Try to sign from javascript call

a391929b · Lukas Hameury · f37f726d · a391929b · a391929b · a391929b
Commit a391929b authored Mar 18, 2020 by Lukas Hameury
--- a/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/NewSignatureMethodHandler.java
+++ b/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/NewSignatureMethodHandler.java
 package coop.libriciel;

 import coop.libriciel.action.ListCertsAction;
+import coop.libriciel.action.SignAction;
+import coop.libriciel.util.JSONUtils;

+import java.io.IOException;
+import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
 import java.security.cert.CertificateEncodingException;

 public class NewSignatureMethodHandler {

    private NewSignatureMethodHandler() {}

-    static ListCertsAction listCertsAction = new ListCertsAction();
+    static final ListCertsAction listCertsAction = new ListCertsAction();
+    static final SignAction signAction = new SignAction();

    public static String listCerts() throws NoSuchAlgorithmException, CertificateEncodingException {
        return listCertsAction.getCertificates();
    }

+    public static String sign(String certificateId, String jsonDataToSign) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
+        return signAction.sign(listCertsAction.findForCertificate(certificateId), JSONUtils.jsonStringToList(jsonDataToSign));
+    }
+
 }
--- a/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/action/ListCertsAction.java
+++ b/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/action/ListCertsAction.java
 package coop.libriciel.action;

+import coop.libriciel.model.SignCertificate;
 import coop.libriciel.util.CertUtils;
 import coop.libriciel.util.JSONUtils;
 import org.adullact.parapheur.applets.splittedsign.Base64;
@@ -15,6 +16,37 @@ import java.security.cert.X509Certificate;
 import java.util.*;

 public class ListCertsAction {
+    public SignCertificate findForCertificate(final String id) {
+        return AccessController.doPrivileged(new PrivilegedAction<SignCertificate>() {
+            @Override
+            public SignCertificate run() {
+                CertListUtil certListUtil = new CertListUtil();
+
+                SignCertificate result = new SignCertificate();
+
+                List<Certificate> certs = certListUtil.getAvailableCertificates();
+                for (Certificate cert : certs) {
+                    try {
+                        String thumbprint = CertUtils.getThumbPrint((X509Certificate) cert);
+
+                        if (thumbprint.equalsIgnoreCase(id)) {
+                            // We found IT !
+                            result.setSigningCertificate((X509Certificate) cert);
+                            // Si on est sur windows, on prépare le onTop pour la demande de code PIN
+                            result.setPrivateKey(certListUtil.getKey(result.getSigningCertificate()));
+                            break;
+                        }
+                    } catch (CertificateEncodingException e) {
+                        e.printStackTrace();
+                    } catch (NoSuchAlgorithmException e) {
+                        e.printStackTrace();
+                    }
+                }
+                return result;
+            }
+        });
+    }
+
    public String getCertificates() throws CertificateEncodingException, NoSuchAlgorithmException {
        List<Certificate> certs = AccessController.doPrivileged(new PrivilegedAction<List<Certificate>>() {
            @Override

--- a/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/action/SignAction.java
+++ b/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/action/SignAction.java
+package coop.libriciel.action;
+
+import coop.libriciel.model.SignCertificate;
+import coop.libriciel.util.JSONUtils;
+import coop.libriciel.util.StringUtils;
+import org.adullact.parapheur.applets.splittedsign.Base64;
+
+import java.io.IOException;
+import java.security.*;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class SignAction {
+    public String sign(final SignCertificate signingObj, final List<String> jsonDataToSign) {
+        return AccessController.doPrivileged(new PrivilegedAction<String>() {
+            @Override
+            public String run() {
+                Map<String, Object> signs = new HashMap<String, Object>();
+                for (int i = 0; i < jsonDataToSign.size(); i++) {
+                    String toSign = jsonDataToSign.get(i);
+                    List<String> finalToSign = new ArrayList<String>();
+                    for(String tmpToSign: toSign.split(",")) {
+                        try {
+                            finalToSign.add(doSign(Base64.decode(tmpToSign), signingObj.getPrivateKey()));
+                        } catch(Exception e) {
+                            e.printStackTrace();
+                            throw new RuntimeException("Cannot sign document, see erro log", e);
+                        }
+                    }
+                    signs.put(String.valueOf(i), StringUtils.join(",", finalToSign));
+                }
+                return JSONUtils.mapToJSONString(signs);
+            }
+        });
+
+
+    }
+
+    public static String doSign(byte[] bytesToSign, PrivateKey privateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        Signature sig;
+        if (privateKey instanceof java.security.interfaces.RSAPrivateKey) {
+            sig = Signature.getInstance("SHA256WithRSA", "BC");
+        } else if (System.getProperty("os.name").startsWith("Windows")) {
+            sig = Signature.getInstance("SHA256WithRSA", "SunMSCAPI");
+        } else {
+            sig = Signature.getInstance("SHA256WithRSA", "SunRsaSign");
+        }
+        sig.initSign(privateKey);
+        sig.update(bytesToSign);
+
+        byte[] signature = sig.sign();
+        return Base64.encodeBytes(signature);
+    }
+}
--- a/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/model/SignCertificate.java
+++ b/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/model/SignCertificate.java
+package coop.libriciel.model;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+public class SignCertificate {
+    X509Certificate signingCertificate;
+    PrivateKey privateKey;
+
+    public X509Certificate getSigningCertificate() {
+        return signingCertificate;
+    }
+
+    public void setSigningCertificate(X509Certificate signingCertificate) {
+        this.signingCertificate = signingCertificate;
+    }
+
+    public PrivateKey getPrivateKey() {
+        return privateKey;
+    }
+
+    public void setPrivateKey(PrivateKey privateKey) {
+        this.privateKey = privateKey;
+    }
+}
--- a/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/util/JSONUtils.java
+++ b/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/util/JSONUtils.java
 package coop.libriciel.util;

+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Map;

@@ -31,6 +33,10 @@ public class JSONUtils {
        return result.toString();
    }

+    public static List<String> jsonStringToList(String json) {
+        return Arrays.asList(json.replace("[", "").replace("]", "").split(","));
+    }
+
    public static String arrayToJSONString(List<String> array) {
        StringBuilder result = new StringBuilder("[");
        boolean isFirst = true;

--- a/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/util/StringUtils.java
+++ b/SplittedSignatureApplet/SplittedSignatureApplet/src/coop/libriciel/util/StringUtils.java
+package coop.libriciel.util;
+
+import java.util.List;
+
+public class StringUtils {
+
+    private StringUtils() {
+    }
+
+    public static String join(String separator, List<String> input) {
+        if (input == null || input.isEmpty()) return "";
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < input.size(); i++) {
+            sb.append(input.get(i));
+            // if not the last item
+            if (i != input.size() - 1) {
+                sb.append(separator);
+            }
+        }
+        return sb.toString();
+
+    }
+}
--- a/SplittedSignatureApplet/SplittedSignatureApplet/src/org/adullact/parapheur/applets/splittedsign/Main.java
+++ b/SplittedSignatureApplet/SplittedSignatureApplet/src/org/adullact/parapheur/applets/splittedsign/Main.java
@@ -269,6 +269,10 @@ public class Main extends javax.swing.JApplet implements Runnable {
        return NewSignatureMethodHandler.listCerts();
    }

+    public String sign(String certificateID, String dataToSign) throws NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException, IOException {
+        return NewSignatureMethodHandler.sign(certificateID, dataToSign);
+    }
+
    /**
     * The Digests are given and then stored in the map as Hexa strings
     *