From bbb03770144fae7c33c9ae98982e6ce43cf9778b Mon Sep 17 00:00:00 2001 From: yezhakov Date: Wed, 11 Oct 2023 11:28:08 +0600 Subject: [PATCH] Fixed bug while add TSP in addSigners method MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit При добавлении новой подписи в существующий CMS перезаписывались TSP в предыдущих подписях. --- .../java/kz/ncanode/service/CmsService.java | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/main/java/kz/ncanode/service/CmsService.java b/src/main/java/kz/ncanode/service/CmsService.java index c4d2903..9631d61 100644 --- a/src/main/java/kz/ncanode/service/CmsService.java +++ b/src/main/java/kz/ncanode/service/CmsService.java @@ -160,10 +160,19 @@ public CmsResponse addSigners(CmsCreateRequest cmsCreateRequest) { List signers = new ArrayList<>(); int i = 0; - for (Object signer : signerStore.getSigners()) { X509Certificate cert = certificates.get(i++); - signers.add(tspService.addTspToSigner((SignerInformation) signer, cert, useTsaPolicy)); + + //Нельзя перезатирать TSP у предыдущих подписантов + boolean isCurrentSignerSameAsPrevious = isSignerSameAsPrevious((SignerInformation) signer, cms); + if(isCurrentSignerSameAsPrevious) { + //Старых подписантов оставляем без изменений + signers.add((SignerInformation)signer); + } + else { + //Новым подписантам устанавливаем TSP + signers.add(tspService.addTspToSigner((SignerInformation) signer, cert, useTsaPolicy)); + } } signed = CMSSignedData.replaceSigners(signed, new SignerInformationStore(signers)); @@ -177,6 +186,17 @@ public CmsResponse addSigners(CmsCreateRequest cmsCreateRequest) { } } + private static boolean isSignerSameAsPrevious(SignerInformation signer, CMSSignedData cms) { + boolean isCurrentSignerSameAsPrevious = false; + for(Object obj : cms.getSignerInfos().getSigners()) { + SignerInformation prevSignerInfo = (SignerInformation)obj; + if (prevSignerInfo.getSID().equals(signer.getSID())) { + isCurrentSignerSameAsPrevious = true; + } + } + return isCurrentSignerSameAsPrevious; + } + /** * Проверяет подписанный CMS *