diff options
Diffstat (limited to 'moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java')
-rw-r--r-- | moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java | 391 |
1 files changed, 167 insertions, 224 deletions
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java index 0344346..efcd2ce 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java @@ -1,227 +1,170 @@ package at.gv.egovernment.moa.spss.server.pdfas; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.Principal; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; -import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; -import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement; -import at.gv.egovernment.moa.spss.api.impl.CMSContentExplicitImpl; -import at.gv.egovernment.moa.spss.api.impl.CMSDataObjectImpl; -import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureRequestImpl; -import at.gv.egovernment.moa.spss.api.impl.DataObjectInfoCMSImpl; -import at.gv.egovernment.moa.spss.api.impl.MetaInfoImpl; -import at.gv.egovernment.moa.spss.api.impl.SingleSignatureInfoCMSImpl; -import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; -import at.gv.egovernment.moa.spss.server.config.ConfigurationException; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; -import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; -import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; -import at.gv.egovernment.moaspss.logging.Logger; -import at.gv.egovernment.moaspss.util.Base64Utils; -import iaik.logging.TransactionId; -import iaik.server.modules.keys.KeyEntryID; -import iaik.server.modules.keys.KeyModule; -import iaik.server.modules.keys.KeyModuleFactory; -import iaik.server.modules.keys.UnknownKeyException; -import iaik.x509.X509Certificate; - -public class InternalMoaConnector { /*implements ISignatureConnector { - - private String keyIdentifier; - private X509Certificate clientCert; - private TransactionId transactionId; - - public InternalMoaConnector(String keyIdentifier, TransactionId transactionId, X509Certificate clientCert) { - this.keyIdentifier = keyIdentifier; - this.transactionId = transactionId; - this.clientCert = clientCert; - } - @SuppressWarnings({ "rawtypes", "unchecked" }) - private Set buildKeySet(String keyGroupID, KeyModule module) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - - Set keyGroupEntries; - - // get the KeyGroup entries from the configuration - if (clientCert != null) { - Principal issuer = clientCert.getIssuerDN(); - BigInteger serialNumber = clientCert.getSerialNumber(); - - keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); - } else { - keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); - } - - // map the KeyGroup entries to a set of KeyEntryIDs - if (keyGroupEntries == null) { - return Collections.EMPTY_SET; - } else if (keyGroupEntries.size() == 0) { - return Collections.EMPTY_SET; - } else { - - Set keyEntryIDs = module.getPrivateKeyEntryIDs(); - Set keySet = new HashSet(); - Iterator iter; - - // filter out the keys that do not exist in the IAIK configuration - // by walking through the key entries and checking if the exist in - // the - // keyGroupEntries - for (iter = keyEntryIDs.iterator(); iter.hasNext();) { - KeyEntryID entryID = (KeyEntryID) iter.next(); - KeyGroupEntry entry = new KeyGroupEntry(entryID.getModuleID(), entryID.getCertificateIssuer(), - entryID.getCertificateSerialNumber()); - if (keyGroupEntries.contains(entry)) { - keySet.add(entryID); - } - } - return keySet; - } - } - - @Override - @SuppressWarnings("rawtypes") - public X509Certificate getCertificate(SignParameter parameter) throws PdfAsException { - KeyModule module = KeyModuleFactory.getInstance(this.transactionId); - - Set keySet = null; - try { - keySet = buildKeySet(this.keyIdentifier, module); - } catch (ConfigurationException e2) { - Logger.warn("MOA not correctly configured!", e2); - throw new PdfAsException("MOA not correctly configured!"); - } - - if (keySet == null || keySet.isEmpty()) { - Logger.warn("No keys available for Key Identifier " + this.keyIdentifier + " and given authentication."); - throw new PdfAsException("Invalid Key Identifier: " + this.keyIdentifier); - } - - if (keySet.size() != 1) { - Logger.warn( - "Too many keys available for Key Identifier " + this.keyIdentifier + " and given authentication."); - throw new PdfAsException("Too many keys available for Key Identifier: " + this.keyIdentifier); - } - - Iterator iter; - - // filter out the keys that do not exist in the IAIK configuration - // by walking through the key entries and checking if the exist in - // the - // keyGroupEntries - for (iter = keySet.iterator(); iter.hasNext();) { - KeyEntryID entryID = (KeyEntryID) iter.next(); - - List certChain = null; - try { - certChain = module.getPrivateKeyEntry(entryID).getCertificateChain(); - } catch (UnknownKeyException e1) { - Logger.warn("Unknown KeyIdentifier found!", e1); - throw new PdfAsException("Unknown Key Identifier: " + this.keyIdentifier); - } - - if (certChain != null && !certChain.isEmpty()) { - Logger.trace("Returning Certificate!"); - Certificate keyCert = ((Certificate) certChain.get(0)); - if (keyCert instanceof X509Certificate) { - return (X509Certificate) keyCert; - } else { - try { - return new X509Certificate(keyCert.getEncoded()); - } catch (CertificateEncodingException e) { - Logger.warn("Invalid certificate found!", e); - throw new PdfAsException("Invalid certificate for Key Identifier: " + this.keyIdentifier); - } catch (CertificateException e) { - Logger.warn("Invalid certificate found!", e); - throw new PdfAsException("Invalid certificate for Key Identifier: " + this.keyIdentifier); - } - } - } - - break; - } - - // No Certificate could be found! - Logger.warn("Failed to find keys available for Key Identifier " + this.keyIdentifier - + " and given authentication."); - throw new PdfAsException("Failed to find keys available for Key Identifier: " + this.keyIdentifier); - } - - @SuppressWarnings("unchecked") - @Override - public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter, RequestedSignature requestedSignature) - throws PdfAsException { - - CreateCMSSignatureRequestImpl createCMSSignatureRequest = new CreateCMSSignatureRequestImpl(); - createCMSSignatureRequest.setKeyIdentifier(this.keyIdentifier); - SingleSignatureInfoCMSImpl singleSignatureInfos = new SingleSignatureInfoCMSImpl(); - - DataObjectInfoCMSImpl dataObjectInfoCMSImpl = new DataObjectInfoCMSImpl(); - - dataObjectInfoCMSImpl.setStructure(DataObjectInfoCMSImpl.STRUCTURE_DETACHED); - - CMSDataObjectImpl cmsDataObjectImpl = new CMSDataObjectImpl(); - - CMSContentExplicitImpl cmsContent = new CMSContentExplicitImpl(); - cmsContent.setBinaryContent(new ByteArrayInputStream(input)); - - cmsDataObjectImpl.setContent(cmsContent); - - MetaInfoImpl metaInfoImpl = new MetaInfoImpl(); - - metaInfoImpl.setMimeType("application/pdf"); - - cmsDataObjectImpl.setMetaInfo(metaInfoImpl); - - dataObjectInfoCMSImpl.setDataObject(cmsDataObjectImpl); - - singleSignatureInfos.setDataObjectInfo(dataObjectInfoCMSImpl); - - createCMSSignatureRequest.getSingleSignatureInfos().add(singleSignatureInfos); - - try { - CreateCMSSignatureResponse createCMSSignatureResponse = CMSSignatureCreationInvoker.getInstance() - .createCMSSignature(createCMSSignatureRequest, Collections.EMPTY_SET); - - if (createCMSSignatureResponse.getResponseElements().isEmpty()) { - Logger.error("MOA CMS Signature response is empty!"); - throw new PdfAsException("MOA CMS Signature response is empty"); - } - - CreateCMSSignatureResponseElement createCMSSignatureResponseElement = (CreateCMSSignatureResponseElement) createCMSSignatureResponse - .getResponseElements().get(0); - - if(createCMSSignatureResponseElement.getResponseType() - == CreateCMSSignatureResponseElement.ERROR_RESPONSE) { - ErrorResponse errorResponse = (ErrorResponse) createCMSSignatureResponseElement; - Logger.error("Failed to create signature " + errorResponse.getErrorCode() + " " + errorResponse.getInfo()); - throw new PdfAsErrorCarrier(new PDFASError(errorResponse.getErrorCode(), errorResponse.getInfo())); - } else if(createCMSSignatureResponseElement.getResponseType() - == CreateCMSSignatureResponseElement.CMS_SIGNATURE ) { - CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) createCMSSignatureResponseElement; - return Base64Utils.decode(cmsSignatureResponse.getCMSSignature(), true); - } - } catch (MOAException e) { - Logger.error("Failed to create signature!", e); - throw new PdfAsException("Failed to create signature!", e); - } catch (IOException e) { - Logger.error("Failed to create signature!", e); - throw new PdfAsException("Failed to create signature!", e); - } - - return null; - } - */ +public class InternalMoaConnector { /* + * implements ISignatureConnector { + * + * private String keyIdentifier; private X509Certificate clientCert; + * private TransactionId transactionId; + * + * public InternalMoaConnector(String keyIdentifier, TransactionId + * transactionId, X509Certificate clientCert) { this.keyIdentifier = + * keyIdentifier; this.transactionId = transactionId; this.clientCert = + * clientCert; } + * + * @SuppressWarnings({ "rawtypes", "unchecked" }) private Set + * buildKeySet(String keyGroupID, KeyModule module) throws + * ConfigurationException { ConfigurationProvider config = + * ConfigurationProvider.getInstance(); + * + * Set keyGroupEntries; + * + * // get the KeyGroup entries from the configuration if (clientCert != + * null) { Principal issuer = clientCert.getIssuerDN(); BigInteger + * serialNumber = clientCert.getSerialNumber(); + * + * keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber, + * keyGroupID); } else { keyGroupEntries = config.getKeyGroupEntries(null, + * null, keyGroupID); } + * + * // map the KeyGroup entries to a set of KeyEntryIDs if (keyGroupEntries + * == null) { return Collections.EMPTY_SET; } else if + * (keyGroupEntries.size() == 0) { return Collections.EMPTY_SET; } else { + * + * Set keyEntryIDs = module.getPrivateKeyEntryIDs(); Set keySet = new + * HashSet(); Iterator iter; + * + * // filter out the keys that do not exist in the IAIK configuration // + * by walking through the key entries and checking if the exist in // the + * // keyGroupEntries for (iter = keyEntryIDs.iterator(); iter.hasNext();) + * { KeyEntryID entryID = (KeyEntryID) iter.next(); KeyGroupEntry entry = + * new KeyGroupEntry(entryID.getModuleID(), + * entryID.getCertificateIssuer(), entryID.getCertificateSerialNumber()); + * if (keyGroupEntries.contains(entry)) { keySet.add(entryID); } } return + * keySet; } } + * + * @Override + * + * @SuppressWarnings("rawtypes") public X509Certificate + * getCertificate(SignParameter parameter) throws PdfAsException { + * KeyModule module = KeyModuleFactory.getInstance(this.transactionId); + * + * Set keySet = null; try { keySet = buildKeySet(this.keyIdentifier, + * module); } catch (ConfigurationException e2) { + * Logger.warn("MOA not correctly configured!", e2); throw new + * PdfAsException("MOA not correctly configured!"); } + * + * if (keySet == null || keySet.isEmpty()) { + * Logger.warn("No keys available for Key Identifier " + + * this.keyIdentifier + " and given authentication."); throw new + * PdfAsException("Invalid Key Identifier: " + this.keyIdentifier); } + * + * if (keySet.size() != 1) { Logger.warn( + * "Too many keys available for Key Identifier " + this.keyIdentifier + + * " and given authentication."); throw new + * PdfAsException("Too many keys available for Key Identifier: " + + * this.keyIdentifier); } + * + * Iterator iter; + * + * // filter out the keys that do not exist in the IAIK configuration // + * by walking through the key entries and checking if the exist in // the + * // keyGroupEntries for (iter = keySet.iterator(); iter.hasNext();) { + * KeyEntryID entryID = (KeyEntryID) iter.next(); + * + * List certChain = null; try { certChain = + * module.getPrivateKeyEntry(entryID).getCertificateChain(); } catch + * (UnknownKeyException e1) { Logger.warn("Unknown KeyIdentifier found!", + * e1); throw new PdfAsException("Unknown Key Identifier: " + + * this.keyIdentifier); } + * + * if (certChain != null && !certChain.isEmpty()) { + * Logger.trace("Returning Certificate!"); Certificate keyCert = + * ((Certificate) certChain.get(0)); if (keyCert instanceof + * X509Certificate) { return (X509Certificate) keyCert; } else { try { + * return new X509Certificate(keyCert.getEncoded()); } catch + * (CertificateEncodingException e) { + * Logger.warn("Invalid certificate found!", e); throw new + * PdfAsException("Invalid certificate for Key Identifier: " + + * this.keyIdentifier); } catch (CertificateException e) { + * Logger.warn("Invalid certificate found!", e); throw new + * PdfAsException("Invalid certificate for Key Identifier: " + + * this.keyIdentifier); } } } + * + * break; } + * + * // No Certificate could be found! + * Logger.warn("Failed to find keys available for Key Identifier " + + * this.keyIdentifier + " and given authentication."); throw new + * PdfAsException("Failed to find keys available for Key Identifier: " + + * this.keyIdentifier); } + * + * @SuppressWarnings("unchecked") + * + * @Override public byte[] sign(byte[] input, int[] byteRange, + * SignParameter parameter, RequestedSignature requestedSignature) throws + * PdfAsException { + * + * CreateCMSSignatureRequestImpl createCMSSignatureRequest = new + * CreateCMSSignatureRequestImpl(); + * createCMSSignatureRequest.setKeyIdentifier(this.keyIdentifier); + * SingleSignatureInfoCMSImpl singleSignatureInfos = new + * SingleSignatureInfoCMSImpl(); + * + * DataObjectInfoCMSImpl dataObjectInfoCMSImpl = new + * DataObjectInfoCMSImpl(); + * + * dataObjectInfoCMSImpl.setStructure(DataObjectInfoCMSImpl. + * STRUCTURE_DETACHED); + * + * CMSDataObjectImpl cmsDataObjectImpl = new CMSDataObjectImpl(); + * + * CMSContentExplicitImpl cmsContent = new CMSContentExplicitImpl(); + * cmsContent.setBinaryContent(new ByteArrayInputStream(input)); + * + * cmsDataObjectImpl.setContent(cmsContent); + * + * MetaInfoImpl metaInfoImpl = new MetaInfoImpl(); + * + * metaInfoImpl.setMimeType("application/pdf"); + * + * cmsDataObjectImpl.setMetaInfo(metaInfoImpl); + * + * dataObjectInfoCMSImpl.setDataObject(cmsDataObjectImpl); + * + * singleSignatureInfos.setDataObjectInfo(dataObjectInfoCMSImpl); + * + * createCMSSignatureRequest.getSingleSignatureInfos().add( + * singleSignatureInfos); + * + * try { CreateCMSSignatureResponse createCMSSignatureResponse = + * CMSSignatureCreationInvoker.getInstance() + * .createCMSSignature(createCMSSignatureRequest, Collections.EMPTY_SET); + * + * if (createCMSSignatureResponse.getResponseElements().isEmpty()) { + * Logger.error("MOA CMS Signature response is empty!"); throw new + * PdfAsException("MOA CMS Signature response is empty"); } + * + * CreateCMSSignatureResponseElement createCMSSignatureResponseElement = + * (CreateCMSSignatureResponseElement) createCMSSignatureResponse + * .getResponseElements().get(0); + * + * if(createCMSSignatureResponseElement.getResponseType() == + * CreateCMSSignatureResponseElement.ERROR_RESPONSE) { ErrorResponse + * errorResponse = (ErrorResponse) createCMSSignatureResponseElement; + * Logger.error("Failed to create signature " + + * errorResponse.getErrorCode() + " " + errorResponse.getInfo()); throw + * new PdfAsErrorCarrier(new PDFASError(errorResponse.getErrorCode(), + * errorResponse.getInfo())); } else + * if(createCMSSignatureResponseElement.getResponseType() == + * CreateCMSSignatureResponseElement.CMS_SIGNATURE ) { + * CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) + * createCMSSignatureResponseElement; return + * Base64Utils.decode(cmsSignatureResponse.getCMSSignature(), true); } } + * catch (MOAException e) { Logger.error("Failed to create signature!", + * e); throw new PdfAsException("Failed to create signature!", e); } catch + * (IOException e) { Logger.error("Failed to create signature!", e); throw + * new PdfAsException("Failed to create signature!", e); } + * + * return null; } + */ } |