diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server')
2 files changed, 35 insertions, 43 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java index 2dc047a..a465049 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -61,6 +61,7 @@ public class CMSSignatureCreationProfileImpl private boolean includeData; /** Digest Method algorithm */ private String digestMethod; + private boolean isPAdESConform; /** @@ -77,13 +78,15 @@ public class CMSSignatureCreationProfileImpl List signedProperties, boolean securityLayerConform, boolean includeData, - String mimeType) { + String mimeType, + boolean isPAdESConform) { this.keySet = keySet; this.signedProperties = signedProperties; this.securityLayerConform = securityLayerConform; this.includeData = includeData; this.mimeType = mimeType; this.digestMethod = digestMethod; + this.isPAdESConform = isPAdESConform; } @@ -246,4 +249,10 @@ public class CMSSignatureCreationProfileImpl return this.includeData; } + +@Override +public boolean isPAdESConform() { + return this.isPAdESConform; +} + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 8e9380e..4050ebc 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -154,6 +154,7 @@ public class CMSSignatureCreationInvoker { CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl(); boolean isSecurityLayerConform = false; + boolean isPAdESConformRequired = false; String structure = null; String mimetype = null; @@ -164,6 +165,14 @@ public class CMSSignatureCreationInvoker { while (singleSignatureInfoIter.hasNext()) { SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next(); isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform(); + isPAdESConformRequired = singleSignatureInfo.isPAdESConform(); + + //PAdES conformity always requires SecurityLayer conformity, because certificates must be included + if (isPAdESConformRequired && !isSecurityLayerConform) { + isSecurityLayerConform = isPAdESConformRequired; + Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested"); + + } DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo(); @@ -171,7 +180,17 @@ public class CMSSignatureCreationInvoker { CMSDataObject dataobject = dataObjectInfo.getDataObject(); MetaInfo metainfo = dataobject.getMetaInfo(); - mimetype = metainfo.getMimeType(); + + /*TODO: do not set SigningTime in IAIK-MOA request or any other + * API method/parameter when IAIK-MOA API is updated. + * Maybe also update mimetype solution below + */ + //does not set mimetype if PAdES conformity is requested + if (!isPAdESConformRequired) { + mimetype = metainfo.getMimeType(); + + } else + Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature"); CMSContent content = dataobject.getContent(); InputStream contentIs = null; @@ -218,7 +237,7 @@ public class CMSSignatureCreationInvoker { // get digest algorithm String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); - + // create CMSSignatureCreation profile: CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( keySet, @@ -226,7 +245,8 @@ public class CMSSignatureCreationInvoker { signedProperties, isSecurityLayerConform, includeData, - mimetype); + mimetype, + isPAdESConformRequired); // create CMSSignature from the CMSSignatureCreationModule // build the additionalSignedProperties @@ -239,39 +259,7 @@ public class CMSSignatureCreationInvoker { boolean base64 = true; OutputStream signedDataStream = signature.getSignature(out, base64); - // now write the data to be signed to the signedDataStream - - // - int byteRead; - /* - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - ByteArrayOutputStream filteredStream = new ByteArrayOutputStream(); - - while ((byteRead=contentIs.read()) >= 0) { - //System.out.println("counterXX: " + counter); - - // Wrong behaviour < 3 - // excluded bytes should not be part of the signature as 0 bytes - // they should be not part of the signature at all! - -// if (inRange(counter, dataobject)) -// filteredStream.write(0); -// else -// filteredStream.write(byteRead); -// - - // correct behaviour - if (!inRange(counter, dataobject)) { - filteredStream.write(byteRead); - } - - counter = counter.add(one); - } - byte[] data = filteredStream.toByteArray(); - signedDataStream.write(data, 0, data.length); - */ + // now write the data to be signed to the signedDataStream // Stream based, this should have a better performance FilteredOutputStream filteredOuputStream = new FilteredOutputStream( signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(), @@ -279,12 +267,7 @@ public class CMSSignatureCreationInvoker { IOUtils.copyLarge(contentIs, filteredOuputStream); filteredOuputStream.flush(); -// byte[] buf = new byte[4096]; -// int bytesRead; -// while ((bytesRead = contentIs.read(buf)) >= 0) { -// signedDataStream.write(buf, 0, bytesRead); -// } -// + // finish SignedData processing by closing signedDataStream signedDataStream.close(); String base64value = out.toString(); |