diff options
author | Bonato, Martin <martin.bonato@prime-sign.com> | 2018-02-08 22:19:55 +0100 |
---|---|---|
committer | Bonato, Martin <martin.bonato@prime-sign.com> | 2018-02-08 22:19:55 +0100 |
commit | b9ccb62d35a755efb505d426ce924d5a8fbe937a (patch) | |
tree | 00d17aa7dc660eb0e90ae753e36a623d672fc0e0 /smccSTAL/src/main/java/at/gv | |
parent | 84794c877062fe0424f357be0e83bdd045d75d52 (diff) | |
download | mocca-b9ccb62d35a755efb505d426ce924d5a8fbe937a.tar.gz mocca-b9ccb62d35a755efb505d426ce924d5a8fbe937a.tar.bz2 mocca-b9ccb62d35a755efb505d426ce924d5a8fbe937a.zip |
BulkSignature implementationfb-bulksignature
Diffstat (limited to 'smccSTAL/src/main/java/at/gv')
7 files changed, 470 insertions, 66 deletions
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/BulkSignPINGUI.java b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/BulkSignPINGUI.java new file mode 100644 index 00000000..b792fed2 --- /dev/null +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/BulkSignPINGUI.java @@ -0,0 +1,172 @@ +/* + * Copyright 2015 Datentechnik Innovation GmbH and Prime Sign GmbH, Austria + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egiz.bku.pin.gui; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.gui.viewer.SecureViewer; +import at.gv.egiz.smcc.BulkSignException; +import at.gv.egiz.smcc.CancelledException; +import at.gv.egiz.smcc.PinInfo; +import at.gv.egiz.smcc.pin.gui.OverrulePinpadPINGUI; +import at.gv.egiz.stal.SignatureInfo; + +import java.security.DigestException; +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * This PinProvider is used for BulkSignatureRequests. + * The pin input field is called once and the pin is stored for further sign requests. + * + * + * @author szoescher + */ +public class BulkSignPINGUI extends SignPINGUI implements OverrulePinpadPINGUI { + + private final Logger log = LoggerFactory.getLogger(BulkSignPINGUI.class); + + private boolean retry = false; + + private char[] pin; + + private boolean showSignaturePINDialog; + + private int maxSignatures; + + private int signatureCount; + + List<SignatureInfo> signedInfo; + + + + public BulkSignPINGUI(BKUGUIFacade gui, SecureViewer viewer, List<SignatureInfo> signedInfo, int maxSignatures) { + super(gui, viewer, null); + + this.signedInfo = signedInfo; + this.maxSignatures = maxSignatures; + + showSignaturePINDialog = true; + signatureCount = 0; + } + + public int getSignatureCount() { + return signatureCount; + } + + public boolean isShowSignaturePINDialog() { + return showSignaturePINDialog; + } + + public void setShowSignaturePINDialog(boolean showSignaturePINDialog) { + this.showSignaturePINDialog = showSignaturePINDialog; + } + + + + @Override + public char[] providePIN(PinInfo spec, int retries) throws CancelledException, InterruptedException, BulkSignException { + + if (showSignaturePINDialog) { + + signatureCount = 1; + gui.showSignaturePINDialog(spec, (retry) ? retries : -1, maxSignatures, this, "sign", this, "cancel", this, "secureViewer"); + + do { + log.trace("[{}] wait for action.", Thread.currentThread().getName()); + waitForAction(); + log.trace("[{}] received action {}.", Thread.currentThread().getName(), action); + + if ("secureViewer".equals(action)) { + try { + + viewer.displayDataToBeSigned(signedInfo, this, "pinEntry"); + + } catch (DigestException ex) { + log.error("Bad digest value: {}", ex.getMessage()); + gui.showErrorDialog(BKUGUIFacade.ERR_INVALID_HASH, new Object[] { ex.getMessage() }, this, "error"); + } catch (Exception ex) { + log.error("Could not display hashdata inputs: {}", ex.getMessage()); + gui.showErrorDialog(BKUGUIFacade.ERR_DISPLAY_HASHDATA, new Object[] { ex.getMessage() }, this, "error"); + } + } else if ("sign".equals(action)) { + gui.showMessageDialog(BKUGUIFacade.TITLE_BULKSIGNATURE, BKUGUIFacade.MESSAGE_BULKSIGN, new Object[]{signatureCount,maxSignatures}, BKUGUIFacade.BUTTON_CANCEL, this, "cancel"); + retry = true; + pin = gui.getPin(); + return pin; + } else if ("pinEntry".equals(action)) { + gui.showSignaturePINDialog(spec, (retry) ? retries : -1, this, "sign", this, "cancel", this, "secureViewer"); + } else if ("cancel".equals(action) || "error".equals(action)) { + gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT); + throw new CancelledException(spec.getLocalizedName() + " entry cancelled"); + } else { + log.error("Unknown action command {}.", action); + } + } while (true); + } else { + + signatureCount ++; + + if(signatureCount > maxSignatures) { + throw new BulkSignException("Limit of "+ signatureCount + "Signatures exceeded."); + } + + gui.updateMessageDialog(BKUGUIFacade.TITLE_BULKSIGNATURE, BKUGUIFacade.MESSAGE_BULKSIGN, new Object[]{signatureCount,maxSignatures}, BKUGUIFacade.BUTTON_CANCEL, this, "cancel"); + + if ("cancel".equals(action) || "error".equals(action)) { + gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT); + throw new CancelledException(spec.getLocalizedName() + " entry cancelled"); + } + + return pin; + } + } + + @Override + public boolean allowOverrulePinpad() throws InterruptedException { + + if (showSignaturePINDialog) { + gui.showPinPadDeactivationDialog(this, "cancel", this, "ok"); + + do { + log.trace("[{}] wait for action.", Thread.currentThread().getName()); + waitForAction(); + log.trace("[{}] received action {}.", Thread.currentThread().getName(), action); + + if ("cancel".equals(action)) { + + return false; + + } else if ("ok".equals(action)) { + + return true; + + } else { + log.error("Unknown action command {}.", action); + } + } while (true); + } + + return true; + } +} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java index bc49b85e..da6c39b0 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java @@ -25,12 +25,14 @@ package at.gv.egiz.bku.pin.gui; import at.gv.egiz.bku.gui.BKUGUIFacade; -import at.gv.egiz.bku.smccstal.SecureViewer; +import at.gv.egiz.bku.gui.viewer.SecureViewer; import at.gv.egiz.smcc.CancelledException; import at.gv.egiz.smcc.PinInfo; import at.gv.egiz.smcc.pin.gui.PINGUI; -import at.gv.egiz.stal.signedinfo.SignedInfoType; +import at.gv.egiz.stal.SignatureInfo; + import java.security.DigestException; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -51,7 +53,7 @@ public class SignPINGUI extends SignPINProvider implements PINGUI { private boolean retry = false; - public SignPINGUI(BKUGUIFacade gui, SecureViewer viewer, SignedInfoType signedInfo) { + public SignPINGUI(BKUGUIFacade gui, SecureViewer viewer, SignatureInfo signedInfo) { super(gui, viewer, signedInfo); } diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java index f9dfe068..efda713c 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java @@ -25,12 +25,15 @@ package at.gv.egiz.bku.pin.gui; import at.gv.egiz.bku.gui.BKUGUIFacade; -import at.gv.egiz.bku.smccstal.SecureViewer; +import at.gv.egiz.bku.gui.viewer.SecureViewer; +import at.gv.egiz.smcc.BulkSignException; import at.gv.egiz.smcc.CancelledException; import at.gv.egiz.smcc.PinInfo; import at.gv.egiz.smcc.pin.gui.PINProvider; -import at.gv.egiz.stal.signedinfo.SignedInfoType; +import at.gv.egiz.stal.SignatureInfo; + import java.security.DigestException; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -51,10 +54,10 @@ public class SignPINProvider extends AbstractPINProvider implements PINProvider protected BKUGUIFacade gui; protected SecureViewer viewer; - protected SignedInfoType signedInfo; + protected SignatureInfo signedInfo; private boolean retry = false; - public SignPINProvider(BKUGUIFacade gui, SecureViewer viewer, SignedInfoType signedInfo) { + public SignPINProvider(BKUGUIFacade gui, SecureViewer viewer, SignatureInfo signedInfo) { this.gui = gui; this.viewer = viewer; this.signedInfo = signedInfo; @@ -62,7 +65,7 @@ public class SignPINProvider extends AbstractPINProvider implements PINProvider @Override public char[] providePIN(PinInfo spec, int retries) - throws CancelledException, InterruptedException { + throws CancelledException, InterruptedException, BulkSignException { gui.showSignaturePINDialog(spec, (retry) ? retries : -1, this, "sign", diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java index 59ee0593..77528ecb 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java @@ -25,9 +25,11 @@ package at.gv.egiz.bku.pin.gui; import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.smcc.BulkSignException; import at.gv.egiz.smcc.CancelledException; import at.gv.egiz.smcc.PinInfo; import at.gv.egiz.smcc.pin.gui.PINProvider; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -55,7 +57,7 @@ public class VerifyPINProvider extends AbstractPINProvider implements PINProvide @Override public char[] providePIN(PinInfo spec, int retries) - throws CancelledException, InterruptedException { + throws CancelledException, InterruptedException, BulkSignException { gui.showVerifyPINDialog(spec, (retry) ? retries : -1, this, "verify", diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/BulkSignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/BulkSignRequestHandler.java new file mode 100644 index 00000000..6d0403f7 --- /dev/null +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/BulkSignRequestHandler.java @@ -0,0 +1,273 @@ +/* + * Copyright 2015 Datentechnik Innovation GmbH and Prime Sign GmbH, Austria + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egiz.bku.smccstal; + +import iaik.me.asn1.ASN1; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.SignatureException; +import java.util.LinkedList; +import java.util.List; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.gui.viewer.SecureViewer; +import at.gv.egiz.bku.pin.gui.BulkSignPINGUI; +import at.gv.egiz.smcc.BulkSignException; +import at.gv.egiz.smcc.CancelledException; +import at.gv.egiz.smcc.LockedException; +import at.gv.egiz.smcc.NotActivatedException; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.smcc.SignatureCard.KeyboxName; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.TimeoutException; +import at.gv.egiz.stal.BulkSignRequest; +import at.gv.egiz.stal.BulkSignResponse; +import at.gv.egiz.stal.ErrorResponse; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.SignRequest; +import at.gv.egiz.stal.SignResponse; +import at.gv.egiz.stal.SignatureInfo; +import at.gv.egiz.stal.signedinfo.CanonicalizationMethodType; +import at.gv.egiz.stal.signedinfo.DigestMethodType; +import at.gv.egiz.stal.signedinfo.ObjectFactory; +import at.gv.egiz.stal.signedinfo.ReferenceType; +import at.gv.egiz.stal.signedinfo.SignatureMethodType; +import at.gv.egiz.stal.signedinfo.SignedInfoType; + +/** + * @author szoescher + */ +public class BulkSignRequestHandler extends AbstractRequestHandler { + + private final static Logger log = LoggerFactory.getLogger(BulkSignRequestHandler.class); + + private final static String CMS_DEF_SIGNEDINFO_ID = "SignedInfo-1"; + private final static String OID_MESSAGEDIGEST = "1.2.840.113549.1.9.4"; + + private static JAXBContext jaxbContext; + + static { + try { + jaxbContext = JAXBContext.newInstance(ObjectFactory.class.getPackage().getName()); + } catch (JAXBException e) { + Logger log = LoggerFactory.getLogger(BulkSignRequestHandler.class); + log.error("Cannot init jaxbContext", e); + } + } + + protected SecureViewer secureViewer; + + public BulkSignRequestHandler(SecureViewer secureViewer) { + this.secureViewer = secureViewer; + } + + private static ErrorResponse errorResponse(int errorCode, String errorMessage, Exception e) { + log.error(errorMessage, e); + ErrorResponse err = new ErrorResponse(errorCode); + err.setErrorMessage(errorMessage + (e == null ? "" : " " + e)); + return err; + } + + @Override + public STALResponse handleRequest(STALRequest request) throws InterruptedException { + if (request instanceof BulkSignRequest) { + BulkSignRequest bulkSignRequest = (BulkSignRequest) request; + BulkSignResponse stalResp = new BulkSignResponse(); + + + LinkedList<SignatureInfo> signatureInfoList = new LinkedList<SignatureInfo>(); + try { + + for(SignRequest signRequest : bulkSignRequest.getSignRequests()){ + + byte[] signedInfoData = signRequest.getSignedInfo().getValue(); + + SignatureInfo signatureInfo; + if (signRequest.getSignedInfo().isIsCMSSignedAttributes()) { + signatureInfo = createCMSSignedInfo(signRequest); + } else { + + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + InputStream is = new ByteArrayInputStream(signedInfoData); + @SuppressWarnings("unchecked") + JAXBElement<SignedInfoType> si = (JAXBElement<SignedInfoType>) unmarshaller.unmarshal(is); + + signatureInfo = new SignatureInfo(si.getValue(), signRequest.getDisplayName(), signRequest.getMimeType()); + } + signatureInfoList.add(signatureInfo); + } + + BulkSignPINGUI pinGUI = new BulkSignPINGUI(gui, secureViewer, signatureInfoList, bulkSignRequest.getSignRequests().size()); + + + for (int i = 0; i < bulkSignRequest.getSignRequests().size(); i++) { + SignRequest signRequest = bulkSignRequest.getSignRequests().get(i); + STALResponse response = handleSignRequest(signRequest, pinGUI, signatureInfoList.get(i)); + pinGUI.setShowSignaturePINDialog(false); + + if (response instanceof SignResponse) { + stalResp.getSignResponse().add((SignResponse) response); + } + + if (response instanceof ErrorResponse) { + return response; + } + + } + } catch (SignatureException e) { + return errorResponse(4000, "Error while parsing CMS signature.", e); + } catch (JAXBException e) { + return errorResponse(1000, "Cannot unmarshal signed info.", e); + } + + return stalResp; + } else { + return errorResponse(1000, "Got unexpected STAL request: " + request + ".", null); + } + } + + @Override + public boolean requireCard() { + return true; + } + + private STALResponse handleSignRequest(SignRequest request, BulkSignPINGUI pinGUI, SignatureInfo signatureInfo) throws InterruptedException { + if (request instanceof SignRequest) { + + SignRequest signReq = (SignRequest) request; + byte[] signedInfoData = signReq.getSignedInfo().getValue(); + try { + + String signatureMethod = signatureInfo.getSignatureMethod().getAlgorithm(); + log.debug("Found signature method: {}.", signatureMethod); + KeyboxName kb = SignatureCard.KeyboxName.getKeyboxName(signReq.getKeyIdentifier()); + + byte[] resp = card.createSignature(new ByteArrayInputStream(signedInfoData), kb, pinGUI, signatureMethod); + + if (resp == null) { + return errorResponse(6001, "Response is null", null); + } + + SignResponse stalResp = new SignResponse(); + stalResp.setSignatureValue(resp); + return stalResp; + } catch (NotActivatedException e) { + gui.showErrorDialog(BKUGUIFacade.ERR_CARD_NOTACTIVATED, null, this, null); + waitForAction(); + gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT); + return errorResponse(6001, "Citizen card not activated.", e); + } catch (LockedException e) { + gui.showErrorDialog(BKUGUIFacade.ERR_CARD_LOCKED, null, this, null); + waitForAction(); + gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT); + return errorResponse(6001, "Citizen card locked.", e); + } catch (CancelledException cx) { + return errorResponse(6001, "User cancelled request.", null); + }catch (BulkSignException cx) { + return errorResponse(6001, "Limit of Signatures exceeded.", null); + } catch (TimeoutException ex) { + gui.showMessageDialog(BKUGUIFacade.TITLE_ENTRY_TIMEOUT, BKUGUIFacade.ERR_PIN_TIMEOUT, null, + BKUGUIFacade.BUTTON_CANCEL, this, null); + waitForAction(); + gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT); + return errorResponse(6001, "Timeout during pin entry.", null); + } catch (SignatureCardException e) { + return errorResponse(4000, "Error while creating signature.", e); + } catch (IOException e) { + return errorResponse(4000, "Error while creating signature.", e); + } + } else { + return errorResponse(1000, "Got unexpected STAL request: " + request + ".", null); + } + } + + private static SignatureInfo createCMSSignedInfo(SignRequest signReq) throws SignatureException { + SignedInfoType signedInfo = new SignedInfoType(); + + log.trace("createCMSSignedInfo from SignRequest"); + byte[] signedInfoData = signReq.getSignedInfo().getValue(); + + CanonicalizationMethodType canonicalizationMethod = new CanonicalizationMethodType(); + canonicalizationMethod.setAlgorithm(""); + signedInfo.setCanonicalizationMethod(canonicalizationMethod); + + SignatureMethodType signatureMethod = new SignatureMethodType(); + signatureMethod.setAlgorithm(signReq.getSignatureMethod()); + signedInfo.setSignatureMethod(signatureMethod); + + signedInfo.setId(CMS_DEF_SIGNEDINFO_ID); + + List<ReferenceType> references = signedInfo.getReference(); + ReferenceType reference = new ReferenceType(); + reference.setId(HashDataInput.CMS_DEF_REFERENCE_ID); + DigestMethodType digestMethod = new DigestMethodType(); + digestMethod.setAlgorithm(signReq.getDigestMethod()); + reference.setDigestMethod(digestMethod); + byte[] messageDigest = null; + try { + ASN1 signedAttributes = new ASN1(signedInfoData); + if (!signedAttributes.isConstructed()) + throw new SignatureException("Error while parsing CMS signature"); + for (int i = 0; i < signedAttributes.getSize(); ++i) { + ASN1 signedAttribute = signedAttributes.getElementAt(i); + if (!signedAttribute.isConstructed()) + throw new SignatureException("Error while parsing CMS signature"); + ASN1 oid = signedAttribute.getElementAt(0); + if (oid.gvObjectId().equals(OID_MESSAGEDIGEST)) { + ASN1 value = signedAttribute.getElementAt(1); + if (!value.isConstructed()) + throw new SignatureException("Error while parsing CMS signature"); + messageDigest = value.getElementAt(0).gvByteArray(); + break; + } + } + } catch (IOException e) { + throw new SignatureException(e); + } + reference.setDigestValue(messageDigest); + if (signReq.getExcludedByteRange() != null) { + // Abuse URI to store ExcludedByteRange + String range = "CMSExcludedByteRange:" + signReq.getExcludedByteRange().getFrom() + "-" + + signReq.getExcludedByteRange().getTo(); + reference.setURI(range); + } + + references.add(reference); + + log.trace("Added SignatureInfo {} with name {} of type{}", new Object[] { signedInfo.getId(), signReq.getDisplayName(), signReq.getMimeType() }); + return new SignatureInfo(signedInfo, signReq.getDisplayName(), signReq.getMimeType()); + } + +} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SecureViewer.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SecureViewer.java deleted file mode 100644 index ea279f40..00000000 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SecureViewer.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2011 by Graz University of Technology, Austria - * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint - * initiative of the Federal Chancellery Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egiz.bku.smccstal; - -import at.gv.egiz.stal.signedinfo.SignedInfoType; -import java.awt.event.ActionListener; -import java.security.DigestException; - -/** - * - * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> - */ -public interface SecureViewer { - - /** - * Displays the hashdata inputs for all provided dsig:SignedReferences. - * Implementations may verify the digest value if necessary. - * (LocalSignRequestHandler operates on DataObjectHashDataInput, - * other SignRequestHandlers should cache the HashDataInputs obtained by webservice calls, - * or simply forward to a HashDataInputServlet.) - * @param signedInfo The caller may select a subset of the references in SignedInfo to be displayed. - * @param okListener - * @param okCommand - * @throws java.security.DigestException if digest values are verified and do not correspond - * (or any other digest computation error occurs) - * @throws java.lang.Exception - */ - void displayDataToBeSigned(SignedInfoType signedInfo, - ActionListener okListener, String okCommand) - throws DigestException, Exception; -} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java index 3026d27a..31c63379 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java @@ -41,6 +41,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.gui.viewer.SecureViewer; import at.gv.egiz.bku.pin.gui.SignPINGUI; import at.gv.egiz.smcc.CancelledException; import at.gv.egiz.smcc.LockedException; @@ -55,6 +56,7 @@ import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; import at.gv.egiz.stal.SignRequest; import at.gv.egiz.stal.SignResponse; +import at.gv.egiz.stal.SignatureInfo; import at.gv.egiz.stal.signedinfo.CanonicalizationMethodType; import at.gv.egiz.stal.signedinfo.DigestMethodType; import at.gv.egiz.stal.signedinfo.ObjectFactory; @@ -97,10 +99,12 @@ public class SignRequestHandler extends AbstractRequestHandler { @Override public STALResponse handleRequest(STALRequest request) throws InterruptedException { if (request instanceof SignRequest) { + SignRequest signReq = (SignRequest) request; + byte[] signedInfoData = signReq.getSignedInfo().getValue(); try { - SignedInfoType signedInfo; + SignatureInfo signedInfo; if (signReq.getSignedInfo().isIsCMSSignedAttributes()) { signedInfo = createCMSSignedInfo(signReq); } else { @@ -109,7 +113,8 @@ public class SignRequestHandler extends AbstractRequestHandler { @SuppressWarnings("unchecked") JAXBElement<SignedInfoType> si = (JAXBElement<SignedInfoType>) unmarshaller.unmarshal(is); - signedInfo = si.getValue(); + + signedInfo = new SignatureInfo(si.getValue(), signReq.getDisplayName(), signReq.getMimeType()); } String signatureMethod = signedInfo.getSignatureMethod().getAlgorithm(); log.debug("Found signature method: {}.", signatureMethod); @@ -159,7 +164,7 @@ public class SignRequestHandler extends AbstractRequestHandler { } } - private static SignedInfoType createCMSSignedInfo(SignRequest signReq) throws SignatureException { + private static SignatureInfo createCMSSignedInfo(SignRequest signReq) throws SignatureException { SignedInfoType signedInfo = new SignedInfoType(); byte[] signedInfoData = signReq.getSignedInfo().getValue(); @@ -210,7 +215,7 @@ public class SignRequestHandler extends AbstractRequestHandler { reference.setURI(range); } references.add(reference); - return signedInfo; + return new SignatureInfo(signedInfo, signReq.getDisplayName(), signReq.getMimeType()); } @Override |