diff options
Diffstat (limited to 'BKUApplet/src/main/java/at/gv')
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java | 12 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java (renamed from BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java) | 13 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java | 33 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java | 4 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHashDataDisplay.java (renamed from BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java) | 28 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java | 221 |
6 files changed, 255 insertions, 56 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java index cf842d55..8e88c012 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java @@ -31,6 +31,7 @@ import at.gv.egiz.stal.service.types.RequestType; import at.gv.egiz.stal.service.types.ResponseType; import at.gv.egiz.stal.util.STALTranslator; import java.applet.AppletContext; +import java.awt.Dimension; import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; @@ -194,12 +195,15 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { String hashDataDisplayStyle = params.getAppletParameter(BKUApplet.HASHDATA_DISPLAY); if (BKUApplet.HASHDATA_DISPLAY_INTERNAL.equals(hashDataDisplayStyle)) { log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL); - addRequestHandler(SignRequest.class, new WebServiceSignRequestHandler(stalPort, sessionId)); - } else { - //if (HASHDATADISPLAY_EXTERNAL.equals(displayStyle)) { + addRequestHandler(SignRequest.class, new AppletHashDataDisplay(stalPort, sessionId)); + } else if (BKUApplet.HASHDATA_DISPLAY_BROWSER.equals(hashDataDisplayStyle)) { URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL, sessionId); log.debug("register SignRequestHandler for HashDataURL " + hashDataURL); - addRequestHandler(SignRequest.class, new ExternalDisplaySignRequestHandler(hashDataURL)); // + addRequestHandler(SignRequest.class, new BrowserHashDataDisplay(ctx, hashDataURL)); + } else { + //BKUApplet.HASHDATA_DISPLAY_FRAME + log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL); + addRequestHandler(SignRequest.class, new JDialogHashDataDisplay(stalPort, sessionId, new Dimension(400, 300), locale)); } } } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java index 014065f2..b77485d9 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java @@ -37,15 +37,18 @@ import at.gv.egiz.stal.signedinfo.DigestMethodType; import at.gv.egiz.stal.signedinfo.ReferenceType; /** - * @author clemens + * A SignRequesthandler displaying hashdata inputs in the applet + * (only plaintext data is displayed, other hashdata inputs may be saved to disk). + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> */ -public class WebServiceSignRequestHandler extends SignRequestHandler { +public class AppletHashDataDisplay extends SignRequestHandler { - private static final Log log = LogFactory.getLog(WebServiceSignRequestHandler.class); + private static final Log log = LogFactory.getLog(AppletHashDataDisplay.class); STALPortType stalPort; String sessId; - public WebServiceSignRequestHandler(STALPortType stalPort, String sessId) { + public AppletHashDataDisplay(STALPortType stalPort, String sessId) { if (stalPort == null || sessId == null) { throw new NullPointerException("STAL port must not be null"); } @@ -159,6 +162,6 @@ public class WebServiceSignRequestHandler extends SignRequestHandler { hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); } - gui.showHashDataInputDialog(hashDataInputs, this, "ok"); + gui.showHashDataInputDialog(hashDataInputs, false, this, "ok"); } } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java index 743dc7ef..5d199872 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java @@ -18,45 +18,28 @@ package at.gv.egiz.bku.online.applet; import at.gv.egiz.bku.gui.AbstractHelpListener; -import java.awt.Desktop; +import java.applet.AppletContext; import java.net.URL; import java.util.Locale; /** - * Now uses java.awt.Desktop, which deprecates - * the distinction between local and applet help listener - * TODO: integrate in AbstractHelpListener * - * @deprecated - * @author clemens + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> */ public class AppletHelpListener extends AbstractHelpListener { -// protected AppletContext ctx; - protected Desktop desktop; + protected AppletContext ctx; - public AppletHelpListener(URL helpURL, Locale locale) { + public AppletHelpListener(AppletContext ctx, URL helpURL, Locale locale) { super(helpURL, locale); -// if (ctx == null) { -// throw new RuntimeException("no applet context provided"); -// } -// this.ctx = ctx; - if (Desktop.isDesktopSupported()) { - this.desktop = Desktop.getDesktop(); + if (ctx == null) { + throw new RuntimeException("no applet context provided"); } + this.ctx = ctx; } @Override public void showDocument(URL helpDocument) throws Exception { -// ctx.showDocument(helpDocument, "_blank"); - if (desktop == null) { - log.error("Failed to open default browser: Desktop API not available (libgnome installed?)"); - } else { - if (!desktop.isSupported(Desktop.Action.BROWSE)) { - log.error("Failed to open default browser: The system provides the Desktop API, but does not support the BROWSE action"); - } else { - Desktop.getDesktop().browse(helpDocument.toURI()); - } - } + ctx.showDocument(helpDocument, "_blank"); } } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java index 829cc79d..9d640dee 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java @@ -52,6 +52,8 @@ public class BKUApplet extends JApplet implements AppletParameterProvider { public static final String REDIRECT_URL = "RedirectURL"; public static final String REDIRECT_TARGET = "RedirectTarget"; public static final String HASHDATA_DISPLAY_INTERNAL = "internal"; + public static final String HASHDATA_DISPLAY_BROWSER = "browser"; + public static final String HASHDATA_DISPLAY_FRAME = "frame"; /** * STAL WSDL namespace and service name @@ -86,7 +88,7 @@ public class BKUApplet extends JApplet implements AppletParameterProvider { AppletHelpListener helpListener = null; try { URL helpURL = getURLParameter(HELP_URL); //, getAppletParameter(SESSION_ID)); - helpListener = new AppletHelpListener(helpURL, getLocale()); //getAppletContext(), + helpListener = new AppletHelpListener(getAppletContext(), helpURL, getLocale()); } catch (MalformedURLException ex) { log.warn("failed to load help URL, disabling help: " + ex.getMessage()); } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHashDataDisplay.java index e4567a6c..c30921da 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHashDataDisplay.java @@ -25,42 +25,28 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.smccstal.SignRequestHandler; import at.gv.egiz.stal.signedinfo.ReferenceType; -import java.awt.Desktop; +import java.applet.AppletContext; /** * * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> */ -public class ExternalDisplaySignRequestHandler extends SignRequestHandler { +public class BrowserHashDataDisplay extends SignRequestHandler { - private static final Log log = LogFactory.getLog(ExternalDisplaySignRequestHandler.class); + private static final Log log = LogFactory.getLog(BrowserHashDataDisplay.class); -// AppletContext ctx; + protected AppletContext ctx; protected URL hashDataURL; - protected Desktop desktop; - public ExternalDisplaySignRequestHandler(URL hashDataURL) { -// this.ctx = ctx; + public BrowserHashDataDisplay(AppletContext ctx, URL hashDataURL) { + this.ctx = ctx; this.hashDataURL = hashDataURL; - if (Desktop.isDesktopSupported()) { - desktop = Desktop.getDesktop(); - } } @Override public void displayHashDataInputs(List<ReferenceType> signedReferences) throws Exception { //TODO pass reference Id's to servlet (TODO servlet) log.debug("displaying hashdata inputs at " + hashDataURL); -// ctx.showDocument(hashDataURL, "_blank"); - if (desktop == null) { - log.error("Failed to open default browser: Desktop API not available (libgnome installed?)"); - } else { - if (!desktop.isSupported(Desktop.Action.BROWSE)) { - log.error("Failed to open default browser: The system provides the Desktop API, but does not support the BROWSE action"); - } else { - Desktop.getDesktop().browse(hashDataURL.toURI()); - } - } + ctx.showDocument(hashDataURL, "_blank"); } - } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java new file mode 100644 index 00000000..1f0eda90 --- /dev/null +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java @@ -0,0 +1,221 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.online.applet; + +import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; +import at.gv.egiz.stal.service.GetHashDataInputFault; +import at.gv.egiz.stal.service.STALPortType; +import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; +import at.gv.egiz.stal.service.types.GetHashDataInputType; +import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.awt.Dimension; +import java.security.DigestException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class JDialogHashDataDisplay extends SignRequestHandler { + + private static final Log log = LogFactory.getLog(JDialogHashDataDisplay.class); + protected STALPortType stalPort; + protected String sessId; +// protected HashDataViewer viewer; + + public JDialogHashDataDisplay(STALPortType stalPort, String sessId, Dimension viewerSize, Locale locale) { + if (stalPort == null || sessId == null) { + throw new NullPointerException("STAL port must not be null"); + } + this.sessId = sessId; + this.stalPort = stalPort; +// this.viewer = new HashDataViewer(viewerSize, locale); + } + + @Override + public void displayHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception { + + List<GetHashDataInputResponseType.Reference> hdi = getHashDataInput(signedReferences); + final List<HashDataInput> verifiedHashDataInputs = verifyHashDataInput(signedReferences, hdi); + + if (verifiedHashDataInputs.size() > 1) { + gui.showHashDataInputDialog(verifiedHashDataInputs, false, this, "ok"); + } else if (verifiedHashDataInputs.size() == 1) { + gui.showHashDataInputDialog(verifiedHashDataInputs, true, this, "ok"); +// SwingUtilities.invokeLater(new Runnable() { +// +// @Override +// public void run() { +// viewer.displayHashData(verifiedHashDataInputs.get(0)); +// } +// }); + + } else { + log.error("No hashdata input to display"); + } + + } + + /** + * Get all hashdata inputs that contain an ID attribute and no Type attribute. + * @param signedReferences + * @return + * @throws at.gv.egiz.stal.service.GetHashDataInputFault + */ + private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) throws GetHashDataInputFault, Exception { + GetHashDataInputType request = new GetHashDataInputType(); + request.setSessionId(sessId); + +// HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>(); + for (ReferenceType signedRef : signedReferences) { + //don't get Manifest, QualifyingProperties, ... + if (signedRef.getType() == null) { + String signedRefId = signedRef.getId(); + if (signedRefId != null) { + if (log.isTraceEnabled()) { + log.trace("requesting hashdata input for reference " + signedRefId); + } +// idSignedRefMap.put(signedRefId, signedRef); + GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); + ref.setID(signedRefId); + request.getReference().add(ref); + + } else { + throw new Exception("Cannot resolve HashDataInput for reference without Id attribute"); + } + } + } + + if (log.isDebugEnabled()) { + log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId); + } + GetHashDataInputResponseType response = stalPort.getHashDataInput(request); + return response.getReference(); + } + + /** + * Verifies all signed references and returns STAL HashDataInputs + * @param signedReferences + * @param hashDataInputs + * @return + * @throws java.security.DigestException + * @throws java.security.NoSuchAlgorithmException + * @throws Exception if no hashdata input is provided for a signed reference + */ + private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) throws DigestException, NoSuchAlgorithmException, Exception { + + ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>(); + + //hashdata inputs returned from service +// HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>(); +// for (GetHashDataInputResponseType.Reference hashDataInput : hashDataInputs) { +// String id = hashDataInput.getID(); +// byte[] hdi = hashDataInput.getValue(); +// if (hdi == null) { +// throw new Exception("Did not receive hashdata input for reference " + id); +// } +// idRefMap.put(id, hashDataInput); +// } + + for (ReferenceType signedRef : signedReferences) { + if (signedRef.getType() == null) { + log.info("Verifying digest for signed reference " + signedRef.getId()); + + String signedRefId = signedRef.getId(); + byte[] signedDigest = signedRef.getDigestValue(); + String signedDigestAlg = null; + if (signedRef.getDigestMethod() != null) { + signedDigestAlg = signedRef.getDigestMethod().getAlgorithm(); + } else { + throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm"); + } + + GetHashDataInputResponseType.Reference hashDataInput = null; //idRefMap.get(signedRefId); + for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) { + if (signedRefId.equals(hdi.getID())) { + hashDataInput = hdi; + } + } + if (hashDataInput == null) { + throw new Exception("No hashdata input for reference " + signedRefId + " returned by service"); + } + + byte[] hdi = hashDataInput.getValue(); + String mimeType = hashDataInput.getMimeType(); + String encoding = hashDataInput.getEncoding(); + + if (hdi == null) { + throw new Exception("No hashdata input for reference " + signedRefId + " provided by service"); + } + if (log.isDebugEnabled()) { + log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")"); + } + + byte[] hashDataInputDigest = digest(hdi, signedDigestAlg); + + if (log.isDebugEnabled()) { + log.debug("Comparing digest values... "); + } + log.warn("DISABLED DIGEST VERIFICATION FOR DEBUGGING"); +// if (!Arrays.equals(hashDataInputDigest, signedDigest)) { +// log.error("Bad digest value for reference " + signedRefId); +// throw new DigestException("Bad digest value for reference " + signedRefId); +// } + + verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); + } + } + + return verifiedHashDataInputs; + } + + //TODO + private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException { + if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) { + mdAlg = "SHA-1"; + } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) { + mdAlg = "SHA-256"; + } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) { + mdAlg = "SHA-224"; + } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) { + mdAlg = "SHA-224"; + } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) { + mdAlg = "SHA-384"; + } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) { + mdAlg = "SHA-512"; + } else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) { + mdAlg = "MD2"; + } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) { + mdAlg = "MD5"; + } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) { + mdAlg = "RipeMD-160"; + } else { + throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg); + } + + MessageDigest md = MessageDigest.getInstance(mdAlg); + return md.digest(hashDataInput); + } +} |