summaryrefslogtreecommitdiff
path: root/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect
diff options
context:
space:
mode:
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java3
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java191
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java189
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java3
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java71
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java184
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java2
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureMethod.java127
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java43
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java50
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java418
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java14
12 files changed, 589 insertions, 706 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
index 8391e450..f1219a6c 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
@@ -165,8 +165,7 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
public SignatureMethod createSignatureMethod(SignatureContext signatureContext)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
- return signatureContext.getSignatureFactory().newSignatureMethod(
- signatureAlgorithmURI, signatureMethodParameterSpec);
+ return new STALSignatureMethod(signatureAlgorithmURI, signatureMethodParameterSpec);
}
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
index 2cae41d6..a3f913de 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
@@ -20,11 +20,13 @@ import iaik.xml.crypto.dom.DOMCryptoContext;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.SequenceInputStream;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
+import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
@@ -36,6 +38,9 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
@@ -46,15 +51,17 @@ import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec;
import javax.xml.crypto.dsig.spec.XPathType;
+import javax.xml.namespace.QName;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
@@ -70,6 +77,7 @@ import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType;
import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType;
import at.gv.egiz.bku.binding.HttpUtil;
import at.gv.egiz.bku.gui.viewer.MimeTypes;
+import at.gv.egiz.bku.slcommands.SLMarshallerFactory;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
import at.gv.egiz.bku.slexceptions.SLRuntimeException;
@@ -81,10 +89,6 @@ import at.gv.egiz.bku.viewer.Validator;
import at.gv.egiz.bku.viewer.ValidatorFactory;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.slbinding.impl.XMLContentType;
-import java.io.File;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URL;
/**
* This class represents a <code>DataObject</code> of an XML-Signature
@@ -97,7 +101,7 @@ public class DataObject {
/**
* Logging facility.
*/
- private static Log log = LogFactory.getLog(DataObject.class);
+ private final Logger log = LoggerFactory.getLogger(DataObject.class);
/**
* DOM Implementation.
@@ -205,7 +209,7 @@ public class DataObject {
domImplLS = (DOMImplementationLS) registry.getDOMImplementation(DOM_LS_3_0);
if (domImplLS == null) {
- log.error("Failed to get DOMImplementation " + DOM_LS_3_0);
+ log.error("Failed to get DOMImplementation {}.", DOM_LS_3_0);
throw new SLRuntimeException("Failed to get DOMImplementation " + DOM_LS_3_0);
}
@@ -276,7 +280,7 @@ public class DataObject {
try {
validator = ValidatorFactory.newValidator(mediaType);
} catch (IllegalArgumentException e) {
- log.error("No validator found for mime type '" + mediaType + "'.");
+ log.error("No validator found for mime type '{}'.", mediaType, e);
throw new SLViewerException(5000);
}
@@ -299,7 +303,7 @@ public class DataObject {
}
} else {
- log.debug("MIME media type '" + mediaType + "' is not a s/valid/SUPPORTED digest input, omitting validation.");
+ log.debug("MIME media type '{}' is not a s/valid/SUPPORTED digest input, omitting validation.", mediaType);
}
}
@@ -359,12 +363,12 @@ public class DataObject {
if (reference != null) {
if (reference.getURI() != null && !"".equals(reference.getURI())) {
try {
- log.info("deriving filename from reference URI " + reference.getURI());
+ log.info("Deriving filename from reference URI {}.", reference.getURI());
URI refURI = new URI(reference.getURI());
if (refURI.isOpaque()) {
// could check scheme component, but also allow other schemes (e.g. testlocal)
- log.trace("opaque reference URI, use scheme-specific part as filename");
+ log.trace("Opaque reference URI, use scheme-specific part as filename.");
filename = refURI.getSchemeSpecificPart();
if (!hasExtension(filename)) {
filename += MimeTypes.getExtension(mimeType);
@@ -376,34 +380,34 @@ public class DataObject {
} else if ("".equals(refURI.getPath()) &&
refURI.getFragment() != null &&
refURI.getFragment().indexOf('(') < 0) { // exclude (schemebased) xpointer expressions
- log.trace("fragment (shorthand xpointer) URI, use fragment as filename");
+ log.trace("Fragment (shorthand xpointer) URI, use fragment as filename.");
filename = refURI.getFragment();
if(!hasExtension(filename)) {
filename += MimeTypes.getExtension(mimeType);
}
} else if (!"".equals(refURI.getPath())) {
- log.trace("hierarchical URI with path component, use path as filename");
+ log.trace("Hierarchical URI with path component, use path as filename.");
File refFile = new File(refURI.getPath());
filename = refFile.getName();
if(!hasExtension(filename)) {
filename += MimeTypes.getExtension(mimeType);
}
} else {
- log.debug("failed to derive filename from URI '" + refURI + "', derive filename from reference ID");
+ log.debug("Failed to derive filename from URI '{}', derive filename from reference ID.", refURI);
filename = reference.getId() + MimeTypes.getExtension(mimeType);
}
} catch (URISyntaxException ex) {
- log.error("failed to derive filename from invalid URI " + ex.getMessage());
+ log.error("Failed to derive filename from invalid URI {}.", ex.getMessage());
filename = reference.getId() + MimeTypes.getExtension(mimeType);
}
} else {
- log.debug("same-document URI, derive filename from reference ID");
+ log.debug("Same-document URI, derive filename from reference ID.");
filename = reference.getId() + MimeTypes.getExtension(mimeType);
}
} else {
- log.error("failed to derive filename, no reference created");
+ log.error("Failed to derive filename, no reference created.");
}
- log.debug("derived filename for reference " + reference.getId() + ": " + filename);
+ log.debug("Derived filename for reference {}: {}.", reference.getId(), filename);
return filename;
}
@@ -413,30 +417,12 @@ public class DataObject {
}
private byte[] getTransformsBytes(at.gv.egiz.slbinding.impl.TransformsInfoType ti) {
- return ti.getRedirectedStream().toByteArray();
-// byte[] transformsBytes = ti.getRedirectedStream().toByteArray();
-//
-// if (transformsBytes == null || transformsBytes.length == 0) {
-// return null;
-// }
-//
-// String dsigPrefix = ti.getNamespaceContext().getNamespaceURI("http://www.w3.org/2000/09/xmldsig#");
-// byte[] pre, post;
-// if (dsigPrefix == null) {
-// log.trace("XMLDSig not declared in outside dsig:Transforms");
-// pre = "<AssureDSigNS>".getBytes();
-// post = "</AssureDSigNS>".getBytes();
-// } else {
-// log.trace("XMLDSig bound to prefix " + dsigPrefix);
-// pre = ("<AssureDSigNS xmlns:" + dsigPrefix + "=\"http://www.w3.org/2000/09/xmldsig#\">").getBytes();
-// post = "</AssureDSigNS>".getBytes();
-// }
-//
-// byte[] workaround = new byte[pre.length + transformsBytes.length + post.length];
-// System.arraycopy(pre, 0, workaround, 0, pre.length);
-// System.arraycopy(transformsBytes, 0, workaround, pre.length, transformsBytes.length);
-// System.arraycopy(post, 0, workaround, pre.length + transformsBytes.length, post.length);
-// return workaround;
+ ByteArrayOutputStream redirectedStream = ti.getRedirectedStream();
+ if (redirectedStream != null) {
+ return redirectedStream.toByteArray();
+ } else {
+ return null;
+ }
}
/**
@@ -487,9 +473,8 @@ public class DataObject {
// create XMLObject
DocumentFragment content = parseDataObject((XMLContentType) dataObject.getXMLContent());
- XMLObject xmlObject = createXMLObject(content);
- setXMLObjectAndReferenceXML(xmlObject, transforms);
+ setXMLObjectAndReferenceXML(createXMLObject(content), transforms);
} else if (dataObject.getLocRefContent() != null) {
@@ -521,7 +506,7 @@ public class DataObject {
// The content of sl:DataObject remains empty
//
- log.debug("Adding DataObject from reference URI '" + reference + "'.");
+ log.debug("Adding DataObject from reference URI '{}'.", reference);
setEnvelopedDataObject(reference, transforms);
@@ -564,13 +549,13 @@ public class DataObject {
}
// dereference URL
- URLDereferencer dereferencer = URLDereferencer.getInstance();
+ URLDereferencer dereferencer = ctx.getUrlDereferencer();
StreamData streamData;
try {
- streamData = dereferencer.dereference(reference, ctx.getDereferencerContext());
+ streamData = dereferencer.dereference(reference);
} catch (IOException e) {
- log.info("Failed to dereference XMLObject from '" + reference + "'.", e);
+ log.info("Failed to dereference XMLObject from '{}'.", reference, e);
throw new SLCommandException(4110);
}
@@ -587,7 +572,7 @@ public class DataObject {
childNode = doc.getDocumentElement();
if (childNode == null) {
- log.info("Failed to parse XMLObject from '" + reference + "'.");
+ log.info("Failed to parse XMLObject from '{}'.", reference);
throw new SLCommandException(4111);
}
@@ -666,12 +651,12 @@ public class DataObject {
if (dataObject.getLocRefContent() != null) {
String locRef = dataObject.getLocRefContent();
try {
- this.reference.setDereferencer(new LocRefDereferencer(ctx.getDereferencerContext(), locRef));
+ this.reference.setDereferencer(new LocRefDereferencer(ctx.getUrlDereferencer(), locRef));
} catch (URISyntaxException e) {
- log.info("Invalid URI '" + locRef + "' in DataObject.", e);
+ log.info("Invalid URI '{}' in DataObject.", locRef, e);
throw new SLCommandException(4003);
} catch (IllegalArgumentException e) {
- log.info("LocRef URI of '" + locRef + "' not supported in DataObject. ", e);
+ log.info("LocRef URI of '{}' not supported in DataObject. ", locRef, e);
throw new SLCommandException(4003);
}
} else if (dataObject.getBase64Content() != null) {
@@ -734,7 +719,7 @@ public class DataObject {
}
if (debugString != null) {
- log.debug(debugString);
+ log.debug(debugString.toString());
}
// look for preferred transform
@@ -778,7 +763,7 @@ public class DataObject {
StringBuilder sb = new StringBuilder();
sb.append("Trying to parse transforms:\n");
sb.append(new String(transforms, Charset.forName("UTF-8")));
- log.trace(sb);
+ log.trace(sb.toString());
}
DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS();
@@ -933,8 +918,7 @@ public class DataObject {
} catch (MarshalException e) {
String mimeType = preferredTransformsInfo.getFinalDataMetaInfo().getMimeType();
- log.info("Failed to unmarshal preferred transformation path (MIME-Type="
- + mimeType + ").", e);
+ log.info("Failed to unmarshal preferred transformation path (MIME-Type={}).", mimeType, e);
}
@@ -950,8 +934,7 @@ public class DataObject {
} catch (MarshalException e) {
String mimeType = transformsInfoType.getFinalDataMetaInfo().getMimeType();
- log.info("Failed to unmarshal transformation path (MIME-Type="
- + mimeType + ").", e);
+ log.info("Failed to unmarshal transformation path (MIME-Type={}).", mimeType, e);
}
}
@@ -975,7 +958,7 @@ public class DataObject {
try {
textNode = at.gv.egiz.dom.DOMUtils.createBase64Text(content, ctx.getDocument());
} catch (IOException e) {
- log.error(e);
+ log.error("Failed to create XMLObject.", e);
throw new SLRuntimeException(e);
}
@@ -1170,36 +1153,68 @@ public class DataObject {
// content of the redirect stream as the content has already been parsed
// and serialized again to the redirect stream.
- List<InputStream> inputStreams = new ArrayList<InputStream>();
- try {
- // dummy start element
- inputStreams.add(new ByteArrayInputStream("<dummy>".getBytes("UTF-8")));
-
- // content
- inputStreams.add(new ByteArrayInputStream(redirectedStream.toByteArray()));
-
- // dummy end element
- inputStreams.add(new ByteArrayInputStream("</dummy>".getBytes("UTF-8")));
- } catch (UnsupportedEncodingException e) {
- throw new SLRuntimeException(e);
- }
+ DocumentFragment fragment;
+ if (redirectedStream != null) {
- SequenceInputStream inputStream = new SequenceInputStream(Collections.enumeration(inputStreams));
-
- // parse DataObject
- Document doc = parseDataObject(inputStream, "UTF-8");
+ List<InputStream> inputStreams = new ArrayList<InputStream>();
+ try {
+ // dummy start element
+ inputStreams.add(new ByteArrayInputStream("<dummy>".getBytes("UTF-8")));
- Element documentElement = doc.getDocumentElement();
-
- if (documentElement == null ||
- !"dummy".equals(documentElement.getLocalName())) {
- log.info("Failed to parse DataObject XMLContent.");
- throw new SLCommandException(4111);
- }
+ // content
+ inputStreams.add(new ByteArrayInputStream(redirectedStream.toByteArray()));
+
+ // dummy end element
+ inputStreams.add(new ByteArrayInputStream("</dummy>".getBytes("UTF-8")));
+ } catch (UnsupportedEncodingException e) {
+ throw new SLRuntimeException(e);
+ }
+
+ SequenceInputStream inputStream = new SequenceInputStream(Collections.enumeration(inputStreams));
- DocumentFragment fragment = doc.createDocumentFragment();
- while (documentElement.getFirstChild() != null) {
- fragment.appendChild(documentElement.getFirstChild());
+ // parse DataObject
+ Document doc = parseDataObject(inputStream, "UTF-8");
+
+ Element documentElement = doc.getDocumentElement();
+
+ if (documentElement == null ||
+ !"dummy".equals(documentElement.getLocalName())) {
+ log.info("Failed to parse DataObject XMLContent.");
+ throw new SLCommandException(4111);
+ }
+
+ fragment = doc.createDocumentFragment();
+ while (documentElement.getFirstChild() != null) {
+ fragment.appendChild(documentElement.getFirstChild());
+ }
+
+ } else {
+
+ fragment = ctx.getDocument().createDocumentFragment();
+ Marshaller marshaller = SLMarshallerFactory.getInstance().createMarshaller(false);
+
+ JAXBElement<at.buergerkarte.namespaces.securitylayer._1.XMLContentType> element =
+ new JAXBElement<at.buergerkarte.namespaces.securitylayer._1.XMLContentType>(
+ new QName("dummy"),
+ at.buergerkarte.namespaces.securitylayer._1.XMLContentType.class,
+ xmlContent);
+
+ try {
+ marshaller.marshal(element, fragment);
+ } catch (JAXBException e) {
+ log.info("Failed to marshal DataObject (XMLContent).", e);
+ throw new SLCommandException(4111);
+ }
+
+ Node dummy = fragment.getFirstChild();
+ if (dummy != null) {
+ NodeList nodes = dummy.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ fragment.appendChild(nodes.item(i));
+ }
+ fragment.removeChild(dummy);
+ }
+
}
// log parsed document
@@ -1256,6 +1271,8 @@ public class DataObject {
SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler();
domConfig.setParameter("error-handler", errorHandler);
domConfig.setParameter("validate", Boolean.FALSE);
+ domConfig.setParameter("entities", Boolean.TRUE);
+
Document doc;
try {
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java
index f5394157..e513738c 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java
@@ -14,99 +14,96 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-
-import javax.xml.crypto.Data;
-import javax.xml.crypto.OctetStreamData;
-import javax.xml.crypto.URIDereferencer;
-import javax.xml.crypto.URIReference;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.XMLCryptoContext;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import at.gv.egiz.bku.utils.urldereferencer.StreamData;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
-
-/**
- * An URIDereferencer implementation that dereferences <code>LocRef</code>
- * references.
- *
- * @author mcentner
- */
-public class LocRefDereferencer implements URIDereferencer {
-
- /**
- * Logging facility.
- */
- private static Log log = LogFactory.getLog(LocRefDereferencer.class);
-
- /**
- * The <code>LocRef</code>-reference to be dereferenced by
- * {@link #dereference(URIReference, XMLCryptoContext)}.
- */
- protected String locRef;
-
- /**
- * The context to be used for dereferencing.
- */
- protected URLDereferencerContext dereferencerContext;
-
- /**
- * Creates a new instance of this LocRefDereferencer with the given
- * <code>dereferencerContext</code> and <code>locRef</code> reference.
- *
- * @param dereferencerContext
- * the context to be used for dereferencing
- * @param locRef
- * the <code>LocRef</code>-reference (must be an absolute URI)
- *
- * @throws URISyntaxException
- * if <code>LocRef</code> is not an absolute URI
- */
- public LocRefDereferencer(URLDereferencerContext dereferencerContext,
- String locRef) throws URISyntaxException {
-
- this.dereferencerContext = dereferencerContext;
-
- URI locRefUri = new URI(locRef);
- if (locRefUri.isAbsolute()) {
- this.locRef = locRef;
- } else {
- throw new IllegalArgumentException(
- "Parameter 'locRef' must be an absolut URI.");
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * javax.xml.crypto.URIDereferencer#dereference(javax.xml.crypto.URIReference,
- * javax.xml.crypto.XMLCryptoContext)
- */
- @Override
- public Data dereference(URIReference uriReference, XMLCryptoContext context)
- throws URIReferenceException {
-
- URLDereferencer dereferencer = URLDereferencer.getInstance();
- StreamData streamData;
- try {
- streamData = dereferencer.dereference(locRef, dereferencerContext);
- } catch (IOException e) {
- log.info("Failed to dereference URI'" + locRef + "'. " + e.getMessage(),
- e);
- throw new URIReferenceException("Failed to dereference URI '" + locRef
- + "'. " + e.getMessage(), e);
- }
- return new OctetStreamData(streamData.getStream(), locRef, streamData
- .getContentType());
- }
-
-}
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.URIReference;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.XMLCryptoContext;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.bku.utils.urldereferencer.StreamData;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+
+/**
+ * An URIDereferencer implementation that dereferences <code>LocRef</code>
+ * references.
+ *
+ * @author mcentner
+ */
+public class LocRefDereferencer implements URIDereferencer {
+
+ /**
+ * Logging facility.
+ */
+ private final Logger log = LoggerFactory.getLogger(LocRefDereferencer.class);
+
+ /**
+ * The <code>LocRef</code>-reference to be dereferenced by
+ * {@link #dereference(URIReference, XMLCryptoContext)}.
+ */
+ protected String locRef;
+
+ /**
+ * The URLDereferencer to be used for dereferencing.
+ */
+ protected URLDereferencer dereferencer;
+
+ /**
+ * Creates a new instance of this LocRefDereferencer with the given
+ * <code>dereferencerContext</code> and <code>locRef</code> reference.
+ *
+ * @param dereferencer
+ * the context to be used for dereferencing
+ * @param locRef
+ * the <code>LocRef</code>-reference (must be an absolute URI)
+ *
+ * @throws URISyntaxException
+ * if <code>LocRef</code> is not an absolute URI
+ */
+ public LocRefDereferencer(URLDereferencer dereferencer,
+ String locRef) throws URISyntaxException {
+
+ this.dereferencer = dereferencer;
+
+ URI locRefUri = new URI(locRef);
+ if (locRefUri.isAbsolute()) {
+ this.locRef = locRef;
+ } else {
+ throw new IllegalArgumentException(
+ "Parameter 'locRef' must be an absolut URI.");
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * javax.xml.crypto.URIDereferencer#dereference(javax.xml.crypto.URIReference,
+ * javax.xml.crypto.XMLCryptoContext)
+ */
+ @Override
+ public Data dereference(URIReference uriReference, XMLCryptoContext context)
+ throws URIReferenceException {
+
+ StreamData streamData;
+ try {
+ streamData = dereferencer.dereference(locRef);
+ } catch (IOException e) {
+ log.info("Failed to dereference URI '{}'.", locRef, e);
+ throw new URIReferenceException("Failed to dereference URI '" + locRef
+ + "'. " + e.getMessage(), e);
+ }
+ return new OctetStreamData(streamData.getStream(), locRef, streamData
+ .getContentType());
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
index 25e2d4e5..87a165cf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
@@ -16,7 +16,6 @@
*/
package at.gv.egiz.bku.slcommands.impl.xsect;
-import at.gv.egiz.stal.HashDataInput;
import java.security.PrivateKey;
import at.gv.egiz.stal.STAL;
@@ -24,7 +23,7 @@ import at.gv.egiz.stal.STAL;
import java.util.List;
/**
- * This class implements a private key used by the {@link STALSignature} class.
+ * This class implements a private key used by the {@link STALSignatureMethod} class.
*
* @author mcentner
*/
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java
deleted file mode 100644
index 9fb9a3f1..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import iaik.xml.crypto.XmldsigMore;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.Provider;
-import java.security.Signature;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.crypto.dsig.SignatureMethod;
-
-/**
- * A security provider implementation that provides {@link Signature} implementations
- * based on STAL.
- *
- * @author mcentner
- */
-public class STALProvider extends Provider {
-
- private static final long serialVersionUID = 1L;
-
- private static String IMPL_PACKAGE_NAME = "at.gv.egiz.bku.slcommands.impl.xsect";
-
- public STALProvider() {
-
- super("STAL", 1.0, "Security Token Abstraction Layer Provider");
-
- final Map<String, String> map = new HashMap<String, String>();
-
- // TODO: register further algorithms
- map.put("Signature." + SignatureMethod.RSA_SHA1,
- IMPL_PACKAGE_NAME + ".STALSignature");
- map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA1,
- IMPL_PACKAGE_NAME + ".STALSignature");
- map.put("Signature." + XmldsigMore.SIGNATURE_RSA_SHA256,
- IMPL_PACKAGE_NAME + ".STALSignature");
- map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA256,
- IMPL_PACKAGE_NAME + ".STALSignature");
- map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA512,
- IMPL_PACKAGE_NAME + ".STALSignature");
-
-
- AccessController.doPrivileged(new PrivilegedAction<Void>() {
- @Override
- public Void run() {
- putAll(map);
- return null;
- }
- });
-
- }
-
-}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
deleted file mode 100644
index dd7c7d8a..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput;
-import at.gv.egiz.bku.slexceptions.SLViewerException;
-
-import java.io.ByteArrayOutputStream;
-import java.security.InvalidKeyException;
-import java.security.InvalidParameterException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.SignatureSpi;
-import java.util.Collections;
-import java.util.List;
-
-import at.gv.egiz.stal.ErrorResponse;
-import at.gv.egiz.stal.HashDataInput;
-import at.gv.egiz.stal.STAL;
-import at.gv.egiz.stal.STALRequest;
-import at.gv.egiz.stal.STALResponse;
-import at.gv.egiz.stal.SignRequest;
-import at.gv.egiz.stal.SignResponse;
-//import at.gv.egiz.stal.HashDataInputCallback;
-import java.util.ArrayList;
-
-/**
- * A signature service provider implementation that uses STAL to sign.
- *
- * @author mcentner
- */
-public class STALSignature extends SignatureSpi {
-
-// private static final Log log = LogFactory.getLog(STALSignature.class);
-
- /**
- * The private key.
- */
- protected STALPrivateKey privateKey;
-
- /**
- * The to-be signed data.
- */
- protected ByteArrayOutputStream data = new ByteArrayOutputStream();
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineGetParameter(java.lang.String)
- */
- @Override
- protected Object engineGetParameter(String param)
- throws InvalidParameterException {
- throw new InvalidParameterException();
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineInitSign(java.security.PrivateKey)
- */
- @Override
- protected void engineInitSign(PrivateKey privateKey)
- throws InvalidKeyException {
-
- if (!(privateKey instanceof STALPrivateKey)) {
- throw new InvalidKeyException("STALSignature supports STALKeys only.");
- }
-
- this.privateKey = (STALPrivateKey) privateKey;
-
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineInitVerify(java.security.PublicKey)
- */
- @Override
- protected void engineInitVerify(PublicKey publicKey)
- throws InvalidKeyException {
-
- throw new UnsupportedOperationException("STALSignature does not support signature verification.");
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineSetParameter(java.lang.String, java.lang.Object)
- */
- @Override
- protected void engineSetParameter(String param, Object value)
- throws InvalidParameterException {
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineSign()
- */
- @Override
- protected byte[] engineSign() throws SignatureException {
-
- STAL stal = privateKey.getStal();
-
- if (stal == null) {
- throw new SignatureException("STALSignature requires the STALPrivateKey " +
- "to provide a STAL implementation reference.");
- }
-
- String keyboxIdentifier = privateKey.getKeyboxIdentifier();
-
- if (keyboxIdentifier == null) {
- throw new SignatureException("STALSignature requires the STALPrivateKey " +
- "to provide a KeyboxIdentifier.");
- }
-
- // get hashDataInputs (DigestInputStreams) once slcommands.impl.xsect.Signature::sign() was called
- List<DataObject> dataObjects = privateKey.getDataObjects();
-// log.debug("got " + dataObjects.size() + " DataObjects, passing HashDataInputs to STAL SignRequest");
-
- List<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>();
- for (DataObject dataObject : dataObjects) {
- try {
- dataObject.validateHashDataInput();
- } catch (SLViewerException e) {
- throw new STALSignatureException(e);
- }
- hashDataInputs.add(new DataObjectHashDataInput(dataObject));
- }
-
- SignRequest signRequest = new SignRequest();
- signRequest.setKeyIdentifier(keyboxIdentifier);
- signRequest.setSignedInfo(data.toByteArray());
- signRequest.setHashDataInput(hashDataInputs);
-
- List<STALResponse> responses = stal.handleRequest(Collections.singletonList((STALRequest) signRequest));
-
- if (responses == null || responses.size() != 1) {
- throw new SignatureException("Failed to access STAL.");
- }
-
- STALResponse response = responses.get(0);
- if (response instanceof SignResponse) {
- return ((SignResponse) response).getSignatureValue();
- } else if (response instanceof ErrorResponse) {
- throw new STALSignatureException(((ErrorResponse) response).getErrorCode());
- } else {
- throw new SignatureException("Failed to access STAL.");
- }
-
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineUpdate(byte)
- */
- @Override
- protected void engineUpdate(byte b) throws SignatureException {
- data.write(b);
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineUpdate(byte[], int, int)
- */
- @Override
- protected void engineUpdate(byte[] b, int off, int len)
- throws SignatureException {
- data.write(b, off, len);
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineVerify(byte[])
- */
- @Override
- protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
- throw new UnsupportedOperationException("STALSignature des not support signature verification.");
- }
-
-}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java
index 4e86b07c..b727600f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java
@@ -19,7 +19,7 @@ package at.gv.egiz.bku.slcommands.impl.xsect;
import java.security.SignatureException;
/**
- * A SignatureException thrown by the {@link STALSignature}.
+ * A SignatureException thrown by the {@link STALSignatureMethod}.
*
* @author mcentner
*/
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureMethod.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureMethod.java
new file mode 100644
index 00000000..a9bb8e04
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureMethod.java
@@ -0,0 +1,127 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
+
+import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.stal.ErrorResponse;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.STALRequest;
+import at.gv.egiz.stal.STALResponse;
+import at.gv.egiz.stal.SignRequest;
+import at.gv.egiz.stal.SignResponse;
+
+import iaik.xml.crypto.dsig.AbstractSignatureMethodImpl;
+
+public class STALSignatureMethod extends AbstractSignatureMethodImpl {
+
+ /**
+ * Creates a new instance of this <code>STALSignatureMethod</code>
+ * with the given <code>algorithm</code> and <code>params</code>.
+ *
+ * @param algorithm the algorithm URI
+ * @param params optional algorithm parameters
+ * @throws InvalidAlgorithmParameterException if the specified parameters
+ * are inappropriate for the requested algorithm
+ * @throws NoSuchAlgorithmException if an implementation of the specified
+ * algorithm cannot be found
+ * @throws NullPointerException if <code>algorithm</code> is <code>null</code>
+ */
+ public STALSignatureMethod(String algorithm,
+ SignatureMethodParameterSpec params)
+ throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
+ super(algorithm, params);
+ }
+
+ @Override
+ public byte[] calculateSignatureValue(XMLCryptoContext context, Key key, InputStream message)
+ throws XMLSignatureException, IOException {
+
+ if (!(key instanceof STALPrivateKey)) {
+ throw new XMLSignatureException("STALSignatureMethod expects STALPrivateKey.");
+ }
+
+ STAL stal = ((STALPrivateKey) key).getStal();
+ String keyboxIdentifier = ((STALPrivateKey) key).getKeyboxIdentifier();
+ List<DataObject> dataObjects = ((STALPrivateKey) key).getDataObjects();
+
+ List<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>();
+ for (DataObject dataObject : dataObjects) {
+ try {
+ dataObject.validateHashDataInput();
+ } catch (SLViewerException e) {
+ throw new XMLSignatureException(e);
+ }
+ hashDataInputs.add(new DataObjectHashDataInput(dataObject));
+ }
+
+ ByteArrayOutputStream m = new ByteArrayOutputStream();
+ StreamUtil.copyStream(message, m);
+
+ SignRequest signRequest = new SignRequest();
+ signRequest.setKeyIdentifier(keyboxIdentifier);
+ signRequest.setSignedInfo(m.toByteArray());
+ signRequest.setHashDataInput(hashDataInputs);
+
+ List<STALResponse> responses =
+ stal.handleRequest(Collections.singletonList((STALRequest) signRequest));
+
+ if (responses == null || responses.size() != 1) {
+ throw new XMLSignatureException("Failed to access STAL.");
+ }
+
+ STALResponse response = responses.get(0);
+ if (response instanceof SignResponse) {
+ return ((SignResponse) response).getSignatureValue();
+ } else if (response instanceof ErrorResponse) {
+ STALSignatureException se = new STALSignatureException(((ErrorResponse) response).getErrorCode());
+ throw new XMLSignatureException(se);
+ } else {
+ throw new XMLSignatureException("Failed to access STAL.");
+ }
+
+ }
+
+ @Override
+ public boolean validateSignatureValue(XMLCryptoContext context, Key key, byte[] value,
+ InputStream message) throws XMLSignatureException, IOException {
+ throw new XMLSignatureException("The STALSignatureMethod does not support validation.");
+ }
+
+ @Override
+ protected Class<?> getParameterSpecClass() {
+ return null;
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index 3cebb6a3..b4ce0e79 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -51,8 +51,8 @@ import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.stream.XMLStreamException;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.etsi.uri._01903.v1_1.DataObjectFormatType;
import org.etsi.uri._01903.v1_1.QualifyingPropertiesType;
import org.w3c.dom.DOMConfiguration;
@@ -82,7 +82,6 @@ import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.bku.utils.HexDump;
import at.gv.egiz.bku.utils.urldereferencer.StreamData;
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.slbinding.impl.XMLContentType;
import at.gv.egiz.stal.STAL;
@@ -101,7 +100,7 @@ public class Signature {
/**
* Logging facility.
*/
- private static Log log = LogFactory.getLog(Signature.class);
+ private final Logger log = LoggerFactory.getLogger(Signature.class);
/**
* The DOM implementation used.
@@ -151,8 +150,9 @@ public class Signature {
/**
* Creates a new SLXMLSignature instance.
+ * @param urlDereferencer TODO
*/
- public Signature(URLDereferencerContext dereferencerContext,
+ public Signature(URLDereferencer urlDereferencer,
IdValueFactory idValueFactory,
AlgorithmMethodFactory algorithmMethodFactory) {
@@ -162,7 +162,7 @@ public class Signature {
ctx.setSignatureFactory(XMLSignatureFactory.getInstance());
- ctx.setDereferencerContext(dereferencerContext);
+ ctx.setUrlDereferencer(urlDereferencer);
ctx.setIdValueFactory(idValueFactory);
ctx.setAlgorithmMethodFactory(algorithmMethodFactory);
@@ -408,7 +408,7 @@ public class Signature {
signContext.putNamespacePrefix(XMLSignature.XMLNS,XMLDSIG_PREFIX);
- signContext.setURIDereferencer(new URIDereferncerAdapter(ctx.getDereferencerContext()));
+ signContext.setURIDereferencer(new URIDereferncerAdapter(ctx.getUrlDereferencer()));
try {
xmlSignature.sign(signContext);
@@ -455,7 +455,7 @@ public class Signature {
sb.append(HexDump.hexDump(digestInputStream));
}
} catch (IOException e) {
- log.error(e);
+ log.error("Failed to log DigestInput.", e);
}
log.trace(sb.toString());
} else {
@@ -478,7 +478,7 @@ public class Signature {
sb.append(new String(b, 0, l));
}
} catch (IOException e) {
- log.error(e);
+ log.error("Failed to log DigestInput.", e);
}
log.trace(sb.toString());
} else {
@@ -735,7 +735,7 @@ public class Signature {
LSInput input;
try {
if (signatureEnvironment.getReference() != null) {
- log.debug("SignatureEnvironment contains Reference " + signatureEnvironment.getReference() + ".");
+ log.debug("SignatureEnvironment contains Reference '{}'.", signatureEnvironment.getReference());
input = createLSInput(signatureEnvironment.getReference());
} else if (signatureEnvironment.getBase64Content() != null) {
log.debug("SignatureEnvironment contains Base64Content.");
@@ -784,11 +784,12 @@ public class Signature {
if (log.isInfoEnabled()) {
List<String> errorMessages = errorHandler.getErrorMessages();
StringBuffer sb = new StringBuffer();
+ sb.append("XML document in which the signature is to be integrated cannot be parsed.");
for (String errorMessage : errorMessages) {
sb.append(" ");
sb.append(errorMessage);
}
- log.info("XML document in which the signature is to be integrated cannot be parsed." + sb.toString());
+ log.info(sb.toString());
}
throw new SLCommandException(4101);
}
@@ -826,8 +827,8 @@ public class Signature {
*/
private LSInput createLSInput(String reference) throws IOException {
- URLDereferencer urlDereferencer = URLDereferencer.getInstance();
- StreamData streamData = urlDereferencer.dereference(reference, ctx.getDereferencerContext());
+ URLDereferencer urlDereferencer = ctx.getUrlDereferencer();
+ StreamData streamData = urlDereferencer.dereference(reference);
String contentType = streamData.getContentType();
String charset = HttpUtil.getCharset(contentType, true);
@@ -835,7 +836,7 @@ public class Signature {
try {
streamReader = new InputStreamReader(streamData.getStream(), charset);
} catch (UnsupportedEncodingException e) {
- log.info("Charset " + charset + " not supported. Using default.");
+ log.info("Charset {} not supported. Using default.", charset);
streamReader = new InputStreamReader(streamData.getStream());
}
@@ -942,7 +943,7 @@ public class Signature {
if (systemId != null) {
- log.debug("Resolve resource '" + systemId + "'.");
+ log.debug("Resolve resource '{}'.", systemId);
for (DataObjectAssociationType supplement : supplements) {
@@ -954,23 +955,23 @@ public class Signature {
try {
if (content.getLocRefContent() != null) {
- log.trace("Resolved resource '" + reference + "' to supplement with LocRefContent.");
+ log.trace("Resolved resource '{}' to supplement with LocRefContent.", reference);
return createLSInput(content.getLocRefContent());
} else if (content.getBase64Content() != null) {
- log.trace("Resolved resource '" + reference + "' to supplement with Base64Content.");
+ log.trace("Resolved resource '{}' to supplement with Base64Content.", reference);
return createLSInput(content.getBase64Content());
} else if (content.getXMLContent() != null) {
- log.trace("Resolved resource '" + reference + "' to supplement with XMLContent.");
+ log.trace("Resolved resource '{}' to supplement with XMLContent.", reference);
return createLSInput((XMLContentType) content.getXMLContent());
} else {
return null;
}
} catch (IOException e) {
- log.info("Failed to resolve resource '" + systemId + "' to supplement.", e);
+ log.info("Failed to resolve resource '{}' to supplement.", systemId, e);
error = e;
return null;
} catch (XMLStreamException e) {
- log.info("Failed to resolve resource '" + systemId + "' to supplement.", e);
+ log.info("Failed to resolve resource '{}' to supplement.", systemId, e);
error = e;
return null;
}
@@ -981,7 +982,7 @@ public class Signature {
}
- log.info("Failed to resolve resource '" + systemId + "' to supplement. No such supplement.");
+ log.info("Failed to resolve resource '{}' to supplement. No such supplement.", systemId);
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java
index 0925f2fd..48c82bd5 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java
@@ -16,12 +16,12 @@
*/
package at.gv.egiz.bku.slcommands.impl.xsect;
-import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import org.w3c.dom.Document;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
/**
* An instance of this class carries context information for a XML-Signature
@@ -45,16 +45,16 @@ public class SignatureContext {
* The XMLSignatureFactory to create XML signature objects.
*/
private XMLSignatureFactory signatureFactory;
+
+ /**
+ * The URLDereferencer to dereference URLs with.
+ */
+ private URLDereferencer urlDereferencer;
/**
- * The URLDereferencerContext for dereferencing URLs.
+ * The AlgorithmMethodFactory to create {@link AlgorithmMethod} objects.
*/
- private URLDereferencerContext dereferencerContext;
-
- /**
- * The DigestMethodFactory to create {@link DigestMethod} objects.
- */
- private AlgorithmMethodFactory digestMethodFactory;
+ private AlgorithmMethodFactory algorithmMethodFactory;
/**
* @return the document
@@ -99,31 +99,31 @@ public class SignatureContext {
}
/**
- * @return the dereferencerContext
- */
- public URLDereferencerContext getDereferencerContext() {
- return dereferencerContext;
- }
-
- /**
- * @param dereferencerContext the dereferencerContext to set
- */
- public void setDereferencerContext(URLDereferencerContext dereferencerContext) {
- this.dereferencerContext = dereferencerContext;
- }
-
- /**
* @return the digestMethodFactory
*/
public AlgorithmMethodFactory getAlgorithmMethodFactory() {
- return digestMethodFactory;
+ return algorithmMethodFactory;
}
/**
* @param digestMethodFactory the digestMethodFactory to set
*/
public void setAlgorithmMethodFactory(AlgorithmMethodFactory digestMethodFactory) {
- this.digestMethodFactory = digestMethodFactory;
+ this.algorithmMethodFactory = digestMethodFactory;
+ }
+
+ /**
+ * @return the urlDereferencer
+ */
+ public URLDereferencer getUrlDereferencer() {
+ return urlDereferencer;
+ }
+
+ /**
+ * @param urlDereferencer the urlDereferencer to set
+ */
+ public void setUrlDereferencer(URLDereferencer urlDereferencer) {
+ this.urlDereferencer = urlDereferencer;
}
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java
index ebe50b3f..26a4aa4e 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java
@@ -14,212 +14,212 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.util.Iterator;
-
-import javax.xml.XMLConstants;
-import javax.xml.namespace.NamespaceContext;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.Node;
-
-import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.slbinding.impl.SignatureLocationType;
-
-/**
- * This class implements the <code>SignatureLocation</code> of an XML-Signature
- * to be created by the security layer command <code>CreateXMLSignature</code>.
- *
- * @author mcentner
- */
-public class SignatureLocation {
-
- /**
- * Logging facility.
- */
- private static Log log = LogFactory.getLog(SignatureLocation.class);
-
- /**
- * The SignatureContext for the XML signature
- */
- private SignatureContext ctx;
-
- /**
- * The parent node for the XML signature.
- */
- private Node parent;
-
- /**
- * The next sibling node for the XML signature.
- */
- private Node nextSibling;
-
- /**
- * Creates a new SignatureLocation with the given <code>signatureContext</code>
- *
- * @param signatureContext the context for the XML signature creation
- */
- public SignatureLocation(SignatureContext signatureContext) {
- this.ctx = signatureContext;
- }
-
- /**
- * @return the parent node for the XML signature
- */
- public Node getParent() {
- return parent;
- }
-
- /**
- * @param parent the parent for the XML signature
- */
- public void setParent(Node parent) {
- this.parent = parent;
- }
-
- /**
- * @return the next sibling node for the XML signature
- */
- public Node getNextSibling() {
- return nextSibling;
- }
-
- /**
- * @param nextSibling the next sibling node for the XML signature
- */
- public void setNextSibling(Node nextSibling) {
- this.nextSibling = nextSibling;
- }
-
- /**
- * Configures this SignatureLocation with the information provided by the
- * given <code>SignatureInfo</code> element.
- *
- * @param signatureInfo
- * the <code>SignatureInfo</code> element
- *
- * @throws SLCommandException
- * if configuring this SignatureLocation with given
- * <code>signatureInfo</code>fails
- */
- public void setSignatureInfo(SignatureInfoCreationType signatureInfo)
- throws SLCommandException {
-
- // evaluate signature location XPath ...
- SignatureLocationType signatureLocation = (SignatureLocationType) signatureInfo
- .getSignatureLocation();
-
- NamespaceContext namespaceContext = new MOAIDWorkaroundNamespaceContext(
- signatureLocation.getNamespaceContext());
-
- parent = evaluateSignatureLocation(signatureInfo.getSignatureLocation()
- .getValue(), namespaceContext, ctx.getDocument().getDocumentElement());
-
- // ... and index
- nextSibling = findNextSibling(parent, signatureInfo.getSignatureLocation()
- .getIndex().intValue());
-
- }
-
- /**
- * Evaluates the given <code>xpath</code> with the document element as context node
- * and returns the resulting node.
- *
- * @param xpath the XPath expression
- * @param nsContext the namespace context of the XPath expression
- * @param contextNode the context node for the XPath evaluation
- *
- * @return the result of evaluating the XPath expression
- *
- * @throws SLCommandException
- */
- private Node evaluateSignatureLocation(String xpath, NamespaceContext nsContext, Node contextNode) throws SLCommandException {
-
- Node node = null;
- try {
- XPathFactory xpathFactory = XPathFactory.newInstance();
- XPath xPath = xpathFactory.newXPath();
- xPath.setNamespaceContext(nsContext);
- XPathExpression xpathExpr = xPath.compile(xpath);
- node = (Node) xpathExpr.evaluate(contextNode, XPathConstants.NODE);
- } catch (XPathExpressionException e) {
- log.info("Failed to evaluate SignatureLocation XPath expression '" + xpath + "' on context node.", e);
- throw new SLCommandException(4102);
- }
-
- if (node == null) {
- log.info("Failed to evaluate SignatureLocation XPath expression '" + xpath + "'. Result is empty.");
- throw new SLCommandException(4102);
- }
-
- return node;
-
- }
-
- /**
- * Finds the next sibling node of the <code>parent</code>'s <code>n</code>-th child node
- * or <code>null</code> if there is no next sibling.
- *
- * @param parent the parent node
- * @param n the index of the child node
- *
- * @return the next sibling node of the node specified by <code>parent</code> and index <code>n</code>,
- * or <code>null</code> if there is no next sibling node.
- *
- * @throws SLCommandException if the <code>n</code>-th child of <code>parent</code> does not exist
- */
- private Node findNextSibling(Node parent, int n) throws SLCommandException {
- return parent.getChildNodes().item(n);
- }
-
- /**
- * Workaround for a missing namespace prefix declaration in MOA-ID.
- *
- * @author mcentner
- */
- private class MOAIDWorkaroundNamespaceContext implements NamespaceContext {
-
- private NamespaceContext namespaceContext;
-
- public MOAIDWorkaroundNamespaceContext(NamespaceContext namespaceContext) {
- super();
- this.namespaceContext = namespaceContext;
- }
-
- @Override
- public String getNamespaceURI(String prefix) {
-
- String namespaceURI = namespaceContext.getNamespaceURI(prefix);
-
- if ((namespaceURI == null || XMLConstants.NULL_NS_URI.equals(namespaceURI)) && "saml".equals(prefix)) {
- namespaceURI = "urn:oasis:names:tc:SAML:1.0:assertion";
- log.debug("Namespace prefix '" + prefix + "' resolved to '" + namespaceURI + "' (MOA-ID Workaround).");
- } else {
- log.trace("Namespace prefix '" + prefix + "' resolved to '" + namespaceURI + "'.");
- }
-
- return namespaceURI;
- }
-
- @Override
- public String getPrefix(String namespaceURI) {
- return namespaceContext.getPrefix(namespaceURI);
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public Iterator getPrefixes(String namespaceURI) {
- return namespaceContext.getPrefixes(namespaceURI);
- }
-
- }
-
-}
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.util.Iterator;
+
+import javax.xml.XMLConstants;
+import javax.xml.namespace.NamespaceContext;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Node;
+
+import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.slbinding.impl.SignatureLocationType;
+
+/**
+ * This class implements the <code>SignatureLocation</code> of an XML-Signature
+ * to be created by the security layer command <code>CreateXMLSignature</code>.
+ *
+ * @author mcentner
+ */
+public class SignatureLocation {
+
+ /**
+ * Logging facility.
+ */
+ private final Logger log = LoggerFactory.getLogger(SignatureLocation.class);
+
+ /**
+ * The SignatureContext for the XML signature
+ */
+ private SignatureContext ctx;
+
+ /**
+ * The parent node for the XML signature.
+ */
+ private Node parent;
+
+ /**
+ * The next sibling node for the XML signature.
+ */
+ private Node nextSibling;
+
+ /**
+ * Creates a new SignatureLocation with the given <code>signatureContext</code>
+ *
+ * @param signatureContext the context for the XML signature creation
+ */
+ public SignatureLocation(SignatureContext signatureContext) {
+ this.ctx = signatureContext;
+ }
+
+ /**
+ * @return the parent node for the XML signature
+ */
+ public Node getParent() {
+ return parent;
+ }
+
+ /**
+ * @param parent the parent for the XML signature
+ */
+ public void setParent(Node parent) {
+ this.parent = parent;
+ }
+
+ /**
+ * @return the next sibling node for the XML signature
+ */
+ public Node getNextSibling() {
+ return nextSibling;
+ }
+
+ /**
+ * @param nextSibling the next sibling node for the XML signature
+ */
+ public void setNextSibling(Node nextSibling) {
+ this.nextSibling = nextSibling;
+ }
+
+ /**
+ * Configures this SignatureLocation with the information provided by the
+ * given <code>SignatureInfo</code> element.
+ *
+ * @param signatureInfo
+ * the <code>SignatureInfo</code> element
+ *
+ * @throws SLCommandException
+ * if configuring this SignatureLocation with given
+ * <code>signatureInfo</code>fails
+ */
+ public void setSignatureInfo(SignatureInfoCreationType signatureInfo)
+ throws SLCommandException {
+
+ // evaluate signature location XPath ...
+ SignatureLocationType signatureLocation = (SignatureLocationType) signatureInfo
+ .getSignatureLocation();
+
+ NamespaceContext namespaceContext = new MOAIDWorkaroundNamespaceContext(
+ signatureLocation.getNamespaceContext());
+
+ parent = evaluateSignatureLocation(signatureInfo.getSignatureLocation()
+ .getValue(), namespaceContext, ctx.getDocument().getDocumentElement());
+
+ // ... and index
+ nextSibling = findNextSibling(parent, signatureInfo.getSignatureLocation()
+ .getIndex().intValue());
+
+ }
+
+ /**
+ * Evaluates the given <code>xpath</code> with the document element as context node
+ * and returns the resulting node.
+ *
+ * @param xpath the XPath expression
+ * @param nsContext the namespace context of the XPath expression
+ * @param contextNode the context node for the XPath evaluation
+ *
+ * @return the result of evaluating the XPath expression
+ *
+ * @throws SLCommandException
+ */
+ private Node evaluateSignatureLocation(String xpath, NamespaceContext nsContext, Node contextNode) throws SLCommandException {
+
+ Node node = null;
+ try {
+ XPathFactory xpathFactory = XPathFactory.newInstance();
+ XPath xPath = xpathFactory.newXPath();
+ xPath.setNamespaceContext(nsContext);
+ XPathExpression xpathExpr = xPath.compile(xpath);
+ node = (Node) xpathExpr.evaluate(contextNode, XPathConstants.NODE);
+ } catch (XPathExpressionException e) {
+ log.info("Failed to evaluate SignatureLocation XPath expression '{}' on context node.", xpath, e);
+ throw new SLCommandException(4102);
+ }
+
+ if (node == null) {
+ log.info("Failed to evaluate SignatureLocation XPath expression '{}'. Result is empty.", xpath);
+ throw new SLCommandException(4102);
+ }
+
+ return node;
+
+ }
+
+ /**
+ * Finds the next sibling node of the <code>parent</code>'s <code>n</code>-th child node
+ * or <code>null</code> if there is no next sibling.
+ *
+ * @param parent the parent node
+ * @param n the index of the child node
+ *
+ * @return the next sibling node of the node specified by <code>parent</code> and index <code>n</code>,
+ * or <code>null</code> if there is no next sibling node.
+ *
+ * @throws SLCommandException if the <code>n</code>-th child of <code>parent</code> does not exist
+ */
+ private Node findNextSibling(Node parent, int n) throws SLCommandException {
+ return parent.getChildNodes().item(n);
+ }
+
+ /**
+ * Workaround for a missing namespace prefix declaration in MOA-ID.
+ *
+ * @author mcentner
+ */
+ private class MOAIDWorkaroundNamespaceContext implements NamespaceContext {
+
+ private NamespaceContext namespaceContext;
+
+ public MOAIDWorkaroundNamespaceContext(NamespaceContext namespaceContext) {
+ super();
+ this.namespaceContext = namespaceContext;
+ }
+
+ @Override
+ public String getNamespaceURI(String prefix) {
+
+ String namespaceURI = namespaceContext.getNamespaceURI(prefix);
+
+ if ((namespaceURI == null || XMLConstants.NULL_NS_URI.equals(namespaceURI)) && "saml".equals(prefix)) {
+ namespaceURI = "urn:oasis:names:tc:SAML:1.0:assertion";
+ log.debug("Namespace prefix '{}' resolved to '{}' (MOA-ID Workaround).", prefix, namespaceURI);
+ } else {
+ log.trace("Namespace prefix '{}' resolved to '{}'.", prefix, namespaceURI);
+ }
+
+ return namespaceURI;
+ }
+
+ @Override
+ public String getPrefix(String namespaceURI) {
+ return namespaceContext.getPrefix(namespaceURI);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public Iterator getPrefixes(String namespaceURI) {
+ return namespaceContext.getPrefixes(namespaceURI);
+ }
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java
index c94937be..5ae728b3 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java
@@ -30,8 +30,7 @@ import javax.xml.crypto.URIReferenceException;
import javax.xml.crypto.XMLCryptoContext;
import at.gv.egiz.bku.utils.urldereferencer.StreamData;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
/**
* An URIDereferencer implementation that uses an {@link URLDereferencer} to
@@ -44,17 +43,17 @@ public class URIDereferncerAdapter implements URIDereferencer {
/**
* The context for dereferencing.
*/
- protected URLDereferencerContext urlDereferencerContext;
+ protected URLDereferencer dereferencer;
/**
* Creates a new URIDereferencerAdapter instance with the given
* <code>urlDereferencerContext</code>.
*
- * @param urlDereferencerContext the context to be used for dereferencing
+ * @param urlDereferencer the context to be used for dereferencing
*/
- public URIDereferncerAdapter(URLDereferencerContext urlDereferencerContext) {
+ public URIDereferncerAdapter(URLDereferencer urlDereferencer) {
super();
- this.urlDereferencerContext = urlDereferencerContext;
+ this.dereferencer = urlDereferencer;
}
/* (non-Javadoc)
@@ -78,10 +77,9 @@ public class URIDereferncerAdapter implements URIDereferencer {
if (uri.isAbsolute()) {
- URLDereferencer dereferencer = URLDereferencer.getInstance();
StreamData streamData;
try {
- streamData = dereferencer.dereference(uriString, urlDereferencerContext);
+ streamData = dereferencer.dereference(uriString);
} catch (IOException e) {
throw new URIReferenceException(e.getMessage(), e);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 05:48:02 +0000