summaryrefslogtreecommitdiff
path: root/BKUApplet/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'BKUApplet/src/main/java/at/gv')
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java12
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java (renamed from BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java)13
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java33
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java4
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHashDataDisplay.java (renamed from BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java)28
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java221
6 files changed, 255 insertions, 56 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
index cf842d55..8e88c012 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
@@ -31,6 +31,7 @@ import at.gv.egiz.stal.service.types.RequestType;
import at.gv.egiz.stal.service.types.ResponseType;
import at.gv.egiz.stal.util.STALTranslator;
import java.applet.AppletContext;
+import java.awt.Dimension;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
@@ -194,12 +195,15 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
String hashDataDisplayStyle = params.getAppletParameter(BKUApplet.HASHDATA_DISPLAY);
if (BKUApplet.HASHDATA_DISPLAY_INTERNAL.equals(hashDataDisplayStyle)) {
log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL);
- addRequestHandler(SignRequest.class, new WebServiceSignRequestHandler(stalPort, sessionId));
- } else {
- //if (HASHDATADISPLAY_EXTERNAL.equals(displayStyle)) {
+ addRequestHandler(SignRequest.class, new AppletHashDataDisplay(stalPort, sessionId));
+ } else if (BKUApplet.HASHDATA_DISPLAY_BROWSER.equals(hashDataDisplayStyle)) {
URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL, sessionId);
log.debug("register SignRequestHandler for HashDataURL " + hashDataURL);
- addRequestHandler(SignRequest.class, new ExternalDisplaySignRequestHandler(hashDataURL)); //
+ addRequestHandler(SignRequest.class, new BrowserHashDataDisplay(ctx, hashDataURL));
+ } else {
+ //BKUApplet.HASHDATA_DISPLAY_FRAME
+ log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL);
+ addRequestHandler(SignRequest.class, new JDialogHashDataDisplay(stalPort, sessionId, new Dimension(400, 300), locale));
}
}
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java
index 014065f2..b77485d9 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java
@@ -37,15 +37,18 @@ import at.gv.egiz.stal.signedinfo.DigestMethodType;
import at.gv.egiz.stal.signedinfo.ReferenceType;
/**
- * @author clemens
+ * A SignRequesthandler displaying hashdata inputs in the applet
+ * (only plaintext data is displayed, other hashdata inputs may be saved to disk).
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
*/
-public class WebServiceSignRequestHandler extends SignRequestHandler {
+public class AppletHashDataDisplay extends SignRequestHandler {
- private static final Log log = LogFactory.getLog(WebServiceSignRequestHandler.class);
+ private static final Log log = LogFactory.getLog(AppletHashDataDisplay.class);
STALPortType stalPort;
String sessId;
- public WebServiceSignRequestHandler(STALPortType stalPort, String sessId) {
+ public AppletHashDataDisplay(STALPortType stalPort, String sessId) {
if (stalPort == null || sessId == null) {
throw new NullPointerException("STAL port must not be null");
}
@@ -159,6 +162,6 @@ public class WebServiceSignRequestHandler extends SignRequestHandler {
hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
}
- gui.showHashDataInputDialog(hashDataInputs, this, "ok");
+ gui.showHashDataInputDialog(hashDataInputs, false, this, "ok");
}
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java
index 743dc7ef..5d199872 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java
@@ -18,45 +18,28 @@
package at.gv.egiz.bku.online.applet;
import at.gv.egiz.bku.gui.AbstractHelpListener;
-import java.awt.Desktop;
+import java.applet.AppletContext;
import java.net.URL;
import java.util.Locale;
/**
- * Now uses java.awt.Desktop, which deprecates
- * the distinction between local and applet help listener
- * TODO: integrate in AbstractHelpListener
*
- * @deprecated
- * @author clemens
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
*/
public class AppletHelpListener extends AbstractHelpListener {
-// protected AppletContext ctx;
- protected Desktop desktop;
+ protected AppletContext ctx;
- public AppletHelpListener(URL helpURL, Locale locale) {
+ public AppletHelpListener(AppletContext ctx, URL helpURL, Locale locale) {
super(helpURL, locale);
-// if (ctx == null) {
-// throw new RuntimeException("no applet context provided");
-// }
-// this.ctx = ctx;
- if (Desktop.isDesktopSupported()) {
- this.desktop = Desktop.getDesktop();
+ if (ctx == null) {
+ throw new RuntimeException("no applet context provided");
}
+ this.ctx = ctx;
}
@Override
public void showDocument(URL helpDocument) throws Exception {
-// ctx.showDocument(helpDocument, "_blank");
- if (desktop == null) {
- log.error("Failed to open default browser: Desktop API not available (libgnome installed?)");
- } else {
- if (!desktop.isSupported(Desktop.Action.BROWSE)) {
- log.error("Failed to open default browser: The system provides the Desktop API, but does not support the BROWSE action");
- } else {
- Desktop.getDesktop().browse(helpDocument.toURI());
- }
- }
+ ctx.showDocument(helpDocument, "_blank");
}
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
index 829cc79d..9d640dee 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
@@ -52,6 +52,8 @@ public class BKUApplet extends JApplet implements AppletParameterProvider {
public static final String REDIRECT_URL = "RedirectURL";
public static final String REDIRECT_TARGET = "RedirectTarget";
public static final String HASHDATA_DISPLAY_INTERNAL = "internal";
+ public static final String HASHDATA_DISPLAY_BROWSER = "browser";
+ public static final String HASHDATA_DISPLAY_FRAME = "frame";
/**
* STAL WSDL namespace and service name
@@ -86,7 +88,7 @@ public class BKUApplet extends JApplet implements AppletParameterProvider {
AppletHelpListener helpListener = null;
try {
URL helpURL = getURLParameter(HELP_URL); //, getAppletParameter(SESSION_ID));
- helpListener = new AppletHelpListener(helpURL, getLocale()); //getAppletContext(),
+ helpListener = new AppletHelpListener(getAppletContext(), helpURL, getLocale());
} catch (MalformedURLException ex) {
log.warn("failed to load help URL, disabling help: " + ex.getMessage());
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHashDataDisplay.java
index e4567a6c..c30921da 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHashDataDisplay.java
@@ -25,42 +25,28 @@ import org.apache.commons.logging.LogFactory;
import at.gv.egiz.bku.smccstal.SignRequestHandler;
import at.gv.egiz.stal.signedinfo.ReferenceType;
-import java.awt.Desktop;
+import java.applet.AppletContext;
/**
*
* @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
*/
-public class ExternalDisplaySignRequestHandler extends SignRequestHandler {
+public class BrowserHashDataDisplay extends SignRequestHandler {
- private static final Log log = LogFactory.getLog(ExternalDisplaySignRequestHandler.class);
+ private static final Log log = LogFactory.getLog(BrowserHashDataDisplay.class);
-// AppletContext ctx;
+ protected AppletContext ctx;
protected URL hashDataURL;
- protected Desktop desktop;
- public ExternalDisplaySignRequestHandler(URL hashDataURL) {
-// this.ctx = ctx;
+ public BrowserHashDataDisplay(AppletContext ctx, URL hashDataURL) {
+ this.ctx = ctx;
this.hashDataURL = hashDataURL;
- if (Desktop.isDesktopSupported()) {
- desktop = Desktop.getDesktop();
- }
}
@Override
public void displayHashDataInputs(List<ReferenceType> signedReferences) throws Exception {
//TODO pass reference Id's to servlet (TODO servlet)
log.debug("displaying hashdata inputs at " + hashDataURL);
-// ctx.showDocument(hashDataURL, "_blank");
- if (desktop == null) {
- log.error("Failed to open default browser: Desktop API not available (libgnome installed?)");
- } else {
- if (!desktop.isSupported(Desktop.Action.BROWSE)) {
- log.error("Failed to open default browser: The system provides the Desktop API, but does not support the BROWSE action");
- } else {
- Desktop.getDesktop().browse(hashDataURL.toURI());
- }
- }
+ ctx.showDocument(hashDataURL, "_blank");
}
-
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java
new file mode 100644
index 00000000..1f0eda90
--- /dev/null
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java
@@ -0,0 +1,221 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.online.applet;
+
+import at.gv.egiz.bku.smccstal.SignRequestHandler;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.impl.ByteArrayHashDataInput;
+import at.gv.egiz.stal.service.GetHashDataInputFault;
+import at.gv.egiz.stal.service.STALPortType;
+import at.gv.egiz.stal.service.types.GetHashDataInputResponseType;
+import at.gv.egiz.stal.service.types.GetHashDataInputType;
+import at.gv.egiz.stal.signedinfo.ReferenceType;
+import java.awt.Dimension;
+import java.security.DigestException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class JDialogHashDataDisplay extends SignRequestHandler {
+
+ private static final Log log = LogFactory.getLog(JDialogHashDataDisplay.class);
+ protected STALPortType stalPort;
+ protected String sessId;
+// protected HashDataViewer viewer;
+
+ public JDialogHashDataDisplay(STALPortType stalPort, String sessId, Dimension viewerSize, Locale locale) {
+ if (stalPort == null || sessId == null) {
+ throw new NullPointerException("STAL port must not be null");
+ }
+ this.sessId = sessId;
+ this.stalPort = stalPort;
+// this.viewer = new HashDataViewer(viewerSize, locale);
+ }
+
+ @Override
+ public void displayHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception {
+
+ List<GetHashDataInputResponseType.Reference> hdi = getHashDataInput(signedReferences);
+ final List<HashDataInput> verifiedHashDataInputs = verifyHashDataInput(signedReferences, hdi);
+
+ if (verifiedHashDataInputs.size() > 1) {
+ gui.showHashDataInputDialog(verifiedHashDataInputs, false, this, "ok");
+ } else if (verifiedHashDataInputs.size() == 1) {
+ gui.showHashDataInputDialog(verifiedHashDataInputs, true, this, "ok");
+// SwingUtilities.invokeLater(new Runnable() {
+//
+// @Override
+// public void run() {
+// viewer.displayHashData(verifiedHashDataInputs.get(0));
+// }
+// });
+
+ } else {
+ log.error("No hashdata input to display");
+ }
+
+ }
+
+ /**
+ * Get all hashdata inputs that contain an ID attribute and no Type attribute.
+ * @param signedReferences
+ * @return
+ * @throws at.gv.egiz.stal.service.GetHashDataInputFault
+ */
+ private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) throws GetHashDataInputFault, Exception {
+ GetHashDataInputType request = new GetHashDataInputType();
+ request.setSessionId(sessId);
+
+// HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>();
+ for (ReferenceType signedRef : signedReferences) {
+ //don't get Manifest, QualifyingProperties, ...
+ if (signedRef.getType() == null) {
+ String signedRefId = signedRef.getId();
+ if (signedRefId != null) {
+ if (log.isTraceEnabled()) {
+ log.trace("requesting hashdata input for reference " + signedRefId);
+ }
+// idSignedRefMap.put(signedRefId, signedRef);
+ GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference();
+ ref.setID(signedRefId);
+ request.getReference().add(ref);
+
+ } else {
+ throw new Exception("Cannot resolve HashDataInput for reference without Id attribute");
+ }
+ }
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId);
+ }
+ GetHashDataInputResponseType response = stalPort.getHashDataInput(request);
+ return response.getReference();
+ }
+
+ /**
+ * Verifies all signed references and returns STAL HashDataInputs
+ * @param signedReferences
+ * @param hashDataInputs
+ * @return
+ * @throws java.security.DigestException
+ * @throws java.security.NoSuchAlgorithmException
+ * @throws Exception if no hashdata input is provided for a signed reference
+ */
+ private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) throws DigestException, NoSuchAlgorithmException, Exception {
+
+ ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>();
+
+ //hashdata inputs returned from service
+// HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>();
+// for (GetHashDataInputResponseType.Reference hashDataInput : hashDataInputs) {
+// String id = hashDataInput.getID();
+// byte[] hdi = hashDataInput.getValue();
+// if (hdi == null) {
+// throw new Exception("Did not receive hashdata input for reference " + id);
+// }
+// idRefMap.put(id, hashDataInput);
+// }
+
+ for (ReferenceType signedRef : signedReferences) {
+ if (signedRef.getType() == null) {
+ log.info("Verifying digest for signed reference " + signedRef.getId());
+
+ String signedRefId = signedRef.getId();
+ byte[] signedDigest = signedRef.getDigestValue();
+ String signedDigestAlg = null;
+ if (signedRef.getDigestMethod() != null) {
+ signedDigestAlg = signedRef.getDigestMethod().getAlgorithm();
+ } else {
+ throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm");
+ }
+
+ GetHashDataInputResponseType.Reference hashDataInput = null; //idRefMap.get(signedRefId);
+ for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) {
+ if (signedRefId.equals(hdi.getID())) {
+ hashDataInput = hdi;
+ }
+ }
+ if (hashDataInput == null) {
+ throw new Exception("No hashdata input for reference " + signedRefId + " returned by service");
+ }
+
+ byte[] hdi = hashDataInput.getValue();
+ String mimeType = hashDataInput.getMimeType();
+ String encoding = hashDataInput.getEncoding();
+
+ if (hdi == null) {
+ throw new Exception("No hashdata input for reference " + signedRefId + " provided by service");
+ }
+ if (log.isDebugEnabled()) {
+ log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")");
+ }
+
+ byte[] hashDataInputDigest = digest(hdi, signedDigestAlg);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Comparing digest values... ");
+ }
+ log.warn("DISABLED DIGEST VERIFICATION FOR DEBUGGING");
+// if (!Arrays.equals(hashDataInputDigest, signedDigest)) {
+// log.error("Bad digest value for reference " + signedRefId);
+// throw new DigestException("Bad digest value for reference " + signedRefId);
+// }
+
+ verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
+ }
+ }
+
+ return verifiedHashDataInputs;
+ }
+
+ //TODO
+ private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException {
+ if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) {
+ mdAlg = "SHA-1";
+ } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) {
+ mdAlg = "SHA-256";
+ } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) {
+ mdAlg = "SHA-224";
+ } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) {
+ mdAlg = "SHA-224";
+ } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) {
+ mdAlg = "SHA-384";
+ } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) {
+ mdAlg = "SHA-512";
+ } else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) {
+ mdAlg = "MD2";
+ } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) {
+ mdAlg = "MD5";
+ } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) {
+ mdAlg = "RipeMD-160";
+ } else {
+ throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg);
+ }
+
+ MessageDigest md = MessageDigest.getInstance(mdAlg);
+ return md.digest(hashDataInput);
+ }
+}