diff options
Diffstat (limited to 'spss.slinterface/WEB-INF/src/at/gv')
8 files changed, 708 insertions, 16 deletions
diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java index 6dbba7f89..1529317fa 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java @@ -19,6 +19,7 @@ public class Constants public static final String IP_MOA2SL_STYLESHEET_ = "location.stylesheet.moa2sl"; public static final String IP_SL_SCHEMA_ = "location.schema.sl"; public static final String IP_MOA_SCHEMA_ = "location.schema.moa"; + public static final String IP_SLXHTML_SCHEMA_ = "location.schema.slxhtml"; public static final String IP_TEMP_DIR_ = "location.tempdir"; public static final String IP_SP_ENDPOINT_ = "service.sp.endpoint"; public static final String IP_SP_TRUSTPROFILEID_ = "service.sp.trustProfileId"; @@ -56,12 +57,15 @@ public class Constants public static final String NSURI_NAMESPACES_ = "http://www.w3.org/2000/xmlns/"; public static final String NSURI_XML_ = "http://www.w3.org/XML/1998/namespace"; public static final String NSURI_DSIG_ = "http://www.w3.org/2000/09/xmldsig#"; + public static final String NSURI_XHTML_ = "http://www.w3.org/1999/xhtml"; // Namespace prefixes public static final String NSPRE_SL_10_ = "sl10"; public static final String NSPRE_SL_11_ = "sl11"; public static final String NSPRE_SL_12_ = "sl12"; public static final String NSPRE_MOA_12_ = "moa"; + public static final String NSPRE_DSIG_ = "dsig"; + public static final String NSPRE_XHTML_ = "xhtml"; // MOA invoker constants diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java index 8bc23efa9..814d7832e 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java @@ -5,18 +5,31 @@ */ package at.gv.egovernment.moa.spss.slinterface; +import java.io.InputStream; import java.util.ArrayList; import java.util.List; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.spss.slinterface.listeners.XMLParserErrorHandler; /** * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) */ public class DOMUtils { + private static final String SAX_NAMESPACES_FEATURE = "http://xml.org/sax/features/namespaces"; + private static final String XERCES_CREATE_ENTITY_REF_NODES_FEATURE = + "http://apache.org/xml/features/dom/create-entity-ref-nodes"; + protected static final String XERCES_DEFER_NODE_EXPANSION_ = + "http://apache.org/xml/features/dom/defer-node-expansion"; + /* ---------------------------------------------------------------------------------------------------- */ /** @@ -123,4 +136,34 @@ public class DOMUtils } return (childElems.size() == 0) ? null : childElems; } + + /* ---------------------------------------------------------------------------------------------------- */ + + public static Document parseWellFormed(InputStream is) throws Exception + { + DOMParser xmlParser = new DOMParser(); + try + { + xmlParser.setFeature(SAX_NAMESPACES_FEATURE, true); + xmlParser.setFeature(XERCES_CREATE_ENTITY_REF_NODES_FEATURE, false); + xmlParser.setFeature(XERCES_DEFER_NODE_EXPANSION_, false); + xmlParser.setErrorHandler(new XMLParserErrorHandler(false, true, true)); + + } + catch (SAXException e) + { + String message = "Initialization of XML parser failed."; + throw new Exception(message, e); + } + try + { + xmlParser.parse(new InputSource(is)); + return xmlParser.getDocument(); + } + catch (Exception e) + { + String message = "Wellformed parsing failed."; + throw new Exception(message, e); + } + } } diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/XPathUtils.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/XPathUtils.java new file mode 100644 index 000000000..16e4938ed --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/XPathUtils.java @@ -0,0 +1,162 @@ +/* + * Created on 02.12.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface; + +import java.util.HashMap; +import java.util.StringTokenizer; + +import org.apache.xml.utils.PrefixResolverDefault; +import org.apache.xpath.XPath; +import org.apache.xpath.XPathContext; +import org.apache.xpath.objects.XObject; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class XPathUtils +{ + /** + * The XPath context for the XPath engine. + */ + protected XPathContext xPathContext_; + + /** + * The prefix resolver for the XPath engine. + */ + protected PrefixResolver prefixResolver_; + + /** + * The XPath engine. + */ + protected XPath xPath_; + + /* ==================================================================================================== */ + + public void setupContext(String xPathExpr, Node namespaceNode, String additionalNSPrefixes) + throws Exception + { + + try + { + // Set up a new evaluation context + xPathContext_ = new XPathContext(); + + // Set up the namespace prefix resolver for the XPath engine + prefixResolver_ = new PrefixResolver(namespaceNode, additionalNSPrefixes); + + // Initialize XPath engine + xPath_ = new XPath(xPathExpr, null, prefixResolver_, XPath.SELECT, null); + } + catch (Exception e) + { + throw new Exception("Setting up XPath evaluation context failed.", e); + } + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public NodeList selectNodeSet(Node contextNode) throws Exception + { + XObject xObject; + try + { + xObject = xPath_.execute(xPathContext_, contextNode, prefixResolver_); + return xObject.nodelist(); + } + catch (Exception e) + { + throw new Exception("Executing XPath expression failed.", e); + } + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public boolean selectBoolean(Node contextNode) throws Exception + { + XObject xObject; + try + { + xObject = xPath_.execute(xPathContext_, contextNode, prefixResolver_); + return xObject.bool(); + } + catch (Exception e) + { + throw new Exception("Executing XPath expression failed.", e); + } + } + + /* ==================================================================================================== */ + + /** + * Special extension of the {@link org.apache.xml.utils.PrefixResolverDefault} interface. Used to + * configure the Apache Xalan XPath engine which is employed as the backbone of this class. + */ + protected class PrefixResolver extends PrefixResolverDefault + { + + /** + * Contains the additionally specified namespace prefix (key) to namespace URI (value) attributions. + */ + protected HashMap additionalNSPrefixesMap_; + + /* ================================================================================================== */ + + /** + * Basic constructor. + * + * @param xpathExpressionContext The namespace declarations in scope for this node will be used to get + * the namespace uri for a prefix specified in the XPath expression. + * + * @param additionalNSPrefixes Allows the specification of additional prefix to uri attributions apart + * from the declarations in scope for the parameter <code> + * xpathExpressionContext</code>. May be <code>null</code>. + */ + public PrefixResolver(Node xpathExpressionContext, String additionalNSPrefixes) throws Exception + { + super(xpathExpressionContext); + additionalNSPrefixesMap_ = new HashMap(); + + // Register the specified additional namespace prefix to namespace uri attributions + if (additionalNSPrefixes != null) + { + StringTokenizer tokenizer = new StringTokenizer(additionalNSPrefixes, " "); + while (tokenizer.hasMoreTokens()) + { + String prefix = tokenizer.nextToken(); + if (!tokenizer.hasMoreTokens()) + { + + // There must be an even number of tokens in the string + throw new Exception("Parameter \"additionalNSPrefixes\" must have an even number of tokens."); + } + String uri = tokenizer.nextToken(); + additionalNSPrefixesMap_.put(prefix, uri); + } + } + } + + /* -------------------------------------------------------------------------------------------------- */ + + /** + * Gets the namespace uri for the specified namespace prefix. The additionally specified prefixes + * overrule the prefixes found in the specified namespace node. + * + * @param prefix The namespace prefix for which a namespace uri should be found. + * + * @return the namespace uri for the specified namespace prefix. + */ + public String getNamespaceForPrefix(String prefix) + { + String additionalURI = (String) additionalNSPrefixesMap_.get(prefix); + return (additionalURI != null) + ? additionalURI + : super.getNamespaceForPrefix(prefix); + } + } +} + diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java index 3e23c9eb0..db67ac411 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java @@ -7,13 +7,22 @@ package at.gv.egovernment.moa.spss.slinterface.beans; import iaik.utils.Util; +import java.io.ByteArrayInputStream; import java.io.File; +import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; +import java.io.InputStream; +import java.net.URL; import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.Properties; import java.util.Random; +import java.util.Set; +import java.util.StringTokenizer; import javax.servlet.ServletContext; import javax.servlet.http.HttpSession; @@ -21,11 +30,18 @@ import javax.servlet.http.HttpSessionBindingEvent; import javax.servlet.http.HttpSessionBindingListener; import org.apache.log4j.Logger; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.Attr; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; import at.gv.egovernment.moa.spss.slinterface.Constants; import at.gv.egovernment.moa.spss.slinterface.DOMUtils; +import at.gv.egovernment.moa.spss.slinterface.XPathUtils; +import at.gv.egovernment.moa.spss.slinterface.moainvoker.MOAInvoker; /** * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) @@ -34,27 +50,56 @@ public class DataInfoBean implements HttpSessionBindingListener { private static Logger logger_ = Logger.getLogger(Constants.LH_BEANS_); + // MOA private static final String HID_ELEM_ = "HashInputData"; private static final String B64CONT_ELEM_ = "Base64Content"; private static final String XMLCONT_ELEM_ = "XMLContent"; + private static final String SIGLOC_ELEM_ = "VerifySignatureLocation"; + // XMLDSIG + private static final String TYPE_ATTR_ = "Type"; + private static final String URI_ATTR_ = "URI"; + + // XHTML + private static final String SRC_ATTR_ = "src"; + private static final String HTML_ELEM_ = "html"; + private static final String HID_URL_PREFIX_ = "/showdata?hidCount="; - List hashInputDataFilenames_; + private static final String XPATH_ALL_IMG_ = "//" + Constants.NSPRE_XHTML_ + ":img"; + private static final String XPATH_ALL_REF_ = "./" + Constants.NSPRE_DSIG_ + ":SignedInfo/" + + Constants.NSPRE_DSIG_ + ":Reference"; + private static final String XPATH_SIG_ENV_CONTENT_ = "/" + Constants.NSPRE_MOA_12_ + ":VerifyXMLSignatureRequest/" + + Constants.NSPRE_MOA_12_ + ":VerifySignatureInfo/" + Constants.NSPRE_MOA_12_ + ":VerifySignatureEnvironment/*"; + + + + private static final String SLXHTML_TYPE_PREFIX_ = "http://www.buergerkarte.at/specifications/" + + "Security-Layer/20031113?Name=SignedImage&InstanceDocRef="; + + ServletContext context_; + + /** + * Contains objects of type {@link HashInputDataInfo}. + */ + List hashInputDataInfos_; + int hashInputDataCount_; /* ---------------------------------------------------------------------------------------------------- */ - public DataInfoBean(Document moaResponseDoc, ServletContext context, HttpSession session) - throws IOException + public DataInfoBean(Document moaRequestDoc, Document moaResponseDoc, ServletContext context, + HttpSession session) throws Exception { - hashInputDataFilenames_ = new ArrayList(); + context_ = context; + + hashInputDataInfos_ = new ArrayList(); int hashInputDataCount_ = 0; Element moaResponseElem = moaResponseDoc.getDocumentElement(); List hidElems = DOMUtils.getChildElems(moaResponseElem, Constants.NSURI_MOA_12_, HID_ELEM_, false); - Properties initProps = (Properties) context.getAttribute(Constants.WSCP_INIT_PROPS_); + Properties initProps = (Properties) context_.getAttribute(Constants.WSCP_INIT_PROPS_); String tempDir = initProps.getProperty(Constants.IP_TEMP_DIR_); if (tempDir == null) { @@ -69,7 +114,7 @@ public class DataInfoBean implements HttpSessionBindingListener // Open file for current hash input data String currHidFileNameStr = tempDir + session.getId() + "_" + System.currentTimeMillis() + "_" + random.nextLong(); - currHidFileNameStr = context.getRealPath(currHidFileNameStr); + currHidFileNameStr = context_.getRealPath(currHidFileNameStr); FileOutputStream currHidFOS; try { @@ -111,7 +156,25 @@ public class DataInfoBean implements HttpSessionBindingListener throw new RuntimeException("XML content not support yet."); } - hashInputDataFilenames_.add(currHidFileNameStr); + hashInputDataInfos_.add(new HashInputDataInfo(currHidFileNameStr)); + } + + // Check if hids are slxhtml documents; mark them appropriately + try + { + Map signedImages = getSignedImages(moaRequestDoc, hashInputDataInfos_); + for (int i = 0; i < hashInputDataInfos_.size(); i++) + { + HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(i); + FileInputStream currHidIS = new FileInputStream(currHid.filename_); + checkImages(currHidIS, currHid, signedImages); + } + } + catch (Exception e) + { + String message = "Performing SLXHTML checks failed."; + logger_.error(message, e); + throw new Exception(message, e); } } @@ -127,9 +190,9 @@ public class DataInfoBean implements HttpSessionBindingListener public void valueUnbound(HttpSessionBindingEvent event) { // Delete all temporary hash input data files - for (int i = 0; i < hashInputDataFilenames_.size(); i++) + for (int i = 0; i < hashInputDataInfos_.size(); i++) { - String currFileStr = (String) hashInputDataFilenames_.get(i); + String currFileStr = ((HashInputDataInfo) hashInputDataInfos_.get(i)).filename_; File currFile = new File(currFileStr); currFile.delete(); } @@ -146,16 +209,295 @@ public class DataInfoBean implements HttpSessionBindingListener public String getHashInputDataFilename() { - return (String) hashInputDataFilenames_.get(hashInputDataCount_); + HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); + return (currHid == null) ? null : currHid.filename_; } /* ---------------------------------------------------------------------------------------------------- */ public String getHashInputDataURL() { - - return (hashInputDataFilenames_.size() > hashInputDataCount_) + return (hashInputDataInfos_.size() > hashInputDataCount_) ? HID_URL_PREFIX_ + hashInputDataCount_ : null; } + + /* ---------------------------------------------------------------------------------------------------- */ + + public boolean getShowHashInputData() + { + HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); + return (currHid == null) ? false : currHid.doShow_; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public boolean getIsSLXHTMLDocument() + { + HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); + return (currHid == null) ? false : currHid.isSLXHTMLDocument_; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private Document parseSLXHTMLDocument(InputStream docIS) + { + DOMParser xmlParser = (DOMParser) context_.getAttribute(Constants.WSCP_XMLPARSER_); + InputSource docInputSource = new InputSource(docIS); + Document parsedDoc = null; + try + { + xmlParser.parse(docInputSource); + parsedDoc = xmlParser.getDocument(); + } + catch (Exception e) + { + // Exception shows that document is not a valid SLXHTML document; return null in that case + logger_.debug("HashInputData is not a valid SLXHTML document.", e); + return null; + } + + Element docElem = parsedDoc.getDocumentElement(); + if (docElem.getNamespaceURI() != Constants.NSURI_XHTML_ || docElem.getLocalName() != HTML_ELEM_) + { + return null; + } + + return parsedDoc; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private void checkImages(InputStream hidIS, HashInputDataInfo hid, Map signedImages) throws Exception + { + // Parse hidIS + Document slxhtmlDoc = parseSLXHTMLDocument(hidIS); + if (slxhtmlDoc == null) return; + + // Get all img elements of slxhtml document + XPathUtils xpUtils = new XPathUtils(); + String additionalNSPrefixes = Constants.NSPRE_XHTML_ + " " + Constants.NSURI_XHTML_; + xpUtils.setupContext(XPATH_ALL_IMG_, slxhtmlDoc.getDocumentElement(), additionalNSPrefixes); + NodeList imgTags = xpUtils.selectNodeSet(slxhtmlDoc); + + // Check if all img elements have corresponding slxhtml signed images + boolean allImgsSigned = true; + for (int i = 0; i < imgTags.getLength(); i++) + { + Element currImgElem = (Element) imgTags.item(i); + String uri = currImgElem.getAttribute(SRC_ATTR_); + if (!signedImages.containsKey(uri)) + { + allImgsSigned = false; + break; + } + } + + // Mark all corresponding slxhtml signed images as not to be shown + if (allImgsSigned) + { + for (int i = 0; i < imgTags.getLength(); i++) + { + Element currImgElem = (Element) imgTags.item(i); + String uri = currImgElem.getAttribute(SRC_ATTR_); + HashInputDataInfo currHidi = (HashInputDataInfo) signedImages.get(uri); + currHidi.doShow_ = false; + } + } + + // Change the src attributes of all img tags so that they refer to the temporary names + if (allImgsSigned) + { + for (int i = 0; i < imgTags.getLength(); i++) + { + Element currImgElem = (Element) imgTags.item(i); + String uri = currImgElem.getAttribute(SRC_ATTR_); + HashInputDataInfo currHidi = (HashInputDataInfo) signedImages.get(uri); + + Attr srcAttr = currImgElem.getAttributeNode(SRC_ATTR_); + int slashPos = currHidi.filename_.lastIndexOf('/'); + if (slashPos == -1) slashPos = 0; + String newSrcAttrValue = currHidi.filename_.substring(slashPos + 1); + srcAttr.setNodeValue(newSrcAttrValue); + } + } + + // Mark hid slxhtml document + hid.isSLXHTMLDocument_ = true; + + // Serialize modified slxhtml document to temporary file location + if (allImgsSigned) + { + FileOutputStream slxhtmlFOS = new FileOutputStream(hid.filename_); + MOAInvoker.serializeDocument(slxhtmlDoc, slxhtmlFOS); + slxhtmlFOS.close(); + } + + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private Map getSignedImages(Document moaRequestDoc, List hashInputDataInfos) throws Exception + { + // Get signature from MOA request + Element signatureElem = getSignature(moaRequestDoc); + + // Get all signature references from MOA request + XPathUtils xpUtils = new XPathUtils(); + String additionalNSPrefixes = Constants.NSPRE_DSIG_ + " " + Constants.NSURI_DSIG_; + xpUtils.setupContext(XPATH_ALL_REF_, signatureElem, additionalNSPrefixes); + NodeList dsigRefs = xpUtils.selectNodeSet(signatureElem); + + // Check signature references for slxhtml images + HashMap imgHids = new HashMap(dsigRefs.getLength()); + for (int i = 0; i < dsigRefs.getLength(); i++) + { + Element currRef = (Element) dsigRefs.item(i); + String type = currRef.getAttribute(TYPE_ATTR_); + if (type != null && type.startsWith(SLXHTML_TYPE_PREFIX_)) + { + String uri = currRef.getAttribute(URI_ATTR_); + Set referredHids = createReferredHidsSet(type); + HashInputDataInfo currHidi = (HashInputDataInfo)hashInputDataInfos.get(i); + currHidi.uri_ = uri; + currHidi.referredHids_ = referredHids; + currHidi.isSLXHTMLImage_ = true; + imgHids.put(uri, currHidi); + } + } + + return imgHids; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private Set createReferredHidsSet(String type) throws Exception + { + HashSet set = new HashSet(); + String typeSuffix = type.substring(SLXHTML_TYPE_PREFIX_.length()); + StringTokenizer tokenizer = new StringTokenizer(typeSuffix, ","); + while (tokenizer.hasMoreTokens()) + { + try + { + set.add(new Integer(tokenizer.nextToken())); + } + catch (NumberFormatException e) + { + String message = "Signed image type attribute \"" + type + "\" is malformed."; + logger_.error(message, e); + throw new Exception(message, e); + } + } + return set; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private Element getSignature(Document moaRequestDoc) throws Exception + { + // Get signature environment content + NodeList contentNL; + try + { + XPathUtils xpUtils = new XPathUtils(); + String addNSPrefixes = Constants.NSPRE_MOA_12_ + " " + Constants.NSURI_MOA_12_; + xpUtils.setupContext(XPATH_SIG_ENV_CONTENT_, moaRequestDoc, addNSPrefixes); + contentNL = xpUtils.selectNodeSet(moaRequestDoc); + } + catch (Exception e) + { + String message = "Cannot find signature environment content."; + logger_.error(message); + throw new Exception(message, e); + } + if (contentNL.getLength() == 0) + { + String message = "Cannot find signature environment content."; + logger_.error(message); + throw new Exception(message); + } + Element contentElem = (Element) contentNL.item(0); + + // Get signature environment document form siganture environment content + String contentElemLocName = contentElem.getLocalName(); + Element sigEnvElem = null; + if (XMLCONT_ELEM_.equals(contentElemLocName)) + { + // XML content + NodeList contentNodes = contentElem.getChildNodes(); + for (int i = 0; i < contentNodes.getLength(); i++) + { + Node currContNode = (Node) contentNodes.item(i); + if (currContNode.getNodeType() == Node.ELEMENT_NODE) + { + sigEnvElem = (Element) currContNode; + break; + } + } + } + else if (B64CONT_ELEM_.equals(contentElemLocName)) + { + // Base64 content + String base64ContStr = DOMUtils.getText(contentElem); + byte[] contBytes = Util.Base64Decode(base64ContStr.getBytes()); + ByteArrayInputStream contBIS = new ByteArrayInputStream(contBytes); + Document sigEnvDoc; + try + { + sigEnvDoc = DOMUtils.parseWellFormed(contBIS); + } + catch (Exception e) + { + String message = "Cannot parse signature environment from base64 content."; + logger_.error(message); + throw new Exception(message, e); + } + sigEnvElem = sigEnvDoc.getDocumentElement(); + } + else + { + // LocRef content + String locRef = DOMUtils.getText(contentElem); + URL locRefURL = new URL(locRef); + InputStream contentIS = locRefURL.openStream(); + Document sigEnvDoc; + try + { + sigEnvDoc = DOMUtils.parseWellFormed(contentIS); + } + catch (Exception e) + { + String message = "Cannot parse signature environment from location reference content."; + logger_.error(message); + throw new Exception(message, e); + } + sigEnvElem = sigEnvDoc.getDocumentElement(); + } + + // Get signature form signature environment document + Element sigInfoElem = (Element) contentElem.getParentNode().getParentNode(); + Element sigLocElem = DOMUtils.getChildElem(sigInfoElem, Constants.NSURI_MOA_12_, SIGLOC_ELEM_); + String sigLocXPath = DOMUtils.getText(sigLocElem); + NodeList sigElemNL; + try + { + XPathUtils xpUtils = new XPathUtils(); + xpUtils.setupContext(sigLocXPath, sigLocElem, null); + sigElemNL = xpUtils.selectNodeSet(sigEnvElem); + } + catch (Exception e) + { + String message = "Cannot get signature at location \"" + sigLocXPath + "\" from signature environment."; + logger_.error(message); + throw new Exception(message, e); + } + if (sigElemNL.getLength() != 1 || ((Node) sigElemNL.item(0)).getNodeType() != Node.ELEMENT_NODE) + { + String message = "Cannot get signature at location \"" + sigLocXPath + "\" from signature environment."; + logger_.error(message); + throw new Exception(message); + } + return (Element) sigElemNL.item(0); + } } diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java new file mode 100644 index 000000000..e2cb27ab3 --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java @@ -0,0 +1,55 @@ +/* + * Created on 02.12.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import java.util.Set; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class HashInputDataInfo +{ + /** + * The name of the temporary file in which this data is stored. + */ + public String filename_; + + /** + * Is this HID a SLXHTML document? + */ + public boolean isSLXHTMLDocument_; + + /** + * Is this HID a SLXHTML signed image? + */ + public boolean isSLXHTMLImage_; + + /** + * Show HID in result presentation? + */ + public boolean doShow_; + + /** + * The URI attribute value of the dsig:Reference corresponding with this HID. + */ + public String uri_; + + /** + * In case that this ID is a SLXHTML signed image, this set contains objects of type <code>Integer</code>, + * indicating the SLXHTML HIDs where this image is referenced. + */ + public Set referredHids_; + + public HashInputDataInfo(String filename) + { + filename_ = filename; + isSLXHTMLDocument_ = false; + isSLXHTMLImage_ = false; + doShow_ = true; + uri_ = null; + referredHids_ = null; + } +} diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java index 9a4529565..b67d978ad 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java @@ -128,9 +128,19 @@ public class SL2MOAFilter implements Filter } // Create bean with info about signed data - DataInfoBean dataInfo = new DataInfoBean(moaResponseDoc, config_.getServletContext(), session); - session.setAttribute("dataInfo", dataInfo); - + try + { + DataInfoBean dataInfo = new DataInfoBean( + moaXMLRequestDoc, moaResponseDoc, config_.getServletContext(), session); + session.setAttribute("dataInfo", dataInfo); + } + catch (Exception e) + { + String message = "Creating DataInfobean failed."; + logger_.error(message, e); + throw new ServletException(message, e); + } + // Transform MOA response into a SL response Document slResponseDoc; slResponseDoc = MOA2SL.toSlVerifyXMLSignatureResponse(moaResponseDoc); diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/ContextListener.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/ContextListener.java index 0b3980a50..83b6e96dd 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/ContextListener.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/ContextListener.java @@ -48,6 +48,8 @@ public class ContextListener implements ServletContextListener private static Logger logger_ = Logger.getLogger(Constants.LH_LISTENERS_); + /* ---------------------------------------------------------------------------------------------------- */ + /** * Initializes the web application. * @@ -90,12 +92,20 @@ public class ContextListener implements ServletContextListener preparser.setFeature(SAX_NAMESPACES_FEATURE, true); preparser.setFeature(SAX_VALIDATION_FEATURE, true); + // Schema for Security-Layer 1.2 alpha (including LocRefContent) Properties initProps = (Properties) context.getAttribute(Constants.WSCP_INIT_PROPS_); String slSchemaLoc = initProps.getProperty(Constants.IP_SL_SCHEMA_); preparseSchema(context, preparser, slSchemaLoc); + + // Schema for MOA 1.2 String moaSchemaLoc = initProps.getProperty(Constants.IP_MOA_SCHEMA_); preparseSchema(context, preparser, moaSchemaLoc); - + + // Schema for SLXHTML 1.0 + String slxhtmlSchemaLoc = initProps.getProperty(Constants.IP_SLXHTML_SCHEMA_); + preparseSchema(context, preparser, slxhtmlSchemaLoc); + + // TODO parser is not threadsafe DOMParser xmlParser = new DOMParser(symbolTable, grammarPool); try { @@ -106,6 +116,7 @@ public class ContextListener implements ServletContextListener xmlParser.setFeature(XERCES_INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true); xmlParser.setFeature(XERCES_CREATE_ENTITY_REF_NODES_FEATURE, false); xmlParser.setFeature(XERCES_DEFER_NODE_EXPANSION_, false); + xmlParser.setErrorHandler(new XMLParserErrorHandler(false, true, true)); } catch (SAXException e) diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/XMLParserErrorHandler.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/XMLParserErrorHandler.java new file mode 100644 index 000000000..b6fc770c0 --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/XMLParserErrorHandler.java @@ -0,0 +1,65 @@ +/* + * Created on 02.12.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.listeners; + +import org.apache.log4j.Logger; +import org.xml.sax.ErrorHandler; +import org.xml.sax.SAXException; +import org.xml.sax.SAXParseException; + +import at.gv.egovernment.moa.spss.slinterface.Constants; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class XMLParserErrorHandler implements ErrorHandler +{ + private static Logger logger_ = Logger.getLogger(Constants.LH_LISTENERS_); + + private boolean reportWarning_, reportError_, reportFatal_; + + /* ---------------------------------------------------------------------------------------------------- */ + + public XMLParserErrorHandler(boolean reportWarning, boolean reportError, boolean reportFatal) + { + reportWarning_ = reportWarning; + reportError_ = reportError; + reportFatal_ = reportFatal; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + /** + * @see org.xml.sax.ErrorHandler#warning(org.xml.sax.SAXParseException) + */ + public void warning(SAXParseException exception) throws SAXException + { + logger_.warn("XML parser reported a warning.", exception); + if (reportWarning_) throw exception; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + /** + * @see org.xml.sax.ErrorHandler#error(org.xml.sax.SAXParseException) + */ + public void error(SAXParseException exception) throws SAXException + { + logger_.error("XML parser reported an error.", exception); + if (reportError_) throw exception; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + /** + * @see org.xml.sax.ErrorHandler#fatalError(org.xml.sax.SAXParseException) + */ + public void fatalError(SAXParseException exception) throws SAXException + { + logger_.error("XML parser reported a fatal error.", exception); + if (reportFatal_) throw exception; + } +} |