summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java60
-rw-r--r--BKUApplet/src/main/resources/simplelog.properties2
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java2
-rw-r--r--BKUOnline/src/test/resources/appletTest.html4
4 files changed, 48 insertions, 20 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java
index 5f422164..3a36a290 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java
@@ -31,6 +31,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
+import java.util.Map.Entry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -58,15 +59,18 @@ public class WSSignRequestHandler extends SignRequestHandler {
GetHashDataInputType request = new GetHashDataInputType();
request.setSessionId(sessId);
- HashMap<String, ReferenceType> idRefMap = new HashMap<String, ReferenceType>();
- for (ReferenceType reference : signedReferences) {
+ HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>();
+ for (ReferenceType signedRef : signedReferences) {
//don't get Manifest, QualifyingProperties, ...
- if (reference.getType() == null) {
- String referenceId = reference.getId();
- if (referenceId != null) {
- idRefMap.put(referenceId, reference);
+ if (signedRef.getType() == null) {
+ String signedRefId = signedRef.getId();
+ if (signedRefId != null) {
+ if (log.isTraceEnabled()) {
+ log.trace("requesting hashdata input for reference " + signedRefId);
+ }
+ idSignedRefMap.put(signedRefId, signedRef);
GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference();
- ref.setID(referenceId);
+ ref.setID(signedRefId);
request.getReference().add(ref);
} else {
@@ -76,31 +80,52 @@ public class WSSignRequestHandler extends SignRequestHandler {
}
if (log.isDebugEnabled()) {
- log.debug("Calling GetHashDataInput for session " + sessId);
+ log.debug("Calling GetHashDataInput for " + request.getReference().size() + " references in session " + sessId);
}
GetHashDataInputResponseType response = stalPort.getHashDataInput(request);
ArrayList<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>();
+ //hashdata inputs returned from service
+ HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>();
for (GetHashDataInputResponseType.Reference reference : response.getReference()) {
-
String id = reference.getID();
byte[] hdi = reference.getValue();
if (hdi == null) {
- throw new Exception("Failed to resolve digest value for reference " + id);
+ throw new Exception("Did not receive hashdata input for reference " + id);
+ }
+ idRefMap.put(id, reference);
+ }
+
+ for (String signedRefId : idSignedRefMap.keySet()) {
+ log.info("validating hashdata input for reference " + signedRefId);
+
+ GetHashDataInputResponseType.Reference reference = idRefMap.get(signedRefId);
+ if (reference == null) {
+ throw new Exception("No hashdata input for reference " + signedRefId + " returned by service");
}
+
+// }
+//
+// for (GetHashDataInputResponseType.Reference reference : response.getReference()) {
+//
+// String id = reference.getID();
+ byte[] hdi = reference.getValue();
String mimeType = reference.getMimeType();
String encoding = reference.getEncoding();
+ if (hdi == null) {
+ throw new Exception("No hashdata input provided for reference " + signedRefId);
+ }
if (log.isDebugEnabled()) {
- log.debug("Got HashDataInput " + id + " (" + mimeType + ";" + encoding + ")");
+ log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")");
}
- ReferenceType dsigRef = idRefMap.get(id);
+ ReferenceType dsigRef = idSignedRefMap.get(signedRefId);
DigestMethodType dm = dsigRef.getDigestMethod();
+
if (dm == null) {
- throw new Exception("Failed to verify digest value for reference " + id + ": no digest algorithm");
+ throw new Exception("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm");
}
- //TODO
String mdAlg = dm.getAlgorithm();
if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg))
mdAlg = "SHA-1";
@@ -120,15 +145,18 @@ public class WSSignRequestHandler extends SignRequestHandler {
mdAlg = "MD5";
else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg))
mdAlg = "RipeMD-160";
+ else {
+ throw new Exception("Failed to verify digest value for reference " + signedRefId + ": unsupported digest algorithm " + mdAlg);
+ }
MessageDigest md = MessageDigest.getInstance(mdAlg);
byte[] hdiDigest = md.digest(hdi);
if (log.isDebugEnabled())
log.debug("Comparing digest values... ");
if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) {
log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue()));
- throw new DigestException("Bad digest value for reference " + id + ": " + dsigRef.getDigestValue());
+ throw new DigestException("Bad digest value for reference " + signedRefId + ": " + new String(dsigRef.getDigestValue()));
}
- hashDataInputs.add(new ByteArrayHashDataInput(hdi, id, mimeType, encoding));
+ hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
}
return hashDataInputs;
}
diff --git a/BKUApplet/src/main/resources/simplelog.properties b/BKUApplet/src/main/resources/simplelog.properties
index d62508cf..51be76a8 100644
--- a/BKUApplet/src/main/resources/simplelog.properties
+++ b/BKUApplet/src/main/resources/simplelog.properties
@@ -15,7 +15,7 @@
# Logging detail level,
# Must be one of ("trace", "debug", "info", "warn", "error", or "fatal").
-org.apache.commons.logging.simplelog.defaultlog=debug
+org.apache.commons.logging.simplelog.defaultlog=trace
# Logs the Log instance used
org.apache.commons.logging.simplelog.showlogname=true
#Logs the class name with package(or Path)
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
index bcee1e77..55e66685 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
@@ -191,7 +191,7 @@ public class STALServiceImpl implements STALPortType {
if (TEST_SESSION_ID.equals(sessionId)) {
log.debug("Received GetHashDataInput for session " + TEST_SESSION_ID + ", return DummyHashDataInput");
GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference();
- ref.setID("Reference-" + TEST_SESSION_ID + "-001");
+ ref.setID("signed-data-reference-0-1214921968-27971781-24309"); //Reference-" + TEST_SESSION_ID + "-001");
ref.setMimeType("text/plain");
Charset charset;
diff --git a/BKUOnline/src/test/resources/appletTest.html b/BKUOnline/src/test/resources/appletTest.html
index 7e4a17cc..bf24a2c9 100644
--- a/BKUOnline/src/test/resources/appletTest.html
+++ b/BKUOnline/src/test/resources/appletTest.html
@@ -20,9 +20,9 @@
<applet code="at.gv.egiz.bku.online.applet.BKUApplet.class"
archive="../BKUOnline-1.0-SNAPSHOT/applet/BKUApplet-1.0-SNAPSHOT.jar , ../BKUOnline-1.0-SNAPSHOT/applet/commons-logging-1.1.1.jar , ../BKUOnline-1.0-SNAPSHOT/applet/iaik_jce_me4se-3.04.jar"
width=380 height=160>
- <param name="WSDL_URL" value="http://localhost:8080/bkuonline/stal?wsdl"/>
+ <param name="WSDL_URL" value="http://localhost:3495/BKUOnline-1.0-SNAPSHOT/stal?wsdl"/>
<param name="SessionId" value="TestSession"/>
- <param name="redirectURL" value="http://localhost:8080/bkuonline/stal?wsdl"/>
+ <param name="redirectURL" value="http://localhost:3495/redirectURL"/>
</applet>
</center>
</body>