diff options
-rw-r--r-- | BKUOnline/src/main/resources/log4j.properties | 5 | ||||
-rw-r--r-- | BKUOnline/src/main/webapp/helpfiles/de/help.hashdataviewer.html | 39 | ||||
-rw-r--r-- | BKUOnline/src/main/webapp/helpfiles/de/help.hashdataviewer.png | bin | 0 -> 11310 bytes | |||
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java | 446 |
4 files changed, 273 insertions, 217 deletions
diff --git a/BKUOnline/src/main/resources/log4j.properties b/BKUOnline/src/main/resources/log4j.properties index 58f09511..f608c83d 100644 --- a/BKUOnline/src/main/resources/log4j.properties +++ b/BKUOnline/src/main/resources/log4j.properties @@ -14,7 +14,10 @@ # limitations under the License. -log4j.rootLogger=TRACE, STDOUT, file +#log4j.rootLogger=INFO, STDOUT, file +log4j.rootLogger=INFO, file +#log4j.logger.at.gv = INFO + # STDOUT appender log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender diff --git a/BKUOnline/src/main/webapp/helpfiles/de/help.hashdataviewer.html b/BKUOnline/src/main/webapp/helpfiles/de/help.hashdataviewer.html new file mode 100644 index 00000000..3a56e88a --- /dev/null +++ b/BKUOnline/src/main/webapp/helpfiles/de/help.hashdataviewer.html @@ -0,0 +1,39 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<title>Untitled Document</title>
+<link href="../../helpfiles/help.css" rel="stylesheet" type="text/css" />
+<!--[if IE]>
+<style type="text/css">
+/* place css fixes for all versions of IE in this conditional comment */
+.twoColElsLtHdr #sidebar1 { padding-top: 30px; }
+.twoColElsLtHdr #mainContent { zoom: 1; padding-top: 15px; }
+/* the above proprietary zoom property gives IE the hasLayout it needs to avoid several bugs */
+</style>
+<![endif]-->
+</head>
+
+<body class="twoColElsLtHdr">
+
+<div id="container">
+ <div id="header">
+ <h1>Online-Hilfe</h1>
+ <!-- end #header --></div>
+ <div id="sidebar1">
+ <p><img src="../../helpfiles/de/help.hashdataviewer.png" alt="Bildschirmfoto des Applets" height="130" width="150"/></p>
+ <p><strong>Hinweis:</strong> Das Bildschirmfoto oben kann von der Darstellung in der Webseite abweichen.</p>
+ <!-- end #sidebar1 --></div>
+ <div id="mainContent">
+ <h1> Anzeige der Signaturdaten </h1>
+ <p>Dieses Fenster zeigt die zu signierenden Daten an. Dies können entweder reine Textdaten oder XHTML sein. Im Falle von XHML erhalten Sie den Hinweis, dass es sich bei den dargestellten Daten nur um eine Voransicht handelt. Um die Daten gesetzeskonform darzustellen, müssen diese abgespeichert und mit einem geeigneten XHTML Betrachter geöffnen werden.</p>
+ <p>In jedem Fall können die zu signierenden abgespeichert werden.</p>
+ </div>
+ <div id="footer">
+ <p>
+ <a href="http://www.buergerkarte.at">Österreichische Bürgerkarte</a> | <a href="http://mocca.egovlabs.gv.at">Bürgerkartensoftware MOCCA</a>
+ </p>
+ </div>
+<!-- end #container --></div>
+</body>
+</html>
diff --git a/BKUOnline/src/main/webapp/helpfiles/de/help.hashdataviewer.png b/BKUOnline/src/main/webapp/helpfiles/de/help.hashdataviewer.png Binary files differnew file mode 100644 index 00000000..83004322 --- /dev/null +++ b/BKUOnline/src/main/webapp/helpfiles/de/help.hashdataviewer.png diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index 6462bcf6..b2e3b303 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -1,230 +1,244 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl;
-
-import java.io.ByteArrayInputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.dsig.XMLSignatureException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.ls.DOMImplementationLS;
-import org.w3c.dom.ls.LSSerializer;
-
-import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType;
-import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
-import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand;
-import at.gv.egiz.bku.slcommands.SLCommandContext;
-import at.gv.egiz.bku.slcommands.SLResult;
-import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory;
-import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
-import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
-import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
-import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
+ * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.slcommands.impl; + +import java.io.ByteArrayInputStream; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Date; + +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.URIReferenceException; +import javax.xml.crypto.dsig.XMLSignatureException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSSerializer; + +import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType; +import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; +import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slcommands.SLResult; +import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory; +import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl; +import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory; +import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl; +import at.gv.egiz.bku.slcommands.impl.xsect.Signature; +import at.gv.egiz.bku.slexceptions.SLCommandException; import at.gv.egiz.bku.slexceptions.SLException; -import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLRequestException; import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.dom.DOMUtils;
-import at.gv.egiz.stal.InfoboxReadRequest;
-import at.gv.egiz.stal.InfoboxReadResponse;
-import at.gv.egiz.stal.STALRequest;
-import at.gv.egiz.stal.STALResponse;
-
-/**
- * This class implements the security layer command <code>CreateXMLSignatureRequest</code>.
- *
- * @author mcentner
- */
-public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignatureRequestType> implements
- CreateXMLSignatureCommand {
-
- /**
- * Logging facility.
- */
- protected static Log log = LogFactory.getLog(CreateXMLSignatureCommandImpl.class);
-
- /**
- * The signing certificate.
- */
- protected X509Certificate signingCertificate;
-
- /**
- * The keybox identifier of the key used for signing.
- */
- protected String keyboxIdentifier;
-
- /**
- * The to-be signed signature.
- */
- protected Signature signature;
-
- @Override
- public void init(SLCommandContext ctx, Object unmarshalledRequest)
- throws SLCommandException {
- super.init(ctx, unmarshalledRequest);
- }
-
- @Override
- public void prepareXMLSignature() throws SLCommandException, SLRequestException {
-
- CreateXMLSignatureRequestType request = getRequestValue();
-
+import at.gv.egiz.dom.DOMUtils; +import at.gv.egiz.stal.ErrorResponse; +import at.gv.egiz.stal.InfoboxReadRequest; +import at.gv.egiz.stal.InfoboxReadResponse; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; + +/** + * This class implements the security layer command + * <code>CreateXMLSignatureRequest</code>. + * + * @author mcentner + */ +public class CreateXMLSignatureCommandImpl extends + SLCommandImpl<CreateXMLSignatureRequestType> implements + CreateXMLSignatureCommand { + + /** + * Logging facility. + */ + protected static Log log = LogFactory + .getLog(CreateXMLSignatureCommandImpl.class); + + /** + * The signing certificate. + */ + protected X509Certificate signingCertificate; + + /** + * The keybox identifier of the key used for signing. + */ + protected String keyboxIdentifier; + + /** + * The to-be signed signature. + */ + protected Signature signature; + + @Override + public void init(SLCommandContext ctx, Object unmarshalledRequest) + throws SLCommandException { + super.init(ctx, unmarshalledRequest); + } + + @Override + public void prepareXMLSignature() throws SLCommandException, + SLRequestException { + + CreateXMLSignatureRequestType request = getRequestValue(); + // TODO: make configurable?
- IdValueFactory idValueFactory = new IdValueFactoryImpl();
-
+ IdValueFactory idValueFactory = new IdValueFactoryImpl(); + // TODO: make configurable?
- AlgorithmMethodFactory algorithmMethodFactory;
- try {
- algorithmMethodFactory = new AlgorithmMethodFactoryImpl(signingCertificate);
- } catch (NoSuchAlgorithmException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- }
-
- signature = new Signature(getCmdCtx().getURLDereferencerContext(), idValueFactory, algorithmMethodFactory);
-
+ AlgorithmMethodFactory algorithmMethodFactory; + try { + algorithmMethodFactory = new AlgorithmMethodFactoryImpl( + signingCertificate); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } + + signature = new Signature(getCmdCtx().getURLDereferencerContext(), + idValueFactory, algorithmMethodFactory); + // SigningTime
- signature.setSigningTime(new Date());
-
+ signature.setSigningTime(new Date()); + // SigningCertificate
- signature.setSignerCeritifcate(signingCertificate);
-
+ signature.setSignerCeritifcate(signingCertificate); + // SignatureInfo
- if (request.getSignatureInfo() != null) {
- signature.setSignatureInfo(request.getSignatureInfo());
- }
-
+ if (request.getSignatureInfo() != null) { + signature.setSignatureInfo(request.getSignatureInfo()); + } + // DataObjects
- for (DataObjectInfoType dataObjectInfo : request.getDataObjectInfo()) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.buildXMLSignature();
-
- }
-
- /**
- * Gets the signing certificate from STAL.
- *
- * @throws SLCommandException
- * if getting the singing certificate fails
- */
- private void getSigningCertificate() throws SLCommandException {
-
- CreateXMLSignatureRequestType request = getRequestValue();
- keyboxIdentifier = request.getKeyboxIdentifier();
-
- InfoboxReadRequest stalRequest = new InfoboxReadRequest();
- stalRequest.setInfoboxIdentifier(keyboxIdentifier);
-
- requestSTAL(Collections.singletonList((STALRequest) stalRequest));
-
- STALResponse stalResponse = stalResponses.next();
-
- if (stalResponse instanceof InfoboxReadResponse) {
- byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue();
-
- try {
- CertificateFactory certFactory = CertificateFactory.getInstance("X509");
- signingCertificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(infobox));
- } catch (CertificateException e) {
- log.info("Failed to decode signing certificate.", e);
+ for (DataObjectInfoType dataObjectInfo : request.getDataObjectInfo()) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + } + + /** + * Gets the signing certificate from STAL. + * + * @throws SLCommandException + * if getting the singing certificate fails + */ + private void getSigningCertificate() throws SLCommandException { + + CreateXMLSignatureRequestType request = getRequestValue(); + keyboxIdentifier = request.getKeyboxIdentifier(); + + InfoboxReadRequest stalRequest = new InfoboxReadRequest(); + stalRequest.setInfoboxIdentifier(keyboxIdentifier); + + requestSTAL(Collections.singletonList((STALRequest) stalRequest)); + + STALResponse stalResponse = stalResponses.next(); + + if (stalResponse instanceof InfoboxReadResponse) { + byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue(); + + try { + CertificateFactory certFactory = CertificateFactory.getInstance("X509"); + signingCertificate = (X509Certificate) certFactory + .generateCertificate(new ByteArrayInputStream(infobox)); + } catch (CertificateException e) { + log.info("Failed to decode signing certificate.", e); // TODO: issue appropriate error
- throw new SLCommandException(4000);
- }
-
- } else {
- log.info("Failed to get signing certificate.");
- // TODO: issue appropriate error
- throw new SLCommandException(4000);
- }
-
- }
-
- /**
- * Signs the signature.
- *
- * @throws SLCommandException
+ throw new SLCommandException(4000); + } + + } else if (stalResponse instanceof ErrorResponse) { + ErrorResponse err = (ErrorResponse) stalResponse; + log.info("Received an error response from STAL with code: " + + err.getErrorCode()); + throw new SLCommandException(err.getErrorCode()); + + } else { + log.info("Failed to get signing certificate."); + throw new SLCommandException(4000); + } + + } + + /** + * Signs the signature. + * + * @throws SLCommandException * if signing the signature fails - * @throws SLViewerException
- */
- private void signXMLSignature() throws SLCommandException, SLViewerException {
-
- try {
- signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
- } catch (MarshalException e) {
- log.error("Failed to marshall XMLSignature.", e);
- throw new SLCommandException(4000);
- } catch (XMLSignatureException e) {
- if (e.getCause() instanceof URIReferenceException) {
- URIReferenceException uriReferenceException = (URIReferenceException) e.getCause();
- if (uriReferenceException.getCause() instanceof SLCommandException) {
- throw (SLCommandException) uriReferenceException.getCause();
- }
- }
- log.error("Failed to sign XMLSignature.", e);
- throw new SLCommandException(4000);
- }
-
- }
-
- @Override
- public SLResult execute() {
- try {
-
- // get certificate in order to select appropriate algorithms for hashing and signing
- getSigningCertificate();
-
+ * @throws SLViewerException + */ + private void signXMLSignature() throws SLCommandException, SLViewerException { + + try { + signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier); + } catch (MarshalException e) { + log.error("Failed to marshall XMLSignature.", e); + throw new SLCommandException(4000); + } catch (XMLSignatureException e) { + if (e.getCause() instanceof URIReferenceException) { + URIReferenceException uriReferenceException = (URIReferenceException) e + .getCause(); + if (uriReferenceException.getCause() instanceof SLCommandException) { + throw (SLCommandException) uriReferenceException.getCause(); + } + } + log.error("Failed to sign XMLSignature.", e); + throw new SLCommandException(4000); + } + + } + + @Override + public SLResult execute() { + try { + + // get certificate in order to select appropriate algorithms for hashing + // and signing
+ getSigningCertificate(); + // prepare the XMLSignature for signing
- prepareXMLSignature();
-
+ prepareXMLSignature(); + // sign the XMLSignature
- signXMLSignature();
-
- if (log.isTraceEnabled()) {
-
- DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS();
- LSSerializer serializer = domImplLS.createLSSerializer();
- String debugString = serializer.writeToString(signature.getDocument());
-
- log.trace(debugString);
-
- }
-
- return new CreateXMLSignatureResultImpl(signature.getDocument());
-
+ signXMLSignature(); + + if (log.isTraceEnabled()) { + + DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); + LSSerializer serializer = domImplLS.createLSSerializer(); + String debugString = serializer.writeToString(signature.getDocument()); + + log.trace(debugString); + + } + + return new CreateXMLSignatureResultImpl(signature.getDocument()); + } catch (SLException e) { - return new ErrorResultImpl(e, cmdCtx.getLocale());
- }
- }
-
- @Override
- public String getName() {
- return "CreateXMLSignatureRequest";
- }
-
-
-}
+ return new ErrorResultImpl(e, cmdCtx.getLocale()); + } + } + + @Override + public String getName() { + return "CreateXMLSignatureRequest"; + } + +} |