From 84293bd12f63b59852026cab02035fc9ebee626a Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Mon, 14 Mar 2016 16:29:03 +0100 Subject: A lot of moa sig stuff --- .../invoke/CMSSignatureVerificationInvoker.java | 755 ++++++++++++--------- 1 file changed, 418 insertions(+), 337 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 905254e..906abbe 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import iaik.server.modules.AdESFormVerificationResult; @@ -34,6 +33,11 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; +import iaik.util.logging.Log; +import iaik.server.modules.pdfverify.ExtendedPDFSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationModule; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -50,10 +54,8 @@ import java.util.List; import org.apache.commons.codec.binary.Hex; import org.apache.commons.io.HexDump; import org.apache.commons.io.IOUtils; +import org.slf4j.LoggerFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; @@ -70,14 +72,17 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.QCSSCDResult; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; /** * A class providing an interface to the * CMSSignatureVerificationModule. * - * This class performs the invocation of the + * This class performs the invocation of the * iaik.server.modules.cmsverify.CMSSignatureVerificationModule - * from a VerifyCMSSignatureRequest. The result of the invocation + * from a VerifyCMSSignatureRequest. The result of the invocation * is integrated into a VerifyCMSSignatureResponse returned. * * @author Patrick Peck @@ -85,338 +90,414 @@ import at.gv.egovernment.moa.spss.util.QCSSCDResult; */ public class CMSSignatureVerificationInvoker { - /** The single instance of this class. */ - private static CMSSignatureVerificationInvoker instance = null; - - /** - * Return the only instance of this class. - * - * @return The only instance of this class. - */ - public static synchronized CMSSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new CMSSignatureVerificationInvoker(); - } - return instance; - } - - /** - * Create a new CMSSignatureVerificationInvoker. - * - * Protected to disallow multiple instances. - */ - protected CMSSignatureVerificationInvoker() { - } - - /** - * Verify a CMS signature. - * - * @param request The VerifyCMSSignatureRequest containing the - * CMS signature, as well as additional data needed for verification. - * @return Element A VerifyCMSSignatureResponse containing the - * answer to the VerifyCMSSignatureRequest. - * @throws MOAException An error occurred while processing the request. - */ - public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) - throws MOAException { - - CMSSignatureVerificationProfileFactory profileFactory = - new CMSSignatureVerificationProfileFactory(request); - VerifyCMSSignatureResponseBuilder responseBuilder = - new VerifyCMSSignatureResponseBuilder(); - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = - LoggingContextManager.getInstance().getLoggingContext(); - InputStream signature; - InputStream signedContent = null; - CMSSignatureVerificationProfile profile; - Date signingTime; - List results; - ExtendedCMSSignatureVerificationResult result; - int[] signatories; - InputStream input; - byte[] buf = new byte[2048]; - - // get the signature - signature = request.getCMSSignature(); - - // get the actual trustprofile - TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - - try { - // get the signed content - signedContent = getSignedContent(request); - - // build the profile - if(request.isPDF()) { - profile = profileFactory.createPDFProfile(); - } else { - profile = profileFactory.createProfile(); - } - - // get the signing time - signingTime = request.getDateTime(); - - // verify the signature - CMSSignatureVerificationModule module = - CMSSignatureVerificationModuleFactory.getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - - module.init( - signature, - signedContent, - profile, - new TransactionId(context.getTransactionID())); - input = module.getInputStream(); - - while (input.read(buf) > 0); - //results = module.verifyCAdESSignature(signingTime); - results = module.verifySignature(signingTime); - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IOException e) { - throw new MOAApplicationException("2244", null, e); - } catch (MOAException e) - { - throw e; - } - finally - { - try - { - if (signedContent != null) signedContent.close(); - } - catch (Throwable t) - { - // Intentionally do nothing here - } - } - - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - // build the response: for each signatory add the result to the response - signatories = request.getSignatories(); - if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { - Iterator resultIter; - - for (resultIter = results.iterator(); resultIter.hasNext();) { - Object resultObject = resultIter.next(); - CMSSignatureVerificationResult cmsResult = null; - List adesResults = null; - if(resultObject instanceof ExtendedCMSSignatureVerificationResult) { - result = (ExtendedCMSSignatureVerificationResult) resultObject; - - adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - } else { - cmsResult = (CMSSignatureVerificationResult)resultObject; - } - - - String issuerCountryCode = null; - // QC/SSCD check - - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while(it.hasNext()) { - chain[i] = (X509Certificate)it.next(); - i++; - } - - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); - - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } - } else { - int i; - - for (i = 0; i < signatories.length; i++) { - int sigIndex = signatories[i] - 1; - - try { - result = - (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1); - - String issuerCountryCode = null; - - CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult(); - - List adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - - // QC/SSCD check - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int j = 0; - while(it.hasNext()) { - chain[j] = (X509Certificate)it.next(); - j++; - } - - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } catch (IndexOutOfBoundsException e) { - throw new MOAApplicationException( - "2249", - new Object[] { new Integer(sigIndex)}); - } - } - } - - return responseBuilder.getResponse(); - } - - - /** - * Get the signed content contained either in the request itself or given as a - * reference to external data. - * - * @param request The VerifyCMSSignatureRequest containing the - * signed content (or the reference to the signed content). - * @return InputStream A stream providing the signed content data, or - * null if no signed content was provided with the request. - * @throws MOAApplicationException An error occurred building the stream. - */ - private InputStream getSignedContent(VerifyCMSSignatureRequest request) - throws MOAApplicationException { - - InputStream is = null; - CMSDataObject dataObj; - CMSContent content; - - // select the Content element - dataObj = request.getDataObject(); - if (dataObj == null) { - return null; - } - content = dataObj.getContent(); - - // build the content data - switch (content.getContentType()) { - case CMSContent.EXPLICIT_CONTENT : - is = ((CMSContentExcplicit) content).getBinaryContent(); - is = excludeByteRange(is, request); - return is; - case CMSContent.REFERENCE_CONTENT : - String reference = ((CMSContentReference) content).getReference(); - if (!"".equals(reference)) { - ExternalURIResolver resolver = new ExternalURIResolver(); - is = resolver.resolve(reference); - is = excludeByteRange(is, request); - return is; - } else { - return null; - } - default : - return null; - } - - - - } - - private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException { - - int byteRead; - - ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); - - CMSDataObject dataobject = request.getDataObject(); - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return contentIs; - - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - try { - while ((byteRead=contentIs.read()) >= 0) { - - if (inRange(counter, dataobject)) { - // if byte is in byte range, set byte to 0x00 - contentOs.write(0); - } - else - contentOs.write(byteRead); - - counter = counter.add(one); + /** The single instance of this class. */ + private static CMSSignatureVerificationInvoker instance = null; + + /** + * Return the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new CMSSignatureVerificationInvoker. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureVerificationInvoker() { + } + + /** + * Verify a CMS signature. + * + * @param request + * The VerifyCMSSignatureRequest containing the CMS + * signature, as well as additional data needed for verification. + * @return Element A VerifyCMSSignatureResponse containing the + * answer to the VerifyCMSSignatureRequest. + * @throws MOAException + * An error occurred while processing the request. + */ + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) throws MOAException { + + CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(request); + VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + InputStream signature; + InputStream signedContent = null; + Date signingTime; + List results; + int[] signatories; + InputStream input; + byte[] buf = new byte[2048]; + + // get the signature + signature = request.getCMSSignature(); + + // get the actual trustprofile + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + + try { + // get the signing time + signingTime = request.getDateTime(); + + // build the profile + if (request.isPDF()) { + PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile(); + Logger.info("Sending PDFSignatureVerificationProfile to IAIK-MOA"); + + PDFSignatureVerificationModule module = iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory + .getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, profile, new TransactionId(context.getTransactionID())); + + // input = module.getInputStream(); + + // while (input.read(buf) > 0); + if(request.isExtended()) { + results = module.verifyPAdESSignature(signingTime); + } else { + results = module.verifySignature(signingTime); + } + + } else { + // get the signed content + signedContent = getSignedContent(request); + CMSSignatureVerificationProfile profile = profileFactory.createProfile(); + Logger.info("Sending CMSSignatureVerificationProfile to IAIK-MOA"); + + // verify the signature + CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID())); + input = module.getInputStream(); + + while (input.read(buf) > 0) + ; + + if(request.isExtended()) { + results = module.verifyCAdESSignature(signingTime); + } else { + results = module.verifySignature(signingTime); + } + // results = module.verifySignature(signingTime); + } + + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IOException e) { + throw new MOAApplicationException("2244", null, e); + } catch (MOAException e) { + throw e; + } finally { + try { + if (signedContent != null) + signedContent.close(); + } catch (Throwable t) { + // Intentionally do nothing here + } + } + + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + // build the response: for each signatory add the result to the response + signatories = request.getSignatories(); + if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { + Iterator resultIter; + + for (resultIter = results.iterator(); resultIter.hasNext();) { + Object resultObject = resultIter.next(); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } + } else { + int i; + + for (i = 0; i < signatories.length; i++) { + int sigIndex = signatories[i] - 1; + + try { + Object resultObject = results.get(signatories[i] - 1); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } catch (IndexOutOfBoundsException e) { + throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); + } + } + } + + return responseBuilder.getResponse(); + } + + private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + } else { + cmsResult = (CMSSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + } - - InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); - - return is; - - - } catch (IOException e) { - throw new MOAApplicationException("2301", null, e); + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); } - - } - - - private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return false; - - int compare = counter.compareTo(from); - if (compare == -1) - return false; - else { - compare = counter.compareTo(to); - if (compare == 1) - return false; - else - return true; - } - - - - } - - - private List getAdESResult(AdESFormVerificationResult adesFormVerification) { + + private void handleCMSEXTResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + cmsResult = result.getCMSSignatureVerificationResult(); + } else { + cmsResult = (CMSSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + } + + private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + PDFSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { + ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + cmsResult = result.getPDFSignatureVerificationResult(); + } else { + cmsResult = (PDFSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + } + + /** + * Get the signed content contained either in the request itself or given as + * a reference to external data. + * + * @param request + * The VerifyCMSSignatureRequest containing the + * signed content (or the reference to the signed content). + * @return InputStream A stream providing the signed content data, or + * null if no signed content was provided with the + * request. + * @throws MOAApplicationException + * An error occurred building the stream. + */ + private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException { + + InputStream is = null; + CMSDataObject dataObj; + CMSContent content; + + // select the Content element + dataObj = request.getDataObject(); + if (dataObj == null) { + return null; + } + content = dataObj.getContent(); + + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT: + is = ((CMSContentExcplicit) content).getBinaryContent(); + is = excludeByteRange(is, request); + return is; + case CMSContent.REFERENCE_CONTENT: + String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + ExternalURIResolver resolver = new ExternalURIResolver(); + is = resolver.resolve(reference); + is = excludeByteRange(is, request); + return is; + } else { + return null; + } + default: + return null; + } + + } + + private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) + throws MOAApplicationException { + + int byteRead; + + ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); + + CMSDataObject dataobject = request.getDataObject(); + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ((from == null) || (to == null)) + return contentIs; + + BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); + + try { + while ((byteRead = contentIs.read()) >= 0) { + + if (inRange(counter, dataobject)) { + // if byte is in byte range, set byte to 0x00 + contentOs.write(0); + } else + contentOs.write(byteRead); + + counter = counter.add(one); + } + + InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); + + return is; + + } catch (IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ((from == null) || (to == null)) + return false; + + int compare = counter.compareTo(from); + if (compare == -1) + return false; + else { + compare = counter.compareTo(to); + if (compare == 1) + return false; + else + return true; + } + + } + + private List getAdESResult(AdESFormVerificationResult adesFormVerification) { if (adesFormVerification == null) { // no form information return null; @@ -451,5 +532,5 @@ public class CMSSignatureVerificationInvoker { } } } - + } -- cgit v1.2.3