/*
* Copyright 2003 Federal Chancellery Austria
* MOA-SPSS has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.spss.server.iaik.cmssign;
import iaik.server.modules.algorithms.SignatureAlgorithms;
import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
import iaik.server.modules.keys.AlgorithmUnavailableException;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModule;
import iaik.server.modules.keys.KeyModuleFactory;
import iaik.server.modules.keys.UnknownKeyException;
import java.util.List;
import java.util.Set;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moaspss.logging.Logger;
/**
* An object providing auxiliary information for creating a CMS signature.
*
* @author Patrick Peck
* @version $Id$
*/
public class CMSSignatureCreationProfileImpl
implements CMSSignatureCreationProfile {
/** The set of keys available to the signing process. */
private Set keySet;
/** The MIME type of the data to be signed*/
private String mimeType;
/** Whether the created signature is to be Security Layer conform. */
private boolean securityLayerConform;
/** Properties to be signed during signature creation. */
private List signedProperties;
/** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */
private boolean includeData;
/** Digest Method algorithm */
private String digestMethod;
/**
* Create a new XMLSignatureCreationProfileImpl
.
*
* @param createProfileCount Provides external information about the
* number of calls to the signature creation module, using the same request.
* @param reservedIDs The set of IDs that must not be used while generating
* new IDs.
*/
public CMSSignatureCreationProfileImpl(
Set keySet,
String digestMethod,
List signedProperties,
boolean securityLayerConform,
boolean includeData,
String mimeType) {
this.keySet = keySet;
this.signedProperties = signedProperties;
this.securityLayerConform = securityLayerConform;
this.includeData = includeData;
this.mimeType = mimeType;
this.digestMethod = digestMethod;
}
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
*/
public Set getKeySet() {
return keySet;
}
/**
* Set the set of KeyEntryID
s which may be used for signature
* creation.
*
* @param keySet The set of KeyEntryID
s to set.
*/
public void setKeySet(Set keySet) {
this.keySet = keySet;
}
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
*/
public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
throws AlgorithmUnavailableException {
TransactionContext context =
TransactionContextManager.getInstance().getTransactionContext();
TransactionId tid = new TransactionId(context.getTransactionID());
KeyModule module = KeyModuleFactory.getInstance(tid);
Set algorithms;
try {
algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
} catch (UnknownKeyException e) {
throw new AlgorithmUnavailableException(
"Unknown key entry: " + selectedKeyID,
e,
null);
}
if (digestMethod.compareTo("SHA-1") == 0) {
Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
return SignatureAlgorithms.SHA1_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
return SignatureAlgorithms.ECDSA;
} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
return SignatureAlgorithms.DSA;
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
null,
null);
}
} else if (digestMethod.compareTo("SHA-256") == 0) {
if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
return SignatureAlgorithms.SHA256_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
return SignatureAlgorithms.SHA256_WITH_ECDSA;
} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
return SignatureAlgorithms.DSA;
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
null,
null);
}
} else if (digestMethod.compareTo("SHA-384") == 0) {
if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
return SignatureAlgorithms.SHA384_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
return SignatureAlgorithms.SHA384_WITH_ECDSA;
} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
return SignatureAlgorithms.DSA;
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
null,
null);
}
} else if (digestMethod.compareTo("SHA-512") == 0) {
if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
return SignatureAlgorithms.SHA512_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
return SignatureAlgorithms.SHA512_WITH_ECDSA;
} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
return SignatureAlgorithms.DSA;
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
null,
null);
}
}
else {
throw new AlgorithmUnavailableException(
"No signature algorithm found for digest algorithm '" + digestMethod,
null,
null);
}
}
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
*/
public List getSignedProperties() {
return signedProperties;
}
/**
* @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
*/
public boolean isSecurityLayerConform() {
return securityLayerConform;
}
/**
* Sets the security layer conformity.
*
* @param securityLayerConform true
, if the created signature
* is to be conform to the Security Layer specification.
*/
public void setSecurityLayerConform(boolean securityLayerConform) {
this.securityLayerConform = securityLayerConform;
}
public void setDigestMethod(String digestMethod) {
this.digestMethod = digestMethod;
}
public String getMimeType() {
return mimeType;
}
public boolean includeData() {
return this.includeData;
}
}