diff options
Diffstat (limited to 'mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect')
18 files changed, 0 insertions, 4152 deletions
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactory.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactory.java deleted file mode 100644 index d6cbaefa..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactory.java +++ /dev/null @@ -1,79 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-
-import javax.xml.crypto.AlgorithmMethod;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.SignatureMethod;
-
-/**
- * A factory for creating {@link AlgorithmMethod}s.
- *
- * @author mcentner
- */
-public interface AlgorithmMethodFactory {
-
- /**
- * Creates a new DigestMethod for the given <code>signatureContext</code>.
- *
- * @param signatureContext
- * the signature context
- *
- * @return a DigestMethod for the given <code>signatureContext</code>
- *
- * @throws NoSuchAlgorithmException
- * @throws InvalidAlgorithmParameterException
- */
- public DigestMethod createDigestMethod(SignatureContext signatureContext)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
-
- /**
- * Creates a new SignatureMethod for the given <code>signatureContext</code>.
- *
- * @param signatureContext
- * the signature context
- *
- * @return a SignatureMethod for the given <code>signatureContext</code>
- *
- * @throws NoSuchAlgorithmException
- * @throws InvalidAlgorithmParameterException
- */
- public SignatureMethod createSignatureMethod(SignatureContext signatureContext)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
-
- /**
- * Creates a new CanonicalizationMethod for the given
- * <code>signatureContext</code>.
- *
- * @param signatureContext
- * the signature context
- *
- * @return a CanonicalizationMethod for the given
- * <code>signatureContext</code>
- *
- * @throws NoSuchAlgorithmException
- * @throws InvalidAlgorithmParameterException
- */
- public CanonicalizationMethod createCanonicalizationMethod(
- SignatureContext signatureContext) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException;
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java deleted file mode 100644 index 8391e450..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ /dev/null @@ -1,172 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import iaik.security.ecc.interfaces.ECDSAParams; -import iaik.xml.crypto.XmldsigMore; - -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; -import java.security.cert.X509Certificate; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.ECParameterSpec; - -import javax.xml.crypto.dsig.CanonicalizationMethod; -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.SignatureMethod; -import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; -import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; -import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; -
-/**
- * An implementation of the AlgorithmMethod factory that uses the signing
- * certificate to choose appropriate algorithms.
- *
- * @author mcentner
- */
-public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
- - /** - * Use SHA-2? - */ - private static boolean SHA2 = false; -
- /**
- * The signature algorithm URI.
- */
- private String signatureAlgorithmURI; - - /** - * the digest algorithm URI. - */ - private String digestAlgorithmURI = DigestMethod.SHA1;
-
- /**
- * The algorithm parameters for the signature algorithm.
- */
- private SignatureMethodParameterSpec signatureMethodParameterSpec;
-
- /**
- * Creates a new AlgrithmMethodFactory with the given
- * <code>signingCertificate</code>.
- *
- * @param signingCertificate
- *
- * @throws NoSuchAlgorithmException
- * if the public key algorithm of the given
- * <code>signingCertificate</code> is not supported
- */
- public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate)
- throws NoSuchAlgorithmException {
- - PublicKey publicKey = signingCertificate.getPublicKey();
- String algorithm = publicKey.getAlgorithm(); -
- if ("DSA".equals(algorithm)) {
- signatureAlgorithmURI = SignatureMethod.DSA_SHA1;
- } else if ("RSA".equals(algorithm)) { - - int keyLength = 0; - if (publicKey instanceof RSAPublicKey) { - keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength(); - } - - if (SHA2 && keyLength >= 2048) { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256; - digestAlgorithmURI = DigestMethod.SHA256; - } else { - signatureAlgorithmURI = SignatureMethod.RSA_SHA1; - } -
- } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { - - int fieldSize = 0; - if (publicKey instanceof iaik.security.ecc.ecdsa.ECPublicKey) { - ECDSAParams params = ((iaik.security.ecc.ecdsa.ECPublicKey) publicKey).getParameter(); - fieldSize = params.getG().getCurve().getField().getSize().bitLength(); - } else if (publicKey instanceof ECPublicKey) { - ECParameterSpec params = ((ECPublicKey) publicKey).getParams(); - fieldSize = params.getCurve().getField().getFieldSize(); - } - - if (SHA2 && fieldSize >= 512) { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; - digestAlgorithmURI = DigestMethod.SHA512; - } else if (SHA2 && fieldSize >= 256) { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256; - digestAlgorithmURI = DigestMethod.SHA256; - } else { - signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1; - } -
- } else {
- throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm
- + "' not supported.");
- }
-
- }
-
- /*
- * (non-Javadoc)
- *
- * @seeat.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory#
- * createCanonicalizationMethod
- * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext)
- */
- @Override
- public CanonicalizationMethod createCanonicalizationMethod(
- SignatureContext signatureContext) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException {
-
- return signatureContext.getSignatureFactory().newCanonicalizationMethod(
- CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
-
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory#createDigestMethod
- * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext)
- */
- @Override
- public DigestMethod createDigestMethod(SignatureContext signatureContext)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
-
- return signatureContext.getSignatureFactory().newDigestMethod(
- digestAlgorithmURI, (DigestMethodParameterSpec) null);
- }
-
- /*
- * (non-Javadoc)
- *
- * @seeat.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory#
- * createSignatureMethod
- * (at.gv.egiz.bku.slcommands.impl.xsect.SignatureContext)
- */
- @Override
- public SignatureMethod createSignatureMethod(SignatureContext signatureContext)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
-
- return signatureContext.getSignatureFactory().newSignatureMethod(
- signatureAlgorithmURI, signatureMethodParameterSpec);
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/ByteArrayDereferencer.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/ByteArrayDereferencer.java deleted file mode 100644 index a6473a05..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/ByteArrayDereferencer.java +++ /dev/null @@ -1,65 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.io.ByteArrayInputStream;
-
-import javax.xml.crypto.Data;
-import javax.xml.crypto.OctetStreamData;
-import javax.xml.crypto.URIDereferencer;
-import javax.xml.crypto.URIReference;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.XMLCryptoContext;
-
-/**
- * An URIDereferencer implementation that dereferences the given
- * byte array.
- *
- * @author mcentner
- */
-public class ByteArrayDereferencer implements URIDereferencer {
-
- /**
- * The dereferenced data.
- */
- protected byte[] dereferencedData;
-
- /**
- * Creates a new instance of this ByteArrayDereferencer with
- * the given <code>dereferencedData</code>.
- *
- * @param dereferencedData the octets to be returned by {@link #dereference(URIReference, XMLCryptoContext)}
- *
- * @throws NullPointerException if <code>dereferencedData</code> is <code>null</code>
- */
- public ByteArrayDereferencer(byte[] dereferencedData) {
- if (dereferencedData == null) {
- throw new NullPointerException("Parameter 'dereferencedData' must not be null.");
- }
- this.dereferencedData = dereferencedData;
- }
-
- /* (non-Javadoc)
- * @see javax.xml.crypto.URIDereferencer#dereference(javax.xml.crypto.URIReference, javax.xml.crypto.XMLCryptoContext)
- */
- @Override
- public Data dereference(URIReference uriReference, XMLCryptoContext context)
- throws URIReferenceException {
- return new OctetStreamData(new ByteArrayInputStream(dereferencedData));
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java deleted file mode 100644 index a57a11dd..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java +++ /dev/null @@ -1,1289 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect; - -import iaik.xml.crypto.dom.DOMCryptoContext; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.SequenceInputStream; -import java.io.StringWriter; -import java.io.UnsupportedEncodingException; -import java.net.URISyntaxException; -import java.nio.charset.Charset; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.xml.crypto.MarshalException; -import javax.xml.crypto.dom.DOMStructure; -import javax.xml.crypto.dsig.CanonicalizationMethod; -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.Reference; -import javax.xml.crypto.dsig.Transform; -import javax.xml.crypto.dsig.XMLObject; -import javax.xml.crypto.dsig.spec.TransformParameterSpec; -import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec; -import javax.xml.crypto.dsig.spec.XPathType; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.w3c.dom.DOMConfiguration; -import org.w3c.dom.DOMException; -import org.w3c.dom.Document; -import org.w3c.dom.DocumentFragment; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.Text; -import org.w3c.dom.bootstrap.DOMImplementationRegistry; -import org.w3c.dom.ls.DOMImplementationLS; -import org.w3c.dom.ls.LSException; -import org.w3c.dom.ls.LSInput; -import org.w3c.dom.ls.LSOutput; -import org.w3c.dom.ls.LSParser; -import org.w3c.dom.ls.LSSerializer; - -import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefOptRefContentType; -import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; -import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType; -import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType; -import at.gv.egiz.bku.binding.HttpUtil; -import at.gv.egiz.bku.gui.viewer.MimeTypes; -import at.gv.egiz.bku.slexceptions.SLCommandException; -import at.gv.egiz.bku.slexceptions.SLRequestException; -import at.gv.egiz.bku.slexceptions.SLRuntimeException; -import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.bku.utils.urldereferencer.StreamData; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; -import at.gv.egiz.bku.viewer.ValidationException; -import at.gv.egiz.bku.viewer.Validator; -import at.gv.egiz.bku.viewer.ValidatorFactory; -import at.gv.egiz.dom.DOMUtils; -import at.gv.egiz.slbinding.impl.XMLContentType; -import java.io.File; -import java.net.MalformedURLException; -import java.net.URI; -import java.net.URL; - -/** - * This class represents a <code>DataObject</code> of an XML-Signature - * created by the security layer command <code>CreateXMLSignature</code>. - * - * @author mcentner - */ -public class DataObject { - - /** - * Logging facility. - */ - private static Log log = LogFactory.getLog(DataObject.class); - - /** - * DOM Implementation. - */ - private static final String DOM_LS_3_0 = "LS 3.0"; - - /** - * The array of the default preferred MIME type order. - */ - private static final String[] DEFAULT_PREFFERED_MIME_TYPES = - new String[] { - "text/plain", - "application/xhtml+xml" - }; - - /** - * Validate hash input. - */ - private static boolean validate = false; - - /** - * Enable validation of hash data input. - * - * @param validate - * <code>true</code> if validation should be enabled, or - * <code>false</code> otherwise. - */ - public static void enableHashDataInputValidation(boolean validate) { - DataObject.validate = validate; - } - - /** - * @return <code>true</code> if hash data input validation is enabled, - * or <code>false</code> otherwise. - */ - public static boolean isHashDataInputValidationEnabled() { - return validate; - } - - /** - * Valid MIME types. - */ - private static String[] validMimeTypes = DEFAULT_PREFFERED_MIME_TYPES; - - /** - * Sets the list of valid hash data input media types. - * <p>The array is also used for transformation path selection. - * The transformation path with a final type, that appears in the - * given array in the earliest position is used selected.</p> - * - * @param mediaTypes an array of MIME media types. - */ - public static void setValidHashDataInputMediaTypes(String[] mediaTypes) { - validMimeTypes = mediaTypes; - } - - /** - * The DOM implementation used. - */ - private DOMImplementationLS domImplLS; - - /** - * The signature context. - */ - private SignatureContext ctx; - - /** - * The Reference for this DataObject. - */ - private XSECTReference reference; - - /** - * The XMLObject for this DataObject. - */ - private XMLObject xmlObject; - - /** - * The MIME-Type of the digest input. - */ - private String mimeType; - - /** - * An optional description of the digest input. - */ - private String description; - - private String filename; - - /** - * Creates a new instance. - * - * @param document the document of the target signature - */ - public DataObject(SignatureContext signatureContext) { - this.ctx = signatureContext; - - DOMImplementationRegistry registry; - try { - registry = DOMImplementationRegistry.newInstance(); - } catch (Exception e) { - log.error("Failed to get DOMImplementationRegistry.", e); - throw new SLRuntimeException("Failed to get DOMImplementationRegistry."); - } - - domImplLS = (DOMImplementationLS) registry.getDOMImplementation(DOM_LS_3_0); - if (domImplLS == null) { - log.error("Failed to get DOMImplementation " + DOM_LS_3_0); - throw new SLRuntimeException("Failed to get DOMImplementation " + DOM_LS_3_0); - } - - } - - /** - * @return the reference - */ - public Reference getReference() { - return reference; - } - - /** - * @return the xmlObject - */ - public XMLObject getXmlObject() { - return xmlObject; - } - - /** - * @return the mimeType - */ - public String getMimeType() { - return mimeType; - } - - public String getFilename() { - return filename; - } - - /** - * @return the description - */ - public String getDescription() { - return description; - } - - public void validateHashDataInput() throws SLViewerException { - - if (validate) { - - if (reference == null) { - log.error("Medthod validateHashDataInput() called before reference has been created."); - throw new SLViewerException(5000); - } - - InputStream digestInputStream = reference.getDigestInputStream(); - if (digestInputStream == null) { - log.error("Method validateHashDataInput() called before reference has been generated " + - "or reference caching is not enabled."); - throw new SLViewerException(5000); - } - - if (mimeType == null) { - log.info("FinalDataMetaInfo does not specify MIME type of to be signed data."); - // TODO: add detailed message - throw new SLViewerException(5000); - } - - // get MIME media type - String mediaType = mimeType.split(";")[0].trim(); - // and optional charset - String charset = HttpUtil.getCharset(mimeType, false); - - if (Arrays.asList(validMimeTypes).contains(mediaType)) { - - Validator validator; - try { - validator = ValidatorFactory.newValidator(mediaType); - } catch (IllegalArgumentException e) { - log.error("No validator found for mime type '" + mediaType + "'."); - throw new SLViewerException(5000); - } - - try { - validator.validate(digestInputStream, charset); - } catch (ValidationException e) { - if ("text/plain".equals(mediaType)) { - log.info("Data to be displayed contains unsupported characters.", e); - // TODO: add detailed message - throw new SLViewerException(5003); - } else if ("application/xhtml+xml".equals(mediaType)) { - // TODO: add detailed message - log.info("Standard display format: HTML does not conform to specification.", e); - throw new SLViewerException(5004); - } else { - // TODO: add detailed message - log.info("Data to be displayed is invalid.", e); - throw new SLViewerException(5000); - } - } - - } else { - log.debug("MIME media type '" + mediaType + "' is not a s/valid/SUPPORTED digest input, omitting validation."); - } - } - - } - - /** - * Configures this DataObject with the information provided within the given - * <code>sl:DataObjectInfo</code>. - * - * @param dataObjectInfo - * the <code>sl:DataObjectInfo</code> - * - * @throws SLCommandException - * if configuring this DataObject with the information provided in - * the <code>sl:DataObjectInfo</code> fails. - * @throws SLRequestException - * if the information provided in the <code>sl:DataObjectInfo</code> - * does not conform to the security layer specification. - * @throws NullPointerException - * if <code>dataObjectInfo</code> is <code>null</code> - */ - public void setDataObjectInfo(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException { - - Base64XMLLocRefOptRefContentType dataObject = dataObjectInfo.getDataObject(); - String structure = dataObjectInfo.getStructure(); - - // select and unmarshal an appropriate transformation path if provided - // and set the final data meta information - XSECTTransforms transforms = createTransformsAndSetFinalDataMetaInfo(dataObjectInfo.getTransformsInfo()); - - if ("enveloping".equals(structure)) { - - // configure this DataObject as an enveloped DataObject - setEnvelopedDataObject(dataObject, transforms); - - } else if ("detached".equals(structure)) { - - // configure this DataObject as an detached DataObject - setDetachedDataObject(dataObject, transforms); - - } - // other values are not allowed by the schema and are therefore ignored - - this.filename = deriveFilename(); - } - - /** - * Extract filename from reference URI - * or propose reference Id with an apropriate (mime-type) file extension - * - * @return if neither reference nor id can be extracted return null (or data.extension?) - */ - private String deriveFilename() { - - String filename = null; - - if (reference != null) { - if (reference.getURI() != null && !"".equals(reference.getURI())) { - try { - log.info("deriving filename from reference URI " + reference.getURI()); - URI refURI = new URI(reference.getURI()); - - if (refURI.isOpaque()) { - // could check scheme component, but also allow other schemes (e.g. testlocal) - log.trace("opaque reference URI, use scheme-specific part as filename"); - filename = refURI.getSchemeSpecificPart(); - if (!hasExtension(filename)) { - filename += MimeTypes.getExtension(mimeType); - } - // else hierarchical URI: - // for shorthand xpointer use fragment as filename, - // for any other xpointer use reference Id and - // for any other hierarchical (absolute or relative) use filename (ignore fragment, see xmldsig section 4.3.3.2: fragments not recommendet) - } else if ("".equals(refURI.getPath()) && - refURI.getFragment() != null && - refURI.getFragment().indexOf('(') < 0) { // exclude (schemebased) xpointer expressions - log.trace("fragment (shorthand xpointer) URI, use fragment as filename"); - filename = refURI.getFragment(); - if(!hasExtension(filename)) { - filename += MimeTypes.getExtension(mimeType); - } - } else if (!"".equals(refURI.getPath())) { - log.trace("hierarchical URI with path component, use path as filename"); - File refFile = new File(refURI.getPath()); - filename = refFile.getName(); - if(!hasExtension(filename)) { - filename += MimeTypes.getExtension(mimeType); - } - } else { - log.debug("failed to derive filename from URI '" + refURI + "', derive filename from reference ID"); - filename = reference.getId() + MimeTypes.getExtension(mimeType); - } - } catch (URISyntaxException ex) { - log.error("failed to derive filename from invalid URI " + ex.getMessage()); - filename = reference.getId() + MimeTypes.getExtension(mimeType); - } - } else { - log.debug("same-document URI, derive filename from reference ID"); - filename = reference.getId() + MimeTypes.getExtension(mimeType); - } - } else { - log.error("failed to derive filename, no reference created"); - } - log.debug("derived filename for reference " + reference.getId() + ": " + filename); - return filename; - } - - private static boolean hasExtension(String filename) { - int extDelimiterInd = filename.lastIndexOf('.'); - return extDelimiterInd >= 0 && extDelimiterInd >= filename.length() - 4; - } - - private byte[] getTransformsBytes(at.gv.egiz.slbinding.impl.TransformsInfoType ti) { - return ti.getRedirectedStream().toByteArray(); -// byte[] transformsBytes = ti.getRedirectedStream().toByteArray(); -// -// if (transformsBytes == null || transformsBytes.length == 0) { -// return null; -// } -// -// String dsigPrefix = ti.getNamespaceContext().getNamespaceURI("http://www.w3.org/2000/09/xmldsig#"); -// byte[] pre, post; -// if (dsigPrefix == null) { -// log.trace("XMLDSig not declared in outside dsig:Transforms"); -// pre = "<AssureDSigNS>".getBytes(); -// post = "</AssureDSigNS>".getBytes(); -// } else { -// log.trace("XMLDSig bound to prefix " + dsigPrefix); -// pre = ("<AssureDSigNS xmlns:" + dsigPrefix + "=\"http://www.w3.org/2000/09/xmldsig#\">").getBytes(); -// post = "</AssureDSigNS>".getBytes(); -// } -// -// byte[] workaround = new byte[pre.length + transformsBytes.length + post.length]; -// System.arraycopy(pre, 0, workaround, 0, pre.length); -// System.arraycopy(transformsBytes, 0, workaround, pre.length, transformsBytes.length); -// System.arraycopy(post, 0, workaround, pre.length + transformsBytes.length, post.length); -// return workaround; - } - - /** - * Configures this DataObject as an enveloped DataObject with the information - * provided within the given <code>sl:DataObject</code>. - * - * @param dataObject - * the <code>sl:DataObject</code> - * @param transforms - * an optional <code>Transforms</code> element (may be - * <code>null</code>) - * - * @throws SLCommandException - * if configuring this DataObject with the information provided in - * the <code>sl:DataObject</code> fails. - * @throws SLRequestException - * if the information provided in the <code>sl:DataObject</code> - * does not conform to the security layer specification. - * @throws NullPointerException - * if <code>dataObject</code> is <code>null</code> - */ - private void setEnvelopedDataObject( - Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms) - throws SLCommandException, SLRequestException { - - String reference = dataObject.getReference(); - if (reference == null) { - // - // case A - // - // The Reference attribute is not used; the content of sl:DataObject represents the data object. - // If the data object is XML-coded (the sl:XMLContent element is used in sl:DataObject), then it - // must be incorporated in the signature structure as parsed XML. - // - - if (dataObject.getBase64Content() != null) { - - log.debug("Adding DataObject (Base64Content) without a reference URI."); - - // create XMLObject - XMLObject xmlObject = createXMLObject(new ByteArrayInputStream(dataObject.getBase64Content())); - - setXMLObjectAndReferenceBase64(xmlObject, transforms); - - } else if (dataObject.getXMLContent() != null) { - - log.debug("Adding DataObject (XMLContent) without a reference URI."); - - // create XMLObject - DocumentFragment content = parseDataObject((XMLContentType) dataObject.getXMLContent()); - XMLObject xmlObject = createXMLObject(content); - - setXMLObjectAndReferenceXML(xmlObject, transforms); - - } else if (dataObject.getLocRefContent() != null) { - - log.debug("Adding DataObject (LocRefContent) without a reference URI."); - - setEnvelopedDataObject(dataObject.getLocRefContent(), transforms); - - } else { - - // not allowed - log.info("XML structure of the command request contains an " + - "invalid combination of optional elements or attributes. " + - "DataObject of structure='enveloped' without a reference must contain content."); - throw new SLRequestException(3003); - - } - - } else { - - if (dataObject.getBase64Content() == null && - dataObject.getXMLContent() == null && - dataObject.getLocRefContent() == null) { - - // - // case B - // - // The Reference attribute contains a URI that must be resolved by the - // Citizen Card Environment to obtain the data object. - // The content of sl:DataObject remains empty - // - - log.debug("Adding DataObject from reference URI '" + reference + "'."); - - setEnvelopedDataObject(reference, transforms); - - } else { - - // not allowed - log.info("XML structure of the command request contains an " + - "invalid combination of optional elements or attributes. " + - "DataObject of structure='enveloped' with reference must not contain content."); - throw new SLRequestException(3003); - - } - - - } - - } - - /** - * Configures this DataObject as an enveloped DataObject with the content to - * be dereferenced from the given <code>reference</code>. - * - * @param reference - * the <code>reference</code> URI - * @param transforms - * an optional <code>Transforms</code> element (may be - * <code>null</code>) - * - * @throws SLCommandException - * if dereferencing the given <code>reference</code> fails, or if - * configuring this DataObject with the data dereferenced from the - * given <code>reference</code> fails. - * @throws NullPointerException - * if <code>reference</code> is <code>null</code> - */ - private void setEnvelopedDataObject(String reference, XSECTTransforms transforms) throws SLCommandException { - - if (reference == null) { - throw new NullPointerException("Argument 'reference' must not be null."); - } - - // dereference URL - URLDereferencer dereferencer = URLDereferencer.getInstance(); - - StreamData streamData; - try { - streamData = dereferencer.dereference(reference, ctx.getDereferencerContext()); - } catch (IOException e) { - log.info("Failed to dereference XMLObject from '" + reference + "'.", e); - throw new SLCommandException(4110); - } - - Node childNode; - - String contentType = streamData.getContentType(); - if (contentType.startsWith("text/xml")) { - - // If content type is text/xml parse content. - String charset = HttpUtil.getCharset(contentType, true); - - Document doc = parseDataObject(streamData.getStream(), charset); - - childNode = doc.getDocumentElement(); - - if (childNode == null) { - log.info("Failed to parse XMLObject from '" + reference + "'."); - throw new SLCommandException(4111); - } - - XMLObject xmlObject = createXMLObject(childNode); - - setXMLObjectAndReferenceXML(xmlObject, transforms); - - } else { - - // Include content Base64 encoded. - XMLObject xmlObject = createXMLObject(streamData.getStream()); - - setXMLObjectAndReferenceBase64(xmlObject, transforms); - - } - - } - - /** - * Configures this DataObject as an detached DataObject with the information - * provided in the given <code>sl:DataObject</code> and optionally - * <code>transforms</code>. - * - * @param dataObject - * the <code>sl:DataObject</code> - * @param transforms - * an optional Transforms object, may be <code>null</code> - * - * @throws SLCommandException - * if configuring this DataObject with the information provided in - * the <code>sl:DataObject</code> fails. - * @throws SLRequestException - * if the information provided in the <code>sl:DataObject</code> - * does not conform to the security layer specification. - * @throws NullPointerException - * if <code>dataObject</code> is <code>null</code> - */ - private void setDetachedDataObject( - Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms) - throws SLCommandException, SLRequestException { - - String referenceURI = dataObject.getReference(); - - if (referenceURI == null) { - - // not allowed - log.info("XML structure of the command request contains an " + - "invalid combination of optional elements or attributes. " + - "DataObject of structure='detached' must contain a reference."); - throw new SLRequestException(3003); - - } else { - - DigestMethod dm; - try { - dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } - - String idValue = ctx.getIdValueFactory().createIdValue("Reference"); - - reference = new XSECTReference(referenceURI, dm, transforms, null, idValue); - - // case D: - // - // The Reference attribute contains a URI that is used by the Citizen Card - // Environment to code the reference to the data object as part of the XML - // signature (attribute URI in the dsig:Reference) element. The content of - // sl:DataObject represents the data object. - - if (dataObject.getLocRefContent() != null) { - String locRef = dataObject.getLocRefContent(); - try { - this.reference.setDereferencer(new LocRefDereferencer(ctx.getDereferencerContext(), locRef)); - } catch (URISyntaxException e) { - log.info("Invalid URI '" + locRef + "' in DataObject.", e); - throw new SLCommandException(4003); - } catch (IllegalArgumentException e) { - log.info("LocRef URI of '" + locRef + "' not supported in DataObject. ", e); - throw new SLCommandException(4003); - } - } else if (dataObject.getBase64Content() != null) { - byte[] base64Content = dataObject.getBase64Content(); - this.reference.setDereferencer(new ByteArrayDereferencer(base64Content)); - } else if (dataObject.getXMLContent() != null) { - XMLContentType xmlContent = (XMLContentType) dataObject.getXMLContent(); - byte[] bytes = xmlContent.getRedirectedStream().toByteArray(); - this.reference.setDereferencer(new ByteArrayDereferencer(bytes)); - } else { - - // case C: - // - // The Reference attribute contains a URI that must be resolved by the - // Citizen Card Environment to obtain the data object. The Reference - // attribute contains a URI that is used by the Citizen Card Environment - // to code the reference to the data object as part of the XML signature - // (attribute URI in the dsig:Reference) element. The content of - // sl:DataObject remains empty. - - } - - } - } - - /** - * Returns the preferred <code>sl:TransformInfo</code> from the given list of - * <code>transformInfos</code>, or <code>null</code> if none of the given - * <code>transformInfos</code> is preferred over the others. - * - * @param transformsInfos - * a list of <code>sl:TransformInfo</code>s - * - * @return the selected <code>sl:TransformInfo</code> or <code>null</code>, if - * none is preferred over the others - */ - private TransformsInfoType selectPreferredTransformsInfo(List<TransformsInfoType> transformsInfos) { - - Map<String, TransformsInfoType> mimeTypes = new HashMap<String, TransformsInfoType>(); - - StringBuilder debugString = null; - if (log.isDebugEnabled()) { - debugString = new StringBuilder(); - debugString.append("Got " + transformsInfos.size() + " TransformsInfo(s):"); - } - - for (TransformsInfoType transformsInfoType : transformsInfos) { - MetaInfoType finalDataMetaInfo = transformsInfoType.getFinalDataMetaInfo(); - String mimeType = finalDataMetaInfo.getMimeType(); - String description = finalDataMetaInfo.getDescription(); - mimeTypes.put(mimeType, transformsInfoType); - if (debugString != null) { - debugString.append("\n FinalDataMetaInfo: MIME-Type="); - debugString.append(mimeType); - if (description != null) { - debugString.append(" "); - debugString.append(description); - } - } - } - - if (debugString != null) { - log.debug(debugString); - } - - // look for preferred transform - for (String mimeType : DEFAULT_PREFFERED_MIME_TYPES) { - if (mimeTypes.containsKey(mimeType)) { - return mimeTypes.get(mimeType); - } - } - - // no preferred transform - return null; - - } - - /** - * Create an instance of <code>ds:Transforms</code> from the given - * <code>sl:TransformsInfo</code>. - * - * @param transformsInfo - * the <code>sl:TransformsInfo</code> - * - * @return a corresponding unmarshalled <code>ds:Transforms</code>, or - * <code>null</code> if the given <code>sl:TransformsInfo</code> does - * not contain a <code>dsig:Transforms</code> element - * - * @throws SLRequestException - * if the <code>ds:Transforms</code> in the given - * <code>transformsInfo</code> are not valid or cannot be parsed. - * - * @throws MarshalException - * if the <code>ds:Transforms</code> in the given - * <code>transformsInfo</code> cannot be unmarshalled. - */ - private XSECTTransforms createTransforms(TransformsInfoType transformsInfo) throws SLRequestException, MarshalException { - - byte[] transforms = getTransformsBytes((at.gv.egiz.slbinding.impl.TransformsInfoType) transformsInfo); - - if (transforms != null && transforms.length > 0) { - // debug - if (log.isTraceEnabled()) { - StringBuilder sb = new StringBuilder(); - sb.append("Trying to parse transforms:\n"); - sb.append(new String(transforms, Charset.forName("UTF-8"))); - log.trace(sb); - } - - DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); - LSInput input = domImplLS.createLSInput(); - input.setByteStream(new ByteArrayInputStream(transforms)); - - LSParser parser = domImplLS.createLSParser( - DOMImplementationLS.MODE_SYNCHRONOUS, null); - DOMConfiguration domConfig = parser.getDomConfig(); - SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); - domConfig.setParameter("error-handler", errorHandler); - domConfig.setParameter("validate", Boolean.FALSE); - - Document document; - try { - document = parser.parse(input); - } catch (DOMException e) { - log.info("Failed to parse dsig:Transforms.", e); - throw new SLRequestException(3002); - } catch (LSException e) { - log.info("Failed to parse dsig:Transforms.", e); - throw new SLRequestException(3002); - } - - // adopt ds:Transforms - Element transformsElt = document.getDocumentElement(); - Node adoptedTransforms = ctx.getDocument().adoptNode(transformsElt); - - DOMCryptoContext context = new DOMCryptoContext(); - - // unmarshall ds:Transforms - return new XSECTTransforms(context, adoptedTransforms); - - } else { - return null; - } - - -// TransformsType transformsType = transformsInfo.getTransforms(); -// if (transformsType == null) { -// return null; -// } -// List<TransformType> transformList = transformsType.getTransform(); -// -// DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); -//// Document transformsDoc = ((DOMImplementation) domImplLS).createDocument("http://www.w3.org/2000/09/xmldsig#", "Transforms", null); -//// Element transforms = transformsDoc.getDocumentElement(); -// Document transformsDoc = DOMUtils.createDocument(); -// Element transforms = transformsDoc.createElementNS( -// "http://www.w3.org/2000/09/xmldsig#", -// Signature.XMLDSIG_PREFIX + ":Transforms"); -// transformsDoc.appendChild(transforms); -// -// for (TransformType transformType : transformList) { -// log.trace("found " + transformType.getClass().getName()); -// Element transform = transformsDoc.createElementNS( -// "http://www.w3.org/2000/09/xmldsig#", -// Signature.XMLDSIG_PREFIX + ":Transform"); -// String algorithm = transformType.getAlgorithm(); -// if (algorithm != null) { -// log.trace("found algorithm " + algorithm); -// transform.setAttribute("Algorithm", algorithm); -// } -// -// at.gv.egiz.slbinding.impl.TransformType t = (at.gv.egiz.slbinding.impl.TransformType) transformType; -// byte[] redirectedBytes = t.getRedirectedStream().toByteArray(); -// if (redirectedBytes != null && redirectedBytes.length > 0) { -// if (log.isTraceEnabled()) { -// StringBuilder sb = new StringBuilder(); -// sb.append("Trying to parse dsig:Transform:\n"); -// sb.append(new String(redirectedBytes, Charset.forName("UTF-8"))); -// log.trace(sb); -// } -// LSInput input = domImplLS.createLSInput(); -// input.setByteStream(new ByteArrayInputStream(redirectedBytes)); -// -// LSParser parser = domImplLS.createLSParser( -// DOMImplementationLS.MODE_SYNCHRONOUS, null); -// DOMConfiguration domConfig = parser.getDomConfig(); -// SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); -// domConfig.setParameter("error-handler", errorHandler); -// domConfig.setParameter("validate", Boolean.FALSE); -// -// try { -// Document redirectedDoc = parser.parse(input); -// Node redirected = transformsDoc.adoptNode(redirectedDoc.getDocumentElement()); -// transform.appendChild(redirected); -// -// //not supported by Xerces2.9.1 -//// Node redirected = parser.parseWithContext(input, transform, LSParser.ACTION_APPEND_AS_CHILDREN); -// -// } catch (DOMException e) { -// log.info("Failed to parse dsig:Transform.", e); -// throw new SLRequestException(3002); -// } catch (LSException e) { -// log.info("Failed to parse dsig:Transform.", e); -// throw new SLRequestException(3002); -// } -// } -// transforms.appendChild(transform); -// } -// -// //adopt ds:Transforms -// Node adoptedTransforms = ctx.getDocument().adoptNode(transforms); -// DOMCryptoContext context = new DOMCryptoContext(); -// -// // unmarshall ds:Transforms -// return new XSECTTransforms(context, adoptedTransforms); - - } - - /** - * Sets the <code>mimeType</code> and the <code>description</code> value - * for this DataObject. - * - * @param metaInfoType the <code>sl:FinalMetaDataInfo</code> - * - * @throws NullPointerException if <code>metaInfoType</code> is <code>null</code> - */ - private void setFinalDataMetaInfo(MetaInfoType metaInfoType) { - - this.mimeType = metaInfoType.getMimeType(); - this.description = metaInfoType.getDescription(); - - } - - /** - * Selects an appropriate transformation path (if present) from the given list - * of <code>sl:TransformInfos</code>, sets the corresponding final data meta info and - * returns the corresponding unmarshalled <code>ds:Transforms</code>. - * - * @param transformsInfos the <code>sl:TransformInfos</code> - * - * @return the unmarshalled <code>ds:Transforms</code>, or <code>null</code> if - * no transformation path has been selected. - * - * @throws SLRequestException if the given list <code>ds:TransformsInfo</code> contains - * an invalid <code>ds:Transforms</code> element, or no suitable transformation path - * can be found. - */ - private XSECTTransforms createTransformsAndSetFinalDataMetaInfo( - List<TransformsInfoType> transformsInfos) throws SLRequestException { - - TransformsInfoType preferredTransformsInfo = selectPreferredTransformsInfo(transformsInfos); - // try preferred transform - if (preferredTransformsInfo != null) { - - try { - XSECTTransforms transforms = createTransforms(preferredTransformsInfo); - setFinalDataMetaInfo(preferredTransformsInfo.getFinalDataMetaInfo()); - return transforms; - } catch (MarshalException e) { - - String mimeType = preferredTransformsInfo.getFinalDataMetaInfo().getMimeType(); - log.info("Failed to unmarshal preferred transformation path (MIME-Type=" - + mimeType + ").", e); - - } - - } - - // look for another suitable transformation path - for (TransformsInfoType transformsInfoType : transformsInfos) { - - try { - XSECTTransforms transforms = createTransforms(transformsInfoType); - setFinalDataMetaInfo(transformsInfoType.getFinalDataMetaInfo()); - return transforms; - } catch (MarshalException e) { - - String mimeType = transformsInfoType.getFinalDataMetaInfo().getMimeType(); - log.info("Failed to unmarshal transformation path (MIME-Type=" - + mimeType + ").", e); - } - - } - - // no suitable transformation path found - throw new SLRequestException(3003); - - } - - /** - * Create an XMLObject with the Base64 encoding of the given - * <code>content</code>. - * - * @param content - * the to-be Base64 encoded content - * @return an XMLObject with the Base64 encoded <code>content</code> - */ - private XMLObject createXMLObject(InputStream content) { - - Text textNode; - try { - textNode = at.gv.egiz.dom.DOMUtils.createBase64Text(content, ctx.getDocument()); - } catch (IOException e) { - log.error(e); - throw new SLRuntimeException(e); - } - - DOMStructure structure = new DOMStructure(textNode); - - String idValue = ctx.getIdValueFactory().createIdValue("Object"); - - return ctx.getSignatureFactory().newXMLObject(Collections.singletonList(structure), idValue, null, null); - - } - - /** - * Create an XMLObject with the given <code>content</code> node. - * - * @param content the content node - * - * @return an XMLObject with the given <code>content</code> - */ - private XMLObject createXMLObject(Node content) { - - String idValue = ctx.getIdValueFactory().createIdValue("Object"); - - List<DOMStructure> structures = Collections.singletonList(new DOMStructure(content)); - - return ctx.getSignatureFactory().newXMLObject(structures, idValue, null, null); - - } - - /** - * Sets the given <code>xmlObject</code> and creates and sets a corresponding - * <code>Reference</code>. - * <p> - * A transform to Base64-decode the xmlObject's content is inserted at the top - * of to the optional <code>transforms</code> if given, or to a newly created - * <code>Transforms</code> element if <code>transforms</code> is - * <code>null</code>. - * - * @param xmlObject - * the XMLObject - * @param transforms - * an optional <code>Transforms</code> element (may be - * <code>null</code>) - * - * @throws SLCommandException - * if creating the Reference fails - * @throws NullPointerException - * if <code>xmlObject</code> is <code>null</code> - */ - private void setXMLObjectAndReferenceBase64(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException { - - // create reference URI - // - // NOTE: the ds:Object can be referenced directly, as the Base64 transform - // operates on the text() of the input nodelist. - // - String referenceURI = "#" + xmlObject.getId(); - - // create Base64 Transform - Transform transform; - try { - transform = ctx.getSignatureFactory().newTransform(Transform.BASE64, (TransformParameterSpec) null); - } catch (NoSuchAlgorithmException e) { - // algorithm must be present - throw new SLRuntimeException(e); - } catch (InvalidAlgorithmParameterException e) { - // algorithm does not take parameters - throw new SLRuntimeException(e); - } - - if (transforms == null) { - transforms = new XSECTTransforms(Collections.singletonList(transform)); - } else { - transforms.insertTransform(transform); - } - - DigestMethod dm; - try { - dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } - String id = ctx.getIdValueFactory().createIdValue("Reference"); - - this.xmlObject = xmlObject; - this.reference = new XSECTReference(referenceURI, dm, transforms, null, id); - - } - - /** - * Sets the given <code>xmlObject</code> and creates and sets a corresponding - * <code>Reference</code>. - * <p> - * A transform to select the xmlObject's content is inserted at the top of to - * the optional <code>transforms</code> if given, or to a newly created - * <code>Transforms</code> element if <code>transforms</code> is - * <code>null</code>. - * </p> - * - * @param xmlObject - * the XMLObject - * @param transforms - * an optional <code>Transforms</code> element (may be - * <code>null</code>) - * - * @throws SLCommandException - * if creating the Reference fails - * @throws NullPointerException - * if <code>xmlObject</code> is <code>null</code> - */ - private void setXMLObjectAndReferenceXML(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException { - - // create reference URI - String referenceURI = "#" + xmlObject.getId(); - - // create Transform to select ds:Object's children - Transform xpathTransform; - Transform c14nTransform; - try { - - XPathType xpath = new XPathType("id(\"" + xmlObject.getId() + "\")/node()", XPathType.Filter.INTERSECT); - List<XPathType> xpaths = Collections.singletonList(xpath); - XPathFilter2ParameterSpec params = new XPathFilter2ParameterSpec(xpaths); - - xpathTransform = ctx.getSignatureFactory().newTransform(Transform.XPATH2, params); - - // add exclusive canonicalization to avoid signing the namespace context of the ds:Object - c14nTransform = ctx.getSignatureFactory().newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); - - } catch (NoSuchAlgorithmException e) { - // algorithm must be present - throw new SLRuntimeException(e); - } catch (InvalidAlgorithmParameterException e) { - // params must be appropriate - throw new SLRuntimeException(e); - } - - if (transforms == null) { - List<Transform> newTransfroms = new ArrayList<Transform>(); - newTransfroms.add(xpathTransform); - newTransfroms.add(c14nTransform); - transforms = new XSECTTransforms(newTransfroms); - } else { - transforms.insertTransform(xpathTransform); - } - - DigestMethod dm; - try { - dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } - String id = ctx.getIdValueFactory().createIdValue("Reference"); - - this.xmlObject = xmlObject; - this.reference = new XSECTReference(referenceURI, dm, transforms, null, id); - - } - - /** - * Parses the given <code>xmlContent</code> and returns a corresponding - * document fragment. - * - * <p> - * The to-be parsed content is surrounded by <dummy> ... </dummy> elements to - * allow for mixed (e.g. Text and Element) content in XMLContent. - * </p> - * - * @param xmlContent - * the XMLContent to-be parsed - * - * @return a document fragment containing the parsed nodes - * - * @throws SLCommandException - * if parsing the given <code>xmlContent</code> fails - * - * @throws NullPointerException - * if <code>xmlContent</code> is <code>null</code> - */ - private DocumentFragment parseDataObject(XMLContentType xmlContent) throws SLCommandException { - - ByteArrayOutputStream redirectedStream = xmlContent.getRedirectedStream(); - - // Note: We can assume a fixed character encoding of UTF-8 for the - // content of the redirect stream as the content has already been parsed - // and serialized again to the redirect stream. - - List<InputStream> inputStreams = new ArrayList<InputStream>(); - try { - // dummy start element - inputStreams.add(new ByteArrayInputStream("<dummy>".getBytes("UTF-8"))); - - // content - inputStreams.add(new ByteArrayInputStream(redirectedStream.toByteArray())); - - // dummy end element - inputStreams.add(new ByteArrayInputStream("</dummy>".getBytes("UTF-8"))); - } catch (UnsupportedEncodingException e) { - throw new SLRuntimeException(e); - } - - SequenceInputStream inputStream = new SequenceInputStream(Collections.enumeration(inputStreams)); - - // parse DataObject - Document doc = parseDataObject(inputStream, "UTF-8"); - - Element documentElement = doc.getDocumentElement(); - - if (documentElement == null || - !"dummy".equals(documentElement.getLocalName())) { - log.info("Failed to parse DataObject XMLContent."); - throw new SLCommandException(4111); - } - - DocumentFragment fragment = doc.createDocumentFragment(); - while (documentElement.getFirstChild() != null) { - fragment.appendChild(documentElement.getFirstChild()); - } - - // log parsed document - if (log.isTraceEnabled()) { - - StringWriter writer = new StringWriter(); - - writer.write("DataObject:\n"); - - LSOutput output = domImplLS.createLSOutput(); - output.setCharacterStream(writer); - output.setEncoding("UTF-8"); - LSSerializer serializer = domImplLS.createLSSerializer(); - serializer.getDomConfig().setParameter("xml-declaration", Boolean.FALSE); - serializer.write(fragment, output); - - log.trace(writer.toString()); - } - - return fragment; - - } - - /** - * Parses the given <code>inputStream</code> using the given - * <code>encoding</code> and returns the parsed document. - * - * @param inputStream - * the to-be parsed input - * - * @param encoding - * the encoding to be used for parsing the given - * <code>inputStream</code> - * - * @return the parsed document - * - * @throws SLCommandException - * if parsing the <code>inputStream</code> fails. - * - * @throws NullPointerException - * if <code>inputStram</code> is <code>null</code> - */ - private Document parseDataObject(InputStream inputStream, String encoding) throws SLCommandException { - - LSInput input = domImplLS.createLSInput(); - input.setByteStream(inputStream); - - if (encoding != null) { - input.setEncoding(encoding); - } - - LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null); - DOMConfiguration domConfig = parser.getDomConfig(); - SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); - domConfig.setParameter("error-handler", errorHandler); - domConfig.setParameter("validate", Boolean.FALSE); - - Document doc; - try { - doc = parser.parse(input); - } catch (DOMException e) { - log.info("Existing XML document cannot be parsed.", e); - throw new SLCommandException(4111); - } catch (LSException e) { - log.info("Existing XML document cannot be parsed. ", e); - throw new SLCommandException(4111); - } - - if (errorHandler.hasErrors()) { - // log errors - if (log.isInfoEnabled()) { - List<String> errorMessages = errorHandler.getErrorMessages(); - StringBuffer sb = new StringBuffer(); - for (String errorMessage : errorMessages) { - sb.append(" "); - sb.append(errorMessage); - } - log.info("Existing XML document cannot be parsed. " + sb.toString()); - } - throw new SLCommandException(4111); - } - - return doc; - - } - - -} diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactory.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactory.java deleted file mode 100644 index df42bd11..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactory.java +++ /dev/null @@ -1,37 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-/**
- * A factory for creating <code>xsd:Id</code>-attribute values.
- *
- * @author mcentner
- */
-public interface IdValueFactory {
-
- /**
- * Creates a new <code>xsd:Id</code>-attribute value for an Element of the
- * given <code>elementName</code>.
- *
- * @param elementName
- * the local name of the element to create the value for
- *
- * @return a <code>xsd:Id</code>-attribute value
- */
- public String createIdValue(String elementName);
-
-}
\ No newline at end of file diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactoryImpl.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactoryImpl.java deleted file mode 100644 index b9824655..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactoryImpl.java +++ /dev/null @@ -1,127 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Random;
-
-/**
- * An implementation of the IdValueFactory.
- * <p>
- * This IdValueFactory creates <code>xsd:Id</code>-attribute values of the form
- * '<code><elementName>-<random>-<sequenceNumber></code>',
- * where
- * <ul>
- * <li><code><elementName></code> is the name provided at
- * {@link #createIdValue(String)},</li>
- * <li><code><random></code> is a random generated fixed value for an
- * instance of this IdValueFactory and</li>
- * <li><code><sequenceNumber></code> is the sequence number of the value
- * generated for a given <code>elementName</code> by an instance of this
- * IdValueFactory.</li>
- * </ul>
- * </p>
- *
- * @author mcentner
- */
-public class IdValueFactoryImpl implements IdValueFactory {
-
- /**
- * A generator for <code>xsd:Id</code>-attribute values.
- *
- * @author mcentner
- */
- private class IdGenerator {
-
- /**
- * The salt.
- */
- private String salt;
-
- /**
- * The element name.
- */
- private String elementName;
-
- /**
- * The sequence number.
- */
- private int i = 0;
-
- /**
- * Creates a new instance of this IdGenerator with the given
- * <code>elementName</code> and <code>salt</code> value.
- *
- * @param elementName the element name
- * @param salt the salt valeu
- */
- private IdGenerator(String elementName, String salt) {
- super();
- this.elementName = elementName;
- this.salt = salt;
- }
-
- /**
- * @return returns the next <code>xsd:Id</code>-attribute value.
- */
- public String getNextId() {
- return elementName + "-" + salt + "-" + Integer.toString(++i);
- }
-
- }
-
- /**
- * A map of element names to <code>xsd:Id</code>-value generators.
- */
- private Map<String, IdGenerator> generators = new HashMap<String, IdGenerator>();
-
- /**
- * The seed value.
- */
- private String seed;
-
- /**
- * Creates a new instance of this IdValueFactory.
- */
- public IdValueFactoryImpl() {
-
- Random random = new Random();
- int rand = random.nextInt();
- seed = Integer.toHexString(rand);
-
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egiz.bku.slcommands.impl.IdValueFactory#createIdValue(java.lang.String
- * )
- */
- public String createIdValue(String elementName) {
-
- IdGenerator generator = generators.get(elementName);
- if (generator == null) {
- generator = new IdGenerator(elementName, seed);
- generators.put(elementName, generator);
- }
- return generator.getNextId();
-
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java deleted file mode 100644 index f5394157..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java +++ /dev/null @@ -1,112 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-
-import javax.xml.crypto.Data;
-import javax.xml.crypto.OctetStreamData;
-import javax.xml.crypto.URIDereferencer;
-import javax.xml.crypto.URIReference;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.XMLCryptoContext;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import at.gv.egiz.bku.utils.urldereferencer.StreamData;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
-
-/**
- * An URIDereferencer implementation that dereferences <code>LocRef</code>
- * references.
- *
- * @author mcentner
- */
-public class LocRefDereferencer implements URIDereferencer {
-
- /**
- * Logging facility.
- */
- private static Log log = LogFactory.getLog(LocRefDereferencer.class);
-
- /**
- * The <code>LocRef</code>-reference to be dereferenced by
- * {@link #dereference(URIReference, XMLCryptoContext)}.
- */
- protected String locRef;
-
- /**
- * The context to be used for dereferencing.
- */
- protected URLDereferencerContext dereferencerContext;
-
- /**
- * Creates a new instance of this LocRefDereferencer with the given
- * <code>dereferencerContext</code> and <code>locRef</code> reference.
- *
- * @param dereferencerContext
- * the context to be used for dereferencing
- * @param locRef
- * the <code>LocRef</code>-reference (must be an absolute URI)
- *
- * @throws URISyntaxException
- * if <code>LocRef</code> is not an absolute URI
- */
- public LocRefDereferencer(URLDereferencerContext dereferencerContext,
- String locRef) throws URISyntaxException {
-
- this.dereferencerContext = dereferencerContext;
-
- URI locRefUri = new URI(locRef);
- if (locRefUri.isAbsolute()) {
- this.locRef = locRef;
- } else {
- throw new IllegalArgumentException(
- "Parameter 'locRef' must be an absolut URI.");
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * javax.xml.crypto.URIDereferencer#dereference(javax.xml.crypto.URIReference,
- * javax.xml.crypto.XMLCryptoContext)
- */
- @Override
- public Data dereference(URIReference uriReference, XMLCryptoContext context)
- throws URIReferenceException {
-
- URLDereferencer dereferencer = URLDereferencer.getInstance();
- StreamData streamData;
- try {
- streamData = dereferencer.dereference(locRef, dereferencerContext);
- } catch (IOException e) {
- log.info("Failed to dereference URI'" + locRef + "'. " + e.getMessage(),
- e);
- throw new URIReferenceException("Failed to dereference URI '" + locRef
- + "'. " + e.getMessage(), e);
- }
- return new OctetStreamData(streamData.getStream(), locRef, streamData
- .getContentType());
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java deleted file mode 100644 index 25e2d4e5..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java +++ /dev/null @@ -1,128 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect; - -import at.gv.egiz.stal.HashDataInput; -import java.security.PrivateKey; - -import at.gv.egiz.stal.STAL; -//import at.gv.egiz.stal.HashDataInputCallback; -import java.util.List; - -/** - * This class implements a private key used by the {@link STALSignature} class. - * - * @author mcentner - */ -public class STALPrivateKey implements PrivateKey { - - private static final long serialVersionUID = 1L; - - /** - * The STAL implementation. - */ - private STAL stal; - - /** - * The callback interface for obtaining the hash input data. - */ -// private HashDataInputCallback hashDataInputCallback; - - - private List<DataObject> dataObjects; - - /** - * The keybox identifier. - */ - private String keyboxIdentifier; - - /** - * The signature algorithm. - */ - private String algorithm; - - /** - * Creates a new instance of this <code>STALPrivateKey</code> with the given - * <code>stal</code> implementation, signature <code>algorithm</code>, - * <code>keyboxIdentifier</code> and <code>hashDataInputCallback</code> - * interface. - * - * @param stal - * the STAL implementation - * @param algorithm - * the signature algorithm - * @param keyboxIdentifier - * the keybox identifier - * @param hashDataInputCallback - * the interface for obtaining the has input data - */ - public STALPrivateKey(STAL stal, - String algorithm, String keyboxIdentifier, List<DataObject> dataObjects) { - super(); - this.keyboxIdentifier = keyboxIdentifier; - this.dataObjects = dataObjects; - this.stal = stal; - this.algorithm = algorithm; - } - - /* (non-Javadoc) - * @see java.security.Key#getAlgorithm() - */ - @Override - public String getAlgorithm() { - return algorithm; - } - - /* (non-Javadoc) - * @see java.security.Key#getEncoded() - */ - @Override - public byte[] getEncoded() { - throw new UnsupportedOperationException("STALPrivateKey does not support the getEncoded() method."); - } - - /* (non-Javadoc) - * @see java.security.Key#getFormat() - */ - @Override - public String getFormat() { - return null; - } - - /** - * @return the STAL implementation - */ - public STAL getStal() { - return stal; - } - - /** - * @return the interface for obtaining the hash data input - */ - public List<DataObject> getDataObjects() { - - return dataObjects; - } - - /** - * @return the keybox identifier - */ - public String getKeyboxIdentifier() { - return keyboxIdentifier; - } - -} diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java deleted file mode 100644 index 9fb9a3f1..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java +++ /dev/null @@ -1,71 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import iaik.xml.crypto.XmldsigMore;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.Provider;
-import java.security.Signature;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.crypto.dsig.SignatureMethod;
-
-/**
- * A security provider implementation that provides {@link Signature} implementations
- * based on STAL.
- *
- * @author mcentner
- */
-public class STALProvider extends Provider {
-
- private static final long serialVersionUID = 1L;
-
- private static String IMPL_PACKAGE_NAME = "at.gv.egiz.bku.slcommands.impl.xsect";
-
- public STALProvider() {
-
- super("STAL", 1.0, "Security Token Abstraction Layer Provider");
-
- final Map<String, String> map = new HashMap<String, String>();
-
- // TODO: register further algorithms
- map.put("Signature." + SignatureMethod.RSA_SHA1,
- IMPL_PACKAGE_NAME + ".STALSignature");
- map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA1,
- IMPL_PACKAGE_NAME + ".STALSignature"); - map.put("Signature." + XmldsigMore.SIGNATURE_RSA_SHA256, - IMPL_PACKAGE_NAME + ".STALSignature"); - map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA256, - IMPL_PACKAGE_NAME + ".STALSignature"); - map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA512, - IMPL_PACKAGE_NAME + ".STALSignature"); - -
- AccessController.doPrivileged(new PrivilegedAction<Void>() {
- @Override
- public Void run() {
- putAll(map);
- return null;
- }
- });
-
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java deleted file mode 100644 index dd7c7d8a..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java +++ /dev/null @@ -1,184 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect; - -import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput; -import at.gv.egiz.bku.slexceptions.SLViewerException; - -import java.io.ByteArrayOutputStream; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.SignatureSpi; -import java.util.Collections; -import java.util.List; - -import at.gv.egiz.stal.ErrorResponse; -import at.gv.egiz.stal.HashDataInput; -import at.gv.egiz.stal.STAL; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.SignRequest; -import at.gv.egiz.stal.SignResponse; -//import at.gv.egiz.stal.HashDataInputCallback; -import java.util.ArrayList; - -/** - * A signature service provider implementation that uses STAL to sign. - * - * @author mcentner - */ -public class STALSignature extends SignatureSpi { - -// private static final Log log = LogFactory.getLog(STALSignature.class); - - /** - * The private key. - */ - protected STALPrivateKey privateKey; - - /** - * The to-be signed data. - */ - protected ByteArrayOutputStream data = new ByteArrayOutputStream(); - - /* (non-Javadoc) - * @see java.security.SignatureSpi#engineGetParameter(java.lang.String) - */ - @Override - protected Object engineGetParameter(String param) - throws InvalidParameterException { - throw new InvalidParameterException(); - } - - /* (non-Javadoc) - * @see java.security.SignatureSpi#engineInitSign(java.security.PrivateKey) - */ - @Override - protected void engineInitSign(PrivateKey privateKey) - throws InvalidKeyException { - - if (!(privateKey instanceof STALPrivateKey)) { - throw new InvalidKeyException("STALSignature supports STALKeys only."); - } - - this.privateKey = (STALPrivateKey) privateKey; - - } - - /* (non-Javadoc) - * @see java.security.SignatureSpi#engineInitVerify(java.security.PublicKey) - */ - @Override - protected void engineInitVerify(PublicKey publicKey) - throws InvalidKeyException { - - throw new UnsupportedOperationException("STALSignature does not support signature verification."); - } - - /* (non-Javadoc) - * @see java.security.SignatureSpi#engineSetParameter(java.lang.String, java.lang.Object) - */ - @Override - protected void engineSetParameter(String param, Object value) - throws InvalidParameterException { - } - - /* (non-Javadoc) - * @see java.security.SignatureSpi#engineSign() - */ - @Override - protected byte[] engineSign() throws SignatureException { - - STAL stal = privateKey.getStal(); - - if (stal == null) { - throw new SignatureException("STALSignature requires the STALPrivateKey " + - "to provide a STAL implementation reference."); - } - - String keyboxIdentifier = privateKey.getKeyboxIdentifier(); - - if (keyboxIdentifier == null) { - throw new SignatureException("STALSignature requires the STALPrivateKey " + - "to provide a KeyboxIdentifier."); - } - - // get hashDataInputs (DigestInputStreams) once slcommands.impl.xsect.Signature::sign() was called - List<DataObject> dataObjects = privateKey.getDataObjects(); -// log.debug("got " + dataObjects.size() + " DataObjects, passing HashDataInputs to STAL SignRequest"); - - List<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>(); - for (DataObject dataObject : dataObjects) { - try { - dataObject.validateHashDataInput(); - } catch (SLViewerException e) { - throw new STALSignatureException(e); - } - hashDataInputs.add(new DataObjectHashDataInput(dataObject)); - } - - SignRequest signRequest = new SignRequest(); - signRequest.setKeyIdentifier(keyboxIdentifier); - signRequest.setSignedInfo(data.toByteArray()); - signRequest.setHashDataInput(hashDataInputs); - - List<STALResponse> responses = stal.handleRequest(Collections.singletonList((STALRequest) signRequest)); - - if (responses == null || responses.size() != 1) { - throw new SignatureException("Failed to access STAL."); - } - - STALResponse response = responses.get(0); - if (response instanceof SignResponse) { - return ((SignResponse) response).getSignatureValue(); - } else if (response instanceof ErrorResponse) { - throw new STALSignatureException(((ErrorResponse) response).getErrorCode()); - } else { - throw new SignatureException("Failed to access STAL."); - } - - } - - /* (non-Javadoc) - * @see java.security.SignatureSpi#engineUpdate(byte) - */ - @Override - protected void engineUpdate(byte b) throws SignatureException { - data.write(b); - } - - /* (non-Javadoc) - * @see java.security.SignatureSpi#engineUpdate(byte[], int, int) - */ - @Override - protected void engineUpdate(byte[] b, int off, int len) - throws SignatureException { - data.write(b, off, len); - } - - /* (non-Javadoc) - * @see java.security.SignatureSpi#engineVerify(byte[]) - */ - @Override - protected boolean engineVerify(byte[] sigBytes) throws SignatureException { - throw new UnsupportedOperationException("STALSignature des not support signature verification."); - } - -} diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java deleted file mode 100644 index 4e86b07c..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java +++ /dev/null @@ -1,92 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.security.SignatureException;
-
-/**
- * A SignatureException thrown by the {@link STALSignature}.
- *
- * @author mcentner
- */
-public class STALSignatureException extends SignatureException {
-
- private static final long serialVersionUID = 1L;
-
- /**
- * The STAL error code.
- */
- private int errorCode;
-
- /**
- * Creates a new instance of this STALSignatureException.
- */
- public STALSignatureException() {
- }
-
- /**
- * Creates a new instance of this STALSigantureException with
- * the given <code>errorCode</code>.
- *
- * @param errorCode the error code
- */
- public STALSignatureException(int errorCode) {
- this.errorCode = errorCode;
- }
-
- /**
- * Creates a new instance of this STALSignatureException with
- * the given error <code>msg</code>.
- *
- * @param msg the error message
- * @see SignatureException#SignatureException(String)
- */
- public STALSignatureException(String msg) {
- super(msg);
- }
-
- /**
- * Creates a new instance of this STALSignatureException with
- * the given root <code>cause</code>.
- *
- * @param cause the cause
- * @see SignatureException#SignatureException(Throwable)
- */
- public STALSignatureException(Throwable cause) {
- super(cause);
- }
-
- /**
- * Creates a new instance of this STALSignautureException with
- * the given error <code>message</code> and root <code>cause</code>.
- *
- * @param message the error message
- * @param cause the cause
- * @see SignatureException#SignatureException(String, Throwable)
- */
- public STALSignatureException(String message, Throwable cause) {
- super(message, cause);
- }
-
- /**
- * @return the error code
- */
- public int getErrorCode() {
- return errorCode;
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java deleted file mode 100644 index 3cebb6a3..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java +++ /dev/null @@ -1,995 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.StringWriter; -import java.io.UnsupportedEncodingException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Date; -import java.util.List; - -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.crypto.MarshalException; -import javax.xml.crypto.dom.DOMStructure; -import javax.xml.crypto.dsig.CanonicalizationMethod; -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.Reference; -import javax.xml.crypto.dsig.SignatureMethod; -import javax.xml.crypto.dsig.SignedInfo; -import javax.xml.crypto.dsig.XMLObject; -import javax.xml.crypto.dsig.XMLSignature; -import javax.xml.crypto.dsig.XMLSignatureException; -import javax.xml.crypto.dsig.XMLSignatureFactory; -import javax.xml.crypto.dsig.dom.DOMSignContext; -import javax.xml.crypto.dsig.keyinfo.KeyInfo; -import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory; -import javax.xml.crypto.dsig.keyinfo.X509Data; -import javax.xml.stream.XMLStreamException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.etsi.uri._01903.v1_1.DataObjectFormatType; -import org.etsi.uri._01903.v1_1.QualifyingPropertiesType; -import org.w3c.dom.DOMConfiguration; -import org.w3c.dom.DOMException; -import org.w3c.dom.Document; -import org.w3c.dom.DocumentFragment; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.w3c.dom.ls.DOMImplementationLS; -import org.w3c.dom.ls.LSException; -import org.w3c.dom.ls.LSInput; -import org.w3c.dom.ls.LSOutput; -import org.w3c.dom.ls.LSParser; -import org.w3c.dom.ls.LSResourceResolver; -import org.w3c.dom.ls.LSSerializer; - -import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefReqRefContentType; -import at.buergerkarte.namespaces.securitylayer._1.Base64XMLOptRefContentType; -import at.buergerkarte.namespaces.securitylayer._1.DataObjectAssociationType; -import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; -import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType; -import at.gv.egiz.bku.binding.HttpUtil; -import at.gv.egiz.bku.slexceptions.SLCommandException; -import at.gv.egiz.bku.slexceptions.SLRequestException; -import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.bku.utils.HexDump; -import at.gv.egiz.bku.utils.urldereferencer.StreamData; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; -import at.gv.egiz.dom.DOMUtils; -import at.gv.egiz.slbinding.impl.XMLContentType; -import at.gv.egiz.stal.STAL; -import at.gv.egiz.xades.QualifyingPropertiesException; -import at.gv.egiz.xades.QualifyingPropertiesFactory; - -/** - * This class represents an XML-Signature as to be created by the - * security layer command <code>CreateXMLSignatureRequest</code>. - * - * @author mcentner - */ -public class Signature { - public static final String XMLDSIG_PREFIX = "dsig"; - - /** - * Logging facility. - */ - private static Log log = LogFactory.getLog(Signature.class); - - /** - * The DOM implementation used. - */ - private DOMImplementationLS domImplLS; - - /** - * The SignatureContext for the XMLSignature. - */ - private SignatureContext ctx; - - /** - * The list of {@link DataObject}s for this signature. - */ - private List<DataObject> dataObjects = new ArrayList<DataObject>(); - - /** - * A mapping from the <code>Id</code>-attribute values of this signature's - * <code>ds:Reference</code>s to the corresponding {@link DataObject}s. - */ -// private Map<String, DataObject> dataObjectReferencIds = new HashMap<String, DataObject>(); - - /** - * The SignatureEnvironment for this signature. - */ - private SignatureLocation signatureLocation; - - /** - * The XML signature. - */ - private XMLSignature xmlSignature; - - /** - * A list of attributes of type <code>xsd:ID</code> to be registered in the {@link DOMSignContext}. - */ - private List<IdAttribute> idAttributes = new ArrayList<IdAttribute>(); - - /** - * The signer's X509 certificate. - */ - private X509Certificate signerCertificate; - - /** - * The signing time. - */ - private Date signingTime; - - /** - * Creates a new SLXMLSignature instance. - */ - public Signature(URLDereferencerContext dereferencerContext, - IdValueFactory idValueFactory, - AlgorithmMethodFactory algorithmMethodFactory) { - - domImplLS = DOMUtils.getDOMImplementationLS(); - - ctx = new SignatureContext(); - - ctx.setSignatureFactory(XMLSignatureFactory.getInstance()); - - ctx.setDereferencerContext(dereferencerContext); - ctx.setIdValueFactory(idValueFactory); - ctx.setAlgorithmMethodFactory(algorithmMethodFactory); - - } - - /** - * @return the Document containing this Signature - */ - public Document getDocument() { - return ctx.getDocument(); - } - - /** - * @return the parent Node for this Signature - */ - public Node getParent() { - return (signatureLocation != null) ? signatureLocation.getParent() : null; - } - - /** - * @return the next sibling Node for this Signature - */ - public Node getNextSibling() { - return (signatureLocation != null) ? signatureLocation.getNextSibling() : null; - } - - /** - * @return the XMLSignature - */ - public XMLSignature getXMLSignature() { - return xmlSignature; - } - - /** - * @return the list of {@link Reference}s of this Signature - */ - @SuppressWarnings("unchecked") - public List<Reference> getReferences() { - return (xmlSignature != null) ? xmlSignature.getSignedInfo().getReferences() : null; - } - - /** - * @return the list of {@link XMLObject}s of this Signature - */ - @SuppressWarnings("unchecked") - public List<XMLObject> getXMLObjects() { - return (xmlSignature != null) ? xmlSignature.getObjects() : null; - } - - /** - * Prepares the signature document with the information given by the - * <code>signatureInfo</code> provided. - * - * @param signatureInfo - * the <code>SignatureInfo</code> - * - * @throws SLCommandException - * if processing fails for any reason - * @throws IllegalStateException - * if the <code>parent</code> node has already been set - * @throws NullPointerException - * if <code>signatureInfo</code> is <code>null</code> - */ - public void setSignatureInfo(SignatureInfoCreationType signatureInfo) throws SLCommandException { - - if (signatureLocation != null) { - throw new IllegalStateException("SignatureEnvironment already set."); - } - - Base64XMLOptRefContentType signatureEnvironment = signatureInfo.getSignatureEnvironment(); - - if (signatureEnvironment == null) { - - // no SignatureEnvironment, so we use an empty document and the document as parent - ensureSignatureLocation(); - - } else { - - // parse SignatureEnvrionment and use as document - Document document = parseSignatureEnvironment(signatureEnvironment, signatureInfo.getSupplement()); - ctx.setDocument(document); - - signatureLocation = new SignatureLocation(ctx); - signatureLocation.setSignatureInfo(signatureInfo); - - } - - } - - /** - * Ensures a SignatureLocation for this Signature. - */ - private void ensureSignatureLocation() { - - if (signatureLocation == null) { - Document document = DOMUtils.createDocument(); - ctx.setDocument(document); - - signatureLocation = new SignatureLocation(ctx); - signatureLocation.setParent(document); - } - - } - - /** - * Adds a DataObject with the information given by the - * <code>dataObjectInfo</code> provided to this Signature. - * - * @param dataObjectInfo - * the <code>DataObjectInfo</code> element - * - * @throws SLCommandException - * if adding the DataObject fails - * @throws SLRequestException - * if the information provided by the given - * <code>dataObjectInfo</code> does not conform to the security - * layer specification - * @throws NullPointerException - * if <code>dataObjectInfo</code> is <code>null</code> - */ - public void addDataObject(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException { - - ensureSignatureLocation(); - - DataObject dataObject = new DataObject(ctx); - dataObject.setDataObjectInfo(dataObjectInfo); - - dataObjects.add(dataObject); - -// dataObjectReferencIds.put(dataObject.getReference().getId(), dataObject); - - } - - /** - * Sets the <code>SigningTime</code> qualifying property of this Signature. - * - * @param signingTime the signing time to set - */ - public void setSigningTime(Date signingTime) { - this.signingTime = signingTime; - } - - /** - * Sets the <code>SignerCertificate</code> qualifying property of this Signature. - * - * @param certificate the signer's certificate - */ - public void setSignerCeritifcate(X509Certificate certificate) { - this.signerCertificate = certificate; - } - - /** - * Builds the XMLSignature data structure of this Signature as configured by - * the various setter methods. - * - * @throws SLCommandException if building this signature fails - */ - public void buildXMLSignature() throws SLCommandException { - - String signatureId = ctx.getIdValueFactory().createIdValue("Signature"); - - List<XMLObject> objects = new ArrayList<XMLObject>(); - List<Reference> references = new ArrayList<Reference>(); - - // add all data objects - for (DataObject dataObject : dataObjects) { - if (dataObject.getXmlObject() != null) { - objects.add(dataObject.getXmlObject()); - } - if (dataObject.getReference() != null) { - references.add(dataObject.getReference()); - } - } - - addXAdESObjectAndReference(objects, references, signatureId); - - XMLSignatureFactory signatureFactory = ctx.getSignatureFactory(); - AlgorithmMethodFactory algorithmMethodFactory = ctx.getAlgorithmMethodFactory(); - - CanonicalizationMethod cm; - SignatureMethod sm; - try { - cm = algorithmMethodFactory.createCanonicalizationMethod(ctx); - sm = algorithmMethodFactory.createSignatureMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get Canonicalization or Signature algorithm.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get Canonicalization or Signature algorithm.", e); - throw new SLCommandException(4006); - } - - String siId = ctx.getIdValueFactory().createIdValue("SignedInfo"); - - SignedInfo si = signatureFactory.newSignedInfo(cm, sm, references, siId); - - KeyInfo ki = null; - if (signerCertificate != null) { - KeyInfoFactory kif = KeyInfoFactory.getInstance(); - X509Data x509Data = kif.newX509Data(Collections.singletonList(signerCertificate)); - ki = kif.newKeyInfo(Collections.singletonList(x509Data)); - } - - String signatureValueId = ctx.getIdValueFactory().createIdValue("SignatureValue"); - - xmlSignature = signatureFactory.newXMLSignature(si, ki, objects, signatureId, signatureValueId); - - } - - /** - * Sign this Signature using the given <code>signContext</code>. - * <p> - * Call's {@link #buildXMLSignature()} if it has not been called yet. - * </p> - * - * @param signContext - * the signing context - * - * @throws MarshalException - * if marshalling the XMLSignature fails - * @throws XMLSignatureException - * if signing the XMLSignature fails - * @throws SLCommandException - * if building the XMLSignature fails - * @throws SLViewerException - * @throws NullPointerException - * if <code>signContext</code> is <code>null</code> - */ - public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException { - - if (xmlSignature == null) { - buildXMLSignature(); - } - - for (IdAttribute idAttribute : idAttributes) { - signContext.setIdAttributeNS(idAttribute.element, idAttribute.namespaceURI, idAttribute.localName); - } - - // DO NOT USE: - // signContext.setProperty("iaik.xml.crypto.dsig.sign-over", Boolean.TRUE); - - signContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); - - signContext.putNamespacePrefix(XMLSignature.XMLNS,XMLDSIG_PREFIX); - - signContext.setURIDereferencer(new URIDereferncerAdapter(ctx.getDereferencerContext())); - - try { - xmlSignature.sign(signContext); - } catch (XMLSignatureException e) { - Throwable cause = e.getCause(); - while (cause != null) { - if (cause instanceof STALSignatureException) { - if (((STALSignatureException) cause).getCause() instanceof SLViewerException) { - throw (SLViewerException) ((STALSignatureException) cause).getCause(); - } - int errorCode = ((STALSignatureException) cause).getErrorCode(); - SLCommandException commandException = new SLCommandException(errorCode); - log.info("Failed to sign signature.", commandException); - throw commandException; - } else { - cause = cause.getCause(); - } - } - throw e; - } - - // debug - if (log.isTraceEnabled()) { - for (DataObject dataObject : dataObjects) { - Reference reference = dataObject.getReference(); - InputStream digestInputStream = reference.getDigestInputStream(); - if (digestInputStream != null) { - String mimeType = dataObject.getMimeType(); - StringBuilder sb = new StringBuilder(); - sb.append("DigestInput for Reference with id='"); - sb.append(reference.getId()); - sb.append("' (MIME-Type="); - sb.append(dataObject.getMimeType()); - sb.append("):\n"); - try { - if (mimeType != null && ( - mimeType.startsWith("text") || - "application/xhtml+xml".equals(mimeType))) { - byte[] b = new byte[512]; - for (int l; (l = digestInputStream.read(b)) != -1;) { - sb.append(new String(b, 0, l)); - } - } else { - sb.append(HexDump.hexDump(digestInputStream)); - } - } catch (IOException e) { - log.error(e); - } - log.trace(sb.toString()); - } else { - log.trace("Reference caching is not enabled."); - } - } - for (Reference reference : getReferences()) { - if (reference.getType() != null) { - InputStream digestInputStream = reference.getDigestInputStream(); - if (digestInputStream != null) { - StringBuilder sb = new StringBuilder(); - sb.append("DigestInput for Reference with id='"); - sb.append(reference.getId()); - sb.append("'; Type:"); - sb.append(reference.getType()); - sb.append("):\n"); - try { - byte[] b = new byte[512]; - for (int l; (l = digestInputStream.read(b)) != -1;) { - sb.append(new String(b, 0, l)); - } - } catch (IOException e) { - log.error(e); - } - log.trace(sb.toString()); - } else { - log.trace("Reference caching is not enabled."); - } - - } - } - } - - } - - /** - * Sign this Signature using the given <code>stal</code> implementation and - * <code>keyboxIdentifier</code>. - * <p> - * This method configures an appropriate {@link DOMSignContext} and calls - * {@link #sign(DOMSignContext)}. If {@link #buildXMLSignature()} has not been - * called yet, it is called by this method. - * </p> - * - * @param stal - * the STAL implementation to use - * @param keyboxIdentifier - * the KeyboxIdentifier to use - * - * @throws MarshalException - * if marshalling this Signature fails - * @throws XMLSignatureException - * if signing this Signature fails - * @throws SLCommandException - * if building this Signature fails - * @throws SLViewerException - * @throws NullPointerException - * if <code>stal</code> or <code>keyboxIdentifier</code> is - * <code>null</code> - */ - public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException { - - if (stal == null) { - throw new NullPointerException("Argument 'stal' must not be null."); - } - - if (keyboxIdentifier == null) { - throw new NullPointerException("Argument 'keyboxIdentifier' must not be null."); - } - - if (xmlSignature == null) { - buildXMLSignature(); - } - - SignatureMethod signatureMethod = xmlSignature.getSignedInfo().getSignatureMethod(); - String algorithm = signatureMethod.getAlgorithm(); - - //don't get hashDataInputs (digestInputStreams) now, only once Signature.sign() was called (cf STALSignature.engineSign) - PrivateKey privateKey = new STALPrivateKey(stal, algorithm, keyboxIdentifier, dataObjects); // hashDataInputs); - - DOMSignContext signContext; - if (getNextSibling() == null) { - signContext = new DOMSignContext(privateKey, getParent()); - } else { - signContext = new DOMSignContext(privateKey, getParent(), getNextSibling()); - } - - sign(signContext); - } - -// @Override -// public HashDataInput getHashDataInput(final String referenceId) { -// final DataObject dataObject = dataObjectReferencIds.get(referenceId); -// if (dataObject != null) { -// return new HashDataInput() { -// -// InputStream hashDataInput = dataObject.getReference().getDigestInputStream(); -// -// @Override -// public String getReferenceId() { -// return referenceId; -// } -// -// @Override -// public String getMimeType() { -// return dataObject.getMimeType(); -// } -// -// @Override -// public InputStream getHashDataInput() { -// return hashDataInput; -// } -// }; -// } -// return null; -// } - - /** - * Adds the XAdES <code>QualifyingProperties</code> as an - * <code>ds:Object</code> and a corresponding <code>ds:Reference</code> to - * it's <code>SignedProperties</code> element to this Signature. - * - * @param objects - * the list of <code>ds:Objects</code> to add the created - * <code>ds:Object</code> to - * @param references - * the list of <code>ds:References</code> to add the created - * <code>ds:Reference</code> to - * @param signatureId TODO - * @throws SLCommandException - * if creating and adding the XAdES - * <code>QualifyingProperties</code> fails - * @throws NullPointerException - * if <code>objects</code> or <code>references</code> is - * <code>null</code> - */ - private void addXAdESObjectAndReference(List<XMLObject> objects, List<Reference> references, String signatureId) throws SLCommandException { - - QualifyingPropertiesFactory factory = QualifyingPropertiesFactory.getInstance(); - - String idValue = ctx.getIdValueFactory().createIdValue("SignedProperties"); - - Date date = (signingTime != null) ? signingTime : new Date(); - - List<X509Certificate> signingCertificates; - if (signerCertificate != null) { - signingCertificates = Collections.singletonList(signerCertificate); - } else { - signingCertificates = Collections.emptyList(); - } - - // TODO: report MOA-SP bug - // - // The security layer specification mandates the use of version 1.2.2. of the - // XAdES QualifyingProperties. However MOA-SP supports only version 1.1.1. Therefore, - // the version 1.1.1 is used in order to be compatible with current MOA-SP versions. - - List<DataObjectFormatType> dataObjectFormats = new ArrayList<DataObjectFormatType>(); - for (DataObject dataObject : dataObjects) { - if (dataObject.getMimeType() != null && dataObject.getReference() != null) { - Reference reference = dataObject.getReference(); - if (reference.getId() != null) { - String objectReference = "#" + reference.getId(); - dataObjectFormats.add(factory.createDataObjectFormatType( - objectReference, dataObject.getMimeType(), dataObject - .getDescription())); - } - } - } - - String target = "#" + signatureId; - - DigestMethod dm; - try { - dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get DigestMethod algorithm.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get DigestMethod algorithm.", e); - throw new SLCommandException(4006); - } - - JAXBElement<QualifyingPropertiesType> qualifyingProperties; - try { - qualifyingProperties = factory.createQualifyingProperties111(target, date, signingCertificates, idValue, dataObjectFormats, dm); - } catch (QualifyingPropertiesException e) { - log.error("Failed to create QualifyingProperties.", e); - throw new SLCommandException(4000); - } - - DocumentFragment fragment = ctx.getDocument().createDocumentFragment(); - - try { - factory.marshallQualifyingProperties(qualifyingProperties, fragment); - } catch (JAXBException e) { - log.error("Failed to marshal QualifyingProperties.", e); - throw new SLCommandException(4000); - } - - List<DOMStructure> content = Collections.singletonList(new DOMStructure(fragment.getFirstChild())); - - String objectIdValue = ctx.getIdValueFactory().createIdValue("Object"); - - XMLObject object = ctx.getSignatureFactory().newXMLObject(content, objectIdValue, null, null); - - objects.add(object); - - // TODO: Report MOA-SP Bug - // - // Direct referencing of the SignedPorperties Id-attribute is not supported by MOA-SP - // because the QualifyingProperties are parsed without the XAdES schema. Therefore, - // the shorthand XPointer could not be resolved. - // - // The following workaround uses an XPointer to select the SignedProperties in order - // to allow the signature to be verified with MOA-SP. - - String referenceURI = "#xmlns(xades=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('" - + objectIdValue - + "')/child::xades:QualifyingProperties/child::xades:SignedProperties)"; - - String referenceIdValue = ctx.getIdValueFactory().createIdValue("Reference"); - String referenceType = QualifyingPropertiesFactory.SIGNED_PROPERTIES_REFERENCE_TYPE_V1_1_1; - - try { - dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get DigestMethod algorithm.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get DigestMethod algorithm.", e); - throw new SLCommandException(4006); - } - - Reference reference = ctx.getSignatureFactory().newReference(referenceURI, dm, null, referenceType, referenceIdValue); - - references.add(reference); - - Node child = fragment.getFirstChild(); - if (child instanceof Element) { - NodeList nodes = ((Element) child).getElementsByTagNameNS(QualifyingPropertiesFactory.NS_URI_V1_1_1, "SignedProperties"); - if (nodes.getLength() > 0) { - IdAttribute idAttribute = new IdAttribute(); - idAttribute.element = (Element) nodes.item(0); - idAttribute.namespaceURI = null; - idAttribute.localName = "Id"; - idAttributes.add(idAttribute); - } - } - - } - - /** - * Parse the SignatureEnvironment. - * - * @param signatureEnvironment - * the <code>SignatureEnvironment</code> element - * @param supplements - * an optional list of <code>Supplements</code> (may be - * <code>null</code>) - * - * @return the parsed SignatureEnvironment document - * - * @throws SLCommandException - * if parsing the SignatureEnvironment fails - * @throws NullPointerException - * if <code>signatureEnvironment</code> is <code>null</code> - */ - private Document parseSignatureEnvironment( - Base64XMLOptRefContentType signatureEnvironment, - List<DataObjectAssociationType> supplements) throws SLCommandException { - - if (signatureEnvironment == null) { - throw new NullPointerException("Argument 'signatureEnvironment' must not be null."); - } - - LSInput input; - try { - if (signatureEnvironment.getReference() != null) { - log.debug("SignatureEnvironment contains Reference " + signatureEnvironment.getReference() + "."); - input = createLSInput(signatureEnvironment.getReference()); - } else if (signatureEnvironment.getBase64Content() != null) { - log.debug("SignatureEnvironment contains Base64Content."); - input = createLSInput(signatureEnvironment.getBase64Content()); - } else if (signatureEnvironment.getXMLContent() != null) { - log.debug("SignatureEnvironment contains XMLContent."); - input = createLSInput((XMLContentType) signatureEnvironment.getXMLContent()); - } else { - // the schema does not allow us to reach this point - throw new SLCommandException(4000); - } - } catch (IOException e) { - log.info("XML document in which the signature is to be integrated cannot be resolved.", e); - throw new SLCommandException(4100); - } catch (XMLStreamException e) { - log.info("XML document in which the signature is to be integrated cannot be resolved.", e); - throw new SLCommandException(4100); - } - - LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null); - DOMConfiguration domConfig = parser.getDomConfig(); - SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); - domConfig.setParameter("error-handler", errorHandler); - LSResourceResolverAdapter resourceResolver = new LSResourceResolverAdapter(supplements); - domConfig.setParameter("resource-resolver", resourceResolver); - domConfig.setParameter("validate", Boolean.TRUE); - - Document doc; - try { - doc = parser.parse(input); - } catch (DOMException e) { - log.info("XML document in which the signature is to be integrated cannot be parsed.", e); - throw new SLCommandException(4101); - } catch (LSException e) { - log.info("XML document in which the signature is to be integrated cannot be parsed.", e); - throw new SLCommandException(4101); - } - - if (resourceResolver.getError() != null) { - log.info("Failed to resolve resource while parsing SignatureEnvironment document.", resourceResolver.getError()); - // we don't stop here, as we only _try_ to parse validating - } - - if (errorHandler.hasFatalErrors()) { - // log fatal errors - if (log.isInfoEnabled()) { - List<String> errorMessages = errorHandler.getErrorMessages(); - StringBuffer sb = new StringBuffer(); - for (String errorMessage : errorMessages) { - sb.append(" "); - sb.append(errorMessage); - } - log.info("XML document in which the signature is to be integrated cannot be parsed." + sb.toString()); - } - throw new SLCommandException(4101); - } - - // log parsed document - if (log.isTraceEnabled()) { - - StringWriter writer = new StringWriter(); - - writer.write("SignatureEnvironment:\n"); - - LSOutput output = domImplLS.createLSOutput(); - output.setCharacterStream(writer); - output.setEncoding("UTF-8"); - LSSerializer serializer = domImplLS.createLSSerializer(); - serializer.write(doc, output); - - log.trace(writer.toString()); - } - - return doc; - - } - - /** - * Creates an LSInput from the given <code>reference</code> URI. - * - * @param reference - * the reference URL - * - * @return an LSInput from the given <code>reference</code> URI - * - * @throws IOException - * if dereferencing the given <code>reference</code> fails - */ - private LSInput createLSInput(String reference) throws IOException { - - URLDereferencer urlDereferencer = URLDereferencer.getInstance(); - StreamData streamData = urlDereferencer.dereference(reference, ctx.getDereferencerContext()); - - String contentType = streamData.getContentType(); - String charset = HttpUtil.getCharset(contentType, true); - InputStreamReader streamReader; - try { - streamReader = new InputStreamReader(streamData.getStream(), charset); - } catch (UnsupportedEncodingException e) { - log.info("Charset " + charset + " not supported. Using default."); - streamReader = new InputStreamReader(streamData.getStream()); - } - - LSInput input = domImplLS.createLSInput(); - input = domImplLS.createLSInput(); - input.setCharacterStream(streamReader); - - return input; - - } - - /** - * Creates an LSInput from the given <code>content</code> bytes. - * - * @param content - * the content bytes - * - * @return an LSInput from the givne <code>content</code> bytes - */ - private LSInput createLSInput(byte[] content) { - - ByteArrayInputStream inputStream = new ByteArrayInputStream(content); - LSInput input = domImplLS.createLSInput(); - input.setByteStream(inputStream); - - return input; - - } - - /** - * Creates an LSInput from the given XML <code>content</code>. - * - * @param content - * the XML content - * @return an LSInput from the given XML <code>content</code> - * - * @throws XMLStreamException - * if reading the XMLStream from the given XML content fails - */ - private LSInput createLSInput(XMLContentType content) throws XMLStreamException { - - ByteArrayOutputStream redirectedStream = content.getRedirectedStream(); - if (redirectedStream != null) { - LSInput input = domImplLS.createLSInput(); - input.setByteStream(new ByteArrayInputStream(redirectedStream.toByteArray())); - return input; - } else { - return null; - } - - } - - /** - * Represents an <code>xsd:Id</code>-attribute value. - * - * @author mcentner - */ - private class IdAttribute { - - private Element element; - - private String namespaceURI; - - private String localName; - - } - - /** - * An implementation of the LSResourceResolver that uses a list of supplements - * to resolve resources. - * - * @author mcentner - */ - private class LSResourceResolverAdapter implements LSResourceResolver { - - List<DataObjectAssociationType> supplements; - - private LSResourceResolverAdapter( - List<DataObjectAssociationType> supplements) { - this.supplements = supplements; - } - - private Exception error; - - /** - * @return the error - */ - public Exception getError() { - return error; - } - - @Override - public LSInput resolveResource(String type, String namespaceURI, - String publicId, String systemId, String baseURI) { - - if (log.isTraceEnabled()) { - log.trace("Resolve resource :" + - "\n type=" + type + - "\n namespaceURI=" + namespaceURI + - "\n publicId=" + publicId + - "\n systemId=" + systemId + - "\n baseURI=" + baseURI); - } - - if (systemId != null) { - - log.debug("Resolve resource '" + systemId + "'."); - - for (DataObjectAssociationType supplement : supplements) { - - Base64XMLLocRefReqRefContentType content = supplement.getContent(); - if (content != null) { - - String reference = content.getReference(); - if (systemId.equals(reference)) { - - try { - if (content.getLocRefContent() != null) { - log.trace("Resolved resource '" + reference + "' to supplement with LocRefContent."); - return createLSInput(content.getLocRefContent()); - } else if (content.getBase64Content() != null) { - log.trace("Resolved resource '" + reference + "' to supplement with Base64Content."); - return createLSInput(content.getBase64Content()); - } else if (content.getXMLContent() != null) { - log.trace("Resolved resource '" + reference + "' to supplement with XMLContent."); - return createLSInput((XMLContentType) content.getXMLContent()); - } else { - return null; - } - } catch (IOException e) { - log.info("Failed to resolve resource '" + systemId + "' to supplement.", e); - error = e; - return null; - } catch (XMLStreamException e) { - log.info("Failed to resolve resource '" + systemId + "' to supplement.", e); - error = e; - return null; - } - - } - - } - - } - - log.info("Failed to resolve resource '" + systemId + "' to supplement. No such supplement."); - - } - - return null; - - } - - - } - -} diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java deleted file mode 100644 index 0925f2fd..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java +++ /dev/null @@ -1,129 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-
-import org.w3c.dom.Document;
-
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
-
-/**
- * An instance of this class carries context information for a XML-Signature
- * created by the security layer command <code>CreateXMLSignature</code>.
- *
- * @author mcentner
- */
-public class SignatureContext {
-
- /**
- * The document going to contain the XML signature.
- */
- private Document document;
-
- /**
- * The IdValueFactory used to create <code>xsd:ID</code>-attribute values.
- */
- private IdValueFactory idValueFactory;
-
- /**
- * The XMLSignatureFactory to create XML signature objects.
- */
- private XMLSignatureFactory signatureFactory;
-
- /**
- * The URLDereferencerContext for dereferencing URLs.
- */
- private URLDereferencerContext dereferencerContext;
-
- /**
- * The DigestMethodFactory to create {@link DigestMethod} objects.
- */
- private AlgorithmMethodFactory digestMethodFactory;
-
- /**
- * @return the document
- */
- public Document getDocument() {
- return document;
- }
-
- /**
- * @param document the document to set
- */
- public void setDocument(Document document) {
- this.document = document;
- }
-
- /**
- * @return the idValueFactory
- */
- public IdValueFactory getIdValueFactory() {
- return idValueFactory;
- }
-
- /**
- * @param idValueFactory the idValueFactory to set
- */
- public void setIdValueFactory(IdValueFactory idValueFactory) {
- this.idValueFactory = idValueFactory;
- }
-
- /**
- * @return the signatureFactory
- */
- public XMLSignatureFactory getSignatureFactory() {
- return signatureFactory;
- }
-
- /**
- * @param signatureFactory the signatureFactory to set
- */
- public void setSignatureFactory(XMLSignatureFactory signatureFactory) {
- this.signatureFactory = signatureFactory;
- }
-
- /**
- * @return the dereferencerContext
- */
- public URLDereferencerContext getDereferencerContext() {
- return dereferencerContext;
- }
-
- /**
- * @param dereferencerContext the dereferencerContext to set
- */
- public void setDereferencerContext(URLDereferencerContext dereferencerContext) {
- this.dereferencerContext = dereferencerContext;
- }
-
- /**
- * @return the digestMethodFactory
- */
- public AlgorithmMethodFactory getAlgorithmMethodFactory() {
- return digestMethodFactory;
- }
-
- /**
- * @param digestMethodFactory the digestMethodFactory to set
- */
- public void setAlgorithmMethodFactory(AlgorithmMethodFactory digestMethodFactory) {
- this.digestMethodFactory = digestMethodFactory;
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java deleted file mode 100644 index 5ec02893..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java +++ /dev/null @@ -1,235 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.util.Iterator;
-
-import javax.xml.XMLConstants;
-import javax.xml.namespace.NamespaceContext;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.slbinding.impl.SignatureLocationType;
-
-/**
- * This class implements the <code>SignatureLocation</code> of an XML-Signature
- * to be created by the security layer command <code>CreateXMLSignature</code>.
- *
- * @author mcentner
- */
-public class SignatureLocation {
-
- /**
- * Logging facility.
- */
- private static Log log = LogFactory.getLog(SignatureLocation.class);
-
- /**
- * The SignatureContext for the XML signature
- */
- private SignatureContext ctx;
-
- /**
- * The parent node for the XML signature.
- */
- private Node parent;
-
- /**
- * The next sibling node for the XML signature.
- */
- private Node nextSibling;
-
- /**
- * Creates a new SignatureLocation with the given <code>signatureContext</code>
- *
- * @param signatureContext the context for the XML signature creation
- */
- public SignatureLocation(SignatureContext signatureContext) {
- this.ctx = signatureContext;
- }
-
- /**
- * @return the parent node for the XML signature
- */
- public Node getParent() {
- return parent;
- }
-
- /**
- * @param parent the parent for the XML signature
- */
- public void setParent(Node parent) {
- this.parent = parent;
- }
-
- /**
- * @return the next sibling node for the XML signature
- */
- public Node getNextSibling() {
- return nextSibling;
- }
-
- /**
- * @param nextSibling the next sibling node for the XML signature
- */
- public void setNextSibling(Node nextSibling) {
- this.nextSibling = nextSibling;
- }
-
- /**
- * Configures this SignatureLocation with the information provided by the
- * given <code>SignatureInfo</code> element.
- *
- * @param signatureInfo
- * the <code>SignatureInfo</code> element
- *
- * @throws SLCommandException
- * if configuring this SignatureLocation with given
- * <code>signatureInfo</code>fails
- */
- public void setSignatureInfo(SignatureInfoCreationType signatureInfo)
- throws SLCommandException {
-
- // evaluate signature location XPath ...
- SignatureLocationType signatureLocation = (SignatureLocationType) signatureInfo
- .getSignatureLocation();
-
- NamespaceContext namespaceContext = new MOAIDWorkaroundNamespaceContext(
- signatureLocation.getNamespaceContext());
-
- parent = evaluateSignatureLocation(signatureInfo.getSignatureLocation()
- .getValue(), namespaceContext, ctx.getDocument().getDocumentElement());
-
- // ... and index
- nextSibling = findNextSibling(parent, signatureInfo.getSignatureLocation()
- .getIndex().intValue());
-
- }
-
- /**
- * Evaluates the given <code>xpath</code> with the document element as context node
- * and returns the resulting node.
- *
- * @param xpath the XPath expression
- * @param nsContext the namespace context of the XPath expression
- * @param contextNode the context node for the XPath evaluation
- *
- * @return the result of evaluating the XPath expression
- *
- * @throws SLCommandException
- */
- private Node evaluateSignatureLocation(String xpath, NamespaceContext nsContext, Node contextNode) throws SLCommandException {
-
- Node node = null;
- try {
- XPathFactory xpathFactory = XPathFactory.newInstance();
- XPath xPath = xpathFactory.newXPath();
- xPath.setNamespaceContext(nsContext);
- XPathExpression xpathExpr = xPath.compile(xpath);
- node = (Node) xpathExpr.evaluate(contextNode, XPathConstants.NODE);
- } catch (XPathExpressionException e) {
- log.info("Failed to evaluate SignatureLocation XPath expression '" + xpath + "' on context node.", e);
- throw new SLCommandException(4102);
- }
-
- if (node == null) {
- log.info("Failed to evaluate SignatureLocation XPath expression '" + xpath + "'. Result is empty.");
- throw new SLCommandException(4102);
- }
-
- return node;
-
- }
-
- /**
- * Finds the next sibling node of the <code>parent</code>'s <code>n</code>-th child node
- * or <code>null</code> if there is no next sibling.
- *
- * @param parent the parent node
- * @param n the index of the child node
- *
- * @return the next sibling node of the node specified by <code>parent</code> and index <code>n</code>,
- * or <code>null</code> if there is no next sibling node.
- *
- * @throws SLCommandException if the <code>n</code>-th child of <code>parent</code> does not exist
- */
- private Node findNextSibling(Node parent, int n) throws SLCommandException {
-
- NodeList childNodes = parent.getChildNodes();
- Node childNode = childNodes.item(n);
- if (childNode == null) {
- log.info("SingatureLocation Index '" + n + "' not found in document.");
- throw new SLCommandException(4102);
- } else {
- return childNode.getNextSibling();
- }
-
- }
-
- /**
- * Workaround for a missing namespace prefix declaration in MOA-ID.
- *
- * @author mcentner
- */
- private class MOAIDWorkaroundNamespaceContext implements NamespaceContext {
-
- private NamespaceContext namespaceContext;
-
- public MOAIDWorkaroundNamespaceContext(NamespaceContext namespaceContext) {
- super();
- this.namespaceContext = namespaceContext;
- }
-
- @Override
- public String getNamespaceURI(String prefix) {
-
- String namespaceURI = namespaceContext.getNamespaceURI(prefix);
-
- if ((namespaceURI == null || XMLConstants.NULL_NS_URI.equals(namespaceURI)) && "saml".equals(prefix)) {
- namespaceURI = "urn:oasis:names:tc:SAML:1.0:assertion";
- log.debug("Namespace prefix '" + prefix + "' resolved to '" + namespaceURI + "' (MOA-ID Workaround).");
- } else {
- log.trace("Namespace prefix '" + prefix + "' resolved to '" + namespaceURI + "'.");
- }
-
- return namespaceURI;
- }
-
- @Override
- public String getPrefix(String namespaceURI) {
- return namespaceContext.getPrefix(namespaceURI);
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public Iterator getPrefixes(String namespaceURI) {
- return namespaceContext.getPrefixes(namespaceURI);
- }
-
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SimpleDOMErrorHandler.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SimpleDOMErrorHandler.java deleted file mode 100644 index 0d54adce..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SimpleDOMErrorHandler.java +++ /dev/null @@ -1,98 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.w3c.dom.DOMError;
-import org.w3c.dom.DOMErrorHandler;
-
-/**
- * A simple DOMErrorHandler implementation.
- *
- * @author mcentner
- */
-public class SimpleDOMErrorHandler implements DOMErrorHandler {
-
- /**
- * Have there been errors reported?
- */
- private boolean errors = false;
-
- /**
- * Have there been fatal error reported?
- */
- private boolean fatalErrors = false;
-
- /**
- * The list of error messages of reported errors.
- */
- private List<String> errorMessages = new ArrayList<String>();
-
- /**
- * @return <code>true</code> if errors have been reported, or <code>false</code> otherwise
- */
- public boolean hasErrors() {
- return errors;
- }
-
- /**
- * @return <code>true</code> if fatal errors have been reported, or <code>false</code> otherwise
- */
- public boolean hasFatalErrors() {
- return fatalErrors;
- }
-
- /**
- * @return a list of error messages that have been reported
- */
- public List<String> getErrorMessages() {
- return errorMessages;
- }
-
- /* (non-Javadoc)
- * @see org.w3c.dom.DOMErrorHandler#handleError(org.w3c.dom.DOMError)
- */
- @Override
- public boolean handleError(DOMError error) {
-
- switch (error.getSeverity()) {
-
- case DOMError.SEVERITY_WARNING :
-// log.debug("[warning] " + error.getMessage());
- return true;
-
- case DOMError.SEVERITY_ERROR :
-// log.debug("[error] " + error.getMessage());
- errorMessages.add(error.getMessage());
- errors = true;
- return false;
-
- case DOMError.SEVERITY_FATAL_ERROR :
-// log.debug("[fatal error] " + error.getMessage());
- errorMessages.add(error.getMessage());
- fatalErrors = true;
- return false;
-
- default:
- return false;
- }
-
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java deleted file mode 100644 index c94937be..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java +++ /dev/null @@ -1,103 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import iaik.xml.crypto.utils.URIDereferencerImpl;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-
-import javax.xml.crypto.Data;
-import javax.xml.crypto.OctetStreamData;
-import javax.xml.crypto.URIDereferencer;
-import javax.xml.crypto.URIReference;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.XMLCryptoContext;
-
-import at.gv.egiz.bku.utils.urldereferencer.StreamData;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
-
-/**
- * An URIDereferencer implementation that uses an {@link URLDereferencer} to
- * dereference.
- *
- * @author mcentner
- */
-public class URIDereferncerAdapter implements URIDereferencer {
-
- /**
- * The context for dereferencing.
- */
- protected URLDereferencerContext urlDereferencerContext;
-
- /**
- * Creates a new URIDereferencerAdapter instance with the given
- * <code>urlDereferencerContext</code>.
- *
- * @param urlDereferencerContext the context to be used for dereferencing
- */
- public URIDereferncerAdapter(URLDereferencerContext urlDereferencerContext) {
- super();
- this.urlDereferencerContext = urlDereferencerContext;
- }
-
- /* (non-Javadoc)
- * @see javax.xml.crypto.URIDereferencer#dereference(javax.xml.crypto.URIReference, javax.xml.crypto.XMLCryptoContext)
- */
- @Override
- public Data dereference(URIReference uriReference, XMLCryptoContext context)
- throws URIReferenceException {
-
- String uriString = uriReference.getURI();
- if (uriString == null) {
- return null;
- }
-
- URI uri;
- try {
- uri = new URI(uriString);
- } catch (URISyntaxException e) {
- throw new URIReferenceException(e.getMessage(), e);
- }
-
- if (uri.isAbsolute()) {
-
- URLDereferencer dereferencer = URLDereferencer.getInstance();
- StreamData streamData;
- try {
- streamData = dereferencer.dereference(uriString, urlDereferencerContext);
- } catch (IOException e) {
- throw new URIReferenceException(e.getMessage(), e);
- }
- return new OctetStreamData(streamData.getStream(), uriString, streamData.getContentType());
-
- } else {
-
- URIDereferencer uriDereferencer = context.getURIDereferencer();
- if (uriDereferencer == null || uriDereferencer == this) {
- uriDereferencer = new URIDereferencerImpl();
- }
-
- return uriDereferencer.dereference(uriReference, context);
-
- }
-
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTReference.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTReference.java deleted file mode 100644 index 6b388f2a..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTReference.java +++ /dev/null @@ -1,112 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import iaik.xml.crypto.dsig.DigestMethodImpl;
-import iaik.xml.crypto.dsig.DigestValueImpl;
-import iaik.xml.crypto.dsig.ReferenceImpl;
-import iaik.xml.crypto.dsig.TransformImpl;
-import iaik.xml.crypto.dsig.TransformsImpl;
-
-import javax.xml.crypto.Data;
-import javax.xml.crypto.URIDereferencer;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.XMLCryptoContext;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.TransformException;
-
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
-
-/**
- * This class extends the XSECT ReferenceImpl to allow for the use
- * of already marshalled <code>ds:Transforms</code> elements for initialization.
- *
- * @author mcentner
- */
-public class XSECTReference extends ReferenceImpl {
-
- /**
- * The URIDereferencer to be used for dereferencing.
- */
- protected URIDereferencer dereferencer;
-
- /**
- * Creates a new instance of this XSECTReference with the given
- * <code>uri</code>, digest method, <code>transforms</code>, <code>type</code>
- * and <code>id</code> value.
- *
- * @param uri
- * the <code>URI</code>-attribute value (may be <code>null</code>)
- * @param dm
- * the digest method
- * @param transforms
- * a TransformsImpl element (may be <code>null</code>)
- * @param type
- * the <code>Type</code>-attribute value (may be <code>null</code>)
- * @param id
- * the <code>Id</code>-attribute value (may be <code>null</code>)
- *
- * @throws NullPointerException
- * if <code>digestMethod</code> is <code>null</code>
- * @throws IllegalArgumentException
- * if <code>uri</code> is not RFC 2396 compliant
- * @throws ClassCastException
- * if any of the <code>transforms</code> is not of type
- * {@link TransformImpl}
- */
- public XSECTReference(String uri, DigestMethod dm, TransformsImpl transforms, String type,
- String id) {
- super(uri, transforms, type, id);
- digestMethod_ = (DigestMethodImpl) dm;
- digestValue_ = new DigestValueImpl();
- }
-
- /* (non-Javadoc)
- * @see iaik.xml.crypto.dsig.ReferenceType#dereference(javax.xml.crypto.XMLCryptoContext)
- */
- @Override
- public Data dereference(XMLCryptoContext context) throws TransformException,
- URIReferenceException {
- if (dereferencer != null) {
- return dereferencer.dereference(this, context);
- } else {
- try {
- return super.dereference(context);
- } catch (URIReferenceException e) {
- SLCommandException commandException = new SLCommandException(4003,
- SLExceptionMessages.EC4003_NOT_RESOLVED, new Object[] { getURI() });
- throw new URIReferenceException("Failed to dereference data to-be signed.", commandException);
- }
- }
- }
-
- /**
- * @return the dereferencer to be used for dereferencing this reference
- */
- public URIDereferencer getDereferencer() {
- return dereferencer;
- }
-
- /**
- * @param dereferencer the dereferencer to be used for dereferencing this reference
- */
- public void setDereferencer(URIDereferencer dereferencer) {
- this.dereferencer = dereferencer;
- }
-
-}
diff --git a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTTransforms.java b/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTTransforms.java deleted file mode 100644 index a98e4236..00000000 --- a/mocca-1.2.11/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTTransforms.java +++ /dev/null @@ -1,124 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import iaik.xml.crypto.dsig.TransformImpl;
-import iaik.xml.crypto.dsig.TransformsImpl;
-
-import java.util.List;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.Transform;
-
-import org.w3c.dom.Node;
-
-/**
- * This class extends the XSECT TransformsImpl to allow for the use of an
- * unmarshalled <code>ds:Transforms</code> element for initalization.
- *
- * @author mcentner
- */
-public class XSECTTransforms extends TransformsImpl {
-
- /**
- * Creates a new XSECTTransforms with the given list of <code>transforms</code>.
- *
- * @param transforms a list of {@link TransformImpl}s
- * @see TransformsImpl#TransformsImpl(List)
- */
- @SuppressWarnings("unchecked")
- public XSECTTransforms(List transforms) {
- super(transforms);
- }
-
- /**
- * Creates a new XSECTTransforms and initializes it from the given
- * <code>ds:Transforms</code> node.
- *
- * @param context the context used for unmarshalling
- * @param node the <code>ds:Transforms</code> node
- *
- * @throws MarshalException if unmarshalling the <code>ds:Transforms</code> fails
- */
- public XSECTTransforms(DOMCryptoContext context, Node node)
- throws MarshalException {
- super(context, node);
- }
-
- /**
- * Inserts the given <code>transform</code> at the top of the
- * transform list.
- *
- * @param transform the <code>ds:Transform</code> to instert
- */
- @SuppressWarnings("unchecked")
- public void insertTransform(Transform transform) {
- if (transform == null) {
- throw new NullPointerException("Parameter 'transform' must not be null.");
- }
- if (!(transform instanceof TransformImpl)) {
- throw new ClassCastException("Transform 'transform' must be of type '" + TransformImpl.class.getName() + "'.");
- }
- transforms_.add(0, transform);
- }
-
- /**
- * @return
- */
- @SuppressWarnings("unchecked")
- private List<TransformImpl> getTransformImpls() {
- return transforms_;
- }
-
- /* (non-Javadoc)
- * @see iaik.xml.crypto.dsig.TransformsType#marshal(javax.xml.crypto.dom.DOMCryptoContext, org.w3c.dom.Node, org.w3c.dom.Node)
- */
- @Override
- public Node marshal(DOMCryptoContext context, Node parent, Node nextSibling)
- throws MarshalException {
-
- if (getNode() != null) {
- // If this TransformsImpl has been unmarshalled from exiting nodes,
- // we don't want to re-marshal ...
- state_ = STATE_MARSHALED;
-
- // ... but append the existing node to the parent ...
- Node transformsNode = parent.insertBefore(getNode(), nextSibling);
-
- // ... and marshal any Transforms not yet marshalled (e.g. that
- // have been added via insertTransform().
- Node transformNextSibling = transformsNode.getFirstChild();
- List<TransformImpl> transforms = getTransformImpls();
- for (int i = 0; i < transforms.size(); i++) {
- TransformImpl transform = transforms.get(i);
- Node transformNode = transform.getNode();
- if (transformNode == null) {
- // marshall TransformImpl
- transformNode = transform.marshal(context, transformsNode, transformNextSibling);
- }
- transformNextSibling = transformNode.getNextSibling();
- }
-
- return transformsNode;
- } else {
- return super.marshal(context, parent, nextSibling);
- }
-
- }
-
-}
|