From 7510ab5173001711ecb5d6c8834878e7cce63ff9 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Fri, 4 Dec 2015 13:12:24 +0100 Subject: CMS verification --- .../moa/spss/server/iaik/config/CRLRetriever.java | 4 +- .../config/DirectoryCertStoreParametersImpl.java | 2 +- .../server/iaik/config/PKIConfigurationImpl.java | 4 +- .../iaik/config/RevocationConfigurationImpl.java | 8 +-- .../moa/spss/server/iaik/pki/PKIProfileImpl.java | 10 ++- .../server/invoke/CMSSignatureCreationInvoker.java | 40 +++++++++--- .../moa/spss/util/FilteredOutputStream.java | 76 ++++++++++++++++++++++ 7 files changed, 123 insertions(+), 21 deletions(-) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java (limited to 'moaSig/moa-sig-lib/src/main/java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java index 981ea05..304a7d3 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java @@ -83,11 +83,11 @@ public class CRLRetriever implements RevocationInfoRetriever { @Override public void setConnectTimeout(int arg0) { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD } @Override public void setReadTimeout(int arg0) { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java index 9dd0ffe..39da9cf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java @@ -108,7 +108,7 @@ public class DirectoryCertStoreParametersImpl @Override public Set getVirtualStores() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return Collections.EMPTY_SET; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java index 5e29b5c..fe0de1f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java @@ -100,13 +100,13 @@ public class PKIConfigurationImpl implements PKIConfiguration { @Override public int getConnectTimeout() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return 0; } @Override public int getReadTimeout() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return 0; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java index b03c4a2..a09a701 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java @@ -87,25 +87,25 @@ public class RevocationConfigurationImpl extends AbstractObservableConfiguration @Override public DBCrlConfig getDataBaseCRLConfig() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } @Override public boolean getKeepRevocationInfo() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return false; } @Override public Set getPositiveOCSPResponders() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } @Override public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return false; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java index 491986b..3f6998a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -145,13 +145,17 @@ public class PKIProfileImpl implements PKIProfile { */ @Override public int autoAddCertificates() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD - return 0; + if(config.getAutoAddCertificates()) { + return PKIProfile.AUTO_ADD_EE_DISABLE; + } else { + return PKIProfile.AUTO_ADD_DISABLE; + } + // TODO AFITZEK allow saving of end entity certificates } @Override public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { - // TODO AFITZEK TODO IMPLEMENT THIS METHOD + // TODO AFITZEK IMPLEMENT THIS METHOD return null; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 718673a..df04434 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -50,6 +50,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import org.apache.commons.io.IOUtils; + import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; @@ -71,6 +73,7 @@ import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfil import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.FilteredOutputStream; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.util.Constants; @@ -238,25 +241,44 @@ public class CMSSignatureCreationInvoker { // now write the data to be signed to the signedDataStream + // int byteRead; + /* BigDecimal counter = new BigDecimal("0"); BigDecimal one = new BigDecimal("1"); + ByteArrayOutputStream filteredStream = new ByteArrayOutputStream(); + while ((byteRead=contentIs.read()) >= 0) { //System.out.println("counterXX: " + counter); - if (inRange(counter, dataobject)) { - //System.out.println("Lösche..."); - // set byte to 0x00 - signedDataStream.write(0); - } - else - signedDataStream.write(byteRead); + // Wrong behaviour < 3 + // excluded bytes should not be part of the signature as 0 bytes + // they should be not part of the signature at all! + +// if (inRange(counter, dataobject)) +// filteredStream.write(0); +// else +// filteredStream.write(byteRead); +// - counter = counter.add(one); + // correct behaviour + if (!inRange(counter, dataobject)) { + filteredStream.write(byteRead); + } + + counter = counter.add(one); } + byte[] data = filteredStream.toByteArray(); + signedDataStream.write(data, 0, data.length); + */ + // Stream based, this should have a better performance + FilteredOutputStream filteredOuputStream = new FilteredOutputStream( + signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(), + dataobject.getExcludeByteRangeTo()); - + IOUtils.copyLarge(contentIs, filteredOuputStream); + filteredOuputStream.flush(); // byte[] buf = new byte[4096]; // int bytesRead; // while ((bytesRead = contentIs.read(buf)) >= 0) { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java new file mode 100644 index 0000000..3a9fe51 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java @@ -0,0 +1,76 @@ +package at.gv.egovernment.moa.spss.util; + +import java.io.BufferedOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.math.BigDecimal; + +public class FilteredOutputStream extends BufferedOutputStream { + private BigDecimal from = null; + private BigDecimal to = null; + private BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); + + public FilteredOutputStream(OutputStream innerStream, + int bufferSize, BigDecimal from, + BigDecimal to) { + super(innerStream, bufferSize); + this.from = from; + this.to = to; + } + + @Override + public synchronized void write(int b) throws IOException { + if(!inRange(counter)) { + super.write(b); + } + counter = counter.add(one); + } + + @Override + public synchronized void write(byte[] b, int off, int len) throws IOException { + this.filteredWrite(b, off, len); + } + + @Override + public synchronized void flush() throws IOException { + super.flush(); + } + + @Override + public void write(byte[] b) throws IOException { + if(b != null) { + this.filteredWrite(b, 0, b.length); + } + } + + @Override + public void close() throws IOException { + super.close(); + } + + private synchronized void filteredWrite(byte[] b, int off, int len) throws IOException { + for(int i = 0; i < len; i++) { + if(!inRange(counter)) { + super.write(b[off+i]); + } + counter = counter.add(one); + } + } + + private boolean inRange(BigDecimal counter) { + if ( (from == null) || (to == null)) + return false; + + int compare = counter.compareTo(from); + if (compare == -1) + return false; + else { + compare = counter.compareTo(to); + if (compare == 1) + return false; + else + return true; + } + } +} -- cgit v1.2.3