From 438727ab21b5e80d1771279b988d6aed57ba3ab1 Mon Sep 17 00:00:00 2001
From: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 13 Dec 2013 04:06:05 +0000
Subject: Add ExcludedByteRange to STAL SignatureRequest, honour it for digest
 calculation

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1264 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../bku/slcommands/impl/cms/CMSHashDataInput.java  | 24 +++++++++++++
 .../bku/slcommands/impl/cms/STALPrivateKey.java    | 24 +++++++++++++
 .../slcommands/impl/cms/STALSecurityProvider.java  | 39 ++++++++++++++++++++--
 .../gv/egiz/bku/slcommands/impl/cms/Signature.java | 21 ++++++------
 4 files changed, 95 insertions(+), 13 deletions(-)

(limited to 'bkucommon/src/main/java')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java
index e25fd3ab..e596e5c8 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/CMSHashDataInput.java
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
+ * initiative of the Federal Chancellery Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
 package at.gv.egiz.bku.slcommands.impl.cms;
 
 import java.io.ByteArrayInputStream;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
index 8e71fa7c..0792a987 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALPrivateKey.java
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
+ * initiative of the Federal Chancellery Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
 package at.gv.egiz.bku.slcommands.impl.cms;
 
 import java.security.PrivateKey;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
index 7c8b2b4e..77bfaaa7 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
@@ -1,3 +1,27 @@
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
+ * initiative of the Federal Chancellery Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
 package at.gv.egiz.bku.slcommands.impl.cms;
 
 import iaik.asn1.DerCoder;
@@ -20,6 +44,7 @@ import java.util.List;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType;
 import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException;
 import at.gv.egiz.stal.ErrorResponse;
 import at.gv.egiz.stal.HashDataInput;
@@ -41,13 +66,15 @@ public class STALSecurityProvider extends IaikProvider {
   private String keyboxIdentifier;
   private STAL stal;
   private List<HashDataInput> hashDataInput;
+  private ExcludedByteRangeType excludedByteRange;
 
   public STALSecurityProvider(STAL stal, String keyboxIdentifier,
-      HashDataInput hashDataInput) {
+      HashDataInput hashDataInput, ExcludedByteRangeType excludedByteRange) {
     this.keyboxIdentifier = keyboxIdentifier;
     this.stal = stal;
     this.hashDataInput = new ArrayList<HashDataInput>();
     this.hashDataInput.add(hashDataInput);
+    this.excludedByteRange = excludedByteRange;
   }
 
   /* (non-Javadoc)
@@ -62,7 +89,7 @@ public class STALSecurityProvider extends IaikProvider {
 
     STALPrivateKey spk = (STALPrivateKey) privateKey;
     SignRequest signRequest = getSTALSignRequest(keyboxIdentifier, signedAttributes,
-        spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput);
+        spk.getAlgorithm(), spk.getDigestAlgorithm(), hashDataInput, excludedByteRange);
 
     log.debug("Sending STAL request ({})", privateKey.getAlgorithm());
     List<STALResponse> responses =
@@ -88,7 +115,7 @@ public class STALSecurityProvider extends IaikProvider {
 
   private static SignRequest getSTALSignRequest(String keyboxIdentifier,
       byte[] signedAttributes, String signatureMethod, String digestMethod,
-      List<HashDataInput> hashDataInput) {
+      List<HashDataInput> hashDataInput, ExcludedByteRangeType excludedByteRange) {
     SignRequest signRequest = new SignRequest();
     signRequest.setKeyIdentifier(keyboxIdentifier);
     log.debug("SignedAttributes: " + Util.toBase64String(signedAttributes));
@@ -99,6 +126,12 @@ public class STALSecurityProvider extends IaikProvider {
     signRequest.setSignatureMethod(signatureMethod);
     signRequest.setDigestMethod(digestMethod);
     signRequest.setHashDataInput(hashDataInput);
+    if (excludedByteRange != null) {
+      SignRequest.ExcludedByteRange ebr = new SignRequest.ExcludedByteRange();
+      ebr.setFrom(excludedByteRange.getFrom());
+      ebr.setTo(excludedByteRange.getTo());
+      signRequest.setExcludedByteRange(ebr);
+    }
     return signRequest;
   }
 
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
index 9e76bf22..937296b1 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
@@ -96,6 +96,7 @@ public class Signature {
   private AlgorithmID digestAlgorithm;
   private String signatureAlgorithmURI;
   private String digestAlgorithmURI;
+  private ExcludedByteRangeType excludedByteRange;
 
   public Signature(CMSDataObjectRequiredMetaType dataObject, String structure,
       X509Certificate signingCertificate, Date signingTime, boolean useStrongHash)
@@ -175,20 +176,20 @@ public class Signature {
     byte[] data = dataObject.getContent().getBase64Content();
     this.signedDocument = data.clone();
 
-    ExcludedByteRangeType ebr = dataObject.getExcludedByteRange();
-    if (ebr == null)
+    this.excludedByteRange = dataObject.getExcludedByteRange();
+    if (this.excludedByteRange == null)
       return data;
 
-    int from = dataObject.getExcludedByteRange().getFrom().intValue();
-    int to = dataObject.getExcludedByteRange().getTo().intValue();
+    int from = this.excludedByteRange.getFrom().intValue();
+    int to = this.excludedByteRange.getTo().intValue();
     if (from > data.length || to > data.length || from > to)
-      throw new InvalidParameterException("ExcludeByteRange contains invalid data: [" +
+      throw new InvalidParameterException("ExcludedByteRange contains invalid data: [" +
       from + "-" + to + "], Content length: " + data.length);
 
-    // Fill ExcludeByteRange with 0s for document to display in viewer
+    // Fill ExcludedByteRange with 0s for document to display in viewer
     Arrays.fill(this.signedDocument, from, to+1, (byte)0);
 
-    // Remove ExcludeByteRange from data to be signed
+    // Remove ExcludedByteRange from data to be signed
     byte[] first = null;
     byte[] second = null;
     if (from > 0)
@@ -196,7 +197,7 @@ public class Signature {
     if ((to + 1) < data.length)
       second = Arrays.copyOfRange(data, to + 1, data.length);
     data = ArrayUtils.addAll(first, second);
-    log.debug("ExcludeByteRange [" + from + "-" + to + "], Content length: " + data.length);
+    log.debug("ExcludedByteRange [" + from + "-" + to + "], Content length: " + data.length);
     return data;
   }
 
@@ -282,8 +283,8 @@ public class Signature {
   }
 
   public byte[] sign(STAL stal, String keyboxIdentifier) throws CMSException, CMSSignatureException, SLCommandException {
-    signedData.setSecurityProvider(
-        new STALSecurityProvider(stal, keyboxIdentifier, getHashDataInput()));
+    signedData.setSecurityProvider(new STALSecurityProvider(
+        stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange));
     setSignerInfo();
     ContentInfo contentInfo = new ContentInfo(signedData);
     return contentInfo.getEncoded();
-- 
cgit v1.2.3