summaryrefslogtreecommitdiff
path: root/BKUApplet/src
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2013-12-13 04:06:05 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2013-12-13 04:06:05 +0000
commit438727ab21b5e80d1771279b988d6aed57ba3ab1 (patch)
tree1de5dc68467b378d7ece4a1119ac539dca6462c9 /BKUApplet/src
parentda6c49cbea9c80ad057a5fc3b698ce14ad9a7415 (diff)
downloadmocca-438727ab21b5e80d1771279b988d6aed57ba3ab1.tar.gz
mocca-438727ab21b5e80d1771279b988d6aed57ba3ab1.tar.bz2
mocca-438727ab21b5e80d1771279b988d6aed57ba3ab1.zip
Add ExcludedByteRange to STAL SignatureRequest, honour it for digest calculation
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1264 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'BKUApplet/src')
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java57
1 files changed, 36 insertions, 21 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java
index 773bab80..3b9ee1d2 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java
@@ -24,6 +24,19 @@
package at.gv.egiz.bku.online.applet;
+import iaik.me.security.CryptoException;
+import iaik.me.security.MessageDigest;
+
+import java.awt.event.ActionListener;
+import java.security.DigestException;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egiz.bku.gui.BKUGUIFacade;
import at.gv.egiz.bku.smccstal.SecureViewer;
import at.gv.egiz.stal.HashDataInput;
@@ -34,17 +47,6 @@ import at.gv.egiz.stal.service.types.GetHashDataInputResponseType;
import at.gv.egiz.stal.service.types.GetHashDataInputType;
import at.gv.egiz.stal.signedinfo.ReferenceType;
import at.gv.egiz.stal.signedinfo.SignedInfoType;
-import java.awt.event.ActionListener;
-import java.security.DigestException;
-
-import iaik.me.security.CryptoException;
-import iaik.me.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
/**
*
@@ -196,17 +198,30 @@ public class AppletSecureViewer implements SecureViewer {
log.debug("Digesting reference " + signedRefId + " (" + mimeType + ";" + encoding + ")");
}
-// if (signedDigestAlg.startsWith("CMS:")) {
-// log.info("CMS signature - skip verifying hashdata for now");
-// } else {
- byte[] hashDataInputDigest = digest(hdi, signedDigestAlg);
+ byte[] hashDataInputDigest;
+ if ((signedRef.getURI() != null) && signedRef.getURI().startsWith("CMSExcludedByteRange:")) {
+ String range = signedRef.getURI().substring(21);
+ int sep = range.indexOf('-');
+ int from = Integer.parseInt(range.substring(0, sep));
+ int to = Integer.parseInt(range.substring(sep+1));
- log.debug("Comparing digest to claimed digest value for reference {}.", signedRefId);
- if (!Arrays.equals(hashDataInputDigest, signedDigest)) {
- log.error("Bad digest value for reference {}.", signedRefId);
- throw new DigestException("Bad digest value for reference " + signedRefId);
- }
-// }
+ Arrays.fill(hdi, from, to+1, (byte)0);
+
+ byte[] hashData = new byte[hdi.length - ((to+1) - from)];
+ if (from > 0)
+ System.arraycopy(hdi, 0, hashData, 0, from);
+ if ((to+1) < hdi.length)
+ System.arraycopy(hdi, to+1, hashData, from, hdi.length - (to+1));
+ hashDataInputDigest = digest(hashData, signedDigestAlg);
+ } else {
+ hashDataInputDigest = digest(hdi, signedDigestAlg);
+ }
+
+ log.debug("Comparing digest to claimed digest value for reference {}.", signedRefId);
+ if (!Arrays.equals(hashDataInputDigest, signedDigest)) {
+ log.error("Bad digest value for reference {}.", signedRefId);
+ throw new DigestException("Bad digest value for reference " + signedRefId);
+ }
verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding, filename));
}