diff options
Diffstat (limited to 'spss.slinterface/WEB-INF/src/at')
8 files changed, 708 insertions, 16 deletions
| diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java index 6dbba7f89..1529317fa 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java @@ -19,6 +19,7 @@ public class Constants    public static final String IP_MOA2SL_STYLESHEET_ = "location.stylesheet.moa2sl";    public static final String IP_SL_SCHEMA_ = "location.schema.sl";    public static final String IP_MOA_SCHEMA_ = "location.schema.moa"; +  public static final String IP_SLXHTML_SCHEMA_ = "location.schema.slxhtml";    public static final String IP_TEMP_DIR_ = "location.tempdir";    public static final String IP_SP_ENDPOINT_ = "service.sp.endpoint";    public static final String IP_SP_TRUSTPROFILEID_ = "service.sp.trustProfileId"; @@ -56,12 +57,15 @@ public class Constants    public static final String NSURI_NAMESPACES_ = "http://www.w3.org/2000/xmlns/";    public static final String NSURI_XML_ = "http://www.w3.org/XML/1998/namespace";    public static final String NSURI_DSIG_ = "http://www.w3.org/2000/09/xmldsig#"; +  public static final String NSURI_XHTML_ = "http://www.w3.org/1999/xhtml";    // Namespace prefixes    public static final String NSPRE_SL_10_ = "sl10";    public static final String NSPRE_SL_11_ = "sl11";    public static final String NSPRE_SL_12_ = "sl12";    public static final String NSPRE_MOA_12_ = "moa"; +  public static final String NSPRE_DSIG_ = "dsig"; +  public static final String NSPRE_XHTML_ = "xhtml";    // MOA invoker constants diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java index 8bc23efa9..814d7832e 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java @@ -5,18 +5,31 @@   */  package at.gv.egovernment.moa.spss.slinterface; +import java.io.InputStream;  import java.util.ArrayList;  import java.util.List; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.Document;  import org.w3c.dom.Element;  import org.w3c.dom.Node;  import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.spss.slinterface.listeners.XMLParserErrorHandler;  /**   * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)    */  public class DOMUtils  { +  private static final String SAX_NAMESPACES_FEATURE = "http://xml.org/sax/features/namespaces"; +  private static final String XERCES_CREATE_ENTITY_REF_NODES_FEATURE = +    "http://apache.org/xml/features/dom/create-entity-ref-nodes"; +  protected static final String XERCES_DEFER_NODE_EXPANSION_ = +    "http://apache.org/xml/features/dom/defer-node-expansion"; +    /* ---------------------------------------------------------------------------------------------------- */    /** @@ -123,4 +136,34 @@ public class DOMUtils      }      return (childElems.size() == 0) ? null : childElems;    } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  public static Document parseWellFormed(InputStream is) throws Exception +  { +    DOMParser xmlParser = new DOMParser(); +    try +    { +      xmlParser.setFeature(SAX_NAMESPACES_FEATURE, true); +      xmlParser.setFeature(XERCES_CREATE_ENTITY_REF_NODES_FEATURE, false); +      xmlParser.setFeature(XERCES_DEFER_NODE_EXPANSION_, false); +      xmlParser.setErrorHandler(new XMLParserErrorHandler(false, true, true)); +   +    } +    catch (SAXException e) +    { +      String message = "Initialization of XML parser failed."; +      throw new Exception(message, e); +    } +    try +    { +      xmlParser.parse(new InputSource(is)); +      return xmlParser.getDocument(); +    } +    catch (Exception e) +    { +      String message = "Wellformed parsing failed."; +      throw new Exception(message, e); +    } +  }  } diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/XPathUtils.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/XPathUtils.java new file mode 100644 index 000000000..16e4938ed --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/XPathUtils.java @@ -0,0 +1,162 @@ +/* + * Created on 02.12.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface; + +import java.util.HashMap; +import java.util.StringTokenizer; + +import org.apache.xml.utils.PrefixResolverDefault; +import org.apache.xpath.XPath; +import org.apache.xpath.XPathContext; +import org.apache.xpath.objects.XObject; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)  + */ +public class XPathUtils  +{ +  /** +   * The XPath context for the XPath engine. +   */ +  protected XPathContext xPathContext_; + +  /** +   * The prefix resolver for the XPath engine. +   */ +  protected PrefixResolver prefixResolver_; + +  /** +   * The XPath engine. +   */ +  protected XPath xPath_; + +  /* ==================================================================================================== */ + +  public void setupContext(String xPathExpr, Node namespaceNode, String additionalNSPrefixes) +    throws Exception +  { + +    try +    { +      // Set up a new evaluation context +      xPathContext_ = new XPathContext(); + +      // Set up the namespace prefix resolver for the XPath engine +      prefixResolver_ = new PrefixResolver(namespaceNode, additionalNSPrefixes); + +      // Initialize XPath engine +      xPath_ = new XPath(xPathExpr, null, prefixResolver_, XPath.SELECT, null); +    } +    catch (Exception e) +    { +      throw new Exception("Setting up XPath evaluation context failed.", e); +    } +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  public NodeList selectNodeSet(Node contextNode) throws Exception +  { +    XObject xObject; +    try +    { +      xObject = xPath_.execute(xPathContext_, contextNode, prefixResolver_); +      return xObject.nodelist(); +    } +    catch (Exception e) +    { +      throw new Exception("Executing XPath expression failed.", e); +    } +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  public boolean selectBoolean(Node contextNode) throws Exception +  { +    XObject xObject; +    try +    { +      xObject = xPath_.execute(xPathContext_, contextNode, prefixResolver_); +      return xObject.bool(); +    } +    catch (Exception e) +    { +      throw new Exception("Executing XPath expression failed.", e); +    } +  } + +  /* ==================================================================================================== */ + +  /** +   * Special extension of the {@link org.apache.xml.utils.PrefixResolverDefault} interface. Used to +   * configure the Apache Xalan XPath engine which is employed as the backbone of this class. +   */ +  protected class PrefixResolver extends PrefixResolverDefault +  { + +    /** +     * Contains the additionally specified namespace prefix (key) to namespace URI (value) attributions. +     */ +    protected HashMap additionalNSPrefixesMap_; + +    /* ================================================================================================== */ + +    /** +     * Basic constructor. +     * +     * @param xpathExpressionContext The namespace declarations in scope for this node will be used to get +     *                               the namespace uri for a prefix specified in the XPath expression. +     * +     * @param additionalNSPrefixes Allows the specification of additional prefix to uri attributions apart +     *                             from the declarations in scope for the parameter <code> +     *                             xpathExpressionContext</code>. May be <code>null</code>. +     */ +    public PrefixResolver(Node xpathExpressionContext, String additionalNSPrefixes) throws Exception +    { +      super(xpathExpressionContext); +      additionalNSPrefixesMap_ = new HashMap(); + +      // Register the specified additional namespace prefix to namespace uri attributions +      if (additionalNSPrefixes != null) +      { +        StringTokenizer tokenizer = new StringTokenizer(additionalNSPrefixes, " "); +        while (tokenizer.hasMoreTokens()) +        { +          String prefix = tokenizer.nextToken(); +          if (!tokenizer.hasMoreTokens()) +          { + +            // There must be an even number of tokens in the string +            throw new Exception("Parameter \"additionalNSPrefixes\" must have an even number of tokens."); +          } +          String uri = tokenizer.nextToken(); +          additionalNSPrefixesMap_.put(prefix, uri); +        } +      } +    } + +    /* -------------------------------------------------------------------------------------------------- */ + +    /** +     * Gets the namespace uri for the specified namespace prefix. The additionally specified prefixes +     * overrule the prefixes found in the specified namespace node. +     * +     * @param prefix The namespace prefix for which a namespace uri should be found. +     * +     * @return the namespace uri for the specified namespace prefix. +     */ +    public String getNamespaceForPrefix(String prefix) +    { +      String additionalURI = (String) additionalNSPrefixesMap_.get(prefix); +      return (additionalURI != null) +             ? additionalURI +             : super.getNamespaceForPrefix(prefix); +    } +  } +} + diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java index 3e23c9eb0..db67ac411 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java @@ -7,13 +7,22 @@ package at.gv.egovernment.moa.spss.slinterface.beans;  import iaik.utils.Util; +import java.io.ByteArrayInputStream;  import java.io.File; +import java.io.FileInputStream;  import java.io.FileOutputStream;  import java.io.IOException; +import java.io.InputStream; +import java.net.URL;  import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet;  import java.util.List; +import java.util.Map;  import java.util.Properties;  import java.util.Random; +import java.util.Set; +import java.util.StringTokenizer;  import javax.servlet.ServletContext;  import javax.servlet.http.HttpSession; @@ -21,11 +30,18 @@ import javax.servlet.http.HttpSessionBindingEvent;  import javax.servlet.http.HttpSessionBindingListener;  import org.apache.log4j.Logger; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.Attr;  import org.w3c.dom.Document;  import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource;  import at.gv.egovernment.moa.spss.slinterface.Constants;  import at.gv.egovernment.moa.spss.slinterface.DOMUtils; +import at.gv.egovernment.moa.spss.slinterface.XPathUtils; +import at.gv.egovernment.moa.spss.slinterface.moainvoker.MOAInvoker;  /**   * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)  @@ -34,27 +50,56 @@ public class DataInfoBean implements HttpSessionBindingListener  {    private static Logger logger_ = Logger.getLogger(Constants.LH_BEANS_); +  // MOA    private static final String HID_ELEM_ = "HashInputData";    private static final String B64CONT_ELEM_ = "Base64Content";    private static final String XMLCONT_ELEM_ = "XMLContent"; +  private static final String SIGLOC_ELEM_ = "VerifySignatureLocation"; +  // XMLDSIG +  private static final String TYPE_ATTR_ = "Type"; +  private static final String URI_ATTR_ = "URI"; + +  // XHTML +  private static final String SRC_ATTR_ = "src"; +  private static final String HTML_ELEM_ = "html"; +    private static final String HID_URL_PREFIX_ = "/showdata?hidCount="; -  List hashInputDataFilenames_; +  private static final String XPATH_ALL_IMG_ = "//" + Constants.NSPRE_XHTML_ + ":img"; +  private static final String XPATH_ALL_REF_ = "./" + Constants.NSPRE_DSIG_ + ":SignedInfo/" + +    Constants.NSPRE_DSIG_ + ":Reference"; +  private static final String XPATH_SIG_ENV_CONTENT_ = "/" + Constants.NSPRE_MOA_12_ + ":VerifyXMLSignatureRequest/" + +    Constants.NSPRE_MOA_12_ + ":VerifySignatureInfo/" + Constants.NSPRE_MOA_12_ + ":VerifySignatureEnvironment/*"; +   +   +   +  private static final String SLXHTML_TYPE_PREFIX_ = "http://www.buergerkarte.at/specifications/" +  +    "Security-Layer/20031113?Name=SignedImage&InstanceDocRef="; +   +    ServletContext context_; +   +  /** +   * Contains objects of type {@link HashInputDataInfo}. +   */ +  List hashInputDataInfos_; +      int hashInputDataCount_;    /* ---------------------------------------------------------------------------------------------------- */ -  public DataInfoBean(Document moaResponseDoc, ServletContext context,  HttpSession session) -    throws IOException +  public DataInfoBean(Document moaRequestDoc, Document moaResponseDoc, ServletContext context,   +    HttpSession session) throws Exception    { -    hashInputDataFilenames_ = new ArrayList(); +    context_ = context; +     +    hashInputDataInfos_ = new ArrayList();      int hashInputDataCount_ = 0;      Element moaResponseElem = moaResponseDoc.getDocumentElement();      List hidElems = DOMUtils.getChildElems(moaResponseElem, Constants.NSURI_MOA_12_, HID_ELEM_, false); -    Properties initProps = (Properties) context.getAttribute(Constants.WSCP_INIT_PROPS_); +    Properties initProps = (Properties) context_.getAttribute(Constants.WSCP_INIT_PROPS_);      String tempDir = initProps.getProperty(Constants.IP_TEMP_DIR_);      if (tempDir == null)      { @@ -69,7 +114,7 @@ public class DataInfoBean implements HttpSessionBindingListener        // Open file for current hash input data        String currHidFileNameStr = tempDir + session.getId() + "_" + System.currentTimeMillis() + "_" +          random.nextLong(); -      currHidFileNameStr = context.getRealPath(currHidFileNameStr);    +      currHidFileNameStr = context_.getRealPath(currHidFileNameStr);           FileOutputStream currHidFOS;        try        { @@ -111,7 +156,25 @@ public class DataInfoBean implements HttpSessionBindingListener          throw new RuntimeException("XML content not support yet.");        } -      hashInputDataFilenames_.add(currHidFileNameStr); +      hashInputDataInfos_.add(new HashInputDataInfo(currHidFileNameStr)); +    } +     +    // Check if hids are slxhtml documents; mark them appropriately +    try +    { +      Map signedImages = getSignedImages(moaRequestDoc, hashInputDataInfos_); +      for (int i = 0; i < hashInputDataInfos_.size(); i++) +      { +        HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(i); +        FileInputStream currHidIS = new FileInputStream(currHid.filename_); +        checkImages(currHidIS, currHid, signedImages); +      } +    } +    catch (Exception e) +    { +      String message = "Performing SLXHTML checks failed."; +      logger_.error(message, e);  +      throw new Exception(message, e);      }    } @@ -127,9 +190,9 @@ public class DataInfoBean implements HttpSessionBindingListener    public void valueUnbound(HttpSessionBindingEvent event)    {      // Delete all temporary hash input data files  -    for (int i = 0; i < hashInputDataFilenames_.size(); i++) +    for (int i = 0; i < hashInputDataInfos_.size(); i++)      { -      String currFileStr = (String) hashInputDataFilenames_.get(i); +      String currFileStr = ((HashInputDataInfo) hashInputDataInfos_.get(i)).filename_;        File currFile = new File(currFileStr);        currFile.delete();      } @@ -146,16 +209,295 @@ public class DataInfoBean implements HttpSessionBindingListener    public String getHashInputDataFilename()    { -    return (String) hashInputDataFilenames_.get(hashInputDataCount_); +    HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); +    return (currHid == null) ? null : currHid.filename_;    }    /* ---------------------------------------------------------------------------------------------------- */    public String getHashInputDataURL()    { -     -    return (hashInputDataFilenames_.size() > hashInputDataCount_)  +    return (hashInputDataInfos_.size() > hashInputDataCount_)         ? HID_URL_PREFIX_ + hashInputDataCount_        : null;    } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  public boolean getShowHashInputData() +  { +    HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); +    return (currHid == null) ? false : currHid.doShow_; +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  public boolean getIsSLXHTMLDocument() +  { +    HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); +    return (currHid == null) ? false : currHid.isSLXHTMLDocument_; +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  private Document parseSLXHTMLDocument(InputStream docIS) +  { +    DOMParser xmlParser = (DOMParser) context_.getAttribute(Constants.WSCP_XMLPARSER_); +    InputSource docInputSource = new InputSource(docIS); +    Document parsedDoc = null; +    try +    { +      xmlParser.parse(docInputSource); +      parsedDoc = xmlParser.getDocument(); +    } +    catch (Exception e) +    { +      // Exception shows that document is not a valid SLXHTML document; return null in that case  +      logger_.debug("HashInputData is not a valid SLXHTML document.", e); +      return null; +    } +     +    Element docElem = parsedDoc.getDocumentElement(); +    if (docElem.getNamespaceURI() != Constants.NSURI_XHTML_ || docElem.getLocalName() != HTML_ELEM_) +    { +      return null; +    } +     +    return parsedDoc; +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  private void checkImages(InputStream hidIS, HashInputDataInfo hid, Map signedImages) throws Exception +  { +    // Parse hidIS +    Document slxhtmlDoc = parseSLXHTMLDocument(hidIS); +    if (slxhtmlDoc == null) return; +     +    // Get all img elements of slxhtml document +    XPathUtils xpUtils = new XPathUtils(); +    String additionalNSPrefixes = Constants.NSPRE_XHTML_ + " " + Constants.NSURI_XHTML_; +    xpUtils.setupContext(XPATH_ALL_IMG_, slxhtmlDoc.getDocumentElement(), additionalNSPrefixes); +    NodeList imgTags = xpUtils.selectNodeSet(slxhtmlDoc); +     +    // Check if all img elements have corresponding slxhtml signed images +    boolean allImgsSigned = true; +    for (int i = 0; i < imgTags.getLength(); i++) +    { +      Element currImgElem = (Element) imgTags.item(i); +      String uri = currImgElem.getAttribute(SRC_ATTR_); +      if (!signedImages.containsKey(uri)) +      { +        allImgsSigned = false; +        break; +      } +    } +     +    // Mark all corresponding slxhtml signed images as not to be shown +    if (allImgsSigned) +    { +      for (int i = 0; i < imgTags.getLength(); i++) +      { +        Element currImgElem = (Element) imgTags.item(i); +        String uri = currImgElem.getAttribute(SRC_ATTR_); +        HashInputDataInfo currHidi = (HashInputDataInfo) signedImages.get(uri); +        currHidi.doShow_ = false; +      } +    } +     +    // Change the src attributes of all img tags so that they refer to the temporary names +    if (allImgsSigned) +    { +      for (int i = 0; i < imgTags.getLength(); i++) +      { +        Element currImgElem = (Element) imgTags.item(i); +        String uri = currImgElem.getAttribute(SRC_ATTR_); +        HashInputDataInfo currHidi = (HashInputDataInfo) signedImages.get(uri); +         +        Attr srcAttr = currImgElem.getAttributeNode(SRC_ATTR_); +        int slashPos = currHidi.filename_.lastIndexOf('/'); +        if (slashPos == -1) slashPos = 0; +        String newSrcAttrValue = currHidi.filename_.substring(slashPos + 1); +        srcAttr.setNodeValue(newSrcAttrValue); +      } +    } +     +    // Mark hid slxhtml document +    hid.isSLXHTMLDocument_ = true; + +    // Serialize modified slxhtml document to temporary file location +    if (allImgsSigned) +    { +      FileOutputStream slxhtmlFOS = new FileOutputStream(hid.filename_); +      MOAInvoker.serializeDocument(slxhtmlDoc, slxhtmlFOS); +      slxhtmlFOS.close(); +    } + +  } + +  /* ---------------------------------------------------------------------------------------------------- */ +   +  private Map getSignedImages(Document moaRequestDoc, List hashInputDataInfos) throws Exception +  { +    // Get signature from MOA request +    Element signatureElem = getSignature(moaRequestDoc); +     +    // Get all signature references from MOA request +    XPathUtils xpUtils = new XPathUtils(); +    String additionalNSPrefixes = Constants.NSPRE_DSIG_ + " " + Constants.NSURI_DSIG_; +    xpUtils.setupContext(XPATH_ALL_REF_, signatureElem, additionalNSPrefixes); +    NodeList dsigRefs = xpUtils.selectNodeSet(signatureElem); + +    // Check signature references for slxhtml images +    HashMap imgHids = new HashMap(dsigRefs.getLength()); +    for (int i = 0; i < dsigRefs.getLength(); i++) +    { +      Element currRef = (Element) dsigRefs.item(i); +      String type = currRef.getAttribute(TYPE_ATTR_); +      if (type != null && type.startsWith(SLXHTML_TYPE_PREFIX_)) +      { +        String uri = currRef.getAttribute(URI_ATTR_); +        Set referredHids = createReferredHidsSet(type); +        HashInputDataInfo currHidi = (HashInputDataInfo)hashInputDataInfos.get(i); +        currHidi.uri_ = uri; +        currHidi.referredHids_ = referredHids; +        currHidi.isSLXHTMLImage_ = true; +        imgHids.put(uri, currHidi); +      } +    } +     +    return imgHids; +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  private Set createReferredHidsSet(String type) throws Exception +  { +    HashSet set = new HashSet(); +    String typeSuffix = type.substring(SLXHTML_TYPE_PREFIX_.length()); +    StringTokenizer tokenizer = new StringTokenizer(typeSuffix, ","); +    while (tokenizer.hasMoreTokens()) +    { +      try +      { +        set.add(new Integer(tokenizer.nextToken())); +      } +      catch (NumberFormatException e) +      { +        String message = "Signed image type attribute \"" + type + "\" is malformed."; +        logger_.error(message, e); +        throw new Exception(message, e); +      } +    } +    return set; +  }   + +  /* ---------------------------------------------------------------------------------------------------- */ + +  private Element getSignature(Document moaRequestDoc) throws Exception +  { +    // Get signature environment content +    NodeList contentNL; +    try +    { +      XPathUtils xpUtils = new XPathUtils(); +      String addNSPrefixes = Constants.NSPRE_MOA_12_ + " " + Constants.NSURI_MOA_12_; +      xpUtils.setupContext(XPATH_SIG_ENV_CONTENT_, moaRequestDoc, addNSPrefixes); +      contentNL = xpUtils.selectNodeSet(moaRequestDoc); +    } +    catch (Exception e) +    { +      String message = "Cannot find signature environment content."; +      logger_.error(message); +      throw new Exception(message, e); +    } +    if (contentNL.getLength() == 0) +    { +      String message = "Cannot find signature environment content."; +      logger_.error(message); +      throw new Exception(message); +    } +    Element contentElem = (Element) contentNL.item(0); +     +    // Get signature environment document form siganture environment content +    String contentElemLocName = contentElem.getLocalName(); +    Element sigEnvElem = null; +    if (XMLCONT_ELEM_.equals(contentElemLocName)) +    { +      // XML content +      NodeList contentNodes = contentElem.getChildNodes(); +      for (int i = 0; i < contentNodes.getLength(); i++) +      { +        Node currContNode = (Node) contentNodes.item(i); +        if (currContNode.getNodeType() == Node.ELEMENT_NODE) +        { +          sigEnvElem = (Element) currContNode; +          break; +        } +      } +    } +    else if (B64CONT_ELEM_.equals(contentElemLocName)) +    { +      // Base64 content +      String base64ContStr = DOMUtils.getText(contentElem); +      byte[] contBytes = Util.Base64Decode(base64ContStr.getBytes()); +      ByteArrayInputStream contBIS = new ByteArrayInputStream(contBytes); +      Document sigEnvDoc; +      try +      { +        sigEnvDoc = DOMUtils.parseWellFormed(contBIS); +      } +      catch (Exception e) +      { +        String message = "Cannot parse signature environment from base64 content."; +        logger_.error(message); +        throw new Exception(message, e); +      } +      sigEnvElem = sigEnvDoc.getDocumentElement(); +    } +    else +    { +      // LocRef content +      String locRef = DOMUtils.getText(contentElem); +      URL locRefURL = new URL(locRef); +      InputStream contentIS = locRefURL.openStream(); +      Document sigEnvDoc; +      try +      { +        sigEnvDoc = DOMUtils.parseWellFormed(contentIS); +      } +      catch (Exception e) +      { +        String message = "Cannot parse signature environment from location reference content."; +        logger_.error(message); +        throw new Exception(message, e); +      } +      sigEnvElem = sigEnvDoc.getDocumentElement(); +    } +     +    // Get signature form signature environment document +    Element sigInfoElem = (Element) contentElem.getParentNode().getParentNode(); +    Element sigLocElem = DOMUtils.getChildElem(sigInfoElem, Constants.NSURI_MOA_12_, SIGLOC_ELEM_); +    String sigLocXPath = DOMUtils.getText(sigLocElem); +    NodeList sigElemNL; +    try +    { +      XPathUtils xpUtils = new XPathUtils(); +      xpUtils.setupContext(sigLocXPath, sigLocElem, null); +      sigElemNL = xpUtils.selectNodeSet(sigEnvElem); +    } +    catch (Exception e) +    { +      String message = "Cannot get signature at location \"" + sigLocXPath + "\" from signature environment."; +      logger_.error(message); +      throw new Exception(message, e); +    } +    if (sigElemNL.getLength() != 1 || ((Node) sigElemNL.item(0)).getNodeType() != Node.ELEMENT_NODE) +    { +      String message = "Cannot get signature at location \"" + sigLocXPath + "\" from signature environment."; +      logger_.error(message); +      throw new Exception(message); +    } +    return (Element) sigElemNL.item(0); +  }  } diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java new file mode 100644 index 000000000..e2cb27ab3 --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java @@ -0,0 +1,55 @@ +/* + * Created on 02.12.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import java.util.Set; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)  + */ +public class HashInputDataInfo +{ +  /** +   * The name of the temporary file in which this data is stored. +   */ +  public String filename_; +   +  /** +   * Is this HID a SLXHTML document?  +   */ +  public boolean isSLXHTMLDocument_; +   +  /** +   * Is this HID a SLXHTML signed image? +   */ +  public boolean isSLXHTMLImage_; +   +  /** +   * Show HID in result presentation? +   */ +  public boolean doShow_; +   +  /** +   * The URI attribute value of the dsig:Reference corresponding with this HID. +   */ +  public String uri_; + +  /** +   * In case that this ID is a SLXHTML signed image, this set contains objects of type <code>Integer</code>, +   * indicating the SLXHTML HIDs where this image is referenced. +   */ +  public Set referredHids_; +   +  public HashInputDataInfo(String filename) +  { +    filename_ = filename; +    isSLXHTMLDocument_ = false; +    isSLXHTMLImage_ = false; +    doShow_ = true; +    uri_ = null; +    referredHids_ = null; +  } +} diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java index 9a4529565..b67d978ad 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java @@ -128,9 +128,19 @@ public class SL2MOAFilter implements Filter      }      // Create bean with info about signed data -    DataInfoBean dataInfo = new DataInfoBean(moaResponseDoc, config_.getServletContext(), session); -    session.setAttribute("dataInfo", dataInfo); - +    try +    { +      DataInfoBean dataInfo = new DataInfoBean( +        moaXMLRequestDoc, moaResponseDoc, config_.getServletContext(), session); +      session.setAttribute("dataInfo", dataInfo); +    } +    catch (Exception e) +    { +      String message = "Creating DataInfobean failed."; +      logger_.error(message, e); +      throw new ServletException(message, e); +    } +          // Transform MOA response into a SL response       Document slResponseDoc;      slResponseDoc = MOA2SL.toSlVerifyXMLSignatureResponse(moaResponseDoc); diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/ContextListener.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/ContextListener.java index 0b3980a50..83b6e96dd 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/ContextListener.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/ContextListener.java @@ -48,6 +48,8 @@ public class ContextListener implements ServletContextListener    private static Logger logger_ = Logger.getLogger(Constants.LH_LISTENERS_); +  /* ---------------------------------------------------------------------------------------------------- */ +    /**     * Initializes the web application.     *  @@ -90,12 +92,20 @@ public class ContextListener implements ServletContextListener      preparser.setFeature(SAX_NAMESPACES_FEATURE, true);      preparser.setFeature(SAX_VALIDATION_FEATURE, true); +    // Schema for Security-Layer 1.2 alpha (including LocRefContent)      Properties initProps = (Properties) context.getAttribute(Constants.WSCP_INIT_PROPS_);      String slSchemaLoc = initProps.getProperty(Constants.IP_SL_SCHEMA_);      preparseSchema(context, preparser, slSchemaLoc); + +    // Schema for MOA 1.2      String moaSchemaLoc = initProps.getProperty(Constants.IP_MOA_SCHEMA_);      preparseSchema(context, preparser, moaSchemaLoc); - +     +    // Schema for SLXHTML 1.0 +    String slxhtmlSchemaLoc = initProps.getProperty(Constants.IP_SLXHTML_SCHEMA_); +    preparseSchema(context, preparser, slxhtmlSchemaLoc); +     +    // TODO parser is not threadsafe      DOMParser xmlParser = new DOMParser(symbolTable, grammarPool);      try      { @@ -106,6 +116,7 @@ public class ContextListener implements ServletContextListener        xmlParser.setFeature(XERCES_INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);        xmlParser.setFeature(XERCES_CREATE_ENTITY_REF_NODES_FEATURE, false);        xmlParser.setFeature(XERCES_DEFER_NODE_EXPANSION_, false); +      xmlParser.setErrorHandler(new XMLParserErrorHandler(false, true, true));      }      catch (SAXException e) diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/XMLParserErrorHandler.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/XMLParserErrorHandler.java new file mode 100644 index 000000000..b6fc770c0 --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/listeners/XMLParserErrorHandler.java @@ -0,0 +1,65 @@ +/* + * Created on 02.12.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.listeners; + +import org.apache.log4j.Logger; +import org.xml.sax.ErrorHandler; +import org.xml.sax.SAXException; +import org.xml.sax.SAXParseException; + +import at.gv.egovernment.moa.spss.slinterface.Constants; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at)  + */ +public class XMLParserErrorHandler implements ErrorHandler +{ +  private static Logger logger_ = Logger.getLogger(Constants.LH_LISTENERS_); + +  private boolean reportWarning_, reportError_, reportFatal_; + +  /* ---------------------------------------------------------------------------------------------------- */ + +  public XMLParserErrorHandler(boolean reportWarning, boolean reportError, boolean reportFatal) +  { +    reportWarning_ = reportWarning; +    reportError_ = reportError; +    reportFatal_ = reportFatal; +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  /** +   * @see org.xml.sax.ErrorHandler#warning(org.xml.sax.SAXParseException) +   */ +  public void warning(SAXParseException exception) throws SAXException +  { +    logger_.warn("XML parser reported a warning.", exception); +    if (reportWarning_) throw exception; +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  /** +   * @see org.xml.sax.ErrorHandler#error(org.xml.sax.SAXParseException) +   */ +  public void error(SAXParseException exception) throws SAXException +  { +    logger_.error("XML parser reported an error.", exception); +    if (reportError_) throw exception; +  } + +  /* ---------------------------------------------------------------------------------------------------- */ + +  /** +   * @see org.xml.sax.ErrorHandler#fatalError(org.xml.sax.SAXParseException) +   */ +  public void fatalError(SAXParseException exception) throws SAXException +  { +    logger_.error("XML parser reported a fatal error.", exception); +    if (reportFatal_) throw exception; +  } +} | 
