From ae378f2293528188235be596af8d68504803e082 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 28 Jun 2017 12:33:25 +0200 Subject: fix problem in CMS response builder --- .../xmlbind/CreateCMSSignatureResponseBuilder.java | 39 ++++++++++++++-------- 1 file changed, 26 insertions(+), 13 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java index d808f2b..7ce0871 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java @@ -80,22 +80,35 @@ public class CreateCMSSignatureResponseBuilder { public Document build(CreateCMSSignatureResponse response) { Iterator iter; - + + + for (iter = response.getResponseElements().iterator(); iter.hasNext();) { - CreateCMSSignatureResponseElement responseElement = - (CreateCMSSignatureResponseElement) iter.next(); - switch (responseElement.getResponseType()) { - case CreateCMSSignatureResponseElement.CMS_SIGNATURE : - CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement; + Object responseObj = iter.next(); + + if (responseObj instanceof ErrorResponse) { + ErrorResponse errorResponse = (ErrorResponse) responseObj; + addErrorResponse(errorResponse); + + } else if (responseObj instanceof CreateCMSSignatureResponseElement) { + CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseObj; addCMSSignature(cmsSignatureResponse); - break; - - case CreateCMSSignatureResponseElement.ERROR_RESPONSE : - ErrorResponse errorResponse = (ErrorResponse) responseElement; - addErrorResponse(errorResponse); - break; - } + + } + +// CreateCMSSignatureResponseElement responseElement = +// (CreateCMSSignatureResponseElement) iter.next(); +// +// switch (responseElement.getResponseType()) { +// case CreateCMSSignatureResponseElement.CMS_SIGNATURE : +// +// break; +// +// case CreateCMSSignatureResponseElement.ERROR_RESPONSE : +// +// break; +// } } -- cgit v1.2.3 From e1535be7c97e86e40e04258cbdaf47f60e6292bf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 7 Aug 2017 16:30:58 +0200 Subject: add PAdES conformity flag to CAdES SOAP interface. Info: additional work is required when IAIK-MOA is updated --- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 3 +- .../moa/spss/api/cmssign/SingleSignatureInfo.java | 8 +++ .../moa/spss/api/impl/SPSSFactoryImpl.java | 3 +- .../spss/api/impl/SingleSignatureInfoCMSImpl.java | 9 ++- .../xmlbind/CreateCMSSignatureRequestParser.java | 9 ++- .../server/invoke/CMSSignatureCreationInvoker.java | 64 ++++++++-------------- 6 files changed, 51 insertions(+), 45 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index aadaefb..a39edf4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -190,13 +190,14 @@ public abstract class SPSSFactory { * @param dataObjectInfo The data object that will be signed. * @param securityLayerConform If true, a Security Layer conform * signature manifest is created, otherwise not. + * @param isPAdESSignature * @return The SingleSignatureInfo containing the above data. * * @post return != null */ public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, - boolean securityLayerConform); + boolean securityLayerConform, boolean isPAdESSignature); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java index 1f87a50..4d56cf3 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java @@ -48,4 +48,12 @@ public interface SingleSignatureInfo { * will be created, false otherwise. */ public boolean isSecurityLayerConform(); + + /** + * Check whether a PAdES conform CAdES signature will be created + * + * @return true, if a PAdES conform CAdES signature + * will be created, false otherwise. + */ + public boolean isPAdESConform(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index ea8d295..b9fad4f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -124,10 +124,11 @@ public class SPSSFactoryImpl extends SPSSFactory { } public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( - at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform) { + at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform, boolean isPAdESConform) { SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl(); singleSignatureInfo.setDataObjectInfo(dataObjectInfo); singleSignatureInfo.setSecurityLayerConform(securityLayerConform); + singleSignatureInfo.setPAdESConform(isPAdESConform); return singleSignatureInfo; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java index cb36515..c8558dc 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java @@ -40,6 +40,7 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo { private boolean securityLayerConform = true; + private boolean padesConform = false; public void setDataObjectInfo(DataObjectInfo dataObjectInfo) { this.dataObjectInfo = dataObjectInfo; @@ -49,9 +50,15 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo { return dataObjectInfo; } + public boolean isPAdESConform() { + return padesConform; + } + public void setPAdESConform(boolean padesConform) { + this.padesConform = padesConform; + } - public void setSecurityLayerConform(boolean securityLayerConform) { +public void setSecurityLayerConform(boolean securityLayerConform) { this.securityLayerConform = securityLayerConform; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java index 3550c27..a4c4d29 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java @@ -67,6 +67,7 @@ public class CreateCMSSignatureRequestParser { private static final String DATA_OBJECT_XPATH = MOA + "DataObject"; private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity"; + private static final String IS_PADES_SIGNATURE_ATTR_NAME = "PAdESConformity"; private static final String META_INFO_XPATH = MOA + "MetaInfo"; private static final String CONTENT_XPATH = MOA + "Content"; @@ -149,6 +150,7 @@ public class CreateCMSSignatureRequestParser { DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem); boolean securityLayerConform; + boolean isPAdESSignature = false; if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) { securityLayerConform = @@ -157,9 +159,14 @@ public class CreateCMSSignatureRequestParser { securityLayerConform = true; } + if (sigInfoElem.hasAttribute(IS_PADES_SIGNATURE_ATTR_NAME)) { + isPAdESSignature = BoolUtils.valueOf(sigInfoElem.getAttribute(IS_PADES_SIGNATURE_ATTR_NAME)); + } + return factory.createSingleSignatureInfoCMS( dataObjectInfo, - securityLayerConform); + securityLayerConform, + isPAdESSignature); } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 8e9380e..753d769 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -154,6 +154,7 @@ public class CMSSignatureCreationInvoker { CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl(); boolean isSecurityLayerConform = false; + boolean isPAdESConformRequired = false; String structure = null; String mimetype = null; @@ -164,6 +165,14 @@ public class CMSSignatureCreationInvoker { while (singleSignatureInfoIter.hasNext()) { SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next(); isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform(); + isPAdESConformRequired = singleSignatureInfo.isPAdESConform(); + + //PAdES conformity always requires SecurityLayer conformity, because certificates must be included + if (isPAdESConformRequired && !isSecurityLayerConform) { + isSecurityLayerConform = isPAdESConformRequired; + Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested"); + + } DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo(); @@ -171,7 +180,17 @@ public class CMSSignatureCreationInvoker { CMSDataObject dataobject = dataObjectInfo.getDataObject(); MetaInfo metainfo = dataobject.getMetaInfo(); - mimetype = metainfo.getMimeType(); + + /*TODO: does not set SigningTime in IAIK-MOA request or any other + * API method/parameter when IAIK-MOA API is updated. + * Maybe also update mimetype solution below + */ + //does not set mimetype if PAdES conformity is requested + if (!isPAdESConformRequired) { + mimetype = metainfo.getMimeType(); + + } else + Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature"); CMSContent content = dataobject.getContent(); InputStream contentIs = null; @@ -218,7 +237,7 @@ public class CMSSignatureCreationInvoker { // get digest algorithm String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); - + // create CMSSignatureCreation profile: CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( keySet, @@ -239,39 +258,7 @@ public class CMSSignatureCreationInvoker { boolean base64 = true; OutputStream signedDataStream = signature.getSignature(out, base64); - // now write the data to be signed to the signedDataStream - - // - int byteRead; - /* - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - ByteArrayOutputStream filteredStream = new ByteArrayOutputStream(); - - while ((byteRead=contentIs.read()) >= 0) { - //System.out.println("counterXX: " + counter); - - // Wrong behaviour < 3 - // excluded bytes should not be part of the signature as 0 bytes - // they should be not part of the signature at all! - -// if (inRange(counter, dataobject)) -// filteredStream.write(0); -// else -// filteredStream.write(byteRead); -// - - // correct behaviour - if (!inRange(counter, dataobject)) { - filteredStream.write(byteRead); - } - - counter = counter.add(one); - } - byte[] data = filteredStream.toByteArray(); - signedDataStream.write(data, 0, data.length); - */ + // now write the data to be signed to the signedDataStream // Stream based, this should have a better performance FilteredOutputStream filteredOuputStream = new FilteredOutputStream( signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(), @@ -279,12 +266,7 @@ public class CMSSignatureCreationInvoker { IOUtils.copyLarge(contentIs, filteredOuputStream); filteredOuputStream.flush(); -// byte[] buf = new byte[4096]; -// int bytesRead; -// while ((bytesRead = contentIs.read(buf)) >= 0) { -// signedDataStream.write(buf, 0, bytesRead); -// } -// + // finish SignedData processing by closing signedDataStream signedDataStream.close(); String base64value = out.toString(); -- cgit v1.2.3 From 7b12b9c698c20b34faa72be882d5f3fb87114483 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 8 Sep 2017 14:27:07 +0200 Subject: add PAdES flag and update IAIK libs --- .../server/iaik/cmssign/CMSSignatureCreationProfileImpl.java | 11 ++++++++++- .../moa/spss/server/invoke/CMSSignatureCreationInvoker.java | 5 +++-- 2 files changed, 13 insertions(+), 3 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java index 2dc047a..a465049 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -61,6 +61,7 @@ public class CMSSignatureCreationProfileImpl private boolean includeData; /** Digest Method algorithm */ private String digestMethod; + private boolean isPAdESConform; /** @@ -77,13 +78,15 @@ public class CMSSignatureCreationProfileImpl List signedProperties, boolean securityLayerConform, boolean includeData, - String mimeType) { + String mimeType, + boolean isPAdESConform) { this.keySet = keySet; this.signedProperties = signedProperties; this.securityLayerConform = securityLayerConform; this.includeData = includeData; this.mimeType = mimeType; this.digestMethod = digestMethod; + this.isPAdESConform = isPAdESConform; } @@ -246,4 +249,10 @@ public class CMSSignatureCreationProfileImpl return this.includeData; } + +@Override +public boolean isPAdESConform() { + return this.isPAdESConform; +} + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 753d769..4050ebc 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -181,7 +181,7 @@ public class CMSSignatureCreationInvoker { CMSDataObject dataobject = dataObjectInfo.getDataObject(); MetaInfo metainfo = dataobject.getMetaInfo(); - /*TODO: does not set SigningTime in IAIK-MOA request or any other + /*TODO: do not set SigningTime in IAIK-MOA request or any other * API method/parameter when IAIK-MOA API is updated. * Maybe also update mimetype solution below */ @@ -245,7 +245,8 @@ public class CMSSignatureCreationInvoker { signedProperties, isSecurityLayerConform, includeData, - mimetype); + mimetype, + isPAdESConformRequired); // create CMSSignature from the CMSSignatureCreationModule // build the additionalSignedProperties -- cgit v1.2.3