summaryrefslogtreecommitdiff
path: root/BKUOnline/src/main/java/at/gv/egiz
diff options
context:
space:
mode:
Diffstat (limited to 'BKUOnline/src/main/java/at/gv/egiz')
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java63
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java127
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/spring/ServletContextPathFactoryBean.java49
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AbstractWebRequestHandler.java327
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java13
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java289
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java128
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java121
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionListener.java (renamed from BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java)64
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java96
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java8
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java123
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/DataURLServerServlet.java225
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLink.java346
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkException.java43
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkFactory.java154
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java88
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkPersonData.java76
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/PersonalIdentifier.java81
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/QESTemplates.java115
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorFactory.java44
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorImpl.java357
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLRequestHandler.java33
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/SLCommandBrocker.java100
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java49
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java24
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java385
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java7
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java7
29 files changed, 2701 insertions, 841 deletions
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java
deleted file mode 100644
index 5795478b..00000000
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.bku.online.accesscontroller;
-
-import java.io.IOException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.context.ResourceLoaderAware;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
-import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
-import at.gv.egiz.bku.conf.Configurator;
-
-public class SpringSecurityManager extends SecurityManagerFacade implements
- ResourceLoaderAware {
-
- private ResourceLoader resourceLoader;
-
- private static Log log = LogFactory.getLog(SpringSecurityManager.class);
-
- protected Configurator config;
-
- public void setConfig(Configurator config) {
- this.config = config;
- }
-
- public void init() {
- String noMatch = config.getProperty("AccessController.acceptNoMatch");
- if (noMatch != null) {
- log.debug("Setting allow now match to: " + noMatch);
- setAllowUnmatched(Boolean.getBoolean(noMatch));
- }
- String policy = config.getProperty("AccessController.policyResource");
- log.info("Loading resource: " + policy);
- try {
- Resource res = resourceLoader.getResource(policy);
- init(res.getInputStream());
- } catch (IOException e) {
- log.error(e);
- }
- }
-
- @Override
- public void setResourceLoader(ResourceLoader loader) {
- this.resourceLoader = loader;
- }
-}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
deleted file mode 100644
index 6030c1c0..00000000
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package at.gv.egiz.bku.online.conf;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.context.ResourceLoaderAware;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
-import at.gv.egiz.bku.conf.Configurator;
-import at.gv.egiz.bku.online.webapp.SpringBKUServlet;
-import at.gv.egiz.bku.slexceptions.SLRuntimeException;
-import at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory;
-
-public class SpringConfigurator extends Configurator implements
- ResourceLoaderAware {
-
- private final static Log log = LogFactory.getLog(SpringConfigurator.class);
-
- private ResourceLoader resourceLoader;
-
- public void setResource(Resource resource) {
- log.debug("Loading config from: " + resource);
- if (resource != null) {
- Properties props = new Properties();
- try {
- props.load(resource.getInputStream());
- super.setConfiguration(props);
- } catch (IOException e) {
- log.error("Cannot load config", e);
- }
- } else {
- log.warn("Cannot load properties, resource: " + resource);
- }
- }
-
- public void configureNetwork() {
- super.configureNetwork();
- String appletTimeout = getProperty("AppletTimeout");
- if ((appletTimeout != null)) {
- try {
- long ato = Long.parseLong(appletTimeout);
- log.debug("Setting applet timeout to:"+ato);
- RequestBrokerSTALFactory.setTimeout(ato);
- } catch (NumberFormatException nfe) {
- log.error("Cannot set Applettimeout", nfe);
- }
-
- }
- }
-
- public void configure() {
- super.configure();
- SpringBKUServlet.setConfigurator(this);
- }
-
- @Override
- public void setResourceLoader(ResourceLoader loader) {
- this.resourceLoader = loader;
- }
-
- private File getDirectory(String property) {
- if (property != null) {
- Resource certDirRes = resourceLoader.getResource(property);
- File certDir;
- try {
- certDir = certDirRes.getFile();
- } catch (IOException e) {
- log.error("Cannot get cert directory", e);
- throw new SLRuntimeException(e);
- }
- if (!certDir.isDirectory()) {
- log.error("Expecting directory as SSL.certDirectory parameter");
- throw new SLRuntimeException(
- "Expecting directory as SSL.certDirectory parameter");
- }
- return certDir;
- }
- return null;
-
- }
-
- @Override
- protected File getCADir() {
- String caDirectory = getProperty("SSL.caDirectory");
- return getDirectory(caDirectory);
- }
-
- @Override
- protected File getCertDir() {
- String certDirectory = getProperty("SSL.certDirectory");
- return getDirectory(certDirectory);
- }
-
- @Override
- protected InputStream getManifest() {
- Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF");
- if (r != null) {
- try {
- return r.getInputStream();
- } catch (IOException e) {
- log.error("Cannot read manifest data:", e);
- }
- }
- return null;
- }
-} \ No newline at end of file
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/spring/ServletContextPathFactoryBean.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/spring/ServletContextPathFactoryBean.java
new file mode 100644
index 00000000..27dfcd92
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/spring/ServletContextPathFactoryBean.java
@@ -0,0 +1,49 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.bku.online.spring;
+
+import javax.servlet.ServletContext;
+
+import org.springframework.beans.factory.FactoryBean;
+import org.springframework.web.context.ServletContextAware;
+
+public class ServletContextPathFactoryBean implements FactoryBean, ServletContextAware {
+
+ private String contextPath;
+
+ @Override
+ public void setServletContext(ServletContext servletContext) {
+ contextPath = servletContext.getContextPath();
+ }
+
+ @Override
+ public Object getObject() throws Exception {
+ return contextPath;
+ }
+
+ @Override
+ public Class<?> getObjectType() {
+ return String.class;
+ }
+
+ @Override
+ public boolean isSingleton() {
+ return true;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AbstractWebRequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AbstractWebRequestHandler.java
new file mode 100644
index 00000000..019b8efe
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AbstractWebRequestHandler.java
@@ -0,0 +1,327 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.bku.online.webapp;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
+
+import at.gv.egiz.bku.binding.HTTPBindingProcessor;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.binding.Id;
+import at.gv.egiz.bku.binding.IdFactory;
+import at.gv.egiz.bku.binding.InputDecoderFactory;
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
+
+public abstract class AbstractWebRequestHandler extends SpringBKUServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ public static final String APPLET_PAGE_P = "appletPage";
+ public static final String APPLET_PAGE_DEFAULT = "applet.jsp";
+
+ public static final String PARAM_APPLET_WIDTH = "appletWidth";
+ public static final String ATTR_APPLET_WIDTH = "appletWidth";
+
+ public static final String PARAM_APPLET_HEIGHT = "appletHeight";
+ public static final String ATTR_APPLET_HEIGHT = "appletHeight";
+
+ public static final String PARAM_APPLET_BACKGROUND = "appletBackground";
+ public static final String ATTR_APPLET_BACKGROUND = "appletBackground";
+
+ public static final String PARAM_APPLET_BACKGROUND_COLOR = "appletBackgroundColor";
+ public static final String ATTR_APPLET_BACKGROUND_COLOR = "appletBackgroundColor";
+
+ public static final Pattern PATTERM_APPLET_BACKGROUND_COLOR = Pattern.compile("\\#[0-9a-fA-F]{6}");
+ public static final String PARAM_APPLET_GUI_STYLE = "appletGuiStyle";
+ public static final String ATTR_APPLET_GUI_STYLE = "appletGuiStyle";
+
+ public static final String[] VALUES_APPLET_GUI_STYLE = new String[] {"tiny", "simple", "advanced"};
+ public static final String PARAM_APPLET_EXTENSION = "appletExtension";
+ public static final String ATTR_APPLET_EXTENSION = "appletExtension";
+
+ public static final String[] VALUES_APPLET_EXTENSION = new String[] {"pin", "activation"};
+ public static final String PARAM_LOCALE = "locale";
+ public static final String ATTR_LOCALE = "locale";
+
+ public static final Pattern PATTERN_LOCALE = Pattern.compile("[a-zA-Z][a-zA-Z](_[a-zA-Z][a-zA-Z]){0,2}");
+ public static final String REDIRECT_URL_SESSION_ATTRIBUTE = "redirectUrl";
+
+ private final Logger log = LoggerFactory.getLogger(BKURequestHandler.class);
+
+ protected static String getStringFromStream(InputStream is, String encoding)
+ throws IOException {
+ if (is == null) {
+ return null;
+ }
+ if (encoding == null) {
+ encoding = HttpUtil.DEFAULT_CHARSET;
+ }
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ StreamUtil.copyStream(is, os);
+ return new String(os.toByteArray(), encoding);
+ }
+
+ protected abstract String getRequestProtocol(HttpServletRequest req);
+
+ protected HTTPBindingProcessor getBindingProcessor(Id id, HttpServletRequest req, Locale locale) {
+
+ // remove existing binding processor if present
+ getBindingProcessorManager().removeBindingProcessor(id);
+
+ // create new binding processor
+ return (HTTPBindingProcessor) getBindingProcessorManager().createBindingProcessor(getRequestProtocol(req), locale);
+
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
+ java.io.IOException {
+
+ String msg = (req.getSession(false) == null) ? "New session created."
+ : "Session already established.";
+
+ Id id = IdFactory.getInstance().createId(req.getSession().getId());
+ MDC.put("id", id.toString());
+
+ String acceptLanguage = req.getHeader("Accept-Language");
+ Locale locale = AcceptLanguage.getLocale(acceptLanguage);
+
+ if (log.isInfoEnabled()) {
+ log.info("Recieved request (Accept-Language locale: {}). {}", locale, msg);
+ }
+
+ try {
+
+ HTTPBindingProcessor bindingProcessor = getBindingProcessor(id, req, locale);
+
+ Map<String, String> headerMap = new HashMap<String, String>();
+ for (Enumeration<?> headerName = req.getHeaderNames(); headerName
+ .hasMoreElements();) {
+ String header = (String) headerName.nextElement();
+ if (header != null) {
+ headerMap.put(header, req.getHeader(header));
+ }
+ }
+
+ InputStream inputStream;
+ String charset;
+ if (req.getMethod().equals("POST")) {
+ charset = req.getCharacterEncoding();
+ String contentType = req.getContentType();
+ if (charset != null) {
+ contentType += ";" + charset;
+ }
+ headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);
+ inputStream = req.getInputStream();
+ } else {
+ charset = "UTF-8";
+ headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE,
+ InputDecoderFactory.URL_ENCODED);
+ String queryString = req.getQueryString();
+ if (queryString != null) {
+ inputStream = new ByteArrayInputStream(queryString.getBytes(charset));
+ } else {
+ inputStream = new ByteArrayInputStream(new byte[] {});
+ }
+ }
+ bindingProcessor.setHTTPHeaders(headerMap);
+ bindingProcessor.consumeRequestStream(req.getRequestURL().toString(),
+ inputStream);
+
+ req.getInputStream().close();
+ getBindingProcessorManager().process(id, bindingProcessor);
+
+ HttpSession session = req.getSession();
+
+ log.trace("Looking for applet parameters in request.");
+
+ // appletWidth
+ String width = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_WIDTH), charset);
+ if (width != null && !width.isEmpty()) {
+ try {
+ // must be a valid integer
+ session.setAttribute(ATTR_APPLET_WIDTH, Integer.parseInt(width));
+ log.debug("Found parameter " + PARAM_APPLET_WIDTH + "='{}'.", width);
+ } catch (NumberFormatException nfe) {
+ log.warn("Parameter " + PARAM_APPLET_WIDTH
+ + " does not contain a valid value.", nfe);
+ }
+ }
+
+ // appletHeight
+ String height = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_HEIGHT), charset);
+ if (height != null && !height.isEmpty()) {
+ try {
+ // must be a valid integer
+ session.setAttribute(ATTR_APPLET_HEIGHT, Integer.parseInt(height));
+ log.debug("Found parameter " + PARAM_APPLET_HEIGHT + "='{}'.", height);
+ } catch (NumberFormatException nfe) {
+ log.warn("Parameter " + PARAM_APPLET_HEIGHT
+ + " does not contain a valid value.", nfe);
+ }
+ }
+
+ // appletBackground
+ String background = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_BACKGROUND), charset);
+ if (background != null && !background.isEmpty()) {
+ session.setAttribute(ATTR_APPLET_BACKGROUND, background);
+ try {
+ // must be a valid http or https URL
+ URI backgroundURL = new URI(background);
+ if ("http".equals(backgroundURL.getScheme())
+ || "https".equals(backgroundURL.getScheme())) {
+ session.setAttribute(ATTR_APPLET_BACKGROUND, backgroundURL
+ .toASCIIString());
+ log.debug("Found parameter " + PARAM_APPLET_BACKGROUND + "='{}'.",
+ backgroundURL.toASCIIString());
+ } else {
+ log.warn("Parameter " + PARAM_APPLET_BACKGROUND
+ + "='{}' is not a valid http/https URL.", background);
+ }
+ } catch (URISyntaxException e) {
+ log.warn("Parameter " + PARAM_APPLET_BACKGROUND
+ + "='{}' is not a valid http/https URL.", background, e);
+ }
+ }
+
+ // appletBackgroundColor
+ String backgroundColor = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_BACKGROUND_COLOR), charset);
+ if (backgroundColor != null && !backgroundColor.isEmpty()) {
+ // must be a valid color definition
+ if (PATTERM_APPLET_BACKGROUND_COLOR.matcher(backgroundColor).matches()) {
+ session.setAttribute(ATTR_APPLET_BACKGROUND_COLOR, backgroundColor);
+ log.debug("Faund parameter " + PARAM_APPLET_BACKGROUND_COLOR
+ + "='{}'.", backgroundColor);
+ } else {
+ log.warn("Parameter " + PARAM_APPLET_BACKGROUND_COLOR
+ + "='{}' is not a valid color definition "
+ + "(must be of form '#hhhhhh').", backgroundColor);
+ }
+ }
+
+ // appletGuiStyle
+ String guiStyle = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_GUI_STYLE), charset);
+ if (guiStyle != null && !guiStyle.isEmpty()) {
+ // must be one of VALUES_APPLET_GUI_STYLE
+ String style = guiStyle.toLowerCase();
+ if (Arrays.asList(VALUES_APPLET_GUI_STYLE).contains(style)) {
+ session.setAttribute(ATTR_APPLET_GUI_STYLE, style);
+ log.debug("Found parameter " + PARAM_APPLET_GUI_STYLE + "='{}'.", style);
+ } else {
+ StringBuilder sb = new StringBuilder();
+ sb.append("Parameter ").append(PARAM_APPLET_GUI_STYLE).append(
+ "='").append(guiStyle).append("' is not valid (must be one of ")
+ .append(Arrays.toString(VALUES_APPLET_GUI_STYLE)).append(").");
+ log.warn(sb.toString());
+ }
+ }
+
+ // appletExtension
+ String extension = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_APPLET_EXTENSION), charset);
+ if (extension != null && !extension.isEmpty()) {
+ // must be one of VALUES_APPLET_EXTENSION
+ String ext = extension.toLowerCase();
+ if (Arrays.asList(VALUES_APPLET_EXTENSION).contains(ext)) {
+ session.setAttribute(ATTR_APPLET_EXTENSION, ext);
+ log.debug("Found parameter " + PARAM_APPLET_EXTENSION + "='{}'.", ext);
+ } else {
+ StringBuilder sb = new StringBuilder();
+ sb.append("Parameter ").append(PARAM_APPLET_EXTENSION).append(
+ "='").append(extension).append("' is not valid (must be one of ")
+ .append(Arrays.toString(VALUES_APPLET_EXTENSION)).append(").");
+ log.warn(sb.toString());
+ }
+ }
+
+ // locale
+ String localeFormParam = getStringFromStream(bindingProcessor
+ .getFormData(PARAM_LOCALE), charset);
+ if (localeFormParam != null && !localeFormParam.isEmpty()) {
+ // must be a valid locale
+ if (PATTERN_LOCALE.matcher(localeFormParam).matches()) {
+ locale = new Locale(localeFormParam);
+ log.debug("Override accept-language header locale {} "
+ + "with form param {}.", locale, localeFormParam);
+ } else {
+ log.warn("Parameter " + PARAM_LOCALE
+ + "='{}' is not a valid locale definition.", localeFormParam);
+ }
+ }
+ if (locale != null) {
+ log.debug("Using locale {}.", locale);
+ session.setAttribute(ATTR_LOCALE, locale.toString());
+ }
+
+ beforeAppletPage(req, bindingProcessor);
+
+ String appletPage = getStringFromStream(bindingProcessor
+ .getFormData(APPLET_PAGE_P), charset);
+ if (appletPage == null || appletPage.isEmpty()) {
+ appletPage = APPLET_PAGE_DEFAULT;
+ }
+ log.debug("Sending redirect to UI page '{}'.", appletPage);
+ resp.sendRedirect(appletPage);
+
+ } finally {
+ MDC.remove("id");
+ }
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, java.io.IOException {
+ doPost(req, resp);
+ }
+
+ /**
+ * Called before the request is forwarded or redirected to the Applet page.
+ *
+ * @param req
+ * @param bindingProcessor
+ */
+ protected void beforeAppletPage(HttpServletRequest req,
+ HTTPBindingProcessor bindingProcessor) {
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java
index 24938cd5..9e455621 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java
@@ -24,8 +24,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* prevent applet caching,
@@ -35,7 +35,9 @@ import org.apache.commons.logging.LogFactory;
*/
public class AppletDispatcher extends HttpServlet {
- protected final static Log log = LogFactory.getLog(AppletDispatcher.class);
+ private static final long serialVersionUID = 1L;
+
+ private final Logger log = LoggerFactory.getLogger(AppletDispatcher.class);
public static final String DISPATCH_CTX = "dispatch/";
public static final String RAND_PREFIX = "__";
@@ -65,10 +67,7 @@ public class AppletDispatcher extends HttpServlet {
uri = archivePattern.matcher(uri).replaceAll(".jar");
// log.trace("removing random suffix " + uri);
- if (log.isTraceEnabled()) {
- log.trace("dispatching request URI " + request.getRequestURI() +
- " to " + uri);
- }
+ log.trace("Dispatching request URI {} to {}.", request.getRequestURI(), uri);
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(uri);
dispatcher.forward(request, response);
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
index 7dfec211..d42f911c 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
@@ -16,302 +16,37 @@
*/
package at.gv.egiz.bku.online.webapp;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Map;
-import java.util.regex.Pattern;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
-import at.gv.egiz.bku.binding.BindingProcessor;
import at.gv.egiz.bku.binding.HTTPBindingProcessor;
-import at.gv.egiz.bku.binding.HttpUtil;
-import at.gv.egiz.bku.binding.IdFactory;
-import at.gv.egiz.bku.utils.StreamUtil;
-import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
+import at.gv.egiz.bku.binding.HTTPBindingProcessorImpl;
/**
* Handles SL requests and instantiates BindingProcessors
*
*/
-public class BKURequestHandler extends SpringBKUServlet {
-
- private static final long serialVersionUID = 1L;
-
- public static final String APPLET_PAGE_P = "appletPage";
- public static final String APPLET_PAGE_DEFAULT = "BKUApplet";
-
- public static final String PARAM_APPLET_WIDTH = "appletWidth";
- public static final String ATTR_APPLET_WIDTH = "appletWidth";
-
- public static final String PARAM_APPLET_HEIGHT = "appletHeight";
- public static final String ATTR_APPLET_HEIGHT = "appletHeight";
+public class BKURequestHandler extends AbstractWebRequestHandler {
- public static final String PARAM_APPLET_BACKGROUND = "appletBackground";
- public static final String ATTR_APPLET_BACKGROUND = "appletBackground";
-
- public static final String PARAM_APPLET_BACKGROUND_COLOR = "appletBackgroundColor";
- public static final String ATTR_APPLET_BACKGROUND_COLOR = "appletBackgroundColor";
- public static final Pattern PATTERM_APPLET_BACKGROUND_COLOR = Pattern.compile("\\#[0-9a-fA-F]{6}");
-
- public static final String PARAM_APPLET_GUI_STYLE = "appletGuiStyle";
- public static final String ATTR_APPLET_GUI_STYLE = "appletGuiStyle";
- public static final String[] VALUES_APPLET_GUI_STYLE = new String[] {"tiny", "simple", "advanced"};
+ private static final long serialVersionUID = 1L;
- public static final String PARAM_APPLET_EXTENSION = "appletExtension";
- public static final String ATTR_APPLET_EXTENSION = "appletExtension";
- public static final String[] VALUES_APPLET_EXTENSION = new String[] {"pin", "activation"};
+ private final Logger log = LoggerFactory.getLogger(BKURequestHandler.class);
- public static final String PARAM_LOCALE = "locale";
- public static final String ATTR_LOCALE = "locale";
- public static final Pattern PATTERN_LOCALE = Pattern.compile("[a-zA-Z][a-zA-Z](_[a-zA-Z][a-zA-Z]){0,2}");
-
- public final static String REDIRECT_URL_SESSION_ATTRIBUTE = "redirectUrl";
-
- protected Log log = LogFactory.getLog(BKURequestHandler.class);
-
- private static String getStringFromStream(InputStream is, String encoding)
- throws IOException {
- if (is == null) {
- return null;
- }
- if (encoding == null) {
- encoding = HttpUtil.DEFAULT_CHARSET;
- }
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- StreamUtil.copyStream(is, os);
- return new String(os.toByteArray(), encoding);
- }
-
@Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, java.io.IOException {
- log.debug("Received SecurityLayer request");
-
- HttpSession session = req.getSession(false);
- if (session != null) {
- log.warn("Already a session with id: " + session.getId()
- + " active, trying to get Bindingprocessor");
- BindingProcessor bp = getBindingProcessorManager().getBindingProcessor(
- IdFactory.getInstance().createId(session.getId()));
- if (bp != null) {
- log.debug("Found binding processor, using this one");
- String appletPage = getStringFromStream(
- ((HTTPBindingProcessor) bp).getFormData(APPLET_PAGE_P),
- req.getCharacterEncoding());
- getDispatcher(appletPage).forward(req, resp);
- return;
- }
- log.debug("Did not find a binding processor, creating new ...");
- }
- session = req.getSession(true);
- if (log.isDebugEnabled()) {
- log.debug("Using session id: " + session.getId());
- }
-
- String acceptLanguage = req.getHeader("Accept-Language");
- Locale locale = AcceptLanguage.getLocale(acceptLanguage);
- log.debug("Accept-Language locale: " + locale);
-
- HTTPBindingProcessor bindingProcessor;
- bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()
- .createBindingProcessor(req.getRequestURL().toString(),
- session.getId(), locale);
-
- Map<String, String> headerMap = new HashMap<String, String>();
- for (Enumeration<String> headerName = req.getHeaderNames(); headerName
- .hasMoreElements();) {
- String header = headerName.nextElement();
- if (header != null) {
- headerMap.put(header, req.getHeader(header));
- }
- }
- String charset = req.getCharacterEncoding();
- String contentType = req.getContentType();
- if (charset != null) {
- contentType += ";" + charset;
- }
- headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);
- bindingProcessor.setHTTPHeaders(headerMap);
- bindingProcessor.consumeRequestStream(req.getInputStream());
- req.getInputStream().close();
- getBindingProcessorManager().process(bindingProcessor);
-
- log.trace("Trying to find applet parameters in request");
-
- // appletWidth
- String width = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_WIDTH), charset);
- if (width != null) {
- try {
- // must be a valid integer
- session.setAttribute(ATTR_APPLET_WIDTH, Integer.parseInt(width));
- log.trace("Found parameter " + PARAM_APPLET_WIDTH + "='" + width +"'.");
- } catch (NumberFormatException nfe) {
- log.warn("Applet parameter " + PARAM_APPLET_WIDTH +
- " does not contain a valid value.", nfe);
- }
- }
-
- // appletHeight
- String height = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_HEIGHT), charset);
- if (height != null) {
- try {
- // must be a valid integer
- session.setAttribute(ATTR_APPLET_HEIGHT, Integer.parseInt(height));
- log.trace("Found parameter " + PARAM_APPLET_HEIGHT + "='" + height + "'.");
- } catch (NumberFormatException nfe) {
- log.warn("Applet parameter " + PARAM_APPLET_HEIGHT +
- " does not contain a valid value.", nfe);
- }
- }
-
- // appletBackground
- String background = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_BACKGROUND), charset);
- if (background != null) {
- session.setAttribute(ATTR_APPLET_BACKGROUND, background);
- try {
- // must be a valid http or https URL
- URI backgroundURL = new URI(background);
- if ("http".equals(backgroundURL.getScheme())
- || "https".equals(backgroundURL.getScheme())) {
- session.setAttribute(ATTR_APPLET_BACKGROUND, backgroundURL.toASCIIString());
- log.trace("Found parameter " + PARAM_APPLET_BACKGROUND + "='"
- + backgroundURL.toASCIIString() + "'.");
- } else {
- log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND + "='"
- + background + "' is not a valid http/https URL.");
- }
- } catch (URISyntaxException e) {
- log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND + "='"
- + background + "' is not a valid http/https URL.", e);
- }
- }
-
- // appletBackgroundColor
- String backgroundColor = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_BACKGROUND_COLOR), charset);
- if (backgroundColor != null) {
- // must be a valid color definition
- if (PATTERM_APPLET_BACKGROUND_COLOR.matcher(backgroundColor).matches()) {
- session.setAttribute(ATTR_APPLET_BACKGROUND_COLOR, backgroundColor);
- log.trace("Faund parameter " + PARAM_APPLET_BACKGROUND_COLOR + "='"
- + backgroundColor + "'.");
- } else {
- log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND_COLOR + "='"
- + backgroundColor + "' is not a valid color definition (must be of form '#hhhhhh').");
- }
- }
-
- // appletGuiStyle
- String guiStyle = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_GUI_STYLE), charset);
- if (guiStyle != null) {
- // must be one of VALUES_APPLET_GUI_STYLE
- String style = guiStyle.toLowerCase();
- if (Arrays.asList(VALUES_APPLET_GUI_STYLE).contains(style)) {
- session.setAttribute(ATTR_APPLET_GUI_STYLE, style);
- log.trace("Found parameter " + PARAM_APPLET_GUI_STYLE + "='"
- + style + "'.");
- } else {
- StringBuilder sb = new StringBuilder();
- sb.append("Applet parameter ").append(PARAM_APPLET_GUI_STYLE).append(
- "='").append(guiStyle).append("' is not valid (must be one of ")
- .append(Arrays.toString(VALUES_APPLET_GUI_STYLE)).append(").");
- log.warn(sb);
- }
- }
-
- // appletExtension
- String extension = getStringFromStream(bindingProcessor
- .getFormData(PARAM_APPLET_EXTENSION), charset);
- if (extension != null) {
- // must be one of VALUES_APPLET_EXTENSION
- String ext = extension.toLowerCase();
- if (Arrays.asList(VALUES_APPLET_EXTENSION).contains(ext)) {
- session.setAttribute(ATTR_APPLET_EXTENSION, ext);
- log.trace("Found parameter " + PARAM_APPLET_EXTENSION + "='"
- + ext + "'.");
- } else {
- StringBuilder sb = new StringBuilder();
- sb.append("Applet parameter ").append(PARAM_APPLET_EXTENSION).append(
- "='").append(extension).append("' is not valid (must be one of ")
- .append(Arrays.toString(VALUES_APPLET_EXTENSION)).append(").");
- log.warn(sb);
- }
- }
-
- // locale
- String localeFormParam = getStringFromStream(bindingProcessor
- .getFormData(PARAM_LOCALE), charset);
- if (localeFormParam != null) {
- // must be a valid locale
- if (PATTERN_LOCALE.matcher(localeFormParam).matches()) {
- locale = new Locale(localeFormParam);
- log.debug("Overrule accept-language header locale " + locale
- + " with form param " + localeFormParam + ".");
- } else {
- log.warn("Parameter " + PARAM_LOCALE + "='" + localeFormParam
- + "' is not a valid locale definition.");
- }
- }
- if (locale != null) {
- log.debug("Using locale " + locale);
- session.setAttribute(ATTR_LOCALE, locale.toString());
- }
-
+ protected void beforeAppletPage(HttpServletRequest req, HTTPBindingProcessor bindingProcessor) {
// handle server side redirect url after processing
- String redirectUrl = bindingProcessor.getRedirectURL();
+ String redirectUrl = ((HTTPBindingProcessorImpl) bindingProcessor).getRedirectURL();
if ( redirectUrl != null) {
- log.info("Got redirect URL "+redirectUrl+". Deferring browser redirect.");
- session.setAttribute(REDIRECT_URL_SESSION_ATTRIBUTE, redirectUrl);
+ log.info("Got redirect URL '{}'. Deferring browser redirect.", redirectUrl);
+ req.getSession().setAttribute(REDIRECT_URL_SESSION_ATTRIBUTE, redirectUrl);
}
-
- String appletPage = getStringFromStream(bindingProcessor
- .getFormData(APPLET_PAGE_P), charset);
- getDispatcher(appletPage).forward(req, resp);
}
@Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, java.io.IOException {
- doPost(req, resp);
- }
-
- private RequestDispatcher getDispatcher(String appletPage) {
- RequestDispatcher dispatcher = null;
- if (appletPage != null) {
- log.trace("requested appletPage " + appletPage);
- dispatcher = getServletContext().getNamedDispatcher(appletPage);
- }
- if (dispatcher == null) {
- log.debug("no appletPage requested or appletPage not configured, using default");
- appletPage = APPLET_PAGE_DEFAULT;
- dispatcher = getServletContext().getNamedDispatcher(appletPage);
- }
-// session.setAttribute(APPLET_PAGE_P, appletPage);
- log.debug("forward to applet " + appletPage);
-
- return dispatcher;
+ protected String getRequestProtocol(HttpServletRequest req) {
+ return "HTTP";
}
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java
new file mode 100644
index 00000000..8d65c92e
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java
@@ -0,0 +1,128 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.bku.online.webapp;
+
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.xml.crypto.XSecProvider;
+
+import java.security.Provider;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MoccaContextListener implements ServletContextListener {
+
+ public static final String DISABLE_SECURITY_PROVIDER_REGISTRATION = "disableSecurityProviderRegistration";
+
+ private Logger log = LoggerFactory.getLogger(MoccaContextListener.class);
+
+ private final List<Provider> selfRegisteredProviders = new ArrayList<Provider>();
+
+ @Override
+ public void contextDestroyed(ServletContextEvent sce) {
+ log.info("Deregistering self registered security providers.");
+
+ for (Provider provider : selfRegisteredProviders) {
+ Security.removeProvider(provider.getName());
+ }
+ selfRegisteredProviders.clear();
+
+ }
+
+ @Override
+ public void contextInitialized(ServletContextEvent sce) {
+
+ ServletContext servletContext = sce.getServletContext();
+ if (!Boolean.parseBoolean(servletContext.getInitParameter(DISABLE_SECURITY_PROVIDER_REGISTRATION))) {
+ log.info("Looking for required and registered security providers ...");
+
+ registerProviders();
+
+ if (!selfRegisteredProviders.isEmpty()) {
+ log.warn("Security providers have been registered. "
+ + "This may affect other contexts in the same container!");
+ }
+
+ if (log.isDebugEnabled()) {
+ StringBuilder sb = new StringBuilder();
+ sb.append("Registered providers: ");
+ int i = 1;
+ for (Provider prov : Security.getProviders()) {
+ sb.append("\n" + (i++) + ". : " + prov);
+ }
+ log.debug(sb.toString());
+ }
+ }
+
+
+ }
+
+
+ protected void registerProvider(Provider provider, int position) {
+ String name = provider.getName();
+ if (Security.getProvider(name) == null) {
+ // register IAIK provider at first position
+ try {
+ if (position > 0) {
+ position = Security.insertProviderAt(provider, position);
+ } else {
+ position = Security.addProvider(provider);
+ }
+ log.info("Required security Provider {} was not yet registered. "
+ + "Now registered at position {}.", name, position);
+ selfRegisteredProviders.add(provider);
+ } catch (SecurityException e) {
+ log.info("Failed to register required security Provider.", e);
+ }
+ } else {
+ log.info("Required security Provider {} already registered.", name);
+ }
+
+ }
+
+ protected void registerProviders() {
+
+ registerProvider(new IAIK(), 1);
+ registerProvider(new ECCProvider(false), 2);
+
+ final String name = XSecProvider.NAME;
+ if (Security.getProvider(XSecProvider.NAME) == null) {
+ // register XML Security provider
+ try {
+ XSecProvider.addAsProvider(false);
+ log.info("Required security Provider {} was not yet registered. "
+ + "Now registered.", name);
+ selfRegisteredProviders.add(Security.getProvider(name));
+ } catch (SecurityException e) {
+ log.info("Failed to register required security Provider.", e);
+ }
+ } else {
+ log.info("Required security Provider {} already registered.", name);
+ }
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java
index 5ffe2399..5fd01775 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java
@@ -25,13 +25,14 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
+import at.gv.egiz.bku.binding.BindingProcessor;
import at.gv.egiz.bku.binding.HTTPBindingProcessor;
-import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.binding.Id;
import at.gv.egiz.bku.binding.IdFactory;
-import at.gv.egiz.bku.conf.Configurator;
import at.gv.egiz.bku.utils.NullOutputStream;
/**
@@ -40,7 +41,9 @@ import at.gv.egiz.bku.utils.NullOutputStream;
*/
public class ResultServlet extends SpringBKUServlet {
- private final static Log log = LogFactory.getLog(ResultServlet.class);
+ private static final long serialVersionUID = 1L;
+
+ private final Logger log = LoggerFactory.getLogger(ResultServlet.class);
private String encoding = "UTF-8";
private String expiredPage = "./expiredError.jsp";
@@ -51,12 +54,12 @@ public class ResultServlet extends SpringBKUServlet {
private void myInit() {
String enc = getServletContext().getInitParameter("responseEncoding");
if (enc != null) {
- log.debug("Init default encoding to: " + enc);
+ log.trace("Init default encoding to: {}.", enc);
encoding = enc;
}
String expP = getServletConfig().getInitParameter("expiredPage");
if (expP != null) {
- log.debug("Init expired page to: " + expP);
+ log.trace("Init expired page to: {}.", expP);
expiredPage = expP;
}
}
@@ -80,75 +83,65 @@ public class ResultServlet extends SpringBKUServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, java.io.IOException {
- String version = configurator.getProperty(Configurator.SIGNATURE_LAYOUT);
- if ((version != null) && (!"".equals(version.trim()))) {
- log.debug("setting SignatureLayout header to " + version);
- resp.setHeader(Configurator.SIGNATURE_LAYOUT, version);
- } else {
- log.debug("do not set SignatureLayout header");
- }
-
- if (configurator.getProperty(Configurator.USERAGENT_CONFIG_P) != null) {
- resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, configurator
- .getProperty(Configurator.USERAGENT_CONFIG_P));
- } else {
- resp.setHeader(HttpUtil.HTTP_HEADER_SERVER,
- Configurator.USERAGENT_DEFAULT);
- }
HttpSession session = req.getSession(false);
if (session == null) {
resp.sendRedirect(expiredPage);
return;
}
- String sessionId = session.getId();
- if (sessionId == null) {
- resp.sendRedirect(expiredPage);
- return;
- }
- log.debug("Got a result request for session: " + sessionId);
- HTTPBindingProcessor bp = (HTTPBindingProcessor) getBindingProcessorManager()
- .getBindingProcessor(IdFactory.getInstance().createId(sessionId));
- if (bp == null) {
+
+ Id id = IdFactory.getInstance().createId(session.getId());
+
+ HTTPBindingProcessor bp;
+ BindingProcessor bindingProcessor = getBindingProcessorManager().getBindingProcessor(id);
+ if (bindingProcessor instanceof HTTPBindingProcessor) {
+ bp = (HTTPBindingProcessor) bindingProcessor;
+ } else {
session.invalidate();
resp.sendRedirect(expiredPage);
return;
}
- String redirectUrl = (String) session
- .getAttribute(BKURequestHandler.REDIRECT_URL_SESSION_ATTRIBUTE);
- if (redirectUrl == null) {
- redirectUrl = bp.getRedirectURL();
- }
- if (redirectUrl != null) {
- try {
- bp.writeResultTo(new NullOutputStream(), encoding);
- getBindingProcessorManager().removeBindingProcessor(bp.getId());
- } finally {
- log.info("Executing deferred browser redirect to: " + redirectUrl);
- resp.sendRedirect(redirectUrl);
- session.invalidate();
+ MDC.put("id", id.toString());
+
+ try {
+ String redirectUrl = (String) session
+ .getAttribute(AbstractWebRequestHandler.REDIRECT_URL_SESSION_ATTRIBUTE);
+ if (redirectUrl == null) {
+ redirectUrl = bp.getRedirectURL();
}
- return;
- }
-
- log.trace("setting response code: " + bp.getResponseCode());
- resp.setStatus(bp.getResponseCode());
- resp.setHeader("Cache-Control", "no-store"); // HTTP 1.1
- resp.setHeader("Pragma", "no-cache"); // HTTP 1.0
- resp.setDateHeader("Expires", 0);
- for (Iterator<String> it = bp.getResponseHeaders().keySet().iterator(); it
- .hasNext();) {
- String header = it.next();
- if (log.isTraceEnabled()) {
- log.trace("setting response header " + header + ": " + bp.getResponseHeaders().get(header));
+ if (redirectUrl != null) {
+ try {
+ bp.writeResultTo(new NullOutputStream(), encoding);
+ getBindingProcessorManager().removeBindingProcessor(bp.getId());
+ } finally {
+ log.info("Sending deferred redirect, RedirectURL={}.", redirectUrl);
+ resp.sendRedirect(redirectUrl);
+ session.invalidate();
+ }
+ return;
+ }
+
+ log.trace("Setting response code: {}.", bp.getResponseCode());
+ resp.setStatus(bp.getResponseCode());
+ resp.setHeader("Cache-Control", "no-store"); // HTTP 1.1
+ resp.setHeader("Pragma", "no-cache"); // HTTP 1.0
+ resp.setDateHeader("Expires", 0);
+ for (Iterator<String> it = bp.getResponseHeaders().keySet().iterator(); it
+ .hasNext();) {
+ String header = it.next();
+ log.trace("Setting response header {}: {}.", header, bp.getResponseHeaders().get(header));
+ resp.setHeader(header, bp.getResponseHeaders().get(header));
}
- resp.setHeader(header, bp.getResponseHeaders().get(header));
+ resp.setContentType(bp.getResultContentType());
+ resp.setCharacterEncoding(encoding);
+ log.info("Sending result.");
+ bp.writeResultTo(resp.getOutputStream(), encoding);
+ resp.getOutputStream().flush();
+ session.invalidate();
+ getBindingProcessorManager().removeBindingProcessor(bp.getId());
+
+ } finally {
+ MDC.remove("id");
}
- resp.setContentType(bp.getResultContentType());
- resp.setCharacterEncoding(encoding);
- bp.writeResultTo(resp.getOutputStream(), encoding);
- resp.getOutputStream().flush();
- session.invalidate();
- getBindingProcessorManager().removeBindingProcessor(bp.getId());
}
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionListener.java
index 2b56166c..1bec31b6 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionListener.java
@@ -14,36 +14,34 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package at.gv.egiz.bku.online.webapp;
-
-import javax.servlet.http.HttpSessionEvent;
-import javax.servlet.http.HttpSessionListener;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import at.gv.egiz.bku.binding.BindingProcessorManager;
-import at.gv.egiz.bku.binding.IdFactory;
-
-/**
- * Session listener to trigger the removal of the BindingProcessor
- *
- */
-public class SessionTimeout implements HttpSessionListener {
-
- private static Log log = LogFactory.getLog(SessionTimeout.class);
-
- @Override
- public void sessionCreated(HttpSessionEvent arg0) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void sessionDestroyed(HttpSessionEvent event) {
- BindingProcessorManager manager = (BindingProcessorManager) event.getSession().getServletContext().getAttribute(SpringBKUServlet.BEAN_NAME);
- log.info("Removing session: "+event.getSession().getId());
- manager.removeBindingProcessor(IdFactory.getInstance().createId(event.getSession().getId()));
- }
-
-}
+package at.gv.egiz.bku.online.webapp;
+
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.bku.binding.BindingProcessorManager;
+import at.gv.egiz.bku.binding.IdFactory;
+
+/**
+ * Session listener to trigger the removal of the BindingProcessor
+ *
+ */
+public class SessionListener implements HttpSessionListener {
+
+ private final Logger log = LoggerFactory.getLogger(SessionListener.class);
+
+ @Override
+ public void sessionCreated(HttpSessionEvent event) {
+ }
+
+ @Override
+ public void sessionDestroyed(HttpSessionEvent event) {
+ BindingProcessorManager manager = (BindingProcessorManager) event.getSession().getServletContext().getAttribute(SpringBKUServlet.BEAN_NAME);
+ manager.removeBindingProcessor(IdFactory.getInstance().createId(event.getSession().getId()));
+ log.info("Session {} destroyed.", event.getSession().getId());
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java
index 741b5e32..39d7368d 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java
@@ -1,48 +1,48 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package at.gv.egiz.bku.online.webapp;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.context.ApplicationEvent;
-import org.springframework.context.ApplicationListener;
-import org.springframework.context.event.ContextClosedEvent;
-
-import at.gv.egiz.bku.binding.BindingProcessorManager;
-
-public class ShutdownHandler implements ApplicationListener {
-
- private static Log log = LogFactory.getLog(ShutdownHandler.class);
-
- private BindingProcessorManager bindingProcessorManager;
-
- public void setBindingProcessorManager(
- BindingProcessorManager bindingProcessorManager) {
- this.bindingProcessorManager = bindingProcessorManager;
- }
-
- @Override
- public void onApplicationEvent(ApplicationEvent event) {
- if (event instanceof ContextClosedEvent) {
- log.info("Shutting down BKU");
- bindingProcessorManager.shutdownNow();
- }
-
- }
-
-}
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package at.gv.egiz.bku.online.webapp;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextClosedEvent;
+
+import at.gv.egiz.bku.binding.BindingProcessorManager;
+
+public class ShutdownHandler implements ApplicationListener {
+
+ private final Logger log = LoggerFactory.getLogger(ShutdownHandler.class);
+
+ private BindingProcessorManager bindingProcessorManager;
+
+ public void setBindingProcessorManager(
+ BindingProcessorManager bindingProcessorManager) {
+ this.bindingProcessorManager = bindingProcessorManager;
+ }
+
+ @Override
+ public void onApplicationEvent(ApplicationEvent event) {
+ if (event instanceof ContextClosedEvent) {
+ log.info("Shutting down MOCCA.");
+ bindingProcessorManager.shutdownNow();
+ }
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java
index 2c6f522e..6a6f11e8 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java
@@ -19,19 +19,15 @@ package at.gv.egiz.bku.online.webapp;
import javax.servlet.http.HttpServlet;
import at.gv.egiz.bku.binding.BindingProcessorManager;
-import at.gv.egiz.bku.conf.Configurator;
public abstract class SpringBKUServlet extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+
public final static String BEAN_NAME="bindingProcessorManager";
- protected static Configurator configurator;
-
protected BindingProcessorManager getBindingProcessorManager() {
return (BindingProcessorManager) getServletContext().getAttribute(BEAN_NAME);
}
- public static void setConfigurator(Configurator conf) {
- configurator = conf;
- }
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java
new file mode 100644
index 00000000..897ec227
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java
@@ -0,0 +1,123 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.util.Collections;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.bku.binding.AbstractBindingProcessor;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
+import at.gv.egiz.stal.QuitRequest;
+
+public abstract class AbstractCommandSequenceBindingProcessor extends AbstractBindingProcessor {
+
+ protected static Logger log = LoggerFactory.getLogger(AbstractCommandSequenceBindingProcessor.class);
+
+ /**
+ * @return the error
+ */
+ protected Exception getError() {
+ return error;
+ }
+
+ /**
+ * @param error the error to set
+ */
+ protected void setError(Exception error) {
+ this.error = error;
+ }
+
+ private Exception error;
+
+ private SLCommandBrocker commandBrocker = new SLCommandBrocker();
+
+ /**
+ * External processing?
+ */
+ private boolean external;
+
+ /**
+ * Constructs a new instance of this IdBindingProcessorImpl with
+ * the given ID.
+ */
+ public AbstractCommandSequenceBindingProcessor() {
+ super();
+ }
+
+ /**
+ * @return the external
+ */
+ public boolean isExternal() {
+ return external;
+ }
+
+ /**
+ * @param external the external to set
+ */
+ public void setExternal(boolean external) {
+ this.external = external;
+ }
+
+ protected abstract SLCommand getNextCommand();
+
+ protected abstract void processResult(SLResult result);
+
+ @Override
+ public synchronized void process() {
+
+ try {
+
+ SLCommand command;
+ do {
+ command = getNextCommand();
+ SLCommandContext context = new SLCommandContext(getSTAL(), getUrlDereferencer(), locale);
+ SLResult result = null;
+ if (external) {
+ result = commandBrocker.execute(command, context, 3 * 60 * 1000);
+ } else {
+ if (command != null) {
+ result = command.execute(context);
+ } else {
+ stal.handleRequest(Collections.singletonList(new QuitRequest()));
+ }
+ }
+ if (result != null) {
+ processResult(result);
+ }
+ } while (command != null);
+
+ } catch (InterruptedException e) {
+ setError(new SLException(6000));
+ } catch (Exception e) {
+ log.info("BindingProcessor error.", e);
+ setError(e);
+ }
+
+ }
+
+ public SLCommand setExternalResult(SLResult slResult) throws SLCommandException, InterruptedException {
+ return commandBrocker.nextCommand(slResult, 3 * 60 * 1000);
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/DataURLServerServlet.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/DataURLServerServlet.java
new file mode 100644
index 00000000..b40fd35f
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/DataURLServerServlet.java
@@ -0,0 +1,225 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Iterator;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egiz.bku.binding.BindingProcessor;
+import at.gv.egiz.bku.binding.FormParameter;
+import at.gv.egiz.bku.binding.IdFactory;
+import at.gv.egiz.bku.binding.InputDecoder;
+import at.gv.egiz.bku.binding.InputDecoderFactory;
+import at.gv.egiz.bku.online.webapp.SpringBKUServlet;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLMarshallerFactory;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slcommands.impl.DomCreateXMLSignatureResultImpl;
+import at.gv.egiz.bku.slcommands.impl.DomErrorResultImpl;
+import at.gv.egiz.bku.slcommands.impl.DomInfoboxReadResultImpl;
+import at.gv.egiz.bku.slcommands.impl.ErrorResultImpl;
+import at.gv.egiz.bku.slcommands.impl.SLCommandImpl;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.utils.DebugInputStream;
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.slbinding.SLUnmarshaller;
+
+public class DataURLServerServlet extends SpringBKUServlet {
+
+ private static Logger log = LoggerFactory.getLogger(DataURLServerServlet.class);
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ /* (non-Javadoc)
+ * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ String userAgent = req.getHeader("User-Agent");
+ String contentType = req.getContentType();
+ log.debug("Content-Type: " + contentType + " User-Agent: " + userAgent);
+
+ InputDecoder dec = InputDecoderFactory.getDecoder(contentType, req.getInputStream());
+
+ String sessionId = null;
+ Element respElement = null;
+
+ Iterator<FormParameter> formParams = dec.getFormParameterIterator();
+ while(formParams.hasNext()) {
+ FormParameter parameter = formParams.next();
+ String name = parameter.getFormParameterName();
+ if ("SessionID_".equals(name)) {
+ sessionId = StreamUtil.asString(parameter.getFormParameterValue(), "UTF-8");
+ log.debug("SessionID: {}", sessionId);
+ } else if ("ResponseType".equals(name)) {
+ String parameterContentType = parameter.getFormParameterContentType();
+ if (log.isDebugEnabled()) {
+ log.debug("ResponseType: ({}) {}.", parameterContentType, StreamUtil.asString(parameter.getFormParameterValue(), "UTF-8"));
+ }
+ } else if ("XMLResponse".equals(name)) {
+ InputStream inputStream = parameter.getFormParameterValue();
+
+ DebugInputStream di = null;
+ if (log.isDebugEnabled()) {
+ di = new DebugInputStream(inputStream);
+ inputStream = di;
+ }
+
+ SLUnmarshaller slUnmarshaller = new SLUnmarshaller();
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setSchema(slUnmarshaller.getSlSchema());
+ try {
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (ParserConfigurationException e) {
+ log.warn("Failed to enable secure processing.", e);
+ }
+
+ // http://www.w3.org/TR/xmldsig-bestpractices/#be-aware-schema-normalization
+ try {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
+ } catch (IllegalArgumentException e) {
+ log.warn("Failed to disable schema normalization " +
+ "(see http://www.w3.org/TR/xmldsig-bestpractices/#be-aware-schema-normalization)", e);
+ }
+
+ DocumentBuilder documentBuilder;
+ try {
+ documentBuilder = dbf.newDocumentBuilder();
+ } catch (ParserConfigurationException e) {
+ log.error("Failed to create parser for Security Layer response." , e);
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ return;
+ }
+
+ try {
+ Document doc = documentBuilder.parse(inputStream);
+ respElement = doc.getDocumentElement();
+ } catch (SAXException e) {
+ log.info("Failed to parse Security Layer response.", e);
+ // TODO set error and redirect
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ return;
+ }
+
+ if (di != null) {
+ log.debug("XMLResponse:\n{}", new String(di.getBufferedBytes(), "UTF-8"));
+ }
+
+ }
+
+ }
+
+ SAMLBindingProcessorImpl bindingProcessor = null;
+ if (sessionId != null) {
+ bindingProcessor = getBindingProcessor(sessionId);
+ }
+
+ if (bindingProcessor != null && respElement != null) {
+
+ SLResult slResult = null;
+ if ("http://www.buergerkarte.at/namespaces/securitylayer/1.2#".equals(respElement.getNamespaceURI())) {
+ if ("NullOperationResponse".equals(respElement.getLocalName())) {
+ slResult = null;
+ } else if ("InfoboxReadResponse".equals(respElement.getLocalName())) {
+ slResult = new DomInfoboxReadResultImpl(respElement);
+ } else if ("CreateXMLSignatureResponse".equals(respElement.getLocalName())) {
+ slResult = new DomCreateXMLSignatureResultImpl(respElement);
+ } else if ("ErrorResponse".equals(respElement.getLocalName())) {
+ slResult = new DomErrorResultImpl(respElement);
+ } else {
+ // TODO: report proper error
+ at.gv.egiz.bku.slexceptions.SLException slException = new at.gv.egiz.bku.slexceptions.SLException(0);
+ slResult = new ErrorResultImpl(slException, null);
+ }
+
+ }
+
+ SLCommand slCommand = null;
+ try {
+ slCommand = bindingProcessor.setExternalResult(slResult);
+ } catch (SLCommandException e) {
+ log.debug(e.getMessage());
+ } catch (InterruptedException e) {
+ // interrupted
+ }
+
+ if (slCommand instanceof SLCommandImpl<?>) {
+ JAXBElement<?> request = ((SLCommandImpl<?>) slCommand).getRequest();
+ Marshaller marshaller = SLMarshallerFactory.getInstance().createMarshaller(false, false);
+ try {
+
+ resp.setCharacterEncoding("UTF-8");
+ resp.setContentType("text/xml");
+
+ marshaller.marshal(request, resp.getOutputStream());
+
+ return;
+
+ } catch (JAXBException e) {
+ log.error("Failed to marshall Security Layer request.", e);
+ }
+
+ }
+
+ }
+
+ resp.sendRedirect("bkuResult");
+
+ }
+
+ protected SAMLBindingProcessorImpl getBindingProcessor(String sessionId) {
+
+ BindingProcessor bp = getBindingProcessorManager().getBindingProcessor(
+ IdFactory.getInstance().createId(sessionId));
+
+ if (bp instanceof SAMLBindingProcessorImpl) {
+ log.debug("Found active BindingProcessor, using this one.");
+ return (SAMLBindingProcessorImpl) bp;
+ }
+
+ return null;
+
+ }
+
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLink.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLink.java
new file mode 100644
index 00000000..fd4ef8e7
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLink.java
@@ -0,0 +1,346 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import iaik.xml.crypto.dom.DOMCryptoContext;
+import iaik.xml.crypto.dsig.keyinfo.KeyValueType;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.Manifest;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.XMLObject;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+
+import oasis.names.tc.saml._1_0.assertion.AnyType;
+import oasis.names.tc.saml._1_0.assertion.AssertionType;
+import oasis.names.tc.saml._1_0.assertion.AttributeStatementType;
+import oasis.names.tc.saml._1_0.assertion.AttributeType;
+import oasis.names.tc.saml._1_0.assertion.StatementAbstractType;
+import oasis.names.tc.saml._1_0.assertion.SubjectConfirmationType;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.bku.utils.StreamUtil;
+
+public class IdLink {
+
+ protected Logger log = LoggerFactory.getLogger(IdLink.class);
+
+ /**
+ * The IdLink is backed by a DOM.
+ */
+ protected Node node;
+
+ /**
+ * The <code>Assertion</code> (root element) of the IdLink.
+ */
+ protected AssertionType assertion;
+
+ /**
+ * The citizen's asserted public keys.
+ */
+ protected List<PublicKey> citizenPublicKeys;
+
+ /**
+ * The XMLSignature.
+ */
+ protected XMLSignature signature;
+
+ /**
+ * The assertion's signer certificate.
+ */
+ protected X509Certificate signerCert;
+
+ /**
+ * Is the assertion's signature manifest valid?
+ */
+ protected Boolean manifestValid;
+
+ /**
+ * Is the assertion's signature valid?
+ */
+ protected Boolean signatureValid;
+
+ /**
+ * The personal identifier
+ */
+ protected IdLinkPersonData personData;
+
+ public IdLink(Element node, AssertionType assertion) throws JAXBException {
+ this.node = node;
+ this.assertion = assertion;
+ }
+
+ public PhysicalPersonType getPhysicalPerson() {
+
+ AttributeStatementType attributeStatement = getAttributeStatement();
+ if (attributeStatement != null) {
+ JAXBElement<?> subjectConfirmation = attributeStatement.getSubject().getContent().get(0);
+ if (subjectConfirmation.getDeclaredType() == SubjectConfirmationType.class) {
+ Object data = ((SubjectConfirmationType) subjectConfirmation.getValue())
+ .getSubjectConfirmationData().getContent().get(0);
+ if (data instanceof JAXBElement<?>
+ && ((JAXBElement<?>) data).getValue() instanceof PhysicalPersonType) {
+ return (PhysicalPersonType) ((JAXBElement<?>) data).getValue();
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public AttributeStatementType getAttributeStatement() {
+
+ StatementAbstractType statement =
+ assertion.getStatementOrSubjectStatementOrAuthenticationStatement().get(0);
+
+ if (statement instanceof AttributeStatementType) {
+ return (AttributeStatementType) statement;
+ }
+
+ return null;
+
+ }
+
+ public IdLinkPersonData getPersonData() throws MarshalException {
+ if (personData == null) {
+ try {
+ personData = new IdLinkPersonData(getPhysicalPerson());
+ } catch (ParseException e) {
+ throw new MarshalException(e);
+ }
+ }
+ return personData;
+ }
+
+ public List<PublicKey> getCitizenPublicKeys() throws MarshalException {
+ if (citizenPublicKeys == null) {
+
+ citizenPublicKeys = new ArrayList<PublicKey>();
+
+ AttributeStatementType attributeStatement = getAttributeStatement();
+ if (attributeStatement != null) {
+ List<AttributeType> attributes = attributeStatement.getAttribute();
+ for (AttributeType attribute : attributes) {
+ if ("urn:publicid:gv.at:namespaces:identitylink:1.2".equals(attribute.getAttributeNamespace())
+ && "CitizenPublicKey".equals(attribute.getAttributeName())) {
+ List<AnyType> value = attribute.getAttributeValue();
+ if (value.size() == 1 && value.get(0).getContent().size() == 1) {
+ Object object = value.get(0).getContent().get(0);
+ if (object instanceof Element) {
+ Element element = (Element) object;
+ DOMStructure structure = iaik.xml.crypto.dom.DOMStructure.getInstance(element, new DOMCryptoContext());
+ if (structure instanceof KeyValueType) {
+ citizenPublicKeys.add(((KeyValueType) structure).getPublicKey());
+ }
+ }
+ }
+ }
+ }
+ }
+
+ }
+ return citizenPublicKeys;
+ }
+
+ public XMLSignature getXMLSignature() throws MarshalException {
+ if (signature == null) {
+
+ Node n = node.getLastChild();
+ while (n != null && n.getNodeType() != Node.ELEMENT_NODE) {
+ n = n.getPreviousSibling();
+ }
+
+ if (n != null
+ && XMLSignature.XMLNS.equals(n.getNamespaceURI())
+ && "Signature".equals(n.getLocalName())) {
+
+ XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance();
+ signature = signatureFactory.unmarshalXMLSignature(new DOMStructure(n));
+ }
+
+
+ }
+ return signature;
+ }
+
+ public X509Certificate getSignerCert() throws MarshalException {
+ if (signerCert == null) {
+
+ if (getXMLSignature() != null) {
+
+ KeyInfo keyInfo = signature.getKeyInfo();
+ if (keyInfo != null) {
+ List<?> content = keyInfo.getContent();
+ for (Object data : content) {
+ if (data instanceof X509Data) {
+ List<?> x509Data = ((X509Data) data).getContent();
+ for (Object object : x509Data) {
+ if (object instanceof X509Certificate) {
+ signerCert = (X509Certificate) object;
+ return signerCert;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return signerCert;
+ }
+
+
+ @SuppressWarnings("unchecked")
+ public boolean verifySignature() throws MarshalException, XMLSignatureException {
+ if (signatureValid == null) {
+ if (getXMLSignature() != null && getSignerCert() != null) {
+
+ DOMValidateContext validateContext = new DOMValidateContext(signerCert.getPublicKey(), node);
+ validateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+
+ signatureValid = signature.validate(validateContext);
+
+ // logging
+ if (!signatureValid && log.isTraceEnabled()) {
+ List<Reference> references = signature.getSignedInfo().getReferences();
+ for (Reference reference : references) {
+ if (!Manifest.TYPE.equals(reference.getType())) {
+ if (!reference.validate(validateContext)) {
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ try {
+ log.trace("SignedInfo's reference digest input:\n{}",
+ StreamUtil.asString(digestInputStream, "UTF-8"));
+ } catch (IOException e) {
+ log.info("Failed to get SignedInfos's reference digest input", e.toString());
+ }
+ }
+ } else {
+ try {
+ log.trace("Signature canonicalized data:\n{}", StreamUtil.asString(signature
+ .getSignedInfo().getCanonicalizedData(), "UTF-8"));
+ } catch (IOException e) {
+ log.info("Failed to get canonicalized data.", e);
+ }
+ }
+ break;
+ }
+ }
+ }
+
+ }
+ }
+ return signatureValid;
+ }
+
+ @SuppressWarnings("unchecked")
+ public boolean verifyManifest() throws MarshalException, XMLSignatureException {
+ if (manifestValid == null) {
+ if (getXMLSignature() != null && getSignerCert() != null) {
+
+ DOMValidateContext validateContext = new DOMValidateContext(signerCert.getPublicKey(), node);
+ if (log.isTraceEnabled()) {
+ // enable reference caching in trace log-level
+ validateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+ }
+ boolean valid = false;
+
+ // validate manifest
+ List<XMLObject> objects = signature.getObjects();
+ for (XMLObject object : objects) {
+ List<?> content = object.getContent();
+ if (content.get(0) instanceof Manifest) {
+ Manifest manifest = (Manifest) content.get(0);
+ List<Reference> references = manifest.getReferences();
+ for (Reference reference : references) {
+
+ valid = reference.validate(validateContext);
+
+ // logging
+ if (!valid && log.isTraceEnabled()) {
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ try {
+ log.trace("Manifest's reference digest input:\n{}",
+ StreamUtil.asString(digestInputStream, "UTF-8"));
+ } catch (IOException e) {
+ log.info("Failed to get Manifest's reference digest input", e.toString());
+ }
+ }
+ }
+ break;
+ }
+ }
+ }
+
+ // validate reference to manifest
+ if (valid) {
+ List<Reference> references = signature.getSignedInfo().getReferences();
+ for (Reference reference : references) {
+ if (Manifest.TYPE.equals(reference.getType())) {
+
+ boolean refValid = reference.validate(validateContext);
+
+ // logging
+ if (!refValid && log.isTraceEnabled()) {
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ try {
+ log.trace("SignedInfo's manifest reference digest input:\n{}",
+ StreamUtil.asString(digestInputStream, "UTF-8"));
+ } catch (IOException e) {
+ log.info("Failed to get SignedInfos's manifest reference digest input", e.toString());
+ }
+ }
+ }
+
+ valid &= refValid;
+
+ }
+ }
+ }
+
+ manifestValid = valid;
+
+ }
+
+ }
+ return manifestValid;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkException.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkException.java
new file mode 100644
index 00000000..12383861
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkException.java
@@ -0,0 +1,43 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+public class IdLinkException extends Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public IdLinkException() {
+ super();
+ }
+
+ public IdLinkException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public IdLinkException(String message) {
+ super(message);
+ }
+
+ public IdLinkException(Throwable cause) {
+ super(cause);
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkFactory.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkFactory.java
new file mode 100644
index 00000000..90312af3
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkFactory.java
@@ -0,0 +1,154 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.io.IOException;
+import java.net.URL;
+
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import oasis.names.tc.saml._1_0.assertion.AssertionType;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+public class IdLinkFactory {
+
+ protected static Logger log = LoggerFactory.getLogger(IdLinkFactory.class);
+
+ public static final String[] SCHEMA_FILES = new String[] {
+ "at/gv/egiz/mocca/id/idlschema/xmldsig-more.xsd",
+ "at/gv/egiz/mocca/id/idlschema/xmldsig-core-schema.xsd",
+ "at/gv/egiz/mocca/id/idlschema/PersonData.xsd",
+ "at/gv/egiz/mocca/id/idlschema/oasis-sstc-saml-schema-assertion-1.0.xsd"};
+
+ private static class InstanceHolder {
+ private static final IdLinkFactory INSTANCE = new IdLinkFactory();
+ }
+
+ public static IdLinkFactory getInstance() {
+ return InstanceHolder.INSTANCE;
+ }
+
+ static {
+// InitDOMStructure.init();
+ }
+
+ private final Schema idlSchema;
+
+ private final JAXBContext jaxbContext;
+
+
+ private IdLinkFactory() {
+
+ try {
+ SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ Source[] sources = new Source[SCHEMA_FILES.length];
+ for (int i = 0; i < SCHEMA_FILES.length; i++) {
+ String schemaFile = SCHEMA_FILES[i];
+ URL schemaURL = cl.getResource(schemaFile);
+ if (schemaURL == null) {
+ throw new RuntimeException("Failed to load schema file " + schemaFile + ".");
+ }
+ log.debug("Schema location: " + schemaURL);
+ sources[i] = new StreamSource(schemaURL.openStream());
+ }
+ idlSchema = schemaFactory.newSchema(sources);
+ } catch (IOException e) {
+ log.error("Failed to load identity link schema.", e);
+ throw new RuntimeException(e);
+ } catch (SAXException e) {
+ log.error("Failed to load identity link schema.", e);
+ throw new RuntimeException(e);
+ }
+
+ StringBuffer packageNames = new StringBuffer();
+ packageNames.append(at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory.class.getPackage().getName());
+ packageNames.append(":");
+ packageNames.append(oasis.names.tc.saml._1_0.assertion.ObjectFactory.class.getPackage().getName());
+
+ try {
+ jaxbContext = JAXBContext.newInstance(packageNames.toString());
+ } catch (JAXBException e) {
+ // we should not get an JAXBException initializing the JAXBContext
+ throw new RuntimeException(e);
+ }
+
+ }
+
+ public IdLink unmarshallIdLink(InputSource source) throws IdLinkException,
+ ParserConfigurationException, SAXException, IOException, JAXBException {
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setSchema(idlSchema);
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+
+ // http://www.w3.org/TR/xmldsig-bestpractices/#be-aware-schema-normalization
+ try {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
+ } catch (IllegalArgumentException e) {
+ log.warn("Failed to disable schema normalization " +
+ "(see http://www.w3.org/TR/xmldsig-bestpractices/#be-aware-schema-normalization)", e);
+ }
+
+ DocumentBuilder documentBuilder = dbf.newDocumentBuilder();
+ Document doc = documentBuilder.parse(source);
+
+ return unmarshallIdLink(doc.getDocumentElement());
+
+ }
+
+ public IdLink unmarshallIdLink(Element element) throws IdLinkException, JAXBException {
+
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ unmarshaller.setSchema(idlSchema);
+
+ Object object = unmarshaller.unmarshal(element);
+
+ IdLink idLink;
+ if (object instanceof JAXBElement<?>
+ && ((JAXBElement<?>) object).getDeclaredType() == AssertionType.class) {
+ idLink = new IdLink(element, (AssertionType) ((JAXBElement<?>) object).getValue());
+ } else {
+ throw new IllegalArgumentException("Parameter node is not a "
+ + new QName("urn:oasis:names:tc:SAML:1.0:assertion", "Assertion"));
+ }
+
+ return idLink;
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java
new file mode 100644
index 00000000..493b92af
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java
@@ -0,0 +1,88 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.security.Key;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class IdLinkKeySelector extends KeySelector {
+
+ private static Logger log = LoggerFactory.getLogger(IdLinkKeySelector.class);
+
+ private IdLink idLink;
+
+ public IdLinkKeySelector(IdLink idLink) {
+ super();
+ if (idLink == null) {
+ throw new NullPointerException("Parameter 'idLink' must not be null.");
+ }
+ this.idLink = idLink;
+ }
+
+ @Override
+ public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose,
+ AlgorithmMethod method, XMLCryptoContext context)
+ throws KeySelectorException {
+
+ if (purpose != Purpose.VERIFY) {
+ throw new KeySelectorException("KeySelector does not support purpose "
+ + purpose + ".");
+ }
+
+ try {
+ for (Object ki : keyInfo.getContent()) {
+ if (ki instanceof X509Data) {
+ for (Object xd : ((X509Data) ki).getContent()) {
+ if (xd instanceof X509Certificate) {
+ final PublicKey publicKey = ((X509Certificate) xd).getPublicKey();
+ if (idLink.getCitizenPublicKeys().contains(publicKey)) {
+ log.trace("Found matching key {} in identiy link and KeyInfo.", publicKey);
+ return new KeySelectorResult() {
+ @Override
+ public Key getKey() {
+ return publicKey;
+ }
+ };
+ }
+ }
+ }
+ }
+ }
+ } catch (MarshalException e) {
+ log.info("Failed to get public keys from identity link.", e);
+ throw new KeySelectorException(e);
+ }
+
+ log.info("Did not find matching public keys in the identity link and the KeyInfo.");
+ return null;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkPersonData.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkPersonData.java
new file mode 100644
index 00000000..5b6f4453
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkPersonData.java
@@ -0,0 +1,76 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+
+public class IdLinkPersonData {
+
+ private static final DateFormat DATE_FORMAT = new SimpleDateFormat("yyyy-MM-dd");
+
+ protected PersonalIdentifier identifier;
+
+ protected String familyName;
+
+ protected String givenName;
+
+ protected Date dateOfBirth;
+
+ public IdLinkPersonData(PhysicalPersonType physicalPerson) throws ParseException {
+ familyName = physicalPerson.getName().getFamilyName().get(0).getValue();
+ givenName = physicalPerson.getName().getGivenName().get(0);
+ dateOfBirth = DATE_FORMAT.parse(physicalPerson.getDateOfBirth());
+ IdentificationType identificationType = physicalPerson.getIdentification().get(0);
+ if (identificationType != null) {
+ identifier = new PersonalIdentifier(identificationType.getType(),
+ identificationType.getValue().getValue());
+ }
+ }
+
+ public String getGivenName() {
+ return givenName;
+ }
+
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ public Date getDateOfBirth() throws ParseException {
+ return dateOfBirth;
+ }
+
+ public PersonalIdentifier getIdentifier() {
+ return identifier;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
+ @Override
+ public String toString() {
+ return familyName + ", " + givenName + ", " + DATE_FORMAT.format(dateOfBirth);
+ }
+
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/PersonalIdentifier.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/PersonalIdentifier.java
new file mode 100644
index 00000000..ad108dc2
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/PersonalIdentifier.java
@@ -0,0 +1,81 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import iaik.utils.Base64OutputStream;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class PersonalIdentifier {
+
+ public static final String PREFIX = "urn:publicid:gv.at:";
+
+ public static final String BASE_ID = PREFIX + "baseid";
+
+
+ protected String type;
+
+ protected String value;
+
+ public PersonalIdentifier(String type, String value) {
+ this.type = type;
+ this.value = value;
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @return the value
+ */
+ public String getValue() {
+ return value;
+ }
+
+ public PersonalIdentifier getDerivedValue(String domainId) {
+
+ if (BASE_ID.equals(type)) {
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA");
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ Base64OutputStream bos = new Base64OutputStream(os);
+ bos.write(md.digest((value + '+' + domainId).getBytes("ISO-8859-1")));
+ bos.flush();
+ return new PersonalIdentifier(domainId, os.toString("ASCII"));
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ return null;
+
+ }
+
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/QESTemplates.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/QESTemplates.java
new file mode 100644
index 00000000..8737d39c
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/QESTemplates.java
@@ -0,0 +1,115 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.transform.Templates;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+
+public class QESTemplates {
+
+ private Map<String, Templates> templatesMap = Collections.synchronizedMap(new HashMap<String, Templates>());
+
+ private synchronized Templates getTemplates(String id) {
+
+ Templates templates = templatesMap.get(id);
+ if (templates == null) {
+ templates = loadTemplates(id);
+ templatesMap.put(id, templates);
+ }
+ return templates;
+
+ }
+
+ protected Templates loadTemplates(String id) {
+
+ InputStream xsl = QESTemplates.class.getResourceAsStream("/templates/template.xsl");
+ if (xsl == null) {
+ throw new IllegalArgumentException("Template not found.");
+ }
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ try {
+ return transformerFactory.newTemplates(new StreamSource(xsl));
+ } catch (TransformerConfigurationException e) {
+ throw new SLRuntimeException(e);
+ }
+
+ }
+
+ public String createQESTemplate(String id, Locale locale, IdLink idLink, String url, PersonalIdentifier derivedIdentifier, Date dateTime) {
+
+ Templates templates = getTemplates(id);
+ try {
+ Transformer transformer = templates.newTransformer();
+
+ DateFormat dateFormat = DateFormat.getDateInstance(DateFormat.MEDIUM, locale);
+ DateFormat timeFormat = DateFormat.getTimeInstance(DateFormat.MEDIUM, locale);
+
+ IdLinkPersonData personData = idLink.getPersonData();
+
+ transformer.setParameter("givenName", personData.getGivenName());
+ transformer.setParameter("familyName", personData.getFamilyName());
+ transformer.setParameter("dateOfBirth", dateFormat.format(personData.getDateOfBirth()));
+
+ transformer.setParameter("url", url);
+ transformer.setParameter("identifierType", derivedIdentifier.getType());
+ transformer.setParameter("identifierValue", derivedIdentifier.getValue());
+
+ transformer.setParameter("date", dateFormat.format(dateTime));
+ transformer.setParameter("time", timeFormat.format(dateTime));
+
+
+ StringWriter writer = new StringWriter();
+ transformer.transform(new StreamSource(), new StreamResult(writer));
+
+
+ return writer.toString();
+ } catch (TransformerConfigurationException e) {
+ throw new SLRuntimeException(e);
+ } catch (TransformerException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (MarshalException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (ParseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return null;
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorFactory.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorFactory.java
new file mode 100644
index 00000000..9a71b32f
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorFactory.java
@@ -0,0 +1,44 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import java.util.Collections;
+import java.util.Set;
+
+import at.gv.egiz.bku.binding.AbstractBindingProcessorFactory;
+import at.gv.egiz.bku.binding.BindingProcessor;
+import at.gv.egiz.bku.binding.BindingProcessorFactory;
+import at.gv.egiz.bku.utils.binding.Protocol;
+
+public class SAMLBindingProcessorFactory extends AbstractBindingProcessorFactory implements BindingProcessorFactory {
+
+ private Set<Protocol> supportedProtocols = Collections.singleton(Protocol.SAML);
+
+ @Override
+ public Set<Protocol> getSupportedProtocols() {
+ return supportedProtocols;
+ }
+
+ @Override
+ public BindingProcessor createBindingProcessor() {
+ SAMLBindingProcessorImpl bindingProcessor = new SAMLBindingProcessorImpl();
+ configureBindingProcessor(bindingProcessor);
+ return bindingProcessor;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorImpl.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorImpl.java
new file mode 100644
index 00000000..ce4ac425
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLBindingProcessorImpl.java
@@ -0,0 +1,357 @@
+/*
+ * Copyright 2009 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package at.gv.egiz.mocca.id;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.charset.Charset;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.buergerkarte.namespaces.securitylayer._1.AnyChildrenType;
+import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefOptRefContentType;
+import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType;
+import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsBinaryFileType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType;
+import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType;
+import at.gv.egiz.bku.binding.FormParameter;
+import at.gv.egiz.bku.binding.HTTPBindingProcessor;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.binding.InputDecoder;
+import at.gv.egiz.bku.binding.InputDecoderFactory;
+import at.gv.egiz.bku.slcommands.CreateXMLSignatureResult;
+import at.gv.egiz.bku.slcommands.ErrorResult;
+import at.gv.egiz.bku.slcommands.InfoboxReadResult;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandFactory;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLVersionException;
+
+public class SAMLBindingProcessorImpl extends
+ AbstractCommandSequenceBindingProcessor implements HTTPBindingProcessor {
+
+ private static final Logger log = LoggerFactory
+ .getLogger(SAMLBindingProcessorImpl.class);
+
+ private String requestContentType;
+
+ private String domainIdentifier = "urn:publicid:gv.at:wbpk+FN+468924i";
+
+ private String keyBoxIdentifier = "SecureSignatureKeypair";
+
+ private String url = "www.egiz.gv.at";
+
+ private QESTemplates templates = new QESTemplates();
+
+ private IdLink idLink;
+
+ private Element signature;
+
+ private SLResult errorResponse;
+
+ @Override
+ protected void processResult(SLResult result) {
+ if (result instanceof ErrorResult) {
+ ErrorResult errorResult = (ErrorResult) result;
+ log.info("Got ErrorResponse {}: {}", errorResult.getErrorCode(),
+ errorResult.getInfo());
+ errorResponse = result;
+ return;
+ } else if (result instanceof InfoboxReadResult) {
+ try {
+ processInfoboxReadResult((InfoboxReadResult) result);
+ if (idLink != null) {
+ try {
+ IdLinkPersonData personData = idLink.getPersonData();
+ log.info("Got idLink for {}.", personData);
+ } catch (MarshalException e) {
+ log.info("Failed to unmarshal idLink.");
+ }
+ }
+ } catch (JAXBException e) {
+ log.info("InfoboxReadResult contains unexpected data.", e);
+ errorResponse = result;
+ } catch (IdLinkException e) {
+ log.info("InfoboxReadResult contains invalid identity link.", e);
+ errorResponse = result;
+ }
+ } else if (result instanceof CreateXMLSignatureResult) {
+ signature = ((CreateXMLSignatureResult) result).getContent();
+ log.info("Got signature.");
+ boolean valid = validate(signature) && validate(idLink);
+ log.info("Signature is valid: " + valid);
+ }
+ }
+
+ @Override
+ protected SLCommand getNextCommand() {
+
+ JAXBElement<?> request = null;
+ if (errorResponse == null) {
+ if (idLink == null) {
+ request = createReadInfoboxRequest(domainIdentifier);
+ } else if (signature == null) {
+ request = createXMLSignatureRequest();
+ }
+ }
+
+ if (request != null) {
+ SLCommandFactory commandFactory = SLCommandFactory.getInstance();
+ try {
+ return commandFactory.createSLCommand(request);
+ } catch (SLCommandException e) {
+ log.error("Failed to create SLCommand.", e);
+ setError(e);
+ } catch (SLVersionException e) {
+ log.error("Failed to create SLCommand.", e);
+ setError(e);
+ }
+ }
+
+ return null;
+ }
+
+ protected void processInfoboxReadResult(InfoboxReadResult result)
+ throws JAXBException, IdLinkException {
+
+ Object object = result.getContent();
+ if (object instanceof byte[]) {
+ log.info("InfoboxReadResult contains unexpected binary data.");
+ errorResponse = result;
+ return;
+ } else if (object instanceof List<?>) {
+ JAXBException exception = null;
+ for (Object content : (List<?>) object) {
+ if (content instanceof Element) {
+ try {
+ idLink = IdLinkFactory.getInstance().unmarshallIdLink(
+ (Element) content);
+ return;
+ } catch (JAXBException e) {
+ exception = e;
+ }
+ }
+ }
+ if (exception != null) {
+ throw exception;
+ }
+ }
+
+ }
+
+ @Override
+ public void setHTTPHeaders(Map<String, String> headerMap) {
+ for (String header : headerMap.keySet()) {
+ if (HttpUtil.HTTP_HEADER_CONTENT_TYPE.equalsIgnoreCase(header)) {
+ requestContentType = headerMap.get(header);
+ }
+ }
+ }
+
+ @Override
+ public void consumeRequestStream(String url, InputStream is) {
+ InputDecoder inputDecoder = InputDecoderFactory.getDecoder(
+ requestContentType, is);
+ Iterator<FormParameter> fpi = inputDecoder.getFormParameterIterator();
+ while (fpi.hasNext()) {
+ FormParameter formParameter = fpi.next();
+ if ("BKUUrl".equals(formParameter.getFormParameterName())) {
+ setExternal(true);
+ }
+ }
+ }
+
+ @Override
+ public String getResultContentType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void writeResultTo(OutputStream os, String encoding)
+ throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ protected JAXBElement<InfoboxReadRequestType> createReadInfoboxRequest(
+ String domainIdentifier) {
+
+ ObjectFactory factory = new ObjectFactory();
+
+ InfoboxReadRequestType infoboxReadRequestType = factory
+ .createInfoboxReadRequestType();
+ infoboxReadRequestType.setInfoboxIdentifier("IdentityLink");
+
+ InfoboxReadParamsBinaryFileType infoboxReadParamsBinaryFileType = factory
+ .createInfoboxReadParamsBinaryFileType();
+ infoboxReadParamsBinaryFileType.setContentIsXMLEntity(true);
+ infoboxReadRequestType
+ .setBinaryFileParameters(infoboxReadParamsBinaryFileType);
+
+ if (domainIdentifier != null) {
+ JAXBElement<String> identityLinkDomainIdentifier = factory
+ .createIdentityLinkDomainIdentifier(domainIdentifier);
+ AnyChildrenType anyChildrenType = factory.createAnyChildrenType();
+ anyChildrenType.getAny().add(identityLinkDomainIdentifier);
+
+ infoboxReadRequestType.setBoxSpecificParameters(anyChildrenType);
+ }
+
+ return factory.createInfoboxReadRequest(infoboxReadRequestType);
+
+ }
+
+ protected JAXBElement<CreateXMLSignatureRequestType> createXMLSignatureRequest() {
+
+ ObjectFactory factory = new ObjectFactory();
+
+ CreateXMLSignatureRequestType createXMLSignatureRequest = factory
+ .createCreateXMLSignatureRequestType();
+ createXMLSignatureRequest.setKeyboxIdentifier(keyBoxIdentifier);
+
+ DataObjectInfoType dataObjectInfoType = factory.createDataObjectInfoType();
+ dataObjectInfoType.setStructure("enveloping");
+
+ TransformsInfoType transformsInfoType = factory.createTransformsInfoType();
+ MetaInfoType metaInfoType = factory.createMetaInfoType();
+ metaInfoType.setMimeType("application/xhtml+xml");
+ transformsInfoType.setFinalDataMetaInfo(metaInfoType);
+
+ dataObjectInfoType.getTransformsInfo().add(transformsInfoType);
+
+ Base64XMLLocRefOptRefContentType contentType = factory
+ .createBase64XMLLocRefOptRefContentType();
+
+ PersonalIdentifier identifier;
+ try {
+ identifier = idLink.getPersonData().getIdentifier();
+ } catch (MarshalException e) {
+ setError(e);
+ return null;
+ }
+ if ("urn:publicid:gv.at:baseid".equals(identifier.getType())) {
+ identifier = identifier.getDerivedValue(domainIdentifier);
+ }
+ String template = templates.createQESTemplate("test", locale, idLink, "",
+ identifier, new Date());
+
+ contentType.setBase64Content(template.getBytes(Charset.forName("UTF-8")));
+
+ dataObjectInfoType.setDataObject(contentType);
+
+ createXMLSignatureRequest.getDataObjectInfo().add(dataObjectInfoType);
+
+ return factory.createCreateXMLSignatureRequest(createXMLSignatureRequest);
+
+ }
+
+ protected boolean validate(IdLink idLink) {
+ try {
+ if (domainIdentifier != null && domainIdentifier.startsWith("urn:publicid:gv.at:ccid")) {
+ if (!idLink.verifyManifest()) {
+ log.info("Identity link manifest verification failed.");
+ return false;
+ }
+ }
+ if (idLink.verifySignature()) {
+ return true;
+ }
+ } catch (MarshalException e) {
+ log.info("Identity link signature verification failed.", e);
+ } catch (XMLSignatureException e) {
+ log.info("Identity link signature verification failed.", e);
+ }
+ log.info("Identity link signature verification failed.");
+ return false;
+ }
+
+
+ protected boolean validate(Element signature) {
+
+ Document doc = signature.getOwnerDocument();
+ if (signature != signature.getOwnerDocument().getDocumentElement()) {
+ doc.replaceChild(signature, doc.getDocumentElement());
+ }
+
+ XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
+
+ try {
+ IdLinkKeySelector keySelector = new IdLinkKeySelector(idLink);
+ DOMValidateContext validateContext = new DOMValidateContext(keySelector, signature);
+
+ XMLSignature xmlSignature = xmlSignatureFactory
+ .unmarshalXMLSignature(validateContext);
+
+ return xmlSignature.validate(validateContext);
+ } catch (MarshalException e) {
+ log.info("Failed to unmarshall signature.", e);
+ } catch (XMLSignatureException e) {
+ log.info("Failed to validate signature.", e);
+ }
+ return false;
+ }
+
+ @Override
+ public InputStream getFormData(String parameterName) {
+ if ("appletPage".equals(parameterName)) {
+ String appletPage = (isExternal()) ? "local.jsp" : "applet.jsp";
+ return new ByteArrayInputStream(appletPage.getBytes());
+ }
+ return null;
+ }
+
+ @Override
+ public String getRedirectURL() {
+ return null;
+ }
+
+ @Override
+ public int getResponseCode() {
+ return HttpServletResponse.SC_OK;
+ }
+
+ @Override
+ public Map<String, String> getResponseHeaders() {
+ return Collections.emptyMap();
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLRequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLRequestHandler.java
new file mode 100644
index 00000000..0209ca79
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SAMLRequestHandler.java
@@ -0,0 +1,33 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egiz.bku.online.webapp.AbstractWebRequestHandler;
+
+public class SAMLRequestHandler extends AbstractWebRequestHandler {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected String getRequestProtocol(HttpServletRequest req) {
+ return "SAML";
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SLCommandBrocker.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SLCommandBrocker.java
new file mode 100644
index 00000000..2e46a220
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/SLCommandBrocker.java
@@ -0,0 +1,100 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.mocca.id;
+
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slcommands.impl.ErrorResultImpl;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+
+public class SLCommandBrocker {
+
+ private Sync<SLCommand> commandSync = new Sync<SLCommand>();
+
+ private Sync<SLResult> resultSync = new Sync<SLResult>();
+
+ public SLResult execute(SLCommand command, SLCommandContext context, long timeout) throws InterruptedException {
+ try {
+ commandSync.put(command, timeout);
+ if (command != null) {
+ return resultSync.get(timeout);
+ } else {
+ return null;
+ }
+ } catch (SLCommandException e) {
+ return new ErrorResultImpl(e, context.getLocale());
+ }
+ }
+
+ public SLCommand nextCommand(SLResult result, long timeout) throws SLCommandException, InterruptedException {
+ if (result != null) {
+ resultSync.put(result, timeout);
+ }
+ return commandSync.get(timeout);
+ }
+
+ public class Sync<R> {
+
+ private boolean available;
+
+ private R r;
+
+ public synchronized R get(long timeout) throws SLCommandException, InterruptedException {
+
+ long t0 = System.currentTimeMillis();
+ long elapsed = 0;
+
+ while (!available) {
+ wait(timeout - elapsed);
+ elapsed = System.currentTimeMillis() - t0;
+ if (elapsed > timeout) {
+ notifyAll();
+ throw new SLCommandException(6000);
+ }
+ }
+
+ R r = this.r;
+ this.r = null;
+ available = false;
+ notifyAll();
+ return r;
+ }
+
+ public synchronized void put(R r, long timeout) throws SLCommandException, InterruptedException {
+
+ long t0 = System.currentTimeMillis();
+ long elapsed = 0;
+
+ while (available) {
+ wait(timeout - elapsed);
+ elapsed = System.currentTimeMillis() - t0;
+ if (elapsed > timeout) {
+ notifyAll();
+ throw new SLCommandException(6000);
+ }
+ }
+
+ this.r = r;
+ available = true;
+ notifyAll();
+ }
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
index 305d8c1c..5940f505 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
@@ -19,27 +19,50 @@ package at.gv.egiz.stal.service.impl;
import java.util.Locale;
+import org.apache.commons.configuration.Configuration;
+
+import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
+import at.gv.egiz.bku.jmx.ComponentMXBean;
+import at.gv.egiz.bku.jmx.ComponentState;
import at.gv.egiz.stal.STAL;
import at.gv.egiz.stal.STALFactory;
/**
*
- * @author clemens
+ * @author clemens, mcentner
*/
-public class RequestBrokerSTALFactory implements STALFactory {
-
- private static long timeout = -1;
+public class RequestBrokerSTALFactory implements STALFactory, ComponentMXBean {
- @Override
- public STAL createSTAL() {
- return new STALRequestBrokerImpl(timeout);
- }
+ public final ConfigurationFacade configurationFacade = new ConfigurationFacade();
+
+ public class ConfigurationFacade implements MoccaConfigurationFacade {
+
+ private Configuration configuration;
+
+ public static final String APPLET_TIMEOUT = "AppletTimeout";
- @Override
- public void setLocale(Locale locale) {
+ public int getAppletTimeout() {
+ return configuration.getInteger(APPLET_TIMEOUT, -1);
}
+
+ }
+
+ public void setConfiguration(Configuration configuration) {
+ configurationFacade.configuration = configuration;
+ }
+
+ @Override
+ public STAL createSTAL() {
+ return new STALRequestBrokerImpl(configurationFacade.getAppletTimeout());
+ }
+
+ @Override
+ public void setLocale(Locale locale) {
+ }
+
+ @Override
+ public ComponentState checkComponentState() {
+ return new ComponentState(true);
+ }
- public static void setTimeout(long millisec) {
- timeout = millisec;
- }
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
index a2447ab7..5705a9f7 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java
@@ -34,8 +34,8 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.bind.JAXBElement;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* An instance of STALRequestBroker is shared between a producer thread (SLCommand)
@@ -50,7 +50,7 @@ import org.apache.commons.logging.LogFactory;
*/
public class STALRequestBrokerImpl implements STALRequestBroker {
- private static final Log log = LogFactory.getLog(STALRequestBrokerImpl.class);
+ private final Logger log = LoggerFactory.getLogger(STALRequestBrokerImpl.class);
private ObjectFactory of = new ObjectFactory();
private STALTranslator translator = new STALTranslator();
@@ -173,7 +173,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("waiting to consume response");
responses.wait(timeout);
if (System.currentTimeMillis() - beforeWait >= timeout) {
- log.warn("timeout while waiting to consume response, cleanup requests");
+ log.warn("Timeout while waiting to consume response, cleanup requests.");
requests.clear();
hashDataInputs.clear();
return Collections.singletonList((STALResponse) new ErrorResponse(ERR_4500));
@@ -218,7 +218,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("waiting to consume request");
requests.wait(timeout);
if (System.currentTimeMillis() - beforeWait >= timeout) {
- log.warn("timeout while waiting to consume request");
+ log.warn("Timeout while waiting to consume request.");
return createSingleQuitRequest();
}
}
@@ -250,11 +250,11 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
}
try {
synchronized (requests) {
- log.trace("received responses, now consume request");
+ log.trace("Received responses, now consume request.");
if (requests.size() != 0) {
requests.clear();
} else {
- log.warn("requests queue is empty, response might have already been produced previously ");
+ log.warn("Requests queue is empty, response might have already been produced previously.");
// return QUIT?
}
}
@@ -266,7 +266,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("waiting to produce response");
responses.wait(timeout);
if (System.currentTimeMillis() - beforeWait >= timeout) {
- log.warn("timeout while waiting to produce response");
+ log.warn("Timeout while waiting to produce response.");
return createSingleQuitRequest();
}
}
@@ -281,7 +281,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("notifying response consumers");
responses.notify();
} else {
- log.error("Received NextRequest without responses, return QUIT");
+ log.error("Received NextRequest without responses, return QUIT.");
return createSingleQuitRequest();
}
}
@@ -292,11 +292,11 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
log.trace("waiting to consume request");
requests.wait(timeout);
if (System.currentTimeMillis() - beforeWait >= timeout) {
- log.warn("timeout while waiting to consume request");
+ log.warn("Timeout while waiting to consume request.");
return createSingleQuitRequest();
}
}
- log.trace("don't consume request now, but on next response delivery");
+ log.trace("Don't consume request now, but on next response delivery.");
return requests;
}
} catch (InterruptedException ex) {
@@ -309,7 +309,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker {
@Override
public List<HashDataInput> getHashDataInput() {
synchronized (requests) {
- log.trace("return " + hashDataInputs.size() + " current HashDataInput(s) ");
+ log.trace("Return {} current HashDataInput(s).", hashDataInputs.size());
return hashDataInputs;
}
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
index c8ab280f..e32dad8f 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java
@@ -16,13 +16,30 @@
*/
package at.gv.egiz.stal.service.impl;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.servlet.ServletContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.MessageContext;
+
+import org.slf4j.MDC;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.buergerkarte.namespaces.cardchannel.service.CommandAPDUType;
import at.buergerkarte.namespaces.cardchannel.service.ScriptType;
import at.gv.egiz.bku.binding.BindingProcessor;
import at.gv.egiz.bku.binding.BindingProcessorManager;
import at.gv.egiz.bku.binding.Id;
import at.gv.egiz.bku.binding.IdFactory;
-
import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.service.GetHashDataInputFault;
import at.gv.egiz.stal.service.STALPortType;
@@ -38,25 +55,8 @@ import at.gv.egiz.stal.service.types.RequestType;
import at.gv.egiz.stal.service.types.ResponseType;
import at.gv.egiz.stal.service.types.SignRequestType;
import at.gv.egiz.stal.service.types.GetHashDataInputType.Reference;
-//import at.gv.egiz.stal.service.types.GetHashDataInputResponseType.Reference;
import com.sun.xml.ws.developer.UsesJAXBContext;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Resource;
-import javax.jws.WebService;
-import javax.servlet.ServletContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.ws.WebServiceContext;
-import javax.xml.ws.handler.MessageContext;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
/**
*
@@ -68,10 +68,10 @@ public class STALServiceImpl implements STALPortType {
public static final String BINDING_PROCESSOR_MANAGER = "bindingProcessorManager";
public static final Id TEST_SESSION_ID = IdFactory.getInstance().createId("TestSession");
- protected static final Log log = LogFactory.getLog(STALServiceImpl.class);
-
+ private final Logger log = LoggerFactory.getLogger(STALServiceImpl.class);
static {
+ Logger log = LoggerFactory.getLogger(STALServiceImpl.class);
if (log.isTraceEnabled()) {
log.trace("enabling webservice communication dump");
System.setProperty("com.sun.xml.ws.transport.http.HttpAdapter.dump", "true");
@@ -91,227 +91,242 @@ public class STALServiceImpl implements STALPortType {
public GetNextRequestResponseType connect(String sessId) {
if (sessId == null) {
- throw new NullPointerException("No session id provided");
+ throw new NullPointerException("No session id provided.");
}
Id sessionId = idF.createId(sessId);
+ MDC.put("id", sessionId.toString());
- if (log.isDebugEnabled()) {
- log.debug("Received Connect [" + sessionId + "]");
- }
-
- if (TEST_SESSION_ID.equals(sessionId)) {
- return getTestSessionNextRequestResponse(null);
- }
-
- GetNextRequestResponseType response = new GetNextRequestResponseType();
- response.setSessionId(sessionId.toString());
-
- STALRequestBroker stal = getStal(sessionId);
-
- if (stal != null) {
-
- List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).connect();
- response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut);
-
- if (log.isDebugEnabled()) {
- StringBuilder sb = new StringBuilder("Returning initial GetNextRequestResponse [");
- sb.append(sessionId.toString());
- sb.append("] containing ");
- sb.append(requestsOut.size());
- sb.append(" requests: ");
- for (JAXBElement<? extends RequestType> reqOut : requestsOut) {
- sb.append(reqOut.getValue().getClass());
- sb.append(' ');
+ try {
+ log.debug("Received Connect.");
+
+ if (TEST_SESSION_ID.equals(sessionId)) {
+ return getTestSessionNextRequestResponse(null);
+ }
+
+ GetNextRequestResponseType response = new GetNextRequestResponseType();
+ response.setSessionId(sessionId.toString());
+
+ STALRequestBroker stal = getStal(sessionId);
+
+ if (stal != null) {
+
+ List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).connect();
+ response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut);
+
+ if (log.isDebugEnabled()) {
+ StringBuilder sb = new StringBuilder("Returning initial GetNextRequestResponse containing ");
+ sb.append(requestsOut.size());
+ sb.append(" requests: ");
+ for (JAXBElement<? extends RequestType> reqOut : requestsOut) {
+ sb.append(reqOut.getValue().getClass());
+ sb.append(' ');
+ }
+ log.debug(sb.toString());
}
- log.debug(sb.toString());
+ } else {
+ log.error("Failed to get STAL, returning QuitRequest.");
+ QuitRequestType quitT = stalObjFactory.createQuitRequestType();
+ JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT);
+ response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit);
}
- } else {
- log.error("Failed to get STAL for session " + sessionId + ", returning QuitRequest");
- QuitRequestType quitT = stalObjFactory.createQuitRequestType();
- JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT);
- response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit);
+ return response;
+
+ } finally {
+ MDC.remove("id");
}
- return response;
}
@Override
public GetNextRequestResponseType getNextRequest(GetNextRequestType request) {
if (request.getSessionId() == null) {
- throw new NullPointerException("No session id provided");
+ throw new NullPointerException("No session id provided.");
}
Id sessionId = idF.createId(request.getSessionId());
+ MDC.put("id", sessionId.toString());
- List<JAXBElement<? extends ResponseType>> responsesIn = request.getInfoboxReadResponseOrSignResponseOrErrorResponse();
-// List<ResponseType> responsesIn = request.getInfoboxReadResponseOrSignResponseOrErrorResponse();//getResponse();
+ try {
- if (log.isDebugEnabled()) {
- StringBuilder sb = new StringBuilder("Received GetNextRequest [");
- sb.append(sessionId.toString());
- sb.append("] containing ");
- sb.append(responsesIn.size());
- sb.append(" responses: ");
- for (JAXBElement<? extends ResponseType> respIn : responsesIn) {
- sb.append(respIn.getValue().getClass());
- sb.append(' ');
- }
- log.debug(sb.toString());
- }
-
- if (TEST_SESSION_ID.equals(sessionId)) {
- return getTestSessionNextRequestResponse(responsesIn);
- }
-
- GetNextRequestResponseType response = new GetNextRequestResponseType();
- response.setSessionId(sessionId.toString());
-
- STALRequestBroker stal = getStal(sessionId);
-
- if (stal != null) {
-
- List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).nextRequest(responsesIn);
- response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut);
+ List<JAXBElement<? extends ResponseType>> responsesIn = request.getInfoboxReadResponseOrSignResponseOrErrorResponse();
if (log.isDebugEnabled()) {
- StringBuilder sb = new StringBuilder("Returning GetNextRequestResponse [");
- sb.append(sessionId.toString());
- sb.append("] containing ");
- sb.append(requestsOut.size());
- sb.append(" requests: ");
- for (JAXBElement<? extends RequestType> reqOut : requestsOut) {
- sb.append(reqOut.getValue().getClass());
+ StringBuilder sb = new StringBuilder("Received GetNextRequest containing ");
+ sb.append(responsesIn.size());
+ sb.append(" responses: ");
+ for (JAXBElement<? extends ResponseType> respIn : responsesIn) {
+ sb.append(respIn.getValue().getClass());
sb.append(' ');
}
log.debug(sb.toString());
}
- } else {
- log.error("Failed to get STAL for session " + sessionId + ", returning QuitRequest");
- QuitRequestType quitT = stalObjFactory.createQuitRequestType();
- JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT);
- response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit);
+
+ if (TEST_SESSION_ID.equals(sessionId)) {
+ return getTestSessionNextRequestResponse(responsesIn);
+ }
+
+ GetNextRequestResponseType response = new GetNextRequestResponseType();
+ response.setSessionId(sessionId.toString());
+
+ STALRequestBroker stal = getStal(sessionId);
+
+ if (stal != null) {
+
+ List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).nextRequest(responsesIn);
+ response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut);
+
+ if (log.isDebugEnabled()) {
+ StringBuilder sb = new StringBuilder("Returning GetNextRequestResponse containing ");
+ sb.append(requestsOut.size());
+ sb.append(" requests: ");
+ for (JAXBElement<? extends RequestType> reqOut : requestsOut) {
+ sb.append(reqOut.getValue().getClass());
+ sb.append(' ');
+ }
+ log.debug(sb.toString());
+ }
+ } else {
+ log.error("Failed to get STAL, returning QuitRequest.");
+ QuitRequestType quitT = stalObjFactory.createQuitRequestType();
+ JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT);
+ response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit);
+ }
+ return response;
+
+ } finally {
+ MDC.remove("id");
}
- return response;
}
@Override
public GetHashDataInputResponseType getHashDataInput(GetHashDataInputType request) throws GetHashDataInputFault {
if (request.getSessionId() == null) {
- throw new NullPointerException("No session id provided");
+ throw new NullPointerException("No session id provided.");
}
Id sessionId = idF.createId(request.getSessionId());
+ MDC.put("id", sessionId.toString());
- if (log.isDebugEnabled()) {
- log.debug("Received GetHashDataInputRequest for session " + sessionId + " containing " + request.getReference().size() + " reference(s)");
- }
-
- if (TEST_SESSION_ID.equals(sessionId)) {
- return getTestSessionHashDataInputResponse(request.getReference());
- }
-
- GetHashDataInputResponseType response = new GetHashDataInputResponseType();
- response.setSessionId(sessionId.toString());
-
- STALRequestBroker stal = getStal(sessionId);
-
- if (stal != null) {
- List<HashDataInput> hashDataInputs = stal.getHashDataInput();
-
- if (hashDataInputs != null) {
-
- Map<String, HashDataInput> hashDataIdMap = new HashMap<String, HashDataInput>();
- for (HashDataInput hdi : hashDataInputs) {
- if (log.isTraceEnabled()) {
- log.trace("Provided HashDataInput for reference " + hdi.getReferenceId());
- }
- hashDataIdMap.put(hdi.getReferenceId(), hdi);
- }
-
- List<GetHashDataInputType.Reference> reqRefs = request.getReference();
- for (GetHashDataInputType.Reference reqRef : reqRefs) {
- String reqRefId = reqRef.getID();
- HashDataInput reqHdi = hashDataIdMap.get(reqRefId);
- if (reqHdi == null) {
- String msg = "Failed to resolve HashDataInput for reference " + reqRefId;
- log.error(msg);
- GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
- faultInfo.setErrorCode(1);
- faultInfo.setErrorMessage(msg);
- throw new GetHashDataInputFault(msg, faultInfo);
- }
-
- InputStream hashDataIS = reqHdi.getHashDataInput();
- if (hashDataIS == null) {
- //HashDataInput not cached?
- String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached";
- log.error(msg);
- GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
- faultInfo.setErrorCode(1);
- faultInfo.setErrorMessage(msg);
- throw new GetHashDataInputFault(msg, faultInfo);
+ try {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Received GetHashDataInputRequest containing {} reference(s).", request.getReference().size());
+ }
+
+ if (TEST_SESSION_ID.equals(sessionId)) {
+ return getTestSessionHashDataInputResponse(request.getReference());
+ }
+
+ GetHashDataInputResponseType response = new GetHashDataInputResponseType();
+ response.setSessionId(sessionId.toString());
+
+ STALRequestBroker stal = getStal(sessionId);
+
+ if (stal != null) {
+ List<HashDataInput> hashDataInputs = stal.getHashDataInput();
+
+ if (hashDataInputs != null) {
+
+ Map<String, HashDataInput> hashDataIdMap = new HashMap<String, HashDataInput>();
+ for (HashDataInput hdi : hashDataInputs) {
+ if (log.isTraceEnabled()) {
+ log.trace("Provided HashDataInput for reference {}.", hdi.getReferenceId());
+ }
+ hashDataIdMap.put(hdi.getReferenceId(), hdi);
}
- ByteArrayOutputStream baos = null;
- try {
- if (log.isDebugEnabled()) {
- log.debug("Resolved HashDataInput " + reqRefId + " (" + reqHdi.getMimeType() + ";charset=" + reqHdi.getEncoding() + ")");
+
+ List<GetHashDataInputType.Reference> reqRefs = request.getReference();
+ for (GetHashDataInputType.Reference reqRef : reqRefs) {
+ String reqRefId = reqRef.getID();
+ HashDataInput reqHdi = hashDataIdMap.get(reqRefId);
+ if (reqHdi == null) {
+ String msg = "Failed to resolve HashDataInput for reference " + reqRefId;
+ log.error(msg);
+ GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
+ faultInfo.setErrorCode(1);
+ faultInfo.setErrorMessage(msg);
+ throw new GetHashDataInputFault(msg, faultInfo);
}
- baos = new ByteArrayOutputStream(hashDataIS.available());
- int c;
- while ((c = hashDataIS.read()) != -1) {
- baos.write(c);
+
+ InputStream hashDataIS = reqHdi.getHashDataInput();
+ if (hashDataIS == null) {
+ //HashDataInput not cached?
+ String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached";
+ log.error(msg);
+ GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
+ faultInfo.setErrorCode(1);
+ faultInfo.setErrorMessage(msg);
+ throw new GetHashDataInputFault(msg, faultInfo);
}
- GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference();
- ref.setID(reqRefId);
- ref.setMimeType(reqHdi.getMimeType());
- ref.setEncoding(reqHdi.getEncoding());
- ref.setFilename(reqHdi.getFilename());
- ref.setValue(baos.toByteArray());
- response.getReference().add(ref);
- } catch (IOException ex) {
- String msg = "Failed to get HashDataInput for reference " + reqRefId;
- log.error(msg, ex);
- GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
- faultInfo.setErrorCode(1);
- faultInfo.setErrorMessage(msg);
- throw new GetHashDataInputFault(msg, faultInfo, ex);
- } finally {
+ ByteArrayOutputStream baos = null;
try {
- baos.close();
+ if (log.isDebugEnabled()) {
+ Object[] args = {reqRefId, reqHdi.getMimeType(), reqHdi.getEncoding()};
+ log.debug("Resolved HashDataInput {} ({};charset={}).", args);
+ }
+ baos = new ByteArrayOutputStream(hashDataIS.available());
+ int c;
+ while ((c = hashDataIS.read()) != -1) {
+ baos.write(c);
+ }
+ GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference();
+ ref.setID(reqRefId);
+ ref.setMimeType(reqHdi.getMimeType());
+ ref.setEncoding(reqHdi.getEncoding());
+ ref.setFilename(reqHdi.getFilename());
+ ref.setValue(baos.toByteArray());
+ response.getReference().add(ref);
} catch (IOException ex) {
+ String msg = "Failed to get HashDataInput for reference " + reqRefId;
+ log.error(msg, ex);
+ GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
+ faultInfo.setErrorCode(1);
+ faultInfo.setErrorMessage(msg);
+ throw new GetHashDataInputFault(msg, faultInfo, ex);
+ } finally {
+ try {
+ baos.close();
+ } catch (IOException ex) {
+ }
}
}
+ return response;
+ } else {
+ String msg = "Failed to resolve any HashDataInputs.";
+ log.error(msg);
+ GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
+ faultInfo.setErrorCode(1);
+ faultInfo.setErrorMessage(msg);
+ throw new GetHashDataInputFault(msg, faultInfo);
}
- return response;
} else {
- String msg = "Failed to resolve any HashDataInputs for session " + sessionId;
+ String msg = "Session timeout."; //Failed to get STAL for session " + sessionId;
log.error(msg);
GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
faultInfo.setErrorCode(1);
faultInfo.setErrorMessage(msg);
throw new GetHashDataInputFault(msg, faultInfo);
}
- } else {
- String msg = "Session timeout"; //Failed to get STAL for session " + sessionId;
- log.error(msg + " " + sessionId);
- GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType();
- faultInfo.setErrorCode(1);
- faultInfo.setErrorMessage(msg);
- throw new GetHashDataInputFault(msg, faultInfo);
+
+ } finally {
+ MDC.remove("id");
}
}
private STALRequestBroker getStal(Id sessionId) {
- if (log.isTraceEnabled()) {
- log.trace("resolve STAL for session " + sessionId);
- }
+ log.trace("Resolve STAL for session [{}].", sessionId);
MessageContext mCtx = wsContext.getMessageContext();
ServletContext sCtx = (ServletContext) mCtx.get(MessageContext.SERVLET_CONTEXT);
BindingProcessorManager bpMgr = (BindingProcessorManager) sCtx.getAttribute(BINDING_PROCESSOR_MANAGER);
- BindingProcessor bp = bpMgr.getBindingProcessor(sessionId);
- return (bp == null) ? null : (bp.isFinished() ? null : (STALRequestBroker) bp.getSTAL());
+ BindingProcessor bindingProcessor = bpMgr.getBindingProcessor(sessionId);
+ if (bindingProcessor != null) {
+ if (bindingProcessor.getSTAL() instanceof STALRequestBroker) {
+ return (STALRequestBroker) bindingProcessor.getSTAL();
+ }
+ }
+ return null;
}
private GetNextRequestResponseType getTestSessionNextRequestResponse(List<JAXBElement<? extends ResponseType>> responsesIn) {
@@ -359,6 +374,7 @@ public class STALServiceImpl implements STALPortType {
return response;
}
+ @SuppressWarnings("unused")
private void addTestCardChannelRequest(List<JAXBElement<? extends RequestType>> requestList) {
log.info("[TestSession] add CARDCHANNEL request");
ScriptType scriptT = ccObjFactory.createScriptType();
@@ -368,6 +384,7 @@ public class STALServiceImpl implements STALPortType {
requestList.add(ccObjFactory.createScript(scriptT));
}
+ @SuppressWarnings("unused")
private void addTestInfoboxReadRequest(String infoboxIdentifier, List<JAXBElement<? extends RequestType>> requestList) {
log.info("[TestSession] add READ "+ infoboxIdentifier + " request");
InfoboxReadRequestType ibrT = stalObjFactory.createInfoboxReadRequestType();
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java
index 9caf950f..300f01d0 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java
@@ -23,8 +23,8 @@ import com.sun.xml.ws.developer.JAXBContextFactory;
import java.util.ArrayList;
import java.util.List;
import javax.xml.bind.JAXBException;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
*
@@ -32,8 +32,9 @@ import org.apache.commons.logging.LogFactory;
*/
public class STALXJAXBContextFactory implements JAXBContextFactory {
- private static final Log log = LogFactory.getLog(STALXJAXBContextFactory.class);
+ private final Logger log = LoggerFactory.getLogger(STALXJAXBContextFactory.class);
+ @SuppressWarnings("unchecked")
@Override
public JAXBRIContext createJAXBContext(SEIModel sei, List<Class> classesToBind, List<TypeReference> typeReferences) throws JAXBException {
if (log.isTraceEnabled()) {
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java
index 2f58bb3d..45efc890 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java
@@ -6,13 +6,11 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public final class TestSignatureData {
- protected final static Log log = LogFactory.getLog(TestSignatureData.class);
-
public static final String[] ID = new String[] {"signed-data-reference-0-1214921968-27971781-24309", "signed-data-reference-1"};
public static final String ENCODING = "UTF-8";
@@ -22,6 +20,7 @@ public final class TestSignatureData {
HASHDATA_INPUT.put(ID[0], "Ich bin ein einfacher Text. lläöü߀".getBytes(ENCODING));
HASHDATA_INPUT.put(ID[1], "2te referenz".getBytes(ENCODING));
} catch (UnsupportedEncodingException ex) {
+ Logger log = LoggerFactory.getLogger(TestSignatureData.class);
log.error("failed to init signature test data", ex);
}
}