diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java | 320 |
1 files changed, 164 insertions, 156 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index 9d6e3d2..516e3d8 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -21,9 +21,16 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.iaik.xmlsign; +import java.util.List; +import java.util.Set; + +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.server.util.IdGenerator; +import at.gv.egovernment.moaspss.logging.Logger; import iaik.server.modules.algorithms.SignatureAlgorithms; import iaik.server.modules.keys.AlgorithmUnavailableException; import iaik.server.modules.keys.KeyEntryID; @@ -34,23 +41,14 @@ import iaik.server.modules.xml.Canonicalization; import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; -import java.util.List; -import java.util.Set; - -import at.gv.egovernment.moa.spss.server.logging.TransactionId; -import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; -import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; -import at.gv.egovernment.moa.spss.server.util.IdGenerator; -import at.gv.egovernment.moaspss.logging.Logger; - /** * An object providing auxiliary information for creating an XML signature. - * + * * @author Patrick Peck * @version $Id$ */ public class XMLSignatureCreationProfileImpl - implements XMLSignatureCreationProfile { + implements XMLSignatureCreationProfile { /** The transformations to apply to a data object. */ private List dataObjectTreatmentList; @@ -58,7 +56,7 @@ public class XMLSignatureCreationProfileImpl private Set keySet; /** The type URI of the signature manifest. */ private String securityLayerManifestTypeURI; - /** Whether the created signature is to be Security Layer conform. */ + /** Whether the created signature is to be Security Layer conform. */ private boolean securityLayerConform; /** Where to insert the signature into the signature environment. */ private XMLSignatureInsertionLocation signatureInsertionLocation; @@ -66,55 +64,55 @@ public class XMLSignatureCreationProfileImpl private String signatureStructureType; /** The type of <code>Canonicalization</code> to use for the signed info. */ private Canonicalization signedInfoCanonicalization; - /** Properties to be signed during signature creation. */ + /** Properties to be signed during signature creation. */ private List signedProperties; /** The ID generator for signature IDs. */ - private IdGenerator signatureIDGenerator; + private final IdGenerator signatureIDGenerator; /** The ID generator for manifst IDs. */ - private IdGenerator manifestIDGenerator; + private final IdGenerator manifestIDGenerator; /** The ID generator for XMLDsig manifest IDs. */ - private IdGenerator dsigManifestIDGenerator; + private final IdGenerator dsigManifestIDGenerator; /** The ID generator for signed property IDs. */ - private IdGenerator propertyIDGenerator; - /** The selected digest method algorithm if XAdES 1.4.2 is used */ - private String digestMethodXAdES142; - - + private final IdGenerator propertyIDGenerator; + /** The selected digest method algorithm if XAdES 1.4.2 is used */ + private final String digestMethodXAdES142; + /** * Create a new <code>XMLSignatureCreationProfileImpl</code>. - * - * @param createProfileCount Provides external information about the - * number of calls to the signature creation module, using the same request. - * @param reservedIDs The set of IDs that must not be used while generating - * new IDs. + * + * @param createProfileCount Provides external information about the number of + * calls to the signature creation module, using the + * same request. + * @param reservedIDs The set of IDs that must not be used while + * generating new IDs. */ public XMLSignatureCreationProfileImpl( - int createProfileCount, - Set reservedIDs, - String digestMethodXAdES142) { + int createProfileCount, + Set reservedIDs, + String digestMethodXAdES142) { signatureIDGenerator = - new IdGenerator("signature-" + createProfileCount, reservedIDs); + new IdGenerator("signature-" + createProfileCount, reservedIDs); manifestIDGenerator = - new IdGenerator("manifest-" + createProfileCount, reservedIDs); + new IdGenerator("manifest-" + createProfileCount, reservedIDs); dsigManifestIDGenerator = - new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs); + new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs); propertyIDGenerator = - new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs); + new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs); this.digestMethodXAdES142 = digestMethodXAdES142; } /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDataObjectTreatmentList() */ + @Override public List getDataObjectTreatmentList() { return dataObjectTreatmentList; } /** * Sets the list of <code>DataObjectTreatment</code>s. - * - * @param dataObjectTreatmentList The <code>DataObjectTreatment</code>s to - * set. + * + * @param dataObjectTreatmentList The <code>DataObjectTreatment</code>s to set. */ public void setDataObjectTreatmentList(List dataObjectTreatmentList) { this.dataObjectTreatmentList = dataObjectTreatmentList; @@ -123,6 +121,7 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet() */ + @Override public Set getKeySet() { return keySet; } @@ -130,7 +129,7 @@ public class XMLSignatureCreationProfileImpl /** * Set the set of <code>KeyEntryID</code>s which may be used for signature * creation. - * + * * @param keySet The set of <code>KeyEntryID</code>s to set. */ public void setKeySet(Set keySet) { @@ -140,15 +139,15 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestTypeURI() */ + @Override public String getSecurityLayerManifestTypeURI() { return securityLayerManifestTypeURI; } /** * Set the SecurityLayerManifestTypeURI. - * - * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to - * set. + * + * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to set. */ public void setSecurityLayerManifestTypeURI(String securityLayerManifestTypeURI) { this.securityLayerManifestTypeURI = securityLayerManifestTypeURI; @@ -157,132 +156,131 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID) */ + @Override public String getSignatureAlgorithmName(KeyEntryID selectedKeyID) - throws AlgorithmUnavailableException { + throws AlgorithmUnavailableException { - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - TransactionId tid = new TransactionId(context.getTransactionID()); - KeyModule module = KeyModuleFactory.getInstance(tid); + final TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + final TransactionId tid = new TransactionId(context.getTransactionID()); + final KeyModule module = KeyModuleFactory.getInstance(tid); Set algorithms; try { algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID); - } catch (UnknownKeyException e) { + } catch (final UnknownKeyException e) { throw new AlgorithmUnavailableException( - "Unknown key entry: " + selectedKeyID, - e, - null); + "Unknown key entry: " + selectedKeyID, + e, + null); } - + if (digestMethodXAdES142 == null) { - // XAdES 1.4.2 not enabled - legacy MOA - if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { - - return SignatureAlgorithms.SHA1_WITH_RSA; - } else if ( - algorithms.contains(SignatureAlgorithms.ECDSA)) { - return SignatureAlgorithms.ECDSA; - } else if ( - algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; + // XAdES 1.4.2 not enabled - legacy MOA + if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + + return SignatureAlgorithms.SHA1_WITH_RSA; + } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else { + // XAdES 1.4.2 is enabled: select signature algorithm according to selected + // digest method + if (digestMethodXAdES142.compareTo("SHA-1") == 0) { + Logger.warn( + "XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); + + if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { + return SignatureAlgorithms.SHA1_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); } + + } else if (digestMethodXAdES142.compareTo("SHA-256") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + return SignatureAlgorithms.SHA256_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { + return SignatureAlgorithms.SHA256_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethodXAdES142.compareTo("SHA-384") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { + return SignatureAlgorithms.SHA384_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { + return SignatureAlgorithms.SHA384_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethodXAdES142.compareTo("SHA-512") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + return SignatureAlgorithms.SHA512_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { + return SignatureAlgorithms.SHA512_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else { + throw new AlgorithmUnavailableException( + "No signature algorithm found for digest algorithm '" + digestMethodXAdES142, + null, + null); + } + } - else { - // XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method - if (digestMethodXAdES142.compareTo("SHA-1") == 0) { - Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); - - if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { - return SignatureAlgorithms.SHA1_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { - return SignatureAlgorithms.ECDSA; - - } else if (algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); - } - - } else if (digestMethodXAdES142.compareTo("SHA-256") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { - return SignatureAlgorithms.SHA256_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { - return SignatureAlgorithms.SHA256_WITH_ECDSA; - - } else if (algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); - } - } else if (digestMethodXAdES142.compareTo("SHA-384") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { - return SignatureAlgorithms.SHA384_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { - return SignatureAlgorithms.SHA384_WITH_ECDSA; - - } else if (algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); - } - } else if (digestMethodXAdES142.compareTo("SHA-512") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { - return SignatureAlgorithms.SHA512_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { - return SignatureAlgorithms.SHA512_WITH_ECDSA; - - } else if (algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); - } - } - else { - throw new AlgorithmUnavailableException( - "No signature algorithm found for digest algorithm '" + digestMethodXAdES142, - null, - null); - } - - } - } /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureInsertionLocation() */ + @Override public XMLSignatureInsertionLocation getSignatureInsertionLocation() { return signatureInsertionLocation; } @@ -290,7 +288,7 @@ public class XMLSignatureCreationProfileImpl /** * Set the location where the signature is to be inserted into the signature * parent. - * + * * @param signatureInsertionLocation The location to set. */ public void setSignatureInsertionLocation(XMLSignatureInsertionLocation signatureInsertionLocation) { @@ -300,12 +298,14 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureStructureType() */ + @Override public String getSignatureStructureType() { return signatureStructureType; } /** * Set the signature structure type. + * * @param signatureStructureType The signature structure type to set. */ public void setSignatureStructureType(String signatureStructureType) { @@ -315,13 +315,14 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedInfoCanonicalization() */ + @Override public Canonicalization getSignedInfoCanonicalization() { return signedInfoCanonicalization; } /** * Sets the canonicalization method to use for the SignedInfo object. - * + * * @param signedInfoCanonicalization The canonicalization method to set. */ public void setSignedInfoCanonicalization(Canonicalization signedInfoCanonicalization) { @@ -331,13 +332,14 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties() */ + @Override public List getSignedProperties() { return signedProperties; } /** * Set the signed properties. - * + * * @param signedProperties The signed properties to set. */ public void setSignedProperties(List signedProperties) { @@ -347,15 +349,16 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform() */ + @Override public boolean isSecurityLayerConform() { return securityLayerConform; } /** * Sets the security layer conformity. - * - * @param securityLayerConform <code>true</code>, if the created signature - * is to be conform to the Security Layer specification. + * + * @param securityLayerConform <code>true</code>, if the created signature is to + * be conform to the Security Layer specification. */ public void setSecurityLayerConform(boolean securityLayerConform) { this.securityLayerConform = securityLayerConform; @@ -364,6 +367,7 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureID() */ + @Override public String getSignatureID() { return signatureIDGenerator.uniqueId(); } @@ -371,6 +375,7 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestID() */ + @Override public String getSecurityLayerManifestID() { return manifestIDGenerator.uniqueId(); } @@ -378,6 +383,7 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDsigManifestID() */ + @Override public String getDsigManifestID() { return dsigManifestIDGenerator.uniqueId(); } @@ -385,13 +391,15 @@ public class XMLSignatureCreationProfileImpl /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedPropertiesID() */ + @Override public String getSignedPropertiesID() { return propertyIDGenerator.uniqueId(); } - + /** * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs() */ + @Override public boolean getPermitFileURIs() { return false; } |