From 7fdb06e32c43e99ec3599639348a3d758b9914a7 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Thu, 28 Nov 2013 11:22:12 +0100 Subject: + PKCS7 Signature fixed + BKU SL Wrapper fixed + Working with MOCCA --- .../src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java | 4 ++-- .../src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java | 11 +++++++---- .../at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java | 10 ++++++++++ .../egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java | 12 +++++++++--- .../egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java | 2 +- 5 files changed, 29 insertions(+), 10 deletions(-) diff --git a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java index 3c4cc223..6e12809d 100644 --- a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java +++ b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/DeveloperMain.java @@ -29,8 +29,8 @@ public class DeveloperMain { public static final String keyStoreFile = "/home/afitzek/devel/pdfas_neu/test.p12"; public static final String keyStoreType = "PKCS12"; public static final String keyStorePass = "123456"; - public static final String keyAlias = "pdf"; - //public static final String keyAlias = "ecc_test"; + //public static final String keyAlias = "pdf"; + public static final String keyAlias = "ecc_test"; public static final String keyPass = "123456"; public static void main(String[] args) { diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java index 5a03bbef..c32a4c32 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BaseSLConnector.java @@ -1,11 +1,13 @@ package at.gv.egiz.sl.util; import java.math.BigInteger; +import java.security.MessageDigest; import java.util.Arrays; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.pdfas.common.utils.StringUtils; import at.gv.egiz.sl.Base64OptRefContentType; import at.gv.egiz.sl.CMSDataObjectRequiredMetaType; import at.gv.egiz.sl.CreateCMSSignatureRequestType; @@ -69,10 +71,11 @@ public abstract class BaseSLConnector implements ISLConnector { currentdataOff++; } if(i + 2 < byteRange.length) { - exclude_range[i] = offset + size; // exclude offset - exclude_range[i+1] = byteRange[i+2]; // exclude size + exclude_range[i] = offset + size; // exclude start + exclude_range[i+1] = byteRange[i+2] - 1; // exclude end } } + logger.info("Exclude Byte Range: " + exclude_range[0] + " " + exclude_range[1]); // == MetaInfoType MetaInfoType metaInfoType = new MetaInfoType(); @@ -89,8 +92,8 @@ public abstract class BaseSLConnector implements ISLConnector { cmsDataObjectRequiredMetaType.setContent(base64OptRefContentType); if(byteRange.length > 0) { ExcludedByteRangeType excludeByteRange = new ExcludedByteRangeType(); - excludeByteRange.setFrom(new BigInteger(String.valueOf(byteRange[0]))); - excludeByteRange.setTo(new BigInteger(String.valueOf(byteRange[0]+byteRange[1]))); + excludeByteRange.setFrom(new BigInteger(String.valueOf(exclude_range[0]))); + excludeByteRange.setTo(new BigInteger(String.valueOf(exclude_range[1]))); cmsDataObjectRequiredMetaType.setExcludedByteRange(excludeByteRange); } diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java index 3a998816..6781f898 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java @@ -1,6 +1,7 @@ package at.gv.egiz.sl.util; import java.io.ByteArrayInputStream; +import java.security.MessageDigest; import java.security.SignatureException; import java.security.cert.CertificateException; import java.util.Iterator; @@ -12,6 +13,7 @@ import iaik.cms.SignedData; import iaik.cms.SignerInfo; import iaik.x509.X509Certificate; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; +import at.gv.egiz.pdfas.common.utils.StringUtils; import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; import at.gv.egiz.sl.CreateCMSSignatureRequestType; @@ -58,6 +60,14 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { } public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { + try { + MessageDigest md = MessageDigest.getInstance("SHA256", "IAIK"); + md.update(input); + byte[] sha256 = md.digest(); + logger.info("Message digest should be: " + StringUtils.bytesToHexString(sha256) + " Size: " + input.length); + } catch (Exception e) { + e.printStackTrace(); + } CreateCMSSignatureRequestType request = connector.createCMSRequest( input, byteRange); CreateCMSSignatureResponseType response = connector diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java index 4c4b3621..d90049a2 100644 --- a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java +++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java @@ -10,6 +10,8 @@ import iaik.cms.IssuerAndSerialNumber; import iaik.cms.SignedData; import iaik.cms.SignerInfo; import iaik.cms.Utils; +import iaik.pkcs.PKCSException; +import iaik.pkcs.pkcs7.Data; import iaik.security.ecc.provider.ECCProvider; import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; @@ -135,7 +137,8 @@ public class PKCS7DetachedSigner implements IPlainSigner { e.printStackTrace(); } IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(cert); - SignerInfo signer1 = new SignerInfo(issuer, AlgorithmID.sha256, + SignerInfo signer1 = new SignerInfo(issuer, AlgorithmID.sha256, + AlgorithmID.ecdsa_plain_With_SHA256, privKey); SignedData si = new SignedData(input, SignedData.EXPLICIT); @@ -143,11 +146,14 @@ public class PKCS7DetachedSigner implements IPlainSigner { Attribute signingTime = new Attribute(ObjectID.signingTime, new ASN1Object[] { new ChoiceOfTime(new Date()) .toASN1Object() }); + Attribute contentType = new Attribute(ObjectID.contentType, new ASN1Object[] { + new ObjectID("1.2.840.113549.1.7.1") + }); // Attribute signingCert = new // Attribute(ObjectID.signingCertificateV2, // new ASN1Object[] { cert.toASN1Object() }); - Attribute[] attributes = new Attribute[] { signingTime }; + Attribute[] attributes = new Attribute[] { signingTime, contentType }; signer1.setSignedAttributes(attributes); si.addSignerInfo(signer1); InputStream dataIs = si.getInputStream(); @@ -164,7 +170,7 @@ public class PKCS7DetachedSigner implements IPlainSigner { throw new PdfAsSignatureException("", e); } catch (IOException e) { throw new PdfAsSignatureException("", e); - } + } } public String getPDFSubFilter() { diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java index e8f0661b..34ee1808 100644 --- a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java +++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java @@ -73,7 +73,7 @@ public class PKCS7DetachedVerifier implements IVerifyFilter { logger.info("Signature ERROR from signer: " + signedData.getCertificate( signerInfos[i].getSignerIdentifier()) - .getSubjectDN()); + .getSubjectDN(), ex); verifyResult.setSignerCertificate( signedData.getCertificate(signerInfos[i].getSignerIdentifier())); -- cgit v1.2.3