From 36df570f6c24d60498bb8c040ffbaa4ad0f7583f Mon Sep 17 00:00:00 2001 From: gregor Date: Tue, 26 Jul 2005 14:43:17 +0000 Subject: =?UTF-8?q?L=C3=B6sung=20f=C3=BCr=20Bug=20232=20implementiert.=20N?= =?UTF-8?q?och=20nicht=20final=20getestet.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@406 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../invoke/VerifyXMLSignatureResponseBuilder.java | 195 +++++++++++++++++---- .../invoke/XMLSignatureVerificationInvoker.java | 2 +- 2 files changed, 162 insertions(+), 35 deletions(-) (limited to 'spss.server/src/at/gv/egovernment/moa/spss/server/invoke') diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index af5787795..076e9d1a5 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -1,13 +1,5 @@ package at.gv.egovernment.moa.spss.server.invoke; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import org.w3c.dom.DocumentFragment; -import org.w3c.dom.NodeList; - import iaik.ixsil.algorithms.CanonicalizationAlgorithm; import iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments; import iaik.server.modules.xml.BinaryDataObject; @@ -24,19 +16,29 @@ import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; import iaik.x509.X509Certificate; -import at.gv.egovernment.moa.util.CollectionUtils; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.NodeListAdapter; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.w3c.dom.DocumentFragment; +import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl; +import at.gv.egovernment.moa.spss.api.impl.InputDataXMLImpl; import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.util.CollectionUtils; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.NodeListAdapter; /** * A class to build a VerifyXMLSignatureResponse object. @@ -123,23 +125,76 @@ public class VerifyXMLSignatureResponseBuilder { certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID()); - // add HashInputData Content objects + // Create HashInputData Content objects referenceDataList = result.getReferenceDataList(); if (profile.includeHashInputData()) { hashInputDatas = new ArrayList(); - for (iter = referenceDataList.iterator(); iter.hasNext();) { - referenceData = (ReferenceData) iter.next(); - hashInputDatas.add(buildContent(referenceData.getHashInputData())); + + // Include SignedInfo references + addHashInputDatas( + hashInputDatas, + referenceDataList, + InputData.CONTAINER_SIGNEDINFO_, + InputData.REFERER_NONE_); + + // Include SignatureManifest references + if (result.containsSecurityLayerManifest()) + { + List sigMFReferenceDataList = result.getSecurityLayerManifest().getReferenceDataList(); + addHashInputDatas( + hashInputDatas, + sigMFReferenceDataList, + InputData.CONTAINER_SIGNATUREMANIFEST_, + result.getSecurityLayerManifest().getReferringReferenceInfo().getReferenceIndex()); + } + + // Include XMLDSIGManifest references + List xMLDSIGManifests = result.getDsigManifestList(); + for (iter = xMLDSIGManifests.iterator(); iter.hasNext();) + { + DsigManifest currentMF = (DsigManifest) iter.next(); + List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList(); + addHashInputDatas( + hashInputDatas, + xMLDSIGMFReferenceDataList, + InputData.CONTAINER_XMLDSIGMANIFEST_, + currentMF.getReferringReferenceInfo().getReferenceIndex()); } } - // create the ReferenceInputData Content objects + // Create the ReferenceInputData Content objects if (profile.includeReferenceInputData()) { referenceInputDatas = new ArrayList(); - for (iter = referenceDataList.iterator(); iter.hasNext();) { - referenceData = (ReferenceData) iter.next(); - referenceInputDatas.add( - buildContent(referenceData.getReferenceInputData())); + + // Include SignedInfo references + addReferenceInputDatas( + referenceInputDatas, + referenceDataList, + InputData.CONTAINER_SIGNEDINFO_, + InputData.REFERER_NONE_); + + // Include SignatureManifest references + if (result.containsSecurityLayerManifest()) + { + List sigMFReferenceDataList = result.getSecurityLayerManifest().getReferenceDataList(); + addReferenceInputDatas( + referenceInputDatas, + sigMFReferenceDataList, + InputData.CONTAINER_SIGNATUREMANIFEST_, + result.getSecurityLayerManifest().getReferringReferenceInfo().getReferenceIndex()); + } + + // Include XMLDSIGManifest references + List xMLDSIGManifests = result.getDsigManifestList(); + for (iter = xMLDSIGManifests.iterator(); iter.hasNext();) + { + DsigManifest currentMF = (DsigManifest) iter.next(); + List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList(); + addReferenceInputDatas( + referenceInputDatas, + xMLDSIGMFReferenceDataList, + InputData.CONTAINER_XMLDSIGMANIFEST_, + currentMF.getReferringReferenceInfo().getReferenceIndex()); } } @@ -183,7 +238,7 @@ public class VerifyXMLSignatureResponseBuilder { else { // security layer manifest exists, but has errors - failedReferences = buildFailedReferences(slManifest.getReferenceInfoList()); + failedReferences = buildFailedReferences(slManifest.getReferenceDataList()); checkResultInfo = (failedReferences != null) ? factory.createReferencesCheckResultInfo(null, failedReferences) : null; @@ -221,7 +276,7 @@ public class VerifyXMLSignatureResponseBuilder { ManifestRefsCheckResultInfo manifestCheckResultInfo; failedReferences = - buildFailedReferences(dsigManifest.getReferenceInfoList()); + buildFailedReferences(dsigManifest.getReferenceDataList()); manifestCheckResultInfo = factory.createManifestRefsCheckResultInfo( null, @@ -239,27 +294,93 @@ public class VerifyXMLSignatureResponseBuilder { } /** - * Build a Content object from the given DataObject. + * Adds {@link InputData} entries to the specified inputDatas list. The content of the entry will + * be created from {@link ReferenceData#getHashInputData()}. + * + * @param inputDatas The list to be amended. + * + * @param referenceDataList The list of {@link ReferenceData} objects to be investigated. + * + * @param containerType The type of container of the {@link InputData} objects to be created. + * + * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created. + * + * @throws MOAApplicationException if creating an {@link InputData} fails. + */ + private void addHashInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber) + throws MOAApplicationException + { + for (Iterator iter = referenceDataList.iterator(); iter.hasNext();) + { + ReferenceData referenceData = (ReferenceData) iter.next(); + inputDatas.add(buildInputData( + referenceData.getHashInputData(), + containerType, + refererNumber)); + } + } + + /** + * Adds {@link InputData} entries to the specified inputDatas list. The content of the entry will + * be created from {@link ReferenceData#getReferenceInputData()}. + * + * @param inputDatas The list to be amended. + * + * @param referenceDataList The list of {@link ReferenceData} objects to be investigated. + * + * @param containerType The type of container of the {@link InputData} objects to be created. + * + * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created. + * + * @throws MOAApplicationException if creating an {@link InputData} fails. + */ + private void addReferenceInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber) + throws MOAApplicationException + { + for (Iterator iter = referenceDataList.iterator(); iter.hasNext();) + { + ReferenceData referenceData = (ReferenceData) iter.next(); + inputDatas.add(buildInputData( + referenceData.getReferenceInputData(), + containerType, + refererNumber)); + } + } + + /** + * Build a InputDataBinaryImpl or an InputDataXMLImpl + * object from the given DataObject and the given attributes. + * + * @param dataObject The DataObject from which to build the result. + * Based on the type of this parameter, the type of the result will either be + * InputDataBinaryImpl or InputDataXMLImpl. + * + * @param partof see {@link InputData} + * + * @param referringReferenceNumber see {@link InputData} * - * @param dataObject The DataObject from which to build the - * Content. Based on the type of this parameter, the type of - * Content will either be XML_CONTENT or - * BINARY_CONTENT. - * @return The Content object containing the data. - * @throws MOAApplicationException An error occurred adding the content. + * @return The corresponinding input data implementation. + * + * @throws MOAApplicationException An error occurred creating the result. */ - private Content buildContent(DataObject dataObject) + private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber) throws MOAApplicationException { if (dataObject instanceof BinaryDataObject) { BinaryDataObject binaryData = (BinaryDataObject) dataObject; - return factory.createContent(binaryData.getInputStream(), null); + return new InputDataBinaryImpl( + factory.createContent(binaryData.getInputStream(), null), + partOf, + referringReferenceNumber); } else if (dataObject instanceof XMLDataObject) { XMLDataObject xmlData = (XMLDataObject) dataObject; List nodes = new ArrayList(); nodes.add(xmlData.getElement()); - return factory.createContent(new NodeListAdapter(nodes), null); + return new InputDataXMLImpl( + factory.createContent(new NodeListAdapter(nodes), null), + partOf, + referringReferenceNumber); } else { // dataObject instanceof XMLNodeListDataObject // if the data in the NodeList can be converted back to valid XML, // write it as XMLContent; otherwise, write it as Base64Content @@ -271,7 +392,10 @@ public class VerifyXMLSignatureResponseBuilder { try { DocumentFragment fragment = DOMUtils.nodeList2DocumentFragment(nodes); - return factory.createContent(fragment.getChildNodes(), null); + return new InputDataXMLImpl( + factory.createContent(fragment.getChildNodes(), null), + partOf, + referringReferenceNumber); } catch (Exception e) { // not successful -> fall through to the Base64Content } @@ -285,7 +409,10 @@ public class VerifyXMLSignatureResponseBuilder { c14n.setInput(nodes); is = c14n.canonicalize(); - return factory.createContent(is, null); + return new InputDataBinaryImpl( + factory.createContent(is, null), + partOf, + referringReferenceNumber); } catch (Exception e) { throw new MOAApplicationException("2200", null); } diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 1f9d45ed1..e675a40d6 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -501,7 +501,7 @@ public class XMLSignatureVerificationInvoker { Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements()); List referenceInfoList = - result.getSecurityLayerManifest().getReferenceInfoList(); + result.getSecurityLayerManifest().getReferenceDataList(); Iterator refIter; for (refIter = referenceInfoList.iterator(); refIter.hasNext();) { -- cgit v1.2.3