From 66cfb865fbfa7af514e803003f928d77f1156e46 Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Thu, 11 Sep 2008 12:16:35 +0000
Subject: Added to be signed data validation.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@32 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../impl/CreateXMLSignatureCommandImpl.java        |  13 +--
 .../egiz/bku/slcommands/impl/xsect/DataObject.java | 119 ++++++++++++++++++++-
 .../bku/slcommands/impl/xsect/STALSignature.java   |  11 +-
 .../egiz/bku/slcommands/impl/xsect/Signature.java  |  10 +-
 4 files changed, 138 insertions(+), 15 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 136fa6f3..628326cf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -44,7 +44,9 @@ import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
 import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
 import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
 import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
 import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
 import at.gv.egiz.dom.DOMUtils;
 import at.gv.egiz.stal.InfoboxReadRequest;
 import at.gv.egiz.stal.InfoboxReadResponse;
@@ -166,9 +168,10 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignat
    * Signs the signature.
    * 
    * @throws SLCommandException
-   *           if signing the signature fails
+   *           if signing the signature fails
+   * @throws SLViewerException 
    */
-  private void signXMLSignature() throws SLCommandException {
+  private void signXMLSignature() throws SLCommandException, SLViewerException {
     
     try {
       signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
@@ -213,11 +216,9 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignat
       
       return new CreateXMLSignatureResultImpl(signature.getDocument());
       
-    } catch (SLCommandException e) {
+    } catch (SLException e) {
       return new ErrorResultImpl(e);
-    } catch (SLRequestException e) {
-      return new ErrorResultImpl(e);
-    }
+    } 
   }
 
   @Override
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
index d25f2526..ae4918ce 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
@@ -30,6 +30,7 @@ import java.nio.charset.Charset;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -71,8 +72,12 @@ import at.gv.egiz.bku.binding.HttpUtil;
 import at.gv.egiz.bku.slexceptions.SLCommandException;
 import at.gv.egiz.bku.slexceptions.SLRequestException;
 import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
 import at.gv.egiz.bku.utils.urldereferencer.StreamData;
 import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.viewer.ValidationException;
+import at.gv.egiz.bku.viewer.Validator;
+import at.gv.egiz.bku.viewer.ValidatorFactory;
 import at.gv.egiz.dom.DOMUtils;
 import at.gv.egiz.slbinding.impl.XMLContentType;
 
@@ -99,10 +104,51 @@ public class DataObject {
    */
   private static final String[] DEFAULT_PREFFERED_MIME_TYPES = 
     new String[] {
-      "application/xhtml+xml", 
-      "text/plain"
-    };
-  
+      "text/plain",
+      "application/xhtml+xml" 
+    };
+  
+  /**
+   * Validate hash input.
+   */
+  private static boolean validate = false;
+
+  /**
+   * Enable validation of hash data input.
+   * 
+   * @param validate
+   *          <code>true</code> if validation should be enabled, or
+   *          <code>false</code> otherwise.
+   */
+  public static void enableHashDataInputValidation(boolean validate) {
+    DataObject.validate = validate;
+  }
+
+  /**
+   * @return <code>true</code> if hash data input validation is enabled,
+   * or <code>false</code> otherwise.
+   */
+  public static boolean isHashDataInputValidationEnabled() {
+    return validate;
+  }
+  
+  /**
+   * Valid MIME types.
+   */
+  private static String[] validMimeTypes = DEFAULT_PREFFERED_MIME_TYPES;
+
+  /**
+   * Sets the list of valid hash data input media types.
+   * <p>The array is also used for transformation path selection.
+   * The transformation path with a final type, that appears in the
+   * given array in the earliest position is used selected.</p>
+   * 
+   * @param mediaTypes an array of MIME media types.
+   */
+  public static void setValidHashDataInputMediaTypes(String[] mediaTypes) {
+    validMimeTypes = mediaTypes;
+  }
+  
   /**
    * The DOM implementation used.
    */
@@ -184,7 +230,70 @@ public class DataObject {
   public String getDescription() {
     return description;
   }
-
+
+  public void validateHashDataInput() throws SLViewerException {
+    
+    if (validate) {
+
+      if (reference == null) {
+        log.error("Medthod validateHashDataInput() called before reference has been created.");
+        throw new SLViewerException(5000);
+      }
+      
+      InputStream digestInputStream = reference.getDigestInputStream();
+      if (digestInputStream == null) {
+        log.error("Method validateHashDataInput() called before reference has been generated " +
+              "or reference caching is not enabled.");
+        throw new SLViewerException(5000);
+      }
+      
+      if (mimeType == null) {
+        log.info("FinalDataMetaInfo does not specify MIME type of to be signed data.");
+        // TODO: add detailed message
+        throw new SLViewerException(5000);
+      }
+      
+      // get MIME media type
+      String mediaType = mimeType.split(";")[0].trim();
+      // and optional charset 
+      String charset = HttpUtil.getCharset(mimeType, false);
+      
+      if (Arrays.asList(validMimeTypes).contains(mediaType)) {
+        
+        Validator validator;
+        try {
+          validator = ValidatorFactory.newValidator(mediaType);
+        } catch (IllegalArgumentException e) {
+          log.error("No validator found for mime type '" + mediaType + "'.");
+          throw new SLViewerException(5000);
+        }
+        
+        try {
+          validator.validate(digestInputStream, charset);
+        } catch (ValidationException e) {
+          if ("text/plain".equals(mediaType)) {
+            log.info("Data to be displayed contains unsupported characters.", e);
+            // TODO: add detailed message
+            throw new SLViewerException(5003);
+          } else if ("application/xhtml+xml".equals(mediaType)) {
+            // TODO: add detailed message
+            log.info("Standard display format: HTML does not conform to specification.", e);
+            throw new SLViewerException(5004);
+          } else {
+            // TODO: add detailed message
+            log.info("Data to be displayed is invalid.", e);
+            throw new SLViewerException(5000);
+          }
+        }
+        
+      } else {
+        log.info("MIME media type '" + mediaType + "' is not a valid digest input.");
+        throw new SLViewerException(5001); 
+      }
+    }
+    
+  }
+  
   /**
    * Configures this DataObject with the information provided within the given
    * <code>sl:DataObjectInfo</code>.
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
index eba1d96d..2d89c8ae 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
@@ -17,6 +17,8 @@
 package at.gv.egiz.bku.slcommands.impl.xsect;
 
 import at.gv.egiz.bku.slcommands.impl.HashDataInputImpl;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
+
 import java.io.ByteArrayOutputStream;
 import java.security.InvalidKeyException;
 import java.security.InvalidParameterException;
@@ -123,9 +125,14 @@ public class STALSignature extends SignatureSpi {
 //    log.debug("got " + dataObjects.size() + " DataObjects, passing HashDataInputs to STAL SignRequest");
     
     List<HashDataInput> hashDataInputs = new ArrayList<HashDataInput>();
-      for (DataObject dataObject : dataObjects) {
-          hashDataInputs.add(new HashDataInputImpl(dataObject));
+    for (DataObject dataObject : dataObjects) {
+      try {
+        dataObject.validateHashDataInput();
+      } catch (SLViewerException e) {
+        throw new STALSignatureException(e);
       }
+      hashDataInputs.add(new HashDataInputImpl(dataObject));
+    }
     
     SignRequest signRequest = new SignRequest();
     signRequest.setKeyIdentifier(keyboxIdentifier);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index 191f8371..2330ed3f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -81,6 +81,7 @@ import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
 import at.gv.egiz.bku.binding.HttpUtil;
 import at.gv.egiz.bku.slexceptions.SLCommandException;
 import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
 import at.gv.egiz.bku.utils.HexDump;
 import at.gv.egiz.bku.utils.urldereferencer.StreamData;
 import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
@@ -387,10 +388,11 @@ public class Signature {
    *           if signing the XMLSignature fails
    * @throws SLCommandException
    *           if building the XMLSignature fails
+   * @throws SLViewerException 
    * @throws NullPointerException
    *           if <code>signContext</code> is <code>null</code>
    */
-  public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException {
+  public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
 
     if (xmlSignature == null) {
       buildXMLSignature();
@@ -415,6 +417,9 @@ public class Signature {
       Throwable cause = e.getCause();
       while (cause != null) {
         if (cause instanceof STALSignatureException) {
+          if (((STALSignatureException) cause).getCause() instanceof SLViewerException) {
+            throw (SLViewerException) ((STALSignatureException) cause).getCause(); 
+          }
           int errorCode = ((STALSignatureException) cause).getErrorCode();
           SLCommandException commandException = new SLCommandException(errorCode);
           log.info("Failed to sign signature.", commandException);
@@ -482,11 +487,12 @@ public class Signature {
    *           if signing this Signature fails
    * @throws SLCommandException
    *           if building this Signature fails 
+   * @throws SLViewerException 
    * @throws NullPointerException
    *           if <code>stal</code> or <code>keyboxIdentifier</code> is
    *           <code>null</code>
    */
-  public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException {
+  public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
 
     if (stal == null) {
       throw new NullPointerException("Argument 'stal' must not be null.");
-- 
cgit v1.2.3