From e1535be7c97e86e40e04258cbdaf47f60e6292bf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 7 Aug 2017 16:30:58 +0200
Subject: add PAdES conformity flag to CAdES SOAP interface. Info: additional
 work is required when IAIK-MOA is updated

---
 .../server/invoke/CMSSignatureCreationInvoker.java | 64 ++++++++--------------
 1 file changed, 23 insertions(+), 41 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 8e9380e..753d769 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -154,6 +154,7 @@ public class CMSSignatureCreationInvoker {
 	  CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
 
 	  boolean isSecurityLayerConform = false;
+	  boolean isPAdESConformRequired = false;
 	  String structure = null;
 	  String mimetype = null;
 	  
@@ -164,6 +165,14 @@ public class CMSSignatureCreationInvoker {
 	  while (singleSignatureInfoIter.hasNext()) {
 		  SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
 		  isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+		  isPAdESConformRequired = singleSignatureInfo.isPAdESConform();
+		  
+		  //PAdES conformity always requires SecurityLayer conformity, because certificates must be included
+		  if (isPAdESConformRequired && !isSecurityLayerConform) {
+			  isSecurityLayerConform = isPAdESConformRequired;
+			  Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested");
+			  
+		  }
 		  
 		  
 		  DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
@@ -171,7 +180,17 @@ public class CMSSignatureCreationInvoker {
 		  
 		  CMSDataObject dataobject = dataObjectInfo.getDataObject();
 		  MetaInfo metainfo = dataobject.getMetaInfo();
-		  mimetype = metainfo.getMimeType();
+		  
+		  /*TODO: does not set SigningTime in IAIK-MOA request or any other
+		   * API method/parameter when IAIK-MOA API is updated.
+		   * Maybe also update mimetype solution below
+		   */
+		  //does not set mimetype if PAdES conformity is requested
+		  if (!isPAdESConformRequired) {
+			  mimetype = metainfo.getMimeType();
+			  
+		  } else
+			  Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature");
 			  
 		  CMSContent content = dataobject.getContent();
 		  InputStream contentIs = null;
@@ -218,7 +237,7 @@ public class CMSSignatureCreationInvoker {
 			    
 		  // get digest algorithm
 		  String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
-			    
+	  
 		  // create CMSSignatureCreation profile:			    
 		  CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
 				  keySet,
@@ -239,39 +258,7 @@ public class CMSSignatureCreationInvoker {
 			  boolean base64 = true;
 			  OutputStream  signedDataStream = signature.getSignature(out, base64);
 					 
-			  // now write the data to be signed to the signedDataStream
-			  
-			  // 
-			  int byteRead;
-			  /*
-			  BigDecimal counter = new BigDecimal("0");
-			  BigDecimal one = new BigDecimal("1");
-			  
-			  ByteArrayOutputStream filteredStream = new ByteArrayOutputStream();
-			  
-			  while ((byteRead=contentIs.read()) >= 0) {
-				  //System.out.println("counterXX: " + counter);
-				  
-				  // Wrong behaviour < 3
-				  // excluded bytes should not be part of the signature as 0 bytes
-				  // they should be not part of the signature at all!
-				  
-//				  if (inRange(counter, dataobject))
-//					  filteredStream.write(0);
-//				  else
-//					  filteredStream.write(byteRead);
-//				  
-				  
-				  // correct behaviour
-				  if (!inRange(counter, dataobject)) {
-					  filteredStream.write(byteRead);
-				  }
-
-				  counter = counter.add(one);
-			  }
-			  byte[] data = filteredStream.toByteArray();
-			  signedDataStream.write(data, 0, data.length);
-			  */
+			  // now write the data to be signed to the signedDataStream			  
 			  // Stream based, this should have a better performance
 			  FilteredOutputStream filteredOuputStream = new FilteredOutputStream(
 					  signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(),
@@ -279,12 +266,7 @@ public class CMSSignatureCreationInvoker {
 			  
 			  IOUtils.copyLarge(contentIs, filteredOuputStream);
 			  filteredOuputStream.flush();
-//			  byte[] buf = new byte[4096];
-//			  int bytesRead;
-//			  while ((bytesRead = contentIs.read(buf)) >= 0) {
-//				  signedDataStream.write(buf, 0, bytesRead);
-//			  } 
-//					 
+ 
 			  // finish SignedData processing by closing signedDataStream
 			  signedDataStream.close();
 			  String base64value = out.toString();
-- 
cgit v1.2.3