@ public class RevocationConfigurationImpl extends AbstractObservableConfiguration @Override public DBCrlConfig getDataBaseCRLConfig() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } @Override public boolean getKeepRevocationInfo() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return false; } @Override public Set getPositiveOCSPResponders() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } @Override public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return false; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java index 491986b..3f6998a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -145,13 +145,17 @@ public class PKIProfileImpl implements PKIProfile { */ @Override public int autoAddCertificates() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD - return 0; + if(config.getAutoAddCertificates()) { + return PKIProfile.AUTO_ADD_EE_DISABLE; + } else { + return PKIProfile.AUTO_ADD_DISABLE; + } + // TODO AFITZEK allow saving of end entity certificates } @Override public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 718673a..df04434 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -50,6 +50,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import org.apache.commons.io.IOUtils; + import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; @@ -71,6 +73,7 @@ import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfil import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.FilteredOutputStream; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.util.Constants; @@ -238,25 +241,44 @@ public class CMSSignatureCreationInvoker { // now write the data to be signed to the signedDataStream + // int byteRead; + /* BigDecimal counter = new BigDecimal("0"); BigDecimal one = new BigDecimal("1"); + ByteArrayOutputStream filteredStream = new ByteArrayOutputStream(); + while ((byteRead=contentIs.read()) >= 0) { //System.out.println("counterXX: " + counter); - if (inRange(counter, dataobject)) { - //System.out.println("Lösche..."); - // set byte to 0x00 - signedDataStream.write(0); - } - else - signedDataStream.write(byteRead); + // Wrong behaviour < 3 + // excluded bytes should not be part of the signature as 0 bytes + // they should be not part of the signature at all! + +// if (inRange(counter, dataobject)) +// filteredStream.write(0); +// else +// filteredStream.write(byteRead); +// - counter = counter.add(one); + // correct behaviour + if (!inRange(counter, dataobject)) { + filteredStream.write(byteRead); + } + + counter = counter.add(one); } + byte[] data = filteredStream.toByteArray(); + signedDataStream.write(data, 0, data.length); + */ + // Stream based, this should have a better performance + FilteredOutputStream filteredOuputStream = new FilteredOutputStream( + signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(), + dataobject.getExcludeByteRangeTo()); - + IOUtils.copyLarge(contentIs, filteredOuputStream); + filteredOuputStream.flush(); // byte[] buf = new byte[4096]; // int bytesRead; // while ((bytesRead = contentIs.read(buf)) >= 0) { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java new file mode 100644 index 0000000..3a9fe51 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java @@ -0,0 +1,76 @@ +package at.gv.egovernment.moa.spss.util; + +import java.io.BufferedOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.math.BigDecimal; + +public class FilteredOutputStream extends BufferedOutputStream { + private BigDecimal from = null; + private BigDecimal to = null; + private BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); + + public FilteredOutputStream(OutputStream innerStream, + int bufferSize, BigDecimal from, + BigDecimal to) { + super(innerStream, bufferSize); + this.from = from; + this.to = to; + } + + @Override + public synchronized void write(int b) throws IOException { + if(!inRange(counter)) { + super.write(b); + } + counter = counter.add(one); + } + + @Override + public synchronized void write(byte[] b, int off, int len) throws IOException { + this.filteredWrite(b, off, len); + } + + @Override + public synchronized void flush() throws IOException { + super.flush(); + } + + @Override + public void write(byte[] b) throws IOException { + if(b != null) { + this.filteredWrite(b, 0, b.length); + } + } + + @Override + public void close() throws IOException { + super.close(); + } + + private synchronized void filteredWrite(byte[] b, int off, int len) throws IOException { + for(int i = 0; i < len; i++) { + if(!inRange(counter)) { + super.write(b[off+i]); + } + counter = counter.add(one); + } + } + + private boolean inRange(BigDecimal counter) { + if ( (from == null) || (to == null)) + return false; + + int compare = counter.compareTo(from); + if (compare == -1) + return false; + else { + compare = counter.compareTo(to); + if (compare == 1) + return false; + else + return true; + } + } +} diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/binding/TransformerUtils.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/binding/TransformerUtils.java index b069a60..676c95c 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/binding/TransformerUtils.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/binding/TransformerUtils.java @@ -89,7 +89,6 @@ public class TransformerUtils { public CreateSignatureInfo buildCreateSignatureInfo( at.gv.egiz.moasig.CreateXMLSignatureRequestType.SingleSignatureInfo.CreateSignatureInfo createSignatureInfo) throws MOAApplicationException { - // TODO: if (createSignatureInfo == null) { return null; } else { @@ -136,6 +135,10 @@ public class TransformerUtils { */ public CreateTransformsInfoProfile parseCreateTransformsInfoProfile( at.gv.egiz.moasig.CreateTransformsInfoProfile createTransformsInfoProfile) throws MOAApplicationException { + if(createTransformsInfoProfile == null) { + return null; + } + CreateTransformsInfo createTransformsInfo = parseCreateTransformsInfo( createTransformsInfoProfile.getCreateTransformsInfo()); List supplements = parseSupplements(createTransformsInfoProfile.getSupplement()); diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/binding/XMLVerifySignatureBindingImpl.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/binding/XMLVerifySignatureBindingImpl.java index 8295aed..44dc2c2 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/binding/XMLVerifySignatureBindingImpl.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/binding/XMLVerifySignatureBindingImpl.java @@ -74,7 +74,7 @@ public class XMLVerifySignatureBindingImpl implements XMLVerifySignatureBinding List supplementProfiles = parseSupplementProfiles(verifyXMLSignatureRequest); SignatureManifestCheckParams signatureManifestCheckParams = this - .parseSignatureManifestCheckParams(verifyXMLSignatureRequest.getSignatureManifestCheckParams()); // TODO + .parseSignatureManifestCheckParams(verifyXMLSignatureRequest.getSignatureManifestCheckParams()); return factory.createVerifyXMLSignatureRequest(dateTime, verifySignatureInfo, supplementProfiles, signatureManifestCheckParams, returnHashInputData, trustProfileID); } |