From e1535be7c97e86e40e04258cbdaf47f60e6292bf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 7 Aug 2017 16:30:58 +0200 Subject: add PAdES conformity flag to CAdES SOAP interface. Info: additional work is required when IAIK-MOA is updated --- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 3 +- .../moa/spss/api/cmssign/SingleSignatureInfo.java | 8 +++ .../moa/spss/api/impl/SPSSFactoryImpl.java | 3 +- .../spss/api/impl/SingleSignatureInfoCMSImpl.java | 9 ++- .../xmlbind/CreateCMSSignatureRequestParser.java | 9 ++- .../server/invoke/CMSSignatureCreationInvoker.java | 64 ++++++++-------------- 6 files changed, 51 insertions(+), 45 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index aadaefb..a39edf4 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -190,13 +190,14 @@ public abstract class SPSSFactory { * @param dataObjectInfo The data object that will be signed. * @param securityLayerConform If true, a Security Layer conform * signature manifest is created, otherwise not. + * @param isPAdESSignature * @return The SingleSignatureInfo containing the above data. * * @post return != null */ public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, - boolean securityLayerConform); + boolean securityLayerConform, boolean isPAdESSignature); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java index 1f87a50..4d56cf3 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java @@ -48,4 +48,12 @@ public interface SingleSignatureInfo { * will be created, false otherwise. */ public boolean isSecurityLayerConform(); + + /** + * Check whether a PAdES conform CAdES signature will be created + * + * @return true, if a PAdES conform CAdES signature + * will be created, false otherwise. + */ + public boolean isPAdESConform(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index ea8d295..b9fad4f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -124,10 +124,11 @@ public class SPSSFactoryImpl extends SPSSFactory { } public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS( - at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform) { + at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform, boolean isPAdESConform) { SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl(); singleSignatureInfo.setDataObjectInfo(dataObjectInfo); singleSignatureInfo.setSecurityLayerConform(securityLayerConform); + singleSignatureInfo.setPAdESConform(isPAdESConform); return singleSignatureInfo; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java index cb36515..c8558dc 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java @@ -40,6 +40,7 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo { private boolean securityLayerConform = true; + private boolean padesConform = false; public void setDataObjectInfo(DataObjectInfo dataObjectInfo) { this.dataObjectInfo = dataObjectInfo; @@ -49,9 +50,15 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo { return dataObjectInfo; } + public boolean isPAdESConform() { + return padesConform; + } + public void setPAdESConform(boolean padesConform) { + this.padesConform = padesConform; + } - public void setSecurityLayerConform(boolean securityLayerConform) { +public void setSecurityLayerConform(boolean securityLayerConform) { this.securityLayerConform = securityLayerConform; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java index 3550c27..a4c4d29 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java @@ -67,6 +67,7 @@ public class CreateCMSSignatureRequestParser { private static final String DATA_OBJECT_XPATH = MOA + "DataObject"; private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity"; + private static final String IS_PADES_SIGNATURE_ATTR_NAME = "PAdESConformity"; private static final String META_INFO_XPATH = MOA + "MetaInfo"; private static final String CONTENT_XPATH = MOA + "Content"; @@ -149,6 +150,7 @@ public class CreateCMSSignatureRequestParser { DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem); boolean securityLayerConform; + boolean isPAdESSignature = false; if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) { securityLayerConform = @@ -157,9 +159,14 @@ public class CreateCMSSignatureRequestParser { securityLayerConform = true; } + if (sigInfoElem.hasAttribute(IS_PADES_SIGNATURE_ATTR_NAME)) { + isPAdESSignature = BoolUtils.valueOf(sigInfoElem.getAttribute(IS_PADES_SIGNATURE_ATTR_NAME)); + } + return factory.createSingleSignatureInfoCMS( dataObjectInfo, - securityLayerConform); + securityLayerConform, + isPAdESSignature); } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 8e9380e..753d769 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -154,6 +154,7 @@ public class CMSSignatureCreationInvoker { CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl(); boolean isSecurityLayerConform = false; + boolean isPAdESConformRequired = false; String structure = null; String mimetype = null; @@ -164,6 +165,14 @@ public class CMSSignatureCreationInvoker { while (singleSignatureInfoIter.hasNext()) { SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next(); isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform(); + isPAdESConformRequired = singleSignatureInfo.isPAdESConform(); + + //PAdES conformity always requires SecurityLayer conformity, because certificates must be included + if (isPAdESConformRequired && !isSecurityLayerConform) { + isSecurityLayerConform = isPAdESConformRequired; + Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested"); + + } DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo(); @@ -171,7 +180,17 @@ public class CMSSignatureCreationInvoker { CMSDataObject dataobject = dataObjectInfo.getDataObject(); MetaInfo metainfo = dataobject.getMetaInfo(); - mimetype = metainfo.getMimeType(); + + /*TODO: does not set SigningTime in IAIK-MOA request or any other + * API method/parameter when IAIK-MOA API is updated. + * Maybe also update mimetype solution below + */ + //does not set mimetype if PAdES conformity is requested + if (!isPAdESConformRequired) { + mimetype = metainfo.getMimeType(); + + } else + Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature"); CMSContent content = dataobject.getContent(); InputStream contentIs = null; @@ -218,7 +237,7 @@ public class CMSSignatureCreationInvoker { // get digest algorithm String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); - + // create CMSSignatureCreation profile: CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( keySet, @@ -239,39 +258,7 @@ public class CMSSignatureCreationInvoker { boolean base64 = true; OutputStream signedDataStream = signature.getSignature(out, base64); - // now write the data to be signed to the signedDataStream - - // - int byteRead; - /* - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - ByteArrayOutputStream filteredStream = new ByteArrayOutputStream(); - - while ((byteRead=contentIs.read()) >= 0) { - //System.out.println("counterXX: " + counter); - - // Wrong behaviour < 3 - // excluded bytes should not be part of the signature as 0 bytes - // they should be not part of the signature at all! - -// if (inRange(counter, dataobject)) -// filteredStream.write(0); -// else -// filteredStream.write(byteRead); -// - - // correct behaviour - if (!inRange(counter, dataobject)) { - filteredStream.write(byteRead); - } - - counter = counter.add(one); - } - byte[] data = filteredStream.toByteArray(); - signedDataStream.write(data, 0, data.length); - */ + // now write the data to be signed to the signedDataStream // Stream based, this should have a better performance FilteredOutputStream filteredOuputStream = new FilteredOutputStream( signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(), @@ -279,12 +266,7 @@ public class CMSSignatureCreationInvoker { IOUtils.copyLarge(contentIs, filteredOuputStream); filteredOuputStream.flush(); -// byte[] buf = new byte[4096]; -// int bytesRead; -// while ((bytesRead = contentIs.read(buf)) >= 0) { -// signedDataStream.write(buf, 0, bytesRead); -// } -// + // finish SignedData processing by closing signedDataStream signedDataStream.close(); String base64value = out.toString(); -- cgit v1.2.3