From e06e1534392fadfd84c84fb403be56fa9c852fdb Mon Sep 17 00:00:00 2001 From: gregor Date: Mon, 26 Jun 2006 14:50:59 +0000 Subject: Verzeichnis verschoben nach /src git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@714 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/spss/slinterface/beans/ChecksInfoBean.java | 165 +++++++ .../moa/spss/slinterface/beans/DataInfoBean.java | 541 +++++++++++++++++++++ .../spss/slinterface/beans/HashInputDataInfo.java | 55 +++ .../spss/slinterface/beans/InitPropertiesBean.java | 36 ++ .../moa/spss/slinterface/beans/SignerInfoBean.java | 127 +++++ 5 files changed, 924 insertions(+) create mode 100644 spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/ChecksInfoBean.java create mode 100644 spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java create mode 100644 spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java create mode 100644 spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/InitPropertiesBean.java create mode 100644 spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/SignerInfoBean.java (limited to 'spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans') diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/ChecksInfoBean.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/ChecksInfoBean.java new file mode 100644 index 000000000..00c9fd517 --- /dev/null +++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/ChecksInfoBean.java @@ -0,0 +1,165 @@ +/* + * Created on 27.11.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import java.util.List; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.slinterface.Constants; +import at.gv.egovernment.moa.spss.slinterface.DOMUtils; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class ChecksInfoBean +{ + private static final String SIG_CHECK_ELEM_ = "SignatureCheck"; + private static final String SIGMF_CHECK_ELEM_ = "SignatureManifestCheck"; + private static final String XMLDSIGMF_CHECK_ELEM_ = "XMLDSIGManifestCheck"; + private static final String CERT_CHECK_ELEM_ = "CertificateCheck"; + private static final String CODE_ELEM_ = "Code"; + private static final String INFO_ELEM_ = "Info"; + private static final String FAILEDREF_ELEM_ = "FailedReference"; + private static final String REFSIGREF_ELEM_ = "ReferringSigReference"; + + private Element sigCheckElem_; + private int sigCheckFaildRefCount_; + + private Element sigMFCheckElem_; + private int sigMFCheckFaildRefCount_; + + private List xmldsigMFCheckElems_; + private int xmldsigMFCheckCount_; + private int xmldsigMFCheckFaildRefCount_; + + private Element certCheckElem_; + + /** + * Creates a bean with information about the checks executed for the verified xml signature. + * + * @pre slResponseDoc has been validated. + */ + public ChecksInfoBean(Document slResponseDoc) + { + Element verifyXMLResponseElem = slResponseDoc.getDocumentElement(); + sigCheckElem_ = DOMUtils.getChildElem( + verifyXMLResponseElem, Constants.NSURI_SL_11_, SIG_CHECK_ELEM_); + sigMFCheckElem_ = DOMUtils.getChildElem( + verifyXMLResponseElem, Constants.NSURI_SL_11_, SIGMF_CHECK_ELEM_); + xmldsigMFCheckElems_ = DOMUtils.getChildElems( + verifyXMLResponseElem, Constants.NSURI_SL_11_, XMLDSIGMF_CHECK_ELEM_, false); + certCheckElem_ = DOMUtils.getChildElem( + verifyXMLResponseElem, Constants.NSURI_SL_11_, CERT_CHECK_ELEM_); + + sigCheckFaildRefCount_ = 0; + sigMFCheckFaildRefCount_ = 0; + xmldsigMFCheckFaildRefCount_ = 0; + xmldsigMFCheckCount_ = 0; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSigCheckCode() + { + return DOMUtils.getChildText(sigCheckElem_, Constants.NSURI_SL_11_, CODE_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setSigCheckFailedRefCount(int count) + { + sigCheckFaildRefCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSigCheckFailedRef() + { + Element info = DOMUtils.getChildElem(sigCheckElem_, Constants.NSURI_SL_11_, INFO_ELEM_); + if (info == null) return null; + List failedRefElems = DOMUtils.getChildElems(info, Constants.NSURI_SL_11_, FAILEDREF_ELEM_, false); + if (failedRefElems == null || failedRefElems.size() <= sigCheckFaildRefCount_) return null; + return DOMUtils.getText((Element)failedRefElems.get(sigCheckFaildRefCount_)); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSigMFCheckCode() + { + return DOMUtils.getChildText(sigMFCheckElem_, Constants.NSURI_SL_11_, CODE_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setSigMFCheckFailedRefCount(int count) + { + sigMFCheckFaildRefCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSigMFCheckFailedRef() + { + Element info = DOMUtils.getChildElem(sigMFCheckElem_, Constants.NSURI_SL_11_, INFO_ELEM_); + if (info == null) return null; + List failedRefElems = DOMUtils.getChildElems(info, Constants.NSURI_SL_11_, FAILEDREF_ELEM_, false); + if (failedRefElems == null || failedRefElems.size() <= sigMFCheckFaildRefCount_) return null; + return DOMUtils.getText((Element)failedRefElems.get(sigMFCheckFaildRefCount_)); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setXmldsigMFCheckCount(int count) + { + xmldsigMFCheckCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setXmldsigMFCheckFailedRefCount(int count) + { + xmldsigMFCheckFaildRefCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getXmldsigMFCheckCode() + { + Element xmldsigMFCheckElem = (Element)xmldsigMFCheckElems_.get(xmldsigMFCheckCount_); + return DOMUtils.getChildText(xmldsigMFCheckElem, Constants.NSURI_SL_11_, CODE_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getXmldsigMFCheckFailedRef() + { + Element xmldsigMFCheckElem = (Element)xmldsigMFCheckElems_.get(xmldsigMFCheckCount_); + Element info = DOMUtils.getChildElem(xmldsigMFCheckElem, Constants.NSURI_SL_11_, INFO_ELEM_); + if (info == null) return null; + List failedRefElems = DOMUtils.getChildElems(info, Constants.NSURI_SL_11_, FAILEDREF_ELEM_, false); + if (failedRefElems == null || failedRefElems.size() <= xmldsigMFCheckFaildRefCount_) return null; + return DOMUtils.getText((Element)failedRefElems.get(xmldsigMFCheckFaildRefCount_)); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getXmldsigMFCheckReferringSigRef() + { + Element xmldsigMFCheckElem = (Element)xmldsigMFCheckElems_.get(xmldsigMFCheckCount_); + Element info = DOMUtils.getChildElem(xmldsigMFCheckElem, Constants.NSURI_SL_11_, INFO_ELEM_); + if (info == null) return null; + return DOMUtils.getChildText(info, Constants.NSURI_SL_11_, REFSIGREF_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getCertCheckCode() + { + return DOMUtils.getChildText(certCheckElem_, Constants.NSURI_SL_10_, CODE_ELEM_); + } +} diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java new file mode 100644 index 000000000..570f3fb15 --- /dev/null +++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java @@ -0,0 +1,541 @@ +/* + * Created on 27.11.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import iaik.utils.Util; + +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Random; +import java.util.Set; +import java.util.StringTokenizer; + +import javax.servlet.ServletContext; +import javax.servlet.http.HttpSession; +import javax.servlet.http.HttpSessionBindingEvent; +import javax.servlet.http.HttpSessionBindingListener; + +import org.apache.log4j.Logger; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; + +import at.gv.egovernment.moa.spss.slinterface.Constants; +import at.gv.egovernment.moa.spss.slinterface.DOMUtils; +import at.gv.egovernment.moa.spss.slinterface.URLRewriter; +import at.gv.egovernment.moa.spss.slinterface.XPathUtils; +import at.gv.egovernment.moa.spss.slinterface.moainvoker.MOAInvoker; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class DataInfoBean implements HttpSessionBindingListener +{ + private static Logger logger_ = Logger.getLogger(Constants.LH_BEANS_); + + // MOA + private static final String HID_ELEM_ = "HashInputData"; + private static final String B64CONT_ELEM_ = "Base64Content"; + private static final String XMLCONT_ELEM_ = "XMLContent"; + private static final String SIGLOC_ELEM_ = "VerifySignatureLocation"; + + // XMLDSIG + private static final String TYPE_ATTR_ = "Type"; + private static final String URI_ATTR_ = "URI"; + + // XHTML + private static final String SRC_ATTR_ = "src"; + private static final String HTML_ELEM_ = "html"; + + private static final String HID_URL_PREFIX_ = "/showdata?hidCount="; + + private static final String XPATH_ALL_IMG_ = "//" + Constants.NSPRE_XHTML_ + ":img"; + private static final String XPATH_ALL_REF_ = "./" + Constants.NSPRE_DSIG_ + ":SignedInfo/" + + Constants.NSPRE_DSIG_ + ":Reference"; + private static final String XPATH_SIG_ENV_CONTENT_ = "/" + Constants.NSPRE_MOA_12_ + ":VerifyXMLSignatureRequest/" + + Constants.NSPRE_MOA_12_ + ":VerifySignatureInfo/" + Constants.NSPRE_MOA_12_ + ":VerifySignatureEnvironment/*"; + + private static final String SLXHTML_TYPE_PREFIX_ = "http://www.buergerkarte.at/specifications/" + + "Security-Layer/20031113?Name=SignedImage&InstanceDocRef="; + + private static final String ETSI_TYPE_ = "http://uri.etsi.org/01903/v1.1.1#SignedProperties"; + private static final String SLMANIFEST_TYPE_ = + "http://www.buergerkarte.at/specifications/Securitylayer/20020225#SignatureManifest"; + + ServletContext context_; + String contextPath_; + HttpSession session_; + + Properties initProps_; + + /** + * Contains objects of type {@link HashInputDataInfo}. + */ + List hashInputDataInfos_; + + int hashInputDataCount_; + + /* ---------------------------------------------------------------------------------------------------- */ + + public DataInfoBean(Document moaRequestDoc, Document moaResponseDoc, String contextPath, HttpSession session, + ServletContext context) throws Exception + { + context_ = context; + contextPath_ = contextPath; + session_ = session; + initProps_ = (Properties) context_.getAttribute(Constants.WSCP_INIT_PROPS_); + + hashInputDataInfos_ = new ArrayList(); + int hashInputDataCount_ = 0; + + Element moaResponseElem = moaResponseDoc.getDocumentElement(); + List hidElems = DOMUtils.getChildElems(moaResponseElem, Constants.NSURI_MOA_12_, HID_ELEM_, false); + + String tempDir = initProps_.getProperty(Constants.IP_TEMP_DIR_); + if (tempDir == null) + { + String message = "Init property \"" + Constants.IP_TEMP_DIR_ + "\" not set."; + logger_.error(message); + throw new IOException(message); + } + + Random random = new Random(); + for (int i = 0; i < hidElems.size(); i++) + { + // Open file for current hash input data + String currHidFileNameStr = tempDir + session_.getId() + "_" + System.currentTimeMillis() + "_" + + random.nextLong(); + currHidFileNameStr = context_.getRealPath(currHidFileNameStr); + FileOutputStream currHidFOS; + try + { + currHidFOS = new FileOutputStream(currHidFileNameStr); + } + catch (IOException e) + { + String message = "Cannot open file \"" + currHidFileNameStr + "\"."; + logger_.error(message); + throw new IOException(message); + } + + // Write HID to file + Element currHidElem = (Element) hidElems.get(i); + Element base64ContentElem = DOMUtils.getChildElem(currHidElem, Constants.NSURI_MOA_12_, B64CONT_ELEM_); + if (base64ContentElem != null) + { + // HID is base64 + + String base64ContentText = DOMUtils.getText(base64ContentElem); + byte[] content = Util.Base64Decode(base64ContentText.getBytes()); + try + { + currHidFOS.write(content); + currHidFOS.close(); + } + catch (IOException e) + { + String message = "Cannot write to file \"" + currHidFileNameStr + "\"."; + logger_.error(message); + throw new IOException(message); + } + } + else + { + // HID is XML + + // TODO treatment of XML content + throw new RuntimeException("XML content not support yet."); + } + + hashInputDataInfos_.add(new HashInputDataInfo(currHidFileNameStr)); + } + logger_.debug("Finnished writing hash input data to files."); + + // Check if hids are slxhtml documents; mark them appropriately + try + { + Map signedImages = getSignedImages(moaRequestDoc, hashInputDataInfos_); + for (int i = 0; i < hashInputDataInfos_.size(); i++) + { + HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(i); + FileInputStream currHidIS = new FileInputStream(currHid.filename_); + checkImages(currHidIS, currHid, signedImages); + } + } + catch (Exception e) + { + String message = "Performing SLXHTML checks failed."; + logger_.error(message, e); + throw new Exception(message, e); + } + logger_.debug("Finnished checking hash input data for slxhtml conformity."); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void valueBound(HttpSessionBindingEvent event) + { + // Do nothing. + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void valueUnbound(HttpSessionBindingEvent event) + { + // Delete all temporary hash input data files + for (int i = 0; i < hashInputDataInfos_.size(); i++) + { + String currFileStr = ((HashInputDataInfo) hashInputDataInfos_.get(i)).filename_; + File currFile = new File(currFileStr); + currFile.delete(); + } + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setHashInputDataCount(int count) + { + hashInputDataCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getHashInputDataFilename() + { + HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); + return (currHid == null) ? null : currHid.filename_; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getHashInputDataURL() + { + return (hashInputDataInfos_.size() > hashInputDataCount_) + ? HID_URL_PREFIX_ + hashInputDataCount_ + : null; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public boolean getShowHashInputData() + { + HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); + return (currHid == null) ? false : currHid.doShow_; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public boolean getIsSLXHTMLDocument() + { + HashInputDataInfo currHid = (HashInputDataInfo) hashInputDataInfos_.get(hashInputDataCount_); + return (currHid == null) ? false : currHid.isSLXHTMLDocument_; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private Document parseSLXHTMLDocument(InputStream docIS) + { + DOMParser xmlParser = (DOMParser) context_.getAttribute(Constants.WSCP_XMLPARSER_); + InputSource docInputSource = new InputSource(docIS); + Document parsedDoc = null; + try + { + xmlParser.parse(docInputSource); + parsedDoc = xmlParser.getDocument(); + } + catch (Exception e) + { + // Exception shows that document is not a valid SLXHTML document; return null in that case + logger_.debug("HashInputData is not a valid SLXHTML document.", e); + return null; + } + + Element docElem = parsedDoc.getDocumentElement(); + if (docElem.getNamespaceURI() != Constants.NSURI_XHTML_ || docElem.getLocalName() != HTML_ELEM_) + { + return null; + } + + return parsedDoc; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private void checkImages(InputStream hidIS, HashInputDataInfo hid, Map signedImages) throws Exception + { + // Parse hidIS + Document slxhtmlDoc = parseSLXHTMLDocument(hidIS); + if (slxhtmlDoc == null) return; + + // Get all img elements of slxhtml document + XPathUtils xpUtils = new XPathUtils(); + String additionalNSPrefixes = Constants.NSPRE_XHTML_ + " " + Constants.NSURI_XHTML_; + xpUtils.setupContext(XPATH_ALL_IMG_, slxhtmlDoc.getDocumentElement(), additionalNSPrefixes); + NodeList imgTags = xpUtils.selectNodeSet(slxhtmlDoc); + + // Check if all img elements have corresponding slxhtml signed images + boolean allImgsSigned = true; + for (int i = 0; i < imgTags.getLength(); i++) + { + Element currImgElem = (Element) imgTags.item(i); + String uri = currImgElem.getAttribute(SRC_ATTR_); + if (!signedImages.containsKey(uri)) + { + allImgsSigned = false; + break; + } + } + + // Mark all corresponding slxhtml signed images as not to be shown + if (allImgsSigned) + { + for (int i = 0; i < imgTags.getLength(); i++) + { + Element currImgElem = (Element) imgTags.item(i); + String uri = currImgElem.getAttribute(SRC_ATTR_); + HashInputDataInfo currHidi = (HashInputDataInfo) signedImages.get(uri); + currHidi.doShow_ = false; + } + } + + if (allImgsSigned) + { + // Change the src attributes of all img tags so that they refer to the temporary names + for (int i = 0; i < imgTags.getLength(); i++) + { + Element currImgElem = (Element) imgTags.item(i); + String uri = currImgElem.getAttribute(SRC_ATTR_); + HashInputDataInfo currHidi = (HashInputDataInfo) signedImages.get(uri); + + Attr srcAttr = currImgElem.getAttributeNode(SRC_ATTR_); + int slashPos = currHidi.filename_.lastIndexOf(System.getProperty("file.separator")); + +// Properties initProps = (Properties) context_.getAttribute(Constants.WSCP_INIT_PROPS_); +// String tempDir = initProps.getProperty(Constants.IP_TEMP_DIR_); +// String newSrcAttrValue = "." + tempDir + currHidi.filename_.substring(slashPos + 1); + + Properties initProps = (Properties) context_.getAttribute(Constants.WSCP_INIT_PROPS_); + String tempDir = initProps.getProperty(Constants.IP_TEMP_DIR_); + URLRewriter urlRewriter = (URLRewriter) context_.getAttribute(Constants.WSCP_URL_REWRITER_); + String newSrcAttrValue = urlRewriter.rewrite( + contextPath_ + tempDir + currHidi.filename_.substring(slashPos + 1), session_); + + srcAttr.setNodeValue(newSrcAttrValue); + } + + // Mark hid as slxhtml document + hid.isSLXHTMLDocument_ = true; + + // Serialize modified slxhtml document to temporary file location + FileOutputStream slxhtmlFOS = new FileOutputStream(hid.filename_); + MOAInvoker.serializeDocument(slxhtmlDoc, slxhtmlFOS); + slxhtmlFOS.close(); + } + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private Map getSignedImages(Document moaRequestDoc, List hashInputDataInfos) throws Exception + { + // Get signature from MOA request + Element signatureElem = getSignature(moaRequestDoc); + + // Get all signature references from MOA request + XPathUtils xpUtils = new XPathUtils(); + String additionalNSPrefixes = Constants.NSPRE_DSIG_ + " " + Constants.NSURI_DSIG_; + xpUtils.setupContext(XPATH_ALL_REF_, signatureElem, additionalNSPrefixes); + NodeList dsigRefs = xpUtils.selectNodeSet(signatureElem); + + // Check signature references for slxhtml images + HashMap imgHids = new HashMap(dsigRefs.getLength()); + for (int i = 0; i < dsigRefs.getLength(); i++) + { + Element currRef = (Element) dsigRefs.item(i); + String type = currRef.getAttribute(TYPE_ATTR_); + if (type != null && type.startsWith(SLXHTML_TYPE_PREFIX_)) + { + String uri = currRef.getAttribute(URI_ATTR_); + Set referredHids = createReferredHidsSet(type); + HashInputDataInfo currHidi = (HashInputDataInfo)hashInputDataInfos.get(i); + currHidi.uri_ = uri; + currHidi.referredHids_ = referredHids; + currHidi.isSLXHTMLImage_ = true; + imgHids.put(uri, currHidi); + } + } + + // Check signature references if they refer to etsi attributes or to a SL manifest + for (int i = 0; i < dsigRefs.getLength(); i++) + { + Element currRef = (Element) dsigRefs.item(i); + String type = currRef.getAttribute(TYPE_ATTR_); + if (type != null && type.equals(ETSI_TYPE_)) + { + HashInputDataInfo currHidi = (HashInputDataInfo)hashInputDataInfos.get(i); + currHidi.doShow_ = new Boolean(initProps_.getProperty(Constants.IP_RES_SHOWETSI_).trim()).booleanValue(); + } + if (type != null && type.equals(SLMANIFEST_TYPE_)) + { + HashInputDataInfo currHidi = (HashInputDataInfo)hashInputDataInfos.get(i); + currHidi.doShow_ = new Boolean(initProps_.getProperty(Constants.IP_RES_SHOWSLMAN_).trim()).booleanValue(); + } + } + + return imgHids; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private Set createReferredHidsSet(String type) throws Exception + { + HashSet set = new HashSet(); + String typeSuffix = type.substring(SLXHTML_TYPE_PREFIX_.length()); + StringTokenizer tokenizer = new StringTokenizer(typeSuffix, ","); + while (tokenizer.hasMoreTokens()) + { + try + { + set.add(new Integer(tokenizer.nextToken())); + } + catch (NumberFormatException e) + { + String message = "Signed image type attribute \"" + type + "\" is malformed."; + logger_.error(message, e); + throw new Exception(message, e); + } + } + return set; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private Element getSignature(Document moaRequestDoc) throws Exception + { + // Get signature environment content + NodeList contentNL; + try + { + XPathUtils xpUtils = new XPathUtils(); + String addNSPrefixes = Constants.NSPRE_MOA_12_ + " " + Constants.NSURI_MOA_12_; + xpUtils.setupContext(XPATH_SIG_ENV_CONTENT_, moaRequestDoc, addNSPrefixes); + contentNL = xpUtils.selectNodeSet(moaRequestDoc); + } + catch (Exception e) + { + String message = "Cannot find signature environment content."; + logger_.error(message); + throw new Exception(message, e); + } + if (contentNL.getLength() == 0) + { + String message = "Cannot find signature environment content."; + logger_.error(message); + throw new Exception(message); + } + Element contentElem = (Element) contentNL.item(0); + + // Get signature environment document from signature environment content + String contentElemLocName = contentElem.getLocalName(); + Element sigEnvElem = null; + Element oldDocElem = null; + if (XMLCONT_ELEM_.equals(contentElemLocName)) + { + // XML content + NodeList contentNodes = contentElem.getChildNodes(); + for (int i = 0; i < contentNodes.getLength(); i++) + { + Node currContNode = (Node) contentNodes.item(i); + if (currContNode.getNodeType() == Node.ELEMENT_NODE) + { + sigEnvElem = (Element) currContNode; + oldDocElem = (Element) moaRequestDoc.replaceChild(sigEnvElem, moaRequestDoc.getDocumentElement()); + break; + } + } + } + else if (B64CONT_ELEM_.equals(contentElemLocName)) + { + // Base64 content + String base64ContStr = DOMUtils.getText(contentElem); + byte[] contBytes = Util.Base64Decode(base64ContStr.getBytes()); + ByteArrayInputStream contBIS = new ByteArrayInputStream(contBytes); + Document sigEnvDoc; + try + { + sigEnvDoc = DOMUtils.parseWellFormed(contBIS); + } + catch (Exception e) + { + String message = "Cannot parse signature environment from base64 content."; + logger_.error(message); + throw new Exception(message, e); + } + sigEnvElem = sigEnvDoc.getDocumentElement(); + } + else + { + // LocRef content + String locRef = DOMUtils.getText(contentElem); + URL locRefURL = new URL(locRef); + InputStream contentIS = locRefURL.openStream(); + Document sigEnvDoc; + try + { + sigEnvDoc = DOMUtils.parseWellFormed(contentIS); + } + catch (Exception e) + { + String message = "Cannot parse signature environment from location reference content."; + logger_.error(message); + throw new Exception(message, e); + } + sigEnvElem = sigEnvDoc.getDocumentElement(); + } + + // Get signature form signature environment document + Element sigInfoElem = (Element) contentElem.getParentNode().getParentNode(); + Element sigLocElem = DOMUtils.getChildElem(sigInfoElem, Constants.NSURI_MOA_12_, SIGLOC_ELEM_); + String sigLocXPath = DOMUtils.getText(sigLocElem); + NodeList sigElemNL; + try + { + XPathUtils xpUtils = new XPathUtils(); + xpUtils.setupContext(sigLocXPath, sigLocElem, null); + sigElemNL = xpUtils.selectNodeSet(sigEnvElem); + } + catch (Exception e) + { + String message = "Cannot get signature at location \"" + sigLocXPath + "\" from signature environment."; + logger_.error(message); + throw new Exception(message, e); + } + if (sigElemNL.getLength() != 1 || ((Node) sigElemNL.item(0)).getNodeType() != Node.ELEMENT_NODE) + { + String message = "Cannot get signature at location \"" + sigLocXPath + "\" from signature environment."; + logger_.error(message); + throw new Exception(message); + } + + if (oldDocElem != null) moaRequestDoc.replaceChild(oldDocElem, moaRequestDoc.getDocumentElement()); + + return (Element) sigElemNL.item(0); + } +} diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java new file mode 100644 index 000000000..e2cb27ab3 --- /dev/null +++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/HashInputDataInfo.java @@ -0,0 +1,55 @@ +/* + * Created on 02.12.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import java.util.Set; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class HashInputDataInfo +{ + /** + * The name of the temporary file in which this data is stored. + */ + public String filename_; + + /** + * Is this HID a SLXHTML document? + */ + public boolean isSLXHTMLDocument_; + + /** + * Is this HID a SLXHTML signed image? + */ + public boolean isSLXHTMLImage_; + + /** + * Show HID in result presentation? + */ + public boolean doShow_; + + /** + * The URI attribute value of the dsig:Reference corresponding with this HID. + */ + public String uri_; + + /** + * In case that this ID is a SLXHTML signed image, this set contains objects of type Integer, + * indicating the SLXHTML HIDs where this image is referenced. + */ + public Set referredHids_; + + public HashInputDataInfo(String filename) + { + filename_ = filename; + isSLXHTMLDocument_ = false; + isSLXHTMLImage_ = false; + doShow_ = true; + uri_ = null; + referredHids_ = null; + } +} diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/InitPropertiesBean.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/InitPropertiesBean.java new file mode 100644 index 000000000..8cb7e0a41 --- /dev/null +++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/InitPropertiesBean.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import java.util.Properties; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.spss.slinterface.Constants; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@siemens.com) + */ +public class InitPropertiesBean +{ + private Properties initProps_; + + private static Logger logger_ = Logger.getLogger(Constants.LH_BEANS_); + + public InitPropertiesBean(Properties props) + { + initProps_ = props; + } + + public String getMOASLWebAppURL() + { + String webAppServerURLProp = initProps_.getProperty(Constants.IP_REW_MOASL_WEBAPPSERV_URL_); + logger_.debug("MOA SL Web application server URL property: " + webAppServerURLProp); + if (webAppServerURLProp == null || webAppServerURLProp.trim().length() == 0) + { + String defaultWebAppServerURL = "http://localhost:8080"; + logger_.info("MOA SL Web application server URL property not available, using default (" + defaultWebAppServerURL + ")"); + return defaultWebAppServerURL; + } + else return webAppServerURLProp; + + } +} diff --git a/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/SignerInfoBean.java b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/SignerInfoBean.java new file mode 100644 index 000000000..2893b2ac3 --- /dev/null +++ b/spss.slinterface/src/at/gv/egovernment/moa/spss/slinterface/beans/SignerInfoBean.java @@ -0,0 +1,127 @@ +/* + * Created on 27.11.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import iaik.asn1.ObjectID; +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.slinterface.Constants; +import at.gv.egovernment.moa.spss.slinterface.DOMUtils; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class SignerInfoBean +{ + private static final String SIGNERINFO_ELEM_ = "SignerInfo"; + private static final String X509DATA_ELEM_ = "X509Data"; + private static final String X509SUBJNAME_ELEM_ = "X509SubjectName"; + private static final String X509ISSUERSERIAL_ELEM_ = "X509IssuerSerial"; + private static final String SERIAL_ELEM_ = "X509SerialNumber"; + private static final String ISSUER_ELEM_ = "X509IssuerName"; + private static final String QUALCERT_ELEM_ = "QualifiedCertificate"; + + private Element signerInfoElem_; + + private String subjectNameItemSel_; + private String issuerNameItemSel_; + + /* ---------------------------------------------------------------------------------------------------- */ + + public SignerInfoBean(Document slResponseDoc) + { + Element verifyXMLResponseElem = slResponseDoc.getDocumentElement(); + signerInfoElem_ = DOMUtils.getChildElem( + verifyXMLResponseElem, Constants.NSURI_SL_11_, SIGNERINFO_ELEM_); + + subjectNameItemSel_ = "2.5.4.3"; + issuerNameItemSel_ = "2.5.4.3"; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setSubjectNameItemSel(String selector) + { + subjectNameItemSel_ = selector; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSubjectNameItem() + { + Element x509DataElem = DOMUtils.getChildElem(signerInfoElem_, Constants.NSURI_DSIG_, X509DATA_ELEM_); + String subjectNameStr = DOMUtils.getChildText(x509DataElem, Constants.NSURI_DSIG_, X509SUBJNAME_ELEM_); + if (subjectNameStr == null) return null; + return getRDN(subjectNameStr, subjectNameItemSel_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSerial() + { + Element x509DataElem = DOMUtils.getChildElem(signerInfoElem_, Constants.NSURI_DSIG_, X509DATA_ELEM_); + Element iSElem = DOMUtils.getChildElem(x509DataElem, Constants.NSURI_DSIG_, X509ISSUERSERIAL_ELEM_); + return DOMUtils.getChildText(iSElem, Constants.NSURI_DSIG_, SERIAL_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setIssuerNameItemSel(String selector) + { + issuerNameItemSel_ = selector; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getIssuerNameItem() + { + Element x509DataElem = DOMUtils.getChildElem(signerInfoElem_, Constants.NSURI_DSIG_, X509DATA_ELEM_); + Element iSElem = DOMUtils.getChildElem(x509DataElem, Constants.NSURI_DSIG_, X509ISSUERSERIAL_ELEM_); + String issuerNameStr = DOMUtils.getChildText(iSElem, Constants.NSURI_DSIG_, ISSUER_ELEM_); + if (issuerNameStr == null) return null; + return getRDN(issuerNameStr, issuerNameItemSel_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public boolean getIsQualified() + { + Element x509DataElem = DOMUtils.getChildElem(signerInfoElem_, Constants.NSURI_DSIG_, X509DATA_ELEM_); + Element qCElem = DOMUtils.getChildElem(x509DataElem, Constants.NSURI_SL_11_, QUALCERT_ELEM_); + return (qCElem != null); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private String getRDN(String nameStr, String oidStr) + { + try + { + RFC2253NameParser nameParser = new RFC2253NameParser(nameStr); + Name name = nameParser.parse(); + ObjectID oid = ObjectID.getObjectID(oidStr); + if (oid == null) return null; + String[] rdns = name.getRDNs(oid); + if (rdns == null) return null; + StringBuffer rdnsStr = new StringBuffer(); + for (int i = 0; i < rdns.length; i++) + { + if (i > 0) rdnsStr.append(", "); + rdnsStr.append(rdns[i]); + } + return rdnsStr.toString(); + } + catch (RFC2253NameParserException e) + { + return null; + } + } +} -- cgit v1.2.3