diff options
Diffstat (limited to 'bkucommon/src/main/java/at')
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java | 446 |
1 files changed, 230 insertions, 216 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index 6462bcf6..b2e3b303 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -1,230 +1,244 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl;
-
-import java.io.ByteArrayInputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.dsig.XMLSignatureException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.ls.DOMImplementationLS;
-import org.w3c.dom.ls.LSSerializer;
-
-import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType;
-import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
-import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand;
-import at.gv.egiz.bku.slcommands.SLCommandContext;
-import at.gv.egiz.bku.slcommands.SLResult;
-import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory;
-import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
-import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
-import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
-import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
+ * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.slcommands.impl; + +import java.io.ByteArrayInputStream; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Date; + +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.URIReferenceException; +import javax.xml.crypto.dsig.XMLSignatureException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSSerializer; + +import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType; +import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; +import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slcommands.SLResult; +import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory; +import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl; +import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory; +import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl; +import at.gv.egiz.bku.slcommands.impl.xsect.Signature; +import at.gv.egiz.bku.slexceptions.SLCommandException; import at.gv.egiz.bku.slexceptions.SLException; -import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLRequestException; import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.dom.DOMUtils;
-import at.gv.egiz.stal.InfoboxReadRequest;
-import at.gv.egiz.stal.InfoboxReadResponse;
-import at.gv.egiz.stal.STALRequest;
-import at.gv.egiz.stal.STALResponse;
-
-/**
- * This class implements the security layer command <code>CreateXMLSignatureRequest</code>.
- *
- * @author mcentner
- */
-public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignatureRequestType> implements
- CreateXMLSignatureCommand {
-
- /**
- * Logging facility.
- */
- protected static Log log = LogFactory.getLog(CreateXMLSignatureCommandImpl.class);
-
- /**
- * The signing certificate.
- */
- protected X509Certificate signingCertificate;
-
- /**
- * The keybox identifier of the key used for signing.
- */
- protected String keyboxIdentifier;
-
- /**
- * The to-be signed signature.
- */
- protected Signature signature;
-
- @Override
- public void init(SLCommandContext ctx, Object unmarshalledRequest)
- throws SLCommandException {
- super.init(ctx, unmarshalledRequest);
- }
-
- @Override
- public void prepareXMLSignature() throws SLCommandException, SLRequestException {
-
- CreateXMLSignatureRequestType request = getRequestValue();
-
+import at.gv.egiz.dom.DOMUtils; +import at.gv.egiz.stal.ErrorResponse; +import at.gv.egiz.stal.InfoboxReadRequest; +import at.gv.egiz.stal.InfoboxReadResponse; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; + +/** + * This class implements the security layer command + * <code>CreateXMLSignatureRequest</code>. + * + * @author mcentner + */ +public class CreateXMLSignatureCommandImpl extends + SLCommandImpl<CreateXMLSignatureRequestType> implements + CreateXMLSignatureCommand { + + /** + * Logging facility. + */ + protected static Log log = LogFactory + .getLog(CreateXMLSignatureCommandImpl.class); + + /** + * The signing certificate. + */ + protected X509Certificate signingCertificate; + + /** + * The keybox identifier of the key used for signing. + */ + protected String keyboxIdentifier; + + /** + * The to-be signed signature. + */ + protected Signature signature; + + @Override + public void init(SLCommandContext ctx, Object unmarshalledRequest) + throws SLCommandException { + super.init(ctx, unmarshalledRequest); + } + + @Override + public void prepareXMLSignature() throws SLCommandException, + SLRequestException { + + CreateXMLSignatureRequestType request = getRequestValue(); + // TODO: make configurable?
- IdValueFactory idValueFactory = new IdValueFactoryImpl();
-
+ IdValueFactory idValueFactory = new IdValueFactoryImpl(); + // TODO: make configurable?
- AlgorithmMethodFactory algorithmMethodFactory;
- try {
- algorithmMethodFactory = new AlgorithmMethodFactoryImpl(signingCertificate);
- } catch (NoSuchAlgorithmException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- }
-
- signature = new Signature(getCmdCtx().getURLDereferencerContext(), idValueFactory, algorithmMethodFactory);
-
+ AlgorithmMethodFactory algorithmMethodFactory; + try { + algorithmMethodFactory = new AlgorithmMethodFactoryImpl( + signingCertificate); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } + + signature = new Signature(getCmdCtx().getURLDereferencerContext(), + idValueFactory, algorithmMethodFactory); + // SigningTime
- signature.setSigningTime(new Date());
-
+ signature.setSigningTime(new Date()); + // SigningCertificate
- signature.setSignerCeritifcate(signingCertificate);
-
+ signature.setSignerCeritifcate(signingCertificate); + // SignatureInfo
- if (request.getSignatureInfo() != null) {
- signature.setSignatureInfo(request.getSignatureInfo());
- }
-
+ if (request.getSignatureInfo() != null) { + signature.setSignatureInfo(request.getSignatureInfo()); + } + // DataObjects
- for (DataObjectInfoType dataObjectInfo : request.getDataObjectInfo()) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.buildXMLSignature();
-
- }
-
- /**
- * Gets the signing certificate from STAL.
- *
- * @throws SLCommandException
- * if getting the singing certificate fails
- */
- private void getSigningCertificate() throws SLCommandException {
-
- CreateXMLSignatureRequestType request = getRequestValue();
- keyboxIdentifier = request.getKeyboxIdentifier();
-
- InfoboxReadRequest stalRequest = new InfoboxReadRequest();
- stalRequest.setInfoboxIdentifier(keyboxIdentifier);
-
- requestSTAL(Collections.singletonList((STALRequest) stalRequest));
-
- STALResponse stalResponse = stalResponses.next();
-
- if (stalResponse instanceof InfoboxReadResponse) {
- byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue();
-
- try {
- CertificateFactory certFactory = CertificateFactory.getInstance("X509");
- signingCertificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(infobox));
- } catch (CertificateException e) {
- log.info("Failed to decode signing certificate.", e);
+ for (DataObjectInfoType dataObjectInfo : request.getDataObjectInfo()) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + } + + /** + * Gets the signing certificate from STAL. + * + * @throws SLCommandException + * if getting the singing certificate fails + */ + private void getSigningCertificate() throws SLCommandException { + + CreateXMLSignatureRequestType request = getRequestValue(); + keyboxIdentifier = request.getKeyboxIdentifier(); + + InfoboxReadRequest stalRequest = new InfoboxReadRequest(); + stalRequest.setInfoboxIdentifier(keyboxIdentifier); + + requestSTAL(Collections.singletonList((STALRequest) stalRequest)); + + STALResponse stalResponse = stalResponses.next(); + + if (stalResponse instanceof InfoboxReadResponse) { + byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue(); + + try { + CertificateFactory certFactory = CertificateFactory.getInstance("X509"); + signingCertificate = (X509Certificate) certFactory + .generateCertificate(new ByteArrayInputStream(infobox)); + } catch (CertificateException e) { + log.info("Failed to decode signing certificate.", e); // TODO: issue appropriate error
- throw new SLCommandException(4000);
- }
-
- } else {
- log.info("Failed to get signing certificate.");
- // TODO: issue appropriate error
- throw new SLCommandException(4000);
- }
-
- }
-
- /**
- * Signs the signature.
- *
- * @throws SLCommandException
+ throw new SLCommandException(4000); + } + + } else if (stalResponse instanceof ErrorResponse) { + ErrorResponse err = (ErrorResponse) stalResponse; + log.info("Received an error response from STAL with code: " + + err.getErrorCode()); + throw new SLCommandException(err.getErrorCode()); + + } else { + log.info("Failed to get signing certificate."); + throw new SLCommandException(4000); + } + + } + + /** + * Signs the signature. + * + * @throws SLCommandException * if signing the signature fails - * @throws SLViewerException
- */
- private void signXMLSignature() throws SLCommandException, SLViewerException {
-
- try {
- signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
- } catch (MarshalException e) {
- log.error("Failed to marshall XMLSignature.", e);
- throw new SLCommandException(4000);
- } catch (XMLSignatureException e) {
- if (e.getCause() instanceof URIReferenceException) {
- URIReferenceException uriReferenceException = (URIReferenceException) e.getCause();
- if (uriReferenceException.getCause() instanceof SLCommandException) {
- throw (SLCommandException) uriReferenceException.getCause();
- }
- }
- log.error("Failed to sign XMLSignature.", e);
- throw new SLCommandException(4000);
- }
-
- }
-
- @Override
- public SLResult execute() {
- try {
-
- // get certificate in order to select appropriate algorithms for hashing and signing
- getSigningCertificate();
-
+ * @throws SLViewerException + */ + private void signXMLSignature() throws SLCommandException, SLViewerException { + + try { + signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier); + } catch (MarshalException e) { + log.error("Failed to marshall XMLSignature.", e); + throw new SLCommandException(4000); + } catch (XMLSignatureException e) { + if (e.getCause() instanceof URIReferenceException) { + URIReferenceException uriReferenceException = (URIReferenceException) e + .getCause(); + if (uriReferenceException.getCause() instanceof SLCommandException) { + throw (SLCommandException) uriReferenceException.getCause(); + } + } + log.error("Failed to sign XMLSignature.", e); + throw new SLCommandException(4000); + } + + } + + @Override + public SLResult execute() { + try { + + // get certificate in order to select appropriate algorithms for hashing + // and signing
+ getSigningCertificate(); + // prepare the XMLSignature for signing
- prepareXMLSignature();
-
+ prepareXMLSignature(); + // sign the XMLSignature
- signXMLSignature();
-
- if (log.isTraceEnabled()) {
-
- DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS();
- LSSerializer serializer = domImplLS.createLSSerializer();
- String debugString = serializer.writeToString(signature.getDocument());
-
- log.trace(debugString);
-
- }
-
- return new CreateXMLSignatureResultImpl(signature.getDocument());
-
+ signXMLSignature(); + + if (log.isTraceEnabled()) { + + DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); + LSSerializer serializer = domImplLS.createLSSerializer(); + String debugString = serializer.writeToString(signature.getDocument()); + + log.trace(debugString); + + } + + return new CreateXMLSignatureResultImpl(signature.getDocument()); + } catch (SLException e) { - return new ErrorResultImpl(e, cmdCtx.getLocale());
- }
- }
-
- @Override
- public String getName() {
- return "CreateXMLSignatureRequest";
- }
-
-
-}
+ return new ErrorResultImpl(e, cmdCtx.getLocale()); + } + } + + @Override + public String getName() { + return "CreateXMLSignatureRequest"; + } + +} |