From e1535be7c97e86e40e04258cbdaf47f60e6292bf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 7 Aug 2017 16:30:58 +0200
Subject: add PAdES conformity flag to CAdES SOAP interface. Info: additional
 work is required when IAIK-MOA is updated

---
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   |  3 +-
 .../moa/spss/api/cmssign/SingleSignatureInfo.java  |  8 +++
 .../moa/spss/api/impl/SPSSFactoryImpl.java         |  3 +-
 .../spss/api/impl/SingleSignatureInfoCMSImpl.java  |  9 ++-
 .../xmlbind/CreateCMSSignatureRequestParser.java   |  9 ++-
 .../server/invoke/CMSSignatureCreationInvoker.java | 64 ++++++++--------------
 6 files changed, 51 insertions(+), 45 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index aadaefb..a39edf4 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -190,13 +190,14 @@ public abstract class SPSSFactory {
    * @param dataObjectInfo The data object that will be signed.
    * @param securityLayerConform If <code>true</code>, a Security Layer conform
    * signature manifest is created, otherwise not.
+ * @param isPAdESSignature 
    * @return The <code>SingleSignatureInfo</code> containing the above data.
    * 
    * @post return != null
    */
   public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(	
     at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,
-    boolean securityLayerConform);
+    boolean securityLayerConform, boolean isPAdESSignature);
   
 
   
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
index 1f87a50..4d56cf3 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
@@ -48,4 +48,12 @@ public interface SingleSignatureInfo {
    * will be created, <code>false</code> otherwise.
    */
   public boolean isSecurityLayerConform();
+  
+  /**
+   * Check whether a PAdES conform CAdES signature will be created 
+   * 
+   * @return <code>true</code>, if a PAdES conform CAdES signature 
+   * will be created, <code>false</code> otherwise.
+   */
+  public boolean isPAdESConform();
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index ea8d295..b9fad4f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -124,10 +124,11 @@ public class SPSSFactoryImpl extends SPSSFactory {
 	}
 
 	public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
-			at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform) {
+			at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform, boolean isPAdESConform) {
 		SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl();
 		singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
 		singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+		singleSignatureInfo.setPAdESConform(isPAdESConform);
 		return singleSignatureInfo;
 	}
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
index cb36515..c8558dc 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
@@ -40,6 +40,7 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
 
 
   private boolean securityLayerConform = true;
+  private boolean padesConform = false;
 
   public void setDataObjectInfo(DataObjectInfo dataObjectInfo) {
     this.dataObjectInfo = dataObjectInfo;
@@ -49,9 +50,15 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
     return dataObjectInfo;
   }
 
+  public boolean isPAdESConform() {
+	return padesConform;
+  }
 
+  public void setPAdESConform(boolean padesConform) {
+	this.padesConform = padesConform;
+  }
 
-  public void setSecurityLayerConform(boolean securityLayerConform) {
+public void setSecurityLayerConform(boolean securityLayerConform) {
     this.securityLayerConform = securityLayerConform;
   }
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
index 3550c27..a4c4d29 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -67,6 +67,7 @@ public class CreateCMSSignatureRequestParser {
   private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
   
   private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+  private static final String IS_PADES_SIGNATURE_ATTR_NAME = "PAdESConformity";
 
   private static final String META_INFO_XPATH = MOA + "MetaInfo";
   private static final String CONTENT_XPATH = MOA + "Content";
@@ -149,6 +150,7 @@ public class CreateCMSSignatureRequestParser {
 
     DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem);
     boolean securityLayerConform;
+    boolean isPAdESSignature = false;
 
     if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
       securityLayerConform =
@@ -157,9 +159,14 @@ public class CreateCMSSignatureRequestParser {
       securityLayerConform = true;
     }
 
+    if (sigInfoElem.hasAttribute(IS_PADES_SIGNATURE_ATTR_NAME)) {
+    	isPAdESSignature = BoolUtils.valueOf(sigInfoElem.getAttribute(IS_PADES_SIGNATURE_ATTR_NAME));
+    }
+    
     return factory.createSingleSignatureInfoCMS(
       dataObjectInfo,
-      securityLayerConform);
+      securityLayerConform,
+      isPAdESSignature);
   }
 
   /**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 8e9380e..753d769 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -154,6 +154,7 @@ public class CMSSignatureCreationInvoker {
 	  CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
 
 	  boolean isSecurityLayerConform = false;
+	  boolean isPAdESConformRequired = false;
 	  String structure = null;
 	  String mimetype = null;
 	  
@@ -164,6 +165,14 @@ public class CMSSignatureCreationInvoker {
 	  while (singleSignatureInfoIter.hasNext()) {
 		  SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
 		  isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+		  isPAdESConformRequired = singleSignatureInfo.isPAdESConform();
+		  
+		  //PAdES conformity always requires SecurityLayer conformity, because certificates must be included
+		  if (isPAdESConformRequired && !isSecurityLayerConform) {
+			  isSecurityLayerConform = isPAdESConformRequired;
+			  Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested");
+			  
+		  }
 		  
 		  
 		  DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
@@ -171,7 +180,17 @@ public class CMSSignatureCreationInvoker {
 		  
 		  CMSDataObject dataobject = dataObjectInfo.getDataObject();
 		  MetaInfo metainfo = dataobject.getMetaInfo();
-		  mimetype = metainfo.getMimeType();
+		  
+		  /*TODO: does not set SigningTime in IAIK-MOA request or any other
+		   * API method/parameter when IAIK-MOA API is updated.
+		   * Maybe also update mimetype solution below
+		   */
+		  //does not set mimetype if PAdES conformity is requested
+		  if (!isPAdESConformRequired) {
+			  mimetype = metainfo.getMimeType();
+			  
+		  } else
+			  Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature");
 			  
 		  CMSContent content = dataobject.getContent();
 		  InputStream contentIs = null;
@@ -218,7 +237,7 @@ public class CMSSignatureCreationInvoker {
 			    
 		  // get digest algorithm
 		  String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
-			    
+	  
 		  // create CMSSignatureCreation profile:			    
 		  CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
 				  keySet,
@@ -239,39 +258,7 @@ public class CMSSignatureCreationInvoker {
 			  boolean base64 = true;
 			  OutputStream  signedDataStream = signature.getSignature(out, base64);
 					 
-			  // now write the data to be signed to the signedDataStream
-			  
-			  // 
-			  int byteRead;
-			  /*
-			  BigDecimal counter = new BigDecimal("0");
-			  BigDecimal one = new BigDecimal("1");
-			  
-			  ByteArrayOutputStream filteredStream = new ByteArrayOutputStream();
-			  
-			  while ((byteRead=contentIs.read()) >= 0) {
-				  //System.out.println("counterXX: " + counter);
-				  
-				  // Wrong behaviour < 3
-				  // excluded bytes should not be part of the signature as 0 bytes
-				  // they should be not part of the signature at all!
-				  
-//				  if (inRange(counter, dataobject))
-//					  filteredStream.write(0);
-//				  else
-//					  filteredStream.write(byteRead);
-//				  
-				  
-				  // correct behaviour
-				  if (!inRange(counter, dataobject)) {
-					  filteredStream.write(byteRead);
-				  }
-
-				  counter = counter.add(one);
-			  }
-			  byte[] data = filteredStream.toByteArray();
-			  signedDataStream.write(data, 0, data.length);
-			  */
+			  // now write the data to be signed to the signedDataStream			  
 			  // Stream based, this should have a better performance
 			  FilteredOutputStream filteredOuputStream = new FilteredOutputStream(
 					  signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(),
@@ -279,12 +266,7 @@ public class CMSSignatureCreationInvoker {
 			  
 			  IOUtils.copyLarge(contentIs, filteredOuputStream);
 			  filteredOuputStream.flush();
-//			  byte[] buf = new byte[4096];
-//			  int bytesRead;
-//			  while ((bytesRead = contentIs.read(buf)) >= 0) {
-//				  signedDataStream.write(buf, 0, bytesRead);
-//			  } 
-//					 
+ 
 			  // finish SignedData processing by closing signedDataStream
 			  signedDataStream.close();
 			  String base64value = out.toString();
-- 
cgit v1.2.3