summaryrefslogtreecommitdiff
path: root/smccSTAL
diff options
context:
space:
mode:
Diffstat (limited to 'smccSTAL')
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/BulkSignPINGUI.java172
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java8
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java13
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java4
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/BulkSignRequestHandler.java273
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SecureViewer.java53
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java13
7 files changed, 470 insertions, 66 deletions
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/BulkSignPINGUI.java b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/BulkSignPINGUI.java
new file mode 100644
index 00000000..b792fed2
--- /dev/null
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/BulkSignPINGUI.java
@@ -0,0 +1,172 @@
+/*
+ * Copyright 2015 Datentechnik Innovation GmbH and Prime Sign GmbH, Austria
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egiz.bku.pin.gui;
+
+import at.gv.egiz.bku.gui.BKUGUIFacade;
+import at.gv.egiz.bku.gui.viewer.SecureViewer;
+import at.gv.egiz.smcc.BulkSignException;
+import at.gv.egiz.smcc.CancelledException;
+import at.gv.egiz.smcc.PinInfo;
+import at.gv.egiz.smcc.pin.gui.OverrulePinpadPINGUI;
+import at.gv.egiz.stal.SignatureInfo;
+
+import java.security.DigestException;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * This PinProvider is used for BulkSignatureRequests.
+ * The pin input field is called once and the pin is stored for further sign requests.
+ *
+ *
+ * @author szoescher
+ */
+public class BulkSignPINGUI extends SignPINGUI implements OverrulePinpadPINGUI {
+
+ private final Logger log = LoggerFactory.getLogger(BulkSignPINGUI.class);
+
+ private boolean retry = false;
+
+ private char[] pin;
+
+ private boolean showSignaturePINDialog;
+
+ private int maxSignatures;
+
+ private int signatureCount;
+
+ List<SignatureInfo> signedInfo;
+
+
+
+ public BulkSignPINGUI(BKUGUIFacade gui, SecureViewer viewer, List<SignatureInfo> signedInfo, int maxSignatures) {
+ super(gui, viewer, null);
+
+ this.signedInfo = signedInfo;
+ this.maxSignatures = maxSignatures;
+
+ showSignaturePINDialog = true;
+ signatureCount = 0;
+ }
+
+ public int getSignatureCount() {
+ return signatureCount;
+ }
+
+ public boolean isShowSignaturePINDialog() {
+ return showSignaturePINDialog;
+ }
+
+ public void setShowSignaturePINDialog(boolean showSignaturePINDialog) {
+ this.showSignaturePINDialog = showSignaturePINDialog;
+ }
+
+
+
+ @Override
+ public char[] providePIN(PinInfo spec, int retries) throws CancelledException, InterruptedException, BulkSignException {
+
+ if (showSignaturePINDialog) {
+
+ signatureCount = 1;
+ gui.showSignaturePINDialog(spec, (retry) ? retries : -1, maxSignatures, this, "sign", this, "cancel", this, "secureViewer");
+
+ do {
+ log.trace("[{}] wait for action.", Thread.currentThread().getName());
+ waitForAction();
+ log.trace("[{}] received action {}.", Thread.currentThread().getName(), action);
+
+ if ("secureViewer".equals(action)) {
+ try {
+
+ viewer.displayDataToBeSigned(signedInfo, this, "pinEntry");
+
+ } catch (DigestException ex) {
+ log.error("Bad digest value: {}", ex.getMessage());
+ gui.showErrorDialog(BKUGUIFacade.ERR_INVALID_HASH, new Object[] { ex.getMessage() }, this, "error");
+ } catch (Exception ex) {
+ log.error("Could not display hashdata inputs: {}", ex.getMessage());
+ gui.showErrorDialog(BKUGUIFacade.ERR_DISPLAY_HASHDATA, new Object[] { ex.getMessage() }, this, "error");
+ }
+ } else if ("sign".equals(action)) {
+ gui.showMessageDialog(BKUGUIFacade.TITLE_BULKSIGNATURE, BKUGUIFacade.MESSAGE_BULKSIGN, new Object[]{signatureCount,maxSignatures}, BKUGUIFacade.BUTTON_CANCEL, this, "cancel");
+ retry = true;
+ pin = gui.getPin();
+ return pin;
+ } else if ("pinEntry".equals(action)) {
+ gui.showSignaturePINDialog(spec, (retry) ? retries : -1, this, "sign", this, "cancel", this, "secureViewer");
+ } else if ("cancel".equals(action) || "error".equals(action)) {
+ gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT);
+ throw new CancelledException(spec.getLocalizedName() + " entry cancelled");
+ } else {
+ log.error("Unknown action command {}.", action);
+ }
+ } while (true);
+ } else {
+
+ signatureCount ++;
+
+ if(signatureCount > maxSignatures) {
+ throw new BulkSignException("Limit of "+ signatureCount + "Signatures exceeded.");
+ }
+
+ gui.updateMessageDialog(BKUGUIFacade.TITLE_BULKSIGNATURE, BKUGUIFacade.MESSAGE_BULKSIGN, new Object[]{signatureCount,maxSignatures}, BKUGUIFacade.BUTTON_CANCEL, this, "cancel");
+
+ if ("cancel".equals(action) || "error".equals(action)) {
+ gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT);
+ throw new CancelledException(spec.getLocalizedName() + " entry cancelled");
+ }
+
+ return pin;
+ }
+ }
+
+ @Override
+ public boolean allowOverrulePinpad() throws InterruptedException {
+
+ if (showSignaturePINDialog) {
+ gui.showPinPadDeactivationDialog(this, "cancel", this, "ok");
+
+ do {
+ log.trace("[{}] wait for action.", Thread.currentThread().getName());
+ waitForAction();
+ log.trace("[{}] received action {}.", Thread.currentThread().getName(), action);
+
+ if ("cancel".equals(action)) {
+
+ return false;
+
+ } else if ("ok".equals(action)) {
+
+ return true;
+
+ } else {
+ log.error("Unknown action command {}.", action);
+ }
+ } while (true);
+ }
+
+ return true;
+ }
+}
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java
index bc49b85e..da6c39b0 100644
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINGUI.java
@@ -25,12 +25,14 @@
package at.gv.egiz.bku.pin.gui;
import at.gv.egiz.bku.gui.BKUGUIFacade;
-import at.gv.egiz.bku.smccstal.SecureViewer;
+import at.gv.egiz.bku.gui.viewer.SecureViewer;
import at.gv.egiz.smcc.CancelledException;
import at.gv.egiz.smcc.PinInfo;
import at.gv.egiz.smcc.pin.gui.PINGUI;
-import at.gv.egiz.stal.signedinfo.SignedInfoType;
+import at.gv.egiz.stal.SignatureInfo;
+
import java.security.DigestException;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -51,7 +53,7 @@ public class SignPINGUI extends SignPINProvider implements PINGUI {
private boolean retry = false;
- public SignPINGUI(BKUGUIFacade gui, SecureViewer viewer, SignedInfoType signedInfo) {
+ public SignPINGUI(BKUGUIFacade gui, SecureViewer viewer, SignatureInfo signedInfo) {
super(gui, viewer, signedInfo);
}
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java
index f9dfe068..efda713c 100644
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/SignPINProvider.java
@@ -25,12 +25,15 @@
package at.gv.egiz.bku.pin.gui;
import at.gv.egiz.bku.gui.BKUGUIFacade;
-import at.gv.egiz.bku.smccstal.SecureViewer;
+import at.gv.egiz.bku.gui.viewer.SecureViewer;
+import at.gv.egiz.smcc.BulkSignException;
import at.gv.egiz.smcc.CancelledException;
import at.gv.egiz.smcc.PinInfo;
import at.gv.egiz.smcc.pin.gui.PINProvider;
-import at.gv.egiz.stal.signedinfo.SignedInfoType;
+import at.gv.egiz.stal.SignatureInfo;
+
import java.security.DigestException;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -51,10 +54,10 @@ public class SignPINProvider extends AbstractPINProvider implements PINProvider
protected BKUGUIFacade gui;
protected SecureViewer viewer;
- protected SignedInfoType signedInfo;
+ protected SignatureInfo signedInfo;
private boolean retry = false;
- public SignPINProvider(BKUGUIFacade gui, SecureViewer viewer, SignedInfoType signedInfo) {
+ public SignPINProvider(BKUGUIFacade gui, SecureViewer viewer, SignatureInfo signedInfo) {
this.gui = gui;
this.viewer = viewer;
this.signedInfo = signedInfo;
@@ -62,7 +65,7 @@ public class SignPINProvider extends AbstractPINProvider implements PINProvider
@Override
public char[] providePIN(PinInfo spec, int retries)
- throws CancelledException, InterruptedException {
+ throws CancelledException, InterruptedException, BulkSignException {
gui.showSignaturePINDialog(spec, (retry) ? retries : -1,
this, "sign",
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java
index 59ee0593..77528ecb 100644
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/pin/gui/VerifyPINProvider.java
@@ -25,9 +25,11 @@
package at.gv.egiz.bku.pin.gui;
import at.gv.egiz.bku.gui.BKUGUIFacade;
+import at.gv.egiz.smcc.BulkSignException;
import at.gv.egiz.smcc.CancelledException;
import at.gv.egiz.smcc.PinInfo;
import at.gv.egiz.smcc.pin.gui.PINProvider;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -55,7 +57,7 @@ public class VerifyPINProvider extends AbstractPINProvider implements PINProvide
@Override
public char[] providePIN(PinInfo spec, int retries)
- throws CancelledException, InterruptedException {
+ throws CancelledException, InterruptedException, BulkSignException {
gui.showVerifyPINDialog(spec, (retry) ? retries : -1,
this, "verify",
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/BulkSignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/BulkSignRequestHandler.java
new file mode 100644
index 00000000..6d0403f7
--- /dev/null
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/BulkSignRequestHandler.java
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2015 Datentechnik Innovation GmbH and Prime Sign GmbH, Austria
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egiz.bku.smccstal;
+
+import iaik.me.asn1.ASN1;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.SignatureException;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.bku.gui.BKUGUIFacade;
+import at.gv.egiz.bku.gui.viewer.SecureViewer;
+import at.gv.egiz.bku.pin.gui.BulkSignPINGUI;
+import at.gv.egiz.smcc.BulkSignException;
+import at.gv.egiz.smcc.CancelledException;
+import at.gv.egiz.smcc.LockedException;
+import at.gv.egiz.smcc.NotActivatedException;
+import at.gv.egiz.smcc.SignatureCard;
+import at.gv.egiz.smcc.SignatureCard.KeyboxName;
+import at.gv.egiz.smcc.SignatureCardException;
+import at.gv.egiz.smcc.TimeoutException;
+import at.gv.egiz.stal.BulkSignRequest;
+import at.gv.egiz.stal.BulkSignResponse;
+import at.gv.egiz.stal.ErrorResponse;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.STALRequest;
+import at.gv.egiz.stal.STALResponse;
+import at.gv.egiz.stal.SignRequest;
+import at.gv.egiz.stal.SignResponse;
+import at.gv.egiz.stal.SignatureInfo;
+import at.gv.egiz.stal.signedinfo.CanonicalizationMethodType;
+import at.gv.egiz.stal.signedinfo.DigestMethodType;
+import at.gv.egiz.stal.signedinfo.ObjectFactory;
+import at.gv.egiz.stal.signedinfo.ReferenceType;
+import at.gv.egiz.stal.signedinfo.SignatureMethodType;
+import at.gv.egiz.stal.signedinfo.SignedInfoType;
+
+/**
+ * @author szoescher
+ */
+public class BulkSignRequestHandler extends AbstractRequestHandler {
+
+ private final static Logger log = LoggerFactory.getLogger(BulkSignRequestHandler.class);
+
+ private final static String CMS_DEF_SIGNEDINFO_ID = "SignedInfo-1";
+ private final static String OID_MESSAGEDIGEST = "1.2.840.113549.1.9.4";
+
+ private static JAXBContext jaxbContext;
+
+ static {
+ try {
+ jaxbContext = JAXBContext.newInstance(ObjectFactory.class.getPackage().getName());
+ } catch (JAXBException e) {
+ Logger log = LoggerFactory.getLogger(BulkSignRequestHandler.class);
+ log.error("Cannot init jaxbContext", e);
+ }
+ }
+
+ protected SecureViewer secureViewer;
+
+ public BulkSignRequestHandler(SecureViewer secureViewer) {
+ this.secureViewer = secureViewer;
+ }
+
+ private static ErrorResponse errorResponse(int errorCode, String errorMessage, Exception e) {
+ log.error(errorMessage, e);
+ ErrorResponse err = new ErrorResponse(errorCode);
+ err.setErrorMessage(errorMessage + (e == null ? "" : " " + e));
+ return err;
+ }
+
+ @Override
+ public STALResponse handleRequest(STALRequest request) throws InterruptedException {
+ if (request instanceof BulkSignRequest) {
+ BulkSignRequest bulkSignRequest = (BulkSignRequest) request;
+ BulkSignResponse stalResp = new BulkSignResponse();
+
+
+ LinkedList<SignatureInfo> signatureInfoList = new LinkedList<SignatureInfo>();
+ try {
+
+ for(SignRequest signRequest : bulkSignRequest.getSignRequests()){
+
+ byte[] signedInfoData = signRequest.getSignedInfo().getValue();
+
+ SignatureInfo signatureInfo;
+ if (signRequest.getSignedInfo().isIsCMSSignedAttributes()) {
+ signatureInfo = createCMSSignedInfo(signRequest);
+ } else {
+
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ InputStream is = new ByteArrayInputStream(signedInfoData);
+ @SuppressWarnings("unchecked")
+ JAXBElement<SignedInfoType> si = (JAXBElement<SignedInfoType>) unmarshaller.unmarshal(is);
+
+ signatureInfo = new SignatureInfo(si.getValue(), signRequest.getDisplayName(), signRequest.getMimeType());
+ }
+ signatureInfoList.add(signatureInfo);
+ }
+
+ BulkSignPINGUI pinGUI = new BulkSignPINGUI(gui, secureViewer, signatureInfoList, bulkSignRequest.getSignRequests().size());
+
+
+ for (int i = 0; i < bulkSignRequest.getSignRequests().size(); i++) {
+ SignRequest signRequest = bulkSignRequest.getSignRequests().get(i);
+ STALResponse response = handleSignRequest(signRequest, pinGUI, signatureInfoList.get(i));
+ pinGUI.setShowSignaturePINDialog(false);
+
+ if (response instanceof SignResponse) {
+ stalResp.getSignResponse().add((SignResponse) response);
+ }
+
+ if (response instanceof ErrorResponse) {
+ return response;
+ }
+
+ }
+ } catch (SignatureException e) {
+ return errorResponse(4000, "Error while parsing CMS signature.", e);
+ } catch (JAXBException e) {
+ return errorResponse(1000, "Cannot unmarshal signed info.", e);
+ }
+
+ return stalResp;
+ } else {
+ return errorResponse(1000, "Got unexpected STAL request: " + request + ".", null);
+ }
+ }
+
+ @Override
+ public boolean requireCard() {
+ return true;
+ }
+
+ private STALResponse handleSignRequest(SignRequest request, BulkSignPINGUI pinGUI, SignatureInfo signatureInfo) throws InterruptedException {
+ if (request instanceof SignRequest) {
+
+ SignRequest signReq = (SignRequest) request;
+ byte[] signedInfoData = signReq.getSignedInfo().getValue();
+ try {
+
+ String signatureMethod = signatureInfo.getSignatureMethod().getAlgorithm();
+ log.debug("Found signature method: {}.", signatureMethod);
+ KeyboxName kb = SignatureCard.KeyboxName.getKeyboxName(signReq.getKeyIdentifier());
+
+ byte[] resp = card.createSignature(new ByteArrayInputStream(signedInfoData), kb, pinGUI, signatureMethod);
+
+ if (resp == null) {
+ return errorResponse(6001, "Response is null", null);
+ }
+
+ SignResponse stalResp = new SignResponse();
+ stalResp.setSignatureValue(resp);
+ return stalResp;
+ } catch (NotActivatedException e) {
+ gui.showErrorDialog(BKUGUIFacade.ERR_CARD_NOTACTIVATED, null, this, null);
+ waitForAction();
+ gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT);
+ return errorResponse(6001, "Citizen card not activated.", e);
+ } catch (LockedException e) {
+ gui.showErrorDialog(BKUGUIFacade.ERR_CARD_LOCKED, null, this, null);
+ waitForAction();
+ gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT);
+ return errorResponse(6001, "Citizen card locked.", e);
+ } catch (CancelledException cx) {
+ return errorResponse(6001, "User cancelled request.", null);
+ }catch (BulkSignException cx) {
+ return errorResponse(6001, "Limit of Signatures exceeded.", null);
+ } catch (TimeoutException ex) {
+ gui.showMessageDialog(BKUGUIFacade.TITLE_ENTRY_TIMEOUT, BKUGUIFacade.ERR_PIN_TIMEOUT, null,
+ BKUGUIFacade.BUTTON_CANCEL, this, null);
+ waitForAction();
+ gui.showMessageDialog(BKUGUIFacade.TITLE_WAIT, BKUGUIFacade.MESSAGE_WAIT);
+ return errorResponse(6001, "Timeout during pin entry.", null);
+ } catch (SignatureCardException e) {
+ return errorResponse(4000, "Error while creating signature.", e);
+ } catch (IOException e) {
+ return errorResponse(4000, "Error while creating signature.", e);
+ }
+ } else {
+ return errorResponse(1000, "Got unexpected STAL request: " + request + ".", null);
+ }
+ }
+
+ private static SignatureInfo createCMSSignedInfo(SignRequest signReq) throws SignatureException {
+ SignedInfoType signedInfo = new SignedInfoType();
+
+ log.trace("createCMSSignedInfo from SignRequest");
+ byte[] signedInfoData = signReq.getSignedInfo().getValue();
+
+ CanonicalizationMethodType canonicalizationMethod = new CanonicalizationMethodType();
+ canonicalizationMethod.setAlgorithm("");
+ signedInfo.setCanonicalizationMethod(canonicalizationMethod);
+
+ SignatureMethodType signatureMethod = new SignatureMethodType();
+ signatureMethod.setAlgorithm(signReq.getSignatureMethod());
+ signedInfo.setSignatureMethod(signatureMethod);
+
+ signedInfo.setId(CMS_DEF_SIGNEDINFO_ID);
+
+ List<ReferenceType> references = signedInfo.getReference();
+ ReferenceType reference = new ReferenceType();
+ reference.setId(HashDataInput.CMS_DEF_REFERENCE_ID);
+ DigestMethodType digestMethod = new DigestMethodType();
+ digestMethod.setAlgorithm(signReq.getDigestMethod());
+ reference.setDigestMethod(digestMethod);
+ byte[] messageDigest = null;
+ try {
+ ASN1 signedAttributes = new ASN1(signedInfoData);
+ if (!signedAttributes.isConstructed())
+ throw new SignatureException("Error while parsing CMS signature");
+ for (int i = 0; i < signedAttributes.getSize(); ++i) {
+ ASN1 signedAttribute = signedAttributes.getElementAt(i);
+ if (!signedAttribute.isConstructed())
+ throw new SignatureException("Error while parsing CMS signature");
+ ASN1 oid = signedAttribute.getElementAt(0);
+ if (oid.gvObjectId().equals(OID_MESSAGEDIGEST)) {
+ ASN1 value = signedAttribute.getElementAt(1);
+ if (!value.isConstructed())
+ throw new SignatureException("Error while parsing CMS signature");
+ messageDigest = value.getElementAt(0).gvByteArray();
+ break;
+ }
+ }
+ } catch (IOException e) {
+ throw new SignatureException(e);
+ }
+ reference.setDigestValue(messageDigest);
+ if (signReq.getExcludedByteRange() != null) {
+ // Abuse URI to store ExcludedByteRange
+ String range = "CMSExcludedByteRange:" + signReq.getExcludedByteRange().getFrom() + "-"
+ + signReq.getExcludedByteRange().getTo();
+ reference.setURI(range);
+ }
+
+ references.add(reference);
+
+ log.trace("Added SignatureInfo {} with name {} of type{}", new Object[] { signedInfo.getId(), signReq.getDisplayName(), signReq.getMimeType() });
+ return new SignatureInfo(signedInfo, signReq.getDisplayName(), signReq.getMimeType());
+ }
+
+}
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SecureViewer.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SecureViewer.java
deleted file mode 100644
index ea279f40..00000000
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SecureViewer.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
- * initiative of the Federal Chancellery Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egiz.bku.smccstal;
-
-import at.gv.egiz.stal.signedinfo.SignedInfoType;
-import java.awt.event.ActionListener;
-import java.security.DigestException;
-
-/**
- *
- * @author Clemens Orthacker &lt;clemens.orthacker@iaik.tugraz.at&gt;
- */
-public interface SecureViewer {
-
- /**
- * Displays the hashdata inputs for all provided dsig:SignedReferences.
- * Implementations may verify the digest value if necessary.
- * (LocalSignRequestHandler operates on DataObjectHashDataInput,
- * other SignRequestHandlers should cache the HashDataInputs obtained by webservice calls,
- * or simply forward to a HashDataInputServlet.)
- * @param signedInfo The caller may select a subset of the references in SignedInfo to be displayed.
- * @param okListener
- * @param okCommand
- * @throws java.security.DigestException if digest values are verified and do not correspond
- * (or any other digest computation error occurs)
- * @throws java.lang.Exception
- */
- void displayDataToBeSigned(SignedInfoType signedInfo,
- ActionListener okListener, String okCommand)
- throws DigestException, Exception;
-}
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java
index 3026d27a..31c63379 100644
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java
@@ -41,6 +41,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import at.gv.egiz.bku.gui.BKUGUIFacade;
+import at.gv.egiz.bku.gui.viewer.SecureViewer;
import at.gv.egiz.bku.pin.gui.SignPINGUI;
import at.gv.egiz.smcc.CancelledException;
import at.gv.egiz.smcc.LockedException;
@@ -55,6 +56,7 @@ import at.gv.egiz.stal.STALRequest;
import at.gv.egiz.stal.STALResponse;
import at.gv.egiz.stal.SignRequest;
import at.gv.egiz.stal.SignResponse;
+import at.gv.egiz.stal.SignatureInfo;
import at.gv.egiz.stal.signedinfo.CanonicalizationMethodType;
import at.gv.egiz.stal.signedinfo.DigestMethodType;
import at.gv.egiz.stal.signedinfo.ObjectFactory;
@@ -97,10 +99,12 @@ public class SignRequestHandler extends AbstractRequestHandler {
@Override
public STALResponse handleRequest(STALRequest request) throws InterruptedException {
if (request instanceof SignRequest) {
+
SignRequest signReq = (SignRequest) request;
+
byte[] signedInfoData = signReq.getSignedInfo().getValue();
try {
- SignedInfoType signedInfo;
+ SignatureInfo signedInfo;
if (signReq.getSignedInfo().isIsCMSSignedAttributes()) {
signedInfo = createCMSSignedInfo(signReq);
} else {
@@ -109,7 +113,8 @@ public class SignRequestHandler extends AbstractRequestHandler {
@SuppressWarnings("unchecked")
JAXBElement<SignedInfoType> si =
(JAXBElement<SignedInfoType>) unmarshaller.unmarshal(is);
- signedInfo = si.getValue();
+
+ signedInfo = new SignatureInfo(si.getValue(), signReq.getDisplayName(), signReq.getMimeType());
}
String signatureMethod = signedInfo.getSignatureMethod().getAlgorithm();
log.debug("Found signature method: {}.", signatureMethod);
@@ -159,7 +164,7 @@ public class SignRequestHandler extends AbstractRequestHandler {
}
}
- private static SignedInfoType createCMSSignedInfo(SignRequest signReq) throws SignatureException {
+ private static SignatureInfo createCMSSignedInfo(SignRequest signReq) throws SignatureException {
SignedInfoType signedInfo = new SignedInfoType();
byte[] signedInfoData = signReq.getSignedInfo().getValue();
@@ -210,7 +215,7 @@ public class SignRequestHandler extends AbstractRequestHandler {
reference.setURI(range);
}
references.add(reference);
- return signedInfo;
+ return new SignatureInfo(signedInfo, signReq.getDisplayName(), signReq.getMimeType());
}
@Override