it.trento.comune.j4sign.examples

Class CMSServlet

java.lang.Object

javax.servlet.GenericServlet

javax.servlet.http.HttpServlet

it.trento.comune.j4sign.examples.CMSServlet

All Implemented Interfaces:

java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

Deprecated.

This is old code not more maintained; see the SigneServlet inside the firma-digitale web application for replacement.

CMSServlet is the server side part of the j4sign usage example in a web environment.
CMSServlet is a HttpServlet that takes care of generating and sending to the web client the content to sign and the corresponding bytes to digest and encrypt. After receiving the signature and the signer certificate, it encapsulates them, along with the signed content, in a CMS signed data message.

The entire example, with the SimpleSignApplet counterpart, is designed to permit the use of the standard JDK tools. The applet can be executed with applet viewer tool (no HttpSession in the servlet, nor HTML forms on the client side are used).

N.B.: IN A REAL WORLD WEB APPLICATION SCENARIO, YOU CAN (AND SHOULD) TAKE ADVANTAGE OF THE FULL SERVLET API.

Here are the CMSServlet operations in detail:

1. Upon a GET request from the client specifiying a retrieve parameter with value DATA:
   Generates and sends as HTTP response, the message to sign (a simple text), base64 encoded;
2. Upon a GET request from the client specifiying a retrieve parameter with value ENCODED_AUTHENTICATED_ATTRIBUTES:
   Builds an ExternalSignatureSignerInfoGenerator object, using the message to sign, and specifying MD5 with RSA encryption as signature algoritm;
   Uses this object to calculate bytesToSign, the bytes to digest and encrypt (ASN.1 Authenticated attributes);
   Stores the ExternalSignatureSignerInfoGenerator, and a textual dump of authenticates attributes,
   using the md5 digest of bytesToSign as a key.
   Sends the base64 encoding of bytesToSign as HTTP response.
   
3. Upon a GET request from the client specifiying a retrieve parameter with value AUTHENTICATED_ATTRIBUTES_PRINTOUT and a encodedHash parameter with base64 encoded value:
   Retrieves using encodedHash as a key the textual dump of Authenticates attributes, and sends it as HTTP responses.
   
4. Upon a POST request from the client specifiying a signature parameter and a certificate parameter, both with base64 encoded values:
   Decodes signature and certificate;
   Extracts from certificate the public key of the signer, and uses it to decrypt, using RSA algorithm, the signature.
   Uses the decrypted value as a key to retrieve the ExternalSignatureSignerInfoGenerator. If such an object is found, the signature is verified.
   The ExternalSignatureSignerInfoGenerator, completed with signature and certificate informations, is passed to a ExternalSignatureCMSSignedDataGenerator for creating the CMS message.
   The CMS message is then stored on the server file system.
   Finally, a textual status message is returned as HTTP response.

public class CMSServlet
extends javax.servlet.http.HttpServlet

Author:

Roberto Resoli

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private class	CMSServlet.SignerInfoGeneratorItem Deprecated. Class encapsulating a SignerInfoGenerator-related informations to be stored after a signature request.

Field Summary

Fields

Modifier and Type	Field and Description
private static java.lang.String	DATA Deprecated. DATA is the sample data contet to be signed; it's a text shortly explaining what is going to happen.
private java.util.Hashtable	signerInfoGeneratorTable Deprecated. The repository for CMSServlet.SignerInfoGeneratorItem objects.

Constructor Summary

Constructors

Constructor and Description
CMSServlet() Deprecated.

Method Summary

Methods

Modifier and Type	Method and Description
private java.lang.String	base64Encode(byte[] bytes) Deprecated. A BASE64 encoding function, using the sun.misc.BASE64Encoder implementation.
private org.bouncycastle.cms.CMSSignedData	buildCMSSignedData(ExternalSignatureSignerInfoGenerator infoGen, byte[] sigBytes, byte[] certBytes) Deprecated. Builds the CMS signed data message.
private ExternalSignatureSignerInfoGenerator	buildSignerInfoGenerator() Deprecated. Creates a ExternalSignatureSignerInfoGenerator with a MD5 digest algorithm and RSA encryption algorithm.
private java.lang.String	deriveStoreKey(byte[] sigBytes, byte[] certBytes) Deprecated. Converts the provided certBytes in a java.security.cert.X509Certificate, gets from it the signer public key, and uses it to decrypt sigBytes.
protected void	doGet(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Deprecated. Implementation of the GET method; returns informations to the client and stores SignerInfoGenerator-related informations; see CMSServlet for details.
protected void	doPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Deprecated. Implementation of the POST method; builds the CMS message; see CMSServlet for details.
private byte[]	encapsulateInDigestInfo(java.lang.String digestAlg, byte[] digestBytes) Deprecated.
java.lang.String	formatAsString(byte[] bytes, java.lang.String byteSeparator) Deprecated. Formats a byte[] as an hexadecimal String, interleaving bytes with a separator string.
private byte[]	getAuthenticatedAttributesBytes(ExternalSignatureSignerInfoGenerator signerGenerator) Deprecated. Uses the provided ExternalSignatureSignerInfoGenerator for calculating the authenticated attributes bytes to be digested-encrypted by the signer.
private java.lang.String	getAuthenticatedAttributesPrintout(byte[] bytes) Deprecated. A text message resulting from a dump of provided authenticated attributes data.
void	init() Deprecated. Adds BouncyCastle provider at servlet initialization time.
private ExternalSignatureSignerInfoGenerator	retriveSignerInfoGenerator(java.lang.String storeKey) Deprecated. Gets the ExternalSignatureSignerInfoGenerator generator which originally produced the given storeKey.
private boolean	saveFile(org.bouncycastle.cms.CMSSignedData s, java.lang.String filePath) Deprecated. Saves a CMS signed data file on the server file system; the extension should be ".p7m" according to italian rules.

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DATA

private static final java.lang.String DATA

Deprecated.

DATA is the sample data contet to be signed; it's a text shortly explaining what is going to happen.

See Also:

Constant Field Values

signerInfoGeneratorTable

private java.util.Hashtable signerInfoGeneratorTable

Deprecated.

The repository for CMSServlet.SignerInfoGeneratorItem objects. Stores SignerInfoGenerator-related informations between HTTP requests.

Constructor Detail

CMSServlet

public CMSServlet()

Deprecated.

Method Detail

doGet

protected void doGet(javax.servlet.http.HttpServletRequest request,
         javax.servlet.http.HttpServletResponse response)
              throws javax.servlet.ServletException,
                     java.io.IOException

Deprecated.

Implementation of the GET method; returns informations to the client and stores SignerInfoGenerator-related informations; see CMSServlet for details.

Overrides:

doGet in class javax.servlet.http.HttpServlet

Throws:

javax.servlet.ServletException

java.io.IOException

See Also:

CMSServlet

doPost

protected void doPost(javax.servlet.http.HttpServletRequest request,
          javax.servlet.http.HttpServletResponse response)
               throws javax.servlet.ServletException,
                      java.io.IOException

Deprecated.

Implementation of the POST method; builds the CMS message; see CMSServlet for details.

Overrides:

doPost in class javax.servlet.http.HttpServlet

Throws:

javax.servlet.ServletException

java.io.IOException

See Also:

CMSServlet

formatAsString

public java.lang.String formatAsString(byte[] bytes,
                              java.lang.String byteSeparator)

Deprecated.

Formats a byte[] as an hexadecimal String, interleaving bytes with a separator string.

Parameters:

bytes - the byte[] to format.

byteSeparator - the string to be used to separate bytes.

Returns:

the formatted string.

deriveStoreKey

private java.lang.String deriveStoreKey(byte[] sigBytes,
                              byte[] certBytes)

Deprecated.

Converts the provided certBytes in a java.security.cert.X509Certificate, gets from it the signer public key, and uses it to decrypt sigBytes. The decryption result is returned as a formatted exadecimal string; see CMSServlet for details.

Parameters:

sigBytes - signature bytes

certBytes - certificate bytes

Returns:

the decryption of sigBytes using the RSA/ECB/PKCS1PADDING Algorithm.

retriveSignerInfoGenerator

private ExternalSignatureSignerInfoGenerator retriveSignerInfoGenerator(java.lang.String storeKey)

Deprecated.

Gets the ExternalSignatureSignerInfoGenerator generator which originally produced the given storeKey.

Parameters:

storeKey -

Returns:

the ExternalSignatureSignerInfoGenerator associated with thestoreKey

buildCMSSignedData

private org.bouncycastle.cms.CMSSignedData buildCMSSignedData(ExternalSignatureSignerInfoGenerator infoGen,
                                                    byte[] sigBytes,
                                                    byte[] certBytes)

Deprecated.

Builds the CMS signed data message.

Parameters:

infoGen - the ExternalSignatureSignerInfoGenerator wrapping signer informations

sigBytes - the digest encrypted with signer private key.

certBytes - the signer certificate.

Returns:

the CMSSignedData message.

saveFile

private boolean saveFile(org.bouncycastle.cms.CMSSignedData s,
               java.lang.String filePath)

Deprecated.

Saves a CMS signed data file on the server file system; the extension should be ".p7m" according to italian rules.

Parameters:

s - the CMSSignedData object to save.

filePath - full path of the file.

Returns:

true if the file was correctly saved, false otherwise.

buildSignerInfoGenerator

private ExternalSignatureSignerInfoGenerator buildSignerInfoGenerator()

Deprecated.

Creates a ExternalSignatureSignerInfoGenerator with a MD5 digest algorithm and RSA encryption algorithm.

Returns:

the ExternalSignatureSignerInfoGenerator object

base64Encode

private java.lang.String base64Encode(byte[] bytes)

Deprecated.

A BASE64 encoding function, using the sun.misc.BASE64Encoder implementation.

Parameters:

bytes - the bytes to encode.

Returns:

the BASE64 encoding of bytes.

getAuthenticatedAttributesBytes

private byte[] getAuthenticatedAttributesBytes(ExternalSignatureSignerInfoGenerator signerGenerator)

Deprecated.

Uses the provided ExternalSignatureSignerInfoGenerator for calculating the authenticated attributes bytes to be digested-encrypted by the signer. Note that the attributes include a timestamp, so the result is time-dependent!

Parameters:

signerGenerator - the ExternalSignatureSignerInfoGenerator object that does the job.

Returns:

the bytes to be signed.

getAuthenticatedAttributesPrintout

private java.lang.String getAuthenticatedAttributesPrintout(byte[] bytes)

Deprecated.

A text message resulting from a dump of provided authenticated attributes data. Shows, among other things, the embedded timestamp attribute.

Parameters:

bytes - the ASN.1 DER set of authenticated attributes.

Returns:

the attributes textual dump.

encapsulateInDigestInfo

private byte[] encapsulateInDigestInfo(java.lang.String digestAlg,
                             byte[] digestBytes)
                                throws java.io.IOException

Deprecated.

Throws:

java.io.IOException

init

public void init()
          throws javax.servlet.ServletException

Deprecated.

Adds BouncyCastle provider at servlet initialization time.

Overrides:

init in class javax.servlet.GenericServlet

Throws:

javax.servlet.ServletException