From 32d17447a258188b2d534bcb0bf65a659ba7b7d0 Mon Sep 17 00:00:00 2001
From: mcentner
Date: Fri, 29 Aug 2008 12:11:34 +0000
Subject: Initial import.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../bku/slcommands/AccessControlInvocation.java | 21 +
.../bku/slcommands/CreateXMLSignatureCommand.java | 25 +
.../bku/slcommands/CreateXMLSignatureResult.java | 20 +
.../at/gv/egiz/bku/slcommands/ErrorResult.java | 20 +
.../gv/egiz/bku/slcommands/InfoboxReadCommand.java | 20 +
.../gv/egiz/bku/slcommands/InfoboxReadResult.java | 20 +
.../gv/egiz/bku/slcommands/InvocationStrategy.java | 20 +
.../egiz/bku/slcommands/NullOperationCommand.java | 20 +
.../egiz/bku/slcommands/NullOperationResult.java | 20 +
.../java/at/gv/egiz/bku/slcommands/SLCommand.java | 31 +
.../gv/egiz/bku/slcommands/SLCommandContext.java | 42 +
.../gv/egiz/bku/slcommands/SLCommandFactory.java | 370 +++++++
.../gv/egiz/bku/slcommands/SLCommandInvoker.java | 45 +
.../java/at/gv/egiz/bku/slcommands/SLResult.java | 44 +
.../at/gv/egiz/bku/slcommands/SLSourceContext.java | 63 ++
.../at/gv/egiz/bku/slcommands/SLTargetContext.java | 50 +
.../impl/CreateXMLSignatureCommandImpl.java | 229 +++++
.../impl/CreateXMLSignatureResultImpl.java | 138 +++
.../egiz/bku/slcommands/impl/ErrorResultImpl.java | 60 ++
.../slcommands/impl/InfoboxReadCommandImpl.java | 409 ++++++++
.../bku/slcommands/impl/InfoboxReadResultImpl.java | 171 ++++
.../slcommands/impl/NullOperationCommandImpl.java | 43 +
.../slcommands/impl/NullOperationResultImpl.java | 47 +
.../gv/egiz/bku/slcommands/impl/SLCommandImpl.java | 162 ++++
.../gv/egiz/bku/slcommands/impl/SLResultImpl.java | 117 +++
.../impl/xsect/AlgorithmMethodFactory.java | 79 ++
.../impl/xsect/AlgorithmMethodFactoryImpl.java | 125 +++
.../impl/xsect/ByteArrayDereferencer.java | 65 ++
.../egiz/bku/slcommands/impl/xsect/DataObject.java | 1006 ++++++++++++++++++++
.../bku/slcommands/impl/xsect/IdValueFactory.java | 37 +
.../slcommands/impl/xsect/IdValueFactoryImpl.java | 127 +++
.../slcommands/impl/xsect/LocRefDereferencer.java | 113 +++
.../bku/slcommands/impl/xsect/STALPrivateKey.java | 122 +++
.../bku/slcommands/impl/xsect/STALProvider.java | 64 ++
.../bku/slcommands/impl/xsect/STALSignature.java | 165 ++++
.../impl/xsect/STALSignatureException.java | 92 ++
.../egiz/bku/slcommands/impl/xsect/Signature.java | 935 ++++++++++++++++++
.../slcommands/impl/xsect/SignatureContext.java | 129 +++
.../slcommands/impl/xsect/SignatureLocation.java | 235 +++++
.../impl/xsect/SimpleDOMErrorHandler.java | 98 ++
.../impl/xsect/URIDereferncerAdapter.java | 103 ++
.../bku/slcommands/impl/xsect/XSECTReference.java | 112 +++
.../bku/slcommands/impl/xsect/XSECTTransforms.java | 124 +++
43 files changed, 5938 insertions(+)
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/AccessControlInvocation.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/CreateXMLSignatureCommand.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/CreateXMLSignatureResult.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/ErrorResult.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadResult.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InvocationStrategy.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/NullOperationCommand.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/NullOperationResult.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommand.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/NullOperationCommandImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/NullOperationResultImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLCommandImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactory.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/ByteArrayDereferencer.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactory.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactoryImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SimpleDOMErrorHandler.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTReference.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTTransforms.java
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/AccessControlInvocation.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/AccessControlInvocation.java
new file mode 100644
index 00000000..014b7fd7
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/AccessControlInvocation.java
@@ -0,0 +1,21 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public class AccessControlInvocation implements
+ at.gv.egiz.bku.slcommands.InvocationStrategy {
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/CreateXMLSignatureCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/CreateXMLSignatureCommand.java
new file mode 100644
index 00000000..2d87c39f
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/CreateXMLSignatureCommand.java
@@ -0,0 +1,25 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLRequestException;
+
+public interface CreateXMLSignatureCommand extends SLCommand {
+
+ public void prepareXMLSignature() throws SLCommandException, SLRequestException;
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/CreateXMLSignatureResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/CreateXMLSignatureResult.java
new file mode 100644
index 00000000..4bc2820b
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/CreateXMLSignatureResult.java
@@ -0,0 +1,20 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface CreateXMLSignatureResult extends SLResult {
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/ErrorResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/ErrorResult.java
new file mode 100644
index 00000000..5d52c0ea
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/ErrorResult.java
@@ -0,0 +1,20 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface ErrorResult extends SLResult {
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java
new file mode 100644
index 00000000..77529a36
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java
@@ -0,0 +1,20 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface InfoboxReadCommand extends SLCommand {
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadResult.java
new file mode 100644
index 00000000..c6a51362
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadResult.java
@@ -0,0 +1,20 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface InfoboxReadResult extends SLResult {
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InvocationStrategy.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InvocationStrategy.java
new file mode 100644
index 00000000..6b410fac
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InvocationStrategy.java
@@ -0,0 +1,20 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface InvocationStrategy {
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/NullOperationCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/NullOperationCommand.java
new file mode 100644
index 00000000..0651f882
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/NullOperationCommand.java
@@ -0,0 +1,20 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface NullOperationCommand extends SLCommand {
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/NullOperationResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/NullOperationResult.java
new file mode 100644
index 00000000..c36c879e
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/NullOperationResult.java
@@ -0,0 +1,20 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface NullOperationResult extends SLResult {
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommand.java
new file mode 100644
index 00000000..a8625946
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommand.java
@@ -0,0 +1,31 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+
+public interface SLCommand {
+
+ public final String NAMESPACE_URI = "http://www.buergerkarte.at/namespaces/securitylayer/1.2#";
+
+ public String getName();
+
+ public void init(SLCommandContext aCtx, Object aUnmarshalledRequest) throws SLCommandException;
+
+ public SLResult execute();
+
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
new file mode 100644
index 00000000..c95736bd
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
@@ -0,0 +1,42 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
+import at.gv.egiz.stal.STAL;
+
+public class SLCommandContext {
+
+ private STAL stal;
+ private URLDereferencerContext urlDerefCtx;
+
+ public void setSTAL(STAL aStal) {
+ this.stal = aStal;
+ }
+
+ public void setURLDereferencerContext(URLDereferencerContext aCtx) {
+ this.urlDerefCtx = aCtx;
+ }
+
+ public STAL getSTAL() {
+ return stal;
+ }
+
+ public URLDereferencerContext getURLDereferencerContext() {
+ return urlDerefCtx;
+ }
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java
new file mode 100644
index 00000000..e13b29a1
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java
@@ -0,0 +1,370 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.UnmarshalException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+import at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandImpl;
+import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl;
+import at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
+import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.slbinding.RedirectEventFilter;
+import at.gv.egiz.slbinding.RedirectUnmarshallerListener;
+
+public class SLCommandFactory {
+
+ /**
+ * Schema files required for Security Layer command validation.
+ */
+ public static final String[] SCHEMA_FILES = new String[]{
+ "at/gv/egiz/bku/slcommands/schema/xml.xsd",
+ "at/gv/egiz/bku/slcommands/schema/xmldsig-core-schema.xsd",
+ "at/gv/egiz/bku/slcommands/schema/Core-1.2.xsd"
+ };
+ /**
+ * Logging facility.
+ */
+ static Log log = LogFactory.getLog(SLCommandFactory.class);
+ /**
+ * The instance returned by {@link #getInstance()}.
+ */
+ private static SLCommandFactory instance;
+ /**
+ * Schema for Security Layer command validation.
+ */
+ private static Schema slSchema;
+ /**
+ * The JAXBContext.
+ */
+ private static JAXBContext jaxbContext;
+ /**
+ * The map of : to implementation class of the
+ * corresponding {@link SLCommand}.
+ */
+ private static Map> slRequestTypeMap = new HashMap>();
+
+
+ static {
+
+ // TODO: implement dynamic registration
+
+ // register all known implementation classes
+ putImplClass(SLCommand.NAMESPACE_URI, "NullOperationRequest",
+ NullOperationCommandImpl.class);
+ putImplClass(SLCommand.NAMESPACE_URI, "InfoboxReadRequest",
+ InfoboxReadCommandImpl.class);
+ putImplClass(SLCommand.NAMESPACE_URI, "CreateXMLSignatureRequest",
+ CreateXMLSignatureCommandImpl.class);
+ }
+
+ /**
+ * Register an {@link SLCommand} implementation class of a Security Layer
+ * command with the given namespaceUri and localname
+ * .
+ *
+ * @param namespaceUri
+ * the namespace URI of the Security Layer command
+ * @param localname
+ * the localname of the Security Layer command
+ * @param slCommandClass
+ * the implementation class, or null to deregister a
+ * currently registered class
+ */
+ public static void putImplClass(String namespaceUri, String localname,
+ Class extends SLCommand> slCommandClass) {
+ if (slCommandClass != null) {
+ slRequestTypeMap.put(namespaceUri + ":" + localname, slCommandClass);
+ } else {
+ slRequestTypeMap.remove(namespaceUri + ":" + localname);
+ }
+ }
+
+ /**
+ * Returns the implementation class of an {@link SLCommand} with the given
+ * name, or null if no such class is registered.
+ *
+ * @param name
+ * the QName of the Security Layer command
+ * @return the implementation class, or null if no class is
+ * registered for the given name
+ */
+ public static Class extends SLCommand> getImplClass(QName name) {
+ String namespaceURI = name.getNamespaceURI();
+ String localPart = name.getLocalPart();
+ return slRequestTypeMap.get(namespaceURI + ":" + localPart);
+ }
+
+ /**
+ * Sets the schema to validate Security Layer commands with.
+ *
+ * @param slSchema the schema to validate Security Layer commands with
+ */
+ public static void setSLSchema(Schema slSchema) {
+ SLCommandFactory.slSchema = slSchema;
+ }
+
+ /**
+ * @return the jaxbContext
+ */
+ public static JAXBContext getJaxbContext() {
+ ensureJaxbContext();
+ return jaxbContext;
+ }
+
+ /**
+ * @param jaxbContext the jaxbContext to set
+ */
+ public static void setJaxbContext(JAXBContext jaxbContext) {
+ SLCommandFactory.jaxbContext = jaxbContext;
+ }
+
+ /**
+ * Initialize the JAXBContext.
+ */
+ private synchronized static void ensureJaxbContext() {
+ if (jaxbContext == null) {
+ try {
+ String slPkg = at.buergerkarte.namespaces.securitylayer._1.ObjectFactory.class.getPackage().getName();
+ String xmldsigPkg = org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName();
+ setJaxbContext(JAXBContext.newInstance(slPkg + ":" + xmldsigPkg));
+ } catch (JAXBException e) {
+ log.error("Failed to setup JAXBContext security layer request.", e);
+ throw new SLRuntimeException(e);
+ }
+ }
+ }
+
+ /**
+ * Initialize the security layer schema.
+ */
+ private synchronized static void ensureSchema() {
+ if (slSchema == null) {
+ try {
+ SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+ ClassLoader cl = SLCommandFactory.class.getClassLoader();
+ Source[] sources = new Source[SCHEMA_FILES.length];
+ for (int i = 0; i < SCHEMA_FILES.length; i++) {
+ String schemaFile = SCHEMA_FILES[i];
+ URL schemaURL = cl.getResource(schemaFile);
+ if (schemaURL == null) {
+ throw new SLRuntimeException("Failed to load schema file " + schemaFile + ".");
+ }
+ log.debug("Schema location: " + schemaURL);
+ sources[i] = new StreamSource(schemaURL.openStream());
+ }
+ Schema schema = schemaFactory.newSchema(sources);
+ log.debug("Schema successfully created.");
+ SLCommandFactory.setSLSchema(schema);
+ } catch (SAXException e) {
+ log.error("Failed to load security layer schema.", e);
+ throw new SLRuntimeException("Failed to load security layer schema.", e);
+ } catch (IOException e) {
+ log.error("Failed to load security layer schema.", e);
+ throw new SLRuntimeException("Failed to load security layer schema.", e);
+ }
+
+ }
+ }
+
+ /**
+ * Get an instance of the SLCommandFactory.
+ */
+ public synchronized static SLCommandFactory getInstance() {
+ if (instance == null) {
+ ensureJaxbContext();
+ ensureSchema();
+ instance = new SLCommandFactory();
+ }
+ return instance;
+ }
+
+ /**
+ * Private constructor used by {@link #getInstance()}.
+ */
+ private SLCommandFactory() {
+ }
+
+ /**
+ * Unmarshalls from the given source.
+ *
+ * @see Unmarshaller#unmarshal(Source)
+ *
+ * Note:Could replace JAXB's unmarshal-time validation engine (see commented code), however,
+ * we need a redirect filter.
+ *
+ * @param source
+ * the source to unmarshal from
+ * @return the object returned by {@link Unmarshaller#unmarshal(Source)}
+ * @throws SLRequestException
+ * if unmarshalling fails
+ * @throws SLRuntimeException
+ * if an unexpected error occurs configuring the unmarshaller or if
+ * unmarshalling fails with an unexpected error
+ */
+ protected Object unmarshal(Source source) throws SLRuntimeException,
+ SLRequestException {
+
+ Object object;
+ try {
+
+// ValidatorHandler validator = slSchema.newValidatorHandler();
+// validator.getContentHandler();
+//
+// SAXParserFactory spf = SAXParserFactory.newInstance();
+// spf.setNamespaceAware(true);
+// XMLReader saxReader = spf.newSAXParser().getXMLReader();
+// //TODO extend validator to implement redirectContentHandler (validate+redirect)
+// saxReader.setContentHandler(validator);
+// //TODO get a InputSource
+// SAXSource saxSource = new SAXSource(saxReader, source);
+//
+// Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+// //turn off duplicate jaxb validation
+// unmarshaller.setSchema(null);
+// unmarshaller.setListener(listener);
+// unmarshaller.unmarshal(saxSource);
+
+
+ XMLInputFactory inputFactory = XMLInputFactory.newInstance();
+ XMLEventReader eventReader = inputFactory.createXMLEventReader(source);
+ RedirectEventFilter redirectEventFilter = new RedirectEventFilter();
+ XMLEventReader filteredReader = inputFactory.createFilteredReader(eventReader, redirectEventFilter);
+
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ unmarshaller.setListener(new RedirectUnmarshallerListener(redirectEventFilter));
+ if (slSchema != null) {
+ unmarshaller.setSchema(slSchema);
+ }
+ log.trace("Before unmarshal().");
+ object = unmarshaller.unmarshal(filteredReader);
+ log.trace("After unmarshal().");
+ } catch (UnmarshalException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("Failed to unmarshall security layer request.", e);
+ } else {
+ log.info("Failed to unmarshall security layer request." + e.getMessage());
+ }
+ Throwable cause = e.getCause();
+ if (cause instanceof SAXParseException) {
+ throw new SLRequestException(3000,
+ SLExceptionMessages.EC3000_UNCLASSIFIED, new Object[]{cause.getMessage()});
+ } else {
+ throw new SLRequestException(3000,
+ SLExceptionMessages.EC3000_UNCLASSIFIED, new Object[]{e});
+ }
+ } catch (JAXBException e) {
+ // unexpected error
+ log.error("Failed to unmarshall security layer request.", e);
+ throw new SLRuntimeException(e);
+ } catch (XMLStreamException e) {
+ // unexpected error
+ log.error("Failed to unmarshall security layer request.", e);
+ throw new SLRuntimeException(e);
+ }
+
+ return object;
+
+ }
+
+ /**
+ * Creates a new SLCommand from the given source and
+ * context.
+ *
+ * @param source
+ * the Source to unmarshall from
+ * @param context
+ * the context for the created SLCommand
+ * @return the SLCommand unmarshalled from the given
+ * source
+ * @throws SLRequestException
+ * if unmarshalling fails
+ * @throws SLCommandException
+ * if command ist not supported
+ * @throws SLRuntimeException
+ * if an unexpected error occurs configuring the unmarshaller, if
+ * unmarshalling fails with an unexpected error or if the
+ * corresponding SLCommand could not be instantiated
+ */
+ @SuppressWarnings("unchecked")
+ public SLCommand createSLCommand(Source source, SLCommandContext context)
+ throws SLCommandException, SLRuntimeException, SLRequestException {
+
+ Object object = unmarshal(source);
+ if (!(object instanceof JAXBElement)) {
+ // invalid request
+ log.info("Invalid security layer request. " + object.toString());
+ throw new SLRequestException(3002, SLExceptionMessages.EC3002_INVALID,
+ new Object[]{object.toString()});
+ }
+
+ QName qName = ((JAXBElement) object).getName();
+ Class extends SLCommand> implClass = getImplClass(qName);
+ if (implClass == null) {
+ // command not supported
+ log.info("Unsupported command received: " + qName.toString());
+ throw new SLCommandException(4011,
+ SLExceptionMessages.EC4011_NOTIMPLEMENTED, new Object[]{qName.toString()});
+ }
+
+ // try to instantiate
+ SLCommand slCommand;
+ try {
+ slCommand = implClass.newInstance();
+ log.debug("SLCommand " + slCommand.getName() + " created.");
+ } catch (InstantiationException e) {
+ // unexpected error
+ log.error("Failed to instantiate security layer command implementation.",
+ e);
+ throw new SLRuntimeException(e);
+ } catch (IllegalAccessException e) {
+ // unexpected error
+ log.error("Failed to instantiate security layer command implementation.",
+ e);
+ throw new SLRuntimeException(e);
+ }
+ slCommand.init(context, (JAXBElement) object);
+
+ return slCommand;
+
+ }
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java
new file mode 100644
index 00000000..30c6b68f
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java
@@ -0,0 +1,45 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+import at.gv.egiz.bku.slexceptions.SLCanceledException;
+
+public interface SLCommandInvoker {
+
+ /**
+ *
+ * @param aContext
+ * @throws SLCanceledException if the security management prevents execution of this command
+ */
+ public void invoke(SLSourceContext aContext) throws SLCanceledException;
+
+ /**
+ *
+ * @param aContext
+ * @return
+ * @throws SLCanceledException if the security management prevents execution of this command
+ */
+ public SLResult getResult(SLTargetContext aContext) throws SLCanceledException;
+
+ public void setCommand(at.gv.egiz.bku.slcommands.SLCommand aCmd);
+
+ /**
+ * Prototype creation
+ * @return
+ */
+ public SLCommandInvoker newInstance();
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java
new file mode 100644
index 00000000..7cf43fda
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java
@@ -0,0 +1,44 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+import javax.xml.transform.Result;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+
+public interface SLResult {
+
+ public static enum SLResultType {BINARY, XML};
+
+ public SLResultType getResultType();
+
+ /**
+ * The MIME Type of the Result.
+ *
+ * @return may result null if unknown.
+ */
+ public String getMimeType();
+
+ public void writeTo(Result aResult);
+
+ /**
+ *
+ * @param result
+ * @param transformer may be null.
+ */
+ public void writeTo(Result result, Transformer transformer) throws TransformerException;
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java
new file mode 100644
index 00000000..ded55b2a
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java
@@ -0,0 +1,63 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+import java.security.cert.X509Certificate;
+
+import at.gv.egiz.bku.utils.binding.Protocol;
+
+
+public class SLSourceContext {
+
+ private Protocol sourceProtocol;
+ private boolean sourceIsDataURL;
+ private X509Certificate sourceCertificate;
+ private String sourceHTTPReferer;
+
+ public Protocol getSourceProtocol() {
+ return sourceProtocol;
+ }
+
+ public void setSourceProtocol(Protocol sourceProtocol) {
+ this.sourceProtocol = sourceProtocol;
+ }
+
+ public boolean isSourceIsDataURL() {
+ return sourceIsDataURL;
+ }
+
+ public void setSourceIsDataURL(boolean sourceIsDataURL) {
+ this.sourceIsDataURL = sourceIsDataURL;
+ }
+
+ public X509Certificate getSourceCertificate() {
+ return sourceCertificate;
+ }
+
+ public void setSourceCertificate(X509Certificate sourceCertificate) {
+ this.sourceCertificate = sourceCertificate;
+ }
+
+ public String getSourceHTTPReferer() {
+ return sourceHTTPReferer;
+ }
+
+ public void setSourceHTTPReferer(String sourceHTTPReferer) {
+ this.sourceHTTPReferer = sourceHTTPReferer;
+ }
+
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java
new file mode 100644
index 00000000..cf800406
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java
@@ -0,0 +1,50 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+import java.security.cert.X509Certificate;
+
+public class SLTargetContext {
+ private String targetProtocol;
+ private boolean targetIsDataURL;
+ private X509Certificate targetCertificate;
+
+ public String getTargetProtocol() {
+ return targetProtocol;
+ }
+
+ public void setTargetProtocol(String targetProtocol) {
+ this.targetProtocol = targetProtocol;
+ }
+
+ public boolean isTargetIsDataURL() {
+ return targetIsDataURL;
+ }
+
+ public void setTargetIsDataURL(boolean targetIsDataURL) {
+ this.targetIsDataURL = targetIsDataURL;
+ }
+
+ public X509Certificate getTargetCertificate() {
+ return targetCertificate;
+ }
+
+ public void setTargetCertificate(X509Certificate targetCertificate) {
+ this.targetCertificate = targetCertificate;
+ }
+
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
new file mode 100644
index 00000000..136fa6f3
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -0,0 +1,229 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import java.io.ByteArrayInputStream;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.dsig.XMLSignatureException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.ls.DOMImplementationLS;
+import org.w3c.dom.ls.LSSerializer;
+
+import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType;
+import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
+import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory;
+import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
+import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
+import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
+import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.dom.DOMUtils;
+import at.gv.egiz.stal.InfoboxReadRequest;
+import at.gv.egiz.stal.InfoboxReadResponse;
+import at.gv.egiz.stal.STALRequest;
+import at.gv.egiz.stal.STALResponse;
+
+/**
+ * This class implements the security layer command CreateXMLSignatureRequest.
+ *
+ * @author mcentner
+ */
+public class CreateXMLSignatureCommandImpl extends SLCommandImpl implements
+ CreateXMLSignatureCommand {
+
+ /**
+ * Logging facility.
+ */
+ protected static Log log = LogFactory.getLog(CreateXMLSignatureCommandImpl.class);
+
+ /**
+ * The signing certificate.
+ */
+ protected X509Certificate signingCertificate;
+
+ /**
+ * The keybox identifier of the key used for signing.
+ */
+ protected String keyboxIdentifier;
+
+ /**
+ * The to-be signed signature.
+ */
+ protected Signature signature;
+
+ @Override
+ public void init(SLCommandContext ctx, Object unmarshalledRequest)
+ throws SLCommandException {
+ super.init(ctx, unmarshalledRequest);
+ }
+
+ @Override
+ public void prepareXMLSignature() throws SLCommandException, SLRequestException {
+
+ CreateXMLSignatureRequestType request = getRequestValue();
+
+ // TODO: make configurable?
+ IdValueFactory idValueFactory = new IdValueFactoryImpl();
+
+ // TODO: make configurable?
+ AlgorithmMethodFactory algorithmMethodFactory;
+ try {
+ algorithmMethodFactory = new AlgorithmMethodFactoryImpl(signingCertificate);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Failed to get DigestMethod.", e);
+ throw new SLCommandException(4006);
+ }
+
+ signature = new Signature(getCmdCtx().getURLDereferencerContext(), idValueFactory, algorithmMethodFactory);
+
+ // SigningTime
+ signature.setSigningTime(new Date());
+
+ // SigningCertificate
+ signature.setSignerCeritifcate(signingCertificate);
+
+ // SignatureInfo
+ if (request.getSignatureInfo() != null) {
+ signature.setSignatureInfo(request.getSignatureInfo());
+ }
+
+ // DataObjects
+ for (DataObjectInfoType dataObjectInfo : request.getDataObjectInfo()) {
+ signature.addDataObject(dataObjectInfo);
+ }
+
+ signature.buildXMLSignature();
+
+ }
+
+ /**
+ * Gets the signing certificate from STAL.
+ *
+ * @throws SLCommandException
+ * if getting the singing certificate fails
+ */
+ private void getSigningCertificate() throws SLCommandException {
+
+ CreateXMLSignatureRequestType request = getRequestValue();
+ keyboxIdentifier = request.getKeyboxIdentifier();
+
+ InfoboxReadRequest stalRequest = new InfoboxReadRequest();
+ stalRequest.setInfoboxIdentifier(keyboxIdentifier);
+
+ requestSTAL(Collections.singletonList((STALRequest) stalRequest));
+
+ STALResponse stalResponse = stalResponses.next();
+
+ if (stalResponse instanceof InfoboxReadResponse) {
+ byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue();
+
+ try {
+ CertificateFactory certFactory = CertificateFactory.getInstance("X509");
+ signingCertificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(infobox));
+ } catch (CertificateException e) {
+ log.info("Failed to decode signing certificate.", e);
+ // TODO: issue appropriate error
+ throw new SLCommandException(4000);
+ }
+
+ } else {
+ log.info("Failed to get signing certificate.");
+ // TODO: issue appropriate error
+ throw new SLCommandException(4000);
+ }
+
+ }
+
+ /**
+ * Signs the signature.
+ *
+ * @throws SLCommandException
+ * if signing the signature fails
+ */
+ private void signXMLSignature() throws SLCommandException {
+
+ try {
+ signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
+ } catch (MarshalException e) {
+ log.error("Failed to marshall XMLSignature.", e);
+ throw new SLCommandException(4000);
+ } catch (XMLSignatureException e) {
+ if (e.getCause() instanceof URIReferenceException) {
+ URIReferenceException uriReferenceException = (URIReferenceException) e.getCause();
+ if (uriReferenceException.getCause() instanceof SLCommandException) {
+ throw (SLCommandException) uriReferenceException.getCause();
+ }
+ }
+ log.error("Failed to sign XMLSignature.", e);
+ throw new SLCommandException(4000);
+ }
+
+ }
+
+ @Override
+ public SLResult execute() {
+ try {
+
+ // get certificate in order to select appropriate algorithms for hashing and signing
+ getSigningCertificate();
+
+ // prepare the XMLSignature for signing
+ prepareXMLSignature();
+
+ // sign the XMLSignature
+ signXMLSignature();
+
+ if (log.isTraceEnabled()) {
+
+ DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS();
+ LSSerializer serializer = domImplLS.createLSSerializer();
+ String debugString = serializer.writeToString(signature.getDocument());
+
+ log.trace(debugString);
+
+ }
+
+ return new CreateXMLSignatureResultImpl(signature.getDocument());
+
+ } catch (SLCommandException e) {
+ return new ErrorResultImpl(e);
+ } catch (SLRequestException e) {
+ return new ErrorResultImpl(e);
+ }
+ }
+
+ @Override
+ public String getName() {
+ return "CreateXMLSignatureRequest";
+ }
+
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
new file mode 100644
index 00000000..d2d2e678
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
@@ -0,0 +1,138 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.transform.Result;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureResponseType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.gv.egiz.bku.slcommands.SLCommandFactory;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+
+/**
+ * This calls implements the result of the security layer command CreateXMLSignature.
+ *
+ * @author mcentner
+ */
+public class CreateXMLSignatureResultImpl extends SLResultImpl {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(CreateXMLSignatureResultImpl.class);
+
+ /**
+ * The document containing the XMLSignature.
+ */
+ protected Document doc;
+
+ /**
+ * Creates a new instance of this CreateXMLSignatureResultImpl with the given
+ * signature document.
+ *
+ * @param document the signature document
+ *
+ * @throws NullPointerException if document is null
+ */
+ public CreateXMLSignatureResultImpl(Document document) {
+ super();
+
+ if (document == null) {
+ throw new NullPointerException("Argument 'document' must not be null.");
+ }
+
+ this.doc = document;
+
+ marshallCreateXMLSignatureResponse();
+ }
+
+ /**
+ * Marshalls the CreateXMLSignatureResponse.
+ */
+ private void marshallCreateXMLSignatureResponse() {
+
+ ObjectFactory factory = new ObjectFactory();
+
+ CreateXMLSignatureResponseType createCreateXMLSignatureResponseType = factory.createCreateXMLSignatureResponseType();
+ JAXBElement createCreateXMLSignatureResponse = factory.createCreateXMLSignatureResponse(createCreateXMLSignatureResponseType);
+
+ DocumentFragment fragment = doc.createDocumentFragment();
+
+ JAXBContext jaxbContext = SLCommandFactory.getJaxbContext();
+ try {
+ Marshaller marshaller = jaxbContext.createMarshaller();
+ marshaller.marshal(createCreateXMLSignatureResponse, fragment);
+ } catch (JAXBException e) {
+ log.error("Failed to marshall 'CreateXMLSignatureResponse'", e);
+ throw new SLRuntimeException(e);
+ }
+
+ Node child = fragment.getFirstChild();
+ if (child instanceof Element) {
+ Node node = doc.replaceChild(child, doc.getDocumentElement());
+ child.appendChild(node);
+ }
+
+ }
+
+ @Override
+ public void writeTo(Result result) {
+
+ try {
+ writeTo(result, null);
+ } catch (TransformerException e) {
+ log.error(e);
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.bku.slcommands.impl.SLResultImpl#writeTo(javax.xml.transform.Result, javax.xml.transform.Transformer)
+ */
+ @Override
+ public void writeTo(Result result, Transformer transformer) throws TransformerException {
+
+ if (transformer == null) {
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ try {
+ transformer = transformerFactory.newTransformer();
+ } catch (TransformerConfigurationException e) {
+ log.error("Failed to create Transformer.", e);
+ throw new SLRuntimeException(e);
+ }
+ }
+ transformer.transform(new DOMSource(doc), result);
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
new file mode 100644
index 00000000..555f83bd
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
@@ -0,0 +1,60 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import at.buergerkarte.namespaces.securitylayer._1.ErrorResponseType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.gv.egiz.bku.slcommands.ErrorResult;
+import at.gv.egiz.bku.slexceptions.SLException;
+
+import javax.xml.transform.Result;
+
+/**
+ * This class implements the security layer result ErrorResponse.
+ *
+ * @author mcentner
+ */
+public class ErrorResultImpl extends SLResultImpl implements ErrorResult {
+
+ /**
+ * The exception containing information provided in the ErrorResponse.
+ */
+ protected SLException slException;
+
+ /**
+ * Creates a new instance of this ErrorResultImpl with the given
+ * slException containing information provided in the
+ * ErrorResponse.
+ *
+ * @param slException the exception
+ */
+ public ErrorResultImpl(SLException slException) {
+ this.slException = slException;
+ }
+
+ @Override
+ public void writeTo(Result result) {
+
+ ObjectFactory factory = new ObjectFactory();
+ ErrorResponseType responseType = factory.createErrorResponseType();
+ responseType.setErrorCode(slException.getErrorCode());
+ responseType.setInfo(slException.getDetailedMsg());
+
+ writeTo(factory.createErrorResponse(responseType), result);
+
+ }
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
new file mode 100644
index 00000000..93131cf4
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
@@ -0,0 +1,409 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import iaik.asn1.CodingException;
+import iaik.asn1.DerCoder;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Result;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+import at.buergerkarte.namespaces.personenbindung._20020506_.CompressedIdentityLinkType;
+import at.buergerkarte.namespaces.securitylayer._1.AnyChildrenType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsBinaryFileType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType;
+import at.gv.egiz.bku.slcommands.InfoboxReadCommand;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.idlink.CompressedIdentityLinkFactory;
+import at.gv.egiz.idlink.IdentityLinkTransformer;
+import at.gv.egiz.idlink.ans1.IdentityLink;
+import at.gv.egiz.stal.InfoboxReadRequest;
+import at.gv.egiz.stal.InfoboxReadResponse;
+import at.gv.egiz.stal.STALRequest;
+
+/**
+ * This class implements the security layer command
+ * InfoboxReadRequest.
+ *
+ * NOTE: Currently the only supported infobox identifier is '
+ * IdentityLink'.
+ *
+ *
+ * @author mcentner
+ */
+public class InfoboxReadCommandImpl extends SLCommandImpl implements
+ InfoboxReadCommand {
+
+ /**
+ * Logging facility.
+ */
+ protected static Log log = LogFactory.getLog(InfoboxReadCommandImpl.class);
+
+ public static final String INFOBOX_IDENTIFIER_CERTIFICATES = "Certificates";
+
+ public static final String BOX_SPECIFIC_PARAMETER_IDENTITY_LINK_DOMAIN_IDENTIFIER = "IdentityLinkDomainIdentifier";
+
+ public static final String INFOBOX_IDENTIFIER_IDENTITY_LINK = "IdentityLink";
+
+ /**
+ * The InfoboxIdentifier
+ */
+ protected String infoboxIdentifier;
+
+ /**
+ * The IdentityLinkDomainIdentifier value of an IdentyLink infobox.
+ */
+ protected String identityLinkDomainIdentifier;
+
+ /**
+ * Is content XML entity?
+ */
+ protected boolean isXMLEntity;
+
+ @Override
+ public String getName() {
+ return "InfoboxReadRequest";
+ }
+
+ /**
+ * @return the infoboxIdentifier
+ */
+ public String getInfoboxIdentifier() {
+ return infoboxIdentifier;
+ }
+
+ @Override
+ public void init(SLCommandContext ctx, Object request) throws SLCommandException {
+ super.init(ctx, request);
+
+ InfoboxReadRequestType req = getRequestValue();
+
+ infoboxIdentifier = req.getInfoboxIdentifier();
+
+ InfoboxReadParamsBinaryFileType binaryFileParameters = req.getBinaryFileParameters();
+ if (binaryFileParameters != null) {
+ isXMLEntity = binaryFileParameters.isContentIsXMLEntity();
+ log.debug("Got ContentIsXMLEntity=" + isXMLEntity + ".");
+ }
+
+ if (INFOBOX_IDENTIFIER_IDENTITY_LINK.equals(infoboxIdentifier)) {
+
+ if (req.getAssocArrayParameters() != null) {
+ log.info("Got AssocArrayParameters but Infobox type is BinaryFile.");
+ throw new SLCommandException(4010);
+ }
+
+
+ AnyChildrenType boxSpecificParameters = req.getBoxSpecificParameters();
+
+ if (boxSpecificParameters != null) {
+ // check BoxSpecificParameters
+ List
+ *
+ * @author mcentner
+ */
+public class IdValueFactoryImpl implements IdValueFactory {
+
+ /**
+ * A generator for xsd:Id-attribute values.
+ *
+ * @author mcentner
+ */
+ private class IdGenerator {
+
+ /**
+ * The salt.
+ */
+ private String salt;
+
+ /**
+ * The element name.
+ */
+ private String elementName;
+
+ /**
+ * The sequence number.
+ */
+ private int i = 0;
+
+ /**
+ * Creates a new instance of this IdGenerator with the given
+ * elementName and salt value.
+ *
+ * @param elementName the element name
+ * @param salt the salt valeu
+ */
+ private IdGenerator(String elementName, String salt) {
+ super();
+ this.elementName = elementName;
+ this.salt = salt;
+ }
+
+ /**
+ * @return returns the next xsd:Id-attribute value.
+ */
+ public String getNextId() {
+ return elementName + "-" + salt + "-" + Integer.toString(++i);
+ }
+
+ }
+
+ /**
+ * A map of element names to xsd:Id-value generators.
+ */
+ private Map generators = new HashMap();
+
+ /**
+ * The seed value.
+ */
+ private String seed;
+
+ /**
+ * Creates a new instance of this IdValueFactory.
+ */
+ public IdValueFactoryImpl() {
+
+ Random random = new Random();
+ int rand = random.nextInt();
+ seed = Integer.toHexString(rand);
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egiz.bku.slcommands.impl.IdValueFactory#createIdValue(java.lang.String
+ * )
+ */
+ public String createIdValue(String elementName) {
+
+ IdGenerator generator = generators.get(elementName);
+ if (generator == null) {
+ generator = new IdGenerator(elementName, seed);
+ generators.put(elementName, generator);
+ }
+ return generator.getNextId();
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java
new file mode 100644
index 00000000..a6399c9b
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java
@@ -0,0 +1,113 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.URIReference;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.XMLCryptoContext;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.utils.urldereferencer.StreamData;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
+
+/**
+ * An URIDereferencer implementation that dereferences LocRef
+ * references.
+ *
+ * @author mcentner
+ */
+public class LocRefDereferencer implements URIDereferencer {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(LocRefDereferencer.class);
+
+ /**
+ * The LocRef-reference to be dereferenced by
+ * {@link #dereference(URIReference, XMLCryptoContext)}.
+ */
+ protected String locRef;
+
+ /**
+ * The context to be used for dereferencing.
+ */
+ protected URLDereferencerContext dereferencerContext;
+
+ /**
+ * Creates a new instance of this LocRefDereferencer with the given
+ * dereferencerContext and locRef reference.
+ *
+ * @param dereferencerContext
+ * the context to be used for dereferencing
+ * @param locRef
+ * the LocRef-reference (must be an absolute URI)
+ *
+ * @throws URISyntaxException
+ * if LocRef is not an absolute URI
+ */
+ public LocRefDereferencer(URLDereferencerContext dereferencerContext,
+ String locRef) throws URISyntaxException {
+
+ this.dereferencerContext = dereferencerContext;
+
+ URI locRefUri = new URI(locRef);
+ if (locRefUri.isAbsolute()) {
+ this.locRef = locRef;
+ } else {
+ throw new IllegalArgumentException(
+ "Parameter 'locRef' must be an absolut URI.");
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * javax.xml.crypto.URIDereferencer#dereference(javax.xml.crypto.URIReference,
+ * javax.xml.crypto.XMLCryptoContext)
+ */
+ @Override
+ public Data dereference(URIReference uriReference, XMLCryptoContext context)
+ throws URIReferenceException {
+
+ URLDereferencer dereferencer = URLDereferencer.getInstance();
+ StreamData streamData;
+ try {
+ streamData = dereferencer.dereference(locRef, dereferencerContext);
+ } catch (IOException e) {
+ log.info("Failed to dereference URI'" + locRef + "'. " + e.getMessage(),
+ e);
+ throw new URIReferenceException("Failed to dereference URI '" + locRef
+ + "'. " + e.getMessage(), e);
+ }
+
+ return new OctetStreamData(streamData.getStream(), locRef, streamData
+ .getContentType());
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
new file mode 100644
index 00000000..64c758c9
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
@@ -0,0 +1,122 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.security.PrivateKey;
+
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.HashDataInputCallback;
+
+/**
+ * This class implements a private key used by the {@link STALSignature} class.
+ *
+ * @author mcentner
+ */
+public class STALPrivateKey implements PrivateKey {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * The STAL implementation.
+ */
+ private STAL stal;
+
+ /**
+ * The callback interface for obtaining the hash input data.
+ */
+ private HashDataInputCallback hashDataInputCallback;
+
+ /**
+ * The keybox identifier.
+ */
+ private String keyboxIdentifier;
+
+ /**
+ * The signature algorithm.
+ */
+ private String algorithm;
+
+ /**
+ * Creates a new instance of this STALPrivateKey with the given
+ * stal implementation, signature algorithm,
+ * keyboxIdentifier and hashDataInputCallback
+ * interface.
+ *
+ * @param stal
+ * the STAL implementation
+ * @param algorithm
+ * the signature algorithm
+ * @param keyboxIdentifier
+ * the keybox identifier
+ * @param hashDataInputCallback
+ * the interface for obtaining the has input data
+ */
+ public STALPrivateKey(STAL stal,
+ String algorithm, String keyboxIdentifier, HashDataInputCallback hashDataInputCallback) {
+ super();
+ this.keyboxIdentifier = keyboxIdentifier;
+ this.hashDataInputCallback = hashDataInputCallback;
+ this.stal = stal;
+ this.algorithm = algorithm;
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.Key#getAlgorithm()
+ */
+ @Override
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.Key#getEncoded()
+ */
+ @Override
+ public byte[] getEncoded() {
+ throw new UnsupportedOperationException("STALPrivateKey does not support the getEncoded() method.");
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.Key#getFormat()
+ */
+ @Override
+ public String getFormat() {
+ return null;
+ }
+
+ /**
+ * @return the STAL implementation
+ */
+ public STAL getStal() {
+ return stal;
+ }
+
+ /**
+ * @return the interface for obtaining the hash data input
+ */
+ public HashDataInputCallback getHashDataInputCallback() {
+ return hashDataInputCallback;
+ }
+
+ /**
+ * @return the keybox identifier
+ */
+ public String getKeyboxIdentifier() {
+ return keyboxIdentifier;
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java
new file mode 100644
index 00000000..0ab30530
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALProvider.java
@@ -0,0 +1,64 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import iaik.xml.crypto.XmldsigMore;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Signature;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.crypto.dsig.SignatureMethod;
+
+/**
+ * A security provider implementation that provides {@link Signature} implementations
+ * based on STAL.
+ *
+ * @author mcentner
+ */
+public class STALProvider extends Provider {
+
+ private static final long serialVersionUID = 1L;
+
+ private static String IMPL_PACKAGE_NAME = "at.gv.egiz.bku.slcommands.impl.xsect";
+
+ public STALProvider() {
+
+ super("STAL", 1.0, "Security Token Abstraction Layer Provider");
+
+ final Map map = new HashMap();
+
+ // TODO: register further algorithms
+ map.put("Signature." + SignatureMethod.RSA_SHA1,
+ IMPL_PACKAGE_NAME + ".STALSignature");
+ map.put("Signature." + XmldsigMore.SIGNATURE_ECDSA_SHA1,
+ IMPL_PACKAGE_NAME + ".STALSignature");
+
+ AccessController.doPrivileged(new PrivilegedAction() {
+ @Override
+ public Void run() {
+ putAll(map);
+ return null;
+ }
+ });
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
new file mode 100644
index 00000000..f0fcb891
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
@@ -0,0 +1,165 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.io.ByteArrayOutputStream;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.SignatureSpi;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egiz.stal.ErrorResponse;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.STALRequest;
+import at.gv.egiz.stal.STALResponse;
+import at.gv.egiz.stal.SignRequest;
+import at.gv.egiz.stal.SignResponse;
+import at.gv.egiz.stal.HashDataInputCallback;
+
+/**
+ * A signature service provider implementation that uses STAL to sign.
+ *
+ * @author mcentner
+ */
+public class STALSignature extends SignatureSpi {
+
+ /**
+ * The private key.
+ */
+ protected STALPrivateKey privateKey;
+
+ /**
+ * The to-be signed data.
+ */
+ protected ByteArrayOutputStream data = new ByteArrayOutputStream();
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineGetParameter(java.lang.String)
+ */
+ @Override
+ protected Object engineGetParameter(String param)
+ throws InvalidParameterException {
+ throw new InvalidParameterException();
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineInitSign(java.security.PrivateKey)
+ */
+ @Override
+ protected void engineInitSign(PrivateKey privateKey)
+ throws InvalidKeyException {
+
+ if (!(privateKey instanceof STALPrivateKey)) {
+ throw new InvalidKeyException("STALSignature supports STALKeys only.");
+ }
+
+ this.privateKey = (STALPrivateKey) privateKey;
+
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineInitVerify(java.security.PublicKey)
+ */
+ @Override
+ protected void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException {
+
+ throw new UnsupportedOperationException("STALSignature does not support signature verification.");
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineSetParameter(java.lang.String, java.lang.Object)
+ */
+ @Override
+ protected void engineSetParameter(String param, Object value)
+ throws InvalidParameterException {
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineSign()
+ */
+ @Override
+ protected byte[] engineSign() throws SignatureException {
+
+ STAL stal = privateKey.getStal();
+
+ if (stal == null) {
+ throw new SignatureException("STALSignature requires the STALPrivateKey " +
+ "to provide a STAL implementation reference.");
+ }
+
+ HashDataInputCallback signRefDataSupplier = privateKey.getHashDataInputCallback();
+
+ String keyboxIdentifier = privateKey.getKeyboxIdentifier();
+
+ if (keyboxIdentifier == null) {
+ throw new SignatureException("STALSignature requires the STALPrivateKey " +
+ "to provide a KeyboxIdentifier.");
+ }
+
+ SignRequest signRequest = new SignRequest();
+ signRequest.setKeyIdentifier(keyboxIdentifier);
+ signRequest.setSignedInfo(data.toByteArray());
+ signRequest.setHashDataInput(signRefDataSupplier);
+
+ List responses = stal.handleRequest(Collections.singletonList((STALRequest) signRequest));
+
+ if (responses == null || responses.size() != 1) {
+ throw new SignatureException("Failed to access STAL.");
+ }
+
+ STALResponse response = responses.get(0);
+ if (response instanceof SignResponse) {
+ return ((SignResponse) response).getSignatureValue();
+ } else if (response instanceof ErrorResponse) {
+ throw new STALSignatureException(((ErrorResponse) response).getErrorCode());
+ } else {
+ throw new SignatureException("Failed to access STAL.");
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineUpdate(byte)
+ */
+ @Override
+ protected void engineUpdate(byte b) throws SignatureException {
+ data.write(b);
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineUpdate(byte[], int, int)
+ */
+ @Override
+ protected void engineUpdate(byte[] b, int off, int len)
+ throws SignatureException {
+ data.write(b, off, len);
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineVerify(byte[])
+ */
+ @Override
+ protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
+ throw new UnsupportedOperationException("STALSignature des not support signature verification.");
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java
new file mode 100644
index 00000000..4e86b07c
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignatureException.java
@@ -0,0 +1,92 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.security.SignatureException;
+
+/**
+ * A SignatureException thrown by the {@link STALSignature}.
+ *
+ * @author mcentner
+ */
+public class STALSignatureException extends SignatureException {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * The STAL error code.
+ */
+ private int errorCode;
+
+ /**
+ * Creates a new instance of this STALSignatureException.
+ */
+ public STALSignatureException() {
+ }
+
+ /**
+ * Creates a new instance of this STALSigantureException with
+ * the given errorCode.
+ *
+ * @param errorCode the error code
+ */
+ public STALSignatureException(int errorCode) {
+ this.errorCode = errorCode;
+ }
+
+ /**
+ * Creates a new instance of this STALSignatureException with
+ * the given error msg.
+ *
+ * @param msg the error message
+ * @see SignatureException#SignatureException(String)
+ */
+ public STALSignatureException(String msg) {
+ super(msg);
+ }
+
+ /**
+ * Creates a new instance of this STALSignatureException with
+ * the given root cause.
+ *
+ * @param cause the cause
+ * @see SignatureException#SignatureException(Throwable)
+ */
+ public STALSignatureException(Throwable cause) {
+ super(cause);
+ }
+
+ /**
+ * Creates a new instance of this STALSignautureException with
+ * the given error message and root cause.
+ *
+ * @param message the error message
+ * @param cause the cause
+ * @see SignatureException#SignatureException(String, Throwable)
+ */
+ public STALSignatureException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ /**
+ * @return the error code
+ */
+ public int getErrorCode() {
+ return errorCode;
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
new file mode 100644
index 00000000..94a4a066
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -0,0 +1,935 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.XMLObject;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.etsi.uri._01903.v1_1.DataObjectFormatType;
+import org.etsi.uri._01903.v1_1.QualifyingPropertiesType;
+import org.w3c.dom.DOMConfiguration;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.ls.DOMImplementationLS;
+import org.w3c.dom.ls.LSException;
+import org.w3c.dom.ls.LSInput;
+import org.w3c.dom.ls.LSOutput;
+import org.w3c.dom.ls.LSParser;
+import org.w3c.dom.ls.LSResourceResolver;
+import org.w3c.dom.ls.LSSerializer;
+
+import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefReqRefContentType;
+import at.buergerkarte.namespaces.securitylayer._1.Base64XMLOptRefContentType;
+import at.buergerkarte.namespaces.securitylayer._1.DataObjectAssociationType;
+import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
+import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.utils.HexDump;
+import at.gv.egiz.bku.utils.urldereferencer.StreamData;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
+import at.gv.egiz.dom.DOMUtils;
+import at.gv.egiz.slbinding.impl.XMLContentType;
+import at.gv.egiz.stal.HashDataInputCallback;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.xades.QualifyingPropertiesException;
+import at.gv.egiz.xades.QualifyingPropertiesFactory;
+
+/**
+ * This class represents an XML-Signature as to be created by the
+ * security layer command CreateXMLSignatureRequest.
+ *
+ * @author mcentner
+ */
+public class Signature implements HashDataInputCallback {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(Signature.class);
+
+ /**
+ * The DOM implementation used.
+ */
+ private DOMImplementationLS domImplLS;
+
+ /**
+ * The SignatureContext for the XMLSignature.
+ */
+ private SignatureContext ctx;
+
+ /**
+ * The list of {@link DataObject}s for this signature.
+ */
+ private List dataObjects = new ArrayList();
+
+ /**
+ * A mapping from the Id-attribute values of this signature's
+ * ds:References to the corresponding {@link DataObject}s.
+ */
+ private Map dataObjectReferencIds = new HashMap();
+
+ /**
+ * The SignatureEnvironment for this signature.
+ */
+ private SignatureLocation signatureLocation;
+
+ /**
+ * The XML signature.
+ */
+ private XMLSignature xmlSignature;
+
+ /**
+ * A list of attributes of type xsd:ID to be registered in the {@link DOMSignContext}.
+ */
+ private List idAttributes = new ArrayList();
+
+ /**
+ * The signer's X509 certificate.
+ */
+ private X509Certificate signerCertificate;
+
+ /**
+ * The signing time.
+ */
+ private Date signingTime;
+
+ /**
+ * Creates a new SLXMLSignature instance.
+ */
+ public Signature(URLDereferencerContext dereferencerContext,
+ IdValueFactory idValueFactory,
+ AlgorithmMethodFactory algorithmMethodFactory) {
+
+ domImplLS = DOMUtils.getDOMImplementationLS();
+
+ ctx = new SignatureContext();
+
+ ctx.setSignatureFactory(XMLSignatureFactory.getInstance());
+
+ ctx.setDereferencerContext(dereferencerContext);
+ ctx.setIdValueFactory(idValueFactory);
+ ctx.setAlgorithmMethodFactory(algorithmMethodFactory);
+
+ }
+
+ /**
+ * @return the Document containing this Signature
+ */
+ public Document getDocument() {
+ return ctx.getDocument();
+ }
+
+ /**
+ * @return the parent Node for this Signature
+ */
+ public Node getParent() {
+ return (signatureLocation != null) ? signatureLocation.getParent() : null;
+ }
+
+ /**
+ * @return the next sibling Node for this Signature
+ */
+ public Node getNextSibling() {
+ return (signatureLocation != null) ? signatureLocation.getNextSibling() : null;
+ }
+
+ /**
+ * @return the XMLSignature
+ */
+ public XMLSignature getXMLSignature() {
+ return xmlSignature;
+ }
+
+ /**
+ * @return the list of {@link Reference}s of this Signature
+ */
+ @SuppressWarnings("unchecked")
+ public List getReferences() {
+ return (xmlSignature != null) ? xmlSignature.getSignedInfo().getReferences() : null;
+ }
+
+ /**
+ * @return the list of {@link XMLObject}s of this Signature
+ */
+ @SuppressWarnings("unchecked")
+ public List getXMLObjects() {
+ return (xmlSignature != null) ? xmlSignature.getObjects() : null;
+ }
+
+ /**
+ * Prepares the signature document with the information given by the
+ * signatureInfo provided.
+ *
+ * @param signatureInfo
+ * the SignatureInfo
+ *
+ * @throws SLCommandException
+ * if processing fails for any reason
+ * @throws IllegalStateException
+ * if the parent node has already been set
+ * @throws NullPointerException
+ * if signatureInfo is null
+ */
+ public void setSignatureInfo(SignatureInfoCreationType signatureInfo) throws SLCommandException {
+
+ if (signatureLocation != null) {
+ throw new IllegalStateException("SignatureEnvironment already set.");
+ }
+
+ Base64XMLOptRefContentType signatureEnvironment = signatureInfo.getSignatureEnvironment();
+
+ if (signatureEnvironment == null) {
+
+ // no SignatureEnvironment, so we use an empty document and the document as parent
+ ensureSignatureLocation();
+
+ } else {
+
+ // parse SignatureEnvrionment and use as document
+ Document document = parseSignatureEnvironment(signatureEnvironment, signatureInfo.getSupplement());
+ ctx.setDocument(document);
+
+ signatureLocation = new SignatureLocation(ctx);
+ signatureLocation.setSignatureInfo(signatureInfo);
+
+ }
+
+ }
+
+ /**
+ * Ensures a SignatureLocation for this Signature.
+ */
+ private void ensureSignatureLocation() {
+
+ if (signatureLocation == null) {
+ Document document = DOMUtils.createDocument();
+ ctx.setDocument(document);
+
+ signatureLocation = new SignatureLocation(ctx);
+ signatureLocation.setParent(document);
+ }
+
+ }
+
+ /**
+ * Adds a DataObject with the information given by the
+ * dataObjectInfo provided to this Signature.
+ *
+ * @param dataObjectInfo
+ * the DataObjectInfo element
+ *
+ * @throws SLCommandException
+ * if adding the DataObject fails
+ * @throws SLRequestException
+ * if the information provided by the given
+ * dataObjectInfo does not conform to the security
+ * layer specification
+ * @throws NullPointerException
+ * if dataObjectInfo is null
+ */
+ public void addDataObject(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException {
+
+ ensureSignatureLocation();
+
+ DataObject dataObject = new DataObject(ctx);
+ dataObject.setDataObjectInfo(dataObjectInfo);
+
+ dataObjects.add(dataObject);
+
+ dataObjectReferencIds.put(dataObject.getReference().getId(), dataObject);
+
+ }
+
+ /**
+ * Sets the SigningTime qualifying property of this Signature.
+ *
+ * @param signingTime the signing time to set
+ */
+ public void setSigningTime(Date signingTime) {
+ this.signingTime = signingTime;
+ }
+
+ /**
+ * Sets the SignerCertificate qualifying property of this Signature.
+ *
+ * @param certificate the signer's certificate
+ */
+ public void setSignerCeritifcate(X509Certificate certificate) {
+ this.signerCertificate = certificate;
+ }
+
+ /**
+ * Builds the XMLSignature data structure of this Signature as configured by
+ * the various setter methods.
+ *
+ * @throws SLCommandException if building this signature fails
+ */
+ public void buildXMLSignature() throws SLCommandException {
+
+ List objects = new ArrayList();
+ List references = new ArrayList();
+
+ // add all data objects
+ for (DataObject dataObject : dataObjects) {
+ if (dataObject.getXmlObject() != null) {
+ objects.add(dataObject.getXmlObject());
+ }
+ if (dataObject.getReference() != null) {
+ references.add(dataObject.getReference());
+ }
+ }
+
+ addXAdESObjectAndReference(objects, references);
+
+ XMLSignatureFactory signatureFactory = ctx.getSignatureFactory();
+ AlgorithmMethodFactory algorithmMethodFactory = ctx.getAlgorithmMethodFactory();
+
+ CanonicalizationMethod cm;
+ SignatureMethod sm;
+ try {
+ cm = algorithmMethodFactory.createCanonicalizationMethod(ctx);
+ sm = algorithmMethodFactory.createSignatureMethod(ctx);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Failed to get Canonicalization or Signature algorithm.", e);
+ throw new SLCommandException(4006);
+ } catch (InvalidAlgorithmParameterException e) {
+ log.error("Failed to get Canonicalization or Signature algorithm.", e);
+ throw new SLCommandException(4006);
+ }
+
+ String siId = ctx.getIdValueFactory().createIdValue("SignedInfo");
+
+ SignedInfo si = signatureFactory.newSignedInfo(cm, sm, references, siId);
+
+ KeyInfo ki = null;
+ if (signerCertificate != null) {
+ KeyInfoFactory kif = KeyInfoFactory.getInstance();
+ X509Data x509Data = kif.newX509Data(Collections.singletonList(signerCertificate));
+ ki = kif.newKeyInfo(Collections.singletonList(x509Data));
+ }
+
+ String signatureId = ctx.getIdValueFactory().createIdValue("Signature");
+ String signatureValueId = ctx.getIdValueFactory().createIdValue("SignatureValue");
+
+ xmlSignature = signatureFactory.newXMLSignature(si, ki, objects, signatureId, signatureValueId);
+
+ }
+
+ /**
+ * Sign this Signature using the given signContext.
+ *
+ * Call's {@link #buildXMLSignature()} if it has not been called yet.
+ *
+ *
+ * @param signContext
+ * the signing context
+ *
+ * @throws MarshalException
+ * if marshalling the XMLSignature fails
+ * @throws XMLSignatureException
+ * if signing the XMLSignature fails
+ * @throws SLCommandException
+ * if building the XMLSignature fails
+ * @throws NullPointerException
+ * if signContext is null
+ */
+ public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException {
+
+ if (xmlSignature == null) {
+ buildXMLSignature();
+ }
+
+ for (IdAttribute idAttribute : idAttributes) {
+ signContext.setIdAttributeNS(idAttribute.element, idAttribute.namespaceURI, idAttribute.localName);
+ }
+
+ // DO NOT USE:
+ // signContext.setProperty("iaik.xml.crypto.dsig.sign-over", Boolean.TRUE);
+
+ signContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+
+ signContext.putNamespacePrefix(XMLSignature.XMLNS, "dsig");
+
+ signContext.setURIDereferencer(new URIDereferncerAdapter(ctx.getDereferencerContext()));
+
+ try {
+ xmlSignature.sign(signContext);
+ } catch (XMLSignatureException e) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause instanceof STALSignatureException) {
+ int errorCode = ((STALSignatureException) cause).getErrorCode();
+ SLCommandException commandException = new SLCommandException(errorCode);
+ log.info("Failed to sign signature.", commandException);
+ throw commandException;
+ } else {
+ cause = cause.getCause();
+ }
+ }
+ throw e;
+ }
+
+ // debug
+ if (log.isTraceEnabled()) {
+ for (DataObject dataObject : dataObjects) {
+ Reference reference = dataObject.getReference();
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ String mimeType = dataObject.getMimeType();
+ StringBuilder sb = new StringBuilder();
+ sb.append("DigestInput for Reference with id='");
+ sb.append(reference.getId());
+ sb.append("' (MIME-Type=");
+ sb.append(dataObject.getMimeType());
+ sb.append("):\n");
+ try {
+ if (mimeType != null && (
+ mimeType.startsWith("text") ||
+ "application/xhtml+xml".equals(mimeType))) {
+ byte[] b = new byte[512];
+ for (int l; (l = digestInputStream.read(b)) != -1;) {
+ sb.append(new String(b, 0, l));
+ }
+ } else {
+ sb.append(HexDump.hexDump(digestInputStream));
+ }
+ } catch (IOException e) {
+ log.error(e);
+ }
+ log.trace(sb.toString());
+ } else {
+ log.trace("Reference caching is not enabled.");
+ }
+ }
+ }
+
+ }
+
+ /**
+ * Sign this Signature using the given stal implementation and
+ * keyboxIdentifier.
+ *
+ * This method configures an appropriate {@link DOMSignContext} and calls
+ * {@link #sign(DOMSignContext)}. If {@link #buildXMLSignature()} has not been
+ * called yet, it is called by this method.
+ *
+ *
+ * @param stal
+ * the STAL implementation to use
+ * @param keyboxIdentifier
+ * the KeyboxIdentifier to use
+ *
+ * @throws MarshalException
+ * if marshalling this Signature fails
+ * @throws XMLSignatureException
+ * if signing this Signature fails
+ * @throws SLCommandException
+ * if building this Signature fails
+ * @throws NullPointerException
+ * if stal or keyboxIdentifier is
+ * null
+ */
+ public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException {
+
+ if (stal == null) {
+ throw new NullPointerException("Argument 'stal' must not be null.");
+ }
+
+ if (keyboxIdentifier == null) {
+ throw new NullPointerException("Argument 'keyboxIdentifier' must not be null.");
+ }
+
+ if (xmlSignature == null) {
+ buildXMLSignature();
+ }
+
+ SignatureMethod signatureMethod = xmlSignature.getSignedInfo().getSignatureMethod();
+ String algorithm = signatureMethod.getAlgorithm();
+
+ PrivateKey privateKey = new STALPrivateKey(stal, algorithm, keyboxIdentifier, this);
+
+ DOMSignContext signContext;
+ if (getNextSibling() == null) {
+ signContext = new DOMSignContext(privateKey, getParent());
+ } else {
+ signContext = new DOMSignContext(privateKey, getParent(), getNextSibling());
+ }
+
+ sign(signContext);
+ }
+
+ @Override
+ public InputStream getHashDataInput(String referenceId) {
+
+ DataObject dataObject = dataObjectReferencIds.get(referenceId);
+ if (dataObject != null) {
+ return dataObject.getReference().getDigestInputStream();
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Adds the XAdES QualifyingProperties as an
+ * ds:Object and a corresponding ds:Reference to
+ * it's SignedProperties element to this Signature.
+ *
+ * @param objects
+ * the list of ds:Objects to add the created
+ * ds:Object to
+ * @param references
+ * the list of ds:References to add the created
+ * ds:Reference to
+ *
+ * @throws SLCommandException
+ * if creating and adding the XAdES
+ * QualifyingProperties fails
+ * @throws NullPointerException
+ * if objects or references is
+ * null
+ */
+ private void addXAdESObjectAndReference(List objects, List references) throws SLCommandException {
+
+ QualifyingPropertiesFactory factory = QualifyingPropertiesFactory.getInstance();
+
+ String idValue = ctx.getIdValueFactory().createIdValue("SignedProperties");
+
+ Date date = (signingTime != null) ? signingTime : new Date();
+
+ List signingCertificates;
+ if (signerCertificate != null) {
+ signingCertificates = Collections.singletonList(signerCertificate);
+ } else {
+ signingCertificates = Collections.emptyList();
+ }
+
+ // TODO: report MOA-SP bug
+ //
+ // The security layer specification mandates the use of version 1.2.2. of the
+ // XAdES QualifyingProperties. However MOA-SP supports only version 1.1.1. Therefore,
+ // the version 1.1.1 is used in order to be compatible with current MOA-SP versions.
+
+ List dataObjectFormats = new ArrayList();
+ for (DataObject dataObject : dataObjects) {
+ if (dataObject.getMimeType() != null && dataObject.getReference() != null) {
+ Reference reference = dataObject.getReference();
+ if (reference.getId() != null) {
+ String objectReference = "#" + reference.getId();
+ dataObjectFormats.add(factory.createDataObjectFormatType(
+ objectReference, dataObject.getMimeType(), dataObject
+ .getDescription()));
+ }
+ }
+ }
+
+ JAXBElement qualifyingProperties;
+ try {
+ qualifyingProperties = factory.createQualifyingProperties111(date, signingCertificates, idValue, dataObjectFormats);
+ } catch (QualifyingPropertiesException e) {
+ log.error("Failed to create QualifyingProperties.", e);
+ throw new SLCommandException(4000);
+ }
+
+ DocumentFragment fragment = ctx.getDocument().createDocumentFragment();
+
+ try {
+ factory.marshallQualifyingProperties(qualifyingProperties, fragment);
+ } catch (JAXBException e) {
+ log.error("Failed to marshal QualifyingProperties.", e);
+ throw new SLCommandException(4000);
+ }
+
+ List content = Collections.singletonList(new DOMStructure(fragment.getFirstChild()));
+
+ String objectIdValue = ctx.getIdValueFactory().createIdValue("Object");
+
+ XMLObject object = ctx.getSignatureFactory().newXMLObject(content, objectIdValue, null, null);
+
+ objects.add(object);
+
+ // TODO: Report MOA-SP Bug
+ //
+ // Direct referencing of the SignedPorperties Id-attribute is not supported by MOA-SP
+ // because the QualifyingProperties are parsed without the XAdES schema. Therefore,
+ // the shorthand XPointer could not be resolved.
+ //
+ // The following workaround uses an XPointer to select the SignedProperties in order
+ // to allow the signature to be verified with MOA-SP.
+
+ String referenceURI = "#xmlns(xades=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('"
+ + objectIdValue
+ + "')/child::xades:QualifyingProperties/child::xades:SignedProperties)";
+ DigestMethod dm;
+ try {
+ dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Failed to get DigestMethod algorithm.", e);
+ throw new SLCommandException(4006);
+ } catch (InvalidAlgorithmParameterException e) {
+ log.error("Failed to get DigestMethod algorithm.", e);
+ throw new SLCommandException(4006);
+ }
+
+ String referenceIdValue = ctx.getIdValueFactory().createIdValue("Reference");
+ String referenceType = QualifyingPropertiesFactory.SIGNED_PROPERTIES_REFERENCE_TYPE_V1_1_1;
+
+ Reference reference = ctx.getSignatureFactory().newReference(referenceURI, dm, null, referenceType, referenceIdValue);
+
+ references.add(reference);
+
+ Node child = fragment.getFirstChild();
+ if (child instanceof Element) {
+ NodeList nodes = ((Element) child).getElementsByTagNameNS(QualifyingPropertiesFactory.NS_URI_V1_1_1, "SignedProperties");
+ if (nodes.getLength() > 0) {
+ IdAttribute idAttribute = new IdAttribute();
+ idAttribute.element = (Element) nodes.item(0);
+ idAttribute.namespaceURI = null;
+ idAttribute.localName = "Id";
+ idAttributes.add(idAttribute);
+ }
+ }
+
+ }
+
+ /**
+ * Parse the SignatureEnvironment.
+ *
+ * @param signatureEnvironment
+ * the SignatureEnvironment element
+ * @param supplements
+ * an optional list of Supplements (may be
+ * null)
+ *
+ * @return the parsed SignatureEnvironment document
+ *
+ * @throws SLCommandException
+ * if parsing the SignatureEnvironment fails
+ * @throws NullPointerException
+ * if signatureEnvironment is null
+ */
+ private Document parseSignatureEnvironment(
+ Base64XMLOptRefContentType signatureEnvironment,
+ List supplements) throws SLCommandException {
+
+ if (signatureEnvironment == null) {
+ throw new NullPointerException("Argument 'signatureEnvironment' must not be null.");
+ }
+
+ LSInput input;
+ try {
+ if (signatureEnvironment.getReference() != null) {
+ log.debug("SignatureEnvironment contains Reference " + signatureEnvironment.getReference() + ".");
+ input = createLSInput(signatureEnvironment.getReference());
+ } else if (signatureEnvironment.getBase64Content() != null) {
+ log.debug("SignatureEnvironment contains Base64Content.");
+ input = createLSInput(signatureEnvironment.getBase64Content());
+ } else if (signatureEnvironment.getXMLContent() != null) {
+ log.debug("SignatureEnvironment contains XMLContent.");
+ input = createLSInput((XMLContentType) signatureEnvironment.getXMLContent());
+ } else {
+ // the schema does not allow us to reach this point
+ throw new SLCommandException(4000);
+ }
+ } catch (IOException e) {
+ log.info("XML document in which the signature is to be integrated cannot be resolved.", e);
+ throw new SLCommandException(4100);
+ } catch (XMLStreamException e) {
+ log.info("XML document in which the signature is to be integrated cannot be resolved.", e);
+ throw new SLCommandException(4100);
+ }
+
+ LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null);
+ DOMConfiguration domConfig = parser.getDomConfig();
+ SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler();
+ domConfig.setParameter("error-handler", errorHandler);
+ LSResourceResolverAdapter resourceResolver = new LSResourceResolverAdapter(supplements);
+ domConfig.setParameter("resource-resolver", resourceResolver);
+ domConfig.setParameter("validate", Boolean.TRUE);
+
+ Document doc;
+ try {
+ doc = parser.parse(input);
+ } catch (DOMException e) {
+ log.info("XML document in which the signature is to be integrated cannot be parsed.", e);
+ throw new SLCommandException(4101);
+ } catch (LSException e) {
+ log.info("XML document in which the signature is to be integrated cannot be parsed.", e);
+ throw new SLCommandException(4101);
+ }
+
+ if (resourceResolver.getError() != null) {
+ log.info("Failed to resolve resource while parsing SignatureEnvironment document.", resourceResolver.getError());
+ // we don't stop here, as we only _try_ to parse validating
+ }
+
+ if (errorHandler.hasFatalErrors()) {
+ // log fatal errors
+ if (log.isInfoEnabled()) {
+ List errorMessages = errorHandler.getErrorMessages();
+ StringBuffer sb = new StringBuffer();
+ for (String errorMessage : errorMessages) {
+ sb.append(" ");
+ sb.append(errorMessage);
+ }
+ log.info("XML document in which the signature is to be integrated cannot be parsed." + sb.toString());
+ }
+ throw new SLCommandException(4101);
+ }
+
+ // log parsed document
+ if (log.isTraceEnabled()) {
+
+ StringWriter writer = new StringWriter();
+
+ writer.write("SignatureEnvironment:\n");
+
+ LSOutput output = domImplLS.createLSOutput();
+ output.setCharacterStream(writer);
+ output.setEncoding("UTF-8");
+ LSSerializer serializer = domImplLS.createLSSerializer();
+ serializer.write(doc, output);
+
+ log.trace(writer.toString());
+ }
+
+ return doc;
+
+ }
+
+ /**
+ * Creates an LSInput from the given reference URI.
+ *
+ * @param reference
+ * the reference URL
+ *
+ * @return an LSInput from the given reference URI
+ *
+ * @throws IOException
+ * if dereferencing the given reference fails
+ */
+ private LSInput createLSInput(String reference) throws IOException {
+
+ URLDereferencer urlDereferencer = URLDereferencer.getInstance();
+ StreamData streamData = urlDereferencer.dereference(reference, ctx.getDereferencerContext());
+
+ String contentType = streamData.getContentType();
+ String charset = HttpUtil.getCharset(contentType, true);
+ InputStreamReader streamReader;
+ try {
+ streamReader = new InputStreamReader(streamData.getStream(), charset);
+ } catch (UnsupportedEncodingException e) {
+ log.info("Charset " + charset + " not supported. Using default.");
+ streamReader = new InputStreamReader(streamData.getStream());
+ }
+
+ LSInput input = domImplLS.createLSInput();
+ input = domImplLS.createLSInput();
+ input.setCharacterStream(streamReader);
+
+ return input;
+
+ }
+
+ /**
+ * Creates an LSInput from the given content bytes.
+ *
+ * @param content
+ * the content bytes
+ *
+ * @return an LSInput from the givne content bytes
+ */
+ private LSInput createLSInput(byte[] content) {
+
+ ByteArrayInputStream inputStream = new ByteArrayInputStream(content);
+ LSInput input = domImplLS.createLSInput();
+ input.setByteStream(inputStream);
+
+ return input;
+
+ }
+
+ /**
+ * Creates an LSInput from the given XML content.
+ *
+ * @param content
+ * the XML content
+ * @return an LSInput from the given XML content
+ *
+ * @throws XMLStreamException
+ * if reading the XMLStream from the given XML content fails
+ */
+ private LSInput createLSInput(XMLContentType content) throws XMLStreamException {
+
+ ByteArrayOutputStream redirectedStream = content.getRedirectedStream();
+ if (redirectedStream != null) {
+ LSInput input = domImplLS.createLSInput();
+ input.setByteStream(new ByteArrayInputStream(redirectedStream.toByteArray()));
+ return input;
+ } else {
+ return null;
+ }
+
+ }
+
+ /**
+ * Represents an xsd:Id-attribute value.
+ *
+ * @author mcentner
+ */
+ private class IdAttribute {
+
+ private Element element;
+
+ private String namespaceURI;
+
+ private String localName;
+
+ }
+
+ /**
+ * An implementation of the LSResourceResolver that uses a list of supplements
+ * to resolve resources.
+ *
+ * @author mcentner
+ */
+ private class LSResourceResolverAdapter implements LSResourceResolver {
+
+ List supplements;
+
+ private LSResourceResolverAdapter(
+ List supplements) {
+ this.supplements = supplements;
+ }
+
+ private Exception error;
+
+ /**
+ * @return the error
+ */
+ public Exception getError() {
+ return error;
+ }
+
+ @Override
+ public LSInput resolveResource(String type, String namespaceURI,
+ String publicId, String systemId, String baseURI) {
+
+ if (log.isTraceEnabled()) {
+ log.trace("Resolve resource :" +
+ "\n type=" + type +
+ "\n namespaceURI=" + namespaceURI +
+ "\n publicId=" + publicId +
+ "\n systemId=" + systemId +
+ "\n baseURI=" + baseURI);
+ }
+
+ if (systemId != null) {
+
+ log.debug("Resolve resource '" + systemId + "'.");
+
+ for (DataObjectAssociationType supplement : supplements) {
+
+ Base64XMLLocRefReqRefContentType content = supplement.getContent();
+ if (content != null) {
+
+ String reference = content.getReference();
+ if (systemId.equals(reference)) {
+
+ try {
+ if (content.getLocRefContent() != null) {
+ log.trace("Resolved resource '" + reference + "' to supplement with LocRefContent.");
+ return createLSInput(content.getLocRefContent());
+ } else if (content.getBase64Content() != null) {
+ log.trace("Resolved resource '" + reference + "' to supplement with Base64Content.");
+ return createLSInput(content.getBase64Content());
+ } else if (content.getXMLContent() != null) {
+ log.trace("Resolved resource '" + reference + "' to supplement with XMLContent.");
+ return createLSInput((XMLContentType) content.getXMLContent());
+ } else {
+ return null;
+ }
+ } catch (IOException e) {
+ log.info("Failed to resolve resource '" + systemId + "' to supplement.", e);
+ error = e;
+ return null;
+ } catch (XMLStreamException e) {
+ log.info("Failed to resolve resource '" + systemId + "' to supplement.", e);
+ error = e;
+ return null;
+ }
+
+ }
+
+ }
+
+ }
+
+ log.info("Failed to resolve resource '" + systemId + "' to supplement. No such supplement.");
+
+ }
+
+ return null;
+
+ }
+
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java
new file mode 100644
index 00000000..0925f2fd
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureContext.java
@@ -0,0 +1,129 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+
+import org.w3c.dom.Document;
+
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
+
+/**
+ * An instance of this class carries context information for a XML-Signature
+ * created by the security layer command CreateXMLSignature.
+ *
+ * @author mcentner
+ */
+public class SignatureContext {
+
+ /**
+ * The document going to contain the XML signature.
+ */
+ private Document document;
+
+ /**
+ * The IdValueFactory used to create xsd:ID-attribute values.
+ */
+ private IdValueFactory idValueFactory;
+
+ /**
+ * The XMLSignatureFactory to create XML signature objects.
+ */
+ private XMLSignatureFactory signatureFactory;
+
+ /**
+ * The URLDereferencerContext for dereferencing URLs.
+ */
+ private URLDereferencerContext dereferencerContext;
+
+ /**
+ * The DigestMethodFactory to create {@link DigestMethod} objects.
+ */
+ private AlgorithmMethodFactory digestMethodFactory;
+
+ /**
+ * @return the document
+ */
+ public Document getDocument() {
+ return document;
+ }
+
+ /**
+ * @param document the document to set
+ */
+ public void setDocument(Document document) {
+ this.document = document;
+ }
+
+ /**
+ * @return the idValueFactory
+ */
+ public IdValueFactory getIdValueFactory() {
+ return idValueFactory;
+ }
+
+ /**
+ * @param idValueFactory the idValueFactory to set
+ */
+ public void setIdValueFactory(IdValueFactory idValueFactory) {
+ this.idValueFactory = idValueFactory;
+ }
+
+ /**
+ * @return the signatureFactory
+ */
+ public XMLSignatureFactory getSignatureFactory() {
+ return signatureFactory;
+ }
+
+ /**
+ * @param signatureFactory the signatureFactory to set
+ */
+ public void setSignatureFactory(XMLSignatureFactory signatureFactory) {
+ this.signatureFactory = signatureFactory;
+ }
+
+ /**
+ * @return the dereferencerContext
+ */
+ public URLDereferencerContext getDereferencerContext() {
+ return dereferencerContext;
+ }
+
+ /**
+ * @param dereferencerContext the dereferencerContext to set
+ */
+ public void setDereferencerContext(URLDereferencerContext dereferencerContext) {
+ this.dereferencerContext = dereferencerContext;
+ }
+
+ /**
+ * @return the digestMethodFactory
+ */
+ public AlgorithmMethodFactory getAlgorithmMethodFactory() {
+ return digestMethodFactory;
+ }
+
+ /**
+ * @param digestMethodFactory the digestMethodFactory to set
+ */
+ public void setAlgorithmMethodFactory(AlgorithmMethodFactory digestMethodFactory) {
+ this.digestMethodFactory = digestMethodFactory;
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java
new file mode 100644
index 00000000..5ec02893
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureLocation.java
@@ -0,0 +1,235 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.util.Iterator;
+
+import javax.xml.XMLConstants;
+import javax.xml.namespace.NamespaceContext;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.slbinding.impl.SignatureLocationType;
+
+/**
+ * This class implements the SignatureLocation of an XML-Signature
+ * to be created by the security layer command CreateXMLSignature.
+ *
+ * @author mcentner
+ */
+public class SignatureLocation {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(SignatureLocation.class);
+
+ /**
+ * The SignatureContext for the XML signature
+ */
+ private SignatureContext ctx;
+
+ /**
+ * The parent node for the XML signature.
+ */
+ private Node parent;
+
+ /**
+ * The next sibling node for the XML signature.
+ */
+ private Node nextSibling;
+
+ /**
+ * Creates a new SignatureLocation with the given signatureContext
+ *
+ * @param signatureContext the context for the XML signature creation
+ */
+ public SignatureLocation(SignatureContext signatureContext) {
+ this.ctx = signatureContext;
+ }
+
+ /**
+ * @return the parent node for the XML signature
+ */
+ public Node getParent() {
+ return parent;
+ }
+
+ /**
+ * @param parent the parent for the XML signature
+ */
+ public void setParent(Node parent) {
+ this.parent = parent;
+ }
+
+ /**
+ * @return the next sibling node for the XML signature
+ */
+ public Node getNextSibling() {
+ return nextSibling;
+ }
+
+ /**
+ * @param nextSibling the next sibling node for the XML signature
+ */
+ public void setNextSibling(Node nextSibling) {
+ this.nextSibling = nextSibling;
+ }
+
+ /**
+ * Configures this SignatureLocation with the information provided by the
+ * given SignatureInfo element.
+ *
+ * @param signatureInfo
+ * the SignatureInfo element
+ *
+ * @throws SLCommandException
+ * if configuring this SignatureLocation with given
+ * signatureInfofails
+ */
+ public void setSignatureInfo(SignatureInfoCreationType signatureInfo)
+ throws SLCommandException {
+
+ // evaluate signature location XPath ...
+ SignatureLocationType signatureLocation = (SignatureLocationType) signatureInfo
+ .getSignatureLocation();
+
+ NamespaceContext namespaceContext = new MOAIDWorkaroundNamespaceContext(
+ signatureLocation.getNamespaceContext());
+
+ parent = evaluateSignatureLocation(signatureInfo.getSignatureLocation()
+ .getValue(), namespaceContext, ctx.getDocument().getDocumentElement());
+
+ // ... and index
+ nextSibling = findNextSibling(parent, signatureInfo.getSignatureLocation()
+ .getIndex().intValue());
+
+ }
+
+ /**
+ * Evaluates the given xpath with the document element as context node
+ * and returns the resulting node.
+ *
+ * @param xpath the XPath expression
+ * @param nsContext the namespace context of the XPath expression
+ * @param contextNode the context node for the XPath evaluation
+ *
+ * @return the result of evaluating the XPath expression
+ *
+ * @throws SLCommandException
+ */
+ private Node evaluateSignatureLocation(String xpath, NamespaceContext nsContext, Node contextNode) throws SLCommandException {
+
+ Node node = null;
+ try {
+ XPathFactory xpathFactory = XPathFactory.newInstance();
+ XPath xPath = xpathFactory.newXPath();
+ xPath.setNamespaceContext(nsContext);
+ XPathExpression xpathExpr = xPath.compile(xpath);
+ node = (Node) xpathExpr.evaluate(contextNode, XPathConstants.NODE);
+ } catch (XPathExpressionException e) {
+ log.info("Failed to evaluate SignatureLocation XPath expression '" + xpath + "' on context node.", e);
+ throw new SLCommandException(4102);
+ }
+
+ if (node == null) {
+ log.info("Failed to evaluate SignatureLocation XPath expression '" + xpath + "'. Result is empty.");
+ throw new SLCommandException(4102);
+ }
+
+ return node;
+
+ }
+
+ /**
+ * Finds the next sibling node of the parent's n-th child node
+ * or null if there is no next sibling.
+ *
+ * @param parent the parent node
+ * @param n the index of the child node
+ *
+ * @return the next sibling node of the node specified by parent and index n,
+ * or null if there is no next sibling node.
+ *
+ * @throws SLCommandException if the n-th child of parent does not exist
+ */
+ private Node findNextSibling(Node parent, int n) throws SLCommandException {
+
+ NodeList childNodes = parent.getChildNodes();
+ Node childNode = childNodes.item(n);
+ if (childNode == null) {
+ log.info("SingatureLocation Index '" + n + "' not found in document.");
+ throw new SLCommandException(4102);
+ } else {
+ return childNode.getNextSibling();
+ }
+
+ }
+
+ /**
+ * Workaround for a missing namespace prefix declaration in MOA-ID.
+ *
+ * @author mcentner
+ */
+ private class MOAIDWorkaroundNamespaceContext implements NamespaceContext {
+
+ private NamespaceContext namespaceContext;
+
+ public MOAIDWorkaroundNamespaceContext(NamespaceContext namespaceContext) {
+ super();
+ this.namespaceContext = namespaceContext;
+ }
+
+ @Override
+ public String getNamespaceURI(String prefix) {
+
+ String namespaceURI = namespaceContext.getNamespaceURI(prefix);
+
+ if ((namespaceURI == null || XMLConstants.NULL_NS_URI.equals(namespaceURI)) && "saml".equals(prefix)) {
+ namespaceURI = "urn:oasis:names:tc:SAML:1.0:assertion";
+ log.debug("Namespace prefix '" + prefix + "' resolved to '" + namespaceURI + "' (MOA-ID Workaround).");
+ } else {
+ log.trace("Namespace prefix '" + prefix + "' resolved to '" + namespaceURI + "'.");
+ }
+
+ return namespaceURI;
+ }
+
+ @Override
+ public String getPrefix(String namespaceURI) {
+ return namespaceContext.getPrefix(namespaceURI);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public Iterator getPrefixes(String namespaceURI) {
+ return namespaceContext.getPrefixes(namespaceURI);
+ }
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SimpleDOMErrorHandler.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SimpleDOMErrorHandler.java
new file mode 100644
index 00000000..0d54adce
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/SimpleDOMErrorHandler.java
@@ -0,0 +1,98 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.DOMError;
+import org.w3c.dom.DOMErrorHandler;
+
+/**
+ * A simple DOMErrorHandler implementation.
+ *
+ * @author mcentner
+ */
+public class SimpleDOMErrorHandler implements DOMErrorHandler {
+
+ /**
+ * Have there been errors reported?
+ */
+ private boolean errors = false;
+
+ /**
+ * Have there been fatal error reported?
+ */
+ private boolean fatalErrors = false;
+
+ /**
+ * The list of error messages of reported errors.
+ */
+ private List errorMessages = new ArrayList();
+
+ /**
+ * @return true if errors have been reported, or false otherwise
+ */
+ public boolean hasErrors() {
+ return errors;
+ }
+
+ /**
+ * @return true if fatal errors have been reported, or false otherwise
+ */
+ public boolean hasFatalErrors() {
+ return fatalErrors;
+ }
+
+ /**
+ * @return a list of error messages that have been reported
+ */
+ public List getErrorMessages() {
+ return errorMessages;
+ }
+
+ /* (non-Javadoc)
+ * @see org.w3c.dom.DOMErrorHandler#handleError(org.w3c.dom.DOMError)
+ */
+ @Override
+ public boolean handleError(DOMError error) {
+
+ switch (error.getSeverity()) {
+
+ case DOMError.SEVERITY_WARNING :
+// log.debug("[warning] " + error.getMessage());
+ return true;
+
+ case DOMError.SEVERITY_ERROR :
+// log.debug("[error] " + error.getMessage());
+ errorMessages.add(error.getMessage());
+ errors = true;
+ return false;
+
+ case DOMError.SEVERITY_FATAL_ERROR :
+// log.debug("[fatal error] " + error.getMessage());
+ errorMessages.add(error.getMessage());
+ fatalErrors = true;
+ return false;
+
+ default:
+ return false;
+ }
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java
new file mode 100644
index 00000000..c94937be
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/URIDereferncerAdapter.java
@@ -0,0 +1,103 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import iaik.xml.crypto.utils.URIDereferencerImpl;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.URIReference;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.XMLCryptoContext;
+
+import at.gv.egiz.bku.utils.urldereferencer.StreamData;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
+
+/**
+ * An URIDereferencer implementation that uses an {@link URLDereferencer} to
+ * dereference.
+ *
+ * @author mcentner
+ */
+public class URIDereferncerAdapter implements URIDereferencer {
+
+ /**
+ * The context for dereferencing.
+ */
+ protected URLDereferencerContext urlDereferencerContext;
+
+ /**
+ * Creates a new URIDereferencerAdapter instance with the given
+ * urlDereferencerContext.
+ *
+ * @param urlDereferencerContext the context to be used for dereferencing
+ */
+ public URIDereferncerAdapter(URLDereferencerContext urlDereferencerContext) {
+ super();
+ this.urlDereferencerContext = urlDereferencerContext;
+ }
+
+ /* (non-Javadoc)
+ * @see javax.xml.crypto.URIDereferencer#dereference(javax.xml.crypto.URIReference, javax.xml.crypto.XMLCryptoContext)
+ */
+ @Override
+ public Data dereference(URIReference uriReference, XMLCryptoContext context)
+ throws URIReferenceException {
+
+ String uriString = uriReference.getURI();
+ if (uriString == null) {
+ return null;
+ }
+
+ URI uri;
+ try {
+ uri = new URI(uriString);
+ } catch (URISyntaxException e) {
+ throw new URIReferenceException(e.getMessage(), e);
+ }
+
+ if (uri.isAbsolute()) {
+
+ URLDereferencer dereferencer = URLDereferencer.getInstance();
+ StreamData streamData;
+ try {
+ streamData = dereferencer.dereference(uriString, urlDereferencerContext);
+ } catch (IOException e) {
+ throw new URIReferenceException(e.getMessage(), e);
+ }
+ return new OctetStreamData(streamData.getStream(), uriString, streamData.getContentType());
+
+ } else {
+
+ URIDereferencer uriDereferencer = context.getURIDereferencer();
+ if (uriDereferencer == null || uriDereferencer == this) {
+ uriDereferencer = new URIDereferencerImpl();
+ }
+
+ return uriDereferencer.dereference(uriReference, context);
+
+ }
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTReference.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTReference.java
new file mode 100644
index 00000000..6b388f2a
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTReference.java
@@ -0,0 +1,112 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import iaik.xml.crypto.dsig.DigestMethodImpl;
+import iaik.xml.crypto.dsig.DigestValueImpl;
+import iaik.xml.crypto.dsig.ReferenceImpl;
+import iaik.xml.crypto.dsig.TransformImpl;
+import iaik.xml.crypto.dsig.TransformsImpl;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.URIDereferencer;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.TransformException;
+
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
+
+/**
+ * This class extends the XSECT ReferenceImpl to allow for the use
+ * of already marshalled ds:Transforms elements for initialization.
+ *
+ * @author mcentner
+ */
+public class XSECTReference extends ReferenceImpl {
+
+ /**
+ * The URIDereferencer to be used for dereferencing.
+ */
+ protected URIDereferencer dereferencer;
+
+ /**
+ * Creates a new instance of this XSECTReference with the given
+ * uri, digest method, transforms, type
+ * and id value.
+ *
+ * @param uri
+ * the URI-attribute value (may be null)
+ * @param dm
+ * the digest method
+ * @param transforms
+ * a TransformsImpl element (may be null)
+ * @param type
+ * the Type-attribute value (may be null)
+ * @param id
+ * the Id-attribute value (may be null)
+ *
+ * @throws NullPointerException
+ * if digestMethod is null
+ * @throws IllegalArgumentException
+ * if uri is not RFC 2396 compliant
+ * @throws ClassCastException
+ * if any of the transforms is not of type
+ * {@link TransformImpl}
+ */
+ public XSECTReference(String uri, DigestMethod dm, TransformsImpl transforms, String type,
+ String id) {
+ super(uri, transforms, type, id);
+ digestMethod_ = (DigestMethodImpl) dm;
+ digestValue_ = new DigestValueImpl();
+ }
+
+ /* (non-Javadoc)
+ * @see iaik.xml.crypto.dsig.ReferenceType#dereference(javax.xml.crypto.XMLCryptoContext)
+ */
+ @Override
+ public Data dereference(XMLCryptoContext context) throws TransformException,
+ URIReferenceException {
+ if (dereferencer != null) {
+ return dereferencer.dereference(this, context);
+ } else {
+ try {
+ return super.dereference(context);
+ } catch (URIReferenceException e) {
+ SLCommandException commandException = new SLCommandException(4003,
+ SLExceptionMessages.EC4003_NOT_RESOLVED, new Object[] { getURI() });
+ throw new URIReferenceException("Failed to dereference data to-be signed.", commandException);
+ }
+ }
+ }
+
+ /**
+ * @return the dereferencer to be used for dereferencing this reference
+ */
+ public URIDereferencer getDereferencer() {
+ return dereferencer;
+ }
+
+ /**
+ * @param dereferencer the dereferencer to be used for dereferencing this reference
+ */
+ public void setDereferencer(URIDereferencer dereferencer) {
+ this.dereferencer = dereferencer;
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTTransforms.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTTransforms.java
new file mode 100644
index 00000000..a98e4236
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/XSECTTransforms.java
@@ -0,0 +1,124 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import iaik.xml.crypto.dsig.TransformImpl;
+import iaik.xml.crypto.dsig.TransformsImpl;
+
+import java.util.List;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dom.DOMCryptoContext;
+import javax.xml.crypto.dsig.Transform;
+
+import org.w3c.dom.Node;
+
+/**
+ * This class extends the XSECT TransformsImpl to allow for the use of an
+ * unmarshalled ds:Transforms element for initalization.
+ *
+ * @author mcentner
+ */
+public class XSECTTransforms extends TransformsImpl {
+
+ /**
+ * Creates a new XSECTTransforms with the given list of transforms.
+ *
+ * @param transforms a list of {@link TransformImpl}s
+ * @see TransformsImpl#TransformsImpl(List)
+ */
+ @SuppressWarnings("unchecked")
+ public XSECTTransforms(List transforms) {
+ super(transforms);
+ }
+
+ /**
+ * Creates a new XSECTTransforms and initializes it from the given
+ * ds:Transforms node.
+ *
+ * @param context the context used for unmarshalling
+ * @param node the ds:Transforms node
+ *
+ * @throws MarshalException if unmarshalling the ds:Transforms fails
+ */
+ public XSECTTransforms(DOMCryptoContext context, Node node)
+ throws MarshalException {
+ super(context, node);
+ }
+
+ /**
+ * Inserts the given transform at the top of the
+ * transform list.
+ *
+ * @param transform the ds:Transform to instert
+ */
+ @SuppressWarnings("unchecked")
+ public void insertTransform(Transform transform) {
+ if (transform == null) {
+ throw new NullPointerException("Parameter 'transform' must not be null.");
+ }
+ if (!(transform instanceof TransformImpl)) {
+ throw new ClassCastException("Transform 'transform' must be of type '" + TransformImpl.class.getName() + "'.");
+ }
+ transforms_.add(0, transform);
+ }
+
+ /**
+ * @return
+ */
+ @SuppressWarnings("unchecked")
+ private List getTransformImpls() {
+ return transforms_;
+ }
+
+ /* (non-Javadoc)
+ * @see iaik.xml.crypto.dsig.TransformsType#marshal(javax.xml.crypto.dom.DOMCryptoContext, org.w3c.dom.Node, org.w3c.dom.Node)
+ */
+ @Override
+ public Node marshal(DOMCryptoContext context, Node parent, Node nextSibling)
+ throws MarshalException {
+
+ if (getNode() != null) {
+ // If this TransformsImpl has been unmarshalled from exiting nodes,
+ // we don't want to re-marshal ...
+ state_ = STATE_MARSHALED;
+
+ // ... but append the existing node to the parent ...
+ Node transformsNode = parent.insertBefore(getNode(), nextSibling);
+
+ // ... and marshal any Transforms not yet marshalled (e.g. that
+ // have been added via insertTransform().
+ Node transformNextSibling = transformsNode.getFirstChild();
+ List transforms = getTransformImpls();
+ for (int i = 0; i < transforms.size(); i++) {
+ TransformImpl transform = transforms.get(i);
+ Node transformNode = transform.getNode();
+ if (transformNode == null) {
+ // marshall TransformImpl
+ transformNode = transform.marshal(context, transformsNode, transformNextSibling);
+ }
+ transformNextSibling = transformNode.getNextSibling();
+ }
+
+ return transformsNode;
+ } else {
+ return super.marshal(context, parent, nextSibling);
+ }
+
+ }
+
+}
--
cgit v1.2.3
From e0f2c64ad6360e2ecec983cb5e0a60f812672106 Mon Sep 17 00:00:00 2001
From: wbauer
Date: Thu, 4 Sep 2008 14:56:54 +0000
Subject: finished access controller, accessed it from command invoker and
configured everything within onlinebku
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@14 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java | 10 +++++++++-
.../java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java | 7 ++++---
.../java/at/gv/egiz/bku/slcommands/SLSourceContext.java | 11 ++++++-----
.../java/at/gv/egiz/bku/slcommands/SLTargetContext.java | 13 +++++++------
.../gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java | 7 ++++++-
5 files changed, 32 insertions(+), 16 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java
index 77529a36..73fddf1f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java
@@ -16,5 +16,13 @@
*/
package at.gv.egiz.bku.slcommands;
-public interface InfoboxReadCommand extends SLCommand {
+public interface InfoboxReadCommand extends SLCommand {
+ public String getInfoboxIdentifier();
+
+ /**
+ * Convenience method to get the domain identifier if the infobox
+ * referes to a Identitylink.
+ * @return the domain id or null if the Infobox is not of type Identitylink or no domain parameter was specified
+ */
+ public String getIdentityLinkDomainId();
}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java
index 30c6b68f..c28288c9 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java
@@ -16,7 +16,8 @@
*/
package at.gv.egiz.bku.slcommands;
-import at.gv.egiz.bku.slexceptions.SLCanceledException;
+import at.gv.egiz.bku.slexceptions.SLCanceledException;
+import at.gv.egiz.bku.slexceptions.SLException;
public interface SLCommandInvoker {
@@ -25,7 +26,7 @@ public interface SLCommandInvoker {
* @param aContext
* @throws SLCanceledException if the security management prevents execution of this command
*/
- public void invoke(SLSourceContext aContext) throws SLCanceledException;
+ public void invoke(SLSourceContext aContext) throws SLException;
/**
*
@@ -33,7 +34,7 @@ public interface SLCommandInvoker {
* @return
* @throws SLCanceledException if the security management prevents execution of this command
*/
- public SLResult getResult(SLTargetContext aContext) throws SLCanceledException;
+ public SLResult getResult(SLTargetContext aContext) throws SLException;
public void setCommand(at.gv.egiz.bku.slcommands.SLCommand aCmd);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java
index ded55b2a..f25a0ea4 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java
@@ -16,6 +16,7 @@
*/
package at.gv.egiz.bku.slcommands;
+import java.net.URL;
import java.security.cert.X509Certificate;
import at.gv.egiz.bku.utils.binding.Protocol;
@@ -23,17 +24,17 @@ import at.gv.egiz.bku.utils.binding.Protocol;
public class SLSourceContext {
- private Protocol sourceProtocol;
+ private URL sourceUrl;
private boolean sourceIsDataURL;
private X509Certificate sourceCertificate;
private String sourceHTTPReferer;
- public Protocol getSourceProtocol() {
- return sourceProtocol;
+ public URL getSourceUrl() {
+ return sourceUrl;
}
- public void setSourceProtocol(Protocol sourceProtocol) {
- this.sourceProtocol = sourceProtocol;
+ public void setSourceUrl(URL sourceProtocol) {
+ this.sourceUrl = sourceProtocol;
}
public boolean isSourceIsDataURL() {
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java
index cf800406..f9df3ced 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java
@@ -16,19 +16,20 @@
*/
package at.gv.egiz.bku.slcommands;
-import java.security.cert.X509Certificate;
+import java.net.URL;
+import java.security.cert.X509Certificate;
public class SLTargetContext {
- private String targetProtocol;
+ private URL targetUrl;
private boolean targetIsDataURL;
private X509Certificate targetCertificate;
- public String getTargetProtocol() {
- return targetProtocol;
+ public URL getTargetUrl() {
+ return targetUrl;
}
- public void setTargetProtocol(String targetProtocol) {
- this.targetProtocol = targetProtocol;
+ public void setTargetUrl(URL targetUrl) {
+ this.targetUrl = targetUrl;
}
public boolean isTargetIsDataURL() {
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
index 93131cf4..b6745e1f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
@@ -405,5 +405,10 @@ public class InfoboxReadCommandImpl extends SLCommandImpl
Date: Fri, 5 Sep 2008 13:38:52 +0000
Subject: HashDataInput
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@20 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../bku/slcommands/impl/HashDataInputImpl.java | 42 +
.../bku/slcommands/impl/xsect/STALPrivateKey.java | 218 +--
.../bku/slcommands/impl/xsect/STALSignature.java | 310 ++--
.../egiz/bku/slcommands/impl/xsect/Signature.java | 1855 ++++++++++----------
4 files changed, 1251 insertions(+), 1174 deletions(-)
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
new file mode 100644
index 00000000..49d3c63f
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
@@ -0,0 +1,42 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package at.gv.egiz.bku.slcommands.impl;
+
+import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
+import at.gv.egiz.stal.HashDataInput;
+import java.io.InputStream;
+
+/**
+ *
+ * @author clemens
+ */
+public class HashDataInputImpl implements HashDataInput {
+
+ String refId;
+ String mimeType;
+ InputStream hashDataInput;
+
+ public HashDataInputImpl(DataObject dataObject) {
+ refId = dataObject.getReference().getId();
+ mimeType = dataObject.getMimeType();
+ hashDataInput = dataObject.getReference().getDigestInputStream();
+ }
+
+ @Override
+ public String getReferenceId() {
+ return refId;
+ }
+
+ @Override
+ public String getMimeType() {
+ return mimeType;
+ }
+
+ @Override
+ public InputStream getHashDataInput() {
+ return hashDataInput;
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
index 64c758c9..25e2d4e5 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALPrivateKey.java
@@ -14,109 +14,115 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.security.PrivateKey;
-
-import at.gv.egiz.stal.STAL;
-import at.gv.egiz.stal.HashDataInputCallback;
-
-/**
- * This class implements a private key used by the {@link STALSignature} class.
- *
- * @author mcentner
- */
-public class STALPrivateKey implements PrivateKey {
-
- private static final long serialVersionUID = 1L;
-
- /**
- * The STAL implementation.
- */
- private STAL stal;
-
- /**
- * The callback interface for obtaining the hash input data.
- */
- private HashDataInputCallback hashDataInputCallback;
-
- /**
- * The keybox identifier.
- */
- private String keyboxIdentifier;
-
- /**
- * The signature algorithm.
- */
- private String algorithm;
-
- /**
- * Creates a new instance of this STALPrivateKey with the given
- * stal implementation, signature algorithm,
- * keyboxIdentifier and hashDataInputCallback
- * interface.
- *
- * @param stal
- * the STAL implementation
- * @param algorithm
- * the signature algorithm
- * @param keyboxIdentifier
- * the keybox identifier
- * @param hashDataInputCallback
- * the interface for obtaining the has input data
- */
- public STALPrivateKey(STAL stal,
- String algorithm, String keyboxIdentifier, HashDataInputCallback hashDataInputCallback) {
- super();
- this.keyboxIdentifier = keyboxIdentifier;
- this.hashDataInputCallback = hashDataInputCallback;
- this.stal = stal;
- this.algorithm = algorithm;
- }
-
- /* (non-Javadoc)
- * @see java.security.Key#getAlgorithm()
- */
- @Override
- public String getAlgorithm() {
- return algorithm;
- }
-
- /* (non-Javadoc)
- * @see java.security.Key#getEncoded()
- */
- @Override
- public byte[] getEncoded() {
- throw new UnsupportedOperationException("STALPrivateKey does not support the getEncoded() method.");
- }
-
- /* (non-Javadoc)
- * @see java.security.Key#getFormat()
- */
- @Override
- public String getFormat() {
- return null;
- }
-
- /**
- * @return the STAL implementation
- */
- public STAL getStal() {
- return stal;
- }
-
- /**
- * @return the interface for obtaining the hash data input
- */
- public HashDataInputCallback getHashDataInputCallback() {
- return hashDataInputCallback;
- }
-
- /**
- * @return the keybox identifier
- */
- public String getKeyboxIdentifier() {
- return keyboxIdentifier;
- }
-
-}
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import at.gv.egiz.stal.HashDataInput;
+import java.security.PrivateKey;
+
+import at.gv.egiz.stal.STAL;
+//import at.gv.egiz.stal.HashDataInputCallback;
+import java.util.List;
+
+/**
+ * This class implements a private key used by the {@link STALSignature} class.
+ *
+ * @author mcentner
+ */
+public class STALPrivateKey implements PrivateKey {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * The STAL implementation.
+ */
+ private STAL stal;
+
+ /**
+ * The callback interface for obtaining the hash input data.
+ */
+// private HashDataInputCallback hashDataInputCallback;
+
+
+ private List dataObjects;
+
+ /**
+ * The keybox identifier.
+ */
+ private String keyboxIdentifier;
+
+ /**
+ * The signature algorithm.
+ */
+ private String algorithm;
+
+ /**
+ * Creates a new instance of this STALPrivateKey with the given
+ * stal implementation, signature algorithm,
+ * keyboxIdentifier and hashDataInputCallback
+ * interface.
+ *
+ * @param stal
+ * the STAL implementation
+ * @param algorithm
+ * the signature algorithm
+ * @param keyboxIdentifier
+ * the keybox identifier
+ * @param hashDataInputCallback
+ * the interface for obtaining the has input data
+ */
+ public STALPrivateKey(STAL stal,
+ String algorithm, String keyboxIdentifier, List dataObjects) {
+ super();
+ this.keyboxIdentifier = keyboxIdentifier;
+ this.dataObjects = dataObjects;
+ this.stal = stal;
+ this.algorithm = algorithm;
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.Key#getAlgorithm()
+ */
+ @Override
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.Key#getEncoded()
+ */
+ @Override
+ public byte[] getEncoded() {
+ throw new UnsupportedOperationException("STALPrivateKey does not support the getEncoded() method.");
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.Key#getFormat()
+ */
+ @Override
+ public String getFormat() {
+ return null;
+ }
+
+ /**
+ * @return the STAL implementation
+ */
+ public STAL getStal() {
+ return stal;
+ }
+
+ /**
+ * @return the interface for obtaining the hash data input
+ */
+ public List getDataObjects() {
+
+ return dataObjects;
+ }
+
+ /**
+ * @return the keybox identifier
+ */
+ public String getKeyboxIdentifier() {
+ return keyboxIdentifier;
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
index f0fcb891..eba1d96d 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
@@ -14,152 +14,164 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.io.ByteArrayOutputStream;
-import java.security.InvalidKeyException;
-import java.security.InvalidParameterException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.SignatureSpi;
-import java.util.Collections;
-import java.util.List;
-
-import at.gv.egiz.stal.ErrorResponse;
-import at.gv.egiz.stal.STAL;
-import at.gv.egiz.stal.STALRequest;
-import at.gv.egiz.stal.STALResponse;
-import at.gv.egiz.stal.SignRequest;
-import at.gv.egiz.stal.SignResponse;
-import at.gv.egiz.stal.HashDataInputCallback;
-
-/**
- * A signature service provider implementation that uses STAL to sign.
- *
- * @author mcentner
- */
-public class STALSignature extends SignatureSpi {
-
- /**
- * The private key.
- */
- protected STALPrivateKey privateKey;
-
- /**
- * The to-be signed data.
- */
- protected ByteArrayOutputStream data = new ByteArrayOutputStream();
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineGetParameter(java.lang.String)
- */
- @Override
- protected Object engineGetParameter(String param)
- throws InvalidParameterException {
- throw new InvalidParameterException();
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineInitSign(java.security.PrivateKey)
- */
- @Override
- protected void engineInitSign(PrivateKey privateKey)
- throws InvalidKeyException {
-
- if (!(privateKey instanceof STALPrivateKey)) {
- throw new InvalidKeyException("STALSignature supports STALKeys only.");
- }
-
- this.privateKey = (STALPrivateKey) privateKey;
-
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineInitVerify(java.security.PublicKey)
- */
- @Override
- protected void engineInitVerify(PublicKey publicKey)
- throws InvalidKeyException {
-
- throw new UnsupportedOperationException("STALSignature does not support signature verification.");
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineSetParameter(java.lang.String, java.lang.Object)
- */
- @Override
- protected void engineSetParameter(String param, Object value)
- throws InvalidParameterException {
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineSign()
- */
- @Override
- protected byte[] engineSign() throws SignatureException {
-
- STAL stal = privateKey.getStal();
-
- if (stal == null) {
- throw new SignatureException("STALSignature requires the STALPrivateKey " +
- "to provide a STAL implementation reference.");
- }
-
- HashDataInputCallback signRefDataSupplier = privateKey.getHashDataInputCallback();
-
- String keyboxIdentifier = privateKey.getKeyboxIdentifier();
-
- if (keyboxIdentifier == null) {
- throw new SignatureException("STALSignature requires the STALPrivateKey " +
- "to provide a KeyboxIdentifier.");
- }
-
- SignRequest signRequest = new SignRequest();
- signRequest.setKeyIdentifier(keyboxIdentifier);
- signRequest.setSignedInfo(data.toByteArray());
- signRequest.setHashDataInput(signRefDataSupplier);
-
- List responses = stal.handleRequest(Collections.singletonList((STALRequest) signRequest));
-
- if (responses == null || responses.size() != 1) {
- throw new SignatureException("Failed to access STAL.");
- }
-
- STALResponse response = responses.get(0);
- if (response instanceof SignResponse) {
- return ((SignResponse) response).getSignatureValue();
- } else if (response instanceof ErrorResponse) {
- throw new STALSignatureException(((ErrorResponse) response).getErrorCode());
- } else {
- throw new SignatureException("Failed to access STAL.");
- }
-
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineUpdate(byte)
- */
- @Override
- protected void engineUpdate(byte b) throws SignatureException {
- data.write(b);
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineUpdate(byte[], int, int)
- */
- @Override
- protected void engineUpdate(byte[] b, int off, int len)
- throws SignatureException {
- data.write(b, off, len);
- }
-
- /* (non-Javadoc)
- * @see java.security.SignatureSpi#engineVerify(byte[])
- */
- @Override
- protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
- throw new UnsupportedOperationException("STALSignature des not support signature verification.");
- }
-
-}
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import at.gv.egiz.bku.slcommands.impl.HashDataInputImpl;
+import java.io.ByteArrayOutputStream;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.SignatureSpi;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egiz.stal.ErrorResponse;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.STALRequest;
+import at.gv.egiz.stal.STALResponse;
+import at.gv.egiz.stal.SignRequest;
+import at.gv.egiz.stal.SignResponse;
+//import at.gv.egiz.stal.HashDataInputCallback;
+import java.util.ArrayList;
+
+/**
+ * A signature service provider implementation that uses STAL to sign.
+ *
+ * @author mcentner
+ */
+public class STALSignature extends SignatureSpi {
+
+// private static final Log log = LogFactory.getLog(STALSignature.class);
+
+ /**
+ * The private key.
+ */
+ protected STALPrivateKey privateKey;
+
+ /**
+ * The to-be signed data.
+ */
+ protected ByteArrayOutputStream data = new ByteArrayOutputStream();
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineGetParameter(java.lang.String)
+ */
+ @Override
+ protected Object engineGetParameter(String param)
+ throws InvalidParameterException {
+ throw new InvalidParameterException();
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineInitSign(java.security.PrivateKey)
+ */
+ @Override
+ protected void engineInitSign(PrivateKey privateKey)
+ throws InvalidKeyException {
+
+ if (!(privateKey instanceof STALPrivateKey)) {
+ throw new InvalidKeyException("STALSignature supports STALKeys only.");
+ }
+
+ this.privateKey = (STALPrivateKey) privateKey;
+
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineInitVerify(java.security.PublicKey)
+ */
+ @Override
+ protected void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException {
+
+ throw new UnsupportedOperationException("STALSignature does not support signature verification.");
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineSetParameter(java.lang.String, java.lang.Object)
+ */
+ @Override
+ protected void engineSetParameter(String param, Object value)
+ throws InvalidParameterException {
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineSign()
+ */
+ @Override
+ protected byte[] engineSign() throws SignatureException {
+
+ STAL stal = privateKey.getStal();
+
+ if (stal == null) {
+ throw new SignatureException("STALSignature requires the STALPrivateKey " +
+ "to provide a STAL implementation reference.");
+ }
+
+ String keyboxIdentifier = privateKey.getKeyboxIdentifier();
+
+ if (keyboxIdentifier == null) {
+ throw new SignatureException("STALSignature requires the STALPrivateKey " +
+ "to provide a KeyboxIdentifier.");
+ }
+
+ // get hashDataInputs (DigestInputStreams) once slcommands.impl.xsect.Signature::sign() was called
+ List dataObjects = privateKey.getDataObjects();
+// log.debug("got " + dataObjects.size() + " DataObjects, passing HashDataInputs to STAL SignRequest");
+
+ List hashDataInputs = new ArrayList();
+ for (DataObject dataObject : dataObjects) {
+ hashDataInputs.add(new HashDataInputImpl(dataObject));
+ }
+
+ SignRequest signRequest = new SignRequest();
+ signRequest.setKeyIdentifier(keyboxIdentifier);
+ signRequest.setSignedInfo(data.toByteArray());
+ signRequest.setHashDataInput(hashDataInputs);
+
+ List responses = stal.handleRequest(Collections.singletonList((STALRequest) signRequest));
+
+ if (responses == null || responses.size() != 1) {
+ throw new SignatureException("Failed to access STAL.");
+ }
+
+ STALResponse response = responses.get(0);
+ if (response instanceof SignResponse) {
+ return ((SignResponse) response).getSignatureValue();
+ } else if (response instanceof ErrorResponse) {
+ throw new STALSignatureException(((ErrorResponse) response).getErrorCode());
+ } else {
+ throw new SignatureException("Failed to access STAL.");
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineUpdate(byte)
+ */
+ @Override
+ protected void engineUpdate(byte b) throws SignatureException {
+ data.write(b);
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineUpdate(byte[], int, int)
+ */
+ @Override
+ protected void engineUpdate(byte[] b, int off, int len)
+ throws SignatureException {
+ data.write(b, off, len);
+ }
+
+ /* (non-Javadoc)
+ * @see java.security.SignatureSpi#engineVerify(byte[])
+ */
+ @Override
+ protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
+ throw new UnsupportedOperationException("STALSignature des not support signature verification.");
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index 94a4a066..191f8371 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -14,922 +14,939 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package at.gv.egiz.bku.slcommands.impl.xsect;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dom.DOMStructure;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.XMLObject;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-import javax.xml.crypto.dsig.keyinfo.X509Data;
-import javax.xml.stream.XMLStreamException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.etsi.uri._01903.v1_1.DataObjectFormatType;
-import org.etsi.uri._01903.v1_1.QualifyingPropertiesType;
-import org.w3c.dom.DOMConfiguration;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.ls.DOMImplementationLS;
-import org.w3c.dom.ls.LSException;
-import org.w3c.dom.ls.LSInput;
-import org.w3c.dom.ls.LSOutput;
-import org.w3c.dom.ls.LSParser;
-import org.w3c.dom.ls.LSResourceResolver;
-import org.w3c.dom.ls.LSSerializer;
-
-import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefReqRefContentType;
-import at.buergerkarte.namespaces.securitylayer._1.Base64XMLOptRefContentType;
-import at.buergerkarte.namespaces.securitylayer._1.DataObjectAssociationType;
-import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
-import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
-import at.gv.egiz.bku.binding.HttpUtil;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.bku.slexceptions.SLRequestException;
-import at.gv.egiz.bku.utils.HexDump;
-import at.gv.egiz.bku.utils.urldereferencer.StreamData;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
-import at.gv.egiz.dom.DOMUtils;
-import at.gv.egiz.slbinding.impl.XMLContentType;
-import at.gv.egiz.stal.HashDataInputCallback;
-import at.gv.egiz.stal.STAL;
-import at.gv.egiz.xades.QualifyingPropertiesException;
-import at.gv.egiz.xades.QualifyingPropertiesFactory;
-
-/**
- * This class represents an XML-Signature as to be created by the
- * security layer command CreateXMLSignatureRequest.
- *
- * @author mcentner
- */
-public class Signature implements HashDataInputCallback {
-
- /**
- * Logging facility.
- */
- private static Log log = LogFactory.getLog(Signature.class);
-
- /**
- * The DOM implementation used.
- */
- private DOMImplementationLS domImplLS;
-
- /**
- * The SignatureContext for the XMLSignature.
- */
- private SignatureContext ctx;
-
- /**
- * The list of {@link DataObject}s for this signature.
- */
- private List dataObjects = new ArrayList();
-
- /**
- * A mapping from the Id-attribute values of this signature's
- * ds:References to the corresponding {@link DataObject}s.
- */
- private Map dataObjectReferencIds = new HashMap();
-
- /**
- * The SignatureEnvironment for this signature.
- */
- private SignatureLocation signatureLocation;
-
- /**
- * The XML signature.
- */
- private XMLSignature xmlSignature;
-
- /**
- * A list of attributes of type xsd:ID to be registered in the {@link DOMSignContext}.
- */
- private List idAttributes = new ArrayList();
-
- /**
- * The signer's X509 certificate.
- */
- private X509Certificate signerCertificate;
-
- /**
- * The signing time.
- */
- private Date signingTime;
-
- /**
- * Creates a new SLXMLSignature instance.
- */
- public Signature(URLDereferencerContext dereferencerContext,
- IdValueFactory idValueFactory,
- AlgorithmMethodFactory algorithmMethodFactory) {
-
- domImplLS = DOMUtils.getDOMImplementationLS();
-
- ctx = new SignatureContext();
-
- ctx.setSignatureFactory(XMLSignatureFactory.getInstance());
-
- ctx.setDereferencerContext(dereferencerContext);
- ctx.setIdValueFactory(idValueFactory);
- ctx.setAlgorithmMethodFactory(algorithmMethodFactory);
-
- }
-
- /**
- * @return the Document containing this Signature
- */
- public Document getDocument() {
- return ctx.getDocument();
- }
-
- /**
- * @return the parent Node for this Signature
- */
- public Node getParent() {
- return (signatureLocation != null) ? signatureLocation.getParent() : null;
- }
-
- /**
- * @return the next sibling Node for this Signature
- */
- public Node getNextSibling() {
- return (signatureLocation != null) ? signatureLocation.getNextSibling() : null;
- }
-
- /**
- * @return the XMLSignature
- */
- public XMLSignature getXMLSignature() {
- return xmlSignature;
- }
-
- /**
- * @return the list of {@link Reference}s of this Signature
- */
- @SuppressWarnings("unchecked")
- public List getReferences() {
- return (xmlSignature != null) ? xmlSignature.getSignedInfo().getReferences() : null;
- }
-
- /**
- * @return the list of {@link XMLObject}s of this Signature
- */
- @SuppressWarnings("unchecked")
- public List getXMLObjects() {
- return (xmlSignature != null) ? xmlSignature.getObjects() : null;
- }
-
- /**
- * Prepares the signature document with the information given by the
- * signatureInfo provided.
- *
- * @param signatureInfo
- * the SignatureInfo
- *
- * @throws SLCommandException
- * if processing fails for any reason
- * @throws IllegalStateException
- * if the parent node has already been set
- * @throws NullPointerException
- * if signatureInfo is null
- */
- public void setSignatureInfo(SignatureInfoCreationType signatureInfo) throws SLCommandException {
-
- if (signatureLocation != null) {
- throw new IllegalStateException("SignatureEnvironment already set.");
- }
-
- Base64XMLOptRefContentType signatureEnvironment = signatureInfo.getSignatureEnvironment();
-
- if (signatureEnvironment == null) {
-
- // no SignatureEnvironment, so we use an empty document and the document as parent
- ensureSignatureLocation();
-
- } else {
-
- // parse SignatureEnvrionment and use as document
- Document document = parseSignatureEnvironment(signatureEnvironment, signatureInfo.getSupplement());
- ctx.setDocument(document);
-
- signatureLocation = new SignatureLocation(ctx);
- signatureLocation.setSignatureInfo(signatureInfo);
-
- }
-
- }
-
- /**
- * Ensures a SignatureLocation for this Signature.
- */
- private void ensureSignatureLocation() {
-
- if (signatureLocation == null) {
- Document document = DOMUtils.createDocument();
- ctx.setDocument(document);
-
- signatureLocation = new SignatureLocation(ctx);
- signatureLocation.setParent(document);
- }
-
- }
-
- /**
- * Adds a DataObject with the information given by the
- * dataObjectInfo provided to this Signature.
- *
- * @param dataObjectInfo
- * the DataObjectInfo element
- *
- * @throws SLCommandException
- * if adding the DataObject fails
- * @throws SLRequestException
- * if the information provided by the given
- * dataObjectInfo does not conform to the security
- * layer specification
- * @throws NullPointerException
- * if dataObjectInfo is null
- */
- public void addDataObject(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException {
-
- ensureSignatureLocation();
-
- DataObject dataObject = new DataObject(ctx);
- dataObject.setDataObjectInfo(dataObjectInfo);
-
- dataObjects.add(dataObject);
-
- dataObjectReferencIds.put(dataObject.getReference().getId(), dataObject);
-
- }
-
- /**
- * Sets the SigningTime qualifying property of this Signature.
- *
- * @param signingTime the signing time to set
- */
- public void setSigningTime(Date signingTime) {
- this.signingTime = signingTime;
- }
-
- /**
- * Sets the SignerCertificate qualifying property of this Signature.
- *
- * @param certificate the signer's certificate
- */
- public void setSignerCeritifcate(X509Certificate certificate) {
- this.signerCertificate = certificate;
- }
-
- /**
- * Builds the XMLSignature data structure of this Signature as configured by
- * the various setter methods.
- *
- * @throws SLCommandException if building this signature fails
- */
- public void buildXMLSignature() throws SLCommandException {
-
- List objects = new ArrayList();
- List references = new ArrayList();
-
- // add all data objects
- for (DataObject dataObject : dataObjects) {
- if (dataObject.getXmlObject() != null) {
- objects.add(dataObject.getXmlObject());
- }
- if (dataObject.getReference() != null) {
- references.add(dataObject.getReference());
- }
- }
-
- addXAdESObjectAndReference(objects, references);
-
- XMLSignatureFactory signatureFactory = ctx.getSignatureFactory();
- AlgorithmMethodFactory algorithmMethodFactory = ctx.getAlgorithmMethodFactory();
-
- CanonicalizationMethod cm;
- SignatureMethod sm;
- try {
- cm = algorithmMethodFactory.createCanonicalizationMethod(ctx);
- sm = algorithmMethodFactory.createSignatureMethod(ctx);
- } catch (NoSuchAlgorithmException e) {
- log.error("Failed to get Canonicalization or Signature algorithm.", e);
- throw new SLCommandException(4006);
- } catch (InvalidAlgorithmParameterException e) {
- log.error("Failed to get Canonicalization or Signature algorithm.", e);
- throw new SLCommandException(4006);
- }
-
- String siId = ctx.getIdValueFactory().createIdValue("SignedInfo");
-
- SignedInfo si = signatureFactory.newSignedInfo(cm, sm, references, siId);
-
- KeyInfo ki = null;
- if (signerCertificate != null) {
- KeyInfoFactory kif = KeyInfoFactory.getInstance();
- X509Data x509Data = kif.newX509Data(Collections.singletonList(signerCertificate));
- ki = kif.newKeyInfo(Collections.singletonList(x509Data));
- }
-
- String signatureId = ctx.getIdValueFactory().createIdValue("Signature");
- String signatureValueId = ctx.getIdValueFactory().createIdValue("SignatureValue");
-
- xmlSignature = signatureFactory.newXMLSignature(si, ki, objects, signatureId, signatureValueId);
-
- }
-
- /**
- * Sign this Signature using the given signContext.
- *
- * Call's {@link #buildXMLSignature()} if it has not been called yet.
- *
- *
- * @param signContext
- * the signing context
- *
- * @throws MarshalException
- * if marshalling the XMLSignature fails
- * @throws XMLSignatureException
- * if signing the XMLSignature fails
- * @throws SLCommandException
- * if building the XMLSignature fails
- * @throws NullPointerException
- * if signContext is null
- */
- public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException {
-
- if (xmlSignature == null) {
- buildXMLSignature();
- }
-
- for (IdAttribute idAttribute : idAttributes) {
- signContext.setIdAttributeNS(idAttribute.element, idAttribute.namespaceURI, idAttribute.localName);
- }
-
- // DO NOT USE:
- // signContext.setProperty("iaik.xml.crypto.dsig.sign-over", Boolean.TRUE);
-
- signContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
-
- signContext.putNamespacePrefix(XMLSignature.XMLNS, "dsig");
-
- signContext.setURIDereferencer(new URIDereferncerAdapter(ctx.getDereferencerContext()));
-
- try {
- xmlSignature.sign(signContext);
- } catch (XMLSignatureException e) {
- Throwable cause = e.getCause();
- while (cause != null) {
- if (cause instanceof STALSignatureException) {
- int errorCode = ((STALSignatureException) cause).getErrorCode();
- SLCommandException commandException = new SLCommandException(errorCode);
- log.info("Failed to sign signature.", commandException);
- throw commandException;
- } else {
- cause = cause.getCause();
- }
- }
- throw e;
- }
-
- // debug
- if (log.isTraceEnabled()) {
- for (DataObject dataObject : dataObjects) {
- Reference reference = dataObject.getReference();
- InputStream digestInputStream = reference.getDigestInputStream();
- if (digestInputStream != null) {
- String mimeType = dataObject.getMimeType();
- StringBuilder sb = new StringBuilder();
- sb.append("DigestInput for Reference with id='");
- sb.append(reference.getId());
- sb.append("' (MIME-Type=");
- sb.append(dataObject.getMimeType());
- sb.append("):\n");
- try {
- if (mimeType != null && (
- mimeType.startsWith("text") ||
- "application/xhtml+xml".equals(mimeType))) {
- byte[] b = new byte[512];
- for (int l; (l = digestInputStream.read(b)) != -1;) {
- sb.append(new String(b, 0, l));
- }
- } else {
- sb.append(HexDump.hexDump(digestInputStream));
- }
- } catch (IOException e) {
- log.error(e);
- }
- log.trace(sb.toString());
- } else {
- log.trace("Reference caching is not enabled.");
- }
- }
- }
-
- }
-
- /**
- * Sign this Signature using the given stal implementation and
- * keyboxIdentifier.
- *
- * This method configures an appropriate {@link DOMSignContext} and calls
- * {@link #sign(DOMSignContext)}. If {@link #buildXMLSignature()} has not been
- * called yet, it is called by this method.
- *
- *
- * @param stal
- * the STAL implementation to use
- * @param keyboxIdentifier
- * the KeyboxIdentifier to use
- *
- * @throws MarshalException
- * if marshalling this Signature fails
- * @throws XMLSignatureException
- * if signing this Signature fails
- * @throws SLCommandException
- * if building this Signature fails
- * @throws NullPointerException
- * if stal or keyboxIdentifier is
- * null
- */
- public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException {
-
- if (stal == null) {
- throw new NullPointerException("Argument 'stal' must not be null.");
- }
-
- if (keyboxIdentifier == null) {
- throw new NullPointerException("Argument 'keyboxIdentifier' must not be null.");
- }
-
- if (xmlSignature == null) {
- buildXMLSignature();
- }
-
- SignatureMethod signatureMethod = xmlSignature.getSignedInfo().getSignatureMethod();
- String algorithm = signatureMethod.getAlgorithm();
-
- PrivateKey privateKey = new STALPrivateKey(stal, algorithm, keyboxIdentifier, this);
-
- DOMSignContext signContext;
- if (getNextSibling() == null) {
- signContext = new DOMSignContext(privateKey, getParent());
- } else {
- signContext = new DOMSignContext(privateKey, getParent(), getNextSibling());
- }
-
- sign(signContext);
- }
-
- @Override
- public InputStream getHashDataInput(String referenceId) {
-
- DataObject dataObject = dataObjectReferencIds.get(referenceId);
- if (dataObject != null) {
- return dataObject.getReference().getDigestInputStream();
- } else {
- return null;
- }
- }
-
- /**
- * Adds the XAdES QualifyingProperties as an
- * ds:Object and a corresponding ds:Reference to
- * it's SignedProperties element to this Signature.
- *
- * @param objects
- * the list of ds:Objects to add the created
- * ds:Object to
- * @param references
- * the list of ds:References to add the created
- * ds:Reference to
- *
- * @throws SLCommandException
- * if creating and adding the XAdES
- * QualifyingProperties fails
- * @throws NullPointerException
- * if objects or references is
- * null
- */
- private void addXAdESObjectAndReference(List objects, List references) throws SLCommandException {
-
- QualifyingPropertiesFactory factory = QualifyingPropertiesFactory.getInstance();
-
- String idValue = ctx.getIdValueFactory().createIdValue("SignedProperties");
-
- Date date = (signingTime != null) ? signingTime : new Date();
-
- List signingCertificates;
- if (signerCertificate != null) {
- signingCertificates = Collections.singletonList(signerCertificate);
- } else {
- signingCertificates = Collections.emptyList();
- }
-
- // TODO: report MOA-SP bug
- //
- // The security layer specification mandates the use of version 1.2.2. of the
- // XAdES QualifyingProperties. However MOA-SP supports only version 1.1.1. Therefore,
- // the version 1.1.1 is used in order to be compatible with current MOA-SP versions.
-
- List dataObjectFormats = new ArrayList();
- for (DataObject dataObject : dataObjects) {
- if (dataObject.getMimeType() != null && dataObject.getReference() != null) {
- Reference reference = dataObject.getReference();
- if (reference.getId() != null) {
- String objectReference = "#" + reference.getId();
- dataObjectFormats.add(factory.createDataObjectFormatType(
- objectReference, dataObject.getMimeType(), dataObject
- .getDescription()));
- }
- }
- }
-
- JAXBElement qualifyingProperties;
- try {
- qualifyingProperties = factory.createQualifyingProperties111(date, signingCertificates, idValue, dataObjectFormats);
- } catch (QualifyingPropertiesException e) {
- log.error("Failed to create QualifyingProperties.", e);
- throw new SLCommandException(4000);
- }
-
- DocumentFragment fragment = ctx.getDocument().createDocumentFragment();
-
- try {
- factory.marshallQualifyingProperties(qualifyingProperties, fragment);
- } catch (JAXBException e) {
- log.error("Failed to marshal QualifyingProperties.", e);
- throw new SLCommandException(4000);
- }
-
- List content = Collections.singletonList(new DOMStructure(fragment.getFirstChild()));
-
- String objectIdValue = ctx.getIdValueFactory().createIdValue("Object");
-
- XMLObject object = ctx.getSignatureFactory().newXMLObject(content, objectIdValue, null, null);
-
- objects.add(object);
-
- // TODO: Report MOA-SP Bug
- //
- // Direct referencing of the SignedPorperties Id-attribute is not supported by MOA-SP
- // because the QualifyingProperties are parsed without the XAdES schema. Therefore,
- // the shorthand XPointer could not be resolved.
- //
- // The following workaround uses an XPointer to select the SignedProperties in order
- // to allow the signature to be verified with MOA-SP.
-
- String referenceURI = "#xmlns(xades=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('"
- + objectIdValue
- + "')/child::xades:QualifyingProperties/child::xades:SignedProperties)";
- DigestMethod dm;
- try {
- dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx);
- } catch (NoSuchAlgorithmException e) {
- log.error("Failed to get DigestMethod algorithm.", e);
- throw new SLCommandException(4006);
- } catch (InvalidAlgorithmParameterException e) {
- log.error("Failed to get DigestMethod algorithm.", e);
- throw new SLCommandException(4006);
- }
-
- String referenceIdValue = ctx.getIdValueFactory().createIdValue("Reference");
- String referenceType = QualifyingPropertiesFactory.SIGNED_PROPERTIES_REFERENCE_TYPE_V1_1_1;
-
- Reference reference = ctx.getSignatureFactory().newReference(referenceURI, dm, null, referenceType, referenceIdValue);
-
- references.add(reference);
-
- Node child = fragment.getFirstChild();
- if (child instanceof Element) {
- NodeList nodes = ((Element) child).getElementsByTagNameNS(QualifyingPropertiesFactory.NS_URI_V1_1_1, "SignedProperties");
- if (nodes.getLength() > 0) {
- IdAttribute idAttribute = new IdAttribute();
- idAttribute.element = (Element) nodes.item(0);
- idAttribute.namespaceURI = null;
- idAttribute.localName = "Id";
- idAttributes.add(idAttribute);
- }
- }
-
- }
-
- /**
- * Parse the SignatureEnvironment.
- *
- * @param signatureEnvironment
- * the SignatureEnvironment element
- * @param supplements
- * an optional list of Supplements (may be
- * null)
- *
- * @return the parsed SignatureEnvironment document
- *
- * @throws SLCommandException
- * if parsing the SignatureEnvironment fails
- * @throws NullPointerException
- * if signatureEnvironment is null
- */
- private Document parseSignatureEnvironment(
- Base64XMLOptRefContentType signatureEnvironment,
- List supplements) throws SLCommandException {
-
- if (signatureEnvironment == null) {
- throw new NullPointerException("Argument 'signatureEnvironment' must not be null.");
- }
-
- LSInput input;
- try {
- if (signatureEnvironment.getReference() != null) {
- log.debug("SignatureEnvironment contains Reference " + signatureEnvironment.getReference() + ".");
- input = createLSInput(signatureEnvironment.getReference());
- } else if (signatureEnvironment.getBase64Content() != null) {
- log.debug("SignatureEnvironment contains Base64Content.");
- input = createLSInput(signatureEnvironment.getBase64Content());
- } else if (signatureEnvironment.getXMLContent() != null) {
- log.debug("SignatureEnvironment contains XMLContent.");
- input = createLSInput((XMLContentType) signatureEnvironment.getXMLContent());
- } else {
- // the schema does not allow us to reach this point
- throw new SLCommandException(4000);
- }
- } catch (IOException e) {
- log.info("XML document in which the signature is to be integrated cannot be resolved.", e);
- throw new SLCommandException(4100);
- } catch (XMLStreamException e) {
- log.info("XML document in which the signature is to be integrated cannot be resolved.", e);
- throw new SLCommandException(4100);
- }
-
- LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null);
- DOMConfiguration domConfig = parser.getDomConfig();
- SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler();
- domConfig.setParameter("error-handler", errorHandler);
- LSResourceResolverAdapter resourceResolver = new LSResourceResolverAdapter(supplements);
- domConfig.setParameter("resource-resolver", resourceResolver);
- domConfig.setParameter("validate", Boolean.TRUE);
-
- Document doc;
- try {
- doc = parser.parse(input);
- } catch (DOMException e) {
- log.info("XML document in which the signature is to be integrated cannot be parsed.", e);
- throw new SLCommandException(4101);
- } catch (LSException e) {
- log.info("XML document in which the signature is to be integrated cannot be parsed.", e);
- throw new SLCommandException(4101);
- }
-
- if (resourceResolver.getError() != null) {
- log.info("Failed to resolve resource while parsing SignatureEnvironment document.", resourceResolver.getError());
- // we don't stop here, as we only _try_ to parse validating
- }
-
- if (errorHandler.hasFatalErrors()) {
- // log fatal errors
- if (log.isInfoEnabled()) {
- List errorMessages = errorHandler.getErrorMessages();
- StringBuffer sb = new StringBuffer();
- for (String errorMessage : errorMessages) {
- sb.append(" ");
- sb.append(errorMessage);
- }
- log.info("XML document in which the signature is to be integrated cannot be parsed." + sb.toString());
- }
- throw new SLCommandException(4101);
- }
-
- // log parsed document
- if (log.isTraceEnabled()) {
-
- StringWriter writer = new StringWriter();
-
- writer.write("SignatureEnvironment:\n");
-
- LSOutput output = domImplLS.createLSOutput();
- output.setCharacterStream(writer);
- output.setEncoding("UTF-8");
- LSSerializer serializer = domImplLS.createLSSerializer();
- serializer.write(doc, output);
-
- log.trace(writer.toString());
- }
-
- return doc;
-
- }
-
- /**
- * Creates an LSInput from the given reference URI.
- *
- * @param reference
- * the reference URL
- *
- * @return an LSInput from the given reference URI
- *
- * @throws IOException
- * if dereferencing the given reference fails
- */
- private LSInput createLSInput(String reference) throws IOException {
-
- URLDereferencer urlDereferencer = URLDereferencer.getInstance();
- StreamData streamData = urlDereferencer.dereference(reference, ctx.getDereferencerContext());
-
- String contentType = streamData.getContentType();
- String charset = HttpUtil.getCharset(contentType, true);
- InputStreamReader streamReader;
- try {
- streamReader = new InputStreamReader(streamData.getStream(), charset);
- } catch (UnsupportedEncodingException e) {
- log.info("Charset " + charset + " not supported. Using default.");
- streamReader = new InputStreamReader(streamData.getStream());
- }
-
- LSInput input = domImplLS.createLSInput();
- input = domImplLS.createLSInput();
- input.setCharacterStream(streamReader);
-
- return input;
-
- }
-
- /**
- * Creates an LSInput from the given content bytes.
- *
- * @param content
- * the content bytes
- *
- * @return an LSInput from the givne content bytes
- */
- private LSInput createLSInput(byte[] content) {
-
- ByteArrayInputStream inputStream = new ByteArrayInputStream(content);
- LSInput input = domImplLS.createLSInput();
- input.setByteStream(inputStream);
-
- return input;
-
- }
-
- /**
- * Creates an LSInput from the given XML content.
- *
- * @param content
- * the XML content
- * @return an LSInput from the given XML content
- *
- * @throws XMLStreamException
- * if reading the XMLStream from the given XML content fails
- */
- private LSInput createLSInput(XMLContentType content) throws XMLStreamException {
-
- ByteArrayOutputStream redirectedStream = content.getRedirectedStream();
- if (redirectedStream != null) {
- LSInput input = domImplLS.createLSInput();
- input.setByteStream(new ByteArrayInputStream(redirectedStream.toByteArray()));
- return input;
- } else {
- return null;
- }
-
- }
-
- /**
- * Represents an xsd:Id-attribute value.
- *
- * @author mcentner
- */
- private class IdAttribute {
-
- private Element element;
-
- private String namespaceURI;
-
- private String localName;
-
- }
-
- /**
- * An implementation of the LSResourceResolver that uses a list of supplements
- * to resolve resources.
- *
- * @author mcentner
- */
- private class LSResourceResolverAdapter implements LSResourceResolver {
-
- List supplements;
-
- private LSResourceResolverAdapter(
- List supplements) {
- this.supplements = supplements;
- }
-
- private Exception error;
-
- /**
- * @return the error
- */
- public Exception getError() {
- return error;
- }
-
- @Override
- public LSInput resolveResource(String type, String namespaceURI,
- String publicId, String systemId, String baseURI) {
-
- if (log.isTraceEnabled()) {
- log.trace("Resolve resource :" +
- "\n type=" + type +
- "\n namespaceURI=" + namespaceURI +
- "\n publicId=" + publicId +
- "\n systemId=" + systemId +
- "\n baseURI=" + baseURI);
- }
-
- if (systemId != null) {
-
- log.debug("Resolve resource '" + systemId + "'.");
-
- for (DataObjectAssociationType supplement : supplements) {
-
- Base64XMLLocRefReqRefContentType content = supplement.getContent();
- if (content != null) {
-
- String reference = content.getReference();
- if (systemId.equals(reference)) {
-
- try {
- if (content.getLocRefContent() != null) {
- log.trace("Resolved resource '" + reference + "' to supplement with LocRefContent.");
- return createLSInput(content.getLocRefContent());
- } else if (content.getBase64Content() != null) {
- log.trace("Resolved resource '" + reference + "' to supplement with Base64Content.");
- return createLSInput(content.getBase64Content());
- } else if (content.getXMLContent() != null) {
- log.trace("Resolved resource '" + reference + "' to supplement with XMLContent.");
- return createLSInput((XMLContentType) content.getXMLContent());
- } else {
- return null;
- }
- } catch (IOException e) {
- log.info("Failed to resolve resource '" + systemId + "' to supplement.", e);
- error = e;
- return null;
- } catch (XMLStreamException e) {
- log.info("Failed to resolve resource '" + systemId + "' to supplement.", e);
- error = e;
- return null;
- }
-
- }
-
- }
-
- }
-
- log.info("Failed to resolve resource '" + systemId + "' to supplement. No such supplement.");
-
- }
-
- return null;
-
- }
-
-
- }
-
-}
+package at.gv.egiz.bku.slcommands.impl.xsect;
+
+import at.gv.egiz.stal.HashDataInput;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.XMLObject;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.etsi.uri._01903.v1_1.DataObjectFormatType;
+import org.etsi.uri._01903.v1_1.QualifyingPropertiesType;
+import org.w3c.dom.DOMConfiguration;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.ls.DOMImplementationLS;
+import org.w3c.dom.ls.LSException;
+import org.w3c.dom.ls.LSInput;
+import org.w3c.dom.ls.LSOutput;
+import org.w3c.dom.ls.LSParser;
+import org.w3c.dom.ls.LSResourceResolver;
+import org.w3c.dom.ls.LSSerializer;
+
+import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefReqRefContentType;
+import at.buergerkarte.namespaces.securitylayer._1.Base64XMLOptRefContentType;
+import at.buergerkarte.namespaces.securitylayer._1.DataObjectAssociationType;
+import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
+import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.utils.HexDump;
+import at.gv.egiz.bku.utils.urldereferencer.StreamData;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
+import at.gv.egiz.dom.DOMUtils;
+import at.gv.egiz.slbinding.impl.XMLContentType;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.xades.QualifyingPropertiesException;
+import at.gv.egiz.xades.QualifyingPropertiesFactory;
+
+/**
+ * This class represents an XML-Signature as to be created by the
+ * security layer command CreateXMLSignatureRequest.
+ *
+ * @author mcentner
+ */
+public class Signature {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(Signature.class);
+
+ /**
+ * The DOM implementation used.
+ */
+ private DOMImplementationLS domImplLS;
+
+ /**
+ * The SignatureContext for the XMLSignature.
+ */
+ private SignatureContext ctx;
+
+ /**
+ * The list of {@link DataObject}s for this signature.
+ */
+ private List dataObjects = new ArrayList();
+
+ /**
+ * A mapping from the Id-attribute values of this signature's
+ * ds:References to the corresponding {@link DataObject}s.
+ */
+// private Map dataObjectReferencIds = new HashMap();
+
+ /**
+ * The SignatureEnvironment for this signature.
+ */
+ private SignatureLocation signatureLocation;
+
+ /**
+ * The XML signature.
+ */
+ private XMLSignature xmlSignature;
+
+ /**
+ * A list of attributes of type xsd:ID to be registered in the {@link DOMSignContext}.
+ */
+ private List idAttributes = new ArrayList();
+
+ /**
+ * The signer's X509 certificate.
+ */
+ private X509Certificate signerCertificate;
+
+ /**
+ * The signing time.
+ */
+ private Date signingTime;
+
+ /**
+ * Creates a new SLXMLSignature instance.
+ */
+ public Signature(URLDereferencerContext dereferencerContext,
+ IdValueFactory idValueFactory,
+ AlgorithmMethodFactory algorithmMethodFactory) {
+
+ domImplLS = DOMUtils.getDOMImplementationLS();
+
+ ctx = new SignatureContext();
+
+ ctx.setSignatureFactory(XMLSignatureFactory.getInstance());
+
+ ctx.setDereferencerContext(dereferencerContext);
+ ctx.setIdValueFactory(idValueFactory);
+ ctx.setAlgorithmMethodFactory(algorithmMethodFactory);
+
+ }
+
+ /**
+ * @return the Document containing this Signature
+ */
+ public Document getDocument() {
+ return ctx.getDocument();
+ }
+
+ /**
+ * @return the parent Node for this Signature
+ */
+ public Node getParent() {
+ return (signatureLocation != null) ? signatureLocation.getParent() : null;
+ }
+
+ /**
+ * @return the next sibling Node for this Signature
+ */
+ public Node getNextSibling() {
+ return (signatureLocation != null) ? signatureLocation.getNextSibling() : null;
+ }
+
+ /**
+ * @return the XMLSignature
+ */
+ public XMLSignature getXMLSignature() {
+ return xmlSignature;
+ }
+
+ /**
+ * @return the list of {@link Reference}s of this Signature
+ */
+ @SuppressWarnings("unchecked")
+ public List getReferences() {
+ return (xmlSignature != null) ? xmlSignature.getSignedInfo().getReferences() : null;
+ }
+
+ /**
+ * @return the list of {@link XMLObject}s of this Signature
+ */
+ @SuppressWarnings("unchecked")
+ public List getXMLObjects() {
+ return (xmlSignature != null) ? xmlSignature.getObjects() : null;
+ }
+
+ /**
+ * Prepares the signature document with the information given by the
+ * signatureInfo provided.
+ *
+ * @param signatureInfo
+ * the SignatureInfo
+ *
+ * @throws SLCommandException
+ * if processing fails for any reason
+ * @throws IllegalStateException
+ * if the parent node has already been set
+ * @throws NullPointerException
+ * if signatureInfo is null
+ */
+ public void setSignatureInfo(SignatureInfoCreationType signatureInfo) throws SLCommandException {
+
+ if (signatureLocation != null) {
+ throw new IllegalStateException("SignatureEnvironment already set.");
+ }
+
+ Base64XMLOptRefContentType signatureEnvironment = signatureInfo.getSignatureEnvironment();
+
+ if (signatureEnvironment == null) {
+
+ // no SignatureEnvironment, so we use an empty document and the document as parent
+ ensureSignatureLocation();
+
+ } else {
+
+ // parse SignatureEnvrionment and use as document
+ Document document = parseSignatureEnvironment(signatureEnvironment, signatureInfo.getSupplement());
+ ctx.setDocument(document);
+
+ signatureLocation = new SignatureLocation(ctx);
+ signatureLocation.setSignatureInfo(signatureInfo);
+
+ }
+
+ }
+
+ /**
+ * Ensures a SignatureLocation for this Signature.
+ */
+ private void ensureSignatureLocation() {
+
+ if (signatureLocation == null) {
+ Document document = DOMUtils.createDocument();
+ ctx.setDocument(document);
+
+ signatureLocation = new SignatureLocation(ctx);
+ signatureLocation.setParent(document);
+ }
+
+ }
+
+ /**
+ * Adds a DataObject with the information given by the
+ * dataObjectInfo provided to this Signature.
+ *
+ * @param dataObjectInfo
+ * the DataObjectInfo element
+ *
+ * @throws SLCommandException
+ * if adding the DataObject fails
+ * @throws SLRequestException
+ * if the information provided by the given
+ * dataObjectInfo does not conform to the security
+ * layer specification
+ * @throws NullPointerException
+ * if dataObjectInfo is null
+ */
+ public void addDataObject(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException {
+
+ ensureSignatureLocation();
+
+ DataObject dataObject = new DataObject(ctx);
+ dataObject.setDataObjectInfo(dataObjectInfo);
+
+ dataObjects.add(dataObject);
+
+// dataObjectReferencIds.put(dataObject.getReference().getId(), dataObject);
+
+ }
+
+ /**
+ * Sets the SigningTime qualifying property of this Signature.
+ *
+ * @param signingTime the signing time to set
+ */
+ public void setSigningTime(Date signingTime) {
+ this.signingTime = signingTime;
+ }
+
+ /**
+ * Sets the SignerCertificate qualifying property of this Signature.
+ *
+ * @param certificate the signer's certificate
+ */
+ public void setSignerCeritifcate(X509Certificate certificate) {
+ this.signerCertificate = certificate;
+ }
+
+ /**
+ * Builds the XMLSignature data structure of this Signature as configured by
+ * the various setter methods.
+ *
+ * @throws SLCommandException if building this signature fails
+ */
+ public void buildXMLSignature() throws SLCommandException {
+
+ List objects = new ArrayList();
+ List references = new ArrayList();
+
+ // add all data objects
+ for (DataObject dataObject : dataObjects) {
+ if (dataObject.getXmlObject() != null) {
+ objects.add(dataObject.getXmlObject());
+ }
+ if (dataObject.getReference() != null) {
+ references.add(dataObject.getReference());
+ }
+ }
+
+ addXAdESObjectAndReference(objects, references);
+
+ XMLSignatureFactory signatureFactory = ctx.getSignatureFactory();
+ AlgorithmMethodFactory algorithmMethodFactory = ctx.getAlgorithmMethodFactory();
+
+ CanonicalizationMethod cm;
+ SignatureMethod sm;
+ try {
+ cm = algorithmMethodFactory.createCanonicalizationMethod(ctx);
+ sm = algorithmMethodFactory.createSignatureMethod(ctx);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Failed to get Canonicalization or Signature algorithm.", e);
+ throw new SLCommandException(4006);
+ } catch (InvalidAlgorithmParameterException e) {
+ log.error("Failed to get Canonicalization or Signature algorithm.", e);
+ throw new SLCommandException(4006);
+ }
+
+ String siId = ctx.getIdValueFactory().createIdValue("SignedInfo");
+
+ SignedInfo si = signatureFactory.newSignedInfo(cm, sm, references, siId);
+
+ KeyInfo ki = null;
+ if (signerCertificate != null) {
+ KeyInfoFactory kif = KeyInfoFactory.getInstance();
+ X509Data x509Data = kif.newX509Data(Collections.singletonList(signerCertificate));
+ ki = kif.newKeyInfo(Collections.singletonList(x509Data));
+ }
+
+ String signatureId = ctx.getIdValueFactory().createIdValue("Signature");
+ String signatureValueId = ctx.getIdValueFactory().createIdValue("SignatureValue");
+
+ xmlSignature = signatureFactory.newXMLSignature(si, ki, objects, signatureId, signatureValueId);
+
+ }
+
+ /**
+ * Sign this Signature using the given signContext.
+ *
+ * Call's {@link #buildXMLSignature()} if it has not been called yet.
+ *
+ *
+ * @param signContext
+ * the signing context
+ *
+ * @throws MarshalException
+ * if marshalling the XMLSignature fails
+ * @throws XMLSignatureException
+ * if signing the XMLSignature fails
+ * @throws SLCommandException
+ * if building the XMLSignature fails
+ * @throws NullPointerException
+ * if signContext is null
+ */
+ public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException {
+
+ if (xmlSignature == null) {
+ buildXMLSignature();
+ }
+
+ for (IdAttribute idAttribute : idAttributes) {
+ signContext.setIdAttributeNS(idAttribute.element, idAttribute.namespaceURI, idAttribute.localName);
+ }
+
+ // DO NOT USE:
+ // signContext.setProperty("iaik.xml.crypto.dsig.sign-over", Boolean.TRUE);
+
+ signContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+
+ signContext.putNamespacePrefix(XMLSignature.XMLNS, "dsig");
+
+ signContext.setURIDereferencer(new URIDereferncerAdapter(ctx.getDereferencerContext()));
+
+ try {
+ xmlSignature.sign(signContext);
+ } catch (XMLSignatureException e) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause instanceof STALSignatureException) {
+ int errorCode = ((STALSignatureException) cause).getErrorCode();
+ SLCommandException commandException = new SLCommandException(errorCode);
+ log.info("Failed to sign signature.", commandException);
+ throw commandException;
+ } else {
+ cause = cause.getCause();
+ }
+ }
+ throw e;
+ }
+
+ // debug
+ if (log.isTraceEnabled()) {
+ for (DataObject dataObject : dataObjects) {
+ Reference reference = dataObject.getReference();
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ String mimeType = dataObject.getMimeType();
+ StringBuilder sb = new StringBuilder();
+ sb.append("DigestInput for Reference with id='");
+ sb.append(reference.getId());
+ sb.append("' (MIME-Type=");
+ sb.append(dataObject.getMimeType());
+ sb.append("):\n");
+ try {
+ if (mimeType != null && (
+ mimeType.startsWith("text") ||
+ "application/xhtml+xml".equals(mimeType))) {
+ byte[] b = new byte[512];
+ for (int l; (l = digestInputStream.read(b)) != -1;) {
+ sb.append(new String(b, 0, l));
+ }
+ } else {
+ sb.append(HexDump.hexDump(digestInputStream));
+ }
+ } catch (IOException e) {
+ log.error(e);
+ }
+ log.trace(sb.toString());
+ } else {
+ log.trace("Reference caching is not enabled.");
+ }
+ }
+ }
+
+ }
+
+ /**
+ * Sign this Signature using the given stal implementation and
+ * keyboxIdentifier.
+ *
+ * This method configures an appropriate {@link DOMSignContext} and calls
+ * {@link #sign(DOMSignContext)}. If {@link #buildXMLSignature()} has not been
+ * called yet, it is called by this method.
+ *
+ *
+ * @param stal
+ * the STAL implementation to use
+ * @param keyboxIdentifier
+ * the KeyboxIdentifier to use
+ *
+ * @throws MarshalException
+ * if marshalling this Signature fails
+ * @throws XMLSignatureException
+ * if signing this Signature fails
+ * @throws SLCommandException
+ * if building this Signature fails
+ * @throws NullPointerException
+ * if stal or keyboxIdentifier is
+ * null
+ */
+ public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException {
+
+ if (stal == null) {
+ throw new NullPointerException("Argument 'stal' must not be null.");
+ }
+
+ if (keyboxIdentifier == null) {
+ throw new NullPointerException("Argument 'keyboxIdentifier' must not be null.");
+ }
+
+ if (xmlSignature == null) {
+ buildXMLSignature();
+ }
+
+ SignatureMethod signatureMethod = xmlSignature.getSignedInfo().getSignatureMethod();
+ String algorithm = signatureMethod.getAlgorithm();
+
+ //don't get hashDataInputs (digestInputStreams) now, only once Signature.sign() was called (cf STALSignature.engineSign)
+ PrivateKey privateKey = new STALPrivateKey(stal, algorithm, keyboxIdentifier, dataObjects); // hashDataInputs);
+
+ DOMSignContext signContext;
+ if (getNextSibling() == null) {
+ signContext = new DOMSignContext(privateKey, getParent());
+ } else {
+ signContext = new DOMSignContext(privateKey, getParent(), getNextSibling());
+ }
+
+ sign(signContext);
+ }
+
+// @Override
+// public HashDataInput getHashDataInput(final String referenceId) {
+// final DataObject dataObject = dataObjectReferencIds.get(referenceId);
+// if (dataObject != null) {
+// return new HashDataInput() {
+//
+// InputStream hashDataInput = dataObject.getReference().getDigestInputStream();
+//
+// @Override
+// public String getReferenceId() {
+// return referenceId;
+// }
+//
+// @Override
+// public String getMimeType() {
+// return dataObject.getMimeType();
+// }
+//
+// @Override
+// public InputStream getHashDataInput() {
+// return hashDataInput;
+// }
+// };
+// }
+// return null;
+// }
+
+ /**
+ * Adds the XAdES QualifyingProperties as an
+ * ds:Object and a corresponding ds:Reference to
+ * it's SignedProperties element to this Signature.
+ *
+ * @param objects
+ * the list of ds:Objects to add the created
+ * ds:Object to
+ * @param references
+ * the list of ds:References to add the created
+ * ds:Reference to
+ *
+ * @throws SLCommandException
+ * if creating and adding the XAdES
+ * QualifyingProperties fails
+ * @throws NullPointerException
+ * if objects or references is
+ * null
+ */
+ private void addXAdESObjectAndReference(List objects, List references) throws SLCommandException {
+
+ QualifyingPropertiesFactory factory = QualifyingPropertiesFactory.getInstance();
+
+ String idValue = ctx.getIdValueFactory().createIdValue("SignedProperties");
+
+ Date date = (signingTime != null) ? signingTime : new Date();
+
+ List signingCertificates;
+ if (signerCertificate != null) {
+ signingCertificates = Collections.singletonList(signerCertificate);
+ } else {
+ signingCertificates = Collections.emptyList();
+ }
+
+ // TODO: report MOA-SP bug
+ //
+ // The security layer specification mandates the use of version 1.2.2. of the
+ // XAdES QualifyingProperties. However MOA-SP supports only version 1.1.1. Therefore,
+ // the version 1.1.1 is used in order to be compatible with current MOA-SP versions.
+
+ List dataObjectFormats = new ArrayList();
+ for (DataObject dataObject : dataObjects) {
+ if (dataObject.getMimeType() != null && dataObject.getReference() != null) {
+ Reference reference = dataObject.getReference();
+ if (reference.getId() != null) {
+ String objectReference = "#" + reference.getId();
+ dataObjectFormats.add(factory.createDataObjectFormatType(
+ objectReference, dataObject.getMimeType(), dataObject
+ .getDescription()));
+ }
+ }
+ }
+
+ JAXBElement qualifyingProperties;
+ try {
+ qualifyingProperties = factory.createQualifyingProperties111(date, signingCertificates, idValue, dataObjectFormats);
+ } catch (QualifyingPropertiesException e) {
+ log.error("Failed to create QualifyingProperties.", e);
+ throw new SLCommandException(4000);
+ }
+
+ DocumentFragment fragment = ctx.getDocument().createDocumentFragment();
+
+ try {
+ factory.marshallQualifyingProperties(qualifyingProperties, fragment);
+ } catch (JAXBException e) {
+ log.error("Failed to marshal QualifyingProperties.", e);
+ throw new SLCommandException(4000);
+ }
+
+ List content = Collections.singletonList(new DOMStructure(fragment.getFirstChild()));
+
+ String objectIdValue = ctx.getIdValueFactory().createIdValue("Object");
+
+ XMLObject object = ctx.getSignatureFactory().newXMLObject(content, objectIdValue, null, null);
+
+ objects.add(object);
+
+ // TODO: Report MOA-SP Bug
+ //
+ // Direct referencing of the SignedPorperties Id-attribute is not supported by MOA-SP
+ // because the QualifyingProperties are parsed without the XAdES schema. Therefore,
+ // the shorthand XPointer could not be resolved.
+ //
+ // The following workaround uses an XPointer to select the SignedProperties in order
+ // to allow the signature to be verified with MOA-SP.
+
+ String referenceURI = "#xmlns(xades=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('"
+ + objectIdValue
+ + "')/child::xades:QualifyingProperties/child::xades:SignedProperties)";
+ DigestMethod dm;
+ try {
+ dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Failed to get DigestMethod algorithm.", e);
+ throw new SLCommandException(4006);
+ } catch (InvalidAlgorithmParameterException e) {
+ log.error("Failed to get DigestMethod algorithm.", e);
+ throw new SLCommandException(4006);
+ }
+
+ String referenceIdValue = ctx.getIdValueFactory().createIdValue("Reference");
+ String referenceType = QualifyingPropertiesFactory.SIGNED_PROPERTIES_REFERENCE_TYPE_V1_1_1;
+
+ Reference reference = ctx.getSignatureFactory().newReference(referenceURI, dm, null, referenceType, referenceIdValue);
+
+ references.add(reference);
+
+ Node child = fragment.getFirstChild();
+ if (child instanceof Element) {
+ NodeList nodes = ((Element) child).getElementsByTagNameNS(QualifyingPropertiesFactory.NS_URI_V1_1_1, "SignedProperties");
+ if (nodes.getLength() > 0) {
+ IdAttribute idAttribute = new IdAttribute();
+ idAttribute.element = (Element) nodes.item(0);
+ idAttribute.namespaceURI = null;
+ idAttribute.localName = "Id";
+ idAttributes.add(idAttribute);
+ }
+ }
+
+ }
+
+ /**
+ * Parse the SignatureEnvironment.
+ *
+ * @param signatureEnvironment
+ * the SignatureEnvironment element
+ * @param supplements
+ * an optional list of Supplements (may be
+ * null)
+ *
+ * @return the parsed SignatureEnvironment document
+ *
+ * @throws SLCommandException
+ * if parsing the SignatureEnvironment fails
+ * @throws NullPointerException
+ * if signatureEnvironment is null
+ */
+ private Document parseSignatureEnvironment(
+ Base64XMLOptRefContentType signatureEnvironment,
+ List supplements) throws SLCommandException {
+
+ if (signatureEnvironment == null) {
+ throw new NullPointerException("Argument 'signatureEnvironment' must not be null.");
+ }
+
+ LSInput input;
+ try {
+ if (signatureEnvironment.getReference() != null) {
+ log.debug("SignatureEnvironment contains Reference " + signatureEnvironment.getReference() + ".");
+ input = createLSInput(signatureEnvironment.getReference());
+ } else if (signatureEnvironment.getBase64Content() != null) {
+ log.debug("SignatureEnvironment contains Base64Content.");
+ input = createLSInput(signatureEnvironment.getBase64Content());
+ } else if (signatureEnvironment.getXMLContent() != null) {
+ log.debug("SignatureEnvironment contains XMLContent.");
+ input = createLSInput((XMLContentType) signatureEnvironment.getXMLContent());
+ } else {
+ // the schema does not allow us to reach this point
+ throw new SLCommandException(4000);
+ }
+ } catch (IOException e) {
+ log.info("XML document in which the signature is to be integrated cannot be resolved.", e);
+ throw new SLCommandException(4100);
+ } catch (XMLStreamException e) {
+ log.info("XML document in which the signature is to be integrated cannot be resolved.", e);
+ throw new SLCommandException(4100);
+ }
+
+ LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null);
+ DOMConfiguration domConfig = parser.getDomConfig();
+ SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler();
+ domConfig.setParameter("error-handler", errorHandler);
+ LSResourceResolverAdapter resourceResolver = new LSResourceResolverAdapter(supplements);
+ domConfig.setParameter("resource-resolver", resourceResolver);
+ domConfig.setParameter("validate", Boolean.TRUE);
+
+ Document doc;
+ try {
+ doc = parser.parse(input);
+ } catch (DOMException e) {
+ log.info("XML document in which the signature is to be integrated cannot be parsed.", e);
+ throw new SLCommandException(4101);
+ } catch (LSException e) {
+ log.info("XML document in which the signature is to be integrated cannot be parsed.", e);
+ throw new SLCommandException(4101);
+ }
+
+ if (resourceResolver.getError() != null) {
+ log.info("Failed to resolve resource while parsing SignatureEnvironment document.", resourceResolver.getError());
+ // we don't stop here, as we only _try_ to parse validating
+ }
+
+ if (errorHandler.hasFatalErrors()) {
+ // log fatal errors
+ if (log.isInfoEnabled()) {
+ List errorMessages = errorHandler.getErrorMessages();
+ StringBuffer sb = new StringBuffer();
+ for (String errorMessage : errorMessages) {
+ sb.append(" ");
+ sb.append(errorMessage);
+ }
+ log.info("XML document in which the signature is to be integrated cannot be parsed." + sb.toString());
+ }
+ throw new SLCommandException(4101);
+ }
+
+ // log parsed document
+ if (log.isTraceEnabled()) {
+
+ StringWriter writer = new StringWriter();
+
+ writer.write("SignatureEnvironment:\n");
+
+ LSOutput output = domImplLS.createLSOutput();
+ output.setCharacterStream(writer);
+ output.setEncoding("UTF-8");
+ LSSerializer serializer = domImplLS.createLSSerializer();
+ serializer.write(doc, output);
+
+ log.trace(writer.toString());
+ }
+
+ return doc;
+
+ }
+
+ /**
+ * Creates an LSInput from the given reference URI.
+ *
+ * @param reference
+ * the reference URL
+ *
+ * @return an LSInput from the given reference URI
+ *
+ * @throws IOException
+ * if dereferencing the given reference fails
+ */
+ private LSInput createLSInput(String reference) throws IOException {
+
+ URLDereferencer urlDereferencer = URLDereferencer.getInstance();
+ StreamData streamData = urlDereferencer.dereference(reference, ctx.getDereferencerContext());
+
+ String contentType = streamData.getContentType();
+ String charset = HttpUtil.getCharset(contentType, true);
+ InputStreamReader streamReader;
+ try {
+ streamReader = new InputStreamReader(streamData.getStream(), charset);
+ } catch (UnsupportedEncodingException e) {
+ log.info("Charset " + charset + " not supported. Using default.");
+ streamReader = new InputStreamReader(streamData.getStream());
+ }
+
+ LSInput input = domImplLS.createLSInput();
+ input = domImplLS.createLSInput();
+ input.setCharacterStream(streamReader);
+
+ return input;
+
+ }
+
+ /**
+ * Creates an LSInput from the given content bytes.
+ *
+ * @param content
+ * the content bytes
+ *
+ * @return an LSInput from the givne content bytes
+ */
+ private LSInput createLSInput(byte[] content) {
+
+ ByteArrayInputStream inputStream = new ByteArrayInputStream(content);
+ LSInput input = domImplLS.createLSInput();
+ input.setByteStream(inputStream);
+
+ return input;
+
+ }
+
+ /**
+ * Creates an LSInput from the given XML content.
+ *
+ * @param content
+ * the XML content
+ * @return an LSInput from the given XML content
+ *
+ * @throws XMLStreamException
+ * if reading the XMLStream from the given XML content fails
+ */
+ private LSInput createLSInput(XMLContentType content) throws XMLStreamException {
+
+ ByteArrayOutputStream redirectedStream = content.getRedirectedStream();
+ if (redirectedStream != null) {
+ LSInput input = domImplLS.createLSInput();
+ input.setByteStream(new ByteArrayInputStream(redirectedStream.toByteArray()));
+ return input;
+ } else {
+ return null;
+ }
+
+ }
+
+ /**
+ * Represents an xsd:Id-attribute value.
+ *
+ * @author mcentner
+ */
+ private class IdAttribute {
+
+ private Element element;
+
+ private String namespaceURI;
+
+ private String localName;
+
+ }
+
+ /**
+ * An implementation of the LSResourceResolver that uses a list of supplements
+ * to resolve resources.
+ *
+ * @author mcentner
+ */
+ private class LSResourceResolverAdapter implements LSResourceResolver {
+
+ List supplements;
+
+ private LSResourceResolverAdapter(
+ List supplements) {
+ this.supplements = supplements;
+ }
+
+ private Exception error;
+
+ /**
+ * @return the error
+ */
+ public Exception getError() {
+ return error;
+ }
+
+ @Override
+ public LSInput resolveResource(String type, String namespaceURI,
+ String publicId, String systemId, String baseURI) {
+
+ if (log.isTraceEnabled()) {
+ log.trace("Resolve resource :" +
+ "\n type=" + type +
+ "\n namespaceURI=" + namespaceURI +
+ "\n publicId=" + publicId +
+ "\n systemId=" + systemId +
+ "\n baseURI=" + baseURI);
+ }
+
+ if (systemId != null) {
+
+ log.debug("Resolve resource '" + systemId + "'.");
+
+ for (DataObjectAssociationType supplement : supplements) {
+
+ Base64XMLLocRefReqRefContentType content = supplement.getContent();
+ if (content != null) {
+
+ String reference = content.getReference();
+ if (systemId.equals(reference)) {
+
+ try {
+ if (content.getLocRefContent() != null) {
+ log.trace("Resolved resource '" + reference + "' to supplement with LocRefContent.");
+ return createLSInput(content.getLocRefContent());
+ } else if (content.getBase64Content() != null) {
+ log.trace("Resolved resource '" + reference + "' to supplement with Base64Content.");
+ return createLSInput(content.getBase64Content());
+ } else if (content.getXMLContent() != null) {
+ log.trace("Resolved resource '" + reference + "' to supplement with XMLContent.");
+ return createLSInput((XMLContentType) content.getXMLContent());
+ } else {
+ return null;
+ }
+ } catch (IOException e) {
+ log.info("Failed to resolve resource '" + systemId + "' to supplement.", e);
+ error = e;
+ return null;
+ } catch (XMLStreamException e) {
+ log.info("Failed to resolve resource '" + systemId + "' to supplement.", e);
+ error = e;
+ return null;
+ }
+
+ }
+
+ }
+
+ }
+
+ log.info("Failed to resolve resource '" + systemId + "' to supplement. No such supplement.");
+
+ }
+
+ return null;
+
+ }
+
+
+ }
+
+}
--
cgit v1.2.3
From 66cfb865fbfa7af514e803003f928d77f1156e46 Mon Sep 17 00:00:00 2001
From: mcentner
Date: Thu, 11 Sep 2008 12:16:35 +0000
Subject: Added to be signed data validation.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@32 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../impl/CreateXMLSignatureCommandImpl.java | 13 +--
.../egiz/bku/slcommands/impl/xsect/DataObject.java | 119 ++++++++++++++++++++-
.../bku/slcommands/impl/xsect/STALSignature.java | 11 +-
.../egiz/bku/slcommands/impl/xsect/Signature.java | 10 +-
4 files changed, 138 insertions(+), 15 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 136fa6f3..628326cf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -44,7 +44,9 @@ import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.stal.InfoboxReadRequest;
import at.gv.egiz.stal.InfoboxReadResponse;
@@ -166,9 +168,10 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImpltrue if validation should be enabled, or
+ * false otherwise.
+ */
+ public static void enableHashDataInputValidation(boolean validate) {
+ DataObject.validate = validate;
+ }
+
+ /**
+ * @return true if hash data input validation is enabled,
+ * or false otherwise.
+ */
+ public static boolean isHashDataInputValidationEnabled() {
+ return validate;
+ }
+
+ /**
+ * Valid MIME types.
+ */
+ private static String[] validMimeTypes = DEFAULT_PREFFERED_MIME_TYPES;
+
+ /**
+ * Sets the list of valid hash data input media types.
+ *
The array is also used for transformation path selection.
+ * The transformation path with a final type, that appears in the
+ * given array in the earliest position is used selected.
+ *
+ * @param mediaTypes an array of MIME media types.
+ */
+ public static void setValidHashDataInputMediaTypes(String[] mediaTypes) {
+ validMimeTypes = mediaTypes;
+ }
+
/**
* The DOM implementation used.
*/
@@ -184,7 +230,70 @@ public class DataObject {
public String getDescription() {
return description;
}
-
+
+ public void validateHashDataInput() throws SLViewerException {
+
+ if (validate) {
+
+ if (reference == null) {
+ log.error("Medthod validateHashDataInput() called before reference has been created.");
+ throw new SLViewerException(5000);
+ }
+
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream == null) {
+ log.error("Method validateHashDataInput() called before reference has been generated " +
+ "or reference caching is not enabled.");
+ throw new SLViewerException(5000);
+ }
+
+ if (mimeType == null) {
+ log.info("FinalDataMetaInfo does not specify MIME type of to be signed data.");
+ // TODO: add detailed message
+ throw new SLViewerException(5000);
+ }
+
+ // get MIME media type
+ String mediaType = mimeType.split(";")[0].trim();
+ // and optional charset
+ String charset = HttpUtil.getCharset(mimeType, false);
+
+ if (Arrays.asList(validMimeTypes).contains(mediaType)) {
+
+ Validator validator;
+ try {
+ validator = ValidatorFactory.newValidator(mediaType);
+ } catch (IllegalArgumentException e) {
+ log.error("No validator found for mime type '" + mediaType + "'.");
+ throw new SLViewerException(5000);
+ }
+
+ try {
+ validator.validate(digestInputStream, charset);
+ } catch (ValidationException e) {
+ if ("text/plain".equals(mediaType)) {
+ log.info("Data to be displayed contains unsupported characters.", e);
+ // TODO: add detailed message
+ throw new SLViewerException(5003);
+ } else if ("application/xhtml+xml".equals(mediaType)) {
+ // TODO: add detailed message
+ log.info("Standard display format: HTML does not conform to specification.", e);
+ throw new SLViewerException(5004);
+ } else {
+ // TODO: add detailed message
+ log.info("Data to be displayed is invalid.", e);
+ throw new SLViewerException(5000);
+ }
+ }
+
+ } else {
+ log.info("MIME media type '" + mediaType + "' is not a valid digest input.");
+ throw new SLViewerException(5001);
+ }
+ }
+
+ }
+
/**
* Configures this DataObject with the information provided within the given
* sl:DataObjectInfo.
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
index eba1d96d..2d89c8ae 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
@@ -17,6 +17,8 @@
package at.gv.egiz.bku.slcommands.impl.xsect;
import at.gv.egiz.bku.slcommands.impl.HashDataInputImpl;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
+
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
@@ -123,9 +125,14 @@ public class STALSignature extends SignatureSpi {
// log.debug("got " + dataObjects.size() + " DataObjects, passing HashDataInputs to STAL SignRequest");
List hashDataInputs = new ArrayList();
- for (DataObject dataObject : dataObjects) {
- hashDataInputs.add(new HashDataInputImpl(dataObject));
+ for (DataObject dataObject : dataObjects) {
+ try {
+ dataObject.validateHashDataInput();
+ } catch (SLViewerException e) {
+ throw new STALSignatureException(e);
}
+ hashDataInputs.add(new HashDataInputImpl(dataObject));
+ }
SignRequest signRequest = new SignRequest();
signRequest.setKeyIdentifier(keyboxIdentifier);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index 191f8371..2330ed3f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -81,6 +81,7 @@ import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType;
import at.gv.egiz.bku.binding.HttpUtil;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.bku.utils.HexDump;
import at.gv.egiz.bku.utils.urldereferencer.StreamData;
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
@@ -387,10 +388,11 @@ public class Signature {
* if signing the XMLSignature fails
* @throws SLCommandException
* if building the XMLSignature fails
+ * @throws SLViewerException
* @throws NullPointerException
* if signContext is null
*/
- public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException {
+ public void sign(DOMSignContext signContext) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
if (xmlSignature == null) {
buildXMLSignature();
@@ -415,6 +417,9 @@ public class Signature {
Throwable cause = e.getCause();
while (cause != null) {
if (cause instanceof STALSignatureException) {
+ if (((STALSignatureException) cause).getCause() instanceof SLViewerException) {
+ throw (SLViewerException) ((STALSignatureException) cause).getCause();
+ }
int errorCode = ((STALSignatureException) cause).getErrorCode();
SLCommandException commandException = new SLCommandException(errorCode);
log.info("Failed to sign signature.", commandException);
@@ -482,11 +487,12 @@ public class Signature {
* if signing this Signature fails
* @throws SLCommandException
* if building this Signature fails
+ * @throws SLViewerException
* @throws NullPointerException
* if stal or keyboxIdentifier is
* null
*/
- public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException {
+ public void sign(STAL stal, String keyboxIdentifier) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException {
if (stal == null) {
throw new NullPointerException("Argument 'stal' must not be null.");
--
cgit v1.2.3
From 76bb812a3254be530e403f8db8c01323a31b30c1 Mon Sep 17 00:00:00 2001
From: wbauer
Date: Thu, 11 Sep 2008 13:03:44 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@33
8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
index 555f83bd..fb624211 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
@@ -16,12 +16,14 @@
*/
package at.gv.egiz.bku.slcommands.impl;
-import at.buergerkarte.namespaces.securitylayer._1.ErrorResponseType;
-import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
-import at.gv.egiz.bku.slcommands.ErrorResult;
-import at.gv.egiz.bku.slexceptions.SLException;
-
-import javax.xml.transform.Result;
+import java.util.Locale;
+
+import javax.xml.transform.Result;
+
+import at.buergerkarte.namespaces.securitylayer._1.ErrorResponseType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.gv.egiz.bku.slcommands.ErrorResult;
+import at.gv.egiz.bku.slexceptions.SLException;
/**
* This class implements the security layer result ErrorResponse.
--
cgit v1.2.3
From 0df8bb10302989f41ed420ec0ff29b2fc2005471 Mon Sep 17 00:00:00 2001
From: wbauer
Date: Mon, 15 Sep 2008 14:18:53 +0000
Subject: Migrated BKULocal to BKUCommonGUI and minor bug fixes
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@37 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../egiz/bku/slcommands/impl/xsect/Signature.java | 25 ++++++++++++++++++++++
1 file changed, 25 insertions(+)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index 2330ed3f..8baa0137 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -463,6 +463,31 @@ public class Signature {
log.trace("Reference caching is not enabled.");
}
}
+ for (Reference reference : getReferences()) {
+ if (reference.getType() != null) {
+ InputStream digestInputStream = reference.getDigestInputStream();
+ if (digestInputStream != null) {
+ StringBuilder sb = new StringBuilder();
+ sb.append("DigestInput for Reference with id='");
+ sb.append(reference.getId());
+ sb.append("'; Type:");
+ sb.append(reference.getType());
+ sb.append("):\n");
+ try {
+ byte[] b = new byte[512];
+ for (int l; (l = digestInputStream.read(b)) != -1;) {
+ sb.append(new String(b, 0, l));
+ }
+ } catch (IOException e) {
+ log.error(e);
+ }
+ log.trace(sb.toString());
+ } else {
+ log.trace("Reference caching is not enabled.");
+ }
+
+ }
+ }
}
}
--
cgit v1.2.3
From fd1db02bdc9fbd2a5beca0cc2b214c1adbcc1a7a Mon Sep 17 00:00:00 2001
From: clemenso
Date: Mon, 15 Sep 2008 18:01:32 +0000
Subject: encoding
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@39 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
index 49d3c63f..d6999404 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
@@ -4,6 +4,7 @@
*/
package at.gv.egiz.bku.slcommands.impl;
+import at.gv.egiz.bku.binding.HttpUtil;
import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
import at.gv.egiz.stal.HashDataInput;
import java.io.InputStream;
@@ -16,11 +17,14 @@ public class HashDataInputImpl implements HashDataInput {
String refId;
String mimeType;
+ String encoding;
InputStream hashDataInput;
public HashDataInputImpl(DataObject dataObject) {
refId = dataObject.getReference().getId();
- mimeType = dataObject.getMimeType();
+ String contentType = dataObject.getMimeType();
+ mimeType = contentType.split(";")[0].trim();
+ encoding = HttpUtil.getCharset(dataObject.getMimeType(), false);
hashDataInput = dataObject.getReference().getDigestInputStream();
}
@@ -39,4 +43,9 @@ public class HashDataInputImpl implements HashDataInput {
return hashDataInput;
}
+ @Override
+ public String getEncoding() {
+ return encoding;
+ }
+
}
--
cgit v1.2.3
From f72d5842828ec072813eb30051d24f7cc8613606 Mon Sep 17 00:00:00 2001
From: clemenso
Date: Wed, 17 Sep 2008 17:18:14 +0000
Subject: hashdatainput digest verification
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@45 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../slcommands/impl/DataObjectHashDataInput.java | 50 +++++++++++++++++++++
.../bku/slcommands/impl/HashDataInputImpl.java | 51 ----------------------
.../bku/slcommands/impl/xsect/STALSignature.java | 4 +-
3 files changed, 52 insertions(+), 53 deletions(-)
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
delete mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
new file mode 100644
index 00000000..71b62911
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
@@ -0,0 +1,50 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package at.gv.egiz.bku.slcommands.impl;
+
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
+import at.gv.egiz.stal.HashDataInput;
+import java.io.InputStream;
+
+/**
+ *
+ * @author clemens
+ */
+public class DataObjectHashDataInput implements HashDataInput {
+
+ protected DataObject dataObject;
+
+ public DataObjectHashDataInput(DataObject dataObject) {
+ if (dataObject.getReference() == null)
+ throw new NullPointerException("DataObject reference must not be null");
+ this.dataObject = dataObject;
+ }
+
+ @Override
+ public String getReferenceId() {
+ return dataObject.getReference().getId();
+ }
+
+ @Override
+ public String getMimeType() {
+ return dataObject.getMimeType();
+ }
+
+ /**
+ *
+ * @return the pre-digested input stream if reference caching is enabled, null otherwise
+ */
+ @Override
+ public InputStream getHashDataInput() {
+ return dataObject.getReference().getDigestInputStream();
+ }
+
+ @Override
+ public String getEncoding() {
+ return HttpUtil.getCharset(dataObject.getMimeType(), false);
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
deleted file mode 100644
index d6999404..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/HashDataInputImpl.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-package at.gv.egiz.bku.slcommands.impl;
-
-import at.gv.egiz.bku.binding.HttpUtil;
-import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
-import at.gv.egiz.stal.HashDataInput;
-import java.io.InputStream;
-
-/**
- *
- * @author clemens
- */
-public class HashDataInputImpl implements HashDataInput {
-
- String refId;
- String mimeType;
- String encoding;
- InputStream hashDataInput;
-
- public HashDataInputImpl(DataObject dataObject) {
- refId = dataObject.getReference().getId();
- String contentType = dataObject.getMimeType();
- mimeType = contentType.split(";")[0].trim();
- encoding = HttpUtil.getCharset(dataObject.getMimeType(), false);
- hashDataInput = dataObject.getReference().getDigestInputStream();
- }
-
- @Override
- public String getReferenceId() {
- return refId;
- }
-
- @Override
- public String getMimeType() {
- return mimeType;
- }
-
- @Override
- public InputStream getHashDataInput() {
- return hashDataInput;
- }
-
- @Override
- public String getEncoding() {
- return encoding;
- }
-
-}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
index 2d89c8ae..dd7c7d8a 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/STALSignature.java
@@ -16,7 +16,7 @@
*/
package at.gv.egiz.bku.slcommands.impl.xsect;
-import at.gv.egiz.bku.slcommands.impl.HashDataInputImpl;
+import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput;
import at.gv.egiz.bku.slexceptions.SLViewerException;
import java.io.ByteArrayOutputStream;
@@ -131,7 +131,7 @@ public class STALSignature extends SignatureSpi {
} catch (SLViewerException e) {
throw new STALSignatureException(e);
}
- hashDataInputs.add(new HashDataInputImpl(dataObject));
+ hashDataInputs.add(new DataObjectHashDataInput(dataObject));
}
SignRequest signRequest = new SignRequest();
--
cgit v1.2.3
From a20fb683943ce0893302b6dc25015c998cd9687f Mon Sep 17 00:00:00 2001
From: clemenso
Date: Thu, 18 Sep 2008 09:25:55 +0000
Subject: hashdatainput cached
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@46 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
index 71b62911..0386bdd6 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
@@ -10,7 +10,9 @@ import at.gv.egiz.stal.HashDataInput;
import java.io.InputStream;
/**
- *
+ * DataObject-backed HashDataInput
+ * If reference caching is enabled,
+ * the hashdata input stream can be obtained repeatedly.
* @author clemens
*/
public class DataObjectHashDataInput implements HashDataInput {
@@ -34,7 +36,7 @@ public class DataObjectHashDataInput implements HashDataInput {
}
/**
- *
+ * may be called repeatedly
* @return the pre-digested input stream if reference caching is enabled, null otherwise
*/
@Override
--
cgit v1.2.3
From 40e57f6c9101ddcc00422d95086d6a485c3ceda2 Mon Sep 17 00:00:00 2001
From: clemenso
Date: Thu, 18 Sep 2008 15:52:02 +0000
Subject: mimetype
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@52 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
index 0386bdd6..1a9b56fb 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java
@@ -32,7 +32,8 @@ public class DataObjectHashDataInput implements HashDataInput {
@Override
public String getMimeType() {
- return dataObject.getMimeType();
+ String contentType = dataObject.getMimeType();
+ return contentType.split(";")[0].trim();
}
/**
--
cgit v1.2.3
From 3edfbe631f24d73324bc4dd0d182ca7737c4d5b5 Mon Sep 17 00:00:00 2001
From: mcentner
Date: Wed, 24 Sep 2008 13:56:53 +0000
Subject: Improved SLResult marshalling.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@66 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../java/at/gv/egiz/bku/slcommands/SLResult.java | 7 +-
.../impl/CreateXMLSignatureResultImpl.java | 73 ++---
.../egiz/bku/slcommands/impl/ErrorResultImpl.java | 21 +-
.../slcommands/impl/InfoboxReadCommandImpl.java | 320 ++++++++++++++++-----
.../slcommands/impl/InfoboxReadResultFileImpl.java | 141 +++++++++
.../bku/slcommands/impl/InfoboxReadResultImpl.java | 190 +++---------
.../slcommands/impl/NullOperationResultImpl.java | 5 +-
.../gv/egiz/bku/slcommands/impl/SLResultImpl.java | 166 ++++++++---
8 files changed, 591 insertions(+), 332 deletions(-)
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultFileImpl.java
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java
index 7cf43fda..7989a771 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java
@@ -16,9 +16,8 @@
*/
package at.gv.egiz.bku.slcommands;
-import javax.xml.transform.Result;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
+import javax.xml.transform.Result;
+import javax.xml.transform.Templates;
public interface SLResult {
@@ -40,5 +39,5 @@ public interface SLResult {
* @param result
* @param transformer may be null.
*/
- public void writeTo(Result result, Transformer transformer) throws TransformerException;
+ public void writeTo(Result result, Templates templates);
}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
index d2d2e678..092a13c4 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
@@ -16,28 +16,24 @@
*/
package at.gv.egiz.bku.slcommands.impl;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.transform.Result;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureResponseType;
-import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
-import at.gv.egiz.bku.slcommands.SLCommandFactory;
-import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.transform.Result;
+import javax.xml.transform.Templates;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureResponseType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.gv.egiz.bku.slcommands.SLCommandFactory;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
/**
* This calls implements the result of the security layer command CreateXMLSignature.
@@ -104,35 +100,10 @@ public class CreateXMLSignatureResultImpl extends SLResultImpl {
}
}
-
- @Override
- public void writeTo(Result result) {
-
- try {
- writeTo(result, null);
- } catch (TransformerException e) {
- log.error(e);
- }
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egiz.bku.slcommands.impl.SLResultImpl#writeTo(javax.xml.transform.Result, javax.xml.transform.Transformer)
- */
- @Override
- public void writeTo(Result result, Transformer transformer) throws TransformerException {
-
- if (transformer == null) {
- TransformerFactory transformerFactory = TransformerFactory.newInstance();
- try {
- transformer = transformerFactory.newTransformer();
- } catch (TransformerConfigurationException e) {
- log.error("Failed to create Transformer.", e);
- throw new SLRuntimeException(e);
- }
- }
- transformer.transform(new DOMSource(doc), result);
-
+
+ @Override
+ public void writeTo(Result result, Templates templates) {
+ writeTo(doc, result, templates);
}
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
index fb624211..176ba001 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/ErrorResultImpl.java
@@ -16,12 +16,9 @@
*/
package at.gv.egiz.bku.slcommands.impl;
-import java.util.Locale;
-
import javax.xml.transform.Result;
+import javax.xml.transform.Templates;
-import at.buergerkarte.namespaces.securitylayer._1.ErrorResponseType;
-import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
import at.gv.egiz.bku.slcommands.ErrorResult;
import at.gv.egiz.bku.slexceptions.SLException;
@@ -48,15 +45,9 @@ public class ErrorResultImpl extends SLResultImpl implements ErrorResult {
this.slException = slException;
}
- @Override
- public void writeTo(Result result) {
-
- ObjectFactory factory = new ObjectFactory();
- ErrorResponseType responseType = factory.createErrorResponseType();
- responseType.setErrorCode(slException.getErrorCode());
- responseType.setInfo(slException.getDetailedMsg());
-
- writeTo(factory.createErrorResponse(responseType), result);
-
- }
+ @Override
+ public void writeTo(Result result, Templates templates) {
+ writeErrorTo(slException, result, templates);
+ }
+
}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
index b6745e1f..4d64ae36 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
@@ -16,55 +16,66 @@
*/
package at.gv.egiz.bku.slcommands.impl;
-import iaik.asn1.CodingException;
-import iaik.asn1.DerCoder;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Result;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMResult;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-
-import at.buergerkarte.namespaces.personenbindung._20020506_.CompressedIdentityLinkType;
-import at.buergerkarte.namespaces.securitylayer._1.AnyChildrenType;
-import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsBinaryFileType;
-import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType;
-import at.gv.egiz.bku.slcommands.InfoboxReadCommand;
-import at.gv.egiz.bku.slcommands.SLCommand;
-import at.gv.egiz.bku.slcommands.SLCommandContext;
-import at.gv.egiz.bku.slcommands.SLResult;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
-import at.gv.egiz.bku.slexceptions.SLRuntimeException;
-import at.gv.egiz.idlink.CompressedIdentityLinkFactory;
-import at.gv.egiz.idlink.IdentityLinkTransformer;
-import at.gv.egiz.idlink.ans1.IdentityLink;
-import at.gv.egiz.stal.InfoboxReadRequest;
-import at.gv.egiz.stal.InfoboxReadResponse;
-import at.gv.egiz.stal.STALRequest;
+import iaik.asn1.CodingException;
+import iaik.asn1.DerCoder;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Result;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+import at.buergerkarte.namespaces.personenbindung._20020506_.CompressedIdentityLinkType;
+import at.buergerkarte.namespaces.securitylayer._1.AnyChildrenType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxAssocArrayPairType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadDataAssocArrayType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsBinaryFileType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadKeys;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadPairs;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadValue;
+import at.gv.egiz.bku.slcommands.InfoboxReadCommand;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.idlink.CompressedIdentityLinkFactory;
+import at.gv.egiz.idlink.IdentityLinkTransformer;
+import at.gv.egiz.idlink.ans1.IdentityLink;
+import at.gv.egiz.stal.InfoboxReadRequest;
+import at.gv.egiz.stal.InfoboxReadResponse;
+import at.gv.egiz.stal.STALRequest;
/**
* This class implements the security layer command
@@ -82,23 +93,45 @@ public class InfoboxReadCommandImpl extends SLCommandImplInfoboxIdentifier
*/
protected String infoboxIdentifier;
/**
- * The IdentityLinkDomainIdentifier value of an IdentyLink infobox.
+ * The IdentityLinkDomainIdentifier value of an IdentyLink infobox.
*/
- protected String identityLinkDomainIdentifier;
+ protected String identityLinkDomainIdentifier;
+
+ /**
+ * The list of certificates to be read from an Certificates infobox.
+ */
+ protected List certificates;
+
+ /**
+ * The result type.
+ */
+ protected int assocArrayResult;
/**
* Is content XML entity?
@@ -125,12 +158,6 @@ public class InfoboxReadCommandImpl extends SLCommandImpl 1) {
+ log.info("UserMakesUnique not supported");
+ // TODO: give more specific error message
+ throw new SLCommandException(4010);
+ }
+ }
+
+ // ReadPairs?
+ if (assocArrayParameters.getReadPairs() != null) {
+ assocArrayResult = ASSOC_ARRAY_READ_PAIRS;
+ ReadPairs readPairs = assocArrayParameters.getReadPairs();
+ if (readPairs.isValuesAreXMLEntities()) {
+ log.info("Got valuesAreXMLEntities but infobox type is binary.");
+ throw new SLCommandException(4010);
+ }
+ certificates = findCertificates(readPairs.getSearchString());
+ if (readPairs.isUserMakesUnique() && certificates.size() > 1) {
+ log.info("UserMakesUnique not supported");
+ // TODO: give more specific error message
+ throw new SLCommandException(4010);
+ }
+ }
+
+ // ReadValue
+ if (assocArrayParameters.getReadValue() != null) {
+ assocArrayResult = ASSOC_ARRAY_READ_VALUE;
+ ReadValue readValue = assocArrayParameters.getReadValue();
+ if (readValue.isValueIsXMLEntity()) {
+ log.info("Got valuesAreXMLEntities but infobox type is binary.");
+ throw new SLCommandException(4010);
+ }
+ String key = readValue.getKey();
+ if (Arrays.asList(INFOXBOX_CERTIFICATES_KEYS).contains(key)) {
+ certificates = Collections.singletonList(key);
+ } else {
+ certificates = Collections.emptyList();
+ }
+ }
+
+ if (assocArrayResult == 0) {
+ log.info("Infobox type is AssocArray but got invalid AssocArrayParameters.");
+ throw new SLCommandException(4010);
+ }
} else {
throw new SLCommandException(4002,
@@ -168,9 +268,15 @@ public class InfoboxReadCommandImpl extends SLCommandImpl findCertificates(String searchString) throws SLCommandException {
+
+ if ("*".equals(searchString) || "**".equals(searchString)) {
+ return Arrays.asList(INFOXBOX_CERTIFICATES_KEYS);
+ }
+
+ if (Pattern.matches(SEARCH_STRING_PATTERN, searchString)) {
+
+// for (int i = 0; i < searchString.length(); i++) {
+// int codePoint = searchString.codePointAt(i);
+//
+// }
+
+ // TODO : build pattern
+ return Collections.emptyList();
+ } else {
+ log.info("Got invalid search string '" + searchString + "'");
+ throw new SLCommandException(4010);
+ }
+
+ }
+
+ private SLResult readCertificates() throws SLCommandException {
+
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ InfoboxReadDataAssocArrayType infoboxReadDataAssocArrayType = objectFactory
+ .createInfoboxReadDataAssocArrayType();
+
+ if (assocArrayResult == ASSOC_ARRAY_READ_KEYS) {
- @Override
- public String getIdentityLinkDomainId() {
- return identityLinkDomainIdentifier;
- }
+ List keys = infoboxReadDataAssocArrayType.getKey();
+ keys.addAll(certificates);
+
+ } else {
+
+ if (certificates != null && !certificates.isEmpty()) {
+
+ List stalRequests = new ArrayList();
+
+ // get certificates
+ InfoboxReadRequest infoboxReadRequest;
+ for (int i = 0; i < certificates.size(); i++) {
+ infoboxReadRequest = new InfoboxReadRequest();
+ infoboxReadRequest.setInfoboxIdentifier(certificates.get(i));
+ stalRequests.add(infoboxReadRequest);
+ }
+
+ requestSTAL(stalRequests);
+
+ List x509Certs = getCertificatesFromResponses();
+
+ for (int i = 0; i < certificates.size(); i++) {
+ InfoboxAssocArrayPairType infoboxAssocArrayPairType = objectFactory.createInfoboxAssocArrayPairType();
+ infoboxAssocArrayPairType.setKey(certificates.get(i));
+ try {
+ infoboxAssocArrayPairType.setBase64Content(x509Certs.get(i).getEncoded());
+ } catch (CertificateEncodingException e) {
+ log.error("Failed to encode certificate.", e);
+ throw new SLCommandException(4000);
+ }
+ infoboxReadDataAssocArrayType.getPair().add(infoboxAssocArrayPairType);
+ }
+
+ }
+
+ }
+
+ return new InfoboxReadResultImpl(infoboxReadDataAssocArrayType);
+
+ }
+
+ @Override
+ public String getIdentityLinkDomainId() {
+ return identityLinkDomainIdentifier;
+ }
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultFileImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultFileImpl.java
new file mode 100644
index 00000000..6f41b562
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultFileImpl.java
@@ -0,0 +1,141 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Result;
+import javax.xml.transform.Templates;
+import javax.xml.transform.dom.DOMResult;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+import at.buergerkarte.namespaces.securitylayer._1.Base64XMLContentType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadResponseType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.buergerkarte.namespaces.securitylayer._1.XMLContentType;
+import at.gv.egiz.bku.slcommands.InfoboxReadResult;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandFactory;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+
+/**
+ * This class implements the result of the security layer command InfoboxReadRequest.
+ *
+ * @author mcentner
+ */
+public class InfoboxReadResultFileImpl extends SLResultImpl implements
+ InfoboxReadResult {
+
+ /**
+ * Logging facility.
+ */
+ protected static Log log = LogFactory.getLog(InfoboxReadResultFileImpl.class);
+
+ /**
+ * The XML document containing the infobox content.
+ */
+ Document xmlDocument;
+
+ /**
+ * Creates the response document from the given binaryContent.
+ *
+ * @param binaryContent the infobox content
+ * @param preserveSpace the value of the preserveSpace parameter
+ *
+ * @return the created response document
+ */
+ private Document createResponseDocument(byte[] binaryContent, boolean preserveSpace) {
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ Document doc;
+ try {
+ doc = dbf.newDocumentBuilder().newDocument();
+ } catch (ParserConfigurationException e) {
+ // it should always be possible to create a new Document
+ log.error("Failed to create XML document.", e);
+ throw new SLRuntimeException(e);
+ }
+
+ ObjectFactory factory = new ObjectFactory();
+
+ Base64XMLContentType base64XMLContentType = factory.createBase64XMLContentType();
+ if (binaryContent == null) {
+ XMLContentType xmlContentType = factory.createXMLContentType();
+ if (preserveSpace) {
+ xmlContentType.setSpace("preserve");
+ }
+ base64XMLContentType.setXMLContent(xmlContentType);
+ } else {
+ base64XMLContentType.setBase64Content(binaryContent);
+ }
+ InfoboxReadResponseType infoboxReadResponseType = factory.createInfoboxReadResponseType();
+ infoboxReadResponseType.setBinaryFileData(base64XMLContentType);
+
+ JAXBElement infoboxReadResponse = factory.createInfoboxReadResponse(infoboxReadResponseType);
+
+ JAXBContext context = SLCommandFactory.getJaxbContext();
+ try {
+ Marshaller marshaller = context.createMarshaller();
+ marshaller.marshal(infoboxReadResponse, doc);
+ } catch (JAXBException e) {
+ log.error("Failed to marshal 'InfoboxReadResponse' document.", e);
+ throw new SLRuntimeException(e);
+ }
+
+ return doc;
+
+ }
+
+
+ /**
+ * @return an XMLResult for marshalling the infobox to
+ */
+ Result getXmlResult(boolean preserveSpace) {
+
+ xmlDocument = createResponseDocument(null, preserveSpace);
+
+ NodeList nodeList = xmlDocument.getElementsByTagNameNS(SLCommand.NAMESPACE_URI, "XMLContent");
+ return new DOMResult(nodeList.item(0));
+
+ }
+
+ /**
+ * Creates a new result document for this InfoboxReadResult
+ * and sets the given resultBytes as content.
+ *
+ * @param resultBytes
+ */
+ void setResultBytes(byte[] resultBytes) {
+
+ xmlDocument = createResponseDocument(resultBytes, false);
+
+ }
+
+ @Override
+ public void writeTo(Result result, Templates templates) {
+ writeTo(xmlDocument, result, templates);
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java
index 6f07338f..8904eac6 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java
@@ -14,158 +14,38 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package at.gv.egiz.bku.slcommands.impl;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Result;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMResult;
-import javax.xml.transform.dom.DOMSource;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.NodeList;
-
-import at.buergerkarte.namespaces.securitylayer._1.Base64XMLContentType;
-import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadResponseType;
-import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
-import at.buergerkarte.namespaces.securitylayer._1.XMLContentType;
-import at.gv.egiz.bku.slcommands.InfoboxReadResult;
-import at.gv.egiz.bku.slcommands.SLCommand;
-import at.gv.egiz.bku.slcommands.SLCommandFactory;
-import at.gv.egiz.bku.slexceptions.SLRuntimeException;
-
-/**
- * This class implements the result of the security layer command InfoboxReadRequest.
- *
- * @author mcentner
- */
-public class InfoboxReadResultImpl extends SLResultImpl implements
- InfoboxReadResult {
-
- /**
- * Logging facility.
- */
- protected static Log log = LogFactory.getLog(InfoboxReadResultImpl.class);
-
- /**
- * The XML document containing the infobox content.
- */
- Document xmlDocument;
-
- /**
- * Creates the response document from the given binaryContent.
- *
- * @param binaryContent the infobox content
- * @param preserveSpace the value of the preserveSpace parameter
- *
- * @return the created response document
- */
- private Document createResponseDocument(byte[] binaryContent, boolean preserveSpace) {
-
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- Document doc;
- try {
- doc = dbf.newDocumentBuilder().newDocument();
- } catch (ParserConfigurationException e) {
- // it should always be possible to create a new Document
- log.error("Failed to create XML document.", e);
- throw new SLRuntimeException(e);
- }
-
- ObjectFactory factory = new ObjectFactory();
-
- Base64XMLContentType base64XMLContentType = factory.createBase64XMLContentType();
- if (binaryContent == null) {
- XMLContentType xmlContentType = factory.createXMLContentType();
- if (preserveSpace) {
- xmlContentType.setSpace("preserve");
- }
- base64XMLContentType.setXMLContent(xmlContentType);
- } else {
- base64XMLContentType.setBase64Content(binaryContent);
- }
- InfoboxReadResponseType infoboxReadResponseType = factory.createInfoboxReadResponseType();
- infoboxReadResponseType.setBinaryFileData(base64XMLContentType);
-
- JAXBElement infoboxReadResponse = factory.createInfoboxReadResponse(infoboxReadResponseType);
-
- JAXBContext context = SLCommandFactory.getJaxbContext();
- try {
- Marshaller marshaller = context.createMarshaller();
- marshaller.marshal(infoboxReadResponse, doc);
- } catch (JAXBException e) {
- log.error("Failed to marshal 'InfoboxReadResponse' document.", e);
- throw new SLRuntimeException(e);
- }
-
- return doc;
-
- }
-
-
- /**
- * @return an XMLResult for marshalling the infobox to
- */
- Result getXmlResult(boolean preserveSpace) {
-
- xmlDocument = createResponseDocument(null, preserveSpace);
-
- NodeList nodeList = xmlDocument.getElementsByTagNameNS(SLCommand.NAMESPACE_URI, "XMLContent");
- return new DOMResult(nodeList.item(0));
-
- }
-
- /**
- * Creates a new result document for this InfoboxReadResult
- * and sets the given resultBytes as content.
- *
- * @param resultBytes
- */
- void setResultBytes(byte[] resultBytes) {
-
- xmlDocument = createResponseDocument(resultBytes, false);
-
- }
-
- @Override
- public void writeTo(Result result) {
-
- try {
- writeTo(result, null);
- } catch (TransformerException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egiz.bku.slcommands.impl.SLResultImpl#writeTo(javax.xml.transform.Result, javax.xml.transform.Transformer)
- */
- @Override
- public void writeTo(Result result, Transformer transformer) throws TransformerException {
-
- if (transformer == null) {
- TransformerFactory transformerFactory = TransformerFactory.newInstance();
- try {
- transformer = transformerFactory.newTransformer();
- } catch (TransformerConfigurationException e) {
- log.error("Failed to create Transformer.", e);
- throw new SLRuntimeException(e);
- }
- }
- transformer.transform(new DOMSource(xmlDocument), result);
-
- }
-
-}
+package at.gv.egiz.bku.slcommands.impl;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.transform.Result;
+import javax.xml.transform.Templates;
+
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadDataAssocArrayType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadResponseType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+
+public class InfoboxReadResultImpl extends SLResultImpl {
+
+ /**
+ * The InfoboxReadResponse
+ */
+ protected InfoboxReadResponseType infoboxReadResponse;
+
+ public InfoboxReadResultImpl(InfoboxReadDataAssocArrayType assocArray) {
+
+ ObjectFactory objectFactory = new ObjectFactory();
+ InfoboxReadResponseType infoboxReadResponseType = objectFactory.createInfoboxReadResponseType();
+
+ infoboxReadResponseType.setAssocArrayData(assocArray);
+
+ this.infoboxReadResponse = infoboxReadResponseType;
+ }
+
+ @Override
+ public void writeTo(Result result, Templates templates) {
+ ObjectFactory objectFactory = new ObjectFactory();
+ JAXBElement response = objectFactory.createInfoboxReadResponse(infoboxReadResponse);
+ writeTo(response, result, templates);
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/NullOperationResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/NullOperationResultImpl.java
index ae1f91ce..05986f85 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/NullOperationResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/NullOperationResultImpl.java
@@ -18,6 +18,7 @@ package at.gv.egiz.bku.slcommands.impl;
import javax.xml.bind.JAXBElement;
import javax.xml.transform.Result;
+import javax.xml.transform.Templates;
import at.buergerkarte.namespaces.securitylayer._1.NullOperationResponseType;
import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
@@ -40,8 +41,8 @@ public class NullOperationResultImpl extends SLResultImpl implements NullOperati
}
@Override
- public void writeTo(Result result) {
- writeTo(RESPONSE, result);
+ public void writeTo(Result result, Templates templates) {
+ writeTo(RESPONSE, result, templates);
}
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
index a79382b6..57309182 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
@@ -16,24 +16,33 @@
*/
package at.gv.egiz.bku.slcommands.impl;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.transform.Result;
+import javax.xml.transform.Templates;
import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.transform.stream.StreamSource;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.sax.SAXTransformerFactory;
+import javax.xml.transform.sax.TransformerHandler;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Node;
+import at.buergerkarte.namespaces.securitylayer._1.ErrorResponseType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
import at.gv.egiz.bku.slcommands.SLCommandFactory;
import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slexceptions.SLBindingException;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
/**
* This class serves as an abstract base class for the implementation of a
@@ -72,46 +81,135 @@ public abstract class SLResultImpl implements SLResult {
return resultingMimeType;
}
+ private Marshaller getMarshaller() {
+ try {
+ JAXBContext context = SLCommandFactory.getJaxbContext();
+ Marshaller marshaller = context.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ return marshaller;
+ } catch (JAXBException e) {
+ log.fatal("Failed to marshall error response.", e);
+ throw new SLRuntimeException("Failed to marshall error response.", e);
+ }
+ }
+
+ private TransformerHandler getTransformerHandler(Templates templates, Result result) throws SLException {
+ try {
+ SAXTransformerFactory transformerFactory = (SAXTransformerFactory) SAXTransformerFactory.newInstance();
+ TransformerHandler transformerHandler = transformerFactory.newTransformerHandler(templates);
+ transformerHandler.setResult(result);
+ return transformerHandler;
+ } catch (TransformerFactoryConfigurationError e) {
+ log.error("Failed to create an instance of SAXTransformerFactory.", e);
+ throw new SLBindingException(2000);
+ } catch (IllegalArgumentException e) {
+ log.error("Failed to set result for transformation.", e);
+ throw new SLBindingException(2000);
+ } catch (TransformerConfigurationException e) {
+ log.info("Failed to create an instance of SAXTransformerFactory.", e);
+ throw new SLBindingException(2008);
+ }
+ }
+
+ @Override
+ public void writeTo(Result result) {
+ writeTo(result, null);
+ }
+
+
/**
- * Writes the given response to the result.
+ * Writes the given response to the SAX result using
+ * the given transform templates.
*
- * @param response the security layer response element
- * @param result the result to marshal the response to
+ * @param response
+ * @param result
+ * @param templates
*/
- @SuppressWarnings("unchecked")
- public void writeTo(JAXBElement response, Result result) {
+ protected void writeTo(JAXBElement> response, Result result, Templates templates) {
+ TransformerHandler transformerHandler = null;
+ if (templates != null) {
+ try {
+ transformerHandler = getTransformerHandler(templates, result);
+ } catch (SLException e) {
+ writeErrorTo(e, result, templates);
+ }
+ }
+
+ Marshaller marshaller = getMarshaller();
try {
- JAXBContext context = SLCommandFactory.getJaxbContext();
- Marshaller marshaller = context.createMarshaller();
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
- marshaller.marshal(response, result);
+ if (transformerHandler != null) {
+ marshaller.marshal(response, transformerHandler);
+ } else {
+ marshaller.marshal(response, result);
+ }
} catch (JAXBException e) {
- // TODO Add throws clause to interface
- log.fatal("Failed to marshall JAXBElement.", e);
- throw new RuntimeException("Failed to marshall JAXBElement.", e);
+ log.info("Failed to marshall " + response.getName() + " result." , e);
+ SLCommandException commandException = new SLCommandException(4000);
+ writeErrorTo(commandException, result, templates);
}
+
+ }
+
+ protected void writeTo(Node node, Result result, Templates templates) {
+ if (templates == null) {
+ try {
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ Transformer transformer = transformerFactory.newTransformer();
+ transformer.transform(new DOMSource(node), result);
+ } catch (TransformerConfigurationException e) {
+ log.error("Failed to create Transformer.", e);
+ writeErrorTo(new SLException(4000), result, null);
+ } catch (TransformerException e) {
+ log.error("Failed to transform result.", e);
+ writeErrorTo(new SLException(4000), result, null);
+ }
+ } else {
+ try {
+ Transformer transformer = templates.newTransformer();
+ transformer.transform(new DOMSource(node), result);
+ } catch (TransformerConfigurationException e) {
+ log.info("Failed to create transformer.", e);
+ writeErrorTo(new SLException(2008), result, templates);
+ } catch (TransformerException e) {
+ log.error("Failed to transform result.", e);
+ writeErrorTo(new SLException(2008), result, templates);
+ }
+ }
+
}
+
+ protected void writeErrorTo(SLException slException, Result result, Templates templates) {
+
+ TransformerHandler transformerHandler = null;
+ if (templates != null) {
+ try {
+ transformerHandler = getTransformerHandler(templates, result);
+ } catch (SLException e) {
+ // write the exception thrown instead of the given one
+ slException = e;
+ }
+ }
- /* (non-Javadoc)
- * @see at.gv.egiz.bku.slcommands.SLResult#writeTo(javax.xml.transform.Result, javax.xml.transform.Transformer)
- */
- @Override
- public void writeTo(Result result, Transformer transformer) throws TransformerException {
- // TODO Auto-generated method stub
- // fixxme: wb added for testing purposes to be completed
- // begin hack
- if (transformer == null) {
- writeTo(result);
- return;
+ ObjectFactory factory = new ObjectFactory();
+ ErrorResponseType responseType = factory.createErrorResponseType();
+ responseType.setErrorCode(slException.getErrorCode());
+ responseType.setInfo(slException.getDetailedMsg());
+ JAXBElement response = factory.createErrorResponse(responseType);
+
+ Marshaller marshaller = getMarshaller();
+ try {
+ if (transformerHandler != null) {
+ marshaller.marshal(response, transformerHandler);
+ } else {
+ marshaller.marshal(response, result);
+ }
+ } catch (JAXBException e) {
+ log.fatal("Failed to marshall error result." , e);
+ throw new SLRuntimeException("Failed to marshall error result.");
}
- // just a quick hack to proceed with testing
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- writeTo(new StreamResult(os));
- ByteArrayInputStream is = new ByteArrayInputStream(os.toByteArray());
- transformer.transform(new StreamSource(is), result);
- //end hack
+
}
}
--
cgit v1.2.3
From e21dd5249d5fa19c5619847922cf8cdea95e3145 Mon Sep 17 00:00:00 2001
From: wbauer
Date: Thu, 25 Sep 2008 07:29:47 +0000
Subject: improved robustness of http binding processor
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@70 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
index 4d64ae36..b6c89e5b 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
@@ -371,12 +371,12 @@ public class InfoboxReadCommandImpl extends SLCommandImpl certificates = getCertificatesFromResponses();
@@ -413,10 +413,12 @@ public class InfoboxReadCommandImpl extends SLCommandImpl
Date: Tue, 21 Oct 2008 15:00:33 +0000
Subject: Simplified IdentityLinkTransformer.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@124 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../bku/slcommands/impl/InfoboxReadCommandImpl.java | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
index b6c89e5b..d23c0598 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
@@ -23,6 +23,7 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
+import java.net.MalformedURLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -415,11 +416,22 @@ public class InfoboxReadCommandImpl extends SLCommandImpl
Date: Thu, 30 Oct 2008 10:33:29 +0000
Subject: Updated SMCC to use exclusive access and to throw exceptions upon
locked or not activated cards. Improved locale support in the security layer
request and response processing. Fixed issue in STAL which prevented the use
of RSA-SHA1 signatures. Added additional parameters to the applet test pages.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@128 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../gv/egiz/bku/slcommands/SLCommandContext.java | 17 +++++++--
.../impl/CreateXMLSignatureCommandImpl.java | 4 +--
.../egiz/bku/slcommands/impl/ErrorResultImpl.java | 42 ++++++++++++++--------
.../slcommands/impl/InfoboxReadCommandImpl.java | 2 +-
.../gv/egiz/bku/slcommands/impl/SLResultImpl.java | 8 ++++-
5 files changed, 53 insertions(+), 20 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
index c95736bd..5af2afac 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
@@ -16,13 +16,17 @@
*/
package at.gv.egiz.bku.slcommands;
+import java.util.Locale;
+
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext;
import at.gv.egiz.stal.STAL;
public class SLCommandContext {
private STAL stal;
- private URLDereferencerContext urlDerefCtx;
+ private URLDereferencerContext urlDerefCtx;
+
+ private Locale locale;
public void setSTAL(STAL aStal) {
this.stal = aStal;
@@ -38,5 +42,14 @@ public class SLCommandContext {
public URLDereferencerContext getURLDereferencerContext() {
return urlDerefCtx;
- }
+ }
+
+ public Locale getLocale() {
+ return locale;
+ }
+
+ public void setLocale(Locale locale) {
+ this.locale = locale;
+ }
+
}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 628326cf..6462bcf6 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -216,8 +216,8 @@ public class CreateXMLSignatureCommandImpl extends SLCommandImplErrorResponse.
*/
- protected SLException slException;
-
- /**
- * Creates a new instance of this ErrorResultImpl with the given
- * slException containing information provided in the
- * ErrorResponse.
- *
- * @param slException the exception
- */
- public ErrorResultImpl(SLException slException) {
- this.slException = slException;
- }
-
+ protected SLException slException;
+
+ /**
+ * The locale to be used for rendering an ErrorResponse.
+ */
+ protected Locale locale;
+
+ /**
+ * Creates a new instance of this ErrorResultImpl with the given
+ * slException containing information provided in the
+ * ErrorResponse and the locale for rendering
+ * the ErrorResponse.
+ *
+ * @param slException the exception
+ * @param locale the locale
+ */
+ public ErrorResultImpl(SLException slException, Locale locale) {
+ this.slException = slException;
+ this.locale = locale;
+ }
+
@Override
public void writeTo(Result result, Templates templates) {
- writeErrorTo(slException, result, templates);
+ if (locale == null) {
+ writeErrorTo(slException, result, templates);
+ } else {
+ writeErrorTo(slException, result, templates, locale);
+ }
}
}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
index d23c0598..c7bb5205 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java
@@ -279,7 +279,7 @@ public class InfoboxReadCommandImpl extends SLCommandImpl response = factory.createErrorResponse(responseType);
Marshaller marshaller = getMarshaller();
--
cgit v1.2.3
From 7201a18efa2f9aac4109b1accb5de9d8449dd558 Mon Sep 17 00:00:00 2001
From: wbauer
Date: Fri, 14 Nov 2008 10:34:30 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@169
8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../impl/CreateXMLSignatureCommandImpl.java | 446 +++++++++++----------
1 file changed, 230 insertions(+), 216 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 6462bcf6..b2e3b303 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -1,230 +1,244 @@
/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.bku.slcommands.impl;
-
-import java.io.ByteArrayInputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.dsig.XMLSignatureException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.w3c.dom.ls.DOMImplementationLS;
-import org.w3c.dom.ls.LSSerializer;
-
-import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType;
-import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
-import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand;
-import at.gv.egiz.bku.slcommands.SLCommandContext;
-import at.gv.egiz.bku.slcommands.SLResult;
-import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory;
-import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
-import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
-import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
-import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.slcommands.impl;
+
+import java.io.ByteArrayInputStream;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.dsig.XMLSignatureException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.ls.DOMImplementationLS;
+import org.w3c.dom.ls.LSSerializer;
+
+import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType;
+import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType;
+import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory;
+import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
+import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactory;
+import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
+import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLException;
-import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLRequestException;
import at.gv.egiz.bku.slexceptions.SLViewerException;
-import at.gv.egiz.dom.DOMUtils;
-import at.gv.egiz.stal.InfoboxReadRequest;
-import at.gv.egiz.stal.InfoboxReadResponse;
-import at.gv.egiz.stal.STALRequest;
-import at.gv.egiz.stal.STALResponse;
-
-/**
- * This class implements the security layer command CreateXMLSignatureRequest.
- *
- * @author mcentner
- */
-public class CreateXMLSignatureCommandImpl extends SLCommandImpl implements
- CreateXMLSignatureCommand {
-
- /**
- * Logging facility.
- */
- protected static Log log = LogFactory.getLog(CreateXMLSignatureCommandImpl.class);
-
- /**
- * The signing certificate.
- */
- protected X509Certificate signingCertificate;
-
- /**
- * The keybox identifier of the key used for signing.
- */
- protected String keyboxIdentifier;
-
- /**
- * The to-be signed signature.
- */
- protected Signature signature;
-
- @Override
- public void init(SLCommandContext ctx, Object unmarshalledRequest)
- throws SLCommandException {
- super.init(ctx, unmarshalledRequest);
- }
-
- @Override
- public void prepareXMLSignature() throws SLCommandException, SLRequestException {
-
- CreateXMLSignatureRequestType request = getRequestValue();
-
+import at.gv.egiz.dom.DOMUtils;
+import at.gv.egiz.stal.ErrorResponse;
+import at.gv.egiz.stal.InfoboxReadRequest;
+import at.gv.egiz.stal.InfoboxReadResponse;
+import at.gv.egiz.stal.STALRequest;
+import at.gv.egiz.stal.STALResponse;
+
+/**
+ * This class implements the security layer command
+ * CreateXMLSignatureRequest.
+ *
+ * @author mcentner
+ */
+public class CreateXMLSignatureCommandImpl extends
+ SLCommandImpl implements
+ CreateXMLSignatureCommand {
+
+ /**
+ * Logging facility.
+ */
+ protected static Log log = LogFactory
+ .getLog(CreateXMLSignatureCommandImpl.class);
+
+ /**
+ * The signing certificate.
+ */
+ protected X509Certificate signingCertificate;
+
+ /**
+ * The keybox identifier of the key used for signing.
+ */
+ protected String keyboxIdentifier;
+
+ /**
+ * The to-be signed signature.
+ */
+ protected Signature signature;
+
+ @Override
+ public void init(SLCommandContext ctx, Object unmarshalledRequest)
+ throws SLCommandException {
+ super.init(ctx, unmarshalledRequest);
+ }
+
+ @Override
+ public void prepareXMLSignature() throws SLCommandException,
+ SLRequestException {
+
+ CreateXMLSignatureRequestType request = getRequestValue();
+
// TODO: make configurable?
- IdValueFactory idValueFactory = new IdValueFactoryImpl();
-
+ IdValueFactory idValueFactory = new IdValueFactoryImpl();
+
// TODO: make configurable?
- AlgorithmMethodFactory algorithmMethodFactory;
- try {
- algorithmMethodFactory = new AlgorithmMethodFactoryImpl(signingCertificate);
- } catch (NoSuchAlgorithmException e) {
- log.error("Failed to get DigestMethod.", e);
- throw new SLCommandException(4006);
- }
-
- signature = new Signature(getCmdCtx().getURLDereferencerContext(), idValueFactory, algorithmMethodFactory);
-
+ AlgorithmMethodFactory algorithmMethodFactory;
+ try {
+ algorithmMethodFactory = new AlgorithmMethodFactoryImpl(
+ signingCertificate);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Failed to get DigestMethod.", e);
+ throw new SLCommandException(4006);
+ }
+
+ signature = new Signature(getCmdCtx().getURLDereferencerContext(),
+ idValueFactory, algorithmMethodFactory);
+
// SigningTime
- signature.setSigningTime(new Date());
-
+ signature.setSigningTime(new Date());
+
// SigningCertificate
- signature.setSignerCeritifcate(signingCertificate);
-
+ signature.setSignerCeritifcate(signingCertificate);
+
// SignatureInfo
- if (request.getSignatureInfo() != null) {
- signature.setSignatureInfo(request.getSignatureInfo());
- }
-
+ if (request.getSignatureInfo() != null) {
+ signature.setSignatureInfo(request.getSignatureInfo());
+ }
+
// DataObjects
- for (DataObjectInfoType dataObjectInfo : request.getDataObjectInfo()) {
- signature.addDataObject(dataObjectInfo);
- }
-
- signature.buildXMLSignature();
-
- }
-
- /**
- * Gets the signing certificate from STAL.
- *
- * @throws SLCommandException
- * if getting the singing certificate fails
- */
- private void getSigningCertificate() throws SLCommandException {
-
- CreateXMLSignatureRequestType request = getRequestValue();
- keyboxIdentifier = request.getKeyboxIdentifier();
-
- InfoboxReadRequest stalRequest = new InfoboxReadRequest();
- stalRequest.setInfoboxIdentifier(keyboxIdentifier);
-
- requestSTAL(Collections.singletonList((STALRequest) stalRequest));
-
- STALResponse stalResponse = stalResponses.next();
-
- if (stalResponse instanceof InfoboxReadResponse) {
- byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue();
-
- try {
- CertificateFactory certFactory = CertificateFactory.getInstance("X509");
- signingCertificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(infobox));
- } catch (CertificateException e) {
- log.info("Failed to decode signing certificate.", e);
+ for (DataObjectInfoType dataObjectInfo : request.getDataObjectInfo()) {
+ signature.addDataObject(dataObjectInfo);
+ }
+
+ signature.buildXMLSignature();
+
+ }
+
+ /**
+ * Gets the signing certificate from STAL.
+ *
+ * @throws SLCommandException
+ * if getting the singing certificate fails
+ */
+ private void getSigningCertificate() throws SLCommandException {
+
+ CreateXMLSignatureRequestType request = getRequestValue();
+ keyboxIdentifier = request.getKeyboxIdentifier();
+
+ InfoboxReadRequest stalRequest = new InfoboxReadRequest();
+ stalRequest.setInfoboxIdentifier(keyboxIdentifier);
+
+ requestSTAL(Collections.singletonList((STALRequest) stalRequest));
+
+ STALResponse stalResponse = stalResponses.next();
+
+ if (stalResponse instanceof InfoboxReadResponse) {
+ byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue();
+
+ try {
+ CertificateFactory certFactory = CertificateFactory.getInstance("X509");
+ signingCertificate = (X509Certificate) certFactory
+ .generateCertificate(new ByteArrayInputStream(infobox));
+ } catch (CertificateException e) {
+ log.info("Failed to decode signing certificate.", e);
// TODO: issue appropriate error
- throw new SLCommandException(4000);
- }
-
- } else {
- log.info("Failed to get signing certificate.");
- // TODO: issue appropriate error
- throw new SLCommandException(4000);
- }
-
- }
-
- /**
- * Signs the signature.
- *
- * @throws SLCommandException
+ throw new SLCommandException(4000);
+ }
+
+ } else if (stalResponse instanceof ErrorResponse) {
+ ErrorResponse err = (ErrorResponse) stalResponse;
+ log.info("Received an error response from STAL with code: "
+ + err.getErrorCode());
+ throw new SLCommandException(err.getErrorCode());
+
+ } else {
+ log.info("Failed to get signing certificate.");
+ throw new SLCommandException(4000);
+ }
+
+ }
+
+ /**
+ * Signs the signature.
+ *
+ * @throws SLCommandException
* if signing the signature fails
- * @throws SLViewerException
- */
- private void signXMLSignature() throws SLCommandException, SLViewerException {
-
- try {
- signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
- } catch (MarshalException e) {
- log.error("Failed to marshall XMLSignature.", e);
- throw new SLCommandException(4000);
- } catch (XMLSignatureException e) {
- if (e.getCause() instanceof URIReferenceException) {
- URIReferenceException uriReferenceException = (URIReferenceException) e.getCause();
- if (uriReferenceException.getCause() instanceof SLCommandException) {
- throw (SLCommandException) uriReferenceException.getCause();
- }
- }
- log.error("Failed to sign XMLSignature.", e);
- throw new SLCommandException(4000);
- }
-
- }
-
- @Override
- public SLResult execute() {
- try {
-
- // get certificate in order to select appropriate algorithms for hashing and signing
- getSigningCertificate();
-
+ * @throws SLViewerException
+ */
+ private void signXMLSignature() throws SLCommandException, SLViewerException {
+
+ try {
+ signature.sign(getCmdCtx().getSTAL(), keyboxIdentifier);
+ } catch (MarshalException e) {
+ log.error("Failed to marshall XMLSignature.", e);
+ throw new SLCommandException(4000);
+ } catch (XMLSignatureException e) {
+ if (e.getCause() instanceof URIReferenceException) {
+ URIReferenceException uriReferenceException = (URIReferenceException) e
+ .getCause();
+ if (uriReferenceException.getCause() instanceof SLCommandException) {
+ throw (SLCommandException) uriReferenceException.getCause();
+ }
+ }
+ log.error("Failed to sign XMLSignature.", e);
+ throw new SLCommandException(4000);
+ }
+
+ }
+
+ @Override
+ public SLResult execute() {
+ try {
+
+ // get certificate in order to select appropriate algorithms for hashing
+ // and signing
+ getSigningCertificate();
+
// prepare the XMLSignature for signing
- prepareXMLSignature();
-
+ prepareXMLSignature();
+
// sign the XMLSignature
- signXMLSignature();
-
- if (log.isTraceEnabled()) {
-
- DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS();
- LSSerializer serializer = domImplLS.createLSSerializer();
- String debugString = serializer.writeToString(signature.getDocument());
-
- log.trace(debugString);
-
- }
-
- return new CreateXMLSignatureResultImpl(signature.getDocument());
-
+ signXMLSignature();
+
+ if (log.isTraceEnabled()) {
+
+ DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS();
+ LSSerializer serializer = domImplLS.createLSSerializer();
+ String debugString = serializer.writeToString(signature.getDocument());
+
+ log.trace(debugString);
+
+ }
+
+ return new CreateXMLSignatureResultImpl(signature.getDocument());
+
} catch (SLException e) {
- return new ErrorResultImpl(e, cmdCtx.getLocale());
- }
- }
-
- @Override
- public String getName() {
- return "CreateXMLSignatureRequest";
- }
-
-
-}
+ return new ErrorResultImpl(e, cmdCtx.getLocale());
+ }
+ }
+
+ @Override
+ public String getName() {
+ return "CreateXMLSignatureRequest";
+ }
+
+}
--
cgit v1.2.3
From 99134c1be5db0fedadc051922e70c9bf563ce16d Mon Sep 17 00:00:00 2001
From: wbauer
Date: Tue, 2 Dec 2008 10:13:09 +0000
Subject: Changed SLCommandFactory configuration mechanism and moved the actual
configuration to spring's application context
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@231 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../gv/egiz/bku/slcommands/SLCommandFactory.java | 124 ++++++++++-----------
.../impl/CreateXMLSignatureResultImpl.java | 2 +-
.../slcommands/impl/InfoboxReadResultFileImpl.java | 2 +-
.../gv/egiz/bku/slcommands/impl/SLResultImpl.java | 2 +-
4 files changed, 64 insertions(+), 66 deletions(-)
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java
index e13b29a1..9c98ef8a 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java
@@ -16,40 +16,37 @@
*/
package at.gv.egiz.bku.slcommands;
-import java.io.IOException;
-import java.net.URL;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.UnmarshalException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLEventReader;
-import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.transform.Source;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.xml.sax.SAXException;
-import org.xml.sax.SAXParseException;
-
-import at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandImpl;
-import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl;
-import at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
-import at.gv.egiz.bku.slexceptions.SLRequestException;
-import at.gv.egiz.bku.slexceptions.SLRuntimeException;
-import at.gv.egiz.slbinding.RedirectEventFilter;
-import at.gv.egiz.slbinding.RedirectUnmarshallerListener;
+import java.io.IOException;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.UnmarshalException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
+import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.slbinding.RedirectEventFilter;
+import at.gv.egiz.slbinding.RedirectUnmarshallerListener;
public class SLCommandFactory {
@@ -72,29 +69,30 @@ public class SLCommandFactory {
/**
* Schema for Security Layer command validation.
*/
- private static Schema slSchema;
+ private Schema slSchema;
/**
* The JAXBContext.
*/
- private static JAXBContext jaxbContext;
+ private JAXBContext jaxbContext;
/**
* The map of : to implementation class of the
* corresponding {@link SLCommand}.
*/
- private static Map> slRequestTypeMap = new HashMap>();
-
-
- static {
-
- // TODO: implement dynamic registration
-
- // register all known implementation classes
- putImplClass(SLCommand.NAMESPACE_URI, "NullOperationRequest",
- NullOperationCommandImpl.class);
- putImplClass(SLCommand.NAMESPACE_URI, "InfoboxReadRequest",
- InfoboxReadCommandImpl.class);
- putImplClass(SLCommand.NAMESPACE_URI, "CreateXMLSignatureRequest",
- CreateXMLSignatureCommandImpl.class);
+ private Map> slRequestTypeMap = new HashMap>();
+
+ /**
+ * Configures the singleton instance with command implementations
+ * @param commandImplMap
+ * @throws ClassNotFoundException
+ */
+ @SuppressWarnings("unchecked")
+ public void setCommandImpl(Map commandImplMap) throws ClassNotFoundException {
+ ClassLoader cl = getClass().getClassLoader();
+ for (String key : commandImplMap.keySet()) {
+ Class extends SLCommand> impl = (Class extends SLCommand>) cl.loadClass(commandImplMap.get(key));
+ log.debug("Registering sl command implementation for :"+key+ "; implementation class: "+impl.getCanonicalName());
+ slRequestTypeMap.put(key, impl);
+ }
}
/**
@@ -110,7 +108,7 @@ public class SLCommandFactory {
* the implementation class, or null to deregister a
* currently registered class
*/
- public static void putImplClass(String namespaceUri, String localname,
+ public void setImplClass(String namespaceUri, String localname,
Class extends SLCommand> slCommandClass) {
if (slCommandClass != null) {
slRequestTypeMap.put(namespaceUri + ":" + localname, slCommandClass);
@@ -128,7 +126,7 @@ public class SLCommandFactory {
* @return the implementation class, or null if no class is
* registered for the given name
*/
- public static Class extends SLCommand> getImplClass(QName name) {
+ public Class extends SLCommand> getImplClass(QName name) {
String namespaceURI = name.getNamespaceURI();
String localPart = name.getLocalPart();
return slRequestTypeMap.get(namespaceURI + ":" + localPart);
@@ -139,14 +137,14 @@ public class SLCommandFactory {
*
* @param slSchema the schema to validate Security Layer commands with
*/
- public static void setSLSchema(Schema slSchema) {
- SLCommandFactory.slSchema = slSchema;
+ public void setSLSchema(Schema slSchema) {
+ this.slSchema = slSchema;
}
/**
* @return the jaxbContext
*/
- public static JAXBContext getJaxbContext() {
+ public JAXBContext getJaxbContext() {
ensureJaxbContext();
return jaxbContext;
}
@@ -154,14 +152,14 @@ public class SLCommandFactory {
/**
* @param jaxbContext the jaxbContext to set
*/
- public static void setJaxbContext(JAXBContext jaxbContext) {
- SLCommandFactory.jaxbContext = jaxbContext;
+ public void setJaxbContext(JAXBContext jaxbContext) {
+ this.jaxbContext = jaxbContext;
}
/**
* Initialize the JAXBContext.
*/
- private synchronized static void ensureJaxbContext() {
+ private synchronized void ensureJaxbContext() {
if (jaxbContext == null) {
try {
String slPkg = at.buergerkarte.namespaces.securitylayer._1.ObjectFactory.class.getPackage().getName();
@@ -177,7 +175,7 @@ public class SLCommandFactory {
/**
* Initialize the security layer schema.
*/
- private synchronized static void ensureSchema() {
+ private synchronized void ensureSchema() {
if (slSchema == null) {
try {
SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
@@ -194,7 +192,7 @@ public class SLCommandFactory {
}
Schema schema = schemaFactory.newSchema(sources);
log.debug("Schema successfully created.");
- SLCommandFactory.setSLSchema(schema);
+ setSLSchema(schema);
} catch (SAXException e) {
log.error("Failed to load security layer schema.", e);
throw new SLRuntimeException("Failed to load security layer schema.", e);
@@ -211,9 +209,9 @@ public class SLCommandFactory {
*/
public synchronized static SLCommandFactory getInstance() {
if (instance == null) {
- ensureJaxbContext();
- ensureSchema();
- instance = new SLCommandFactory();
+ instance = new SLCommandFactory();
+ instance.ensureJaxbContext();
+ instance.ensureSchema();
}
return instance;
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
index 092a13c4..4969c85a 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureResultImpl.java
@@ -84,7 +84,7 @@ public class CreateXMLSignatureResultImpl extends SLResultImpl {
DocumentFragment fragment = doc.createDocumentFragment();
- JAXBContext jaxbContext = SLCommandFactory.getJaxbContext();
+ JAXBContext jaxbContext = SLCommandFactory.getInstance().getJaxbContext();
try {
Marshaller marshaller = jaxbContext.createMarshaller();
marshaller.marshal(createCreateXMLSignatureResponse, fragment);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultFileImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultFileImpl.java
index 6f41b562..78e2e7fa 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultFileImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultFileImpl.java
@@ -95,7 +95,7 @@ public class InfoboxReadResultFileImpl extends SLResultImpl implements
JAXBElement infoboxReadResponse = factory.createInfoboxReadResponse(infoboxReadResponseType);
- JAXBContext context = SLCommandFactory.getJaxbContext();
+ JAXBContext context = SLCommandFactory.getInstance().getJaxbContext();
try {
Marshaller marshaller = context.createMarshaller();
marshaller.marshal(infoboxReadResponse, doc);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
index 7306b237..80bbdca8 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
@@ -85,7 +85,7 @@ public abstract class SLResultImpl implements SLResult {
private Marshaller getMarshaller() {
try {
- JAXBContext context = SLCommandFactory.getJaxbContext();
+ JAXBContext context = SLCommandFactory.getInstance().getJaxbContext();
Marshaller marshaller = context.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
return marshaller;
--
cgit v1.2.3
From 3aadcf8f877a560bed75af7e0db918aa26ef2a03 Mon Sep 17 00:00:00 2001
From: mcentner
Date: Thu, 4 Dec 2008 10:00:31 +0000
Subject: Refactoring of infobox implementation.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@232 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
.../egiz/bku/slcommands/InfoboxUpdateCommand.java | 23 +
.../egiz/bku/slcommands/InfoboxUpdateResult.java | 21 +
.../slcommands/impl/AbstractAssocArrayInfobox.java | 284 ++++++++++
.../slcommands/impl/AbstractBinaryFileInfobox.java | 68 +++
.../impl/AbstractInfoboxCommandImpl.java | 55 ++
.../bku/slcommands/impl/AbstractInfoboxImpl.java | 26 +
.../bku/slcommands/impl/AssocArrayInfobox.java | 27 +
.../bku/slcommands/impl/BinaryFileInfobox.java | 27 +
.../slcommands/impl/CertificatesInfoboxImpl.java | 112 ++++
.../impl/CreateXMLSignatureCommandImpl.java | 37 +-
.../slcommands/impl/IdentityLinkInfoboxImpl.java | 291 +++++++++++
.../at/gv/egiz/bku/slcommands/impl/Infobox.java | 53 ++
.../egiz/bku/slcommands/impl/InfoboxFactory.java | 151 ++++++
.../slcommands/impl/InfoboxReadCommandImpl.java | 569 ++-------------------
.../bku/slcommands/impl/InfoboxReadResultImpl.java | 3 +-
.../slcommands/impl/InfoboxUpdateCommandImpl.java | 158 ++++++
.../slcommands/impl/InfoboxUpdateResultImpl.java | 43 ++
.../gv/egiz/bku/slcommands/impl/SLCommandImpl.java | 107 +---
.../at/gv/egiz/bku/slcommands/impl/STALHelper.java | 218 ++++++++
19 files changed, 1612 insertions(+), 661 deletions(-)
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateCommand.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateResult.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractAssocArrayInfobox.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AssocArrayInfobox.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/BinaryFileInfobox.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CertificatesInfoboxImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/IdentityLinkInfoboxImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/Infobox.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateCommandImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateResultImpl.java
create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java
(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/slcommands')
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateCommand.java
new file mode 100644
index 00000000..c2974785
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateCommand.java
@@ -0,0 +1,23 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface InfoboxUpdateCommand extends SLCommand {
+
+ public String getInfoboxIdentifier();
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateResult.java
new file mode 100644
index 00000000..d180facf
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateResult.java
@@ -0,0 +1,21 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands;
+
+public interface InfoboxUpdateResult extends SLResult {
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractAssocArrayInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractAssocArrayInfobox.java
new file mode 100644
index 00000000..e49ed6c0
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractAssocArrayInfobox.java
@@ -0,0 +1,284 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.slcommands.impl;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxAssocArrayPairType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadDataAssocArrayType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType;
+import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory;
+import at.buergerkarte.namespaces.securitylayer._1.XMLContentType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadKeys;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadPairs;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadValue;
+import at.gv.egiz.bku.slcommands.InfoboxReadResult;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+
+/**
+ * An abstract base class for {@link Infobox} implementations of type associative array.
+ *
+ * @author mcentner
+ */
+public abstract class AbstractAssocArrayInfobox extends AbstractInfoboxImpl
+ implements AssocArrayInfobox {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(AbstractAssocArrayInfobox.class);
+
+ /**
+ * The search string pattern.
+ */
+ public static final String SEARCH_STRING_PATTERN = ".&&[^/](/.&&[^/])*";
+
+ /**
+ * @return the keys available in this infobox.
+ */
+ public abstract String[] getKeys();
+
+ /**
+ * @return true if the values are XML entities, or false otherwise.
+ */
+ public abstract boolean isValuesAreXMLEntities();
+
+ /**
+ * Returns a key to value mapping for the given keys.
+ *
+ * @param keys a list of keys
+ * @param cmdCtx the command context
+ *
+ * @return a key to value mapping for the given keys.
+ *
+ * @throws SLCommandException if obtaining the values fails
+ */
+ public abstract Map getValues(List keys, SLCommandContext cmdCtx) throws SLCommandException;
+
+ /**
+ * Returns all keys that match the given searchString.
+ *
+ * @param searchString the search string
+ *
+ * @return all keys that match the given searchString
+ *
+ * @throws SLCommandException if the given search string is invalid
+ */
+ protected List selectKeys(String searchString) throws SLCommandException {
+
+ if ("*".equals(searchString) || "**".equals(searchString)) {
+ return Arrays.asList(getKeys());
+ }
+
+ if (Pattern.matches(SEARCH_STRING_PATTERN, searchString)) {
+
+// for (int i = 0; i < searchString.length(); i++) {
+// int codePoint = searchString.codePointAt(i);
+//
+// }
+
+ // TODO : build pattern
+ return Collections.emptyList();
+ } else {
+ log.info("Got invalid search string '" + searchString + "'");
+ throw new SLCommandException(4010);
+ }
+
+ }
+
+ /**
+ * Read all keys specified by readKeys.
+ *
+ * @param readKeys
+ * the ReadKeys element
+ * @param cmdCtx
+ * the command context
+ * @return a corresponding InfoboxReadResult
+ *
+ * @throws SLCommandException
+ * if the ReadKeys element is invalid or obtaining the corresponding
+ * values fails
+ */
+ protected InfoboxReadResult readKeys(ReadKeys readKeys, SLCommandContext cmdCtx) throws SLCommandException {
+
+ List selectedKeys = selectKeys(readKeys.getSearchString());
+
+ if (readKeys.isUserMakesUnique() && selectedKeys.size() > 1) {
+ log.info("UserMakesUnique not supported");
+ // TODO: give more specific error message
+ throw new SLCommandException(4010);
+ }
+
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ InfoboxReadDataAssocArrayType infoboxReadDataAssocArrayType = objectFactory
+ .createInfoboxReadDataAssocArrayType();
+
+ List keys = infoboxReadDataAssocArrayType.getKey();
+ keys.addAll(selectedKeys);
+
+ return new InfoboxReadResultImpl(infoboxReadDataAssocArrayType);
+
+ }
+
+ /**
+ * Read all pairs specified by readPairs.
+ *
+ * @param readPairs
+ * the readPairs element
+ * @param cmdCtx
+ * the command context
+ * @return a corresponding InfoboxReadResult
+ *
+ * @throws SLCommandException
+ * if the ReadPairs element is invalid or obtaining the corresponding
+ * values fails
+ */
+ protected InfoboxReadResult readPairs(ReadPairs readPairs, SLCommandContext cmdCtx) throws SLCommandException {
+
+ if (readPairs.isValuesAreXMLEntities() && !isValuesAreXMLEntities()) {
+ log.info("Got valuesAreXMLEntities=" + readPairs + " but infobox type is binary.");
+ throw new SLCommandException(4010);
+ }
+
+ if (!readPairs.isValuesAreXMLEntities() && isValuesAreXMLEntities()) {
+ log.info("Got valuesAreXMLEntities=" + readPairs + " but infobox type is XML.");
+ throw new SLCommandException(4010);
+ }
+
+ List selectedKeys = selectKeys(readPairs.getSearchString());
+
+ if (readPairs.isUserMakesUnique() && selectedKeys.size() > 1) {
+ log.info("UserMakesUnique not supported");
+ // TODO: give more specific error message
+ throw new SLCommandException(4010);
+ }
+
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ InfoboxReadDataAssocArrayType infoboxReadDataAssocArrayType = objectFactory.createInfoboxReadDataAssocArrayType();
+
+ Map values = getValues(selectedKeys, cmdCtx);
+ for (String key : selectedKeys) {
+ InfoboxAssocArrayPairType infoboxAssocArrayPairType = objectFactory.createInfoboxAssocArrayPairType();
+ infoboxAssocArrayPairType.setKey(key);
+ Object value = values.get(key);
+ if (value instanceof byte[]) {
+ infoboxAssocArrayPairType.setBase64Content((byte[]) value);
+ } else {
+ infoboxAssocArrayPairType.setXMLContent((XMLContentType) value);
+ }
+ infoboxReadDataAssocArrayType.getPair().add(infoboxAssocArrayPairType);
+ }
+
+ return new InfoboxReadResultImpl(infoboxReadDataAssocArrayType);
+ }
+
+ /**
+ * Read the value specified by readPairs.
+ *
+ * @param readValue
+ * the readValue element
+ * @param cmdCtx
+ * the command context
+ * @return a corresponding InfoboxReadResult
+ *
+ * @throws SLCommandException
+ * if the ReadValue element is invalid or obtaining the corresponding
+ * values fails
+ */
+ protected InfoboxReadResult readValue(ReadValue readValue, SLCommandContext cmdCtx) throws SLCommandException {
+
+ if (readValue.isValueIsXMLEntity() && !isValuesAreXMLEntities()) {
+ log.info("Got valuesAreXMLEntities=" + readValue + " but infobox type is binary.");
+ throw new SLCommandException(4010);
+ }
+
+ if (!readValue.isValueIsXMLEntity() && isValuesAreXMLEntities()) {
+ log.info("Got valuesAreXMLEntities=" + readValue + " but infobox type is XML.");
+ throw new SLCommandException(4010);
+ }
+
+ List selectedKeys;
+
+ if (Arrays.asList(getKeys()).contains(readValue.getKey())) {
+ selectedKeys = Collections.singletonList(readValue.getKey());
+ } else {
+ selectedKeys = Collections.emptyList();
+ }
+
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ InfoboxReadDataAssocArrayType infoboxReadDataAssocArrayType = objectFactory.createInfoboxReadDataAssocArrayType();
+
+ Map values = getValues(selectedKeys, cmdCtx);
+ for (String key : selectedKeys) {
+ InfoboxAssocArrayPairType infoboxAssocArrayPairType = objectFactory.createInfoboxAssocArrayPairType();
+ infoboxAssocArrayPairType.setKey(key);
+ Object value = values.get(key);
+ if (value instanceof byte[]) {
+ infoboxAssocArrayPairType.setBase64Content((byte[]) value);
+ } else {
+ infoboxAssocArrayPairType.setXMLContent((XMLContentType) value);
+ }
+ infoboxReadDataAssocArrayType.getPair().add(infoboxAssocArrayPairType);
+ }
+
+ return new InfoboxReadResultImpl(infoboxReadDataAssocArrayType);
+ }
+
+ @Override
+ public InfoboxReadResult read(InfoboxReadRequestType req,
+ SLCommandContext cmdCtx) throws SLCommandException {
+
+ InfoboxReadParamsAssocArrayType assocArrayParameters = req
+ .getAssocArrayParameters();
+
+ if (assocArrayParameters == null) {
+ log.info("Infobox type is AssocArray but got no AssocArrayParameters.");
+ throw new SLCommandException(4010);
+ }
+
+ if (assocArrayParameters.getReadKeys() != null) {
+ return readKeys(assocArrayParameters.getReadKeys(), cmdCtx);
+ }
+
+ if (assocArrayParameters.getReadPairs() != null) {
+ return readPairs(assocArrayParameters.getReadPairs(), cmdCtx);
+ }
+
+ // ReadValue
+ if (assocArrayParameters.getReadValue() != null) {
+ return readValue(assocArrayParameters.getReadValue(), cmdCtx);
+ }
+
+ log
+ .info("Infobox type is AssocArray but got invalid AssocArrayParameters.");
+ throw new SLCommandException(4010);
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java
new file mode 100644
index 00000000..07ca639c
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java
@@ -0,0 +1,68 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsBinaryFileType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType;
+
+/**
+ * An abstract base class for {@link Infobox} implementations of type binary file.
+ *
+ * @author mcentner
+ */
+public abstract class AbstractBinaryFileInfobox extends AbstractInfoboxImpl implements BinaryFileInfobox {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(AbstractBinaryFileInfobox.class);
+
+ /**
+ * Is this infobox' content an XML entity?
+ */
+ private boolean isXMLEntity = false;
+
+ /**
+ * @return true if this infobox' content is an XML entity or false otherwise.
+ */
+ public boolean isXMLEntity() {
+ return isXMLEntity;
+ }
+
+ /**
+ * Sets the value returned by {@link #isXMLEntity()} according to the given
+ * request.
+ *
+ * @param request the InfoboxReadRequest
+ */
+ public void setIsXMLEntity(InfoboxReadRequestType request) {
+
+ InfoboxReadParamsBinaryFileType binaryFileParameters = request.getBinaryFileParameters();
+ if (binaryFileParameters != null) {
+ isXMLEntity = binaryFileParameters.isContentIsXMLEntity();
+ log.debug("Got ContentIsXMLEntity=" + isXMLEntity + ".");
+ }
+
+ }
+
+
+
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java
new file mode 100644
index 00000000..305769a8
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java
@@ -0,0 +1,55 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+
+/**
+ * An abstract base class for implementations of security layer infobox requests.
+ *
+ * @author mcentner
+ *
+ * @param
+ */
+public abstract class AbstractInfoboxCommandImpl extends SLCommandImpl {
+
+ /**
+ * The infobox implementation.
+ */
+ protected Infobox infobox;
+
+ @Override
+ public void init(SLCommandContext ctx, Object request)
+ throws SLCommandException {
+ super.init(ctx, request);
+
+ String infoboxIdentifier = getInfoboxIdentifier(getRequestValue());
+
+ infobox = InfoboxFactory.getInstance().createInfobox(infoboxIdentifier);
+ }
+
+ /**
+ * Returns the infobox identifier given in request.
+ *
+ * @param request the request value
+ *
+ * @return the infobox identifier givne in request
+ */
+ protected abstract String getInfoboxIdentifier(T request);
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java
new file mode 100644
index 00000000..e5c7afcc
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.slcommands.impl;
+
+/**
+ * An abstract base class for {@link Infobox} implementations.
+ *
+ * @author mcentner
+ */
+public abstract class AbstractInfoboxImpl implements Infobox {
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AssocArrayInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AssocArrayInfobox.java
new file mode 100644
index 00000000..908d95da
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AssocArrayInfobox.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.slcommands.impl;
+
+/**
+ * An {@link Infobox} of type associative array as defined in Security Layer
+ * 1.2.
+ *
+ * @author mcentner
+ */
+public interface AssocArrayInfobox extends Infobox {
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/BinaryFileInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/BinaryFileInfobox.java
new file mode 100644
index 00000000..c27f9446
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/BinaryFileInfobox.java
@@ -0,0 +1,27 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+/**
+ * An {@link Infobox} of type binary file as defined in Security Layer
+ * 1.2.
+ *
+ * @author mcentner
+ */
+public interface BinaryFileInfobox extends Infobox {
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CertificatesInfoboxImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CertificatesInfoboxImpl.java
new file mode 100644
index 00000000..0208f137
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CertificatesInfoboxImpl.java
@@ -0,0 +1,112 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.stal.InfoboxReadRequest;
+import at.gv.egiz.stal.STALRequest;
+
+/**
+ * An implementation of the {@link Infobox} Certificates as
+ * specified in Security Layer 1.2.
+ *
+ * @author mcentner
+ */
+public class CertificatesInfoboxImpl extends AbstractAssocArrayInfobox {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(CertificatesInfoboxImpl.class);
+
+ /**
+ * The valid keys.
+ */
+ public static final String[] CERTIFICATES_KEYS = new String[] {
+ "SecureSignatureKeypair",
+ "CertifiedKeypair" };
+
+ @Override
+ public String getIdentifier() {
+ return "Certificates";
+ }
+
+ @Override
+ public String[] getKeys() {
+ return CERTIFICATES_KEYS;
+ }
+
+ @Override
+ public boolean isValuesAreXMLEntities() {
+ return false;
+ }
+
+ @Override
+ public Map getValues(List certificates, SLCommandContext cmdCtx) throws SLCommandException {
+
+ STALHelper stalHelper = new STALHelper(cmdCtx.getSTAL());
+
+ if (certificates != null && !certificates.isEmpty()) {
+
+ List stalRequests = new ArrayList();
+
+ // get certificates
+ InfoboxReadRequest infoboxReadRequest;
+ for (int i = 0; i < certificates.size(); i++) {
+ infoboxReadRequest = new InfoboxReadRequest();
+ infoboxReadRequest.setInfoboxIdentifier(certificates.get(i));
+ stalRequests.add(infoboxReadRequest);
+ }
+
+ stalHelper.transmitSTALRequest(stalRequests);
+
+ List x509Certs = stalHelper.getCertificatesFromResponses();
+
+ Map values = new HashMap();
+
+ for (int i = 0; i < certificates.size(); i++) {
+ try {
+ values.put(certificates.get(i), x509Certs.get(i).getEncoded());
+ } catch (CertificateEncodingException e) {
+ log.error("Failed to encode certificate.", e);
+ throw new SLCommandException(4000);
+ }
+ }
+
+ return values;
+
+ } else {
+
+ return new HashMap();
+
+ }
+
+
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index b2e3b303..01686641 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -16,13 +16,11 @@
*/
package at.gv.egiz.bku.slcommands.impl;
-import java.io.ByteArrayInputStream;
import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
+import java.util.List;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.URIReferenceException;
@@ -48,11 +46,8 @@ import at.gv.egiz.bku.slexceptions.SLException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.dom.DOMUtils;
-import at.gv.egiz.stal.ErrorResponse;
import at.gv.egiz.stal.InfoboxReadRequest;
-import at.gv.egiz.stal.InfoboxReadResponse;
import at.gv.egiz.stal.STALRequest;
-import at.gv.egiz.stal.STALResponse;
/**
* This class implements the security layer command
@@ -147,33 +142,13 @@ public class CreateXMLSignatureCommandImpl extends
InfoboxReadRequest stalRequest = new InfoboxReadRequest();
stalRequest.setInfoboxIdentifier(keyboxIdentifier);
- requestSTAL(Collections.singletonList((STALRequest) stalRequest));
-
- STALResponse stalResponse = stalResponses.next();
-
- if (stalResponse instanceof InfoboxReadResponse) {
- byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue();
-
- try {
- CertificateFactory certFactory = CertificateFactory.getInstance("X509");
- signingCertificate = (X509Certificate) certFactory
- .generateCertificate(new ByteArrayInputStream(infobox));
- } catch (CertificateException e) {
- log.info("Failed to decode signing certificate.", e);
- // TODO: issue appropriate error
- throw new SLCommandException(4000);
- }
-
- } else if (stalResponse instanceof ErrorResponse) {
- ErrorResponse err = (ErrorResponse) stalResponse;
- log.info("Received an error response from STAL with code: "
- + err.getErrorCode());
- throw new SLCommandException(err.getErrorCode());
-
- } else {
- log.info("Failed to get signing certificate.");
+ stalHelper.transmitSTALRequest(Collections.singletonList((STALRequest) stalRequest));
+ List certificates = stalHelper.getCertificatesFromResponses();
+ if (certificates == null || certificates.size() != 1) {
+ log.info("Got an unexpected number of certificates from STAL.");
throw new SLCommandException(4000);
}
+ signingCertificate = certificates.get(0);
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/IdentityLinkInfoboxImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/IdentityLinkInfoboxImpl.java
new file mode 100644
index 00000000..20d20c9d
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/IdentityLinkInfoboxImpl.java
@@ -0,0 +1,291 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.slcommands.impl;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.MalformedURLException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Result;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+import at.buergerkarte.namespaces.personenbindung._20020506_.CompressedIdentityLinkType;
+import at.buergerkarte.namespaces.securitylayer._1.AnyChildrenType;
+import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType;
+import at.gv.egiz.bku.slcommands.InfoboxReadResult;
+import at.gv.egiz.bku.slcommands.SLCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLExceptionMessages;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.idlink.CompressedIdentityLinkFactory;
+import at.gv.egiz.idlink.IdentityLinkTransformer;
+import at.gv.egiz.idlink.ans1.IdentityLink;
+import at.gv.egiz.stal.InfoboxReadRequest;
+import at.gv.egiz.stal.STALRequest;
+
+/**
+ * An implementation of the {@link Infobox} IdentityLink as
+ * specified in Security Layer 1.2
+ *
+ * @author mcentner
+ */
+public class IdentityLinkInfoboxImpl extends AbstractBinaryFileInfobox {
+
+ /**
+ * Logging facility.
+ */
+ private static Log log = LogFactory.getLog(IdentityLinkInfoboxImpl.class);
+
+ /**
+ * The box specific parameter IdentityLinkDomainIdentifier.
+ */
+ public static final String BOX_SPECIFIC_PARAMETER_IDENTITY_LINK_DOMAIN_IDENTIFIER = "IdentityLinkDomainIdentifier";
+
+ /**
+ * The value of the box specific parameter IdentityLinkDomainIdentifier.
+ */
+ private String domainIdentifier;
+
+ @Override
+ public String getIdentifier() {
+ return "IdentityLink";
+ }
+
+ /**
+ * @return the value of the box specific parameter IdentityLinkDomainIdentifier
+ */
+ public String getDomainIdentifier() {
+ return domainIdentifier;
+ }
+
+ @Override
+ public InfoboxReadResult read(InfoboxReadRequestType req, SLCommandContext cmdCtx) throws SLCommandException {
+
+ AnyChildrenType boxSpecificParameters = req.getBoxSpecificParameters();
+
+ if (boxSpecificParameters != null) {
+ // check BoxSpecificParameters
+ List