summaryrefslogtreecommitdiff
path: root/bkucommon/src/main/java/at/gv/egiz/bku/slcommands
diff options
context:
space:
mode:
authormcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2008-09-11 12:16:35 +0000
committermcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2008-09-11 12:16:35 +0000
commit66cfb865fbfa7af514e803003f928d77f1156e46 (patch)
tree909f3c586b5c2daf9da4cc8b8aca4c1c58dd0565 /bkucommon/src/main/java/at/gv/egiz/bku/slcommands
parent2f566efcd4e861ceac5be5cf1b197e04639627a0 (diff)
downloadmocca-66cfb865fbfa7af514e803003f928d77f1156e46.tar.gz
mocca-66cfb865fbfa7af514e803003f928d77f1156e46.tar.bz2
mocca-66cfb865fbfa7af514e803003f928d77f1156e46.zip
Added to be signed data validation.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@32 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java13
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java119
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java11
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java10
4 files changed, 138 insertions, 15 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 136fa6f3..628326cf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -44,7 +44,9 @@ import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.stal.InfoboxReadRequest;
import at.gv.egiz.stal.InfoboxReadResponse;
@@ -166,9 +168,10 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignat
* Signs the signature.
*
* @throws SLCommandException
- * if signing the signature fails
+ * if signing the signature fails
+ * @throws SLViewerException
*/
- private void signXMLSignature() throws SLCommandException {
+ private void signXMLSignature() throws SLCommandException, SLViewerException {
try {
signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
@@ -213,11 +216,9 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignat
return new CreateXMLSignatureResultImpl(signature.getDocument());
- } catch (SLCommandException e) {
+ } catch (SLException e) {
return new ErrorResultImpl(e);
- } catch (SLRequestException e) {
- return new ErrorResultImpl(e);
- }
+ }
}
@Override
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
index d25f2526..ae4918ce 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
@@ -30,6 +30,7 @@ import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@@ -71,8 +72,12 @@ import at.gv.egiz.bku.binding.HttpUtil;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.bku.utils.urldereferencer.StreamData;
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.viewer.ValidationException;
+import at.gv.egiz.bku.viewer.Validator;
+import at.gv.egiz.bku.viewer.ValidatorFactory;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.slbinding.impl.XMLContentType;
@@ -99,10 +104,51 @@ public class DataObject {
*/
private static final String[] DEFAULT_PREFFERED_MIME_TYPES =
new String[] {
- "application/xhtml+xml",
- "text/plain"
- };
-
+ "text/plain",
+ "application/xhtml+xml"
+ };
+
+ /**
+ * Validate hash input.
+ */
+ private static boolean validate = false;
+
+ /**
+ * Enable validation of hash data input.
+ *
+ * @param validate
+ * <code>true</code> if validation should be enabled, or
+ * <code>false</code> otherwise.
+ */
+ public static void enableHashDataInputValidation(boolean validate) {
+ DataObject.validate = validate;
+ }
+
+ /**
+ * @return <code>true</code> if hash data input validation is enabled,
+ * or <code>false</code> otherwise.
+ */
+ public static boolean isHashDataInputValidationEnabled() {
+ return validate;
+ }
+
+ /**
+ * Valid MIME types.
+ */
+ private static String[] validMimeTypes = DEFAULT_PREFFERED_MIME_TYPES;
+
+ /**
+ * Sets the list of valid hash data input media types.
+ * <p>The array is also used for transformation path selection.
+ * The transformation path with a final type, that appears in the
+ * given array in the earliest position is used selected.</p>
+ *
+ * @param mediaTypes an array of MIME media types.
+ */
+ public static void setValidHashDataInputMediaTypes(String[] mediaTypes) {
+ validMimeTypes = mediaTypes;
+ }
+
/**
* The DOM implementation used.
*/
@@ -184,7 +230,70 @@ public class DataObject {
public String getDescription() {
return description;
}
-
+
+ public void validateHashDataInput() throws SLViewerException {
+
+ if (validate) {
+
+ if (reference == null) {
+ log.error("Medthod validateHashDataInput() called before reference has been created.");
+ throw new SLViewerException(5000);
+ }
+
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream == null) {
+ log.error("Method validateHashDataInput() called before reference has been generated " +
+ "or reference caching is not enabled.");
+ throw new SLViewerException(5000);
+ }
+
+ if (mimeType == null) {
+ log.info("FinalDataMetaInfo does not specify MIME type of to be signed data.");
+ // TODO: add detailed message
+ throw new SLViewerException(5000);
+ }
+
+ // get MIME media type
+ String mediaType = mimeType.split(";")[0].trim();
+ // and optional charset
+ String charset = HttpUtil.getCharset(mimeType, false);
+
+ if (Arrays.asList(validMimeTypes).contains(mediaType)) {
+
+ Validator validator;
+ try {
+ validator = ValidatorFactory.newValidator(mediaType);
+ } catch (IllegalArgumentException e) {
+ log.error("No validator found for mime type '" + mediaType + "'.");
+ throw new SLViewerException(5000);
+ }
+
+ try {
+ validator.validate(digestInputStream, charset);
+ } catch (ValidationException e) {
+ if ("text/plain".equals(mediaType)) {
+ log.info("Data to be displayed contains unsupported characters.", e);
+ // TODO: add detailed message
+ throw new SLViewerException(5003);
+ } else if ("application/xhtml+xml".equals(mediaType)) {
+ // TODO: add detailed message
+ log.info("Standard display format: HTML does not conform to specification.", e);
+ throw new SLViewerException(5004);
+ } else {
+ // TODO: add detailed message
+ log.info("Data to be displayed is invalid.", e);
+ throw new SLViewerException(5000);
+ }
+ }
+
+ } else {
+ log.info("MIME media type '" + mediaType + "' is not a valid digest input.");
+ throw new SLViewerException(5001);
+ }
+ }
+
+ }
+
/**
* Configures this DataObject with the information provided within the given
* <code>sl:DataObjectInfo</code>.
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
index eba1d96d..2d89c8ae 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
@@ -17,6 +17,8 @@
package at.gv.egiz.bku.slcommands.impl.xsect;
import at.gv.egiz.bku.slcommands.impl.HashDataInputImpl;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
+
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
@@ -123,9 +125,14 @@ public class STALSignature extends SignatureSpi {
// log.debug("got " + dataObjects.size() + " DataObjects, passing HashDataInputs to STAL SignRequest");
List<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>();
- for (DataObject dataObject : dataObjects) {
- hashDataInputs.add(new HashDataInputImpl(dataObject));
+ for (DataObject dataObject : dataObjects) {
+ try {
+ dataObject.validateHashDataInput();
+ } catch (SLViewerException e) {
+ throw new STALSignatureException(e);
}
+ hashDataInputs.add(new HashDataInputImpl(dataObject));
+ }
SignRequest signRequest = new SignRequest();
signRequest.setKeyIdentifier(keyboxIdentifier);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index 191f8371..2330ed3f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -81,6 +81,7 @@ import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
import at.gv.egiz.bku.binding.HttpUtil;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.bku.utils.HexDump;
import at.gv.egiz.bku.utils.urldereferencer.StreamData;
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
@@ -387,10 +388,11 @@ public class Signature {
* if signing the XMLSignature fails
* @throws SLCommandException
* if building the XMLSignature fails
+ * @throws SLViewerException
* @throws NullPointerException
* if <code>signContext</code> is <code>null</code>
*/
- public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException {
+ public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
if (xmlSignature == null) {
buildXMLSignature();
@@ -415,6 +417,9 @@ public class Signature {
Throwable cause = e.getCause();
while (cause != null) {
if (cause instanceof STALSignatureException) {
+ if (((STALSignatureException) cause).getCause() instanceof SLViewerException) {
+ throw (SLViewerException) ((STALSignatureException) cause).getCause();
+ }
int errorCode = ((STALSignatureException) cause).getErrorCode();
SLCommandException commandException = new SLCommandException(errorCode);
log.info("Failed to sign signature.", commandException);
@@ -482,11 +487,12 @@ public class Signature {
* if signing this Signature fails
* @throws SLCommandException
* if building this Signature fails
+ * @throws SLViewerException
* @throws NullPointerException
* if <code>stal</code> or <code>keyboxIdentifier</code> is
* <code>null</code>
*/
- public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException {
+ public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
if (stal == null) {
throw new NullPointerException("Argument 'stal' must not be null.");