FRAME HashDataDisplay

FRAME Help git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@165 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
author: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> 2008-11-13 18:24:57 +0000
committer: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> 2008-11-13 18:24:57 +0000
commit: 9662ac90b6aa84bc54543d3c8670ba6c8e42bbac (patch)
tree: 4b47426d3cf67ff9deee1e741fa9740b54b988fc /BKUApplet/src
parent: 35356a68fcecb6492a90f7cd01ff846f2393fdaa (diff)
download: mocca-9662ac90b6aa84bc54543d3c8670ba6c8e42bbac.tar.gz
mocca-9662ac90b6aa84bc54543d3c8670ba6c8e42bbac.tar.bz2
mocca-9662ac90b6aa84bc54543d3c8670ba6c8e42bbac.zip
6 files changed, 221 insertions, 312 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
index 8e88c012..db88c037 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
@@ -195,7 +195,8 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
     String hashDataDisplayStyle = params.getAppletParameter(BKUApplet.HASHDATA_DISPLAY);
     if (BKUApplet.HASHDATA_DISPLAY_INTERNAL.equals(hashDataDisplayStyle)) {
       log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL);
-      addRequestHandler(SignRequest.class, new AppletHashDataDisplay(stalPort, sessionId));
+      AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, sessionId, AppletHashDataDisplay.DISPLAY.applet);
+      addRequestHandler(SignRequest.class, handler);
     } else if (BKUApplet.HASHDATA_DISPLAY_BROWSER.equals(hashDataDisplayStyle)) {
       URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL, sessionId);
       log.debug("register SignRequestHandler for HashDataURL " + hashDataURL);
@@ -203,7 +204,8 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
     } else {
       //BKUApplet.HASHDATA_DISPLAY_FRAME
       log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL);
-      addRequestHandler(SignRequest.class, new JDialogHashDataDisplay(stalPort, sessionId, new Dimension(400, 300), locale));
+      AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, sessionId, AppletHashDataDisplay.DISPLAY.frame);
+      addRequestHandler(SignRequest.class, handler);
     }
   }
 }
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java
index b77485d9..29a60f1d 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java
@@ -14,9 +14,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package at.gv.egiz.bku.online.applet;
 
+import at.gv.egiz.bku.gui.BKUGUIFacade;
 import java.security.DigestException;
 import java.security.MessageDigest;
 import java.util.ArrayList;
@@ -30,39 +30,69 @@ import org.apache.commons.logging.LogFactory;
 import at.gv.egiz.bku.smccstal.SignRequestHandler;
 import at.gv.egiz.stal.HashDataInput;
 import at.gv.egiz.stal.impl.ByteArrayHashDataInput;
+import at.gv.egiz.stal.service.GetHashDataInputFault;
 import at.gv.egiz.stal.service.STALPortType;
 import at.gv.egiz.stal.service.types.GetHashDataInputResponseType;
 import at.gv.egiz.stal.service.types.GetHashDataInputType;
 import at.gv.egiz.stal.signedinfo.DigestMethodType;
 import at.gv.egiz.stal.signedinfo.ReferenceType;
+import java.security.NoSuchAlgorithmException;
 
 /**
- * A SignRequesthandler displaying hashdata inputs in the applet 
- * (only plaintext data is displayed, other hashdata inputs may be saved to disk).
+ * A SignRequesthandler that obtains hashdata inputs from a STAL webservice and
+ * displays these either within the applet or in a separate frame.
+ * The internal viewer displays plaintext data only, other mimetypes can be saved to disk.
+ * The standalone (frame) viewer displays all mimetypes.
+ * 
+ * (This class depends on STALService and therefore is not part of BKUCommonGUI.)
  * 
  * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
  */
 public class AppletHashDataDisplay extends SignRequestHandler {
 
+  public static enum DISPLAY {
+    applet, frame
+  }
   private static final Log log = LogFactory.getLog(AppletHashDataDisplay.class);
-  STALPortType stalPort;
-  String sessId;
+  protected STALPortType stalPort;
+  protected String sessId;
+  protected DISPLAY display;
 
-    public AppletHashDataDisplay(STALPortType stalPort, String sessId) {
+  public AppletHashDataDisplay(STALPortType stalPort, String sessId, DISPLAY display) {
     if (stalPort == null || sessId == null) {
       throw new NullPointerException("STAL port must not be null");
     }
     this.sessId = sessId;
     this.stalPort = stalPort;
+    this.display = display;
   }
 
   @Override
-  public void displayHashDataInputs(List<ReferenceType> signedReferences) throws Exception {
-  
+  public void displayHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception {
+
+    List<GetHashDataInputResponseType.Reference> hdi = getHashDataInput(signedReferences);
+    List<HashDataInput> verifiedHashDataInputs = verifyHashDataInput(signedReferences, hdi);
+
+    if (verifiedHashDataInputs.size() > 1) {
+      gui.showHashDataInputDialog(verifiedHashDataInputs, false, this, "ok");
+    } else if (verifiedHashDataInputs.size() == 1) {
+      gui.showHashDataInputDialog(verifiedHashDataInputs, display==DISPLAY.frame, this, "ok");
+    } else {
+      throw new Exception("No signature data (apart from any QualifyingProperties or a Manifest)");
+    }
+  }
+
+  /**
+   * Get all hashdata inputs that contain an ID attribute but no Type attribute.
+   * @param signedReferences
+   * @return
+   * @throws at.gv.egiz.stal.service.GetHashDataInputFault
+   */
+  private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) throws GetHashDataInputFault, Exception {
     GetHashDataInputType request = new GetHashDataInputType();
     request.setSessionId(sessId);
 
-    HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>();
+//    HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>();
     for (ReferenceType signedRef : signedReferences) {
       //don't get Manifest, QualifyingProperties, ...
       if (signedRef.getType() == null) {
@@ -71,97 +101,116 @@ public class AppletHashDataDisplay extends SignRequestHandler {
           if (log.isTraceEnabled()) {
             log.trace("requesting hashdata input for reference " + signedRefId);
           }
-          idSignedRefMap.put(signedRefId, signedRef);
+//          idSignedRefMap.put(signedRefId, signedRef);
           GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference();
           ref.setID(signedRefId);
           request.getReference().add(ref);
 
         } else {
-          throw new Exception("Cannot resolve HashDataInput for reference without Id attribute");
+          throw new Exception("Cannot resolve signature data for dsig:Reference without Id attribute");
         }
       }
     }
 
     if (log.isDebugEnabled()) {
-      log.debug("Calling GetHashDataInput for " + request.getReference().size() + " references in session " + sessId);
+      log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId);
     }
     GetHashDataInputResponseType response = stalPort.getHashDataInput(request);
-    ArrayList<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>();
-
-    //hashdata inputs returned from service
-    HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>();
-    for (GetHashDataInputResponseType.Reference reference : response.getReference()) {
-      String id = reference.getID();
-      byte[] hdi = reference.getValue();
-      if (hdi == null) {
-        throw new Exception("Did not receive hashdata input for reference " + id);
+    return response.getReference();
+  }
+
+  /**
+   * Verifies all signed references and returns STAL HashDataInputs
+   * @param signedReferences
+   * @param hashDataInputs
+   * @return
+   * @throws java.security.DigestException
+   * @throws java.security.NoSuchAlgorithmException
+   * @throws Exception if no hashdata input is provided for a signed reference
+   */
+  private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) throws DigestException, NoSuchAlgorithmException, Exception {
+
+    ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>();
+
+    for (ReferenceType signedRef : signedReferences) {
+      if (signedRef.getType() == null) {
+        log.info("Verifying digest for signed reference " + signedRef.getId());
+
+        String signedRefId = signedRef.getId();
+        byte[] signedDigest = signedRef.getDigestValue();
+        String signedDigestAlg = null;
+        if (signedRef.getDigestMethod() != null) {
+          signedDigestAlg = signedRef.getDigestMethod().getAlgorithm();
+        } else {
+          throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm");
+        }
+
+        // usually, there is just one item here
+        GetHashDataInputResponseType.Reference hashDataInput = null;
+        for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) {
+          if (signedRefId.equals(hdi.getID())) {
+            hashDataInput = hdi;
+            break;
+          }
+        }
+        if (hashDataInput == null) {
+          throw new Exception("No hashdata input for reference " + signedRefId + " returned by service");
+        }
+
+        byte[] hdi = hashDataInput.getValue();
+        String mimeType = hashDataInput.getMimeType();
+        String encoding = hashDataInput.getEncoding();
+
+        if (hdi == null) {
+          throw new Exception("No hashdata input for reference " + signedRefId + " provided by service");
+        }
+        if (log.isDebugEnabled()) {
+          log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")");
+        }
+
+        byte[] hashDataInputDigest = digest(hdi, signedDigestAlg);
+
+        if (log.isDebugEnabled()) {
+          log.debug("Comparing digest values... ");
+        }
+//        log.warn("***************** DISABLED HASHDATA VERIFICATION");
+        if (!Arrays.equals(hashDataInputDigest, signedDigest)) {
+          log.error("Bad digest value for reference " + signedRefId);
+          throw new DigestException("Bad digest value for reference " + signedRefId);
+        }
+
+        verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
       }
-      idRefMap.put(id, reference);
     }
     
-    for (String signedRefId : idSignedRefMap.keySet()) {
-      log.info("validating hashdata input for reference " + signedRefId);
-      
-      GetHashDataInputResponseType.Reference reference = idRefMap.get(signedRefId);
-      if (reference == null) {
-        throw new Exception("No hashdata input for reference " + signedRefId + " returned by service");
-      }
-      
-//    }
-//    
-//    for (GetHashDataInputResponseType.Reference reference : response.getReference()) {
-//
-//      String id = reference.getID();
-      byte[] hdi = reference.getValue();
-      String mimeType = reference.getMimeType();
-      String encoding = reference.getEncoding();
-
-      if (hdi == null) {
-        throw new Exception("No hashdata input provided for reference " + signedRefId);
-      }
-      if (log.isDebugEnabled()) {
-        log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")");
-      }
+    return verifiedHashDataInputs;
+  }
 
-      ReferenceType dsigRef = idSignedRefMap.get(signedRefId);
-      DigestMethodType dm = dsigRef.getDigestMethod();
-      
-      if (dm == null) {
-        throw new Exception("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm");
-      }
-      String mdAlg = dm.getAlgorithm();
-      if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg))
-        mdAlg = "SHA-1";
-      else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg))
-        mdAlg = "SHA-256";
-      else if ("http://www.w3.org/2001/04/xmlenc#sha224 ".equals(mdAlg))
-        mdAlg = "SHA-224";
-      else if ("http://www.w3.org/2001/04/xmldsig-more#sha224  ".equals(mdAlg))
-        mdAlg = "SHA-224";
-      else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg))
-        mdAlg = "SHA-384";
-      else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg))
-        mdAlg = "SHA-512";
-      else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg))
-        mdAlg = "MD2";
-      else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg))
-        mdAlg = "MD5";
-      else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg))
-        mdAlg = "RipeMD-160";
-      else {
-        throw new Exception("Failed to verify digest value for reference " + signedRefId + ": unsupported digest algorithm " + mdAlg);
-      }
-      MessageDigest md = MessageDigest.getInstance(mdAlg);
-      byte[] hdiDigest = md.digest(hdi);
-      if (log.isDebugEnabled())
-        log.debug("Comparing digest values... "); 
-      if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) {
-        log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue()));
-        throw new DigestException("Bad digest value for reference " + signedRefId + ": " + new String(dsigRef.getDigestValue()));
-      }
-      hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
+  //TODO
+  private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException {
+    if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) {
+      mdAlg = "SHA-1";
+    } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) {
+      mdAlg = "SHA-256";
+    } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) {
+      mdAlg = "SHA-224";
+    } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) {
+      mdAlg = "SHA-224";
+    } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) {
+      mdAlg = "SHA-384";
+    } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) {
+      mdAlg = "SHA-512";
+    } else if ("http://www.w3.org/2001/04/xmldsig-more#md2".equals(mdAlg)) {
+      mdAlg = "MD2";
+    } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) {
+      mdAlg = "MD5";
+    } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160".equals(mdAlg)) {
+      mdAlg = "RipeMD-160";
+    } else {
+      throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg);
     }
-    
-    gui.showHashDataInputDialog(hashDataInputs, false, this, "ok");
+
+    MessageDigest md = MessageDigest.getInstance(mdAlg);
+    return md.digest(hashDataInput);
   }
 }
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
index 9d640dee..b4407b22 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
@@ -16,6 +16,7 @@
  */
 package at.gv.egiz.bku.online.applet;
 
+import at.gv.egiz.bku.gui.AbstractHelpListener;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.Locale;
@@ -85,10 +86,11 @@ public class BKUApplet extends JApplet implements AppletParameterProvider {
     String locale = getAppletParameter(LOCALE_PARAM_KEY);
     String guiStyle = getAppletParameter(GUI_STYLE);
     URL backgroundImgURL = null;
-    AppletHelpListener helpListener = null;
+    AbstractHelpListener helpListener = null;
     try {
       URL helpURL = getURLParameter(HELP_URL); //, getAppletParameter(SESSION_ID));
-      helpListener = new AppletHelpListener(getAppletContext(), helpURL, getLocale());
+//      helpListener = new BrowserHelpListener(getAppletContext(), helpURL, getLocale());
+      helpListener = new DefaultHelpListener(helpURL, getLocale());
     } catch (MalformedURLException ex) {
       log.warn("failed to load help URL, disabling help: " + ex.getMessage());
     }
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHelpListener.java
index 5d199872..265acca0 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHelpListener.java
@@ -26,11 +26,11 @@ import java.util.Locale;
  * 
  * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
  */
-public class AppletHelpListener extends AbstractHelpListener {
+public class BrowserHelpListener extends AbstractHelpListener {
 
   protected AppletContext ctx;
 
-  public AppletHelpListener(AppletContext ctx, URL helpURL, Locale locale) {
+  public BrowserHelpListener(AppletContext ctx, URL helpURL, Locale locale) {
     super(helpURL, locale);
     if (ctx == null) {
       throw new RuntimeException("no applet context provided");
@@ -39,7 +39,7 @@ public class AppletHelpListener extends AbstractHelpListener {
   }
 
   @Override
-  public void showDocument(URL helpDocument) throws Exception {
+  public void showDocument(URL helpDocument, String helpTopic) throws Exception {
     ctx.showDocument(helpDocument, "_blank");
   }
 }
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java
new file mode 100644
index 00000000..9876ef7e
--- /dev/null
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.online.applet;
+
+import at.gv.egiz.bku.gui.AbstractHelpListener;
+import at.gv.egiz.bku.gui.ViewerDialog;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLConnection;
+import java.util.Locale;
+import javax.swing.SwingUtilities;
+
+/**
+ * This class depends on BKU utils, and therefore is not part of BKUCommonGUI
+ * 
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class DefaultHelpListener extends AbstractHelpListener {
+
+  public DefaultHelpListener(URL helpURL, Locale locale) {
+    super(helpURL, locale);
+  }
+
+  @Override
+  public void showDocument(URL helpURL, final String helpTopic) throws Exception {
+    log.debug("open connection " + helpURL);
+    URLConnection conn = helpURL.openConnection();
+    
+    log.debug("show help document " + conn.getContentType()); // + ";" + conn.getContentEncoding());
+    
+//    Charset cs;
+//    if (conn.getContentEncoding() == null) {
+//      cs = Charset.forName("UTF-8");
+//    } else {
+//      try {
+//        cs = Charset.forName(conn.getContentEncoding());
+//      } catch (Exception ex) {
+//        log.debug("charset " + conn.getContentEncoding() + " not supported, assuming UTF-8: " + ex.getMessage());
+//        cs = Charset.forName("UTF-8");
+//      }  
+//    }
+    
+//    InputStreamReader isr = new InputStreamReader(conn.getInputStream(), cs);
+//    final Reader content = new BufferedReader(isr);
+    final InputStream content = conn.getInputStream();
+    final String mimeType = conn.getContentType();
+      
+    log.debug("schedule help dialog");
+    
+    SwingUtilities.invokeLater(new Runnable() {
+
+        @Override
+        public void run() {
+          
+          log.debug("show help dialog");
+          
+          ViewerDialog.showHelp(null, helpTopic, content, mimeType, messages);
+      
+        }
+      });
+//    gui.showHelpDialog(helpDocument.getStream(), mimetype, encoding);
+  }
+}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java
deleted file mode 100644
index 1f0eda90..00000000
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package at.gv.egiz.bku.online.applet;
-
-import at.gv.egiz.bku.smccstal.SignRequestHandler;
-import at.gv.egiz.stal.HashDataInput;
-import at.gv.egiz.stal.impl.ByteArrayHashDataInput;
-import at.gv.egiz.stal.service.GetHashDataInputFault;
-import at.gv.egiz.stal.service.STALPortType;
-import at.gv.egiz.stal.service.types.GetHashDataInputResponseType;
-import at.gv.egiz.stal.service.types.GetHashDataInputType;
-import at.gv.egiz.stal.signedinfo.ReferenceType;
-import java.awt.Dimension;
-import java.security.DigestException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Locale;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-/**
- *
- * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
- */
-public class JDialogHashDataDisplay extends SignRequestHandler {
-
-  private static final Log log = LogFactory.getLog(JDialogHashDataDisplay.class);
-  protected STALPortType stalPort;
-  protected String sessId;
-//  protected HashDataViewer viewer;
-      
-  public JDialogHashDataDisplay(STALPortType stalPort, String sessId, Dimension viewerSize, Locale locale) {
-    if (stalPort == null || sessId == null) {
-      throw new NullPointerException("STAL port must not be null");
-    }
-    this.sessId = sessId;
-    this.stalPort = stalPort;
-//    this.viewer = new HashDataViewer(viewerSize, locale);
-  }
-
-  @Override
-  public void displayHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception {
-
-    List<GetHashDataInputResponseType.Reference> hdi = getHashDataInput(signedReferences);
-    final List<HashDataInput> verifiedHashDataInputs = verifyHashDataInput(signedReferences, hdi);
-
-    if (verifiedHashDataInputs.size() > 1) {
-      gui.showHashDataInputDialog(verifiedHashDataInputs, false, this, "ok");
-    } else if (verifiedHashDataInputs.size() == 1) {
-      gui.showHashDataInputDialog(verifiedHashDataInputs, true, this, "ok");
-//      SwingUtilities.invokeLater(new Runnable() {
-//
-//        @Override
-//        public void run() {
-//          viewer.displayHashData(verifiedHashDataInputs.get(0));
-//        }
-//      });
-      
-    } else {
-      log.error("No hashdata input to display");
-    }
-
-  }
-
-  /**
-   * Get all hashdata inputs that contain an ID attribute and no Type attribute.
-   * @param signedReferences
-   * @return
-   * @throws at.gv.egiz.stal.service.GetHashDataInputFault
-   */
-  private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) throws GetHashDataInputFault, Exception {
-    GetHashDataInputType request = new GetHashDataInputType();
-    request.setSessionId(sessId);
-
-//    HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>();
-    for (ReferenceType signedRef : signedReferences) {
-      //don't get Manifest, QualifyingProperties, ...
-      if (signedRef.getType() == null) {
-        String signedRefId = signedRef.getId();
-        if (signedRefId != null) {
-          if (log.isTraceEnabled()) {
-            log.trace("requesting hashdata input for reference " + signedRefId);
-          }
-//          idSignedRefMap.put(signedRefId, signedRef);
-          GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference();
-          ref.setID(signedRefId);
-          request.getReference().add(ref);
-
-        } else {
-          throw new Exception("Cannot resolve HashDataInput for reference without Id attribute");
-        }
-      }
-    }
-
-    if (log.isDebugEnabled()) {
-      log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId);
-    }
-    GetHashDataInputResponseType response = stalPort.getHashDataInput(request);
-    return response.getReference();
-  }
-
-  /**
-   * Verifies all signed references and returns STAL HashDataInputs
-   * @param signedReferences
-   * @param hashDataInputs
-   * @return
-   * @throws java.security.DigestException
-   * @throws java.security.NoSuchAlgorithmException
-   * @throws Exception if no hashdata input is provided for a signed reference
-   */
-  private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) throws DigestException, NoSuchAlgorithmException, Exception {
-
-    ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>();
-
-    //hashdata inputs returned from service
-//    HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>();
-//    for (GetHashDataInputResponseType.Reference hashDataInput : hashDataInputs) {
-//      String id = hashDataInput.getID();
-//      byte[] hdi = hashDataInput.getValue();
-//      if (hdi == null) {
-//        throw new Exception("Did not receive hashdata input for reference " + id);
-//      }
-//      idRefMap.put(id, hashDataInput);
-//    }
-
-    for (ReferenceType signedRef : signedReferences) {
-      if (signedRef.getType() == null) {
-        log.info("Verifying digest for signed reference " + signedRef.getId());
-
-        String signedRefId = signedRef.getId();
-        byte[] signedDigest = signedRef.getDigestValue();
-        String signedDigestAlg = null;
-        if (signedRef.getDigestMethod() != null) {
-          signedDigestAlg = signedRef.getDigestMethod().getAlgorithm();
-        } else {
-          throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm");
-        }
-
-        GetHashDataInputResponseType.Reference hashDataInput = null; //idRefMap.get(signedRefId);
-        for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) {
-          if (signedRefId.equals(hdi.getID())) {
-            hashDataInput = hdi;
-          }
-        }
-        if (hashDataInput == null) {
-          throw new Exception("No hashdata input for reference " + signedRefId + " returned by service");
-        }
-
-        byte[] hdi = hashDataInput.getValue();
-        String mimeType = hashDataInput.getMimeType();
-        String encoding = hashDataInput.getEncoding();
-
-        if (hdi == null) {
-          throw new Exception("No hashdata input for reference " + signedRefId + " provided by service");
-        }
-        if (log.isDebugEnabled()) {
-          log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")");
-        }
-
-        byte[] hashDataInputDigest = digest(hdi, signedDigestAlg);
-
-        if (log.isDebugEnabled()) {
-          log.debug("Comparing digest values... ");
-        }
-        log.warn("DISABLED DIGEST VERIFICATION FOR DEBUGGING");
-//        if (!Arrays.equals(hashDataInputDigest, signedDigest)) {
-//          log.error("Bad digest value for reference " + signedRefId);
-//          throw new DigestException("Bad digest value for reference " + signedRefId);
-//        }
-
-        verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
-      }
-    }
-    
-    return verifiedHashDataInputs;
-  }
-
-  //TODO
-  private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException {
-    if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) {
-      mdAlg = "SHA-1";
-    } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) {
-      mdAlg = "SHA-256";
-    } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) {
-      mdAlg = "SHA-224";
-    } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) {
-      mdAlg = "SHA-224";
-    } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) {
-      mdAlg = "SHA-384";
-    } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) {
-      mdAlg = "SHA-512";
-    } else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) {
-      mdAlg = "MD2";
-    } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) {
-      mdAlg = "MD5";
-    } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) {
-      mdAlg = "RipeMD-160";
-    } else {
-      throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg);
-    }
-
-    MessageDigest md = MessageDigest.getInstance(mdAlg);
-    return md.digest(hashDataInput);
-  }
-}
author	clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>	2008-11-13 18:24:57 +0000
committer	clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>	2008-11-13 18:24:57 +0000
commit	9662ac90b6aa84bc54543d3c8670ba6c8e42bbac (patch)
tree	4b47426d3cf67ff9deee1e741fa9740b54b988fc /BKUApplet/src
parent	35356a68fcecb6492a90f7cd01ff846f2393fdaa (diff)
download	mocca-9662ac90b6aa84bc54543d3c8670ba6c8e42bbac.tar.gz mocca-9662ac90b6aa84bc54543d3c8670ba6c8e42bbac.tar.bz2 mocca-9662ac90b6aa84bc54543d3c8670ba6c8e42bbac.zip