aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--spss.server/res/resources/properties/spss_messages_de.properties1
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java32
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java110
3 files changed, 124 insertions, 19 deletions
diff --git a/spss.server/res/resources/properties/spss_messages_de.properties b/spss.server/res/resources/properties/spss_messages_de.properties
index dfa435df0..d7dd17464 100644
--- a/spss.server/res/resources/properties/spss_messages_de.properties
+++ b/spss.server/res/resources/properties/spss_messages_de.properties
@@ -56,6 +56,7 @@
2235=CreateSignatureEnvironment muss entweder Reference oder Content enthalten
2236=CreateSignatureEnvironmentProfileID nicht vorhanden (ID={0})
2237=Fehler beim Auflösen der internen Referenz (URI={0})
+2238=Fehler beim Auflösen des Transformationsparameters (URI={0})
2240=Allgemeiner Fehler beim Verifizieren der Signatur [{0}]
2241=Algorithmus wird nicht unterstützt [{0}]
2242=Fehler beim Parsen der CMS Signatur [{0}]
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 33b924e2b..f7a322d11 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -86,7 +86,7 @@ public class CMSSignatureVerificationInvoker {
LoggingContext loggingCtx =
LoggingContextManager.getInstance().getLoggingContext();
InputStream signature;
- InputStream signedContent;
+ InputStream signedContent = null;
CMSSignatureVerificationProfile profile;
Date signingTime;
List results;
@@ -98,17 +98,17 @@ public class CMSSignatureVerificationInvoker {
// get the signature
signature = request.getCMSSignature();
- // get the signed content
- signedContent = getSignedContent(request);
+ try {
+ // get the signed content
+ signedContent = getSignedContent(request);
- // build the profile
- profile = profileFactory.createProfile();
+ // build the profile
+ profile = profileFactory.createProfile();
- // get the signing time
- signingTime = request.getDateTime();
+ // get the signing time
+ signingTime = request.getDateTime();
- // verify the signature
- try {
+ // verify the signature
CMSSignatureVerificationModule module =
CMSSignatureVerificationModuleFactory.getInstance();
@@ -131,6 +131,20 @@ public class CMSSignatureVerificationInvoker {
throw moaException;
} catch (IOException e) {
throw new MOAApplicationException("2244", null, e);
+ } catch (MOAException e)
+ {
+ throw e;
+ }
+ finally
+ {
+ try
+ {
+ if (signedContent != null) signedContent.close();
+ }
+ catch (Throwable t)
+ {
+ // Intentionally do nothing here
+ }
}
// build the response: for each signatory add the result to the response
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index d1e6388a9..1386d5c2d 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -134,22 +134,39 @@ public class DataObjectFactory {
{
ExternalURIResolver uriResolver = new ExternalURIResolver();
String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+ InputStream is = null;
try
{
- InputStream is = uriResolver.resolve(locRefURI);
+ is = uriResolver.resolve(locRefURI);
contentBytes = StreamUtils.readStream(is);
}
catch (MOAApplicationException e)
{
throw new MOAApplicationException("3203", new Object[]{reference, locRefURI}, e);
}
+ finally
+ {
+ closeInputStream(is);
+ }
break;
}
case Content.REFERENCE_CONTENT :
{
ExternalURIResolver uriResolver = new ExternalURIResolver();
- InputStream is = uriResolver.resolve(reference);
- contentBytes = StreamUtils.readStream(is);
+ InputStream is = null;
+ try
+ {
+ is = uriResolver.resolve(reference);
+ contentBytes = StreamUtils.readStream(is);
+ }
+ catch (Exception e)
+ {
+ throw e;
+ }
+ finally
+ {
+ closeInputStream(is);
+ }
break;
}
case Content.XML_CONTENT :
@@ -285,14 +302,21 @@ public class DataObjectFactory {
ExternalURIResolver uriResolver = new ExternalURIResolver();
String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
InputStream contentIS = null;
+ InputStream uriStream = null;
try
{
- contentIS = uriResolver.resolve(locRefURI);
+ uriStream = uriResolver.resolve(locRefURI);
+ byte[] contentBytes = StreamUtils.readStream(uriStream);
+ contentIS = new ByteArrayInputStream(contentBytes);
}
- catch (MOAApplicationException e)
+ catch (Exception e)
{
throw new MOAApplicationException("3202", new Object[]{reference, locRefURI}, e);
}
+ finally
+ {
+ closeInputStream(uriStream);
+ }
entities.put(reference, contentIS);
break;
}
@@ -562,8 +586,21 @@ public class DataObjectFactory {
// resolve uri and build the content
ExternalURIResolver resolver = new ExternalURIResolver();
InputStream is = resolver.resolve(transformParameter.getURI());
+ ByteArrayInputStream bis;
+ try
+ {
+ bis = new ByteArrayInputStream(StreamUtils.readStream(is));
+ }
+ catch (IOException e)
+ {
+ throw new MOAApplicationException("2238", new Object[] {transformParameter.getURI()}, e);
+ }
+ finally
+ {
+ closeInputStream(is);
+ }
String contentType = resolver.getContentType();
- dataObject = new ByteStreamDataObjectImpl(is);
+ dataObject = new ByteStreamDataObjectImpl(bis);
dataObject.setMimeType(contentType);
break;
}
@@ -634,24 +671,60 @@ public class DataObjectFactory {
} catch (IOException e) {
throw new MOAApplicationException("2210", null, e);
}
+ finally
+ {
+ closeInputStream(is);
+ }
} else {
try {
// try parsing non-validating: need not succeed
is = resolver.resolve(uri);
doc = DOMUtils.parseDocument(is, false, null, null);
+ closeInputStream(is);
dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
} catch (Exception e) {
// this is the last chance: return the data as a byte stream
is = resolver.resolve(uri);
- dataObject = new ByteStreamDataObjectImpl(is);
+ ByteArrayInputStream bis;
+ try
+ {
+ bis = new ByteArrayInputStream(StreamUtils.readStream(is));
+ dataObject = new ByteStreamDataObjectImpl(bis);
+ }
+ catch (IOException e1)
+ {
+ throw new MOAApplicationException("2210", new Object[] { uri }, e1);
+ }
+ finally
+ {
+ closeInputStream(is);
+ }
}
}
- } else if (asXml) {
+ }
+ else if (asXml)
+ {
// if we need XML data, we're in the wrong place here
+ closeInputStream(is);
throw new MOAApplicationException("2211", new Object[] { uri });
- } else {
+ }
+ else
+ {
// content is binary: make it available as a binary input stream
- dataObject = new ByteStreamDataObjectImpl(is);
+ ByteArrayInputStream bis;
+ try
+ {
+ bis = new ByteArrayInputStream(StreamUtils.readStream(is));
+ }
+ catch (IOException e)
+ {
+ throw new MOAApplicationException("2210", null, e);
+ }
+ finally
+ {
+ closeInputStream(is);
+ }
+ dataObject = new ByteStreamDataObjectImpl(bis);
}
dataObject.setMimeType(contentType);
@@ -661,6 +734,23 @@ public class DataObjectFactory {
}
/**
+ * Savely closes the specified input stream.
+ *
+ * @param is The input stream to be closed.
+ */
+ private static void closeInputStream(InputStream is)
+ {
+ try
+ {
+ if (is != null) is.close();
+ }
+ catch (Throwable t)
+ {
+ // Intentionally do nothing here
+ }
+ }
+
+ /**
* Determine whether the content type is XML.
*
* Content types recognized as XML start with <code>text/xml</code> and