aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-11-28 11:22:12 +0100
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-11-28 11:22:12 +0100
commit7fdb06e32c43e99ec3599639348a3d758b9914a7 (patch)
tree0bb89aacb9039c871f17b457f77468b39c05cc47
parentb7a47b0feebd402d9a14d3f6d43ac6576c753367 (diff)
downloadpdf-as-4-7fdb06e32c43e99ec3599639348a3d758b9914a7.tar.gz
pdf-as-4-7fdb06e32c43e99ec3599639348a3d758b9914a7.tar.bz2
pdf-as-4-7fdb06e32c43e99ec3599639348a3d758b9914a7.zip
+ PKCS7 Signature fixed
+ BKU SL Wrapper fixed + Working with MOCCA
-rw-r--r--pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java4
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java11
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java10
-rw-r--r--signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java12
-rw-r--r--signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java2
5 files changed, 29 insertions, 10 deletions
diff --git a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java
index 3c4cc223..6e12809d 100644
--- a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java
+++ b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java
@@ -29,8 +29,8 @@ public class DeveloperMain {
public static final String keyStoreFile = "/home/afitzek/devel/pdfas_neu/test.p12";
public static final String keyStoreType = "PKCS12";
public static final String keyStorePass = "123456";
- public static final String keyAlias = "pdf";
- //public static final String keyAlias = "ecc_test";
+ //public static final String keyAlias = "pdf";
+ public static final String keyAlias = "ecc_test";
public static final String keyPass = "123456";
public static void main(String[] args) {
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java
index 5a03bbef..c32a4c32 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java
@@ -1,11 +1,13 @@
package at.gv.egiz.sl.util;
import java.math.BigInteger;
+import java.security.MessageDigest;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.pdfas.common.utils.StringUtils;
import at.gv.egiz.sl.Base64OptRefContentType;
import at.gv.egiz.sl.CMSDataObjectRequiredMetaType;
import at.gv.egiz.sl.CreateCMSSignatureRequestType;
@@ -69,10 +71,11 @@ public abstract class BaseSLConnector implements ISLConnector {
currentdataOff++;
}
if(i + 2 < byteRange.length) {
- exclude_range[i] = offset + size; // exclude offset
- exclude_range[i+1] = byteRange[i+2]; // exclude size
+ exclude_range[i] = offset + size; // exclude start
+ exclude_range[i+1] = byteRange[i+2] - 1; // exclude end
}
}
+ logger.info("Exclude Byte Range: " + exclude_range[0] + " " + exclude_range[1]);
// == MetaInfoType
MetaInfoType metaInfoType = new MetaInfoType();
@@ -89,8 +92,8 @@ public abstract class BaseSLConnector implements ISLConnector {
cmsDataObjectRequiredMetaType.setContent(base64OptRefContentType);
if(byteRange.length > 0) {
ExcludedByteRangeType excludeByteRange = new ExcludedByteRangeType();
- excludeByteRange.setFrom(new BigInteger(String.valueOf(byteRange[0])));
- excludeByteRange.setTo(new BigInteger(String.valueOf(byteRange[0]+byteRange[1])));
+ excludeByteRange.setFrom(new BigInteger(String.valueOf(exclude_range[0])));
+ excludeByteRange.setTo(new BigInteger(String.valueOf(exclude_range[1])));
cmsDataObjectRequiredMetaType.setExcludedByteRange(excludeByteRange);
}
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
index 3a998816..6781f898 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
@@ -1,6 +1,7 @@
package at.gv.egiz.sl.util;
import java.io.ByteArrayInputStream;
+import java.security.MessageDigest;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Iterator;
@@ -12,6 +13,7 @@ import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.x509.X509Certificate;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.common.utils.StringUtils;
import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
import at.gv.egiz.sl.CreateCMSSignatureRequestType;
@@ -58,6 +60,14 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector {
}
public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA256", "IAIK");
+ md.update(input);
+ byte[] sha256 = md.digest();
+ logger.info("Message digest should be: " + StringUtils.bytesToHexString(sha256) + " Size: " + input.length);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
CreateCMSSignatureRequestType request = connector.createCMSRequest(
input, byteRange);
CreateCMSSignatureResponseType response = connector
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
index 4c4b3621..d90049a2 100644
--- a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
+++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
@@ -10,6 +10,8 @@ import iaik.cms.IssuerAndSerialNumber;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.cms.Utils;
+import iaik.pkcs.PKCSException;
+import iaik.pkcs.pkcs7.Data;
import iaik.security.ecc.provider.ECCProvider;
import iaik.security.provider.IAIK;
import iaik.x509.X509Certificate;
@@ -135,7 +137,8 @@ public class PKCS7DetachedSigner implements IPlainSigner {
e.printStackTrace();
}
IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(cert);
- SignerInfo signer1 = new SignerInfo(issuer, AlgorithmID.sha256,
+ SignerInfo signer1 = new SignerInfo(issuer, AlgorithmID.sha256,
+ AlgorithmID.ecdsa_plain_With_SHA256,
privKey);
SignedData si = new SignedData(input, SignedData.EXPLICIT);
@@ -143,11 +146,14 @@ public class PKCS7DetachedSigner implements IPlainSigner {
Attribute signingTime = new Attribute(ObjectID.signingTime,
new ASN1Object[] { new ChoiceOfTime(new Date())
.toASN1Object() });
+ Attribute contentType = new Attribute(ObjectID.contentType, new ASN1Object[] {
+ new ObjectID("1.2.840.113549.1.7.1")
+ });
// Attribute signingCert = new
// Attribute(ObjectID.signingCertificateV2,
// new ASN1Object[] { cert.toASN1Object() });
- Attribute[] attributes = new Attribute[] { signingTime };
+ Attribute[] attributes = new Attribute[] { signingTime, contentType };
signer1.setSignedAttributes(attributes);
si.addSignerInfo(signer1);
InputStream dataIs = si.getInputStream();
@@ -164,7 +170,7 @@ public class PKCS7DetachedSigner implements IPlainSigner {
throw new PdfAsSignatureException("", e);
} catch (IOException e) {
throw new PdfAsSignatureException("", e);
- }
+ }
}
public String getPDFSubFilter() {
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
index e8f0661b..34ee1808 100644
--- a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
+++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
@@ -73,7 +73,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
logger.info("Signature ERROR from signer: "
+ signedData.getCertificate(
signerInfos[i].getSignerIdentifier())
- .getSubjectDN());
+ .getSubjectDN(), ex);
verifyResult.setSignerCertificate(
signedData.getCertificate(signerInfos[i].getSignerIdentifier()));