/************************************************************************* * * * SignServer: The OpenSource Automated Signing Server * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package org.signserver.module.mrtdsigner; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Iterator; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.ejb.EJBException; import org.apache.log4j.Logger; import org.signserver.common.*; import org.signserver.server.archive.Archivable; import org.signserver.server.archive.DefaultArchivable; import org.signserver.server.cryptotokens.ICryptoToken; import org.signserver.server.signers.BaseSigner; /** * Class used to sign MRTD Document Objects. * * @author Philip Vendil * @version $Id: MRTDSigner.java 2859 2012-10-22 09:13:23Z malu9369 $ */ public class MRTDSigner extends BaseSigner { private static final Logger log = Logger.getLogger(MRTDSigner.class); private static final String CONTENT_TYPE = "application/octet-stream"; public MRTDSigner() { } /** * The main method that signs a number of byte arrays with the algorithm * specified for MRTD Security Objects. * * * @param signRequest must be of the class MRTDSignRequest * @return returns a MRTDSignResponse with the same number of signatures as requested. * */ public ProcessResponse processData(ProcessRequest signRequest, RequestContext requestContext) throws IllegalRequestException, CryptoTokenOfflineException, SignServerException { if (log.isTraceEnabled()) { log.trace(">processData"); } ProcessResponse ret = null; ISignRequest sReq = (ISignRequest) signRequest; if (sReq.getRequestData() == null) { throw new IllegalRequestException("Signature request data cannot be null."); } if (signRequest instanceof MRTDSignRequest) { MRTDSignRequest req = (MRTDSignRequest) signRequest; ArrayList genSignatures = new ArrayList(); Iterator iterator = ((ArrayList) req.getRequestData()).iterator(); while (iterator.hasNext()) { byte[] data = null; try { data = (byte[]) iterator.next(); } catch (Exception e) { throw new IllegalRequestException("Signature request data must be an ArrayList of byte[]"); } genSignatures.add(encrypt(data)); } ret = new MRTDSignResponse(req.getRequestID(), genSignatures, getSigningCertificate()); } else if (signRequest instanceof GenericSignRequest) { GenericSignRequest req = (GenericSignRequest) signRequest; byte[] bytes = req.getRequestData(); final String archiveId = createArchiveId(bytes, (String) requestContext.get(RequestContext.TRANSACTION_ID)); byte[] signedbytes = encrypt(bytes); final Collection archivables = Arrays.asList(new DefaultArchivable(Archivable.TYPE_RESPONSE, CONTENT_TYPE, signedbytes, archiveId)); if (signRequest instanceof GenericServletRequest) { ret = new GenericServletResponse(sReq.getRequestID(), signedbytes, getSigningCertificate(), archiveId, archivables, CONTENT_TYPE); } else { ret = new GenericSignResponse(sReq.getRequestID(), signedbytes, getSigningCertificate(), null, archiveId, archivables); } } else { throw new IllegalRequestException("Sign request with id: " + sReq.getRequestID() + " is of the wrong type: " + sReq.getClass().getName() + " should be MRTDSignRequest or GenericSignRequest"); } if (log.isTraceEnabled()) { log.trace("