From 255269ab17404fa1249c257e88815cbbee6e0d0f Mon Sep 17 00:00:00 2001 From: clemenso Date: Mon, 13 Oct 2008 12:53:57 +0000 Subject: ExternalDisplaySignRequestHandler git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@105 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/online/applet/BKUApplet.java | 1 + .../at/gv/egiz/bku/online/applet/BKUWorker.java | 32 +++- .../applet/ExternalDisplaySignRequestHandler.java | 45 +++++ .../online/applet/SignRequestHandlerFactory.java | 21 +++ .../bku/online/applet/WSSignRequestHandler.java | 168 ------------------- .../applet/WebServiceSignRequestHandler.java | 167 ++++++++++++++++++ .../main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java | 1 + .../at/gv/egiz/bku/gui/Messages.properties | 1 + .../src/main/resources/images/chipperling_only.png | Bin 0 -> 3291 bytes .../main/resources/images/mocca_chipperling.png | Bin 0 -> 4103 bytes .../bku/local/stal/LocalSignRequestHandler.java | 93 +++++++---- BKUOnline/src/main/webapp/appletPage.jsp | 1 + .../bku/smccstal/CashedHashDataInputResolver.java | 27 --- .../gv/egiz/bku/smccstal/HashDataInputDisplay.java | 30 ++++ .../gv/egiz/bku/smccstal/SignRequestHandler.java | 186 ++++++--------------- 15 files changed, 407 insertions(+), 366 deletions(-) create mode 100644 BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java create mode 100644 BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/SignRequestHandlerFactory.java delete mode 100644 BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java create mode 100644 BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java create mode 100644 BKUCommonGUI/src/main/resources/images/chipperling_only.png create mode 100644 BKUCommonGUI/src/main/resources/images/mocca_chipperling.png delete mode 100644 smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java create mode 100644 smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/HashDataInputDisplay.java diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java index ab38c163..32c4feaa 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java @@ -46,6 +46,7 @@ public class BKUApplet extends JApplet { public final static String LOCALE_PARAM_KEY = "Locale"; public final static String LOGO_URL_KEY = "LogoURL"; public final static String WSDL_URL = "WSDL_URL"; + public final static String HASHDATA_URL = "HashDataURL"; public final static String SESSION_ID = "SessionID"; public static final String BACKGROUND_PARAM = "background"; diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java index fbf74162..d5ba4e40 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java @@ -46,6 +46,7 @@ import at.gv.egiz.stal.service.types.ErrorResponseType; import at.gv.egiz.stal.service.types.RequestType; import at.gv.egiz.stal.service.types.ResponseType; import at.gv.egiz.stal.util.STALTranslator; +import java.applet.AppletContext; public class BKUWorker extends AbstractSMCCSTAL implements Runnable, ActionListener, SMCCSTALRequestHandler { @@ -54,6 +55,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, protected BKUGUIFacade gui; protected BKUApplet parent; private STALPortType stalPort; + private URL hashDataURL; protected List actionCommandList = new ArrayList(); protected Boolean actionPerformed = false; protected boolean finished = false; @@ -115,13 +117,30 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, STALService stal = new STALService(wsdlURL, endpointName); return stal.getSTALPort(); } + + private URL getHashDataURL() throws MalformedURLException { + String hashDataParam = parent.getMyAppletParameter(BKUApplet.HASHDATA_URL); + URL codebase = parent.getCodeBase(); + if (hashDataParam != null) { + try { + return new URL(codebase, hashDataParam); +// log.debug("Found HashDataInputServlet URL: " + hashDataURL); + } catch (MalformedURLException ex) { + log.fatal("Paremeter " + BKUApplet.HASHDATA_URL + " is not a vailid URL.", ex); + throw new MalformedURLException(ex.getMessage()); + } + } else { + log.fatal("Paremeter " + BKUApplet.HASHDATA_URL + " not set"); + throw new MalformedURLException(BKUApplet.HASHDATA_URL + " not set"); + } + } @Override public void run() { gui.showWelcomeDialog(); try { stalPort = getSTALPort(); - + hashDataURL = getHashDataURL(); } catch (Exception e) { log.fatal("Failed to call STAL service.", e); actionCommandList.clear(); @@ -135,14 +154,21 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, } return; } + + //TODO factory for SignRequestHandler providing either WebServiceHDISignRequestHandler or ExternalHDIDisplaySignRequestHandler + AppletContext ctx = parent.getAppletContext(); + log.debug("register SignRequestHandler for HashDataURL " + hashDataURL); + addRequestHandler(at.gv.egiz.stal.SignRequest.class, new ExternalDisplaySignRequestHandler(ctx, hashDataURL)); + try { String sessionId = parent.getMyAppletParameter(BKUApplet.SESSION_ID); if (sessionId == null) { // use the testsession for testing sessionId = "TestSession"; } - addRequestHandler(at.gv.egiz.stal.SignRequest.class, - new WSSignRequestHandler(sessionId, stalPort)); + +// log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL); +// addRequestHandler(at.gv.egiz.stal.SignRequest.class, new WebServiceSignRequestHandler(sessionId, stalPort)); ObjectFactory of = new ObjectFactory(); GetNextRequestResponseType nextRequestResp = stalPort.connect(sessionId); diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java new file mode 100644 index 00000000..a9bbc559 --- /dev/null +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java @@ -0,0 +1,45 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.bku.online.applet; + +import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; +import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.applet.AppletContext; +import java.net.URL; +import java.util.List; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author clemens + */ +public class ExternalDisplaySignRequestHandler extends SignRequestHandler { + + private static final Log log = LogFactory.getLog(ExternalDisplaySignRequestHandler.class); + + AppletContext ctx; + URL hashDataURL; + + public ExternalDisplaySignRequestHandler(AppletContext ctx, URL hashDataURL) { + this.ctx = ctx; + this.hashDataURL = hashDataURL; + } + + @Override + public SMCCSTALRequestHandler newInstance() { + return new ExternalDisplaySignRequestHandler(ctx, hashDataURL); + } + + @Override + public void displayHashDataInputs(List signedReferences) throws Exception { + //TODO pass reference Id's to servlet (TODO servlet) + log.debug("displaying hashdata inputs at " + hashDataURL); + ctx.showDocument(hashDataURL, "_blank"); + } + +} diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/SignRequestHandlerFactory.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/SignRequestHandlerFactory.java new file mode 100644 index 00000000..327ea8aa --- /dev/null +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/SignRequestHandlerFactory.java @@ -0,0 +1,21 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.bku.online.applet; + +import at.gv.egiz.bku.smccstal.SignRequestHandler; + +/** + * + * @author clemens + */ +public class SignRequestHandlerFactory { + + static SignRequestHandler getInstance() { + //TODO return ExternalDisplaySignRequestHandler by default, WebServiceSignRequestHandler if requested + //TODO get configuration as param + return null; + } +} diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java deleted file mode 100644 index 3a36a290..00000000 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java +++ /dev/null @@ -1,168 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.online.applet; - -import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; -import at.gv.egiz.bku.smccstal.SignRequestHandler; -import at.gv.egiz.stal.HashDataInput; -import at.gv.egiz.stal.impl.ByteArrayHashDataInput; -import at.gv.egiz.stal.service.STALPortType; -import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; -import at.gv.egiz.stal.service.types.GetHashDataInputType; -import at.gv.egiz.stal.signedinfo.DigestMethodType; -import at.gv.egiz.stal.signedinfo.ReferenceType; -import java.security.DigestException; -import java.security.MessageDigest; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map.Entry; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * - * @author clemens - */ -public class WSSignRequestHandler extends SignRequestHandler { - - private static final Log log = LogFactory.getLog(WSSignRequestHandler.class); - STALPortType stalPort; - String sessId; - - public WSSignRequestHandler(String sessId, STALPortType stalPort) { - if (stalPort == null || sessId == null) { - throw new NullPointerException("STAL port must not be null"); - } - this.sessId = sessId; - this.stalPort = stalPort; - } - - @Override - public List getCashedHashDataInputs(List signedReferences) throws Exception { - - GetHashDataInputType request = new GetHashDataInputType(); - request.setSessionId(sessId); - - HashMap idSignedRefMap = new HashMap(); - for (ReferenceType signedRef : signedReferences) { - //don't get Manifest, QualifyingProperties, ... - if (signedRef.getType() == null) { - String signedRefId = signedRef.getId(); - if (signedRefId != null) { - if (log.isTraceEnabled()) { - log.trace("requesting hashdata input for reference " + signedRefId); - } - idSignedRefMap.put(signedRefId, signedRef); - GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); - ref.setID(signedRefId); - request.getReference().add(ref); - - } else { - throw new Exception("Cannot resolve HashDataInput for reference without Id attribute"); - } - } - } - - if (log.isDebugEnabled()) { - log.debug("Calling GetHashDataInput for " + request.getReference().size() + " references in session " + sessId); - } - GetHashDataInputResponseType response = stalPort.getHashDataInput(request); - ArrayList hashDataInputs = new ArrayList(); - - //hashdata inputs returned from service - HashMap idRefMap = new HashMap(); - for (GetHashDataInputResponseType.Reference reference : response.getReference()) { - String id = reference.getID(); - byte[] hdi = reference.getValue(); - if (hdi == null) { - throw new Exception("Did not receive hashdata input for reference " + id); - } - idRefMap.put(id, reference); - } - - for (String signedRefId : idSignedRefMap.keySet()) { - log.info("validating hashdata input for reference " + signedRefId); - - GetHashDataInputResponseType.Reference reference = idRefMap.get(signedRefId); - if (reference == null) { - throw new Exception("No hashdata input for reference " + signedRefId + " returned by service"); - } - -// } -// -// for (GetHashDataInputResponseType.Reference reference : response.getReference()) { -// -// String id = reference.getID(); - byte[] hdi = reference.getValue(); - String mimeType = reference.getMimeType(); - String encoding = reference.getEncoding(); - - if (hdi == null) { - throw new Exception("No hashdata input provided for reference " + signedRefId); - } - if (log.isDebugEnabled()) { - log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")"); - } - - ReferenceType dsigRef = idSignedRefMap.get(signedRefId); - DigestMethodType dm = dsigRef.getDigestMethod(); - - if (dm == null) { - throw new Exception("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm"); - } - String mdAlg = dm.getAlgorithm(); - if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) - mdAlg = "SHA-1"; - else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) - mdAlg = "SHA-256"; - else if ("http://www.w3.org/2001/04/xmlenc#sha224 ".equals(mdAlg)) - mdAlg = "SHA-224"; - else if ("http://www.w3.org/2001/04/xmldsig-more#sha224 ".equals(mdAlg)) - mdAlg = "SHA-224"; - else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) - mdAlg = "SHA-384"; - else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) - mdAlg = "SHA-512"; - else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) - mdAlg = "MD2"; - else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) - mdAlg = "MD5"; - else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) - mdAlg = "RipeMD-160"; - else { - throw new Exception("Failed to verify digest value for reference " + signedRefId + ": unsupported digest algorithm " + mdAlg); - } - MessageDigest md = MessageDigest.getInstance(mdAlg); - byte[] hdiDigest = md.digest(hdi); - if (log.isDebugEnabled()) - log.debug("Comparing digest values... "); - if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) { - log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue())); - throw new DigestException("Bad digest value for reference " + signedRefId + ": " + new String(dsigRef.getDigestValue())); - } - hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); - } - return hashDataInputs; - } - - @Override - public SMCCSTALRequestHandler newInstance() { - return new WSSignRequestHandler(this.sessId, this.stalPort); - } -} diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java new file mode 100644 index 00000000..4a87b8b5 --- /dev/null +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java @@ -0,0 +1,167 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.online.applet; + +import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; +import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; +import at.gv.egiz.stal.service.STALPortType; +import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; +import at.gv.egiz.stal.service.types.GetHashDataInputType; +import at.gv.egiz.stal.signedinfo.DigestMethodType; +import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.security.DigestException; +import java.security.MessageDigest; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * @author clemens + */ +public class WebServiceSignRequestHandler extends SignRequestHandler { + + private static final Log log = LogFactory.getLog(WebServiceSignRequestHandler.class); + STALPortType stalPort; + String sessId; + + public WebServiceSignRequestHandler(String sessId, STALPortType stalPort) { + if (stalPort == null || sessId == null) { + throw new NullPointerException("STAL port must not be null"); + } + this.sessId = sessId; + this.stalPort = stalPort; + } + + @Override + public void displayHashDataInputs(List signedReferences) throws Exception { + + GetHashDataInputType request = new GetHashDataInputType(); + request.setSessionId(sessId); + + HashMap idSignedRefMap = new HashMap(); + for (ReferenceType signedRef : signedReferences) { + //don't get Manifest, QualifyingProperties, ... + if (signedRef.getType() == null) { + String signedRefId = signedRef.getId(); + if (signedRefId != null) { + if (log.isTraceEnabled()) { + log.trace("requesting hashdata input for reference " + signedRefId); + } + idSignedRefMap.put(signedRefId, signedRef); + GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); + ref.setID(signedRefId); + request.getReference().add(ref); + + } else { + throw new Exception("Cannot resolve HashDataInput for reference without Id attribute"); + } + } + } + + if (log.isDebugEnabled()) { + log.debug("Calling GetHashDataInput for " + request.getReference().size() + " references in session " + sessId); + } + GetHashDataInputResponseType response = stalPort.getHashDataInput(request); + ArrayList hashDataInputs = new ArrayList(); + + //hashdata inputs returned from service + HashMap idRefMap = new HashMap(); + for (GetHashDataInputResponseType.Reference reference : response.getReference()) { + String id = reference.getID(); + byte[] hdi = reference.getValue(); + if (hdi == null) { + throw new Exception("Did not receive hashdata input for reference " + id); + } + idRefMap.put(id, reference); + } + + for (String signedRefId : idSignedRefMap.keySet()) { + log.info("validating hashdata input for reference " + signedRefId); + + GetHashDataInputResponseType.Reference reference = idRefMap.get(signedRefId); + if (reference == null) { + throw new Exception("No hashdata input for reference " + signedRefId + " returned by service"); + } + +// } +// +// for (GetHashDataInputResponseType.Reference reference : response.getReference()) { +// +// String id = reference.getID(); + byte[] hdi = reference.getValue(); + String mimeType = reference.getMimeType(); + String encoding = reference.getEncoding(); + + if (hdi == null) { + throw new Exception("No hashdata input provided for reference " + signedRefId); + } + if (log.isDebugEnabled()) { + log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")"); + } + + ReferenceType dsigRef = idSignedRefMap.get(signedRefId); + DigestMethodType dm = dsigRef.getDigestMethod(); + + if (dm == null) { + throw new Exception("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm"); + } + String mdAlg = dm.getAlgorithm(); + if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) + mdAlg = "SHA-1"; + else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) + mdAlg = "SHA-256"; + else if ("http://www.w3.org/2001/04/xmlenc#sha224 ".equals(mdAlg)) + mdAlg = "SHA-224"; + else if ("http://www.w3.org/2001/04/xmldsig-more#sha224 ".equals(mdAlg)) + mdAlg = "SHA-224"; + else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) + mdAlg = "SHA-384"; + else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) + mdAlg = "SHA-512"; + else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) + mdAlg = "MD2"; + else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) + mdAlg = "MD5"; + else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) + mdAlg = "RipeMD-160"; + else { + throw new Exception("Failed to verify digest value for reference " + signedRefId + ": unsupported digest algorithm " + mdAlg); + } + MessageDigest md = MessageDigest.getInstance(mdAlg); + byte[] hdiDigest = md.digest(hdi); + if (log.isDebugEnabled()) + log.debug("Comparing digest values... "); + if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) { + log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue())); + throw new DigestException("Bad digest value for reference " + signedRefId + ": " + new String(dsigRef.getDigestValue())); + } + hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); + } + + gui.showHashDataInputDialog(hashDataInputs, this, "ok"); + } + + @Override + public SMCCSTALRequestHandler newInstance() { + return new WebServiceSignRequestHandler(this.sessId, this.stalPort); + } +} diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java index 4925e7fa..0b617271 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java @@ -30,6 +30,7 @@ public interface BKUGUIFacade { public static final String ERR_NO_PCSC = "error.pcsc"; public static final String ERR_NO_CARDTERMINAL = "error.cardterminal"; public static final String ERR_NO_HASHDATA = "error.no.hashdata"; + public static final String ERR_DISPLAY_HASHDATA = "error.display.hashdata"; public static final String ERR_WRITE_HASHDATA = "error.write.hashdata"; public static final String ERR_INVALID_HASH = "error.invalid.hash"; diff --git a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties index abed420f..e7716ae9 100644 --- a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties +++ b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties @@ -50,6 +50,7 @@ save.hashdatainput.prefix=Signaturdaten # Error Messages error.no.hashdata=Keine Signaturdaten verf\u00FCgbar: {0} +error.display.hashdata=Signaturdaten konnten nicht dargestellt werden: {0} error.write.hashdata=Die Signaturdaten konnten nicht gespeichert werden: {0} error.invalid.hash=Die Signaturdaten sind ung\u00FCltig: {0} error.ws.unreachable=Das Web-Service ist nicht erreichbar: {0} diff --git a/BKUCommonGUI/src/main/resources/images/chipperling_only.png b/BKUCommonGUI/src/main/resources/images/chipperling_only.png new file mode 100644 index 00000000..57063b9a Binary files /dev/null and b/BKUCommonGUI/src/main/resources/images/chipperling_only.png differ diff --git a/BKUCommonGUI/src/main/resources/images/mocca_chipperling.png b/BKUCommonGUI/src/main/resources/images/mocca_chipperling.png new file mode 100644 index 00000000..4ee2d054 Binary files /dev/null and b/BKUCommonGUI/src/main/resources/images/mocca_chipperling.png differ diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java index ca420f13..4330f570 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java @@ -17,6 +17,7 @@ package at.gv.egiz.bku.local.stal; import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput; +import java.io.IOException; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -41,68 +42,92 @@ import java.io.InputStream; */ public class LocalSignRequestHandler extends SignRequestHandler { - private static final Log log = LogFactory - .getLog(LocalSignRequestHandler.class); - private List hashDataInput = Collections.EMPTY_LIST; - - public LocalSignRequestHandler() { - } + private static final Log log = LogFactory.getLog(LocalSignRequestHandler.class); + private List hashDataInputs = Collections.EMPTY_LIST; + /** + * If the request is a SIGN request, it contains a list of DataObjectHashDataInput + * providing the pre-digested input stream (that can be obtained repeatedly) if + * reference caching is enabled (or null otherwise). + * @param request + * @return + */ @SuppressWarnings("unchecked") @Override public STALResponse handleRequest(STALRequest request) { if (request instanceof SignRequest) { SignRequest signReq = (SignRequest) request; - hashDataInput = signReq.getHashDataInput(); + hashDataInputs = signReq.getHashDataInput(); } return super.handleRequest(request); } + /** + * + * @param dsigReferences + * @throws java.lang.Exception + */ @Override - public List getCashedHashDataInputs( - List dsigReferences) throws Exception { - ArrayList result = new ArrayList(); + public void displayHashDataInputs(List dsigReferences) throws Exception { + if (dsigReferences == null || dsigReferences.size() < 1) { + log.error("No hashdata input selected to be displayed: null"); + throw new Exception("No HashData Input selected to be displayed"); + } + + ArrayList selectedHashDataInputs = new ArrayList(); for (ReferenceType dsigRef : dsigReferences) { // don't get Manifest, QualifyingProperties, ... if (dsigRef.getType() == null) { String dsigRefId = dsigRef.getId(); if (dsigRefId != null) { - for (HashDataInput hdi : hashDataInput) { - if (hdi.getReferenceId().equals(dsigRefId)) { - if (hdi instanceof DataObjectHashDataInput) { - if (log.isTraceEnabled()) - log.trace("adding DataObjectHashDataInput"); - result.add(hdi); - } else if (hdi instanceof ByteArrayHashDataInput) { - if (log.isTraceEnabled()) - log.trace("adding ByteArrayHashDataInput"); - result.add(hdi); - } else { - if (log.isDebugEnabled()) - log.debug("provided HashDataInput not chaching enabled, creating ByteArrayHashDataInput"); - - InputStream hdIs = hdi.getHashDataInput(); - ByteArrayOutputStream baos = new ByteArrayOutputStream(hdIs.available()); - int b; - while ((b = hdIs.read()) != -1) { - baos.write(b); - } - ByteArrayHashDataInput baHdi = new ByteArrayHashDataInput(baos.toByteArray(), hdi.getReferenceId(), hdi.getMimeType(), hdi.getEncoding()); - result.add(baHdi); + boolean hdiAvailable = false; + for (HashDataInput hashDataInput : hashDataInputs) { + if (dsigRefId.equals(hashDataInput.getReferenceId())) { + log.debug("display hashdata input for dsig:SignedReference " + dsigRefId); + if (!(hashDataInput instanceof DataObjectHashDataInput)) { + log.warn( + "expected DataObjectHashDataInput for LocalSignRequestHandler, got " + hashDataInput.getClass().getName()); + hashDataInput = getByteArrayHashDataInput(hashDataInput); } + selectedHashDataInputs.add(hashDataInput); + hdiAvailable = true; + break; } } + if (!hdiAvailable) { + log.error("no hashdata input for dsig:SignedReference " + dsigRefId); + throw new Exception( + "No HashDataInput available for dsig:SignedReference " + dsigRefId); + } } else { throw new Exception( - "Cannot get HashDataInput for dsig:Reference without Id attribute"); + "Cannot get HashDataInput for dsig:Reference without Id attribute"); } } } - return result; + + if (selectedHashDataInputs.size() < 1) { + log.error("dsig:SignedInfo does not contain a data reference"); + throw new Exception("dsig:SignedInfo does not contain a data reference"); + } + gui.showHashDataInputDialog(selectedHashDataInputs, this, "ok"); } @Override public SMCCSTALRequestHandler newInstance() { return new LocalSignRequestHandler(); } + + private ByteArrayHashDataInput getByteArrayHashDataInput(HashDataInput hashDataInput) throws IOException { + + InputStream hdIs = hashDataInput.getHashDataInput(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(hdIs.available()); + int b; + while ((b = hdIs.read()) != -1) { + baos.write(b); + } + ByteArrayHashDataInput hdi = new ByteArrayHashDataInput(baos.toByteArray(), hashDataInput.getReferenceId(), hashDataInput.getMimeType(), hashDataInput.getEncoding()); + + return hdi; + } } diff --git a/BKUOnline/src/main/webapp/appletPage.jsp b/BKUOnline/src/main/webapp/appletPage.jsp index 6c4aee58..903c762d 100644 --- a/BKUOnline/src/main/webapp/appletPage.jsp +++ b/BKUOnline/src/main/webapp/appletPage.jsp @@ -53,6 +53,7 @@ var parameters = { background : '<%=backgroundImg%>', WSDL_URL :'../stal?wsdl', + HashDataURL : '../hashDataInput', SessionID : '<%=session.getId()%>', redirectURL : '../bkuResult' }; diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java deleted file mode 100644 index 05af85d9..00000000 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java +++ /dev/null @@ -1,27 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - -package at.gv.egiz.bku.smccstal; - -import at.gv.egiz.stal.HashDataInput; -import at.gv.egiz.stal.impl.ByteArrayHashDataInput; -import at.gv.egiz.stal.signedinfo.ReferenceType; -import java.security.DigestException; -import java.util.List; -import java.util.Set; - -/** - * - * @author clemens - */ -public interface CashedHashDataInputResolver { - - /** - * implementations may verify the hashvalue - * @post-condition returned list != null - * @return - */ - List getCashedHashDataInputs(List signedReferences) throws DigestException, Exception; -} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/HashDataInputDisplay.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/HashDataInputDisplay.java new file mode 100644 index 00000000..f79a2027 --- /dev/null +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/HashDataInputDisplay.java @@ -0,0 +1,30 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ +package at.gv.egiz.bku.smccstal; + +import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.security.DigestException; +import java.util.List; + +/** + * + * @author clemens + */ +public interface HashDataInputDisplay { + + /** + * Displays the hashdata inputs for all provided dsig:SignedReferences. + * Implementations may verify the digest value if necessary. + * (LocalSignRequestHandler operates on DataObjectHashDataInput, + * other SignRequestHandlers should cache the HashDataInputs obtained by webservice calls, + * or simply forward to a HashDataInputServlet.) + * @param signedReferences The caller may select a subset of the references in SignedInfo to be displayed. + * @throws java.security.DigestException if digest values are verified and do not correspond + * (or any other digest computation error occurs) + * @throws java.lang.Exception + */ + void displayHashDataInputs(List signedReferences) throws DigestException, Exception; + +} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java index 7d994392..dcd12b02 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java @@ -17,6 +17,7 @@ package at.gv.egiz.bku.smccstal; import at.gv.egiz.bku.gui.BKUGUIFacade; +import java.awt.event.ActionEvent; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.security.MessageDigest; @@ -42,31 +43,18 @@ import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; import at.gv.egiz.stal.SignRequest; import at.gv.egiz.stal.SignResponse; -import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import at.gv.egiz.stal.signedinfo.ObjectFactory; -import at.gv.egiz.stal.signedinfo.ReferenceType; import at.gv.egiz.stal.signedinfo.SignedInfoType; import at.gv.egiz.stal.util.JCEAlgorithmNames; -import java.io.ByteArrayOutputStream; -import java.io.IOException; +import java.awt.event.ActionListener; import java.security.DigestException; -import java.security.DigestInputStream; -import java.util.ArrayList; -import java.util.HashMap; import java.util.List; -import java.util.Set; -/** - * This class is NOT thread-safe. - * handleRequest() sets the SignedInfo which is used in providePIN. - */ -public abstract class SignRequestHandler extends AbstractRequestHandler implements - CashedHashDataInputResolver { +public abstract class SignRequestHandler extends AbstractRequestHandler implements HashDataInputDisplay { private static Log log = LogFactory.getLog(SignRequestHandler.class); private static JAXBContext jaxbContext; - static { try { jaxbContext = JAXBContext.newInstance(ObjectFactory.class.getPackage().getName()); @@ -74,11 +62,6 @@ public abstract class SignRequestHandler extends AbstractRequestHandler implemen log.fatal("Cannot init jaxbContext", e); } } - /** the SignedInfo of the current SignRequest */ -// protected SignedInfoType signedInfo; -// protected List hashDataInputs; - -// private int retryCounter = 0; @SuppressWarnings("unchecked") @Override @@ -192,99 +175,10 @@ public abstract class SignRequestHandler extends AbstractRequestHandler implemen // return new SignRequestHandler(); // } - /** - * implementations may verify the hashvalue - * @post-condition returned list != null - * @return - */ - @Override - public abstract List getCashedHashDataInputs(List signedReferences) throws Exception; -// { -// //TODO -// log.warn("Return empty HashDataInput"); -// return new ArrayList(); -// } - + -// protected void validateHashDataInputs(List signedReferences, List hashDataInputs) { -// if (hashDataInputs != null) { -// -// Map hashDataIdMap = new HashMap(); -// for (HashDataInput hdi : hashDataInputs) { -// if (log.isTraceEnabled()) { -// log.trace("Provided HashDataInput for reference " + hdi.getReferenceId()); -// } -// hashDataIdMap.put(hdi.getReferenceId(), hdi); -// } -// -// List reqRefs = request.getReference(); -// for (GetHashDataInputType.Reference reqRef : reqRefs) { -// String reqRefId = reqRef.getID(); -// HashDataInput reqHdi = hashDataIdMap.get(reqRefId); -// if (reqHdi == null) { -// String msg = "Failed to resolve HashDataInput for reference " + reqRefId; -// log.error(msg); -// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); -// faultInfo.setErrorCode(1); -// faultInfo.setErrorMessage(msg); -// throw new GetHashDataInputFault(msg, faultInfo); -// } -// -// InputStream hashDataIS = reqHdi.getHashDataInput(); -// if (hashDataIS == null) { -// //HashDataInput not cached? -// String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached"; -// log.error(msg); -// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); -// faultInfo.setErrorCode(1); -// faultInfo.setErrorMessage(msg); -// throw new GetHashDataInputFault(msg, faultInfo); -// } -// ByteArrayOutputStream baos = null; -// try { -// if (log.isDebugEnabled()) { -// log.debug("Resolved HashDataInput " + reqRefId + " (" + reqHdi.getMimeType() + ";charset=" + reqHdi.getEncoding() + ")"); -// } -// baos = new ByteArrayOutputStream(hashDataIS.available()); -// int c; -// while ((c = hashDataIS.read()) != -1) { -// baos.write(c); -// } -// GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference(); -// ref.setID(reqRefId); -// ref.setMimeType(reqHdi.getMimeType()); -// ref.setEncoding(reqHdi.getEncoding()); -// ref.setValue(baos.toByteArray()); -// response.getReference().add(ref); -// } catch (IOException ex) { -// String msg = "Failed to get HashDataInput for reference " + reqRefId; -// log.error(msg, ex); -// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); -// faultInfo.setErrorCode(1); -// faultInfo.setErrorMessage(msg); -// throw new GetHashDataInputFault(msg, faultInfo, ex); -// } finally { -// try { -// baos.close(); -// } catch (IOException ex) { -// } -// } -// } -// return response; -// } -// for (ReferenceType reference : signedReferences) { -// String algorithm = reference.getDigestMethod().getAlgorithm(); -// -// } -// } - - - /** - * cashes the HashDataInputs provided by SignRequestHandler.this.getHashDataInputs() - * (don't know whether outer class is LocalSignRequestHandler or WSSignRequestHandler, providing DataObjectHDI or ByteArrayHDI, resp) - */ - class STALPinProvider implements PINProvider { + class STALPinProvider implements PINProvider, ActionListener { protected SignedInfoType signedInfo; protected List hashDataInputs; @@ -293,49 +187,73 @@ public abstract class SignRequestHandler extends AbstractRequestHandler implemen public STALPinProvider(SignedInfoType signedInfo) { this.signedInfo = signedInfo; } + + private void showSignaturePINDialog(PINSpec spec, int retries) { + if (retryCounter > 0) { + gui.showSignaturePINRetryDialog(spec, retries, SignRequestHandler.this, "sign", SignRequestHandler.this, + "cancel", SignRequestHandler.this, "hashData"); + } else { + gui.showSignaturePINDialog(spec, SignRequestHandler.this, "sign", SignRequestHandler.this, "cancel", SignRequestHandler.this, + "hashData"); + } + } @Override public String providePIN(PINSpec spec, int retries) { - if (retryCounter++ > 0) { - log.info("PIN wrong retrying ..."); - gui.showSignaturePINRetryDialog(spec, retries, SignRequestHandler.this, "sign", SignRequestHandler.this, - "cancel", SignRequestHandler.this, "hashData"); - } else { - gui.showSignaturePINDialog(spec, SignRequestHandler.this, "sign", SignRequestHandler.this, "cancel", SignRequestHandler.this, - "hashData"); - } + + showSignaturePINDialog(spec, retries); + do { waitForAction(); gui.showWaitDialog(null); if (actionCommand.equals("cancel")) { return null; } else if (actionCommand.equals("hashData")) { - if (signedInfo != null) { + + showSignaturePINDialog(spec, retries); + try { -// gui.showWaitDialog(null); - if (hashDataInputs == null || hashDataInputs.size() == 0) { - hashDataInputs = getCashedHashDataInputs(signedInfo.getReference()); - } - gui.showHashDataInputDialog(hashDataInputs, SignRequestHandler.this, "ok"); + displayHashDataInputs(signedInfo.getReference()); } catch (DigestException ex) { log.error("Bad digest value: " + ex.getMessage()); gui.showErrorDialog(BKUGUIFacade.ERR_INVALID_HASH, new Object[] {ex.getMessage()}); } catch (Exception ex) { - //FIXME localize messages - log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); - gui.showErrorDialog(BKUGUIFacade.ERR_NO_HASHDATA, new Object[] {ex.getMessage()}, SignRequestHandler.this, "ok"); + log.error("Could not display hashdata inputs: " + ex.getMessage()); + gui.showErrorDialog(BKUGUIFacade.ERR_DISPLAY_HASHDATA, new Object[] {ex.getMessage()}, SignRequestHandler.this, "ok"); } - } else { - //FIXME get all hashdatainputs - gui.showErrorDialog(BKUGUIFacade.ERR_NO_HASHDATA, new Object[] {"No dsig:SignedInfo provided"}, SignRequestHandler.this, "ok"); - } + + // OLD HASHDATA DISPLAY (in applet), + // register SignRequestHandler.this as hashdataListener to use +// if (signedInfo != null) { +// try { +// if (hashDataInputs == null || hashDataInputs.size() == 0) { +// hashDataInputs = getCashedHashDataInputs(signedInfo.getReference()); +// } +// gui.showHashDataInputDialog(hashDataInputs, SignRequestHandler.this, "ok"); +// } catch (DigestException ex) { +// log.error("Bad digest value: " + ex.getMessage()); +// gui.showErrorDialog(BKUGUIFacade.ERR_INVALID_HASH, new Object[] {ex.getMessage()}); +// } catch (Exception ex) { +// //FIXME localize messages +// log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); +// gui.showErrorDialog(BKUGUIFacade.ERR_NO_HASHDATA, new Object[] {ex.getMessage()}, SignRequestHandler.this, "ok"); +// } +// } else { +// //FIXME get all hashdatainputs +// gui.showErrorDialog(BKUGUIFacade.ERR_NO_HASHDATA, new Object[] {"No dsig:SignedInfo provided"}, SignRequestHandler.this, "ok"); +// } } else if (actionCommand.equals("sign")) { + retryCounter++; return new String(gui.getPin()); } else if (actionCommand.equals("ok")) { - gui.showSignaturePINDialog(spec, SignRequestHandler.this, "sign", SignRequestHandler.this, "cancel", SignRequestHandler.this, - "hashData"); + showSignaturePINDialog(spec, retries); } } while (true); } + + @Override + public void actionPerformed(ActionEvent e) { + throw new UnsupportedOperationException("Not supported yet."); + } } } -- cgit v1.2.3