diff options
Diffstat (limited to 'BKUApplet/src/main/java/at')
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java | 139 |
1 files changed, 94 insertions, 45 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java index 5186de1a..6dae264c 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java @@ -16,15 +16,20 @@ */ package at.gv.egiz.bku.online.applet; -import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import at.gv.egiz.stal.service.GetHashDataInputResponseType; import at.gv.egiz.stal.service.GetHashDataInputType; import at.gv.egiz.stal.service.STALPortType; +import at.gv.egiz.stal.signedinfo.DigestMethodType; import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.security.DigestException; +import java.security.MessageDigest; import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -35,57 +40,101 @@ import org.apache.commons.logging.LogFactory; */ public class WSSignRequestHandler extends SignRequestHandler { - private static final Log log = LogFactory.getLog(WSSignRequestHandler.class); - STALPortType stalPort; - String sessId; + private static final Log log = LogFactory.getLog(WSSignRequestHandler.class); + STALPortType stalPort; + String sessId; - public WSSignRequestHandler(String sessId, STALPortType stalPort) { - if (stalPort == null || sessId == null) { - throw new NullPointerException("STAL port must not be null"); - } - this.sessId = sessId; - this.stalPort = stalPort; + public WSSignRequestHandler(String sessId, STALPortType stalPort) { + if (stalPort == null || sessId == null) { + throw new NullPointerException("STAL port must not be null"); } + this.sessId = sessId; + this.stalPort = stalPort; + } - @Override - protected List<HashDataInput> getHashDataInputs(List<ReferenceType> dsigReferences) throws Exception { - GetHashDataInputType request = new GetHashDataInputType(); - request.setSessionId(sessId); - for (ReferenceType dsigRef : dsigReferences) { - //don't get Manifest, QualifyingProperties, ... - if (dsigRef.getType() == null) { - String dsigRefId = dsigRef.getId(); - if (dsigRefId != null) { - GetHashDataInputType.Reference reference = new GetHashDataInputType.Reference(); - reference.setID(dsigRefId); - request.getReference().add(reference); - } else { - throw new Exception("Cannot get HashDataInput for dsig:Reference without Id attribute"); - } - } - } + @Override + public List<HashDataInput> getCashedHashDataInputs(List<ReferenceType> signedReferences) throws Exception { - if (log.isDebugEnabled()) { - log.debug("Calling GetHashDataInput for session " + sessId); - } - GetHashDataInputResponseType response = stalPort.getHashDataInput(request); - ArrayList<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>(); - for (GetHashDataInputResponseType.Reference reference : response.getReference()) { - byte[] hdi = reference.getValue(); - String id = reference.getID(); - String mimeType = reference.getMimeType(); - String encoding = reference.getEncoding(); + GetHashDataInputType request = new GetHashDataInputType(); + request.setSessionId(sessId); + + HashMap<String, ReferenceType> idRefMap = new HashMap<String, ReferenceType>(); + for (ReferenceType reference : signedReferences) { + //don't get Manifest, QualifyingProperties, ... + if (reference.getType() == null) { + String referenceId = reference.getId(); + if (referenceId != null) { + idRefMap.put(referenceId, reference); + GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); + ref.setID(referenceId); + request.getReference().add(ref); - if (log.isDebugEnabled()) { - log.debug("Got HashDataInput " + id + " (" + mimeType + ";" + encoding + ")"); - } - hashDataInputs.add(new ByteArrayHashDataInput(hdi, id, mimeType, encoding)); + } else { + throw new Exception("Cannot resolve HashDataInput for reference without Id attribute"); } - return hashDataInputs; + } } - @Override - public SMCCSTALRequestHandler newInstance() { - return new WSSignRequestHandler(this.sessId, this.stalPort); + if (log.isDebugEnabled()) { + log.debug("Calling GetHashDataInput for session " + sessId); } + GetHashDataInputResponseType response = stalPort.getHashDataInput(request); + ArrayList<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>(); + + for (GetHashDataInputResponseType.Reference reference : response.getReference()) { + + String id = reference.getID(); + byte[] hdi = reference.getValue(); + if (hdi == null) { + throw new Exception("Failed to resolve digest value for reference " + id); + } + String mimeType = reference.getMimeType(); + String encoding = reference.getEncoding(); + + if (log.isDebugEnabled()) { + log.debug("Got HashDataInput " + id + " (" + mimeType + ";" + encoding + ")"); + } + + ReferenceType dsigRef = idRefMap.get(id); + DigestMethodType dm = dsigRef.getDigestMethod(); + if (dm == null) { + throw new Exception("Failed to verify digest value for reference " + id + ": no digest algorithm"); + } + //TODO + String mdAlg = dm.getAlgorithm(); + if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) + mdAlg = "SHA-1"; + else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) + mdAlg = "SHA-256"; + else if ("http://www.w3.org/2001/04/xmlenc#sha224 ".equals(mdAlg)) + mdAlg = "SHA-224"; + else if ("http://www.w3.org/2001/04/xmldsig-more#sha224 ".equals(mdAlg)) + mdAlg = "SHA-224"; + else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) + mdAlg = "SHA-384"; + else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) + mdAlg = "SHA-512"; + else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) + mdAlg = "MD2"; + else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) + mdAlg = "MD5"; + else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) + mdAlg = "RipeMD-160"; + MessageDigest md = MessageDigest.getInstance(mdAlg); + byte[] hdiDigest = md.digest(hdi); + if (log.isDebugEnabled()) + log.debug("Comparing digest values... "); + if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) { + log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue())); + throw new DigestException("Bad digest value for reference " + id + ": " + dsigRef.getDigestValue()); + } + hashDataInputs.add(new ByteArrayHashDataInput(hdi, id, mimeType, encoding)); + } + return hashDataInputs; + } + + @Override + public SMCCSTALRequestHandler newInstance() { + return new WSSignRequestHandler(this.sessId, this.stalPort); + } } |