diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java | 288 |
1 files changed, 143 insertions, 145 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java index a465049..d660c7a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -21,17 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.iaik.cmssign; -import iaik.server.modules.algorithms.SignatureAlgorithms; -import iaik.server.modules.cmssign.CMSSignatureCreationProfile; -import iaik.server.modules.keys.AlgorithmUnavailableException; -import iaik.server.modules.keys.KeyEntryID; -import iaik.server.modules.keys.KeyModule; -import iaik.server.modules.keys.KeyModuleFactory; -import iaik.server.modules.keys.UnknownKeyException; - import java.util.List; import java.util.Set; @@ -39,61 +30,71 @@ import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moaspss.logging.Logger; +import iaik.server.modules.algorithms.SignatureAlgorithms; +import iaik.server.modules.cmssign.CMSSignatureCreationProfile; +import iaik.server.modules.keys.AlgorithmUnavailableException; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; +import iaik.server.modules.keys.UnknownKeyException; /** * An object providing auxiliary information for creating a CMS signature. - * + * * @author Patrick Peck * @version $Id$ */ public class CMSSignatureCreationProfileImpl - implements CMSSignatureCreationProfile { + implements CMSSignatureCreationProfile { /** The set of keys available to the signing process. */ private Set keySet; - /** The MIME type of the data to be signed*/ - private String mimeType; - /** Whether the created signature is to be Security Layer conform. */ + /** The MIME type of the data to be signed */ + private final String mimeType; + /** Whether the created signature is to be Security Layer conform. */ private boolean securityLayerConform; - /** Properties to be signed during signature creation. */ - private List signedProperties; - /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */ - private boolean includeData; - /** Digest Method algorithm */ + /** Properties to be signed during signature creation. */ + private final List signedProperties; + /** + * Specifies whether the content data shall be included in the CMS SignedData or + * shall be not included. + */ + private final boolean includeData; + /** Digest Method algorithm */ private String digestMethod; - private boolean isPAdESConform; - - + private final boolean isPAdESConform; + /** * Create a new <code>XMLSignatureCreationProfileImpl</code>. - * - * @param createProfileCount Provides external information about the - * number of calls to the signature creation module, using the same request. - * @param reservedIDs The set of IDs that must not be used while generating - * new IDs. + * + * @param createProfileCount Provides external information about the number of + * calls to the signature creation module, using the + * same request. + * @param reservedIDs The set of IDs that must not be used while + * generating new IDs. */ public CMSSignatureCreationProfileImpl( - Set keySet, - String digestMethod, - List signedProperties, - boolean securityLayerConform, - boolean includeData, - String mimeType, - boolean isPAdESConform) { - this.keySet = keySet; - this.signedProperties = signedProperties; - this.securityLayerConform = securityLayerConform; - this.includeData = includeData; - this.mimeType = mimeType; - this.digestMethod = digestMethod; - this.isPAdESConform = isPAdESConform; + Set keySet, + String digestMethod, + List signedProperties, + boolean securityLayerConform, + boolean includeData, + String mimeType, + boolean isPAdESConform) { + this.keySet = keySet; + this.signedProperties = signedProperties; + this.securityLayerConform = securityLayerConform; + this.includeData = includeData; + this.mimeType = mimeType; + this.digestMethod = digestMethod; + this.isPAdESConform = isPAdESConform; } - /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet() */ + @Override public Set getKeySet() { return keySet; } @@ -101,119 +102,116 @@ public class CMSSignatureCreationProfileImpl /** * Set the set of <code>KeyEntryID</code>s which may be used for signature * creation. - * + * * @param keySet The set of <code>KeyEntryID</code>s to set. */ public void setKeySet(Set keySet) { this.keySet = keySet; } - /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID) */ + @Override public String getSignatureAlgorithmName(KeyEntryID selectedKeyID) - throws AlgorithmUnavailableException { + throws AlgorithmUnavailableException { - - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - TransactionId tid = new TransactionId(context.getTransactionID()); - KeyModule module = KeyModuleFactory.getInstance(tid); + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final TransactionId tid = new TransactionId(context.getTransactionID()); + final KeyModule module = KeyModuleFactory.getInstance(tid); Set algorithms; try { algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID); - } catch (UnknownKeyException e) { + } catch (final UnknownKeyException e) { throw new AlgorithmUnavailableException( - "Unknown key entry: " + selectedKeyID, - e, - null); + "Unknown key entry: " + selectedKeyID, + e, + null); } - - if (digestMethod.compareTo("SHA-1") == 0) { - Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); - - if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { - return SignatureAlgorithms.SHA1_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { - return SignatureAlgorithms.ECDSA; - - } else if (algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); - } - - } else if (digestMethod.compareTo("SHA-256") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { - return SignatureAlgorithms.SHA256_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { - return SignatureAlgorithms.SHA256_WITH_ECDSA; - - } else if (algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); - } - } else if (digestMethod.compareTo("SHA-384") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { - return SignatureAlgorithms.SHA384_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { - return SignatureAlgorithms.SHA384_WITH_ECDSA; - - } else if (algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); - } - } else if (digestMethod.compareTo("SHA-512") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { - return SignatureAlgorithms.SHA512_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { - return SignatureAlgorithms.SHA512_WITH_ECDSA; - - } else if (algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); - } - } - else { - throw new AlgorithmUnavailableException( - "No signature algorithm found for digest algorithm '" + digestMethod, - null, - null); - } - - } + if (digestMethod.compareTo("SHA-1") == 0) { + Logger.warn( + "SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); + + if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { + return SignatureAlgorithms.SHA1_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + + } else if (digestMethod.compareTo("SHA-256") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + return SignatureAlgorithms.SHA256_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { + return SignatureAlgorithms.SHA256_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethod.compareTo("SHA-384") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { + return SignatureAlgorithms.SHA384_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { + return SignatureAlgorithms.SHA384_WITH_ECDSA; + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethod.compareTo("SHA-512") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + return SignatureAlgorithms.SHA512_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { + return SignatureAlgorithms.SHA512_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else { + throw new AlgorithmUnavailableException( + "No signature algorithm found for digest algorithm '" + digestMethod, + null, + null); + } + + } - /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties() */ + @Override public List getSignedProperties() { return signedProperties; } @@ -221,38 +219,38 @@ public class CMSSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform() */ + @Override public boolean isSecurityLayerConform() { return securityLayerConform; } /** * Sets the security layer conformity. - * - * @param securityLayerConform <code>true</code>, if the created signature - * is to be conform to the Security Layer specification. + * + * @param securityLayerConform <code>true</code>, if the created signature is to + * be conform to the Security Layer specification. */ public void setSecurityLayerConform(boolean securityLayerConform) { this.securityLayerConform = securityLayerConform; } - public void setDigestMethod(String digestMethod) { - this.digestMethod = digestMethod; + this.digestMethod = digestMethod; } - + @Override public String getMimeType() { - return mimeType; + return mimeType; } + @Override public boolean includeData() { - return this.includeData; + return this.includeData; } - -@Override -public boolean isPAdESConform() { - return this.isPAdESConform; -} + @Override + public boolean isPAdESConform() { + return this.isPAdESConform; + } } |