diff options
Diffstat (limited to 'BKUApplet/src')
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java | 6 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java | 217 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java | 6 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHelpListener.java (renamed from BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java) | 6 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java | 77 | ||||
-rw-r--r-- | BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java | 221 |
6 files changed, 221 insertions, 312 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java index 8e88c012..db88c037 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java @@ -195,7 +195,8 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { String hashDataDisplayStyle = params.getAppletParameter(BKUApplet.HASHDATA_DISPLAY); if (BKUApplet.HASHDATA_DISPLAY_INTERNAL.equals(hashDataDisplayStyle)) { log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL); - addRequestHandler(SignRequest.class, new AppletHashDataDisplay(stalPort, sessionId)); + AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, sessionId, AppletHashDataDisplay.DISPLAY.applet); + addRequestHandler(SignRequest.class, handler); } else if (BKUApplet.HASHDATA_DISPLAY_BROWSER.equals(hashDataDisplayStyle)) { URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL, sessionId); log.debug("register SignRequestHandler for HashDataURL " + hashDataURL); @@ -203,7 +204,8 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { } else { //BKUApplet.HASHDATA_DISPLAY_FRAME log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL); - addRequestHandler(SignRequest.class, new JDialogHashDataDisplay(stalPort, sessionId, new Dimension(400, 300), locale)); + AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, sessionId, AppletHashDataDisplay.DISPLAY.frame); + addRequestHandler(SignRequest.class, handler); } } } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java index b77485d9..29a60f1d 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java @@ -14,9 +14,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package at.gv.egiz.bku.online.applet; +import at.gv.egiz.bku.gui.BKUGUIFacade; import java.security.DigestException; import java.security.MessageDigest; import java.util.ArrayList; @@ -30,39 +30,69 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.smccstal.SignRequestHandler; import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.stal.impl.ByteArrayHashDataInput; +import at.gv.egiz.stal.service.GetHashDataInputFault; import at.gv.egiz.stal.service.STALPortType; import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; import at.gv.egiz.stal.service.types.GetHashDataInputType; import at.gv.egiz.stal.signedinfo.DigestMethodType; import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.security.NoSuchAlgorithmException; /** - * A SignRequesthandler displaying hashdata inputs in the applet - * (only plaintext data is displayed, other hashdata inputs may be saved to disk). + * A SignRequesthandler that obtains hashdata inputs from a STAL webservice and + * displays these either within the applet or in a separate frame. + * The internal viewer displays plaintext data only, other mimetypes can be saved to disk. + * The standalone (frame) viewer displays all mimetypes. + * + * (This class depends on STALService and therefore is not part of BKUCommonGUI.) * * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> */ public class AppletHashDataDisplay extends SignRequestHandler { + public static enum DISPLAY { + applet, frame + } private static final Log log = LogFactory.getLog(AppletHashDataDisplay.class); - STALPortType stalPort; - String sessId; + protected STALPortType stalPort; + protected String sessId; + protected DISPLAY display; - public AppletHashDataDisplay(STALPortType stalPort, String sessId) { + public AppletHashDataDisplay(STALPortType stalPort, String sessId, DISPLAY display) { if (stalPort == null || sessId == null) { throw new NullPointerException("STAL port must not be null"); } this.sessId = sessId; this.stalPort = stalPort; + this.display = display; } @Override - public void displayHashDataInputs(List<ReferenceType> signedReferences) throws Exception { - + public void displayHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception { + + List<GetHashDataInputResponseType.Reference> hdi = getHashDataInput(signedReferences); + List<HashDataInput> verifiedHashDataInputs = verifyHashDataInput(signedReferences, hdi); + + if (verifiedHashDataInputs.size() > 1) { + gui.showHashDataInputDialog(verifiedHashDataInputs, false, this, "ok"); + } else if (verifiedHashDataInputs.size() == 1) { + gui.showHashDataInputDialog(verifiedHashDataInputs, display==DISPLAY.frame, this, "ok"); + } else { + throw new Exception("No signature data (apart from any QualifyingProperties or a Manifest)"); + } + } + + /** + * Get all hashdata inputs that contain an ID attribute but no Type attribute. + * @param signedReferences + * @return + * @throws at.gv.egiz.stal.service.GetHashDataInputFault + */ + private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) throws GetHashDataInputFault, Exception { GetHashDataInputType request = new GetHashDataInputType(); request.setSessionId(sessId); - HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>(); +// HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>(); for (ReferenceType signedRef : signedReferences) { //don't get Manifest, QualifyingProperties, ... if (signedRef.getType() == null) { @@ -71,97 +101,116 @@ public class AppletHashDataDisplay extends SignRequestHandler { if (log.isTraceEnabled()) { log.trace("requesting hashdata input for reference " + signedRefId); } - idSignedRefMap.put(signedRefId, signedRef); +// idSignedRefMap.put(signedRefId, signedRef); GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); ref.setID(signedRefId); request.getReference().add(ref); } else { - throw new Exception("Cannot resolve HashDataInput for reference without Id attribute"); + throw new Exception("Cannot resolve signature data for dsig:Reference without Id attribute"); } } } if (log.isDebugEnabled()) { - log.debug("Calling GetHashDataInput for " + request.getReference().size() + " references in session " + sessId); + log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId); } GetHashDataInputResponseType response = stalPort.getHashDataInput(request); - ArrayList<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>(); - - //hashdata inputs returned from service - HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>(); - for (GetHashDataInputResponseType.Reference reference : response.getReference()) { - String id = reference.getID(); - byte[] hdi = reference.getValue(); - if (hdi == null) { - throw new Exception("Did not receive hashdata input for reference " + id); + return response.getReference(); + } + + /** + * Verifies all signed references and returns STAL HashDataInputs + * @param signedReferences + * @param hashDataInputs + * @return + * @throws java.security.DigestException + * @throws java.security.NoSuchAlgorithmException + * @throws Exception if no hashdata input is provided for a signed reference + */ + private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) throws DigestException, NoSuchAlgorithmException, Exception { + + ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>(); + + for (ReferenceType signedRef : signedReferences) { + if (signedRef.getType() == null) { + log.info("Verifying digest for signed reference " + signedRef.getId()); + + String signedRefId = signedRef.getId(); + byte[] signedDigest = signedRef.getDigestValue(); + String signedDigestAlg = null; + if (signedRef.getDigestMethod() != null) { + signedDigestAlg = signedRef.getDigestMethod().getAlgorithm(); + } else { + throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm"); + } + + // usually, there is just one item here + GetHashDataInputResponseType.Reference hashDataInput = null; + for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) { + if (signedRefId.equals(hdi.getID())) { + hashDataInput = hdi; + break; + } + } + if (hashDataInput == null) { + throw new Exception("No hashdata input for reference " + signedRefId + " returned by service"); + } + + byte[] hdi = hashDataInput.getValue(); + String mimeType = hashDataInput.getMimeType(); + String encoding = hashDataInput.getEncoding(); + + if (hdi == null) { + throw new Exception("No hashdata input for reference " + signedRefId + " provided by service"); + } + if (log.isDebugEnabled()) { + log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")"); + } + + byte[] hashDataInputDigest = digest(hdi, signedDigestAlg); + + if (log.isDebugEnabled()) { + log.debug("Comparing digest values... "); + } +// log.warn("***************** DISABLED HASHDATA VERIFICATION"); + if (!Arrays.equals(hashDataInputDigest, signedDigest)) { + log.error("Bad digest value for reference " + signedRefId); + throw new DigestException("Bad digest value for reference " + signedRefId); + } + + verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); } - idRefMap.put(id, reference); } - for (String signedRefId : idSignedRefMap.keySet()) { - log.info("validating hashdata input for reference " + signedRefId); - - GetHashDataInputResponseType.Reference reference = idRefMap.get(signedRefId); - if (reference == null) { - throw new Exception("No hashdata input for reference " + signedRefId + " returned by service"); - } - -// } -// -// for (GetHashDataInputResponseType.Reference reference : response.getReference()) { -// -// String id = reference.getID(); - byte[] hdi = reference.getValue(); - String mimeType = reference.getMimeType(); - String encoding = reference.getEncoding(); - - if (hdi == null) { - throw new Exception("No hashdata input provided for reference " + signedRefId); - } - if (log.isDebugEnabled()) { - log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")"); - } + return verifiedHashDataInputs; + } - ReferenceType dsigRef = idSignedRefMap.get(signedRefId); - DigestMethodType dm = dsigRef.getDigestMethod(); - - if (dm == null) { - throw new Exception("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm"); - } - String mdAlg = dm.getAlgorithm(); - if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) - mdAlg = "SHA-1"; - else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) - mdAlg = "SHA-256"; - else if ("http://www.w3.org/2001/04/xmlenc#sha224 ".equals(mdAlg)) - mdAlg = "SHA-224"; - else if ("http://www.w3.org/2001/04/xmldsig-more#sha224 ".equals(mdAlg)) - mdAlg = "SHA-224"; - else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) - mdAlg = "SHA-384"; - else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) - mdAlg = "SHA-512"; - else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) - mdAlg = "MD2"; - else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) - mdAlg = "MD5"; - else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) - mdAlg = "RipeMD-160"; - else { - throw new Exception("Failed to verify digest value for reference " + signedRefId + ": unsupported digest algorithm " + mdAlg); - } - MessageDigest md = MessageDigest.getInstance(mdAlg); - byte[] hdiDigest = md.digest(hdi); - if (log.isDebugEnabled()) - log.debug("Comparing digest values... "); - if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) { - log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue())); - throw new DigestException("Bad digest value for reference " + signedRefId + ": " + new String(dsigRef.getDigestValue())); - } - hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); + //TODO + private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException { + if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) { + mdAlg = "SHA-1"; + } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) { + mdAlg = "SHA-256"; + } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) { + mdAlg = "SHA-224"; + } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) { + mdAlg = "SHA-224"; + } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) { + mdAlg = "SHA-384"; + } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) { + mdAlg = "SHA-512"; + } else if ("http://www.w3.org/2001/04/xmldsig-more#md2".equals(mdAlg)) { + mdAlg = "MD2"; + } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) { + mdAlg = "MD5"; + } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160".equals(mdAlg)) { + mdAlg = "RipeMD-160"; + } else { + throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg); } - - gui.showHashDataInputDialog(hashDataInputs, false, this, "ok"); + + MessageDigest md = MessageDigest.getInstance(mdAlg); + return md.digest(hashDataInput); } } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java index 9d640dee..b4407b22 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java @@ -16,6 +16,7 @@ */ package at.gv.egiz.bku.online.applet; +import at.gv.egiz.bku.gui.AbstractHelpListener; import java.net.MalformedURLException; import java.net.URL; import java.util.Locale; @@ -85,10 +86,11 @@ public class BKUApplet extends JApplet implements AppletParameterProvider { String locale = getAppletParameter(LOCALE_PARAM_KEY); String guiStyle = getAppletParameter(GUI_STYLE); URL backgroundImgURL = null; - AppletHelpListener helpListener = null; + AbstractHelpListener helpListener = null; try { URL helpURL = getURLParameter(HELP_URL); //, getAppletParameter(SESSION_ID)); - helpListener = new AppletHelpListener(getAppletContext(), helpURL, getLocale()); +// helpListener = new BrowserHelpListener(getAppletContext(), helpURL, getLocale()); + helpListener = new DefaultHelpListener(helpURL, getLocale()); } catch (MalformedURLException ex) { log.warn("failed to load help URL, disabling help: " + ex.getMessage()); } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHelpListener.java index 5d199872..265acca0 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHelpListener.java @@ -26,11 +26,11 @@ import java.util.Locale; * * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> */ -public class AppletHelpListener extends AbstractHelpListener { +public class BrowserHelpListener extends AbstractHelpListener { protected AppletContext ctx; - public AppletHelpListener(AppletContext ctx, URL helpURL, Locale locale) { + public BrowserHelpListener(AppletContext ctx, URL helpURL, Locale locale) { super(helpURL, locale); if (ctx == null) { throw new RuntimeException("no applet context provided"); @@ -39,7 +39,7 @@ public class AppletHelpListener extends AbstractHelpListener { } @Override - public void showDocument(URL helpDocument) throws Exception { + public void showDocument(URL helpDocument, String helpTopic) throws Exception { ctx.showDocument(helpDocument, "_blank"); } } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java new file mode 100644 index 00000000..9876ef7e --- /dev/null +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java @@ -0,0 +1,77 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.online.applet; + +import at.gv.egiz.bku.gui.AbstractHelpListener; +import at.gv.egiz.bku.gui.ViewerDialog; +import java.io.InputStream; +import java.net.URL; +import java.net.URLConnection; +import java.util.Locale; +import javax.swing.SwingUtilities; + +/** + * This class depends on BKU utils, and therefore is not part of BKUCommonGUI + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class DefaultHelpListener extends AbstractHelpListener { + + public DefaultHelpListener(URL helpURL, Locale locale) { + super(helpURL, locale); + } + + @Override + public void showDocument(URL helpURL, final String helpTopic) throws Exception { + log.debug("open connection " + helpURL); + URLConnection conn = helpURL.openConnection(); + + log.debug("show help document " + conn.getContentType()); // + ";" + conn.getContentEncoding()); + +// Charset cs; +// if (conn.getContentEncoding() == null) { +// cs = Charset.forName("UTF-8"); +// } else { +// try { +// cs = Charset.forName(conn.getContentEncoding()); +// } catch (Exception ex) { +// log.debug("charset " + conn.getContentEncoding() + " not supported, assuming UTF-8: " + ex.getMessage()); +// cs = Charset.forName("UTF-8"); +// } +// } + +// InputStreamReader isr = new InputStreamReader(conn.getInputStream(), cs); +// final Reader content = new BufferedReader(isr); + final InputStream content = conn.getInputStream(); + final String mimeType = conn.getContentType(); + + log.debug("schedule help dialog"); + + SwingUtilities.invokeLater(new Runnable() { + + @Override + public void run() { + + log.debug("show help dialog"); + + ViewerDialog.showHelp(null, helpTopic, content, mimeType, messages); + + } + }); +// gui.showHelpDialog(helpDocument.getStream(), mimetype, encoding); + } +} diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java deleted file mode 100644 index 1f0eda90..00000000 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.online.applet; - -import at.gv.egiz.bku.smccstal.SignRequestHandler; -import at.gv.egiz.stal.HashDataInput; -import at.gv.egiz.stal.impl.ByteArrayHashDataInput; -import at.gv.egiz.stal.service.GetHashDataInputFault; -import at.gv.egiz.stal.service.STALPortType; -import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; -import at.gv.egiz.stal.service.types.GetHashDataInputType; -import at.gv.egiz.stal.signedinfo.ReferenceType; -import java.awt.Dimension; -import java.security.DigestException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; -import java.util.List; -import java.util.Locale; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * - * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> - */ -public class JDialogHashDataDisplay extends SignRequestHandler { - - private static final Log log = LogFactory.getLog(JDialogHashDataDisplay.class); - protected STALPortType stalPort; - protected String sessId; -// protected HashDataViewer viewer; - - public JDialogHashDataDisplay(STALPortType stalPort, String sessId, Dimension viewerSize, Locale locale) { - if (stalPort == null || sessId == null) { - throw new NullPointerException("STAL port must not be null"); - } - this.sessId = sessId; - this.stalPort = stalPort; -// this.viewer = new HashDataViewer(viewerSize, locale); - } - - @Override - public void displayHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception { - - List<GetHashDataInputResponseType.Reference> hdi = getHashDataInput(signedReferences); - final List<HashDataInput> verifiedHashDataInputs = verifyHashDataInput(signedReferences, hdi); - - if (verifiedHashDataInputs.size() > 1) { - gui.showHashDataInputDialog(verifiedHashDataInputs, false, this, "ok"); - } else if (verifiedHashDataInputs.size() == 1) { - gui.showHashDataInputDialog(verifiedHashDataInputs, true, this, "ok"); -// SwingUtilities.invokeLater(new Runnable() { -// -// @Override -// public void run() { -// viewer.displayHashData(verifiedHashDataInputs.get(0)); -// } -// }); - - } else { - log.error("No hashdata input to display"); - } - - } - - /** - * Get all hashdata inputs that contain an ID attribute and no Type attribute. - * @param signedReferences - * @return - * @throws at.gv.egiz.stal.service.GetHashDataInputFault - */ - private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) throws GetHashDataInputFault, Exception { - GetHashDataInputType request = new GetHashDataInputType(); - request.setSessionId(sessId); - -// HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>(); - for (ReferenceType signedRef : signedReferences) { - //don't get Manifest, QualifyingProperties, ... - if (signedRef.getType() == null) { - String signedRefId = signedRef.getId(); - if (signedRefId != null) { - if (log.isTraceEnabled()) { - log.trace("requesting hashdata input for reference " + signedRefId); - } -// idSignedRefMap.put(signedRefId, signedRef); - GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); - ref.setID(signedRefId); - request.getReference().add(ref); - - } else { - throw new Exception("Cannot resolve HashDataInput for reference without Id attribute"); - } - } - } - - if (log.isDebugEnabled()) { - log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId); - } - GetHashDataInputResponseType response = stalPort.getHashDataInput(request); - return response.getReference(); - } - - /** - * Verifies all signed references and returns STAL HashDataInputs - * @param signedReferences - * @param hashDataInputs - * @return - * @throws java.security.DigestException - * @throws java.security.NoSuchAlgorithmException - * @throws Exception if no hashdata input is provided for a signed reference - */ - private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) throws DigestException, NoSuchAlgorithmException, Exception { - - ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>(); - - //hashdata inputs returned from service -// HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>(); -// for (GetHashDataInputResponseType.Reference hashDataInput : hashDataInputs) { -// String id = hashDataInput.getID(); -// byte[] hdi = hashDataInput.getValue(); -// if (hdi == null) { -// throw new Exception("Did not receive hashdata input for reference " + id); -// } -// idRefMap.put(id, hashDataInput); -// } - - for (ReferenceType signedRef : signedReferences) { - if (signedRef.getType() == null) { - log.info("Verifying digest for signed reference " + signedRef.getId()); - - String signedRefId = signedRef.getId(); - byte[] signedDigest = signedRef.getDigestValue(); - String signedDigestAlg = null; - if (signedRef.getDigestMethod() != null) { - signedDigestAlg = signedRef.getDigestMethod().getAlgorithm(); - } else { - throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm"); - } - - GetHashDataInputResponseType.Reference hashDataInput = null; //idRefMap.get(signedRefId); - for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) { - if (signedRefId.equals(hdi.getID())) { - hashDataInput = hdi; - } - } - if (hashDataInput == null) { - throw new Exception("No hashdata input for reference " + signedRefId + " returned by service"); - } - - byte[] hdi = hashDataInput.getValue(); - String mimeType = hashDataInput.getMimeType(); - String encoding = hashDataInput.getEncoding(); - - if (hdi == null) { - throw new Exception("No hashdata input for reference " + signedRefId + " provided by service"); - } - if (log.isDebugEnabled()) { - log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")"); - } - - byte[] hashDataInputDigest = digest(hdi, signedDigestAlg); - - if (log.isDebugEnabled()) { - log.debug("Comparing digest values... "); - } - log.warn("DISABLED DIGEST VERIFICATION FOR DEBUGGING"); -// if (!Arrays.equals(hashDataInputDigest, signedDigest)) { -// log.error("Bad digest value for reference " + signedRefId); -// throw new DigestException("Bad digest value for reference " + signedRefId); -// } - - verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); - } - } - - return verifiedHashDataInputs; - } - - //TODO - private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException { - if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) { - mdAlg = "SHA-1"; - } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) { - mdAlg = "SHA-256"; - } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) { - mdAlg = "SHA-224"; - } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) { - mdAlg = "SHA-224"; - } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) { - mdAlg = "SHA-384"; - } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) { - mdAlg = "SHA-512"; - } else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) { - mdAlg = "MD2"; - } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) { - mdAlg = "MD5"; - } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) { - mdAlg = "RipeMD-160"; - } else { - throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg); - } - - MessageDigest md = MessageDigest.getInstance(mdAlg); - return md.digest(hashDataInput); - } -} |