From da6c49cbea9c80ad057a5fc3b698ce14ad9a7415 Mon Sep 17 00:00:00 2001 From: tkellner Date: Fri, 13 Dec 2013 01:57:31 +0000 Subject: Add DigestMethod to STAL SignRequest, check digest value in secure viewer NOTE: This currently disables viewing signature data which uses the ExcludeByteRange feature, e.g. PAdES signatures. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1263 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java | 8 +++++++- .../at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java | 7 +++++-- .../main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java | 3 +-- 3 files changed, 13 insertions(+), 5 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java index 8da52227..8e71fa7c 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java @@ -11,9 +11,11 @@ public class STALPrivateKey implements PrivateKey { private static final long serialVersionUID = 1L; private String algorithm; + private String digestAlgorithm; - public STALPrivateKey(String algorithm) { + public STALPrivateKey(String algorithm, String digestAlgorithm) { this.algorithm = algorithm; + this.digestAlgorithm = digestAlgorithm; } @Override @@ -21,6 +23,10 @@ public class STALPrivateKey implements PrivateKey { return algorithm; } + public String getDigestAlgorithm() { + return digestAlgorithm; + } + @Override public byte[] getEncoded() { throw new UnsupportedOperationException("STALPrivateKey does not support the getEncoded() method."); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java index 0a2140c3..7c8b2b4e 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java @@ -60,8 +60,9 @@ public class STALSecurityProvider extends IaikProvider { throws SignatureException, InvalidKeyException, NoSuchAlgorithmException { log.debug("calculateSignatureFromSignedAttributes: " + signatureAlgorithm + ", " + digestAlgorithm); + STALPrivateKey spk = (STALPrivateKey) privateKey; SignRequest signRequest = getSTALSignRequest(keyboxIdentifier, signedAttributes, - privateKey.getAlgorithm(), hashDataInput); + spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput); log.debug("Sending STAL request ({})", privateKey.getAlgorithm()); List responses = @@ -86,7 +87,8 @@ public class STALSecurityProvider extends IaikProvider { } private static SignRequest getSTALSignRequest(String keyboxIdentifier, - byte[] signedAttributes, String signatureMethod, List hashDataInput) { + byte[] signedAttributes, String signatureMethod, String digestMethod, + List hashDataInput) { SignRequest signRequest = new SignRequest(); signRequest.setKeyIdentifier(keyboxIdentifier); log.debug("SignedAttributes: " + Util.toBase64String(signedAttributes)); @@ -95,6 +97,7 @@ public class STALSecurityProvider extends IaikProvider { signedInfo.setIsCMSSignedAttributes(true); signRequest.setSignedInfo(signedInfo); signRequest.setSignatureMethod(signatureMethod); + signRequest.setDigestMethod(digestMethod); signRequest.setHashDataInput(hashDataInput); return signRequest; } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java index 307f0bfc..9e76bf22 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java @@ -95,7 +95,6 @@ public class Signature { private AlgorithmID signatureAlgorithm; private AlgorithmID digestAlgorithm; private String signatureAlgorithmURI; - @SuppressWarnings("unused") private String digestAlgorithmURI; public Signature(CMSDataObjectRequiredMetaType dataObject, String structure, @@ -116,7 +115,7 @@ public class Signature { new iaik.x509.X509Certificate(signingCertificate.getEncoded()); CertificateIdentifier signerIdentifier = new IssuerAndSerialNumber(sigcert); - PrivateKey privateKey = new STALPrivateKey(signatureAlgorithmURI); + PrivateKey privateKey = new STALPrivateKey(signatureAlgorithmURI, digestAlgorithmURI); signerInfo = new SignerInfo(signerIdentifier, digestAlgorithm, signatureAlgorithm, privateKey); } -- cgit v1.2.3