From 35364f7492308692bd690c17f5527f4157eb583a Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 7 Oct 2008 17:59:28 +0000 Subject: hashdata digest git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@82 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../bku/online/applet/WSSignRequestHandler.java | 60 ++++++++++++++++------ BKUApplet/src/main/resources/simplelog.properties | 2 +- 2 files changed, 45 insertions(+), 17 deletions(-) (limited to 'BKUApplet/src/main') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java index 5f422164..3a36a290 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java @@ -31,6 +31,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; +import java.util.Map.Entry; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -58,15 +59,18 @@ public class WSSignRequestHandler extends SignRequestHandler { GetHashDataInputType request = new GetHashDataInputType(); request.setSessionId(sessId); - HashMap idRefMap = new HashMap(); - for (ReferenceType reference : signedReferences) { + HashMap idSignedRefMap = new HashMap(); + for (ReferenceType signedRef : signedReferences) { //don't get Manifest, QualifyingProperties, ... - if (reference.getType() == null) { - String referenceId = reference.getId(); - if (referenceId != null) { - idRefMap.put(referenceId, reference); + if (signedRef.getType() == null) { + String signedRefId = signedRef.getId(); + if (signedRefId != null) { + if (log.isTraceEnabled()) { + log.trace("requesting hashdata input for reference " + signedRefId); + } + idSignedRefMap.put(signedRefId, signedRef); GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); - ref.setID(referenceId); + ref.setID(signedRefId); request.getReference().add(ref); } else { @@ -76,31 +80,52 @@ public class WSSignRequestHandler extends SignRequestHandler { } if (log.isDebugEnabled()) { - log.debug("Calling GetHashDataInput for session " + sessId); + log.debug("Calling GetHashDataInput for " + request.getReference().size() + " references in session " + sessId); } GetHashDataInputResponseType response = stalPort.getHashDataInput(request); ArrayList hashDataInputs = new ArrayList(); + //hashdata inputs returned from service + HashMap idRefMap = new HashMap(); for (GetHashDataInputResponseType.Reference reference : response.getReference()) { - String id = reference.getID(); byte[] hdi = reference.getValue(); if (hdi == null) { - throw new Exception("Failed to resolve digest value for reference " + id); + throw new Exception("Did not receive hashdata input for reference " + id); + } + idRefMap.put(id, reference); + } + + for (String signedRefId : idSignedRefMap.keySet()) { + log.info("validating hashdata input for reference " + signedRefId); + + GetHashDataInputResponseType.Reference reference = idRefMap.get(signedRefId); + if (reference == null) { + throw new Exception("No hashdata input for reference " + signedRefId + " returned by service"); } + +// } +// +// for (GetHashDataInputResponseType.Reference reference : response.getReference()) { +// +// String id = reference.getID(); + byte[] hdi = reference.getValue(); String mimeType = reference.getMimeType(); String encoding = reference.getEncoding(); + if (hdi == null) { + throw new Exception("No hashdata input provided for reference " + signedRefId); + } if (log.isDebugEnabled()) { - log.debug("Got HashDataInput " + id + " (" + mimeType + ";" + encoding + ")"); + log.debug("Got HashDataInput " + signedRefId + " (" + mimeType + ";" + encoding + ")"); } - ReferenceType dsigRef = idRefMap.get(id); + ReferenceType dsigRef = idSignedRefMap.get(signedRefId); DigestMethodType dm = dsigRef.getDigestMethod(); + if (dm == null) { - throw new Exception("Failed to verify digest value for reference " + id + ": no digest algorithm"); + throw new Exception("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm"); } - //TODO String mdAlg = dm.getAlgorithm(); if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) mdAlg = "SHA-1"; @@ -120,15 +145,18 @@ public class WSSignRequestHandler extends SignRequestHandler { mdAlg = "MD5"; else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) mdAlg = "RipeMD-160"; + else { + throw new Exception("Failed to verify digest value for reference " + signedRefId + ": unsupported digest algorithm " + mdAlg); + } MessageDigest md = MessageDigest.getInstance(mdAlg); byte[] hdiDigest = md.digest(hdi); if (log.isDebugEnabled()) log.debug("Comparing digest values... "); if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) { log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue())); - throw new DigestException("Bad digest value for reference " + id + ": " + dsigRef.getDigestValue()); + throw new DigestException("Bad digest value for reference " + signedRefId + ": " + new String(dsigRef.getDigestValue())); } - hashDataInputs.add(new ByteArrayHashDataInput(hdi, id, mimeType, encoding)); + hashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); } return hashDataInputs; } diff --git a/BKUApplet/src/main/resources/simplelog.properties b/BKUApplet/src/main/resources/simplelog.properties index d62508cf..51be76a8 100644 --- a/BKUApplet/src/main/resources/simplelog.properties +++ b/BKUApplet/src/main/resources/simplelog.properties @@ -15,7 +15,7 @@ # Logging detail level, # Must be one of ("trace", "debug", "info", "warn", "error", or "fatal"). -org.apache.commons.logging.simplelog.defaultlog=debug +org.apache.commons.logging.simplelog.defaultlog=trace # Logs the Log instance used org.apache.commons.logging.simplelog.showlogname=true #Logs the class name with package(or Path) -- cgit v1.2.3