diff options
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz/bku')
4 files changed, 95 insertions, 13 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java index e25fd3ab..e596e5c8 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java @@ -1,3 +1,27 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint + * initiative of the Federal Chancellery Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egiz.bku.slcommands.impl.cms; import java.io.ByteArrayInputStream; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java index 8e71fa7c..0792a987 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java @@ -1,3 +1,27 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint + * initiative of the Federal Chancellery Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egiz.bku.slcommands.impl.cms; import java.security.PrivateKey; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java index 7c8b2b4e..77bfaaa7 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java @@ -1,3 +1,27 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint + * initiative of the Federal Chancellery Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egiz.bku.slcommands.impl.cms; import iaik.asn1.DerCoder; @@ -20,6 +44,7 @@ import java.util.List; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType; import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException; import at.gv.egiz.stal.ErrorResponse; import at.gv.egiz.stal.HashDataInput; @@ -41,13 +66,15 @@ public class STALSecurityProvider extends IaikProvider { private String keyboxIdentifier; private STAL stal; private List<HashDataInput> hashDataInput; + private ExcludedByteRangeType excludedByteRange; public STALSecurityProvider(STAL stal, String keyboxIdentifier, - HashDataInput hashDataInput) { + HashDataInput hashDataInput, ExcludedByteRangeType excludedByteRange) { this.keyboxIdentifier = keyboxIdentifier; this.stal = stal; this.hashDataInput = new ArrayList<HashDataInput>(); this.hashDataInput.add(hashDataInput); + this.excludedByteRange = excludedByteRange; } /* (non-Javadoc) @@ -62,7 +89,7 @@ public class STALSecurityProvider extends IaikProvider { STALPrivateKey spk = (STALPrivateKey) privateKey; SignRequest signRequest = getSTALSignRequest(keyboxIdentifier, signedAttributes, - spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput); + spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput, excludedByteRange); log.debug("Sending STAL request ({})", privateKey.getAlgorithm()); List<STALResponse> responses = @@ -88,7 +115,7 @@ public class STALSecurityProvider extends IaikProvider { private static SignRequest getSTALSignRequest(String keyboxIdentifier, byte[] signedAttributes, String signatureMethod, String digestMethod, - List<HashDataInput> hashDataInput) { + List<HashDataInput> hashDataInput, ExcludedByteRangeType excludedByteRange) { SignRequest signRequest = new SignRequest(); signRequest.setKeyIdentifier(keyboxIdentifier); log.debug("SignedAttributes: " + Util.toBase64String(signedAttributes)); @@ -99,6 +126,12 @@ public class STALSecurityProvider extends IaikProvider { signRequest.setSignatureMethod(signatureMethod); signRequest.setDigestMethod(digestMethod); signRequest.setHashDataInput(hashDataInput); + if (excludedByteRange != null) { + SignRequest.ExcludedByteRange ebr = new SignRequest.ExcludedByteRange(); + ebr.setFrom(excludedByteRange.getFrom()); + ebr.setTo(excludedByteRange.getTo()); + signRequest.setExcludedByteRange(ebr); + } return signRequest; } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java index 9e76bf22..937296b1 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java @@ -96,6 +96,7 @@ public class Signature { private AlgorithmID digestAlgorithm; private String signatureAlgorithmURI; private String digestAlgorithmURI; + private ExcludedByteRangeType excludedByteRange; public Signature(CMSDataObjectRequiredMetaType dataObject, String structure, X509Certificate signingCertificate, Date signingTime, boolean useStrongHash) @@ -175,20 +176,20 @@ public class Signature { byte[] data = dataObject.getContent().getBase64Content(); this.signedDocument = data.clone(); - ExcludedByteRangeType ebr = dataObject.getExcludedByteRange(); - if (ebr == null) + this.excludedByteRange = dataObject.getExcludedByteRange(); + if (this.excludedByteRange == null) return data; - int from = dataObject.getExcludedByteRange().getFrom().intValue(); - int to = dataObject.getExcludedByteRange().getTo().intValue(); + int from = this.excludedByteRange.getFrom().intValue(); + int to = this.excludedByteRange.getTo().intValue(); if (from > data.length || to > data.length || from > to) - throw new InvalidParameterException("ExcludeByteRange contains invalid data: [" + + throw new InvalidParameterException("ExcludedByteRange contains invalid data: [" + from + "-" + to + "], Content length: " + data.length); - // Fill ExcludeByteRange with 0s for document to display in viewer + // Fill ExcludedByteRange with 0s for document to display in viewer Arrays.fill(this.signedDocument, from, to+1, (byte)0); - // Remove ExcludeByteRange from data to be signed + // Remove ExcludedByteRange from data to be signed byte[] first = null; byte[] second = null; if (from > 0) @@ -196,7 +197,7 @@ public class Signature { if ((to + 1) < data.length) second = Arrays.copyOfRange(data, to + 1, data.length); data = ArrayUtils.addAll(first, second); - log.debug("ExcludeByteRange [" + from + "-" + to + "], Content length: " + data.length); + log.debug("ExcludedByteRange [" + from + "-" + to + "], Content length: " + data.length); return data; } @@ -282,8 +283,8 @@ public class Signature { } public byte[] sign(STAL stal, String keyboxIdentifier) throws CMSException, CMSSignatureException, SLCommandException { - signedData.setSecurityProvider( - new STALSecurityProvider(stal, keyboxIdentifier, getHashDataInput())); + signedData.setSecurityProvider(new STALSecurityProvider( + stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange)); setSignerInfo(); ContentInfo contentInfo = new ContentInfo(signedData); return contentInfo.getEncoded(); |