From 578ad0d6bc408edf9e6c875156054374f5fd8337 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 22 Mar 2021 18:40:26 +0100
Subject: change to EGIZ codestyle
---
.../xmlsign/XMLSignatureCreationProfileImpl.java | 320 +++++++++++----------
1 file changed, 164 insertions(+), 156 deletions(-)
(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java')
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 9d6e3d2..516e3d8 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -21,9 +21,16 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+import at.gv.egovernment.moaspss.logging.Logger;
import iaik.server.modules.algorithms.SignatureAlgorithms;
import iaik.server.modules.keys.AlgorithmUnavailableException;
import iaik.server.modules.keys.KeyEntryID;
@@ -34,23 +41,14 @@ import iaik.server.modules.xml.Canonicalization;
import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
-import java.util.List;
-import java.util.Set;
-
-import at.gv.egovernment.moa.spss.server.logging.TransactionId;
-import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
-import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
-import at.gv.egovernment.moa.spss.server.util.IdGenerator;
-import at.gv.egovernment.moaspss.logging.Logger;
-
/**
* An object providing auxiliary information for creating an XML signature.
- *
+ *
* @author Patrick Peck
* @version $Id$
*/
public class XMLSignatureCreationProfileImpl
- implements XMLSignatureCreationProfile {
+ implements XMLSignatureCreationProfile {
/** The transformations to apply to a data object. */
private List dataObjectTreatmentList;
@@ -58,7 +56,7 @@ public class XMLSignatureCreationProfileImpl
private Set keySet;
/** The type URI of the signature manifest. */
private String securityLayerManifestTypeURI;
- /** Whether the created signature is to be Security Layer conform. */
+ /** Whether the created signature is to be Security Layer conform. */
private boolean securityLayerConform;
/** Where to insert the signature into the signature environment. */
private XMLSignatureInsertionLocation signatureInsertionLocation;
@@ -66,55 +64,55 @@ public class XMLSignatureCreationProfileImpl
private String signatureStructureType;
/** The type of Canonicalization to use for the signed info. */
private Canonicalization signedInfoCanonicalization;
- /** Properties to be signed during signature creation. */
+ /** Properties to be signed during signature creation. */
private List signedProperties;
/** The ID generator for signature IDs. */
- private IdGenerator signatureIDGenerator;
+ private final IdGenerator signatureIDGenerator;
/** The ID generator for manifst IDs. */
- private IdGenerator manifestIDGenerator;
+ private final IdGenerator manifestIDGenerator;
/** The ID generator for XMLDsig manifest IDs. */
- private IdGenerator dsigManifestIDGenerator;
+ private final IdGenerator dsigManifestIDGenerator;
/** The ID generator for signed property IDs. */
- private IdGenerator propertyIDGenerator;
- /** The selected digest method algorithm if XAdES 1.4.2 is used */
- private String digestMethodXAdES142;
-
-
+ private final IdGenerator propertyIDGenerator;
+ /** The selected digest method algorithm if XAdES 1.4.2 is used */
+ private final String digestMethodXAdES142;
+
/**
* Create a new XMLSignatureCreationProfileImpl.
- *
- * @param createProfileCount Provides external information about the
- * number of calls to the signature creation module, using the same request.
- * @param reservedIDs The set of IDs that must not be used while generating
- * new IDs.
+ *
+ * @param createProfileCount Provides external information about the number of
+ * calls to the signature creation module, using the
+ * same request.
+ * @param reservedIDs The set of IDs that must not be used while
+ * generating new IDs.
*/
public XMLSignatureCreationProfileImpl(
- int createProfileCount,
- Set reservedIDs,
- String digestMethodXAdES142) {
+ int createProfileCount,
+ Set reservedIDs,
+ String digestMethodXAdES142) {
signatureIDGenerator =
- new IdGenerator("signature-" + createProfileCount, reservedIDs);
+ new IdGenerator("signature-" + createProfileCount, reservedIDs);
manifestIDGenerator =
- new IdGenerator("manifest-" + createProfileCount, reservedIDs);
+ new IdGenerator("manifest-" + createProfileCount, reservedIDs);
dsigManifestIDGenerator =
- new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs);
+ new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs);
propertyIDGenerator =
- new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
+ new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
this.digestMethodXAdES142 = digestMethodXAdES142;
}
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDataObjectTreatmentList()
*/
+ @Override
public List getDataObjectTreatmentList() {
return dataObjectTreatmentList;
}
/**
* Sets the list of DataObjectTreatments.
- *
- * @param dataObjectTreatmentList The DataObjectTreatments to
- * set.
+ *
+ * @param dataObjectTreatmentList The DataObjectTreatments to set.
*/
public void setDataObjectTreatmentList(List dataObjectTreatmentList) {
this.dataObjectTreatmentList = dataObjectTreatmentList;
@@ -123,6 +121,7 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
*/
+ @Override
public Set getKeySet() {
return keySet;
}
@@ -130,7 +129,7 @@ public class XMLSignatureCreationProfileImpl
/**
* Set the set of KeyEntryIDs which may be used for signature
* creation.
- *
+ *
* @param keySet The set of KeyEntryIDs to set.
*/
public void setKeySet(Set keySet) {
@@ -140,15 +139,15 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestTypeURI()
*/
+ @Override
public String getSecurityLayerManifestTypeURI() {
return securityLayerManifestTypeURI;
}
/**
* Set the SecurityLayerManifestTypeURI.
- *
- * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to
- * set.
+ *
+ * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to set.
*/
public void setSecurityLayerManifestTypeURI(String securityLayerManifestTypeURI) {
this.securityLayerManifestTypeURI = securityLayerManifestTypeURI;
@@ -157,132 +156,131 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
*/
+ @Override
public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
- throws AlgorithmUnavailableException {
+ throws AlgorithmUnavailableException {
- TransactionContext context =
- TransactionContextManager.getInstance().getTransactionContext();
- TransactionId tid = new TransactionId(context.getTransactionID());
- KeyModule module = KeyModuleFactory.getInstance(tid);
+ final TransactionContext context =
+ TransactionContextManager.getInstance().getTransactionContext();
+ final TransactionId tid = new TransactionId(context.getTransactionID());
+ final KeyModule module = KeyModuleFactory.getInstance(tid);
Set algorithms;
try {
algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
- } catch (UnknownKeyException e) {
+ } catch (final UnknownKeyException e) {
throw new AlgorithmUnavailableException(
- "Unknown key entry: " + selectedKeyID,
- e,
- null);
+ "Unknown key entry: " + selectedKeyID,
+ e,
+ null);
}
-
+
if (digestMethodXAdES142 == null) {
- // XAdES 1.4.2 not enabled - legacy MOA
- if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
-
- return SignatureAlgorithms.SHA1_WITH_RSA;
- } else if (
- algorithms.contains(SignatureAlgorithms.ECDSA)) {
- return SignatureAlgorithms.ECDSA;
- } else if (
- algorithms.contains(SignatureAlgorithms.DSA)) {
- return SignatureAlgorithms.DSA;
+ // XAdES 1.4.2 not enabled - legacy MOA
+ if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+
+ return SignatureAlgorithms.SHA1_WITH_RSA;
+ } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+ return SignatureAlgorithms.ECDSA;
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+ return SignatureAlgorithms.DSA;
+ } else {
+ throw new AlgorithmUnavailableException(
+ "No algorithm for key entry: " + selectedKeyID,
+ null,
+ null);
+ }
+ } else {
+ // XAdES 1.4.2 is enabled: select signature algorithm according to selected
+ // digest method
+ if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
+ Logger.warn(
+ "XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+
+ if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+ return SignatureAlgorithms.SHA1_WITH_RSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+ return SignatureAlgorithms.ECDSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+ return SignatureAlgorithms.DSA;
+
} else {
- throw new AlgorithmUnavailableException(
- "No algorithm for key entry: " + selectedKeyID,
- null,
- null);
+ throw new AlgorithmUnavailableException(
+ "No algorithm for key entry: " + selectedKeyID,
+ null,
+ null);
}
+
+ } else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
+ if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+ return SignatureAlgorithms.SHA256_WITH_RSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+ return SignatureAlgorithms.SHA256_WITH_ECDSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+ return SignatureAlgorithms.DSA;
+
+ } else {
+ throw new AlgorithmUnavailableException(
+ "No algorithm for key entry: " + selectedKeyID,
+ null,
+ null);
+ }
+ } else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
+ if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+ return SignatureAlgorithms.SHA384_WITH_RSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+ return SignatureAlgorithms.SHA384_WITH_ECDSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+ return SignatureAlgorithms.DSA;
+
+ } else {
+ throw new AlgorithmUnavailableException(
+ "No algorithm for key entry: " + selectedKeyID,
+ null,
+ null);
+ }
+ } else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
+ if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+ return SignatureAlgorithms.SHA512_WITH_RSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+ return SignatureAlgorithms.SHA512_WITH_ECDSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+ return SignatureAlgorithms.DSA;
+
+ } else {
+ throw new AlgorithmUnavailableException(
+ "No algorithm for key entry: " + selectedKeyID,
+ null,
+ null);
+ }
+ } else {
+ throw new AlgorithmUnavailableException(
+ "No signature algorithm found for digest algorithm '" + digestMethodXAdES142,
+ null,
+ null);
+ }
+
}
- else {
- // XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
- if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
- Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
-
- if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
- return SignatureAlgorithms.SHA1_WITH_RSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
- return SignatureAlgorithms.ECDSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
- return SignatureAlgorithms.DSA;
-
- } else {
- throw new AlgorithmUnavailableException(
- "No algorithm for key entry: " + selectedKeyID,
- null,
- null);
- }
-
- } else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
- return SignatureAlgorithms.SHA256_WITH_RSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
- return SignatureAlgorithms.SHA256_WITH_ECDSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
- return SignatureAlgorithms.DSA;
-
- } else {
- throw new AlgorithmUnavailableException(
- "No algorithm for key entry: " + selectedKeyID,
- null,
- null);
- }
- } else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
- return SignatureAlgorithms.SHA384_WITH_RSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
- return SignatureAlgorithms.SHA384_WITH_ECDSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
- return SignatureAlgorithms.DSA;
-
- } else {
- throw new AlgorithmUnavailableException(
- "No algorithm for key entry: " + selectedKeyID,
- null,
- null);
- }
- } else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
- return SignatureAlgorithms.SHA512_WITH_RSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
- return SignatureAlgorithms.SHA512_WITH_ECDSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
- return SignatureAlgorithms.DSA;
-
- } else {
- throw new AlgorithmUnavailableException(
- "No algorithm for key entry: " + selectedKeyID,
- null,
- null);
- }
- }
- else {
- throw new AlgorithmUnavailableException(
- "No signature algorithm found for digest algorithm '" + digestMethodXAdES142,
- null,
- null);
- }
-
- }
-
}
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureInsertionLocation()
*/
+ @Override
public XMLSignatureInsertionLocation getSignatureInsertionLocation() {
return signatureInsertionLocation;
}
@@ -290,7 +288,7 @@ public class XMLSignatureCreationProfileImpl
/**
* Set the location where the signature is to be inserted into the signature
* parent.
- *
+ *
* @param signatureInsertionLocation The location to set.
*/
public void setSignatureInsertionLocation(XMLSignatureInsertionLocation signatureInsertionLocation) {
@@ -300,12 +298,14 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureStructureType()
*/
+ @Override
public String getSignatureStructureType() {
return signatureStructureType;
}
/**
* Set the signature structure type.
+ *
* @param signatureStructureType The signature structure type to set.
*/
public void setSignatureStructureType(String signatureStructureType) {
@@ -315,13 +315,14 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedInfoCanonicalization()
*/
+ @Override
public Canonicalization getSignedInfoCanonicalization() {
return signedInfoCanonicalization;
}
/**
* Sets the canonicalization method to use for the SignedInfo object.
- *
+ *
* @param signedInfoCanonicalization The canonicalization method to set.
*/
public void setSignedInfoCanonicalization(Canonicalization signedInfoCanonicalization) {
@@ -331,13 +332,14 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
*/
+ @Override
public List getSignedProperties() {
return signedProperties;
}
/**
* Set the signed properties.
- *
+ *
* @param signedProperties The signed properties to set.
*/
public void setSignedProperties(List signedProperties) {
@@ -347,15 +349,16 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
*/
+ @Override
public boolean isSecurityLayerConform() {
return securityLayerConform;
}
/**
* Sets the security layer conformity.
- *
- * @param securityLayerConform true, if the created signature
- * is to be conform to the Security Layer specification.
+ *
+ * @param securityLayerConform true, if the created signature is to
+ * be conform to the Security Layer specification.
*/
public void setSecurityLayerConform(boolean securityLayerConform) {
this.securityLayerConform = securityLayerConform;
@@ -364,6 +367,7 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureID()
*/
+ @Override
public String getSignatureID() {
return signatureIDGenerator.uniqueId();
}
@@ -371,6 +375,7 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestID()
*/
+ @Override
public String getSecurityLayerManifestID() {
return manifestIDGenerator.uniqueId();
}
@@ -378,6 +383,7 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDsigManifestID()
*/
+ @Override
public String getDsigManifestID() {
return dsigManifestIDGenerator.uniqueId();
}
@@ -385,13 +391,15 @@ public class XMLSignatureCreationProfileImpl
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedPropertiesID()
*/
+ @Override
public String getSignedPropertiesID() {
return propertyIDGenerator.uniqueId();
}
-
+
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs()
*/
+ @Override
public boolean getPermitFileURIs() {
return false;
}
--
cgit v1.2.3