summaryrefslogtreecommitdiff
path: root/BKUApplet
diff options
context:
space:
mode:
Diffstat (limited to 'BKUApplet')
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java6
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java217
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java6
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHelpListener.java (renamed from BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java)6
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java77
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java221
6 files changed, 221 insertions, 312 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
index 8e88c012..db88c037 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
@@ -195,7 +195,8 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
String hashDataDisplayStyle = params.getAppletParameter(BKUApplet.HASHDATA_DISPLAY);
if (BKUApplet.HASHDATA_DISPLAY_INTERNAL.equals(hashDataDisplayStyle)) {
log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL);
- addRequestHandler(SignRequest.class, new AppletHashDataDisplay(stalPort, sessionId));
+ AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, sessionId, AppletHashDataDisplay.DISPLAY.applet);
+ addRequestHandler(SignRequest.class, handler);
} else if (BKUApplet.HASHDATA_DISPLAY_BROWSER.equals(hashDataDisplayStyle)) {
URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL, sessionId);
log.debug("register SignRequestHandler for HashDataURL " + hashDataURL);
@@ -203,7 +204,8 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
} else {
//BKUApplet.HASHDATA_DISPLAY_FRAME
log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL);
- addRequestHandler(SignRequest.class, new JDialogHashDataDisplay(stalPort, sessionId, new Dimension(400, 300), locale));
+ AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, sessionId, AppletHashDataDisplay.DISPLAY.frame);
+ addRequestHandler(SignRequest.class, handler);
}
}
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java
index b77485d9..29a60f1d 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHashDataDisplay.java
@@ -14,9 +14,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package at.gv.egiz.bku.online.applet;
+import at.gv.egiz.bku.gui.BKUGUIFacade;
import java.security.DigestException;
import java.security.MessageDigest;
import java.util.ArrayList;
@@ -30,39 +30,69 @@ import org.apache.commons.logging.LogFactory;
import at.gv.egiz.bku.smccstal.SignRequestHandler;
import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.impl.ByteArrayHashDataInput;
+import at.gv.egiz.stal.service.GetHashDataInputFault;
import at.gv.egiz.stal.service.STALPortType;
import at.gv.egiz.stal.service.types.GetHashDataInputResponseType;
import at.gv.egiz.stal.service.types.GetHashDataInputType;
import at.gv.egiz.stal.signedinfo.DigestMethodType;
import at.gv.egiz.stal.signedinfo.ReferenceType;
+import java.security.NoSuchAlgorithmException;
/**
- * A SignRequesthandler displaying hashdata inputs in the applet
- * (only plaintext data is displayed, other hashdata inputs may be saved to disk).
+ * A SignRequesthandler that obtains hashdata inputs from a STAL webservice and
+ * displays these either within the applet or in a separate frame.
+ * The internal viewer displays plaintext data only, other mimetypes can be saved to disk.
+ * The standalone (frame) viewer displays all mimetypes.
+ *
+ * (This class depends on STALService and therefore is not part of BKUCommonGUI.)
*
* @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
*/
public class AppletHashDataDisplay extends SignRequestHandler {
+ public static enum DISPLAY {
+ applet, frame
+ }
private static final Log log = LogFactory.getLog(AppletHashDataDisplay.class);
- STALPortType stalPort;
- String sessId;
+ protected STALPortType stalPort;
+ protected String sessId;
+ protected DISPLAY display;
- public AppletHashDataDisplay(STALPortType stalPort, String sessId) {
+ public AppletHashDataDisplay(STALPortType stalPort, String sessId, DISPLAY display) {
if (stalPort == null || sessId == null) {
throw new NullPointerException("STAL port must not be null");
}
this.sessId = sessId;
this.stalPort = stalPort;
+ this.display = display;
}
@Override
- public void displayHashDataInputs(List<ReferenceType> signedReferences) throws Exception {
-
+ public void displayHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception {
+
+ List<GetHashDataInputResponseType.Reference> hdi = getHashDataInput(signedReferences);
+ List<HashDataInput> verifiedHashDataInputs = verifyHashDataInput(signedReferences, hdi);
+
+ if (verifiedHashDataInputs.size() > 1) {
+ gui.showHashDataInputDialog(verifiedHashDataInputs, false, this, "ok");
+ } else if (verifiedHashDataInputs.size() == 1) {
+ gui.showHashDataInputDialog(verifiedHashDataInputs, display==DISPLAY.frame, this, "ok");
+ } else {
+ throw new Exception("No signature data (apart from any QualifyingProperties or a Manifest)");
+ }
+ }
+
+ /**
+ * Get all hashdata inputs that contain an ID attribute but no Type attribute.
+ * @param signedReferences
+ * @return
+ * @throws at.gv.egiz.stal.service.GetHashDataInputFault
+ */
+ private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) throws GetHashDataInputFault, Exception {
GetHashDataInputType request = new GetHashDataInputType();
request.setSessionId(sessId);
- HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>();
+// HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>();
for (ReferenceType signedRef : signedReferences) {
//don't get Manifest, QualifyingProperties, ...
if (signedRef.getType() == null) {
@@ -71,97 +101,116 @@ public class AppletHashDataDisplay extends SignRequestHandler {
if (log.isTraceEnabled()) {
log.trace("requesting hashdata input for reference " + signedRefId);
}
- idSignedRefMap.put(signedRefId, signedRef);
+// idSignedRefMap.put(signedRefId, signedRef);
GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference();
ref.setID(signedRefId);
request.getReference().add(ref);
} else {
- throw new Exception("Cannot resolve HashDataInput for reference without Id attribute");
+ throw new Exception("Cannot resolve signature data for dsig:Reference without Id attribute");
}
}
}
if (log.isDebugEnabled()) {
- log.debug("Calling GetHashDataInput for " + request.getReference().size() + " references in session " + sessId);
+ log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId);
}
GetHashDataInputResponseType response = stalPort.getHashDataInput(request);
- ArrayList<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>();
-
- //hashdata inputs returned from service
- HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>();
- for (GetHashDataInputResponseType.Reference reference : response.getReference()) {
- String id = reference.getID();
- byte[] hdi = reference.getValue();
- if (hdi == null) {
- throw new Exception("Did not receive hashdata input for reference " + id);
+ return response.getReference();
+ }
+
+ /**
+ * Verifies all signed references and returns STAL HashDataInputs
+ * @param signedReferences
+ * @param hashDataInputs
+ * @return
+ * @throws java.security.DigestException
+ * @throws java.security.NoSuchAlgorithmException
+ * @throws Exception if no hashdata input is provided for a signed reference
+ */
+ private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) throws DigestException, NoSuchAlgorithmException, Exception {
+
+ ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>();
+
+ for (ReferenceType signedRef : signedReferences) {
+ if (signedRef.getType() == null) {
+ log.info("Verifying digest for signed reference " + signedRef.getId());
+
+ String signedRefId = signedRef.getId();
+ byte[] signedDigest = signedRef.getDigestValue();
+ String signedDigestAlg = null;
+ if (signedRef.getDigestMethod() != null) {
+ signedDigestAlg = signedRef.getDigestMethod().getAlgorithm();
+ } else {
+ throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm");
+ }
+
+ // usually, there is just one item here
+ GetHashDataInputResponseType.Reference hashDataInput = null;
+ for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) {
+ if (signedRefId.equals(hdi.getID())) {
+ hashDataInput = hdi;
+ break;
+ }
+ }
+ if (hashDataInput == null) {
+ throw new Exception("No hashdata input for reference " + signedRefId + " returned by service");
+ }
+
+ byte[] hdi = hashDataInput.getValue();
+ String mimeType = hashDataInput.getMimeType();
+ String encoding = hashDataInput.getEncoding();
+
+ if (hdi == null) {
+ throw new Exception("No hashdata input for reference " + signedRefId + " provided by service");
+ }
+ if (log.isDebugEnabled()) {
+ log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")");
+ }
+
+ byte[] hashDataInputDigest = digest(hdi, signedDigestAlg);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Comparing digest values... ");
+ }
+// log.warn("***************** DISABLED HASHDATA VERIFICATION");
+ if (!Arrays.equals(hashDataInputDigest, signedDigest)) {
+ log.error("Bad digest value for reference " + signedRefId);
+ throw new DigestException("Bad digest value for reference " + signedRefId);
+ }
+
+ verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
}
- idRefMap.put(id, reference);
}
- for (String signedRefId : idSignedRefMap.keySet()) {
- log.info("validating hashdata input for reference " + signedRefId);
-
- GetHashDataInputResponseType.Reference reference = idRefMap.get(signedRefId);
- if (reference == null) {
- throw new Exception("No hashdata input for reference " + signedRefId + " returned by service");
- }
-
-// }
-//
-// for (GetHashDataInputResponseType.Reference reference : response.getReference()) {
-//
-// String id = reference.getID();
- byte[] hdi = reference.getValue();
- String mimeType = reference.getMimeType();
- String encoding = reference.getEncoding();
-
- if (hdi == null) {
- throw new Exception("No hashdata input provided for reference " + signedRefId);
- }
- if (log.isDebugEnabled()) {
- log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")");
- }
+ return verifiedHashDataInputs;
+ }
- ReferenceType dsigRef = idSignedRefMap.get(signedRefId);
- DigestMethodType dm = dsigRef.getDigestMethod();
-
- if (dm == null) {
- throw new Exception("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm");
- }
- String mdAlg = dm.getAlgorithm();
- if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg))
- mdAlg = "SHA-1";
- else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg))
- mdAlg = "SHA-256";
- else if ("http://www.w3.org/2001/04/xmlenc#sha224 ".equals(mdAlg))
- mdAlg = "SHA-224";
- else if ("http://www.w3.org/2001/04/xmldsig-more#sha224 ".equals(mdAlg))
- mdAlg = "SHA-224";
- else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg))
- mdAlg = "SHA-384";
- else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg))
- mdAlg = "SHA-512";
- else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg))
- mdAlg = "MD2";
- else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg))
- mdAlg = "MD5";
- else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg))
- mdAlg = "RipeMD-160";
- else {
- throw new Exception("Failed to verify digest value for reference " + signedRefId + ": unsupported digest algorithm " + mdAlg);
- }
- MessageDigest md = MessageDigest.getInstance(mdAlg);
- byte[] hdiDigest = md.digest(hdi);
- if (log.isDebugEnabled())
- log.debug("Comparing digest values... ");
- if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) {
- log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue()));
- throw new DigestException("Bad digest value for reference " + signedRefId + ": " + new String(dsigRef.getDigestValue()));
- }
- hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
+ //TODO
+ private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException {
+ if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) {
+ mdAlg = "SHA-1";
+ } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) {
+ mdAlg = "SHA-256";
+ } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) {
+ mdAlg = "SHA-224";
+ } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) {
+ mdAlg = "SHA-224";
+ } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) {
+ mdAlg = "SHA-384";
+ } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) {
+ mdAlg = "SHA-512";
+ } else if ("http://www.w3.org/2001/04/xmldsig-more#md2".equals(mdAlg)) {
+ mdAlg = "MD2";
+ } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) {
+ mdAlg = "MD5";
+ } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160".equals(mdAlg)) {
+ mdAlg = "RipeMD-160";
+ } else {
+ throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg);
}
-
- gui.showHashDataInputDialog(hashDataInputs, false, this, "ok");
+
+ MessageDigest md = MessageDigest.getInstance(mdAlg);
+ return md.digest(hashDataInput);
}
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
index 9d640dee..b4407b22 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
@@ -16,6 +16,7 @@
*/
package at.gv.egiz.bku.online.applet;
+import at.gv.egiz.bku.gui.AbstractHelpListener;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Locale;
@@ -85,10 +86,11 @@ public class BKUApplet extends JApplet implements AppletParameterProvider {
String locale = getAppletParameter(LOCALE_PARAM_KEY);
String guiStyle = getAppletParameter(GUI_STYLE);
URL backgroundImgURL = null;
- AppletHelpListener helpListener = null;
+ AbstractHelpListener helpListener = null;
try {
URL helpURL = getURLParameter(HELP_URL); //, getAppletParameter(SESSION_ID));
- helpListener = new AppletHelpListener(getAppletContext(), helpURL, getLocale());
+// helpListener = new BrowserHelpListener(getAppletContext(), helpURL, getLocale());
+ helpListener = new DefaultHelpListener(helpURL, getLocale());
} catch (MalformedURLException ex) {
log.warn("failed to load help URL, disabling help: " + ex.getMessage());
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHelpListener.java
index 5d199872..265acca0 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletHelpListener.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BrowserHelpListener.java
@@ -26,11 +26,11 @@ import java.util.Locale;
*
* @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
*/
-public class AppletHelpListener extends AbstractHelpListener {
+public class BrowserHelpListener extends AbstractHelpListener {
protected AppletContext ctx;
- public AppletHelpListener(AppletContext ctx, URL helpURL, Locale locale) {
+ public BrowserHelpListener(AppletContext ctx, URL helpURL, Locale locale) {
super(helpURL, locale);
if (ctx == null) {
throw new RuntimeException("no applet context provided");
@@ -39,7 +39,7 @@ public class AppletHelpListener extends AbstractHelpListener {
}
@Override
- public void showDocument(URL helpDocument) throws Exception {
+ public void showDocument(URL helpDocument, String helpTopic) throws Exception {
ctx.showDocument(helpDocument, "_blank");
}
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java
new file mode 100644
index 00000000..9876ef7e
--- /dev/null
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/DefaultHelpListener.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.online.applet;
+
+import at.gv.egiz.bku.gui.AbstractHelpListener;
+import at.gv.egiz.bku.gui.ViewerDialog;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLConnection;
+import java.util.Locale;
+import javax.swing.SwingUtilities;
+
+/**
+ * This class depends on BKU utils, and therefore is not part of BKUCommonGUI
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class DefaultHelpListener extends AbstractHelpListener {
+
+ public DefaultHelpListener(URL helpURL, Locale locale) {
+ super(helpURL, locale);
+ }
+
+ @Override
+ public void showDocument(URL helpURL, final String helpTopic) throws Exception {
+ log.debug("open connection " + helpURL);
+ URLConnection conn = helpURL.openConnection();
+
+ log.debug("show help document " + conn.getContentType()); // + ";" + conn.getContentEncoding());
+
+// Charset cs;
+// if (conn.getContentEncoding() == null) {
+// cs = Charset.forName("UTF-8");
+// } else {
+// try {
+// cs = Charset.forName(conn.getContentEncoding());
+// } catch (Exception ex) {
+// log.debug("charset " + conn.getContentEncoding() + " not supported, assuming UTF-8: " + ex.getMessage());
+// cs = Charset.forName("UTF-8");
+// }
+// }
+
+// InputStreamReader isr = new InputStreamReader(conn.getInputStream(), cs);
+// final Reader content = new BufferedReader(isr);
+ final InputStream content = conn.getInputStream();
+ final String mimeType = conn.getContentType();
+
+ log.debug("schedule help dialog");
+
+ SwingUtilities.invokeLater(new Runnable() {
+
+ @Override
+ public void run() {
+
+ log.debug("show help dialog");
+
+ ViewerDialog.showHelp(null, helpTopic, content, mimeType, messages);
+
+ }
+ });
+// gui.showHelpDialog(helpDocument.getStream(), mimetype, encoding);
+ }
+}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java
deleted file mode 100644
index 1f0eda90..00000000
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/JDialogHashDataDisplay.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package at.gv.egiz.bku.online.applet;
-
-import at.gv.egiz.bku.smccstal.SignRequestHandler;
-import at.gv.egiz.stal.HashDataInput;
-import at.gv.egiz.stal.impl.ByteArrayHashDataInput;
-import at.gv.egiz.stal.service.GetHashDataInputFault;
-import at.gv.egiz.stal.service.STALPortType;
-import at.gv.egiz.stal.service.types.GetHashDataInputResponseType;
-import at.gv.egiz.stal.service.types.GetHashDataInputType;
-import at.gv.egiz.stal.signedinfo.ReferenceType;
-import java.awt.Dimension;
-import java.security.DigestException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Locale;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-/**
- *
- * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
- */
-public class JDialogHashDataDisplay extends SignRequestHandler {
-
- private static final Log log = LogFactory.getLog(JDialogHashDataDisplay.class);
- protected STALPortType stalPort;
- protected String sessId;
-// protected HashDataViewer viewer;
-
- public JDialogHashDataDisplay(STALPortType stalPort, String sessId, Dimension viewerSize, Locale locale) {
- if (stalPort == null || sessId == null) {
- throw new NullPointerException("STAL port must not be null");
- }
- this.sessId = sessId;
- this.stalPort = stalPort;
-// this.viewer = new HashDataViewer(viewerSize, locale);
- }
-
- @Override
- public void displayHashDataInputs(List<ReferenceType> signedReferences) throws DigestException, Exception {
-
- List<GetHashDataInputResponseType.Reference> hdi = getHashDataInput(signedReferences);
- final List<HashDataInput> verifiedHashDataInputs = verifyHashDataInput(signedReferences, hdi);
-
- if (verifiedHashDataInputs.size() > 1) {
- gui.showHashDataInputDialog(verifiedHashDataInputs, false, this, "ok");
- } else if (verifiedHashDataInputs.size() == 1) {
- gui.showHashDataInputDialog(verifiedHashDataInputs, true, this, "ok");
-// SwingUtilities.invokeLater(new Runnable() {
-//
-// @Override
-// public void run() {
-// viewer.displayHashData(verifiedHashDataInputs.get(0));
-// }
-// });
-
- } else {
- log.error("No hashdata input to display");
- }
-
- }
-
- /**
- * Get all hashdata inputs that contain an ID attribute and no Type attribute.
- * @param signedReferences
- * @return
- * @throws at.gv.egiz.stal.service.GetHashDataInputFault
- */
- private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) throws GetHashDataInputFault, Exception {
- GetHashDataInputType request = new GetHashDataInputType();
- request.setSessionId(sessId);
-
-// HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>();
- for (ReferenceType signedRef : signedReferences) {
- //don't get Manifest, QualifyingProperties, ...
- if (signedRef.getType() == null) {
- String signedRefId = signedRef.getId();
- if (signedRefId != null) {
- if (log.isTraceEnabled()) {
- log.trace("requesting hashdata input for reference " + signedRefId);
- }
-// idSignedRefMap.put(signedRefId, signedRef);
- GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference();
- ref.setID(signedRefId);
- request.getReference().add(ref);
-
- } else {
- throw new Exception("Cannot resolve HashDataInput for reference without Id attribute");
- }
- }
- }
-
- if (log.isDebugEnabled()) {
- log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId);
- }
- GetHashDataInputResponseType response = stalPort.getHashDataInput(request);
- return response.getReference();
- }
-
- /**
- * Verifies all signed references and returns STAL HashDataInputs
- * @param signedReferences
- * @param hashDataInputs
- * @return
- * @throws java.security.DigestException
- * @throws java.security.NoSuchAlgorithmException
- * @throws Exception if no hashdata input is provided for a signed reference
- */
- private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) throws DigestException, NoSuchAlgorithmException, Exception {
-
- ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>();
-
- //hashdata inputs returned from service
-// HashMap<String, GetHashDataInputResponseType.Reference> idRefMap = new HashMap<String, GetHashDataInputResponseType.Reference>();
-// for (GetHashDataInputResponseType.Reference hashDataInput : hashDataInputs) {
-// String id = hashDataInput.getID();
-// byte[] hdi = hashDataInput.getValue();
-// if (hdi == null) {
-// throw new Exception("Did not receive hashdata input for reference " + id);
-// }
-// idRefMap.put(id, hashDataInput);
-// }
-
- for (ReferenceType signedRef : signedReferences) {
- if (signedRef.getType() == null) {
- log.info("Verifying digest for signed reference " + signedRef.getId());
-
- String signedRefId = signedRef.getId();
- byte[] signedDigest = signedRef.getDigestValue();
- String signedDigestAlg = null;
- if (signedRef.getDigestMethod() != null) {
- signedDigestAlg = signedRef.getDigestMethod().getAlgorithm();
- } else {
- throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm");
- }
-
- GetHashDataInputResponseType.Reference hashDataInput = null; //idRefMap.get(signedRefId);
- for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) {
- if (signedRefId.equals(hdi.getID())) {
- hashDataInput = hdi;
- }
- }
- if (hashDataInput == null) {
- throw new Exception("No hashdata input for reference " + signedRefId + " returned by service");
- }
-
- byte[] hdi = hashDataInput.getValue();
- String mimeType = hashDataInput.getMimeType();
- String encoding = hashDataInput.getEncoding();
-
- if (hdi == null) {
- throw new Exception("No hashdata input for reference " + signedRefId + " provided by service");
- }
- if (log.isDebugEnabled()) {
- log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")");
- }
-
- byte[] hashDataInputDigest = digest(hdi, signedDigestAlg);
-
- if (log.isDebugEnabled()) {
- log.debug("Comparing digest values... ");
- }
- log.warn("DISABLED DIGEST VERIFICATION FOR DEBUGGING");
-// if (!Arrays.equals(hashDataInputDigest, signedDigest)) {
-// log.error("Bad digest value for reference " + signedRefId);
-// throw new DigestException("Bad digest value for reference " + signedRefId);
-// }
-
- verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding));
- }
- }
-
- return verifiedHashDataInputs;
- }
-
- //TODO
- private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException {
- if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) {
- mdAlg = "SHA-1";
- } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) {
- mdAlg = "SHA-256";
- } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) {
- mdAlg = "SHA-224";
- } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) {
- mdAlg = "SHA-224";
- } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) {
- mdAlg = "SHA-384";
- } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) {
- mdAlg = "SHA-512";
- } else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) {
- mdAlg = "MD2";
- } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) {
- mdAlg = "MD5";
- } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) {
- mdAlg = "RipeMD-160";
- } else {
- throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg);
- }
-
- MessageDigest md = MessageDigest.getInstance(mdAlg);
- return md.digest(hashDataInput);
- }
-}