diff options
Diffstat (limited to 'BKUOnline/src/main/java')
-rw-r--r-- | BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java | 14 | ||||
-rw-r--r-- | BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java | 375 |
2 files changed, 216 insertions, 173 deletions
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java index d158b46e..a0a268e4 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java @@ -30,6 +30,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; +import iaik.security.provider.IAIK; /** * @@ -51,19 +52,20 @@ public class Configurator { protected void configureProviders() { log.debug("Registering security providers"); - Security.addProvider(new STALProvider()); + Security.insertProviderAt(new IAIK(), 1); + Security.insertProviderAt(new ECCProvider(false), 2); + Security.addProvider(new STALProvider()); XSecProvider.addAsProvider(false); - Security.insertProviderAt(new ECCProvider(false), 1); - StringBuffer sb = new StringBuffer(); - sb.append("Following providers are now registered: "); + StringBuilder sb = new StringBuilder(); + sb.append("Registered providers: "); int i = 1; for (Provider prov : Security.getProviders()) { sb.append((i++) + ". : " + prov); } - log.debug("Configured provider" + sb.toString()); + log.debug(sb.toString()); } - public void configure() { + public void configure() { configureProviders(); configUrlConnections(); } diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java index 3e8ad6f3..f0df22ea 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java @@ -1,19 +1,19 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ /* * To change this template, choose Tools | Templates * and open the template in the editor. @@ -22,13 +22,13 @@ package at.gv.egiz.stal.service.impl; import at.gv.egiz.bku.binding.BindingProcessor; import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.stal.service.*; import at.gv.egiz.bku.binding.Id; import at.gv.egiz.bku.binding.IdFactory; import at.gv.egiz.stal.ErrorResponse; import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.HashDataInputCallback; import at.gv.egiz.stal.InfoboxReadRequest; import at.gv.egiz.stal.QuitRequest; import at.gv.egiz.stal.SignRequest; @@ -37,7 +37,10 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; +import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.annotation.Resource; import javax.jws.WebService; import javax.servlet.ServletContext; @@ -53,168 +56,206 @@ import org.apache.commons.logging.LogFactory; @WebService(endpointInterface = "at.gv.egiz.stal.service.STALPortType") public class STALServiceImpl implements STALPortType { - public static final String BINDING_PROCESSOR_MANAGER = "bindingProcessorManager"; - public static final String TEST_SESSION_ID = "TestSession"; - protected static final Log log = LogFactory.getLog(STALServiceImpl.class); - @Resource - WebServiceContext wsContext; - protected IdFactory idF = IdFactory.getInstance(); - - @Override - public GetNextRequestResponseType getNextRequest(GetNextRequestType request) { - - // HttpSession session = ((HttpServletRequest) - // mCtx.get(MessageContext.SERVLET_REQUEST)).getSession(); - String sessId = request.getSessionId(); - List<STALResponse> responses = request.getResponse(); - if (log.isDebugEnabled()) { - log.debug("Received GetNextRequest for session " + sessId - + " containing " + responses.size() + " responses"); - } + public static final String BINDING_PROCESSOR_MANAGER = "bindingProcessorManager"; + public static final String TEST_SESSION_ID = "TestSession"; + protected static final Log log = LogFactory.getLog(STALServiceImpl.class); + @Resource + WebServiceContext wsContext; + protected IdFactory idF = IdFactory.getInstance(); - GetNextRequestResponseType response = new GetNextRequestResponseType(); - response.setSessionId(sessId); - - if (TEST_SESSION_ID.equals(sessId)) { - if (responses.size() > 0 && responses.get(0) instanceof ErrorResponse) { - log - .info("Received TestSession GetNextRequest(ErrorResponse), returning QuitRequest"); - response.getRequest().add(new QuitRequest()); - } else { - log - .info("Received TestSession GetNextRequest, returning InfoboxReadRequest "); - SignRequest sig = new SignRequest(); - sig.setKeyIdentifier("SecureSignatureKeypair"); - sig.setSignedInfo("<dsig:SignedInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\"><dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /> <dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1\" /> <dsig:Reference Id=\"signed-data-reference-0-1214921968-27971781-24309\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-0-1214921968-27971781-13578')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"etsi-data-reference-0-1214921968-27971781-25439\" Type=\"http://uri.etsi.org/01903/v1.1.1#SignedProperties\" URI=\"#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1214921968-27971781-3095')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)\"><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><dsig:DigestValue>yV6Q+I60buqR4mMaxA7fi+CV35A=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo>".getBytes()); - response.getRequest().add(sig); - InfoboxReadRequest req = new InfoboxReadRequest(); - req.setInfoboxIdentifier("IdentityLink"); - req.setDomainIdentifier("hansiwurzel"); - response.getRequest().add(req); - req = new InfoboxReadRequest(); - req.setInfoboxIdentifier("CertifiedKeypair"); - response.getRequest().add(req); - req = new InfoboxReadRequest(); - req.setInfoboxIdentifier("SecureSignatureKeypair"); - response.getRequest().add(req); - } - return response; - } + @Override + public GetNextRequestResponseType getNextRequest(GetNextRequestType request) { + + // HttpSession session = ((HttpServletRequest) + // mCtx.get(MessageContext.SERVLET_REQUEST)).getSession(); + String sessId = request.getSessionId(); + List<STALResponse> responses = request.getResponse(); + if (log.isDebugEnabled()) { + log.debug("Received GetNextRequest for session " + sessId + " containing " + responses.size() + " responses"); + } + + GetNextRequestResponseType response = new GetNextRequestResponseType(); + response.setSessionId(sessId); - // get Session Id - Id sessionId = idF.createId(sessId); - STALRequestBroker stal = getStal(sessionId); - - if (stal == null) { - log.error("Failed to get STAL for session " + sessId - + ", returning QuitRequest"); - response.getRequest().add(new QuitRequest()); - } else { - List<STALResponse> responsesIn = request.getResponse(); - for (STALResponse resp : responsesIn) { - log.debug(resp); - } - List<STALRequest> requestsOut = ((STALRequestBroker) stal) - .nextRequest(responsesIn); - response.getRequest().addAll(requestsOut); - if (log.isDebugEnabled()) { - log.debug("Returning GetNextRequestResponse for session " + sessId - + " containing " + requestsOut.size() + " requests"); - } + if (TEST_SESSION_ID.equals(sessId)) { + if (responses.size() > 0 && responses.get(0) instanceof ErrorResponse) { + log.info("Received TestSession GetNextRequest(ErrorResponse), returning QuitRequest"); + response.getRequest().add(new QuitRequest()); + } else { + log.info("Received TestSession GetNextRequest, returning InfoboxReadRequest "); + SignRequest sig = new SignRequest(); + sig.setKeyIdentifier("SecureSignatureKeypair"); + sig.setSignedInfo("<dsig:SignedInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\"><dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /> <dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1\" /> <dsig:Reference Id=\"signed-data-reference-0-1214921968-27971781-24309\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-0-1214921968-27971781-13578')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"etsi-data-reference-0-1214921968-27971781-25439\" Type=\"http://uri.etsi.org/01903/v1.1.1#SignedProperties\" URI=\"#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1214921968-27971781-3095')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)\"><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><dsig:DigestValue>yV6Q+I60buqR4mMaxA7fi+CV35A=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo>".getBytes()); + response.getRequest().add(sig); + InfoboxReadRequest req = new InfoboxReadRequest(); + req.setInfoboxIdentifier("IdentityLink"); + req.setDomainIdentifier("hansiwurzel"); + response.getRequest().add(req); + req = new InfoboxReadRequest(); + req.setInfoboxIdentifier("CertifiedKeypair"); + response.getRequest().add(req); + req = new InfoboxReadRequest(); + req.setInfoboxIdentifier("SecureSignatureKeypair"); + response.getRequest().add(req); + } + return response; + } + + // get Session Id + Id sessionId = idF.createId(sessId); + STALRequestBroker stal = getStal(sessionId); + + if (stal == null) { + log.error("Failed to get STAL for session " + sessId + ", returning QuitRequest"); + response.getRequest().add(new QuitRequest()); + } else { + List<STALResponse> responsesIn = request.getResponse(); + for (STALResponse resp : responsesIn) { + log.debug(resp); + } + List<STALRequest> requestsOut = ((STALRequestBroker) stal).nextRequest(responsesIn); + response.getRequest().addAll(requestsOut); + if (log.isDebugEnabled()) { + log.debug("Returning GetNextRequestResponse for session " + sessId + " containing " + requestsOut.size() + " requests"); + } + } + return response; } - return response; - } - @Override - public GetHashDataInputResponseType getHashDataInput( + @Override + public GetHashDataInputResponseType getHashDataInput( GetHashDataInputType request) throws GetHashDataInputFault { - String sessId = request.getSessionId(); - if (log.isDebugEnabled()) { - log.debug("Received GetHashDataInputRequest for session " + sessId - + " containing " + request.getReference().size() + " referencese"); - } + String sessId = request.getSessionId(); + if (log.isDebugEnabled()) { + log.debug("Received GetHashDataInputRequest for session " + sessId + " containing " + request.getReference().size() + " referencese"); + } - // get Session Id - Id sessionId = idF.createId(sessId); - STALRequestBroker stal = getStal(sessionId); - - if (stal == null) { - String msg = "Failed to get STAL for session " + sessId; - log.error(msg); - GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); - faultInfo.setErrorCode(1); - faultInfo.setErrorMessage(msg); - throw new GetHashDataInputFault(msg, faultInfo); - } else { - GetHashDataInputResponseType response = new GetHashDataInputResponseType(); - response.setSessionId(sessId); - - HashDataInputCallback hashDataInput = stal.getHashDataInput(); - if (TEST_SESSION_ID.equals(sessId)) { - log - .debug("Received TestSession GetHashDataInput, setting dummy HashDataInputCallback"); - hashDataInput = new HashDataInputCallback() { - - @Override - public InputStream getHashDataInput(String referenceId) { - byte[] hd = ("dummyhashdatainput_" + referenceId).getBytes(); - return new ByteArrayInputStream(hd); - } - }; - } - if (hashDataInput != null) { - List<GetHashDataInputType.Reference> references = request - .getReference(); - for (GetHashDataInputType.Reference reference : references) { - String refId = reference.getID(); - if (log.isDebugEnabled()) { - log.debug("Resolving HashDataInput for reference " + refId); - } - ByteArrayOutputStream baos = null; - try { - InputStream hdi = hashDataInput.getHashDataInput(refId); - baos = new ByteArrayOutputStream(hdi.available()); - int c; - while ((c = hdi.read()) != -1) { - baos.write(c); - } - GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference(); - ref.setID(refId); - ref.setValue(baos.toByteArray()); - response.getReference().add(ref); - } catch (IOException ex) { - String msg = "Failed to get HashDataInput for reference " + refId; - log.error(msg, ex); + // get Session Id + Id sessionId = idF.createId(sessId); + STALRequestBroker stal = getStal(sessionId); + + if (stal == null) { + String msg = "Failed to get STAL for session " + sessId; + log.error(msg); GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); faultInfo.setErrorCode(1); faultInfo.setErrorMessage(msg); - throw new GetHashDataInputFault(msg, faultInfo, ex); - } finally { - try { - baos.close(); - } catch (IOException ex) { + throw new GetHashDataInputFault(msg, faultInfo); + } else { + + List<HashDataInput> hashDataInputs = stal.getHashDataInput(); + + if (TEST_SESSION_ID.equals(sessId)) { + log.debug("Received TestSession GetHashDataInput, setting dummy HashDataInputCallback"); + + HashDataInput testHdi = new HashDataInput() { + + @Override + public String getReferenceId() { + return "hashDataInputId_" + TEST_SESSION_ID; + } + + @Override + public String getMimeType() { + return "text/plain"; + } + + @Override + public InputStream getHashDataInput() { + byte[] hd = ("hashDataInput_" + TEST_SESSION_ID).getBytes(); + return new ByteArrayInputStream(hd); + } + }; + hashDataInputs = Collections.singletonList(testHdi); + } + + + if (hashDataInputs != null) { + + Map<String, HashDataInput> hashDataIdMap = new HashMap<String, HashDataInput>(); + for (HashDataInput hdi : hashDataInputs) { + if (log.isTraceEnabled()) { + log.trace("Provided HashDataInput for reference " + hdi.getReferenceId()); + } + hashDataIdMap.put(hdi.getReferenceId(), hdi); + } + + GetHashDataInputResponseType response = new GetHashDataInputResponseType(); + response.setSessionId(sessId); + + List<GetHashDataInputType.Reference> reqRefs = request.getReference(); + for (GetHashDataInputType.Reference reqRef : reqRefs) { + String reqRefId = reqRef.getID(); + HashDataInput reqHdi = hashDataIdMap.get(reqRefId); + if (reqHdi == null) { + String msg = "Failed to resolve HashDataInput for reference " + reqRefId; + log.error(msg); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo); + } + + InputStream hashDataIS = reqHdi.getHashDataInput(); + if (hashDataIS == null) { + //HashDataInput not cached? + String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached"; + log.error(msg); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo); + } + ByteArrayOutputStream baos = null; + try { + if(log.isDebugEnabled()) { + log.debug("Resolved HashDataInput " + reqRefId + " (" + reqHdi.getMimeType() + ")"); + } + baos = new ByteArrayOutputStream(hashDataIS.available()); + int c; + while ((c = hashDataIS.read()) != -1) { + baos.write(c); + } + GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference(); + ref.setID(reqRefId); + ref.setMimeType(reqHdi.getMimeType()); + ref.setValue(baos.toByteArray()); + response.getReference().add(ref); + } catch (IOException ex) { + String msg = "Failed to get HashDataInput for reference " + reqRefId; + log.error(msg, ex); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo, ex); + } finally { + try { + baos.close(); + } catch (IOException ex) { + } + } + } + return response; + } else { + String msg = "Failed to resolve any HashDataInputs for session " + sessId; + log.error(msg); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo); } - } } - } else { - log.warn("Could not resolve any HashDataInputs for session " + sessId - + ", no callback provided."); - } - return response; } - } - - private STALRequestBroker getStal(Id sessionId) { - // log.warn("RETURNING DUMMY STAL REQUEST BROKER"); - // return new STALRequestBrokerImpl(); - - MessageContext mCtx = wsContext.getMessageContext(); - ServletContext sCtx = (ServletContext) mCtx - .get(MessageContext.SERVLET_CONTEXT); - BindingProcessorManager bpMgr = (BindingProcessorManager) sCtx - .getAttribute(BINDING_PROCESSOR_MANAGER); - BindingProcessor bp = bpMgr.getBindingProcessor(sessionId); - return (bp == null) ? null : (STALRequestBroker) bp.getSTAL(); - } + + private STALRequestBroker getStal(Id sessionId) { +// log.warn("RETURNING DUMMY STAL REQUEST BROKER"); +// return new STALRequestBrokerImpl(); + + MessageContext mCtx = wsContext.getMessageContext(); + ServletContext sCtx = (ServletContext) mCtx.get(MessageContext.SERVLET_CONTEXT); + BindingProcessorManager bpMgr = (BindingProcessorManager) sCtx.getAttribute(BINDING_PROCESSOR_MANAGER); + BindingProcessor bp = bpMgr.getBindingProcessor(sessionId); + return (bp == null) ? null : (STALRequestBroker) bp.getSTAL(); + } } |