diff options
author | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2008-09-11 12:16:35 +0000 |
---|---|---|
committer | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2008-09-11 12:16:35 +0000 |
commit | 66cfb865fbfa7af514e803003f928d77f1156e46 (patch) | |
tree | 909f3c586b5c2daf9da4cc8b8aca4c1c58dd0565 /bkucommon/src/main/java/at/gv/egiz | |
parent | 2f566efcd4e861ceac5be5cf1b197e04639627a0 (diff) | |
download | mocca-66cfb865fbfa7af514e803003f928d77f1156e46.tar.gz mocca-66cfb865fbfa7af514e803003f928d77f1156e46.tar.bz2 mocca-66cfb865fbfa7af514e803003f928d77f1156e46.zip |
Added to be signed data validation.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@32 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz')
10 files changed, 371 insertions, 27 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java index 253f8ff5..1a22f787 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java @@ -14,11 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - package at.gv.egiz.bku.binding.multipart; import java.io.IOException; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java index 566b77b3..5585f02e 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java @@ -14,11 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - package at.gv.egiz.bku.binding.multipart; import at.gv.egiz.bku.slcommands.SLResult; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index 136fa6f3..628326cf 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -44,7 +44,9 @@ import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory; import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException; import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException; import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.stal.InfoboxReadRequest;
import at.gv.egiz.stal.InfoboxReadResponse;
@@ -166,9 +168,10 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignat * Signs the signature.
*
* @throws SLCommandException
- * if signing the signature fails
+ * if signing the signature fails + * @throws SLViewerException
*/
- private void signXMLSignature() throws SLCommandException {
+ private void signXMLSignature() throws SLCommandException, SLViewerException {
try {
signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
@@ -213,11 +216,9 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignat return new CreateXMLSignatureResultImpl(signature.getDocument());
- } catch (SLCommandException e) {
+ } catch (SLException e) {
return new ErrorResultImpl(e);
- } catch (SLRequestException e) {
- return new ErrorResultImpl(e);
- }
+ }
}
@Override
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java index d25f2526..ae4918ce 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java @@ -30,6 +30,7 @@ import java.nio.charset.Charset; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
+import java.util.Arrays; import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@@ -71,8 +72,12 @@ import at.gv.egiz.bku.binding.HttpUtil; import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.slexceptions.SLViewerException; import at.gv.egiz.bku.utils.urldereferencer.StreamData;
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.viewer.ValidationException; +import at.gv.egiz.bku.viewer.Validator; +import at.gv.egiz.bku.viewer.ValidatorFactory; import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.slbinding.impl.XMLContentType;
@@ -99,10 +104,51 @@ public class DataObject { */
private static final String[] DEFAULT_PREFFERED_MIME_TYPES =
new String[] {
- "application/xhtml+xml",
- "text/plain"
- };
-
+ "text/plain", + "application/xhtml+xml"
+ }; + + /** + * Validate hash input. + */ + private static boolean validate = false; + + /** + * Enable validation of hash data input. + * + * @param validate + * <code>true</code> if validation should be enabled, or + * <code>false</code> otherwise. + */ + public static void enableHashDataInputValidation(boolean validate) { + DataObject.validate = validate; + } + + /** + * @return <code>true</code> if hash data input validation is enabled, + * or <code>false</code> otherwise. + */ + public static boolean isHashDataInputValidationEnabled() { + return validate; + } + + /** + * Valid MIME types. + */ + private static String[] validMimeTypes = DEFAULT_PREFFERED_MIME_TYPES; + + /** + * Sets the list of valid hash data input media types. + * <p>The array is also used for transformation path selection. + * The transformation path with a final type, that appears in the + * given array in the earliest position is used selected.</p> + * + * @param mediaTypes an array of MIME media types. + */ + public static void setValidHashDataInputMediaTypes(String[] mediaTypes) { + validMimeTypes = mediaTypes; + } + /**
* The DOM implementation used.
*/
@@ -184,7 +230,70 @@ public class DataObject { public String getDescription() {
return description;
}
-
+ + public void validateHashDataInput() throws SLViewerException { + + if (validate) { + + if (reference == null) { + log.error("Medthod validateHashDataInput() called before reference has been created."); + throw new SLViewerException(5000); + } + + InputStream digestInputStream = reference.getDigestInputStream(); + if (digestInputStream == null) { + log.error("Method validateHashDataInput() called before reference has been generated " + + "or reference caching is not enabled."); + throw new SLViewerException(5000); + } + + if (mimeType == null) { + log.info("FinalDataMetaInfo does not specify MIME type of to be signed data."); + // TODO: add detailed message + throw new SLViewerException(5000); + } + + // get MIME media type + String mediaType = mimeType.split(";")[0].trim(); + // and optional charset + String charset = HttpUtil.getCharset(mimeType, false); + + if (Arrays.asList(validMimeTypes).contains(mediaType)) { + + Validator validator; + try { + validator = ValidatorFactory.newValidator(mediaType); + } catch (IllegalArgumentException e) { + log.error("No validator found for mime type '" + mediaType + "'."); + throw new SLViewerException(5000); + } + + try { + validator.validate(digestInputStream, charset); + } catch (ValidationException e) { + if ("text/plain".equals(mediaType)) { + log.info("Data to be displayed contains unsupported characters.", e); + // TODO: add detailed message + throw new SLViewerException(5003); + } else if ("application/xhtml+xml".equals(mediaType)) { + // TODO: add detailed message + log.info("Standard display format: HTML does not conform to specification.", e); + throw new SLViewerException(5004); + } else { + // TODO: add detailed message + log.info("Data to be displayed is invalid.", e); + throw new SLViewerException(5000); + } + } + + } else { + log.info("MIME media type '" + mediaType + "' is not a valid digest input."); + throw new SLViewerException(5001); + } + } + + } +
/**
* Configures this DataObject with the information provided within the given
* <code>sl:DataObjectInfo</code>.
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java index eba1d96d..2d89c8ae 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java @@ -17,6 +17,8 @@ package at.gv.egiz.bku.slcommands.impl.xsect; import at.gv.egiz.bku.slcommands.impl.HashDataInputImpl; +import at.gv.egiz.bku.slexceptions.SLViewerException; + import java.io.ByteArrayOutputStream; import java.security.InvalidKeyException; import java.security.InvalidParameterException; @@ -123,9 +125,14 @@ public class STALSignature extends SignatureSpi { // log.debug("got " + dataObjects.size() + " DataObjects, passing HashDataInputs to STAL SignRequest"); List<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>(); - for (DataObject dataObject : dataObjects) { - hashDataInputs.add(new HashDataInputImpl(dataObject)); + for (DataObject dataObject : dataObjects) { + try { + dataObject.validateHashDataInput(); + } catch (SLViewerException e) { + throw new STALSignatureException(e); } + hashDataInputs.add(new HashDataInputImpl(dataObject)); + } SignRequest signRequest = new SignRequest(); signRequest.setKeyIdentifier(keyboxIdentifier); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java index 191f8371..2330ed3f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java @@ -81,6 +81,7 @@ import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType; import at.gv.egiz.bku.binding.HttpUtil; import at.gv.egiz.bku.slexceptions.SLCommandException; import at.gv.egiz.bku.slexceptions.SLRequestException; +import at.gv.egiz.bku.slexceptions.SLViewerException; import at.gv.egiz.bku.utils.HexDump; import at.gv.egiz.bku.utils.urldereferencer.StreamData; import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; @@ -387,10 +388,11 @@ public class Signature { * if signing the XMLSignature fails * @throws SLCommandException * if building the XMLSignature fails + * @throws SLViewerException * @throws NullPointerException * if <code>signContext</code> is <code>null</code> */ - public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException { + public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException { if (xmlSignature == null) { buildXMLSignature(); @@ -415,6 +417,9 @@ public class Signature { Throwable cause = e.getCause(); while (cause != null) { if (cause instanceof STALSignatureException) { + if (((STALSignatureException) cause).getCause() instanceof SLViewerException) { + throw (SLViewerException) ((STALSignatureException) cause).getCause(); + } int errorCode = ((STALSignatureException) cause).getErrorCode(); SLCommandException commandException = new SLCommandException(errorCode); log.info("Failed to sign signature.", commandException); @@ -482,11 +487,12 @@ public class Signature { * if signing this Signature fails * @throws SLCommandException * if building this Signature fails + * @throws SLViewerException * @throws NullPointerException * if <code>stal</code> or <code>keyboxIdentifier</code> is * <code>null</code> */ - public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException { + public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException { if (stal == null) { throw new NullPointerException("Argument 'stal' must not be null."); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java b/bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java index 1d128a00..853328d5 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java @@ -17,9 +17,12 @@ package at.gv.egiz.bku.slexceptions;
public class SLViewerException extends SLException {
-
+ + public SLViewerException(int errorCode) { + super(errorCode); + } + public SLViewerException(int errorCode, String msg, Object[] args) {
super(errorCode, msg, args);
- // TODO Auto-generated constructor stub
}
}
\ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidationException.java b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidationException.java new file mode 100644 index 00000000..fb332a09 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidationException.java @@ -0,0 +1,38 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.viewer; + +public class ValidationException extends Exception { + + private static final long serialVersionUID = 1L; + + public ValidationException() { + } + + public ValidationException(String message) { + super(message); + } + + public ValidationException(Throwable cause) { + super(cause); + } + + public ValidationException(String message, Throwable cause) { + super(message, cause); + } + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/viewer/Validator.java b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/Validator.java new file mode 100644 index 00000000..08b21080 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/Validator.java @@ -0,0 +1,25 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.viewer; + +import java.io.InputStream; + +public interface Validator { + + public void validate(InputStream is, String charset) throws ValidationException; + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidatorFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidatorFactory.java new file mode 100644 index 00000000..e16a261e --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidatorFactory.java @@ -0,0 +1,165 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.viewer; + +import java.io.IOException; +import java.net.URL; +import java.util.Collections; +import java.util.Enumeration; +import java.util.Iterator; +import java.util.List; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class ValidatorFactory { + + /** + * Logging facility. + */ + protected static Log log = LogFactory.getLog(ValidatorFactory.class); + + private static final Class<Validator> VALIDATOR_CLASS = Validator.class; + + private static final String SERVICE_ID = "META-INF/services/" + VALIDATOR_CLASS.getName(); + + /** + * Creates a new Validator for the given <code>mimeType</code>. + * + * @param mimeType + * + * @return + * + * @throws IllegalArgumentException + * if no Validator for the <code>mimeType</code> could be found + */ + public static Validator newValidator(String mimeType) throws IllegalArgumentException { + + ClassLoader classLoader = ValidatorFactory.class.getClassLoader(); + ValidatorFactory factory = new ValidatorFactory(classLoader); + + Validator validator = factory.createValidator(mimeType); + + if (validator == null) { + throw new IllegalArgumentException("Validator for '" + mimeType + + "' could not be found."); + } + + return validator; + + } + + private ClassLoader classLoader; + + /** + * Private constructor. + * + * @param classLoader must not be <code>null</code> + */ + private ValidatorFactory(ClassLoader classLoader) { + + if (classLoader == null) { + throw new NullPointerException("Argument 'classLoader' must no be null."); + } + + this.classLoader = classLoader; + + } + + private Validator createValidator(String mimeType) { + + Iterator<URL> serviceIterator = createServiceIterator(); + while (serviceIterator.hasNext()) { + URL url = serviceIterator.next(); + + Properties properties = new Properties(); + try { + properties.load(url.openStream()); + } catch (IOException e) { + log.error("Failed to load service properties " + url.toExternalForm()); + continue; + } + String className = properties.getProperty(mimeType); + if (className != null) { + try { + return createValidatorInstance(className); + } catch (Exception e) { + continue; + } + } + + } + + return null; + + } + + private Validator createValidatorInstance(String className) + throws ClassNotFoundException, InstantiationException, + IllegalAccessException { + + try { + Class<?> implClass = classLoader.loadClass(className); + return (Validator) implClass.newInstance(); + } catch (ClassNotFoundException e) { + log.error("Validator class '" + className + "' not found.", e); + throw e; + } catch (InstantiationException e) { + log.error("Faild to initialize validator class '" + className + "'.", e); + throw e; + } catch (IllegalAccessException e) { + log.error("Faild to initialize validator class '" + className + "'.", e); + throw e; + } catch (ClassCastException e) { + log.error("Class '" + className + "' is not a validator implementation.", e); + throw e; + } + + } + + private Iterator<URL> createServiceIterator() { + + try { + final Enumeration<URL> resources = classLoader.getResources(SERVICE_ID); + return new Iterator<URL> () { + + @Override + public boolean hasNext() { + return resources.hasMoreElements(); + } + + @Override + public URL next() { + return resources.nextElement(); + } + + @Override + public void remove() { + throw new UnsupportedOperationException(); + } + + }; + } catch (IOException e) { + log.error("Failed to enumerate resources " + SERVICE_ID); + List<URL> list = Collections.emptyList(); + return list.iterator(); + } + + } + +} |