From 438727ab21b5e80d1771279b988d6aed57ba3ab1 Mon Sep 17 00:00:00 2001 From: tkellner Date: Fri, 13 Dec 2013 04:06:05 +0000 Subject: Add ExcludedByteRange to STAL SignatureRequest, honour it for digest calculation git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1264 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../slcommands/impl/cms/STALSecurityProvider.java | 39 ++++++++++++++++++++-- 1 file changed, 36 insertions(+), 3 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java index 7c8b2b4e..77bfaaa7 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java @@ -1,3 +1,27 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint + * initiative of the Federal Chancellery Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egiz.bku.slcommands.impl.cms; import iaik.asn1.DerCoder; @@ -20,6 +44,7 @@ import java.util.List; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType; import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException; import at.gv.egiz.stal.ErrorResponse; import at.gv.egiz.stal.HashDataInput; @@ -41,13 +66,15 @@ public class STALSecurityProvider extends IaikProvider { private String keyboxIdentifier; private STAL stal; private List hashDataInput; + private ExcludedByteRangeType excludedByteRange; public STALSecurityProvider(STAL stal, String keyboxIdentifier, - HashDataInput hashDataInput) { + HashDataInput hashDataInput, ExcludedByteRangeType excludedByteRange) { this.keyboxIdentifier = keyboxIdentifier; this.stal = stal; this.hashDataInput = new ArrayList(); this.hashDataInput.add(hashDataInput); + this.excludedByteRange = excludedByteRange; } /* (non-Javadoc) @@ -62,7 +89,7 @@ public class STALSecurityProvider extends IaikProvider { STALPrivateKey spk = (STALPrivateKey) privateKey; SignRequest signRequest = getSTALSignRequest(keyboxIdentifier, signedAttributes, - spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput); + spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput, excludedByteRange); log.debug("Sending STAL request ({})", privateKey.getAlgorithm()); List responses = @@ -88,7 +115,7 @@ public class STALSecurityProvider extends IaikProvider { private static SignRequest getSTALSignRequest(String keyboxIdentifier, byte[] signedAttributes, String signatureMethod, String digestMethod, - List hashDataInput) { + List hashDataInput, ExcludedByteRangeType excludedByteRange) { SignRequest signRequest = new SignRequest(); signRequest.setKeyIdentifier(keyboxIdentifier); log.debug("SignedAttributes: " + Util.toBase64String(signedAttributes)); @@ -99,6 +126,12 @@ public class STALSecurityProvider extends IaikProvider { signRequest.setSignatureMethod(signatureMethod); signRequest.setDigestMethod(digestMethod); signRequest.setHashDataInput(hashDataInput); + if (excludedByteRange != null) { + SignRequest.ExcludedByteRange ebr = new SignRequest.ExcludedByteRange(); + ebr.setFrom(excludedByteRange.getFrom()); + ebr.setTo(excludedByteRange.getTo()); + signRequest.setExcludedByteRange(ebr); + } return signRequest; } -- cgit v1.2.3