summaryrefslogtreecommitdiff
path: root/bkucommon/src/main/java/at/gv/egiz/bku
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2013-12-13 04:06:05 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2013-12-13 04:06:05 +0000
commit438727ab21b5e80d1771279b988d6aed57ba3ab1 (patch)
tree1de5dc68467b378d7ece4a1119ac539dca6462c9 /bkucommon/src/main/java/at/gv/egiz/bku
parentda6c49cbea9c80ad057a5fc3b698ce14ad9a7415 (diff)
downloadmocca-438727ab21b5e80d1771279b988d6aed57ba3ab1.tar.gz
mocca-438727ab21b5e80d1771279b988d6aed57ba3ab1.tar.bz2
mocca-438727ab21b5e80d1771279b988d6aed57ba3ab1.zip
Add ExcludedByteRange to STAL SignatureRequest, honour it for digest calculation
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1264 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz/bku')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java24
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java24
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java39
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java21
4 files changed, 95 insertions, 13 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java
index e25fd3ab..e596e5c8 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
+ * initiative of the Federal Chancellery Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
package at.gv.egiz.bku.slcommands.impl.cms;
import java.io.ByteArrayInputStream;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
index 8e71fa7c..0792a987 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
+ * initiative of the Federal Chancellery Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
package at.gv.egiz.bku.slcommands.impl.cms;
import java.security.PrivateKey;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
index 7c8b2b4e..77bfaaa7 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
+ * initiative of the Federal Chancellery Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
package at.gv.egiz.bku.slcommands.impl.cms;
import iaik.asn1.DerCoder;
@@ -20,6 +44,7 @@ import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType;
import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException;
import at.gv.egiz.stal.ErrorResponse;
import at.gv.egiz.stal.HashDataInput;
@@ -41,13 +66,15 @@ public class STALSecurityProvider extends IaikProvider {
private String keyboxIdentifier;
private STAL stal;
private List<HashDataInput> hashDataInput;
+ private ExcludedByteRangeType excludedByteRange;
public STALSecurityProvider(STAL stal, String keyboxIdentifier,
- HashDataInput hashDataInput) {
+ HashDataInput hashDataInput, ExcludedByteRangeType excludedByteRange) {
this.keyboxIdentifier = keyboxIdentifier;
this.stal = stal;
this.hashDataInput = new ArrayList<HashDataInput>();
this.hashDataInput.add(hashDataInput);
+ this.excludedByteRange = excludedByteRange;
}
/* (non-Javadoc)
@@ -62,7 +89,7 @@ public class STALSecurityProvider extends IaikProvider {
STALPrivateKey spk = (STALPrivateKey) privateKey;
SignRequest signRequest = getSTALSignRequest(keyboxIdentifier, signedAttributes,
- spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput);
+ spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput, excludedByteRange);
log.debug("Sending STAL request ({})", privateKey.getAlgorithm());
List<STALResponse> responses =
@@ -88,7 +115,7 @@ public class STALSecurityProvider extends IaikProvider {
private static SignRequest getSTALSignRequest(String keyboxIdentifier,
byte[] signedAttributes, String signatureMethod, String digestMethod,
- List<HashDataInput> hashDataInput) {
+ List<HashDataInput> hashDataInput, ExcludedByteRangeType excludedByteRange) {
SignRequest signRequest = new SignRequest();
signRequest.setKeyIdentifier(keyboxIdentifier);
log.debug("SignedAttributes: " + Util.toBase64String(signedAttributes));
@@ -99,6 +126,12 @@ public class STALSecurityProvider extends IaikProvider {
signRequest.setSignatureMethod(signatureMethod);
signRequest.setDigestMethod(digestMethod);
signRequest.setHashDataInput(hashDataInput);
+ if (excludedByteRange != null) {
+ SignRequest.ExcludedByteRange ebr = new SignRequest.ExcludedByteRange();
+ ebr.setFrom(excludedByteRange.getFrom());
+ ebr.setTo(excludedByteRange.getTo());
+ signRequest.setExcludedByteRange(ebr);
+ }
return signRequest;
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
index 9e76bf22..937296b1 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
@@ -96,6 +96,7 @@ public class Signature {
private AlgorithmID digestAlgorithm;
private String signatureAlgorithmURI;
private String digestAlgorithmURI;
+ private ExcludedByteRangeType excludedByteRange;
public Signature(CMSDataObjectRequiredMetaType dataObject, String structure,
X509Certificate signingCertificate, Date signingTime, boolean useStrongHash)
@@ -175,20 +176,20 @@ public class Signature {
byte[] data = dataObject.getContent().getBase64Content();
this.signedDocument = data.clone();
- ExcludedByteRangeType ebr = dataObject.getExcludedByteRange();
- if (ebr == null)
+ this.excludedByteRange = dataObject.getExcludedByteRange();
+ if (this.excludedByteRange == null)
return data;
- int from = dataObject.getExcludedByteRange().getFrom().intValue();
- int to = dataObject.getExcludedByteRange().getTo().intValue();
+ int from = this.excludedByteRange.getFrom().intValue();
+ int to = this.excludedByteRange.getTo().intValue();
if (from > data.length || to > data.length || from > to)
- throw new InvalidParameterException("ExcludeByteRange contains invalid data: [" +
+ throw new InvalidParameterException("ExcludedByteRange contains invalid data: [" +
from + "-" + to + "], Content length: " + data.length);
- // Fill ExcludeByteRange with 0s for document to display in viewer
+ // Fill ExcludedByteRange with 0s for document to display in viewer
Arrays.fill(this.signedDocument, from, to+1, (byte)0);
- // Remove ExcludeByteRange from data to be signed
+ // Remove ExcludedByteRange from data to be signed
byte[] first = null;
byte[] second = null;
if (from > 0)
@@ -196,7 +197,7 @@ public class Signature {
if ((to + 1) < data.length)
second = Arrays.copyOfRange(data, to + 1, data.length);
data = ArrayUtils.addAll(first, second);
- log.debug("ExcludeByteRange [" + from + "-" + to + "], Content length: " + data.length);
+ log.debug("ExcludedByteRange [" + from + "-" + to + "], Content length: " + data.length);
return data;
}
@@ -282,8 +283,8 @@ public class Signature {
}
public byte[] sign(STAL stal, String keyboxIdentifier) throws CMSException, CMSSignatureException, SLCommandException {
- signedData.setSecurityProvider(
- new STALSecurityProvider(stal, keyboxIdentifier, getHashDataInput()));
+ signedData.setSecurityProvider(new STALSecurityProvider(
+ stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange));
setSignerInfo();
ContentInfo contentInfo = new ContentInfo(signedData);
return contentInfo.getEncoded();