diff options
| author | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2008-09-17 17:17:10 +0000 |
|---|---|---|
| committer | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2008-09-17 17:17:10 +0000 |
| commit | cf82096145bbdd548e388c1bc25f0e703b9b4624 (patch) | |
| tree | ae08e610926dd5d5fa1b15df2856427df3e10060 | |
| parent | 6cafec9a3f05bb5e24c364e51a336326a63b8296 (diff) | |
| download | mocca-cf82096145bbdd548e388c1bc25f0e703b9b4624.tar.gz mocca-cf82096145bbdd548e388c1bc25f0e703b9b4624.tar.bz2 mocca-cf82096145bbdd548e388c1bc25f0e703b9b4624.zip | |
hashdatainput digest verification
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@44 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
| -rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java | 139 | ||||
| -rw-r--r-- | BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java (renamed from STALService/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java) | 0 | ||||
| -rw-r--r-- | BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java | 14 | ||||
| -rw-r--r-- | smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java | 2 | ||||
| -rw-r--r-- | smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java | 27 | ||||
| -rw-r--r-- | smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java | 273 |
6 files changed, 346 insertions, 109 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java index 5186de1a..6dae264c 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java @@ -16,15 +16,20 @@ */ package at.gv.egiz.bku.online.applet; -import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import at.gv.egiz.stal.service.GetHashDataInputResponseType; import at.gv.egiz.stal.service.GetHashDataInputType; import at.gv.egiz.stal.service.STALPortType; +import at.gv.egiz.stal.signedinfo.DigestMethodType; import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.security.DigestException; +import java.security.MessageDigest; import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -35,57 +40,101 @@ import org.apache.commons.logging.LogFactory; */ public class WSSignRequestHandler extends SignRequestHandler { - private static final Log log = LogFactory.getLog(WSSignRequestHandler.class); - STALPortType stalPort; - String sessId; + private static final Log log = LogFactory.getLog(WSSignRequestHandler.class); + STALPortType stalPort; + String sessId; - public WSSignRequestHandler(String sessId, STALPortType stalPort) { - if (stalPort == null || sessId == null) { - throw new NullPointerException("STAL port must not be null"); - } - this.sessId = sessId; - this.stalPort = stalPort; + public WSSignRequestHandler(String sessId, STALPortType stalPort) { + if (stalPort == null || sessId == null) { + throw new NullPointerException("STAL port must not be null"); } + this.sessId = sessId; + this.stalPort = stalPort; + } - @Override - protected List<HashDataInput> getHashDataInputs(List<ReferenceType> dsigReferences) throws Exception { - GetHashDataInputType request = new GetHashDataInputType(); - request.setSessionId(sessId); - for (ReferenceType dsigRef : dsigReferences) { - //don't get Manifest, QualifyingProperties, ... - if (dsigRef.getType() == null) { - String dsigRefId = dsigRef.getId(); - if (dsigRefId != null) { - GetHashDataInputType.Reference reference = new GetHashDataInputType.Reference(); - reference.setID(dsigRefId); - request.getReference().add(reference); - } else { - throw new Exception("Cannot get HashDataInput for dsig:Reference without Id attribute"); - } - } - } + @Override + public List<HashDataInput> getCashedHashDataInputs(List<ReferenceType> signedReferences) throws Exception { - if (log.isDebugEnabled()) { - log.debug("Calling GetHashDataInput for session " + sessId); - } - GetHashDataInputResponseType response = stalPort.getHashDataInput(request); - ArrayList<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>(); - for (GetHashDataInputResponseType.Reference reference : response.getReference()) { - byte[] hdi = reference.getValue(); - String id = reference.getID(); - String mimeType = reference.getMimeType(); - String encoding = reference.getEncoding(); + GetHashDataInputType request = new GetHashDataInputType(); + request.setSessionId(sessId); + + HashMap<String, ReferenceType> idRefMap = new HashMap<String, ReferenceType>(); + for (ReferenceType reference : signedReferences) { + //don't get Manifest, QualifyingProperties, ... + if (reference.getType() == null) { + String referenceId = reference.getId(); + if (referenceId != null) { + idRefMap.put(referenceId, reference); + GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); + ref.setID(referenceId); + request.getReference().add(ref); - if (log.isDebugEnabled()) { - log.debug("Got HashDataInput " + id + " (" + mimeType + ";" + encoding + ")"); - } - hashDataInputs.add(new ByteArrayHashDataInput(hdi, id, mimeType, encoding)); + } else { + throw new Exception("Cannot resolve HashDataInput for reference without Id attribute"); } - return hashDataInputs; + } } - @Override - public SMCCSTALRequestHandler newInstance() { - return new WSSignRequestHandler(this.sessId, this.stalPort); + if (log.isDebugEnabled()) { + log.debug("Calling GetHashDataInput for session " + sessId); } + GetHashDataInputResponseType response = stalPort.getHashDataInput(request); + ArrayList<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>(); + + for (GetHashDataInputResponseType.Reference reference : response.getReference()) { + + String id = reference.getID(); + byte[] hdi = reference.getValue(); + if (hdi == null) { + throw new Exception("Failed to resolve digest value for reference " + id); + } + String mimeType = reference.getMimeType(); + String encoding = reference.getEncoding(); + + if (log.isDebugEnabled()) { + log.debug("Got HashDataInput " + id + " (" + mimeType + ";" + encoding + ")"); + } + + ReferenceType dsigRef = idRefMap.get(id); + DigestMethodType dm = dsigRef.getDigestMethod(); + if (dm == null) { + throw new Exception("Failed to verify digest value for reference " + id + ": no digest algorithm"); + } + //TODO + String mdAlg = dm.getAlgorithm(); + if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) + mdAlg = "SHA-1"; + else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) + mdAlg = "SHA-256"; + else if ("http://www.w3.org/2001/04/xmlenc#sha224 ".equals(mdAlg)) + mdAlg = "SHA-224"; + else if ("http://www.w3.org/2001/04/xmldsig-more#sha224 ".equals(mdAlg)) + mdAlg = "SHA-224"; + else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) + mdAlg = "SHA-384"; + else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) + mdAlg = "SHA-512"; + else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) + mdAlg = "MD2"; + else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) + mdAlg = "MD5"; + else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) + mdAlg = "RipeMD-160"; + MessageDigest md = MessageDigest.getInstance(mdAlg); + byte[] hdiDigest = md.digest(hdi); + if (log.isDebugEnabled()) + log.debug("Comparing digest values... "); + if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) { + log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue())); + throw new DigestException("Bad digest value for reference " + id + ": " + dsigRef.getDigestValue()); + } + hashDataInputs.add(new ByteArrayHashDataInput(hdi, id, mimeType, encoding)); + } + return hashDataInputs; + } + + @Override + public SMCCSTALRequestHandler newInstance() { + return new WSSignRequestHandler(this.sessId, this.stalPort); + } } diff --git a/STALService/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java b/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java index b0285345..b0285345 100644 --- a/STALService/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java index f8546e49..a288a716 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java @@ -29,7 +29,10 @@ import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; import at.gv.egiz.stal.SignRequest; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; /** * @@ -55,7 +58,7 @@ public class LocalSignRequestHandler extends SignRequestHandler { } @Override - protected List<HashDataInput> getHashDataInputs( + public List<HashDataInput> getCashedHashDataInputs( List<ReferenceType> dsigReferences) throws Exception { ArrayList<HashDataInput> result = new ArrayList<HashDataInput>(); for (ReferenceType dsigRef : dsigReferences) { @@ -65,7 +68,14 @@ public class LocalSignRequestHandler extends SignRequestHandler { if (dsigRefId != null) { for (HashDataInput hdi : hashDataInput) { if (hdi.getReferenceId().equals(dsigRefId)) { - result.add(hdi); + InputStream hdIs = hdi.getHashDataInput(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(hdIs.available()); + int b; + while ((b = hdIs.read()) != -1) { + baos.write(b); + } + ByteArrayHashDataInput baHdi = new ByteArrayHashDataInput(baos.toByteArray(), hdi.getReferenceId(), hdi.getMimeType(), hdi.getEncoding()); + result.add(baHdi); } } } else { diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java index 56c8340b..ac2b725c 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java @@ -45,7 +45,7 @@ public abstract class AbstractSMCCSTAL implements STAL { static { addRequestHandler(InfoboxReadRequest.class, new InfoBoxReadRequestHandler()); - addRequestHandler(SignRequest.class, new SignRequestHandler()); +// addRequestHandler(SignRequest.class, new SignRequestHandler()); } /** diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java new file mode 100644 index 00000000..05af85d9 --- /dev/null +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java @@ -0,0 +1,27 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.bku.smccstal; + +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; +import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.security.DigestException; +import java.util.List; +import java.util.Set; + +/** + * + * @author clemens + */ +public interface CashedHashDataInputResolver { + + /** + * implementations may verify the hashvalue + * @post-condition returned list != null + * @return + */ + List<HashDataInput> getCashedHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception; +} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java index d37d0551..59eed55f 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java @@ -21,8 +21,6 @@ import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBException; @@ -43,21 +41,26 @@ import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; import at.gv.egiz.stal.SignRequest; import at.gv.egiz.stal.SignResponse; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import at.gv.egiz.stal.signedinfo.ObjectFactory; import at.gv.egiz.stal.signedinfo.ReferenceType; import at.gv.egiz.stal.signedinfo.SignedInfoType; import at.gv.egiz.stal.util.JCEAlgorithmNames; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.security.DigestException; +import java.security.DigestInputStream; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Set; /** * This class is NOT thread-safe. * handleRequest() sets the SignedInfo which is used in providePIN. */ -public class SignRequestHandler extends AbstractRequestHandler implements - PINProvider { +public abstract class SignRequestHandler extends AbstractRequestHandler implements + CashedHashDataInputResolver { private static Log log = LogFactory.getLog(SignRequestHandler.class); private static JAXBContext jaxbContext; @@ -71,10 +74,10 @@ public class SignRequestHandler extends AbstractRequestHandler implements } } /** the SignedInfo of the current SignRequest */ - protected SignedInfoType signedInfo; - protected List<HashDataInput> hashDataInputs; +// protected SignedInfoType signedInfo; +// protected List<ByteArrayHashDataInput> hashDataInputs; - private int retryCounter = 0; +// private int retryCounter = 0; @SuppressWarnings("unchecked") @Override @@ -86,8 +89,7 @@ public class SignRequestHandler extends AbstractRequestHandler implements Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); InputStream is = new ByteArrayInputStream(signReq.getSignedInfo()); JAXBElement<SignedInfoType> si = (JAXBElement<SignedInfoType>) unmarshaller.unmarshal(is); - signedInfo = si.getValue(); - String signatureMethod = signedInfo.getSignatureMethod().getAlgorithm(); + String signatureMethod = si.getValue().getSignatureMethod().getAlgorithm(); log.debug("Found signature method: " + signatureMethod); String jceName = JCEAlgorithmNames.getJCEHashName(signatureMethod); if (jceName == null) { @@ -97,7 +99,7 @@ public class SignRequestHandler extends AbstractRequestHandler implements MessageDigest md = MessageDigest.getInstance(jceName); md.update(signReq.getSignedInfo()); KeyboxName kb = SignatureCard.KeyboxName.getKeyboxName(signReq.getKeyIdentifier()); - byte[] resp = card.createSignature(md.digest(), kb, this); + byte[] resp = card.createSignature(md.digest(), kb, new STALPinProvider(si.getValue())); if (resp == null) { return new ErrorResponse(6001); } @@ -116,9 +118,7 @@ public class SignRequestHandler extends AbstractRequestHandler implements } catch (NoSuchAlgorithmException e) { log.error(e); return new ErrorResponse(1000); - } finally { - signedInfo = null; - } + } } else { log.fatal("Got unexpected STAL request: " + request); return new ErrorResponse(1000); @@ -130,59 +130,210 @@ public class SignRequestHandler extends AbstractRequestHandler implements return true; } - @Override - public String providePIN(PINSpec spec, int retries) { - if (retryCounter++ > 0) { - log.info("PIN wrong retrying ..."); - gui.showSignaturePINRetryDialog(spec, retries, this, "sign", this, - "cancel", this, "hashData"); - } else { - gui.showSignaturePINDialog(spec, this, "sign", this, "cancel", this, - "hashData"); - } - do { - waitForAction(); - if (actionCommand.equals("cancel")) { - return null; - } else if (actionCommand.equals("hashData")) { - if (signedInfo != null) { - try { - gui.showWaitDialog(null); - if (hashDataInputs == null || hashDataInputs.size() == 0) { - hashDataInputs = getHashDataInputs(signedInfo.getReference()); - } - gui.showHashDataInputDialog(hashDataInputs, this, "ok"); - } catch (Exception ex) { - //FIXME localize messages - log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); - gui.showErrorDialog("Failed to obtain HashDataInputs: " + ex.getMessage(), this, "ok"); - } - } else { - //FIXME get all hashdatainputs - gui.showErrorDialog("Failed to obtain HashDataInputs: No dsig:SignedInfo provided.", this, "ok"); - } - } else if (actionCommand.equals("sign")) { - return new String(gui.getPin()); - } else if (actionCommand.equals("ok")) { - gui.showSignaturePINDialog(spec, this, "sign", this, "cancel", this, - "hashData"); - } - } while (true); - } +// @Override +// public String providePIN(PINSpec spec, int retries) { +// if (retryCounter++ > 0) { +// log.info("PIN wrong retrying ..."); +// gui.showSignaturePINRetryDialog(spec, retries, this, "sign", this, +// "cancel", this, "hashData"); +// } else { +// gui.showSignaturePINDialog(spec, this, "sign", this, "cancel", this, +// "hashData"); +// } +// do { +// waitForAction(); +// if (actionCommand.equals("cancel")) { +// return null; +// } else if (actionCommand.equals("hashData")) { +// if (signedInfo != null) { +// try { +// gui.showWaitDialog(null); +// if (hashDataInputs == null || hashDataInputs.size() == 0) { +// HashMap<String, ReferenceType> signedReferences = new HashMap<String, ReferenceType>(); +// for (ReferenceType reference : signedInfo.getReference()) { +// //don't get Manifest, QualifyingProperties, ... +// if (reference.getType() == null) { +// signedReferences.put(reference.getId(), reference); +// } +// } +// hashDataInputs = getHashDataInputs(signedReferences.keySet()); +// for (HashDataInput hashDataInput : hashDataInputs) { +// ReferenceType reference = signedReferences.get(hashDataInput.getReferenceId()); +// String algorithm = reference.getDigestMethod().getAlgorithm(); +// MessageDigest md = MessageDigest.getInstance(algorithm); +// DigestInputStream dis = new DigestInputStream(hashDataInput.getHashDataInput(), md); +// while(dis.read() != -1) ; +// byte[] digestValue = md.digest(); +// boolean valid = reference.getDigestValue().equals(digestValue); +// } +// } +// gui.showHashDataInputDialog(hashDataInputs, this, "ok"); +// } catch (Exception ex) { +// //FIXME localize messages +// log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); +// gui.showErrorDialog("Failed to obtain HashDataInputs: " + ex.getMessage(), this, "ok"); +// } +// } else { +// //FIXME get all hashdatainputs +// gui.showErrorDialog("Failed to obtain HashDataInputs: No dsig:SignedInfo provided.", this, "ok"); +// } +// } else if (actionCommand.equals("sign")) { +// return new String(gui.getPin()); +// } else if (actionCommand.equals("ok")) { +// gui.showSignaturePINDialog(spec, this, "sign", this, "cancel", this, +// "hashData"); +// } +// } while (true); +// } - @Override - public SMCCSTALRequestHandler newInstance() { - return new SignRequestHandler(); - } +// @Override +// public SMCCSTALRequestHandler newInstance() { +// return new SignRequestHandler(); +// } /** - * override by subclass + * implementations may verify the hashvalue * @post-condition returned list != null * @return */ - protected List<HashDataInput> getHashDataInputs(List<ReferenceType> signedReferences) throws Exception { - //TODO - log.warn("Return empty HashDataInput"); - return new ArrayList<HashDataInput>(); + @Override + public abstract List<HashDataInput> getCashedHashDataInputs(List<ReferenceType> signedReferences) throws Exception; +// { +// //TODO +// log.warn("Return empty HashDataInput"); +// return new ArrayList<HashDataInput>(); +// } + + + +// protected void validateHashDataInputs(List<ReferenceType> signedReferences, List<HashDataInput> hashDataInputs) { +// if (hashDataInputs != null) { +// +// Map<String, HashDataInput> hashDataIdMap = new HashMap<String, HashDataInput>(); +// for (HashDataInput hdi : hashDataInputs) { +// if (log.isTraceEnabled()) { +// log.trace("Provided HashDataInput for reference " + hdi.getReferenceId()); +// } +// hashDataIdMap.put(hdi.getReferenceId(), hdi); +// } +// +// List<GetHashDataInputType.Reference> reqRefs = request.getReference(); +// for (GetHashDataInputType.Reference reqRef : reqRefs) { +// String reqRefId = reqRef.getID(); +// HashDataInput reqHdi = hashDataIdMap.get(reqRefId); +// if (reqHdi == null) { +// String msg = "Failed to resolve HashDataInput for reference " + reqRefId; +// log.error(msg); +// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); +// faultInfo.setErrorCode(1); +// faultInfo.setErrorMessage(msg); +// throw new GetHashDataInputFault(msg, faultInfo); +// } +// +// InputStream hashDataIS = reqHdi.getHashDataInput(); +// if (hashDataIS == null) { +// //HashDataInput not cached? +// String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached"; +// log.error(msg); +// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); +// faultInfo.setErrorCode(1); +// faultInfo.setErrorMessage(msg); +// throw new GetHashDataInputFault(msg, faultInfo); +// } +// ByteArrayOutputStream baos = null; +// try { +// if (log.isDebugEnabled()) { +// log.debug("Resolved HashDataInput " + reqRefId + " (" + reqHdi.getMimeType() + ";charset=" + reqHdi.getEncoding() + ")"); +// } +// baos = new ByteArrayOutputStream(hashDataIS.available()); +// int c; +// while ((c = hashDataIS.read()) != -1) { +// baos.write(c); +// } +// GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference(); +// ref.setID(reqRefId); +// ref.setMimeType(reqHdi.getMimeType()); +// ref.setEncoding(reqHdi.getEncoding()); +// ref.setValue(baos.toByteArray()); +// response.getReference().add(ref); +// } catch (IOException ex) { +// String msg = "Failed to get HashDataInput for reference " + reqRefId; +// log.error(msg, ex); +// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); +// faultInfo.setErrorCode(1); +// faultInfo.setErrorMessage(msg); +// throw new GetHashDataInputFault(msg, faultInfo, ex); +// } finally { +// try { +// baos.close(); +// } catch (IOException ex) { +// } +// } +// } +// return response; +// } +// for (ReferenceType reference : signedReferences) { +// String algorithm = reference.getDigestMethod().getAlgorithm(); +// +// } +// } + + + /** + * cashes the HashDataInputs provided by SignRequestHandler.this.getHashDataInputs() + * (don't know whether outer class is LocalSignRequestHandler or WSSignRequestHandler, providing DataObjectHDI or ByteArrayHDI, resp) + */ + class STALPinProvider implements PINProvider { + + protected SignedInfoType signedInfo; + protected List<HashDataInput> hashDataInputs; + private int retryCounter = 0; + + public STALPinProvider(SignedInfoType signedInfo) { + this.signedInfo = signedInfo; + } + + @Override + public String providePIN(PINSpec spec, int retries) { + if (retryCounter++ > 0) { + log.info("PIN wrong retrying ..."); + gui.showSignaturePINRetryDialog(spec, retries, SignRequestHandler.this, "sign", SignRequestHandler.this, + "cancel", SignRequestHandler.this, "hashData"); + } else { + gui.showSignaturePINDialog(spec, SignRequestHandler.this, "sign", SignRequestHandler.this, "cancel", SignRequestHandler.this, + "hashData"); } + do { + waitForAction(); + if (actionCommand.equals("cancel")) { + return null; + } else if (actionCommand.equals("hashData")) { + if (signedInfo != null) { + try { + gui.showWaitDialog(null); + if (hashDataInputs == null || hashDataInputs.size() == 0) { + hashDataInputs = getCashedHashDataInputs(signedInfo.getReference()); + } + gui.showHashDataInputDialog(hashDataInputs, SignRequestHandler.this, "ok"); + } catch (DigestException ex) { + log.error("Bad digest value: " + ex.getMessage()); + gui.showErrorDialog(ex.getMessage()); + } catch (Exception ex) { + //FIXME localize messages + log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); + gui.showErrorDialog("Failed to obtain HashDataInputs: " + ex.getMessage(), SignRequestHandler.this, "ok"); + } + } else { + //FIXME get all hashdatainputs + gui.showErrorDialog("Failed to obtain HashDataInputs: No dsig:SignedInfo provided.", SignRequestHandler.this, "ok"); + } + } else if (actionCommand.equals("sign")) { + return new String(gui.getPin()); + } else if (actionCommand.equals("ok")) { + gui.showSignaturePINDialog(spec, SignRequestHandler.this, "sign", SignRequestHandler.this, "cancel", SignRequestHandler.this, + "hashData"); + } + } while (true); + } + } } |