summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2013-12-12 18:44:48 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2013-12-12 18:44:48 +0000
commit0165e2dd986389f7c04b48cd0452f73c3d01c10a (patch)
tree479a851df048294852782bd19ff52ff38e8f023b
parent34d821b73e4cc211e17a036b539859fe2f758ec6 (diff)
downloadmocca-0165e2dd986389f7c04b48cd0452f73c3d01c10a.tar.gz
mocca-0165e2dd986389f7c04b48cd0452f73c3d01c10a.tar.bz2
mocca-0165e2dd986389f7c04b48cd0452f73c3d01c10a.zip
Display CMS data in Secure Viewer
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1251 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
-rw-r--r--STAL/src/main/java/at/gv/egiz/stal/SignRequest.java10
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java67
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java39
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java29
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java30
5 files changed, 144 insertions, 31 deletions
diff --git a/STAL/src/main/java/at/gv/egiz/stal/SignRequest.java b/STAL/src/main/java/at/gv/egiz/stal/SignRequest.java
index a649d3ba..7319efcb 100644
--- a/STAL/src/main/java/at/gv/egiz/stal/SignRequest.java
+++ b/STAL/src/main/java/at/gv/egiz/stal/SignRequest.java
@@ -66,7 +66,7 @@ public class SignRequest
@XmlTransient
protected List<HashDataInput> hashData;
@XmlTransient
- protected boolean signedInfoIsRawData = false;
+ protected boolean signedInfoIsCMSSignedAttributes = false;
@XmlTransient
protected String signatureMethod;
@@ -124,12 +124,12 @@ public class SignRequest
this.hashData = hashData;
}
- public boolean getSignedInfoIsRawData() {
- return signedInfoIsRawData;
+ public boolean getSignedInfoIsCMSSignedAttributes() {
+ return signedInfoIsCMSSignedAttributes;
}
- public void setSignedInfoIsRawData(boolean signedInfoIsRawData) {
- this.signedInfoIsRawData = signedInfoIsRawData;
+ public void setSignedInfoIsCMSSignedAttributes(boolean signedInfoIsCMSSignedAttributes) {
+ this.signedInfoIsCMSSignedAttributes = signedInfoIsCMSSignedAttributes;
}
public String getSignatureMethod() {
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java
new file mode 100644
index 00000000..6aa37e15
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java
@@ -0,0 +1,67 @@
+package at.gv.egiz.bku.slcommands.impl.cms;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import at.gv.egiz.stal.HashDataInput;
+
+public class CMSHashDataInput implements HashDataInput {
+
+ private final static String DEFAULT_FILENAME = "SignatureData";
+ private final static String CMS_DEF_REFERENCE_ID = "Reference-1";
+
+ private byte[] data;
+ private String mimeType;
+
+ public CMSHashDataInput(byte[] data, String mimeType) {
+ this.data = data;
+ this.mimeType = mimeType;
+ }
+
+ @Override
+ public String getReferenceId() {
+ return CMS_DEF_REFERENCE_ID;
+ }
+
+ @Override
+ public String getMimeType() {
+ return mimeType;
+ }
+
+ @Override
+ public String getEncoding() {
+ return null;
+ }
+
+ @Override
+ public String getFilename() {
+ String fileName = DEFAULT_FILENAME;
+ String extension = getExtensionForMimeType(mimeType);
+ if (extension != null)
+ fileName += extension;
+ return fileName;
+ }
+
+ @Override
+ public InputStream getHashDataInput() {
+ return new ByteArrayInputStream(data);
+ }
+ private static String getExtensionForMimeType(String mimeType) {
+ if (mimeType.equalsIgnoreCase("application/pdf")) {
+ return ".pdf";
+ }
+ else if (mimeType.equalsIgnoreCase("text/plain")) {
+ return ".txt";
+ }
+ else if (mimeType.equalsIgnoreCase("application/xml")) {
+ return ".xml";
+ }
+ else if (mimeType.equalsIgnoreCase("application/zip")) {
+ return ".zip";
+ }
+ else if (mimeType.equalsIgnoreCase("application/gzip")) {
+ return ".gz";
+ }
+ return null;
+ }
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
index cb7d9a7a..cdd8f111 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
@@ -12,6 +12,7 @@ import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
@@ -21,6 +22,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException;
import at.gv.egiz.stal.ErrorResponse;
+import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.STAL;
import at.gv.egiz.stal.STALRequest;
import at.gv.egiz.stal.STALResponse;
@@ -29,15 +31,22 @@ import at.gv.egiz.stal.SignResponse;
public class STALSecurityProvider extends IaikProvider {
- private final Logger log = LoggerFactory.getLogger(STALSecurityProvider.class);
+ private final static Logger log = LoggerFactory.getLogger(STALSecurityProvider.class);
- private String keyboxIdentifier;
+ private final static String ID_ECSIGTYPE = "1.2.840.10045.4";
+ @SuppressWarnings("unused")
+ private final static String ECDSA_PLAIN_SIGNATURES = "0.4.0.127.0.7.1.1.4.1";
+ private String keyboxIdentifier;
private STAL stal;
+ private List<HashDataInput> hashDataInput;
- public STALSecurityProvider(STAL stal, String keyboxIdentifier) {
+ public STALSecurityProvider(STAL stal, String keyboxIdentifier,
+ HashDataInput hashDataInput) {
this.keyboxIdentifier = keyboxIdentifier;
this.stal = stal;
+ this.hashDataInput = new ArrayList<HashDataInput>();
+ this.hashDataInput.add(hashDataInput);
}
/* (non-Javadoc)
@@ -50,12 +59,8 @@ public class STALSecurityProvider extends IaikProvider {
throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
log.debug("calculateSignatureFromSignedAttributes: " + signatureAlgorithm + ", " + digestAlgorithm);
- SignRequest signRequest = new SignRequest();
- signRequest.setKeyIdentifier(keyboxIdentifier);
- log.debug("SignedAttributes: " + Util.toBase64String(signedAttributes));
- signRequest.setSignedInfo(signedAttributes);
- signRequest.setSignedInfoIsRawData(true);
- signRequest.setSignatureMethod(privateKey.getAlgorithm());
+ SignRequest signRequest = getSTALSignRequest(keyboxIdentifier, signedAttributes,
+ privateKey.getAlgorithm(), hashDataInput);
log.debug("Sending STAL request ({})", privateKey.getAlgorithm());
List<STALResponse> responses =
@@ -79,11 +84,21 @@ public class STALSecurityProvider extends IaikProvider {
}
}
+ private static SignRequest getSTALSignRequest(String keyboxIdentifier,
+ byte[] signedAttributes, String signatureMethod, List<HashDataInput> hashDataInput) {
+ SignRequest signRequest = new SignRequest();
+ signRequest.setKeyIdentifier(keyboxIdentifier);
+ log.debug("SignedAttributes: " + Util.toBase64String(signedAttributes));
+ signRequest.setSignedInfo(signedAttributes);
+ signRequest.setSignedInfoIsCMSSignedAttributes(true);
+ signRequest.setSignatureMethod(signatureMethod);
+ signRequest.setHashDataInput(hashDataInput);
+ return signRequest;
+ }
+
private static byte[] wrapSignatureValue(byte[] sig, AlgorithmID sigAlgorithmID) {
String id = sigAlgorithmID.getAlgorithm().getID();
- // 0.4.0.127.0.7.1.1.4.1...: ecdsa-plain-signatures
- // 1.2.840.10045.4...: id-ecSigType
- if (id.startsWith("1.2.840.10045.4")) //X9.62 Format ECDSA signatures
+ if (id.startsWith(ID_ECSIGTYPE)) //X9.62 Format ECDSA signatures
{
//Wrap r and s in ASN.1 SEQUENCE
byte[] r = Arrays.copyOfRange(sig, 0, sig.length/2);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
index 26de1052..307f0bfc 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
@@ -70,6 +70,7 @@ import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory;
import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException;
import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.STAL;
/**
@@ -79,6 +80,9 @@ import at.gv.egiz.stal.STAL;
* @author tkellner
*/
public class Signature {
+
+ public final static String ID_AA_ETS_MIMETYPE = "0.4.0.1733.2.1";
+
/**
* Logging facility.
*/
@@ -86,6 +90,8 @@ public class Signature {
private SignedData signedData;
private SignerInfo signerInfo;
+ private byte[] signedDocument;
+ private String mimeType;
private AlgorithmID signatureAlgorithm;
private AlgorithmID digestAlgorithm;
private String signatureAlgorithmURI;
@@ -95,13 +101,14 @@ public class Signature {
public Signature(CMSDataObjectRequiredMetaType dataObject, String structure,
X509Certificate signingCertificate, Date signingTime, boolean useStrongHash)
throws NoSuchAlgorithmException, CertificateEncodingException, CertificateException, X509ExtensionException, InvalidParameterException, CodingException {
- byte[] data = getContent(dataObject);
+ byte[] dataToBeSigned = getContent(dataObject);
int mode = structure.equalsIgnoreCase("enveloping") ? SignedData.IMPLICIT : SignedData.EXPLICIT;
- this.signedData = new SignedData(data, mode);
+ this.signedData = new SignedData(dataToBeSigned, mode);
setAlgorithmIDs(signingCertificate, useStrongHash);
createSignerInfo(signingCertificate);
setSignerCertificate(signingCertificate);
- setAttributes(dataObject.getMetaInfo().getMimeType(), signingCertificate, signingTime);
+ this.mimeType = dataObject.getMetaInfo().getMimeType();
+ setAttributes(this.mimeType, signingCertificate, signingTime);
}
private void createSignerInfo(X509Certificate signingCertificate) throws CertificateEncodingException, CertificateException {
@@ -130,7 +137,7 @@ public class Signature {
}
private void setMimeTypeAttrib(List<Attribute> attributes, String mimeType) {
- String oidStr = "0.4.0.1733.2.1";
+ String oidStr = ID_AA_ETS_MIMETYPE;
String name = "mime-type";
ObjectID mimeTypeOID = new ObjectID(oidStr, name);
@@ -167,6 +174,8 @@ public class Signature {
private byte[] getContent(CMSDataObjectRequiredMetaType dataObject) throws InvalidParameterException {
byte[] data = dataObject.getContent().getBase64Content();
+ this.signedDocument = data.clone();
+
ExcludedByteRangeType ebr = dataObject.getExcludedByteRange();
if (ebr == null)
return data;
@@ -176,6 +185,11 @@ public class Signature {
if (from > data.length || to > data.length || from > to)
throw new InvalidParameterException("ExcludeByteRange contains invalid data: [" +
from + "-" + to + "], Content length: " + data.length);
+
+ // Fill ExcludeByteRange with 0s for document to display in viewer
+ Arrays.fill(this.signedDocument, from, to+1, (byte)0);
+
+ // Remove ExcludeByteRange from data to be signed
byte[] first = null;
byte[] second = null;
if (from > 0)
@@ -264,8 +278,13 @@ public class Signature {
}
}
+ private HashDataInput getHashDataInput() {
+ return new CMSHashDataInput(signedDocument, mimeType);
+ }
+
public byte[] sign(STAL stal, String keyboxIdentifier) throws CMSException, CMSSignatureException, SLCommandException {
- signedData.setSecurityProvider(new STALSecurityProvider(stal, keyboxIdentifier));
+ signedData.setSecurityProvider(
+ new STALSecurityProvider(stal, keyboxIdentifier, getHashDataInput()));
setSignerInfo();
ContentInfo contentInfo = new ContentInfo(signedData);
return contentInfo.getEncoded();
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java
index 10b2e191..8ba18010 100644
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java
@@ -24,11 +24,10 @@
package at.gv.egiz.bku.smccstal;
-import at.gv.egiz.bku.gui.BKUGUIFacade;
-import at.gv.egiz.bku.pin.gui.SignPINGUI;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.List;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
@@ -38,12 +37,14 @@ import javax.xml.bind.Unmarshaller;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.bku.gui.BKUGUIFacade;
+import at.gv.egiz.bku.pin.gui.SignPINGUI;
import at.gv.egiz.smcc.CancelledException;
import at.gv.egiz.smcc.LockedException;
import at.gv.egiz.smcc.NotActivatedException;
import at.gv.egiz.smcc.SignatureCard;
-import at.gv.egiz.smcc.SignatureCardException;
import at.gv.egiz.smcc.SignatureCard.KeyboxName;
+import at.gv.egiz.smcc.SignatureCardException;
import at.gv.egiz.smcc.TimeoutException;
import at.gv.egiz.stal.ErrorResponse;
import at.gv.egiz.stal.STALRequest;
@@ -52,12 +53,18 @@ import at.gv.egiz.stal.SignRequest;
import at.gv.egiz.stal.SignResponse;
import at.gv.egiz.stal.signedinfo.CanonicalizationMethodType;
import at.gv.egiz.stal.signedinfo.ObjectFactory;
+import at.gv.egiz.stal.signedinfo.ReferenceType;
import at.gv.egiz.stal.signedinfo.SignatureMethodType;
import at.gv.egiz.stal.signedinfo.SignedInfoType;
public class SignRequestHandler extends AbstractRequestHandler {
private final static Logger log = LoggerFactory.getLogger(SignRequestHandler.class);
+
+ private final static String CMS_DEF_SIGNEDINFO_ID = "SignedInfo-1";
+ private final static String CMS_DEF_OBJECT_ID = "SignatureData-1";
+ private final static String CMS_DEF_REFERENCE_ID = "Reference-1";
+
private static JAXBContext jaxbContext;
static {
@@ -88,12 +95,10 @@ public class SignRequestHandler extends AbstractRequestHandler {
public STALResponse handleRequest(STALRequest request) throws InterruptedException {
if (request instanceof SignRequest) {
SignRequest signReq = (SignRequest) request;
+ byte[] signedInfoData = signReq.getSignedInfo();
try {
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- InputStream is = new ByteArrayInputStream(signReq.getSignedInfo());
-
SignedInfoType signedInfo;
- if (signReq.getSignedInfoIsRawData()) {
+ if (signReq.getSignedInfoIsCMSSignedAttributes()) {
signedInfo = new SignedInfoType();
CanonicalizationMethodType canonicalizationMethod =
new CanonicalizationMethodType();
@@ -102,8 +107,15 @@ public class SignRequestHandler extends AbstractRequestHandler {
signatureMethod.setAlgorithm(signReq.getSignatureMethod());
signedInfo.setCanonicalizationMethod(canonicalizationMethod);
signedInfo.setSignatureMethod(signatureMethod);
- signedInfo.setId("");
+ signedInfo.setId(CMS_DEF_SIGNEDINFO_ID);
+ List<ReferenceType> references = signedInfo.getReference();
+ ReferenceType reference = new ReferenceType();
+ reference.setId(CMS_DEF_REFERENCE_ID);
+ reference.setURI(CMS_DEF_OBJECT_ID);
+ references.add(reference);
} else {
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ InputStream is = new ByteArrayInputStream(signedInfoData);
JAXBElement<SignedInfoType> si =
(JAXBElement<SignedInfoType>) unmarshaller.unmarshal(is);
signedInfo = si.getValue();
@@ -112,7 +124,7 @@ public class SignRequestHandler extends AbstractRequestHandler {
log.debug("Found signature method: {}.", signatureMethod);
KeyboxName kb = SignatureCard.KeyboxName.getKeyboxName(signReq.getKeyIdentifier());
- byte[] resp = card.createSignature(new ByteArrayInputStream(signReq.getSignedInfo()), kb,
+ byte[] resp = card.createSignature(new ByteArrayInputStream(signedInfoData), kb,
new SignPINGUI(gui, secureViewer, signedInfo), signatureMethod);
if (resp == null) {
return errorResponse(6001, "Response is null", null);