diff options
3 files changed, 124 insertions, 19 deletions
diff --git a/spss.server/res/resources/properties/spss_messages_de.properties b/spss.server/res/resources/properties/spss_messages_de.properties index dfa435df0..d7dd17464 100644 --- a/spss.server/res/resources/properties/spss_messages_de.properties +++ b/spss.server/res/resources/properties/spss_messages_de.properties @@ -56,6 +56,7 @@ 2235=CreateSignatureEnvironment muss entweder Reference oder Content enthalten 2236=CreateSignatureEnvironmentProfileID nicht vorhanden (ID={0}) 2237=Fehler beim Auflösen der internen Referenz (URI={0}) +2238=Fehler beim Auflösen des Transformationsparameters (URI={0}) 2240=Allgemeiner Fehler beim Verifizieren der Signatur [{0}] 2241=Algorithmus wird nicht unterstützt [{0}] 2242=Fehler beim Parsen der CMS Signatur [{0}] diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 33b924e2b..f7a322d11 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -86,7 +86,7 @@ public class CMSSignatureVerificationInvoker { LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); InputStream signature; - InputStream signedContent; + InputStream signedContent = null; CMSSignatureVerificationProfile profile; Date signingTime; List results; @@ -98,17 +98,17 @@ public class CMSSignatureVerificationInvoker { // get the signature signature = request.getCMSSignature(); - // get the signed content - signedContent = getSignedContent(request); + try { + // get the signed content + signedContent = getSignedContent(request); - // build the profile - profile = profileFactory.createProfile(); + // build the profile + profile = profileFactory.createProfile(); - // get the signing time - signingTime = request.getDateTime(); + // get the signing time + signingTime = request.getDateTime(); - // verify the signature - try { + // verify the signature CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); @@ -131,6 +131,20 @@ public class CMSSignatureVerificationInvoker { throw moaException; } catch (IOException e) { throw new MOAApplicationException("2244", null, e); + } catch (MOAException e) + { + throw e; + } + finally + { + try + { + if (signedContent != null) signedContent.close(); + } + catch (Throwable t) + { + // Intentionally do nothing here + } } // build the response: for each signatory add the result to the response diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java index d1e6388a9..1386d5c2d 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -134,22 +134,39 @@ public class DataObjectFactory { { ExternalURIResolver uriResolver = new ExternalURIResolver(); String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + InputStream is = null; try { - InputStream is = uriResolver.resolve(locRefURI); + is = uriResolver.resolve(locRefURI); contentBytes = StreamUtils.readStream(is); } catch (MOAApplicationException e) { throw new MOAApplicationException("3203", new Object[]{reference, locRefURI}, e); } + finally + { + closeInputStream(is); + } break; } case Content.REFERENCE_CONTENT : { ExternalURIResolver uriResolver = new ExternalURIResolver(); - InputStream is = uriResolver.resolve(reference); - contentBytes = StreamUtils.readStream(is); + InputStream is = null; + try + { + is = uriResolver.resolve(reference); + contentBytes = StreamUtils.readStream(is); + } + catch (Exception e) + { + throw e; + } + finally + { + closeInputStream(is); + } break; } case Content.XML_CONTENT : @@ -285,14 +302,21 @@ public class DataObjectFactory { ExternalURIResolver uriResolver = new ExternalURIResolver(); String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); InputStream contentIS = null; + InputStream uriStream = null; try { - contentIS = uriResolver.resolve(locRefURI); + uriStream = uriResolver.resolve(locRefURI); + byte[] contentBytes = StreamUtils.readStream(uriStream); + contentIS = new ByteArrayInputStream(contentBytes); } - catch (MOAApplicationException e) + catch (Exception e) { throw new MOAApplicationException("3202", new Object[]{reference, locRefURI}, e); } + finally + { + closeInputStream(uriStream); + } entities.put(reference, contentIS); break; } @@ -562,8 +586,21 @@ public class DataObjectFactory { // resolve uri and build the content ExternalURIResolver resolver = new ExternalURIResolver(); InputStream is = resolver.resolve(transformParameter.getURI()); + ByteArrayInputStream bis; + try + { + bis = new ByteArrayInputStream(StreamUtils.readStream(is)); + } + catch (IOException e) + { + throw new MOAApplicationException("2238", new Object[] {transformParameter.getURI()}, e); + } + finally + { + closeInputStream(is); + } String contentType = resolver.getContentType(); - dataObject = new ByteStreamDataObjectImpl(is); + dataObject = new ByteStreamDataObjectImpl(bis); dataObject.setMimeType(contentType); break; } @@ -634,24 +671,60 @@ public class DataObjectFactory { } catch (IOException e) { throw new MOAApplicationException("2210", null, e); } + finally + { + closeInputStream(is); + } } else { try { // try parsing non-validating: need not succeed is = resolver.resolve(uri); doc = DOMUtils.parseDocument(is, false, null, null); + closeInputStream(is); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (Exception e) { // this is the last chance: return the data as a byte stream is = resolver.resolve(uri); - dataObject = new ByteStreamDataObjectImpl(is); + ByteArrayInputStream bis; + try + { + bis = new ByteArrayInputStream(StreamUtils.readStream(is)); + dataObject = new ByteStreamDataObjectImpl(bis); + } + catch (IOException e1) + { + throw new MOAApplicationException("2210", new Object[] { uri }, e1); + } + finally + { + closeInputStream(is); + } } } - } else if (asXml) { + } + else if (asXml) + { // if we need XML data, we're in the wrong place here + closeInputStream(is); throw new MOAApplicationException("2211", new Object[] { uri }); - } else { + } + else + { // content is binary: make it available as a binary input stream - dataObject = new ByteStreamDataObjectImpl(is); + ByteArrayInputStream bis; + try + { + bis = new ByteArrayInputStream(StreamUtils.readStream(is)); + } + catch (IOException e) + { + throw new MOAApplicationException("2210", null, e); + } + finally + { + closeInputStream(is); + } + dataObject = new ByteStreamDataObjectImpl(bis); } dataObject.setMimeType(contentType); @@ -661,6 +734,23 @@ public class DataObjectFactory { } /** + * Savely closes the specified input stream. + * + * @param is The input stream to be closed. + */ + private static void closeInputStream(InputStream is) + { + try + { + if (is != null) is.close(); + } + catch (Throwable t) + { + // Intentionally do nothing here + } + } + + /** * Determine whether the content type is XML. * * Content types recognized as XML start with <code>text/xml</code> and |