summaryrefslogtreecommitdiff
path: root/bkucommon/src/main/java/at/gv/egiz
diff options
context:
space:
mode:
authormcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2008-09-11 12:16:35 +0000
committermcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2008-09-11 12:16:35 +0000
commit66cfb865fbfa7af514e803003f928d77f1156e46 (patch)
tree909f3c586b5c2daf9da4cc8b8aca4c1c58dd0565 /bkucommon/src/main/java/at/gv/egiz
parent2f566efcd4e861ceac5be5cf1b197e04639627a0 (diff)
downloadmocca-66cfb865fbfa7af514e803003f928d77f1156e46.tar.gz
mocca-66cfb865fbfa7af514e803003f928d77f1156e46.tar.bz2
mocca-66cfb865fbfa7af514e803003f928d77f1156e46.zip
Added to be signed data validation.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@32 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java5
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java5
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java13
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java119
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java11
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java10
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java7
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidationException.java38
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/viewer/Validator.java25
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidatorFactory.java165
10 files changed, 371 insertions, 27 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java
index 253f8ff5..1a22f787 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/InputStreamPartSource.java
@@ -14,11 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-
package at.gv.egiz.bku.binding.multipart;
import java.io.IOException;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java
index 566b77b3..5585f02e 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/multipart/SLResultPart.java
@@ -14,11 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-
package at.gv.egiz.bku.binding.multipart;
import at.gv.egiz.bku.slcommands.SLResult;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 136fa6f3..628326cf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -44,7 +44,9 @@ import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.stal.InfoboxReadRequest;
import at.gv.egiz.stal.InfoboxReadResponse;
@@ -166,9 +168,10 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignat
* Signs the signature.
*
* @throws SLCommandException
- * if signing the signature fails
+ * if signing the signature fails
+ * @throws SLViewerException
*/
- private void signXMLSignature() throws SLCommandException {
+ private void signXMLSignature() throws SLCommandException, SLViewerException {
try {
signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
@@ -213,11 +216,9 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignat
return new CreateXMLSignatureResultImpl(signature.getDocument());
- } catch (SLCommandException e) {
+ } catch (SLException e) {
return new ErrorResultImpl(e);
- } catch (SLRequestException e) {
- return new ErrorResultImpl(e);
- }
+ }
}
@Override
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
index d25f2526..ae4918ce 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
@@ -30,6 +30,7 @@ import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@@ -71,8 +72,12 @@ import at.gv.egiz.bku.binding.HttpUtil;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.bku.utils.urldereferencer.StreamData;
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.viewer.ValidationException;
+import at.gv.egiz.bku.viewer.Validator;
+import at.gv.egiz.bku.viewer.ValidatorFactory;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.slbinding.impl.XMLContentType;
@@ -99,10 +104,51 @@ public class DataObject {
*/
private static final String[] DEFAULT_PREFFERED_MIME_TYPES =
new String[] {
- "application/xhtml+xml",
- "text/plain"
- };
-
+ "text/plain",
+ "application/xhtml+xml"
+ };
+
+ /**
+ * Validate hash input.
+ */
+ private static boolean validate = false;
+
+ /**
+ * Enable validation of hash data input.
+ *
+ * @param validate
+ * <code>true</code> if validation should be enabled, or
+ * <code>false</code> otherwise.
+ */
+ public static void enableHashDataInputValidation(boolean validate) {
+ DataObject.validate = validate;
+ }
+
+ /**
+ * @return <code>true</code> if hash data input validation is enabled,
+ * or <code>false</code> otherwise.
+ */
+ public static boolean isHashDataInputValidationEnabled() {
+ return validate;
+ }
+
+ /**
+ * Valid MIME types.
+ */
+ private static String[] validMimeTypes = DEFAULT_PREFFERED_MIME_TYPES;
+
+ /**
+ * Sets the list of valid hash data input media types.
+ * <p>The array is also used for transformation path selection.
+ * The transformation path with a final type, that appears in the
+ * given array in the earliest position is used selected.</p>
+ *
+ * @param mediaTypes an array of MIME media types.
+ */
+ public static void setValidHashDataInputMediaTypes(String[] mediaTypes) {
+ validMimeTypes = mediaTypes;
+ }
+
/**
* The DOM implementation used.
*/
@@ -184,7 +230,70 @@ public class DataObject {
public String getDescription() {
return description;
}
-
+
+ public void validateHashDataInput() throws SLViewerException {
+
+ if (validate) {
+
+ if (reference == null) {
+ log.error("Medthod validateHashDataInput() called before reference has been created.");
+ throw new SLViewerException(5000);
+ }
+
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream == null) {
+ log.error("Method validateHashDataInput() called before reference has been generated " +
+ "or reference caching is not enabled.");
+ throw new SLViewerException(5000);
+ }
+
+ if (mimeType == null) {
+ log.info("FinalDataMetaInfo does not specify MIME type of to be signed data.");
+ // TODO: add detailed message
+ throw new SLViewerException(5000);
+ }
+
+ // get MIME media type
+ String mediaType = mimeType.split(";")[0].trim();
+ // and optional charset
+ String charset = HttpUtil.getCharset(mimeType, false);
+
+ if (Arrays.asList(validMimeTypes).contains(mediaType)) {
+
+ Validator validator;
+ try {
+ validator = ValidatorFactory.newValidator(mediaType);
+ } catch (IllegalArgumentException e) {
+ log.error("No validator found for mime type '" + mediaType + "'.");
+ throw new SLViewerException(5000);
+ }
+
+ try {
+ validator.validate(digestInputStream, charset);
+ } catch (ValidationException e) {
+ if ("text/plain".equals(mediaType)) {
+ log.info("Data to be displayed contains unsupported characters.", e);
+ // TODO: add detailed message
+ throw new SLViewerException(5003);
+ } else if ("application/xhtml+xml".equals(mediaType)) {
+ // TODO: add detailed message
+ log.info("Standard display format: HTML does not conform to specification.", e);
+ throw new SLViewerException(5004);
+ } else {
+ // TODO: add detailed message
+ log.info("Data to be displayed is invalid.", e);
+ throw new SLViewerException(5000);
+ }
+ }
+
+ } else {
+ log.info("MIME media type '" + mediaType + "' is not a valid digest input.");
+ throw new SLViewerException(5001);
+ }
+ }
+
+ }
+
/**
* Configures this DataObject with the information provided within the given
* <code>sl:DataObjectInfo</code>.
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
index eba1d96d..2d89c8ae 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
@@ -17,6 +17,8 @@
package at.gv.egiz.bku.slcommands.impl.xsect;
import at.gv.egiz.bku.slcommands.impl.HashDataInputImpl;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
+
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
@@ -123,9 +125,14 @@ public class STALSignature extends SignatureSpi {
// log.debug("got " + dataObjects.size() + " DataObjects, passing HashDataInputs to STAL SignRequest");
List<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>();
- for (DataObject dataObject : dataObjects) {
- hashDataInputs.add(new HashDataInputImpl(dataObject));
+ for (DataObject dataObject : dataObjects) {
+ try {
+ dataObject.validateHashDataInput();
+ } catch (SLViewerException e) {
+ throw new STALSignatureException(e);
}
+ hashDataInputs.add(new HashDataInputImpl(dataObject));
+ }
SignRequest signRequest = new SignRequest();
signRequest.setKeyIdentifier(keyboxIdentifier);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index 191f8371..2330ed3f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -81,6 +81,7 @@ import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
import at.gv.egiz.bku.binding.HttpUtil;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.bku.utils.HexDump;
import at.gv.egiz.bku.utils.urldereferencer.StreamData;
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
@@ -387,10 +388,11 @@ public class Signature {
* if signing the XMLSignature fails
* @throws SLCommandException
* if building the XMLSignature fails
+ * @throws SLViewerException
* @throws NullPointerException
* if <code>signContext</code> is <code>null</code>
*/
- public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException {
+ public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
if (xmlSignature == null) {
buildXMLSignature();
@@ -415,6 +417,9 @@ public class Signature {
Throwable cause = e.getCause();
while (cause != null) {
if (cause instanceof STALSignatureException) {
+ if (((STALSignatureException) cause).getCause() instanceof SLViewerException) {
+ throw (SLViewerException) ((STALSignatureException) cause).getCause();
+ }
int errorCode = ((STALSignatureException) cause).getErrorCode();
SLCommandException commandException = new SLCommandException(errorCode);
log.info("Failed to sign signature.", commandException);
@@ -482,11 +487,12 @@ public class Signature {
* if signing this Signature fails
* @throws SLCommandException
* if building this Signature fails
+ * @throws SLViewerException
* @throws NullPointerException
* if <code>stal</code> or <code>keyboxIdentifier</code> is
* <code>null</code>
*/
- public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException {
+ public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
if (stal == null) {
throw new NullPointerException("Argument 'stal' must not be null.");
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java b/bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java
index 1d128a00..853328d5 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slexceptions/SLViewerException.java
@@ -17,9 +17,12 @@
package at.gv.egiz.bku.slexceptions;
public class SLViewerException extends SLException {
-
+
+ public SLViewerException(int errorCode) {
+ super(errorCode);
+ }
+
public SLViewerException(int errorCode, String msg, Object[] args) {
super(errorCode, msg, args);
- // TODO Auto-generated constructor stub
}
} \ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidationException.java b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidationException.java
new file mode 100644
index 00000000..fb332a09
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidationException.java
@@ -0,0 +1,38 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.viewer;
+
+public class ValidationException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public ValidationException() {
+ }
+
+ public ValidationException(String message) {
+ super(message);
+ }
+
+ public ValidationException(Throwable cause) {
+ super(cause);
+ }
+
+ public ValidationException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/viewer/Validator.java b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/Validator.java
new file mode 100644
index 00000000..08b21080
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/Validator.java
@@ -0,0 +1,25 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.viewer;
+
+import java.io.InputStream;
+
+public interface Validator {
+
+ public void validate(InputStream is, String charset) throws ValidationException;
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidatorFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidatorFactory.java
new file mode 100644
index 00000000..e16a261e
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/viewer/ValidatorFactory.java
@@ -0,0 +1,165 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.viewer;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class ValidatorFactory {
+
+ /**
+ * Logging facility.
+ */
+ protected static Log log = LogFactory.getLog(ValidatorFactory.class);
+
+ private static final Class<Validator> VALIDATOR_CLASS = Validator.class;
+
+ private static final String SERVICE_ID = "META-INF/services/" + VALIDATOR_CLASS.getName();
+
+ /**
+ * Creates a new Validator for the given <code>mimeType</code>.
+ *
+ * @param mimeType
+ *
+ * @return
+ *
+ * @throws IllegalArgumentException
+ * if no Validator for the <code>mimeType</code> could be found
+ */
+ public static Validator newValidator(String mimeType) throws IllegalArgumentException {
+
+ ClassLoader classLoader = ValidatorFactory.class.getClassLoader();
+ ValidatorFactory factory = new ValidatorFactory(classLoader);
+
+ Validator validator = factory.createValidator(mimeType);
+
+ if (validator == null) {
+ throw new IllegalArgumentException("Validator for '" + mimeType
+ + "' could not be found.");
+ }
+
+ return validator;
+
+ }
+
+ private ClassLoader classLoader;
+
+ /**
+ * Private constructor.
+ *
+ * @param classLoader must not be <code>null</code>
+ */
+ private ValidatorFactory(ClassLoader classLoader) {
+
+ if (classLoader == null) {
+ throw new NullPointerException("Argument 'classLoader' must no be null.");
+ }
+
+ this.classLoader = classLoader;
+
+ }
+
+ private Validator createValidator(String mimeType) {
+
+ Iterator<URL> serviceIterator = createServiceIterator();
+ while (serviceIterator.hasNext()) {
+ URL url = serviceIterator.next();
+
+ Properties properties = new Properties();
+ try {
+ properties.load(url.openStream());
+ } catch (IOException e) {
+ log.error("Failed to load service properties " + url.toExternalForm());
+ continue;
+ }
+ String className = properties.getProperty(mimeType);
+ if (className != null) {
+ try {
+ return createValidatorInstance(className);
+ } catch (Exception e) {
+ continue;
+ }
+ }
+
+ }
+
+ return null;
+
+ }
+
+ private Validator createValidatorInstance(String className)
+ throws ClassNotFoundException, InstantiationException,
+ IllegalAccessException {
+
+ try {
+ Class<?> implClass = classLoader.loadClass(className);
+ return (Validator) implClass.newInstance();
+ } catch (ClassNotFoundException e) {
+ log.error("Validator class '" + className + "' not found.", e);
+ throw e;
+ } catch (InstantiationException e) {
+ log.error("Faild to initialize validator class '" + className + "'.", e);
+ throw e;
+ } catch (IllegalAccessException e) {
+ log.error("Faild to initialize validator class '" + className + "'.", e);
+ throw e;
+ } catch (ClassCastException e) {
+ log.error("Class '" + className + "' is not a validator implementation.", e);
+ throw e;
+ }
+
+ }
+
+ private Iterator<URL> createServiceIterator() {
+
+ try {
+ final Enumeration<URL> resources = classLoader.getResources(SERVICE_ID);
+ return new Iterator<URL> () {
+
+ @Override
+ public boolean hasNext() {
+ return resources.hasMoreElements();
+ }
+
+ @Override
+ public URL next() {
+ return resources.nextElement();
+ }
+
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException();
+ }
+
+ };
+ } catch (IOException e) {
+ log.error("Failed to enumerate resources " + SERVICE_ID);
+ List<URL> list = Collections.emptyList();
+ return list.iterator();
+ }
+
+ }
+
+}