From 7510ab5173001711ecb5d6c8834878e7cce63ff9 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Fri, 4 Dec 2015 13:12:24 +0100 Subject: CMS verification --- .../moa/spss/server/iaik/config/CRLRetriever.java | 4 +-- .../config/DirectoryCertStoreParametersImpl.java | 2 +- .../server/iaik/config/PKIConfigurationImpl.java | 4 +-- .../iaik/config/RevocationConfigurationImpl.java | 8 ++--- .../moa/spss/server/iaik/pki/PKIProfileImpl.java | 10 ++++-- .../server/invoke/CMSSignatureCreationInvoker.java | 40 +++++++++++++++++----- 6 files changed, 47 insertions(+), 21 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java index 981ea05..304a7d3 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java @@ -83,11 +83,11 @@ public class CRLRetriever implements RevocationInfoRetriever { @Override public void setConnectTimeout(int arg0) { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD } @Override public void setReadTimeout(int arg0) { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java index 9dd0ffe..39da9cf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java @@ -108,7 +108,7 @@ public class DirectoryCertStoreParametersImpl @Override public Set getVirtualStores() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return Collections.EMPTY_SET; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java index 5e29b5c..fe0de1f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java @@ -100,13 +100,13 @@ public class PKIConfigurationImpl implements PKIConfiguration { @Override public int getConnectTimeout() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return 0; } @Override public int getReadTimeout() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return 0; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java index b03c4a2..a09a701 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java @@ -87,25 +87,25 @@ public class RevocationConfigurationImpl extends AbstractObservableConfiguration @Override public DBCrlConfig getDataBaseCRLConfig() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } @Override public boolean getKeepRevocationInfo() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return false; } @Override public Set getPositiveOCSPResponders() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } @Override public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return false; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java index 491986b..3f6998a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -145,13 +145,17 @@ public class PKIProfileImpl implements PKIProfile { */ @Override public int autoAddCertificates() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD - return 0; + if(config.getAutoAddCertificates()) { + return PKIProfile.AUTO_ADD_EE_DISABLE; + } else { + return PKIProfile.AUTO_ADD_DISABLE; + } + // TODO AFITZEK allow saving of end entity certificates } @Override public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 718673a..df04434 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -50,6 +50,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import org.apache.commons.io.IOUtils; + import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; @@ -71,6 +73,7 @@ import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfil import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.FilteredOutputStream; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.util.Constants; @@ -238,25 +241,44 @@ public class CMSSignatureCreationInvoker { // now write the data to be signed to the signedDataStream + // int byteRead; + /* BigDecimal counter = new BigDecimal("0"); BigDecimal one = new BigDecimal("1"); + ByteArrayOutputStream filteredStream = new ByteArrayOutputStream(); + while ((byteRead=contentIs.read()) >= 0) { //System.out.println("counterXX: " + counter); - if (inRange(counter, dataobject)) { - //System.out.println("Lösche..."); - // set byte to 0x00 - signedDataStream.write(0); - } - else - signedDataStream.write(byteRead); + // Wrong behaviour < 3 + // excluded bytes should not be part of the signature as 0 bytes + // they should be not part of the signature at all! + +// if (inRange(counter, dataobject)) +// filteredStream.write(0); +// else +// filteredStream.write(byteRead); +// - counter = counter.add(one); + // correct behaviour + if (!inRange(counter, dataobject)) { + filteredStream.write(byteRead); + } + + counter = counter.add(one); } + byte[] data = filteredStream.toByteArray(); + signedDataStream.write(data, 0, data.length); + */ + // Stream based, this should have a better performance + FilteredOutputStream filteredOuputStream = new FilteredOutputStream( + signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(), + dataobject.getExcludeByteRangeTo()); - + IOUtils.copyLarge(contentIs, filteredOuputStream); + filteredOuputStream.flush(); // byte[] buf = new byte[4096]; // int bytesRead; // while ((bytesRead = contentIs.read(buf)) >= 0) { -- cgit v1.2.3