Add DigestMethod to STAL SignRequest, check digest value in secure viewer

NOTE: This currently disables viewing signature data which uses the ExcludeByteRange feature, e.g. PAdES signatures. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1263 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
author: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> 2013-12-13 01:57:31 +0000
committer: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> 2013-12-13 01:57:31 +0000
commit: da6c49cbea9c80ad057a5fc3b698ce14ad9a7415 (patch)
tree: 2179084a1c0352a0a5a432de716a2778781f86bb /bkucommon/src
parent: d311d0f7b7ef9ed5bc383d6744b7d61239aafbc1 (diff)
download: mocca-da6c49cbea9c80ad057a5fc3b698ce14ad9a7415.tar.gz
mocca-da6c49cbea9c80ad057a5fc3b698ce14ad9a7415.tar.bz2
mocca-da6c49cbea9c80ad057a5fc3b698ce14ad9a7415.zip
3 files changed, 13 insertions, 5 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
index 8da52227..8e71fa7c 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
@@ -11,9 +11,11 @@ public class STALPrivateKey implements PrivateKey {
   private static final long serialVersionUID = 1L;
 
   private String algorithm;
+  private String digestAlgorithm;
 
-  public STALPrivateKey(String algorithm) {
+  public STALPrivateKey(String algorithm, String digestAlgorithm) {
     this.algorithm = algorithm;
+    this.digestAlgorithm = digestAlgorithm;
   }
 
   @Override
@@ -21,6 +23,10 @@ public class STALPrivateKey implements PrivateKey {
     return algorithm;
   }
 
+  public String getDigestAlgorithm() {
+    return digestAlgorithm;
+  }
+
   @Override
   public byte[] getEncoded() {
     throw new UnsupportedOperationException("STALPrivateKey does not support the getEncoded() method.");
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
index 0a2140c3..7c8b2b4e 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
@@ -60,8 +60,9 @@ public class STALSecurityProvider extends IaikProvider {
       throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
     log.debug("calculateSignatureFromSignedAttributes: " + signatureAlgorithm + ", " + digestAlgorithm);
 
+    STALPrivateKey spk = (STALPrivateKey) privateKey;
     SignRequest signRequest = getSTALSignRequest(keyboxIdentifier, signedAttributes,
-        privateKey.getAlgorithm(), hashDataInput);
+        spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput);
 
     log.debug("Sending STAL request ({})", privateKey.getAlgorithm());
     List<STALResponse> responses =
@@ -86,7 +87,8 @@ public class STALSecurityProvider extends IaikProvider {
   }
 
   private static SignRequest getSTALSignRequest(String keyboxIdentifier,
-      byte[] signedAttributes, String signatureMethod, List<HashDataInput> hashDataInput) {
+      byte[] signedAttributes, String signatureMethod, String digestMethod,
+      List<HashDataInput> hashDataInput) {
     SignRequest signRequest = new SignRequest();
     signRequest.setKeyIdentifier(keyboxIdentifier);
     log.debug("SignedAttributes: " + Util.toBase64String(signedAttributes));
@@ -95,6 +97,7 @@ public class STALSecurityProvider extends IaikProvider {
     signedInfo.setIsCMSSignedAttributes(true);
     signRequest.setSignedInfo(signedInfo);
     signRequest.setSignatureMethod(signatureMethod);
+    signRequest.setDigestMethod(digestMethod);
     signRequest.setHashDataInput(hashDataInput);
     return signRequest;
   }
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
index 307f0bfc..9e76bf22 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
@@ -95,7 +95,6 @@ public class Signature {
   private AlgorithmID signatureAlgorithm;
   private AlgorithmID digestAlgorithm;
   private String signatureAlgorithmURI;
-  @SuppressWarnings("unused")
   private String digestAlgorithmURI;
 
   public Signature(CMSDataObjectRequiredMetaType dataObject, String structure,
@@ -116,7 +115,7 @@ public class Signature {
         new iaik.x509.X509Certificate(signingCertificate.getEncoded());
     CertificateIdentifier signerIdentifier =
         new IssuerAndSerialNumber(sigcert);
-    PrivateKey privateKey = new STALPrivateKey(signatureAlgorithmURI);
+    PrivateKey privateKey = new STALPrivateKey(signatureAlgorithmURI, digestAlgorithmURI);
     signerInfo = new SignerInfo(signerIdentifier, digestAlgorithm,
         signatureAlgorithm, privateKey);
   }
author	tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>	2013-12-13 01:57:31 +0000
committer	tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>	2013-12-13 01:57:31 +0000
commit	da6c49cbea9c80ad057a5fc3b698ce14ad9a7415 (patch)
tree	2179084a1c0352a0a5a432de716a2778781f86bb /bkucommon/src
parent	d311d0f7b7ef9ed5bc383d6744b7d61239aafbc1 (diff)
download	mocca-da6c49cbea9c80ad057a5fc3b698ce14ad9a7415.tar.gz mocca-da6c49cbea9c80ad057a5fc3b698ce14ad9a7415.tar.bz2 mocca-da6c49cbea9c80ad057a5fc3b698ce14ad9a7415.zip