From 32d17447a258188b2d534bcb0bf65a659ba7b7d0 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 29 Aug 2008 12:11:34 +0000 Subject: Initial import. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl | 61 ++++ .../at/gv/egiz/bku/binding/Multipart.txt.bin | 337 +++++++++++++++++++++ .../gv/egiz/bku/binding/MultipartFromTutorial.txt | 37 +++ .../at/gv/egiz/bku/binding/NOPMultipartDataUrl.txt | 47 +++ .../at/gv/egiz/bku/binding/Nulloperation.xml | 1 + .../egiz/bku/binding/NulloperationRequest.txt.bin | 1 + .../at/gv/egiz/bku/binding/Statemachine1.txt | 36 +++ .../at/gv/egiz/bku/binding/Stylesheet.txt | 56 ++++ .../at/gv/egiz/bku/binding/stylesheet.xslt | 16 + .../CreateXMLSignatureRequest.xml | 23 ++ .../at/gv/egiz/bku/slcommands/impl/Cert.p12 | Bin 0 -> 4158 bytes .../at/gv/egiz/bku/slcommands/impl/DataObject1.bin | 6 + .../at/gv/egiz/bku/slcommands/impl/DataObject1.txt | 1 + .../at/gv/egiz/bku/slcommands/impl/DataObject1.xml | 6 + .../impl/DataObjectInfo_Base64Content_1.xml | 13 + .../slcommands/impl/DataObjectInfo_Detached_1.xml | 11 + .../impl/DataObjectInfo_Detached_Base64Content.xml | 13 + .../impl/DataObjectInfo_LocRefContent_1.xml | 11 + .../impl/DataObjectInfo_LocRefContent_2.xml | 13 + .../slcommands/impl/DataObjectInfo_Reference_1.xml | 13 + .../impl/DataObjectInfo_XMLContent_1.xml | 14 + .../impl/DataObjectInfo_XMLContent_2.xml | 17 ++ .../at/gv/egiz/bku/slcommands/impl/Document.dtd | 3 + .../bku/slcommands/impl/SignatureEnvironment1.xml | 6 + .../bku/slcommands/impl/SignatureInfo_Base64_1.xml | 23 ++ .../bku/slcommands/impl/SignatureInfo_Base64_2.xml | 18 ++ .../bku/slcommands/impl/SignatureInfo_Base64_3.xml | 20 ++ .../slcommands/impl/SignatureInfo_Reference_1.xml | 11 + .../slcommands/impl/SignatureInfo_XMLContent_1.xml | 13 + .../egiz/bku/slcommands/impl/TransformsInfo_1.xml | 304 +++++++++++++++++++ .../at/gv/egiz/bku/slcommands/impl/XMLDocument.xsd | 15 + .../IdentityLink.Binary.Invalid-1.xml | 1 + .../IdentityLink.Binary.Invalid-2.xml | 1 + .../infoboxreadcommand/IdentityLink.Binary.xml | 1 + .../src/test/resources/commons-logging.properties | 1 + bkucommon/src/test/resources/log4j.properties | 19 ++ 36 files changed, 1169 insertions(+) create mode 100644 bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/Multipart.txt.bin create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/MultipartFromTutorial.txt create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/NOPMultipartDataUrl.txt create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/Nulloperation.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/NulloperationRequest.txt.bin create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/Statemachine1.txt create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/Stylesheet.txt create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/stylesheet.xslt create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/createxmlsignaturerequest/CreateXMLSignatureRequest.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/Cert.p12 create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.bin create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.txt create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Base64Content_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_Base64Content.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_2.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Reference_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_XMLContent_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_XMLContent_2.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/Document.dtd create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureEnvironment1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_2.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_3.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Reference_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_XMLContent_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/XMLDocument.xsd create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-1.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-2.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.xml create mode 100644 bkucommon/src/test/resources/commons-logging.properties create mode 100644 bkucommon/src/test/resources/log4j.properties (limited to 'bkucommon/src/test/resources') diff --git a/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl b/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl new file mode 100644 index 00000000..29f3e25d --- /dev/null +++ b/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl @@ -0,0 +1,61 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Multipart.txt.bin b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Multipart.txt.bin new file mode 100644 index 00000000..6b00acc5 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Multipart.txt.bin @@ -0,0 +1,337 @@ +POST http://www.opinionatedgeek.com:80/dotnet/tools/Base64Encode/Default.aspx HTTP/1.1 +Host: www.opinionatedgeek.com +User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 +Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 +Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 +Accept-Encoding: gzip,deflate +Accept-Charset: UTF-8,* +Keep-Alive: 300 +Proxy-Connection: keep-alive +Referer: http://www.opinionatedgeek.com/dotnet/tools/Base64Encode/ +Cookie: __utma=87673542.1058874134.1202897575.1205922938.1215441720.3; __utmz=87673542.1215441720.3.3.utmccn=(organic)|utmcsr=google|utmctr=base64+encoder|utmcmd=organic; __utmb=87673542; __utmc=87673542 +Content-Type: multipart/form-data; boundary=---------------------------15671293698853 +Content-length: 11576 + +-----------------------------15671293698853 +Content-Disposition: form-data; name="ctl00$ctl00$ctl00$WholeBody$ContentPane$ContentArea$ctl01$ctl01$Body$ctl00_Hidden" + +False +-----------------------------15671293698853 +Content-Disposition: form-data; name="__VIEWSTATE" + +/wEPDwUJNzM1NDA1ODc3D2QWAmYPZBYCZg9kFgJmD2QWAgIFD2QWAgIFD2QWAgIBD2QWAgIBDxYCHgdlbmN0eXBlBRNtdWx0aXBhcnQvZm9ybS1kYXRhFgICAQ9kFgICAw9kFgICAQ9kFgICAQ8PFCsDA2hoZ2QWBGYPDxYEHghDc3NDbGFzcwUPc3Vic2VjdGlvbnRpdGxlHgRfIVNCAgJkFgJmDw8WBB8BBQ9zdWJzZWN0aW9udGl0bGUfAgICZBYCZg8PFgQeC05hdmlnYXRlVXJsBQEjHgdUb29sVGlwBRhDbGljayB0byBleHBhbmQvY29sbGFwc2UWBh4Hb25jbGljawXCAXJldHVybiB0b2dnbGVfZXhjX29wZ2VlayAoJ2N0bDAwX2N0bDAwX2N0bDAwX1dob2xlQm9keV9Db250ZW50UGFuZV9Db250ZW50QXJlYV9jdGwwMV9jdGwwMV9Cb2R5X2N0bDAwX2N0bDAwJywgJ2N0bDAwJGN0bDAwJGN0bDAwJFdob2xlQm9keSRDb250ZW50UGFuZSRDb250ZW50QXJlYSRjdGwwMSRjdGwwMSRCb2R5JGN0bDAwX0hpZGRlbicpHgtvbm1vdXNlb3ZlcgU3d2luZG93LnN0YXR1cyA9ICdDbGljayB0byBleHBhbmQvY29sbGFwc2UnOyByZXR1cm4gdHJ1ZR4Kb25tb3VzZW91dAUfd2luZG93LnN0YXR1cyA9ICcnOyByZXR1cm4gdHJ1ZWQCAQ8PFgQfAQULc2VjdGlvbmJvZHkfAgICZBYCZg8PFgQfAQULc2VjdGlvbmJvZHkfAgICZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFSmN0bDAwJGN0bDAwJGN0bDAwJFdob2xlQm9keSRDb250ZW50UGFuZSRDb250ZW50QXJlYSRjdGwwMSRjdGwwMSRCb2R5JGN0bDAwm1Yd0S+llPVzX/xfKb3tdvK8fNQ= +-----------------------------15671293698853 +Content-Disposition: form-data; name="ctl00$ctl00$ctl00$WholeBody$ContentPane$ContentArea$ctl01$ctl01$Body$ctl00$ctl02" + +False +-----------------------------15671293698853 +Content-Disposition: form-data; name="XMLRequest"; filename="project.xml" +Content-Type: text/xml + + + + + + 3 + + FileUpload + commons-fileupload + commons-fileupload + 1.3-SNAPSHOT + 2002 + File upload component for Java servlets + + The FileUpload component provides a simple yet flexible means of adding + support for multipart file upload functionality to servlets and web + applications. + + /images/logo.png + + http://commons.apache.org/${pom.artifactId.substring(8)}/ + org.apache.commons.${pom.artifactId.substring(8)} + + + The Apache Software Foundation + http://commons.apache.org/ + http://commons.apache.org/images/logo.png + + + + + The Apache Software License, Version 2.0 + /LICENSE.txt + repo + + + + commons + http://issues.apache.org/jira/ + people.apache.org + /www/commons.apache.org/${pom.artifactId.substring(8)}/ + /www/people.apache.org/builds/commons/${pom.artifactId.substring(8)}/ + + + scm:svn:http://svn.apache.org/repos/asf/commons/proper/${pom.artifactId.substring(8)}/trunk + http://svn.apache.org/repos/asf + + + + + Commons Dev List + dev-subscribe@commons.apache.org + dev-unsubscribe@commons.apache.org + http://mail-archives.apache.org/mod_mbox/commons-dev/ + + + Commons User List + user-subscribe@commons.apache.org + user-unsubscribe@commons.apache.org + http://mail-archives.apache.org/mod_mbox/commons-user/ + + + + + + + 1.2.1 + 1.2.1 + commons-fileupload-1.2.1 + + + 1.2 + 1.2 + commons-fileupload-1.2 + + + 1.1.1 + 1.1.1 + FILEUPLOAD_1_1_1 + + + 1.1 + 1.1 + FILEUPLOAD_1_1 + + + 1.1-rc2 + 1.1-rc2 + FILEUPLOAD_1_1_RC2 + + + 1.1-rc1 + 1.1-rc1 + FILEUPLOAD_1_1_RC1 + + + 1.0 + 1.0 + FILEUPLOAD_1_0 + + + 1.0-rc1 + 1.0-rc1 + FILEUPLOAD_1_0_RC1 + + + 1.0-beta-1 + 1.0-beta-1 + FILEUPLOAD_1_0_B1 + + + + + + Martin Cooper + martinc + martinc@apache.org + EMC + + + dIon Gillard + dion + dion@apache.org + Multitask Consulting + + + John McNally + jmcnally + jmcnally@collab.net + CollabNet + + + Daniel Rall + dlr + dlr@finemaltcoding.com + CollabNet + + + Jason van Zyl + jvanzyl + jason@zenplex.com + Zenplex + + + Robert Burrell Donkin + rdonkin + rdonkin@apache.org + + + + Sean C. Sullivan + sullis + sean |at| seansullivan |dot| com + + + + Jochen Wiedmann + jochen + jochen.wiedmann@gmail.com + + + + + + + commons-io + commons-io + 1.3.2 + http://commons.apache.org/io/ + + + javax.servlet + servlet-api + 2.4 + http://java.sun.com/products/servlet/ + + provided + + + + javax.portlet + portlet-api + 1.0 + http://portals.apache.org/pluto + + provided + + Required only when using FileUpload in a portlet environment. + + + + + junit + junit + 3.8.1 + http://www.junit.org/ + + test + + <strong>Test Only</strong> - required only for + running the FileUpload unit tests. + + + + + + maven + maven-xdoc-plugin + 1.9.2 + http://maven.apache.org/reference/plugins/xdoc/ + plugin + + + <strong>Site Only</strong> - v1.9.2 (minimum) + required for building the FileUpload Site documentation. + + + + + + maven + maven-changelog-plugin + 1.9.1 + http://maven.apache.org/reference/plugins/changelog/ + plugin + + + <strong>Site Only</strong> - v1.9.1 (minimum) + required for building the FileUpload Site documentation. + + + + + + + dev@commons.apache.org + src/java + src/test + + + **/*Test.java + + + + ${pom.build.unitTestSourceDirectory} + + **/*.xml + + + + + + + + ${basedir} + META-INF + + NOTICE.txt + + + + + + + maven-changes-plugin + maven-changelog-plugin + maven-checkstyle-plugin + + maven-developer-activity-plugin + maven-faq-plugin + maven-file-activity-plugin + maven-javadoc-plugin + maven-jdepend-plugin + maven-junit-report-plugin + maven-jxr-plugin + maven-license-plugin + + maven-pmd-plugin + maven-simian-plugin + maven-tasklist-plugin + + + + +-----------------------------15671293698853 +Content-Disposition: form-data; name="ctl00$ctl00$ctl00$WholeBody$ContentPane$ContentArea$ctl01$ctl01$Body$textToEncode" + + +-----------------------------15671293698853 +Content-Disposition: form-data; name="ctl00$ctl00$ctl00$WholeBody$ContentPane$ContentArea$ctl01$ctl01$Body$butSubmit" + +Encode +-----------------------------15671293698853-- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/MultipartFromTutorial.txt b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/MultipartFromTutorial.txt new file mode 100644 index 00000000..7014b1cf --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/MultipartFromTutorial.txt @@ -0,0 +1,37 @@ +POST /http-security-layer-request HTTP/1.1 +Host: 127.0.0.1 +User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 +Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 +Accept-Language: de-at,de;q=0.7,en;q=0.3 +Accept-Encoding: gzip,deflate +Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 +Keep-Alive: 300 +Connection: keep-alive +Content-Type: multipart/form-data; boundary=---------------------------2330864292941 +Content-Length: 1800 + +-----------------------------2330864292941 +Content-Disposition: form-data; name="Vorname_" + +Thassilo +-----------------------------2330864292941 +Content-Disposition: form-data; name="Nachname_" + +Tester +-----------------------------2330864292941 +Content-Disposition: form-data; name="Beilage_"; filename="Beilage.png" +Content-Type: image/png + +‰PNG + + IHDR   <Œ"¢ tRNS n¦‘ pHYs  ÒÝ~ü tEXtComment ‰*? WIDATxœ­”½NÂPÇ?qö|ŸÁ„÷18XB\HtpëÀ.nº ƒpcÀ&°2ºº¢.LþšÓ\n/åzÁ›œ¶çãÿç«­¬¦õÅUŠ ˆ>ÔU6J0®Žd…¦RÖÖÑåsÓDT ”*[°jÜM?‚þ{”‚)?¯¶ Sl»8X?ªàªÈh‚ÃZÏ&AÇc8röff#Ãì0Á¸Ð¼;ôQ@ÇÉËé#ÛAP0Ý}???û—v.LœkP÷ ÛV–†dvÖuV㬠€ application/octet-stream http://www.w3.org/2000/09/xmldsig#sha1 Beilage zum Formular 0815 +-----------------------------2330864292941 +Content-Disposition: form-data; name="DataURL" + +http://localhost:18080/SL12Tutorial/SignAttachments;jsessionid=2BAF01A9069F6AF073A25B4D9B8E803E?use=sign +-----------------------------2330864292941-- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/NOPMultipartDataUrl.txt b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/NOPMultipartDataUrl.txt new file mode 100644 index 00000000..fb8cc1c3 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/NOPMultipartDataUrl.txt @@ -0,0 +1,47 @@ +POST /http-security-layer-request HTTP/1.1 +Host: 127.0.0.1 +User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 +Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 +Accept-Language: de-at,de;q=0.7,en;q=0.3 +Accept-Encoding: gzip,deflate +Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 +Keep-Alive: 300 +Connection: keep-alive +Content-Type: multipart/form-data; boundary=---------------------------2330864292941 +Content-Length: 1800 + +-----------------------------2330864292941 +Content-Disposition: form-data; name="Vorname_" +Content-Type:text/xml;charset=UTF-8 + +Thassilo +-----------------------------2330864292941 +Content-Disposition: form-data; name="Nachname_" + +Tester +-----------------------------2330864292941 +Content-Disposition: form-data; name="Beilage_"; filename="Beilage.png" +Content-Type: image/png + +�PNG + + +IHDR   <�"� tRNS n�� pHYs  ��~� tEXtComment �*? WIDATx����N�P�?q�|�D�18XB\Htp��.n� +�pc�&�2���.L���\n/�z[�����竭����U���>�U6J0��d��R����s�DT +�*[�j�M?��{��)?�� Sl�8X?���h��Z�&A�c8r�ff#��0xм;�Q@����#�AP0�}???�v.L�kP� �V��dv�uV� � +-----------------------------2330864292941 +Content-Disposition: form-data; name="WeitergabeHeader__"; + +MyHeader:veryUgly + +-----------------------------2330864292941 +Content-Disposition: form-data; name="DataURL" + +http://localhost:8080/ +-----------------------------2330864292941-- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Nulloperation.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Nulloperation.xml new file mode 100644 index 00000000..29ab2d41 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Nulloperation.xml @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/NulloperationRequest.txt.bin b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/NulloperationRequest.txt.bin new file mode 100644 index 00000000..5ee5aee6 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/NulloperationRequest.txt.bin @@ -0,0 +1 @@ +XMLRequest=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3CNullOperationRequest+xmlns%3D%22http%3A%2F%2Fwww.buergerkarte.at%2Fnamespaces%2Fsecuritylayer%2F1.2%23%22%2F%3E&RedirectURL=https%3A%2F%2Fdemo.egiz.gv.at%2Fbku-erkennung%2Fv1.1%2Fbku-erkennung%2Fbku-erkennung_helper.html \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Statemachine1.txt b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Statemachine1.txt new file mode 100644 index 00000000..92d75066 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Statemachine1.txt @@ -0,0 +1,36 @@ + +-----------------------------2330864292941 +Content-Disposition: form-data; name="Vorname_" +Content-Type:text/plain;charset=UTF-8 + +Thassilo +-----------------------------2330864292941 +Content-Disposition: form-data; name="Nachname_" + +Tester +-----------------------------2330864292941 +Content-Disposition: form-data; name="Beilage_"; filename="Beilage.png" +Content-Type: image/png + +�PNG + + +IHDR   <�"� tRNS n�� pHYs  ��~� tEXtComment �*? WIDATx����N�P�?q�|�D�18XB\Htp��.n� +�pc�&�2���.L���\n/�z[�����竭����U���>�U6J0��d��R����s�DT +�*[�j�M?��{��)?�� Sl�8X?���h��Z�&A�c8r�ff#��0xм;�Q@����#�AP0�}???�v.L�kP� �V��dv�uV� � +-----------------------------2330864292941 +Content-Disposition: form-data; name="WeitergabeHeader__"; + +MyHeader:veryUgly +-----------------------------2330864292941 +Content-Disposition: form-data; name="DataURL" + +http://localhost:8080/ +-----------------------------2330864292941-- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Stylesheet.txt b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Stylesheet.txt new file mode 100644 index 00000000..71dbd103 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/Stylesheet.txt @@ -0,0 +1,56 @@ + +-----------------------------2330864292941 +Content-Disposition: form-data; name="Vorname_" +Content-Type:text/plain;charset=UTF-8 + +Thassilo +-----------------------------2330864292941 +Content-Disposition: form-data; name="Nachname_" + +Tester +-----------------------------2330864292941 +Content-Disposition: form-data; name="StylesheetURL" + +formdata:Stylesheet +-----------------------------2330864292941 +Content-Disposition: form-data; name="Beilage_"; filename="Beilage.png" +Content-Type: image/png + +�PNG + + +IHDR   <�"� tRNS n�� pHYs  ��~� tEXtComment �*? WIDATx����N�P�?q�|�D�18XB\Htp��.n� +�pc�&�2���.L���\n/�z[�����竭����U���>�U6J0��d��R����s�DT +�*[�j�M?��{��)?�� Sl�8X?���h��Z�&A�c8r�ff#��0xм;�Q@����#�AP0�}???�v.L�kP� �V��dv�uV� � +-----------------------------2330864292941 +Content-Disposition: form-data; name="Stylesheet"; + + + + + + + + +

Alles Roger

+ + +

Uuups

+ + + + + + +-----------------------------2330864292941 +Content-Disposition: form-data; name="DataURL" + +http://localhost:8080/ +-----------------------------2330864292941-- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/stylesheet.xslt b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/stylesheet.xslt new file mode 100644 index 00000000..bc1abc19 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/stylesheet.xslt @@ -0,0 +1,16 @@ + + + + + + + + + + + Alles Roger + + + NullKommaJosef + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/createxmlsignaturerequest/CreateXMLSignatureRequest.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/createxmlsignaturerequest/CreateXMLSignatureRequest.xml new file mode 100644 index 00000000..e8622526 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/createxmlsignaturerequest/CreateXMLSignatureRequest.xml @@ -0,0 +1,23 @@ + + + CertifiedKeypair + + + Von der Signatur umschlossene Daten. + + + + text/plain + + + + + + /doc:XMLDocument + + + http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20040514/tutorial/examples/interface/common/XMLDocument.xsd + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/Cert.p12 b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/Cert.p12 new file mode 100644 index 00000000..7d42c4b3 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/Cert.p12 differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.bin b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.bin new file mode 100644 index 00000000..34cace45 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.bin @@ -0,0 +1,6 @@ + + + Ich bin der erste Absatz in diesem Dokument. + Und ich bin der zweite Absatz in diesem Dokument. +Ich habe weiters ein eigenens ID-Attribut bekommen. + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.txt b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.txt new file mode 100644 index 00000000..7448a1e3 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.txt @@ -0,0 +1 @@ +Ich bin ein einfacher Text. \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.xml new file mode 100644 index 00000000..92a106b7 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObject1.xml @@ -0,0 +1,6 @@ + + + Ich bin der erste Absatz in diesem Dokument. + Und ich bin der zweite Absatz in diesem Dokument. +Ich habe weiters ein eigenens ID-Attribut bekommen. + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Base64Content_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Base64Content_1.xml new file mode 100644 index 00000000..a76308ae --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Base64Content_1.xml @@ -0,0 +1,13 @@ + + + + + SWNoIGJpbiBlaW4gZWluZmFjaGVyIFRleHQu + + + + text/plain + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_1.xml new file mode 100644 index 00000000..72e16347 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_1.xml @@ -0,0 +1,11 @@ + + + + + + + text/xml + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_Base64Content.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_Base64Content.xml new file mode 100644 index 00000000..61fb446d --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_Base64Content.xml @@ -0,0 +1,13 @@ + + + + + SWNoIGJpbiBlaW4gZWluZmFjaGVyIFRleHQu + + + + text/xml + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_1.xml new file mode 100644 index 00000000..65bafc0c --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_1.xml @@ -0,0 +1,11 @@ + + + + + + + text/xml + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_2.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_2.xml new file mode 100644 index 00000000..852c115f --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_2.xml @@ -0,0 +1,13 @@ + + + + + testlocal:DataObject1.bin + + + + application/octetstream + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Reference_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Reference_1.xml new file mode 100644 index 00000000..7bcb5113 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Reference_1.xml @@ -0,0 +1,13 @@ + + + + + testlocal:DataObject1.txt + + + + text/plain + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_XMLContent_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_XMLContent_1.xml new file mode 100644 index 00000000..2adda980 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_XMLContent_1.xml @@ -0,0 +1,14 @@ + + + + + I am a simple funny text. + + + + text/xml + I am a fancy description. + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_XMLContent_2.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_XMLContent_2.xml new file mode 100644 index 00000000..cad96fc8 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_XMLContent_2.xml @@ -0,0 +1,17 @@ + + + + + I am a simple funny text. + + + + + + + text/xml + I am a fancy description. + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/Document.dtd b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/Document.dtd new file mode 100644 index 00000000..b645cef9 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/Document.dtd @@ -0,0 +1,3 @@ + + + diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureEnvironment1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureEnvironment1.xml new file mode 100644 index 00000000..91fd7ccb --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureEnvironment1.xml @@ -0,0 +1,6 @@ + + + Ich bin der erste Absatz in diesem Dokument. + Und ich bin der zweite Absatz in diesem Dokument. +Ich habe weiters ein eigenens ID-Attribut bekommen. + diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_1.xml new file mode 100644 index 00000000..dac81be7 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_1.xml @@ -0,0 +1,23 @@ + + + + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxkb2M6WE1MRG9jdW1lbnQg +eG1sbnM6ZG9jPSJ1cm46ZG9jdW1lbnQiPg0KICA8ZG9jOlBhcmFncmFwaD5JY2ggYmluIGRlciBl +cnN0ZSBBYnNhdHogaW4gZGllc2VtIERva3VtZW50LjwvZG9jOlBhcmFncmFwaD4NCiAgPGRvYzpQ +YXJhZ3JhcGg+VW5kIGljaCBiaW4gZGVyIHp3ZWl0ZSBBYnNhdHogaW4gZGllc2VtIERva3VtZW50 +LjwvZG9jOlBhcmFncmFwaD4NCjwvZG9jOlhNTERvY3VtZW50Pg0K + + /doc:XMLDocument + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_2.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_2.xml new file mode 100644 index 00000000..7d8c7c01 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_2.xml @@ -0,0 +1,18 @@ + + + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhRE9DVFlQRSBYTUxEb2N1 +bWVudCBTWVNURU0gInVybjpEb2N1bWVudC5kdGQiPg0KPFhNTERvY3VtZW50Pg0KICAgIDxQYXJh +Z3JhcGg+SWNoIGJpbiBkZXIgZXJzdGUgQWJzYXR6IGluIGRpZXNlbSBEb2t1bWVudC48L1BhcmFn +cmFwaD4NCiAgICA8UGFyYWdyYXBoIFBhcmFJZD0iUGFyYTIiPlVuZCBpY2ggYmluIGRlciB6d2Vp +dGUgQWJzYXR6IGluIGRpZXNlbSBEb2t1bWVudC4NCiAgICBJY2ggaGFiZSB3ZWl0ZXJzIGVpbiBl +aWdlbmVucyBJRC1BdHRyaWJ1dCBiZWtvbW1lbi48L1BhcmFncmFwaD4NCjwvWE1MRG9jdW1lbnQ+ + + /XMLDocument + + + testlocal:Document.dtd + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_3.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_3.xml new file mode 100644 index 00000000..91425a93 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_3.xml @@ -0,0 +1,20 @@ + + + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhRE9DVFlQRSBYTUxEb2N1 +bWVudCBTWVNURU0gInVybjpEb2N1bWVudC5kdGQiPg0KPFhNTERvY3VtZW50Pg0KICAgIDxQYXJh +Z3JhcGg+SWNoIGJpbiBkZXIgZXJzdGUgQWJzYXR6IGluIGRpZXNlbSBEb2t1bWVudC48L1BhcmFn +cmFwaD4NCiAgICA8UGFyYWdyYXBoIFBhcmFJZD0iUGFyYTIiPlVuZCBpY2ggYmluIGRlciB6d2Vp +dGUgQWJzYXR6IGluIGRpZXNlbSBEb2t1bWVudC4NCiAgICBJY2ggaGFiZSB3ZWl0ZXJzIGVpbiBl +aWdlbmVucyBJRC1BdHRyaWJ1dCBiZWtvbW1lbi48L1BhcmFncmFwaD4NCjwvWE1MRG9jdW1lbnQ+ + + /XMLDocument + + + PCFFTEVNRU5UIFhNTERvY3VtZW50ICgjUENEQVRBIHwgUGFyYWdyYXBoKSo+DQo8IUVMRU1FTlQg +UGFyYWdyYXBoICgjUENEQVRBKT4NCjwhQVRUTElTVCBQYXJhZ3JhcGggUGFyYUlkIENEQVRBICNJ +TVBMSUVEPg== + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Reference_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Reference_1.xml new file mode 100644 index 00000000..d1589f24 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Reference_1.xml @@ -0,0 +1,11 @@ + + + + id("Para2") + + + testlocal:XMLDocument.xsd + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_XMLContent_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_XMLContent_1.xml new file mode 100644 index 00000000..79e91992 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_XMLContent_1.xml @@ -0,0 +1,13 @@ + + + + + + Text in Teil 1 + Text in Teil 2 + + + + /doc:Whole + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_1.xml new file mode 100644 index 00000000..7631534e --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_1.xml @@ -0,0 +1,304 @@ + + + SecureSignatureKeypair + + + + + + + + + + + Signatur der Anmeldedaten + + + +

Signatur der Anmeldedaten

+

+

Mit meiner elektronischen Signatur beantrage ich, + + , geboren am . . , in der Rolle als (OID***= ), den Zugang zur gesicherten Anwendung.

+

+

Datum und Uhrzeit: . . , : + : +

+ +

HPI(**):

+ + +

wbPK(*):

+ + +
+

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. +

wbPK(*) des Vollmachtgebers:

+ +

+

+ + + +

+

+ + +

+

+ + +

+

+ + + +
(*) wbPK: Das wirtschaftsbereichsspezifische + Personenkennzeichen wird aus den jeweiligen + Stammzahlen des Bürgers und des Wirtschaftsunternehmens + berechnet und ermöglicht eine eindeutige Zuordnung des + Bürgers zum Wirtschaftsunternehmen.
+ + +
(**) HPI: Der eHealth Professional + Identifier wird aus den jeweiligen Stammzahlen + der Gesundheitsdiensteanbieterinnen / + Gesundheitsdiensteanbieter berechnet und ermöglicht eine + eindeutige Zuordnung der Gesundheitsdiensteanbieterin / + des Gesundheitsdiensteanbieters im + Gesundheitsbereich.
+ + +
(***) OID: Object Identifier sind + standardisierte Objekt-Bezeichner und beschreiben + eindeutig die Rollen des GDA-Token Inhabers.
+ + + + + + + + + + application/xhtml+xml + + + + + + + + + + + + Signatur der Anmeldedaten + + +

Signatur der Anmeldedaten

+

+

Mit meiner elektronischen Signatur beantrage ich, + + , geboren am . . , in der Rolle als (OID***= ), den Zugang zur gesicherten Anwendung.

+

+

Datum und Uhrzeit: . . , : + : +

+ +

HPI(**):

+ + +

wbPK(*):

+ + +
+

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. +

wbPK(*) des Vollmachtgebers:

+ +

+

+ + + +

+

+ + +

+

+ + +

+

+ + + +
(*) wbPK: Das wirtschaftsbereichsspezifische + Personenkennzeichen wird aus den jeweiligen + Stammzahlen des Bürgers und des Wirtschaftsunternehmens + berechnet und ermöglicht eine eindeutige Zuordnung des + Bürgers zum Wirtschaftsunternehmen.
+ + +
(**) HPI: Der eHealth Professional Identifier + wird aus den jeweiligen Stammzahlen der + Gesundheitsdiensteanbieterinnen / + Gesundheitsdiensteanbieter berechnet und ermöglicht eine + eindeutige Zuordnung der Gesundheitsdiensteanbieterin / + des Gesundheitsdiensteanbieters im + Gesundheitsbereich.
+ + +
(***) OID: Object Identifier sind standardisierte + Objekt-Bezeichner und beschreiben eindeutig die Rollen + des GDA-Token Inhabers.
+ + + + + + + + + + text/html + + + + + + + + + + https://demo.egiz.gv.at/exchange-moa-id-auth/ + + + + + LTpz8VYzns2jrx0J8Gm/R/nAhxA= + urn:publicid:gv.at:wbpk+FN+TODO + + + + + https://apps.egiz.gv.at/urlaubsschein-frontend/moaid-login + + + 1971-11-10 + + + + + + /saml:Assertion + + diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/XMLDocument.xsd b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/XMLDocument.xsd new file mode 100644 index 00000000..a2930f1d --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/XMLDocument.xsd @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-1.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-1.xml new file mode 100644 index 00000000..1a2857da --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-1.xml @@ -0,0 +1 @@ + IdentityLink \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-2.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-2.xml new file mode 100644 index 00000000..96311ff6 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-2.xml @@ -0,0 +1 @@ + IdentityLink \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.xml new file mode 100644 index 00000000..10964e06 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.xml @@ -0,0 +1 @@ + IdentityLink urn:publicid:gv.at:wbpk+FN+468924i \ No newline at end of file diff --git a/bkucommon/src/test/resources/commons-logging.properties b/bkucommon/src/test/resources/commons-logging.properties new file mode 100644 index 00000000..29292562 --- /dev/null +++ b/bkucommon/src/test/resources/commons-logging.properties @@ -0,0 +1 @@ +org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger diff --git a/bkucommon/src/test/resources/log4j.properties b/bkucommon/src/test/resources/log4j.properties new file mode 100644 index 00000000..053eac17 --- /dev/null +++ b/bkucommon/src/test/resources/log4j.properties @@ -0,0 +1,19 @@ +# loglever DEBUG, appender STDOUT +log4j.rootLogger=TRACE, STDOUT +#log4j.logger.at.gv.egiz.slbinding.RedirectEventFilter=DEBUG, STDOUT + +# STDOUT appender +log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender +log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout +#log4j.appender.STDOUT.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n +#log4j.appender.STDOUT.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n +log4j.appender.STDOUT.layout.ConversionPattern=%-5p |%d | %t | %c %x- %m%n + +### FILE appender +#log4j.appender.file=org.apache.log4j.RollingFileAppender +#log4j.appender.file.maxFileSize=100KB +#log4j.appender.file.maxBackupIndex=9 +#log4j.appender.file.File=egovbus_ca.log +#log4j.appender.file.threshold=info +#log4j.appender.file.layout=org.apache.log4j.PatternLayout +#log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n \ No newline at end of file -- cgit v1.2.3 From c88d1b43311a2dd4636088d9cdef988bce3f611b Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 29 Aug 2008 15:39:24 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@7 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- bkucommon/src/test/resources/MOA-SPSS-1.3.xsd | 469 ++++++++++++++++++++++++++ 1 file changed, 469 insertions(+) create mode 100644 bkucommon/src/test/resources/MOA-SPSS-1.3.xsd (limited to 'bkucommon/src/test/resources') diff --git a/bkucommon/src/test/resources/MOA-SPSS-1.3.xsd b/bkucommon/src/test/resources/MOA-SPSS-1.3.xsd new file mode 100644 index 00000000..756b5127 --- /dev/null +++ b/bkucommon/src/test/resources/MOA-SPSS-1.3.xsd @@ -0,0 +1,469 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + -- cgit v1.2.3 From 2f029b9cb3ebc11abe28e0b2801bacc40cb584b1 Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 3 Sep 2008 15:19:48 +0000 Subject: Just a backup of updated accesscontroller files git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@12 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../accesscontroller/AccessControllerFactory.java | 68 ++++++++++++- .../gv/egiz/bku/accesscontroller/ChainResult.java | 1 + .../bku/accesscontroller/InfoboxRuleChecker.java | 14 +++ .../gv/egiz/bku/accesscontroller/RuleChecker.java | 112 ++++++++++++++++++--- .../gv/egiz/bku/accesscontroller/ConfigTest.java | 17 ++++ .../egiz/bku/accesscontroller/RuleCheckerTest.java | 87 ++++++++++++++++ .../bku/accesscontroller/AccessControlConfig.xml | 78 ++++++++++++++ 7 files changed, 361 insertions(+), 16 deletions(-) create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java create mode 100644 bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java create mode 100644 bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml (limited to 'bkucommon/src/test/resources') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java index 9b3e563d..3b75a5f2 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java @@ -1,10 +1,38 @@ package at.gv.egiz.bku.accesscontroller; +import java.io.InputStream; import java.util.Hashtable; +import java.util.List; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.accesscontrol.config.AccessControl; +import at.gv.egiz.bku.accesscontrol.config.Chain; +import at.gv.egiz.bku.accesscontrol.config.Command; +import at.gv.egiz.bku.accesscontrol.config.ObjectFactory; +import at.gv.egiz.bku.accesscontrol.config.Rule; +import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; public class AccessControllerFactory { - private static AccessControllerFactory instance; + private static AccessControllerFactory instance = new AccessControllerFactory(); + private static Log log = LogFactory.getLog(AccessControllerFactory.class); + private static JAXBContext jaxbContext; + + static { + try { + jaxbContext = JAXBContext.newInstance(ObjectFactory.class.getPackage() + .getName()); + } catch (JAXBException e) { + log.fatal("Cannot init jaxbContext", e); + } + } private Hashtable chainTable = new Hashtable(); @@ -35,5 +63,43 @@ public class AccessControllerFactory { public void registerChainChecker(ChainChecker cc) { chainTable.put(cc.getId(), cc); } + + public RuleChecker createRuleChecker(Rule rule) { + RuleChecker rc; + Command cmd = rule.getCommand(); + if (cmd != null) { + if ((cmd.getParam() != null) && (cmd.getParam().size()>0)) { + if (cmd.getName().startsWith("Infobox")) { + rc = new InfoboxRuleChecker(rule.getId()); + } else { + throw new SLRuntimeException("Cannot handle parameters for command "+cmd.getName()); + } + } else { + rc = new RuleChecker(rule.getId()); + } + } else { + rc = new RuleChecker(rule.getId()); + } + // FIXME TODO cont. here + + + return rc; + } + + + public void init(InputStream is) throws JAXBException { + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + AccessControl ac = (AccessControl) unmarshaller.unmarshal(is); + List chainList = ac.getChains().getChain(); + log.debug("Found "+chainList.size()+" chains in config"); + for (Chain chain : chainList) { + List ruleList = chain.getRules().getRule(); + log.debug("Found "+ruleList.size()+" rules in chain "+chain.getId()); + for (Rule rule : ruleList) { + //rule.g + } + } + + } } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java index a534f4e5..a8fb789e 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainResult.java @@ -12,6 +12,7 @@ public class ChainResult { public ChainResult(Action action, UserAction userAction, boolean matchFound) { this.action = action; this.userAction = userAction; + this.matchFound = matchFound; } public Action getAction() { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java new file mode 100644 index 00000000..2981d24e --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java @@ -0,0 +1,14 @@ +package at.gv.egiz.bku.accesscontroller; + +/** + * Adds infobox parameter checks + * @author wbauer + * + */ +public class InfoboxRuleChecker extends RuleChecker { + + public InfoboxRuleChecker(String id) { + super(id); + } + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java index bf46034d..c59f5b70 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java @@ -1,23 +1,36 @@ package at.gv.egiz.bku.accesscontroller; +import java.net.InetAddress; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.UnknownHostException; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import at.gv.egiz.bku.slcommands.SLCommand; import at.gv.egiz.bku.slexceptions.SLRuntimeException; public class RuleChecker implements AccessChecker { - + private static Log log = LogFactory.getLog(RuleChecker.class); - - public static enum PEER_TYPE {HOST, IP, URL}; + + public static enum PEER_TYPE { + HOST, IP, URL + }; protected String id; protected AuthenticationClass authenticationClass; protected String commandName; + protected Pattern commandNamePattern; protected String peerId; + protected Pattern peerIdPattern; protected PEER_TYPE peerType; protected Action action; protected UserAction userAction; + protected String chainId; public RuleChecker(String id) { if (id == null) { @@ -27,43 +40,112 @@ public class RuleChecker implements AccessChecker { } public void setAuthenticationClass(String ac) { - AuthenticationClass tmp = AuthenticationClass.fromString(ac); + AuthenticationClass tmp = AuthenticationClass.fromString(ac); if (tmp == null) { - throw new SLRuntimeException("Unknown authentication class "+ac); + throw new SLRuntimeException("Unknown authentication class " + ac); } authenticationClass = tmp; } - + public void setAction(String ac) { Action tmp = Action.fromString(ac); if (tmp == null) { - throw new SLRuntimeException("Unknown action "+ac); + throw new SLRuntimeException("Unknown action " + ac); } action = tmp; } - + public void setUserAction(String uac) { - UserAction tmp = UserAction.fromString(uac); + UserAction tmp = UserAction.fromString(uac); if (tmp == null) { - throw new SLRuntimeException("Unknown user action "+uac); + throw new SLRuntimeException("Unknown user action " + uac); } userAction = tmp; } - + + public void setChainId(String chainId) { + this.chainId = chainId; + } + public void setPeerId(String peerId, PEER_TYPE type) { this.peerType = type; this.peerId = peerId; + peerIdPattern = Pattern.compile(peerId); } - + + public void setCommandName(String commandName) { + this.commandName = commandName; + commandNamePattern = Pattern.compile(commandName); + } + public String getId() { return id; } + protected boolean matchAuthenticationClass(AuthenticationClass cls) { + if (this.authenticationClass == null) { + return true; + } + return this.authenticationClass.compareTo(cls) <= 0; + } + + protected boolean matchCommandName(SLCommand cmd) { + if (commandName == null) { + return true; + } + Matcher matcher = commandNamePattern.matcher(cmd.getName()); + return matcher.matches(); + } + + protected boolean matchPeerId(String peerUrl) { + if (peerId == null) { + return true; + } + if (peerType == PEER_TYPE.URL) { + Matcher matcher = peerIdPattern.matcher(peerUrl); + return matcher.matches(); + } else { + try { + URL url = new URL(peerUrl); + if (peerType == PEER_TYPE.HOST) { + try { + String host = url.getHost(); + String hostName = InetAddress.getByName(host).getCanonicalHostName(); + Matcher matcher = peerIdPattern.matcher(hostName); + return matcher.matches(); + } catch (UnknownHostException e) { + log.error("Cannot resolve hostname", e); + return false; + } + } else { + try { + String hostAddr = InetAddress.getByName(url.getHost()) + .getHostAddress(); + Matcher matcher = peerIdPattern.matcher(hostAddr); + return matcher.matches(); + } catch (UnknownHostException e) { + log.error("Cannot resolve host address", e); + return false; + } + } + } catch (MalformedURLException e) { + log.error("Cannot parse url", e); + return false; + } + } + } + @Override public RuleResult check(AccessCheckerContext checkCtx) { - log.debug("Processing rule: "+id); - // TODO Auto-generated method stub - return null; + log.debug("Processing rule: " + id); + if (matchAuthenticationClass(checkCtx.getAuthenticationClass()) + && matchCommandName(checkCtx.getCommand()) + && matchPeerId(checkCtx.getPeerUrl())) { + log.debug("Match found for rule: " + id); + return new RuleResult(action, userAction, true, chainId); + } + log.debug("No match found for rule: " + id); + return new RuleResult(action, userAction, false, chainId); } } diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java new file mode 100644 index 00000000..b53db264 --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java @@ -0,0 +1,17 @@ +package at.gv.egiz.bku.accesscontroller; + +import javax.xml.bind.JAXBException; + +import org.junit.Test; + +public class ConfigTest { + + public final static String RESOURCE = "at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml"; + + @Test + public void testUnmarshall() throws JAXBException { + AccessControllerFactory.getInstance().init( + getClass().getClassLoader().getResourceAsStream(RESOURCE)); + } + +} diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java new file mode 100644 index 00000000..88f1490c --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java @@ -0,0 +1,87 @@ +package at.gv.egiz.bku.accesscontroller; + +import org.junit.Before; +import org.junit.Test; + +import at.gv.egiz.bku.accesscontroller.RuleChecker.PEER_TYPE; +import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl; +import at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl; +import static org.junit.Assert.*; + +public class RuleCheckerTest { + + protected RuleChecker onlyAuthChecker; + protected RuleChecker onlyCmdChecker; + protected RuleChecker onlyPeerChecker; + + @Before + public void setUp() { + onlyAuthChecker = new RuleChecker("OnlyAuthChecker"); + onlyAuthChecker.setAction("allow"); + onlyAuthChecker.setUserAction("none"); + onlyAuthChecker.setAuthenticationClass("pseudoanonymous"); + onlyCmdChecker = new RuleChecker("OnlyCmdChecker"); + onlyCmdChecker.setAction("allow"); + onlyCmdChecker.setCommandName("InfoboxReadRequest"); + onlyPeerChecker = new RuleChecker("OnlyPeerChecker"); + onlyPeerChecker.setAction("allow"); + onlyPeerChecker.setPeerId("https://129.27.142..*", PEER_TYPE.URL); + } + + @Test + public void testAuthClass() { + AccessCheckerContext ctx = new AccessCheckerContext(null, + AuthenticationClass.ANONYMOUS, null); + RuleResult rr = onlyAuthChecker.check(ctx); + assertFalse(rr.matchFound()); + ctx = new AccessCheckerContext(null, AuthenticationClass.PSEUDO_ANONYMOUS, + null); + rr = onlyAuthChecker.check(ctx); + assertTrue(rr.matchFound()); + ctx = new AccessCheckerContext(null, AuthenticationClass.CERTIFIED, null); + rr = onlyAuthChecker.check(ctx); + assertTrue(rr.matchFound()); + } + + @Test + public void testCmd() { + AccessCheckerContext ctx = new AccessCheckerContext( + new InfoboxReadCommandImpl(), null, null); + RuleResult rr = onlyCmdChecker.check(ctx); + assertTrue(rr.matchFound()); + onlyCmdChecker.setCommandName("Info.*"); + rr = onlyCmdChecker.check(ctx); + assertTrue(rr.matchFound()); + ctx = new AccessCheckerContext(new NullOperationCommandImpl(), null, null); + rr = onlyCmdChecker.check(ctx); + assertFalse(rr.matchFound()); + onlyCmdChecker.setCommandName(".*"); + rr = onlyCmdChecker.check(ctx); + assertTrue(rr.matchFound()); + } + + @Test + public void testPeerId() { + AccessCheckerContext ctx = new AccessCheckerContext(null, null, + "https://129.27.142.20:80/index.html"); + RuleResult rr = onlyPeerChecker.check(ctx); + assertTrue(rr.matchFound()); + + ctx = new AccessCheckerContext(null, null, + "https://129.27.14.20:80/index.html"); + rr = onlyPeerChecker.check(ctx); + assertFalse(rr.matchFound()); + + onlyPeerChecker.setPeerId(".*.iaik..*", PEER_TYPE.HOST); + ctx = new AccessCheckerContext(null, null, + "https://129.27.142.20:80/index.html"); + rr = onlyPeerChecker.check(ctx); + assertTrue(rr.matchFound()); + + onlyPeerChecker.setPeerId("129.27.142..*", PEER_TYPE.IP); + ctx = new AccessCheckerContext(null, null, "https://www.iaik.tugraz.at:80/"); + rr = onlyPeerChecker.check(ctx); + assertTrue(rr.matchFound()); + } + +} diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml new file mode 100644 index 00000000..2455d68d --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml @@ -0,0 +1,78 @@ + + + + + + + certifiedGovAgency + + + allow + + confirm + + + pseudoanonymous + + + Command + + none + + + anonymous + 127.0.0.1 + + Command + + none + + + anonymous + *.gv.at + + allow + + confirm + + + + + + + certified + + + IdentityLink + * + + + allow + + confirm + + + certified + https://finanzonline.bmf.gv.at/* + + Mandates + * + + + allow + + info + + + certified + + + + allow + + none + + + + + -- cgit v1.2.3 From e0f2c64ad6360e2ecec983cb5e0a60f812672106 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 4 Sep 2008 14:56:54 +0000 Subject: finished access controller, accessed it from command invoker and configured everything within onlinebku git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@14 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../egiz/bku/local/webapp/BKURequestHandler.java | 194 ++- .../accesscontroller/SpringSecurityManager.java | 48 + .../at/gv/egiz/bku/online/conf/Configurator.java | 47 +- .../egiz/bku/online/conf/SpringConfigurator.java | 27 + .../egiz/bku/online/webapp/BKURequestHandler.java | 177 ++- .../egiz/bku/online/conf/accessControlConfig.xml | 98 ++ .../gv/egiz/bku/online/conf/defaultConf.properties | 3 + .../src/main/webapp/WEB-INF/applicationContext.xml | 92 +- .../main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar | Bin 0 -> 132767 bytes .../main/webapp/applet/commons-logging-1.1.1.jar | Bin 0 -> 60686 bytes .../src/main/webapp/applet/iaik_jce_me4se-3.04.jar | Bin 0 -> 99061 bytes STALService/META-INF/MANIFEST.MF | 3 + .../accesscontroller/AccessControllerFactory.java | 76 +- .../gv/egiz/bku/accesscontroller/ChainChecker.java | 6 +- .../bku/accesscontroller/CommandParamChecker.java | 52 + .../bku/accesscontroller/InfoboxParamChecker.java | 58 + .../bku/accesscontroller/InfoboxRuleChecker.java | 14 - .../gv/egiz/bku/accesscontroller/RuleChecker.java | 72 +- .../accesscontroller/SecurityManagerFacade.java | 102 ++ .../egiz/bku/binding/BindingProcessorManager.java | 15 +- .../bku/binding/BindingProcessorManagerImpl.java | 20 +- .../at/gv/egiz/bku/binding/DataUrlConnection.java | 17 +- .../gv/egiz/bku/binding/DataUrlConnectionImpl.java | 7 +- .../gv/egiz/bku/binding/HTTPBindingProcessor.java | 1634 ++++++++++---------- .../gv/egiz/bku/binding/SLCommandInvokerImpl.java | 157 +- .../gv/egiz/bku/slcommands/InfoboxReadCommand.java | 10 +- .../gv/egiz/bku/slcommands/SLCommandInvoker.java | 7 +- .../at/gv/egiz/bku/slcommands/SLSourceContext.java | 11 +- .../at/gv/egiz/bku/slcommands/SLTargetContext.java | 13 +- .../slcommands/impl/InfoboxReadCommandImpl.java | 7 +- .../gv/egiz/bku/accesscontroller/ConfigTest.java | 91 +- .../bku/binding/BindingProcessorManagerTest.java | 12 +- .../gv/egiz/bku/binding/DataUrlConnectionTest.java | 22 +- .../at/gv/egiz/bku/binding/ExpiryRemoverTest.java | 10 +- .../egiz/bku/binding/HttpBindingProcessorTest.java | 2 +- .../egiz/bku/binding/MultipartSLRequestTest.java | 5 +- .../at/gv/egiz/bku/binding/NullOperationTest.java | 5 +- .../gv/egiz/bku/binding/TestDataUrlConnection.java | 7 +- .../bku/accesscontroller/AccessControlConfig.xml | 6 +- .../egiz/bku/accesscontroller/SimpleChainTest.xml | 39 + 40 files changed, 1907 insertions(+), 1259 deletions(-) create mode 100644 BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java create mode 100644 BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties create mode 100644 BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar create mode 100644 BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar create mode 100644 BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar create mode 100644 STALService/META-INF/MANIFEST.MF create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/CommandParamChecker.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxParamChecker.java delete mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml (limited to 'bkucommon/src/test/resources') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java index 8529949d..f19b86b5 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java @@ -1,100 +1,96 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.webapp; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Locale; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.web.HttpRequestHandler; - -import at.gv.egiz.bku.binding.BindingProcessorManager; -import at.gv.egiz.bku.binding.HTTPBindingProcessor; -import at.gv.egiz.bku.binding.HttpUtil; -import at.gv.egiz.bku.utils.StreamUtil; -import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; - -public abstract class BKURequestHandler extends HttpServlet { - - public final static String ENCODING = "UTF-8"; - - protected Log log = LogFactory.getLog(BKURequestHandler.class); - - protected abstract BindingProcessorManager getBindingProcessorManager(); - - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { - log.debug("Got new request"); - String lang = req.getHeader("Accept-Language"); - Locale locale = AcceptLanguage.getLocale(lang); - log.debug("Using locale: "+locale); - HTTPBindingProcessor bindingProcessor; - if (req.isSecure()) { - bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() - .createBindingProcessor("https", null, locale); - } else { - bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() - .createBindingProcessor("http", null, locale); - } - Map headerMap = new HashMap(); - for (Enumeration headerName = req.getHeaderNames(); headerName - .hasMoreElements();) { - String header = headerName.nextElement(); - if (header != null) { - headerMap.put(header, req.getHeader(header)); - } - } - headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, req.getContentType()+";"+req.getCharacterEncoding()); - bindingProcessor.setHTTPHeaders(headerMap); - bindingProcessor.consumeRequestStream(req.getInputStream()); - - // fixxme just for testing - bindingProcessor.run(); - if (bindingProcessor.getRedirectURL() != null) { - resp.sendRedirect(bindingProcessor.getRedirectURL()); - return; - } - resp.setStatus(bindingProcessor.getResponseCode()); - for (Iterator it = bindingProcessor.getResponseHeaders().keySet() - .iterator(); it.hasNext();) { - String header = it.next(); - resp.setHeader(header, bindingProcessor.getResponseHeaders().get(header)); - } - resp.setContentType(bindingProcessor.getResultContentType()); - resp.setCharacterEncoding(ENCODING); - bindingProcessor.writeResultTo(resp.getOutputStream(), ENCODING); - req.getInputStream().close(); - resp.getOutputStream().flush(); - resp.getOutputStream().close(); - log.debug("Finished Request"); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { - doPost(req, resp); - } -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import java.io.IOException; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.web.HttpRequestHandler; + +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.binding.HTTPBindingProcessor; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; + +public abstract class BKURequestHandler extends HttpServlet { + + public final static String ENCODING = "UTF-8"; + + protected Log log = LogFactory.getLog(BKURequestHandler.class); + + protected abstract BindingProcessorManager getBindingProcessorManager(); + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + log.debug("Got new request"); + String lang = req.getHeader("Accept-Language"); + Locale locale = AcceptLanguage.getLocale(lang); + log.debug("Using locale: " + locale); + HTTPBindingProcessor bindingProcessor; + bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() + .createBindingProcessor(req.getRequestURL().toString(), null, locale); + Map headerMap = new HashMap(); + for (Enumeration headerName = req.getHeaderNames(); headerName + .hasMoreElements();) { + String header = headerName.nextElement(); + if (header != null) { + headerMap.put(header, req.getHeader(header)); + } + } + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, req.getContentType() + ";" + + req.getCharacterEncoding()); + bindingProcessor.setHTTPHeaders(headerMap); + bindingProcessor.consumeRequestStream(req.getInputStream()); + + // fixxme just for testing + bindingProcessor.run(); + if (bindingProcessor.getRedirectURL() != null) { + resp.sendRedirect(bindingProcessor.getRedirectURL()); + return; + } + resp.setStatus(bindingProcessor.getResponseCode()); + for (Iterator it = bindingProcessor.getResponseHeaders().keySet() + .iterator(); it.hasNext();) { + String header = it.next(); + resp.setHeader(header, bindingProcessor.getResponseHeaders().get(header)); + } + resp.setContentType(bindingProcessor.getResultContentType()); + resp.setCharacterEncoding(ENCODING); + bindingProcessor.writeResultTo(resp.getOutputStream(), ENCODING); + req.getInputStream().close(); + resp.getOutputStream().flush(); + resp.getOutputStream().close(); + log.debug("Finished Request"); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + doPost(req, resp); + } +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java new file mode 100644 index 00000000..404e254e --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java @@ -0,0 +1,48 @@ +package at.gv.egiz.bku.online.accesscontroller; + +import java.io.IOException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.context.ResourceLoaderAware; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + +import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade; +import at.gv.egiz.bku.online.conf.Configurator; + +public class SpringSecurityManager extends SecurityManagerFacade implements + ResourceLoaderAware { + + private ResourceLoader resourceLoader; + + private static Log log = LogFactory.getLog(SpringSecurityManager.class); + + protected Configurator config; + + public void setConfig(Configurator config) { + this.config = config; + } + + public void init() { + String noMatch = config.getProperty("AccessController.acceptNoMatch"); + if (noMatch != null) { + log.debug("Setting allow now match to: " + noMatch); + setAllowUnmatched(Boolean.getBoolean(noMatch)); + } + String policy = config.getProperty("AccessController.policyResource"); + log.info("Loading resource: " + policy); + try { + Resource res = resourceLoader.getResource(policy); + init(res.getInputStream()); + } catch (IOException e) { + log.error(e); + } + } + + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; + } + +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java index 0cb717c4..f51335e1 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java @@ -16,29 +16,31 @@ */ package at.gv.egiz.bku.online.conf; -import iaik.security.ecc.provider.ECCProvider; -import iaik.xml.crypto.XSecProvider; - -import java.net.HttpURLConnection; -import java.security.Provider; -import java.security.Security; - -import javax.net.ssl.HttpsURLConnection; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; +import iaik.security.ecc.provider.ECCProvider; +import iaik.xml.crypto.XSecProvider; + +import java.net.HttpURLConnection; +import java.security.Provider; +import java.security.Security; +import java.util.Properties; + +import javax.net.ssl.HttpsURLConnection; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; /** * * TODO currently only the code to get started. */ public class Configurator { - private Log log = LogFactory.getLog(Configurator.class); + private Log log = LogFactory.getLog(Configurator.class); + + protected Properties properties; public Configurator() { - configure(); } protected void configUrlConnections() { @@ -63,7 +65,18 @@ public class Configurator { public void configure() { configureProviders(); configUrlConnections(); - } - + + public void setConfiguration(Properties props) { + this.properties = props; + configure(); + } + + public String getProperty(String key) { + if (properties != null) { + return properties.getProperty(key); + } + return null; + } + } diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java new file mode 100644 index 00000000..96588d7d --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -0,0 +1,27 @@ +package at.gv.egiz.bku.online.conf; + +import java.io.IOException; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.core.io.Resource; + +public class SpringConfigurator extends Configurator { + + private final static Log log = LogFactory.getLog(SpringConfigurator.class); + + public void setResource(Resource resource) { + log.debug("Loading config from: " + resource); + if (resource != null) { + Properties props = new Properties(); + try { + props.load(resource.getInputStream()); + super.setConfiguration(props); + } catch (IOException e) { + log.error("Cannot load config", e); + } + } + } + +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java index 53a7c164..20320d8e 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java @@ -1,91 +1,88 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.online.webapp; - -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Locale; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.binding.HTTPBindingProcessor; -import at.gv.egiz.bku.binding.HttpUtil; -import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; - -/** - * Handles SL requests and instantiates BindingProcessors - * - */ -public class BKURequestHandler extends SpringBKUServlet { - - public final static String REDIRECT_URL ="appletPage.jsp"; - - protected Log log = LogFactory.getLog(BKURequestHandler.class); - - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { - log.debug("Got new request"); - String lang = req.getHeader("Accept-Language"); - Locale locale = AcceptLanguage.getLocale(lang); - log.debug("Using locale: "+locale); - HttpSession session = req.getSession(); - if (session != null) { - session.invalidate(); - } - String id = req.getSession(true).getId(); - log.debug("Using session id: "+id); - HTTPBindingProcessor bindingProcessor; - if (req.isSecure()) { - bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() - .createBindingProcessor("https", id, locale); - } else { - bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() - .createBindingProcessor("http", id, locale); - } - Map headerMap = new HashMap(); - for (Enumeration headerName = req.getHeaderNames(); headerName - .hasMoreElements();) { - String header = headerName.nextElement(); - if (header != null) { - headerMap.put(header, req.getHeader(header)); - } - } - String charset = req.getCharacterEncoding(); - String contentType = req.getContentType(); - if (charset != null) { - contentType += ";"+charset; - } - headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); - bindingProcessor.setHTTPHeaders(headerMap); - bindingProcessor.consumeRequestStream(req.getInputStream()); - req.getInputStream().close(); - getBindingProcessorManager().process(bindingProcessor); - resp.sendRedirect(REDIRECT_URL); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { - doPost(req, resp); - } -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.online.webapp; + +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.HTTPBindingProcessor; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; + +/** + * Handles SL requests and instantiates BindingProcessors + * + */ +public class BKURequestHandler extends SpringBKUServlet { + + public final static String REDIRECT_URL = "appletPage.jsp"; + + protected Log log = LogFactory.getLog(BKURequestHandler.class); + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + log.debug("Got new request"); + String lang = req.getHeader("Accept-Language"); + Locale locale = AcceptLanguage.getLocale(lang); + log.debug("Using locale: " + locale); + HttpSession session = req.getSession(); + if (session != null) { + session.invalidate(); + } + String id = req.getSession(true).getId(); + log.debug("Using session id: " + id); + HTTPBindingProcessor bindingProcessor; + + bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() + .createBindingProcessor(req.getRequestURL().toString(), id, locale); + + Map headerMap = new HashMap(); + for (Enumeration headerName = req.getHeaderNames(); headerName + .hasMoreElements();) { + String header = headerName.nextElement(); + if (header != null) { + headerMap.put(header, req.getHeader(header)); + } + } + String charset = req.getCharacterEncoding(); + String contentType = req.getContentType(); + if (charset != null) { + contentType += ";" + charset; + } + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); + bindingProcessor.setHTTPHeaders(headerMap); + bindingProcessor.consumeRequestStream(req.getInputStream()); + req.getInputStream().close(); + getBindingProcessorManager().process(bindingProcessor); + resp.sendRedirect(REDIRECT_URL); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + doPost(req, resp); + } +} diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml new file mode 100644 index 00000000..15d62155 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml @@ -0,0 +1,98 @@ + + + + + + + certifiedGovAgency + + + allow + + confirm + + + pseudoanonymous + + + Command + + none + + + anonymous + 127.0.0.1 + + Command + + none + + + anonymous + $.gv.at + + allow + + confirm + + + + + + + certified + + + IdentityLink + .* + + + allow + + confirm + + + certified + https://finanzonline.bmf.gv.at/* + + + Mandates + .* + + + allow + + info + + + certified + + + + allow + + none + + + anonymous + + + 127.0.0.1 + + allow + + none + + + + + + + + allow + + + + + + diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties new file mode 100644 index 00000000..12deac35 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -0,0 +1,3 @@ +# Configuration for online CCE +AccessController.acceptUnmatched=false +AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessControlConfig.xml \ No newline at end of file diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index 7a2f12b8..c5da25c0 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -1,43 +1,53 @@ - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar b/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar new file mode 100644 index 00000000..986842db Binary files /dev/null and b/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar differ diff --git a/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar b/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar new file mode 100644 index 00000000..1deef144 Binary files /dev/null and b/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar differ diff --git a/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar b/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar new file mode 100644 index 00000000..f2173562 Binary files /dev/null and b/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar differ diff --git a/STALService/META-INF/MANIFEST.MF b/STALService/META-INF/MANIFEST.MF new file mode 100644 index 00000000..5e949512 --- /dev/null +++ b/STALService/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java index 3b75a5f2..cd837cd7 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java @@ -15,8 +15,9 @@ import at.gv.egiz.bku.accesscontrol.config.AccessControl; import at.gv.egiz.bku.accesscontrol.config.Chain; import at.gv.egiz.bku.accesscontrol.config.Command; import at.gv.egiz.bku.accesscontrol.config.ObjectFactory; +import at.gv.egiz.bku.accesscontrol.config.Param; import at.gv.egiz.bku.accesscontrol.config.Rule; -import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl; +import at.gv.egiz.bku.accesscontroller.RuleChecker.PEER_TYPE; import at.gv.egiz.bku.slexceptions.SLRuntimeException; public class AccessControllerFactory { @@ -24,6 +25,8 @@ public class AccessControllerFactory { private static AccessControllerFactory instance = new AccessControllerFactory(); private static Log log = LogFactory.getLog(AccessControllerFactory.class); private static JAXBContext jaxbContext; + public static String INPUT_CHAIN = "InputChain"; + public static String OUTPUT_CHAIN = "OutputChain"; static { try { @@ -63,43 +66,72 @@ public class AccessControllerFactory { public void registerChainChecker(ChainChecker cc) { chainTable.put(cc.getId(), cc); } - + + public CommandParamChecker createParamChecker(String cmd) { + if ((cmd != null) && (cmd.startsWith("Infobox"))) { + return new InfoboxParamChecker(); + } else { + return null; + } + } + public RuleChecker createRuleChecker(Rule rule) { RuleChecker rc; + rc = new RuleChecker(rule.getId()); Command cmd = rule.getCommand(); if (cmd != null) { - if ((cmd.getParam() != null) && (cmd.getParam().size()>0)) { - if (cmd.getName().startsWith("Infobox")) { - rc = new InfoboxRuleChecker(rule.getId()); - } else { - throw new SLRuntimeException("Cannot handle parameters for command "+cmd.getName()); - } - } else { - rc = new RuleChecker(rule.getId()); + rc.setCommandName(cmd.getName()); + for (Param p : cmd.getParam()) { + rc.addParameter(p.getName(), p.getValue()); } - } else { - rc = new RuleChecker(rule.getId()); } - // FIXME TODO cont. here - - - return rc; + rc.setAuthenticationClass(rule.getAuthClass()); + if (rule.getIPv4Address() != null) { + rc.setPeerId(rule.getIPv4Address(), PEER_TYPE.IP); + } else if (rule.getDomainName() != null) { + rc.setPeerId(rule.getDomainName(), PEER_TYPE.HOST); + } else if (rule.getURL() != null) { + rc.setPeerId(rule.getURL(), PEER_TYPE.URL); + } + rc.setAction(rule.getAction().getRuleAction()); + rc.setChainId(rule.getAction().getChainRef()); + rc.setUserAction(rule.getUserInteraction()); + return rc; } - - + public void init(InputStream is) throws JAXBException { + chainTable.clear(); Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); AccessControl ac = (AccessControl) unmarshaller.unmarshal(is); List chainList = ac.getChains().getChain(); - log.debug("Found "+chainList.size()+" chains in config"); + log.debug("Found " + chainList.size() + " chains in config"); for (Chain chain : chainList) { + log.trace("Creating chain: " + chain.getId()); + ChainChecker cc = createChainChecker(chain.getId(), false); List ruleList = chain.getRules().getRule(); - log.debug("Found "+ruleList.size()+" rules in chain "+chain.getId()); + log + .debug("Found " + ruleList.size() + " rules in chain " + + chain.getId()); for (Rule rule : ruleList) { - //rule.g + log.trace("Creating rule: " + rule.getId()); + cc.addRule(createRuleChecker(rule)); + } + registerChainChecker(cc); + } + validate(); + } + + private void validate() { + for (ChainChecker chain : chainTable.values()) { + for (RuleChecker rule : chain.getRules()) { + if (rule.getChainId() != null) { + log.trace("Checking reference to chain: "+rule.getChainId()); + if (getChainChecker(rule.getChainId()) == null) { + throw new SLRuntimeException("Invalid reference to unknown chain: "+rule.getChainId()); + } + } } } - } } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainChecker.java index 242d9b02..a290fe8d 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainChecker.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainChecker.java @@ -1,5 +1,6 @@ package at.gv.egiz.bku.accesscontroller; +import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -35,6 +36,10 @@ public class ChainChecker implements AccessChecker { rules.add(rule); } } + + public List getRules() { + return Collections.unmodifiableList(rules); + } @Override public ChainResult check(AccessCheckerContext checkCtx) throws SLException { @@ -43,7 +48,6 @@ public class ChainChecker implements AccessChecker { log.trace("Checking rule: "+rule.getId()); RuleResult result = rule.check(checkCtx); if (result.matchFound()) { - log.debug("Found matching rule: "+rule.getId()); if (result.getDelegateChainId() != null) { // process chain ChainChecker cc = AccessControllerFactory.getInstance().getChainChecker(result.getDelegateChainId()); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/CommandParamChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/CommandParamChecker.java new file mode 100644 index 00000000..3927c3c9 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/CommandParamChecker.java @@ -0,0 +1,52 @@ +package at.gv.egiz.bku.accesscontroller; + +import java.util.LinkedList; +import java.util.List; + +import at.gv.egiz.bku.slcommands.SLCommand; + +public abstract class CommandParamChecker { + + protected List> paramList = new LinkedList>(); + + public static class Tupel { + private T key; + private Q val; + + public Tupel(T key, Q val) { + if ((key == null) || (val == null)) { + throw new NullPointerException("Tupel key and value must not be null"); + } + this.key = key; + this.val = val; + } + + public T getKey() { + return key; + } + + public Q getVal() { + return val; + } + + @SuppressWarnings("unchecked") + public boolean equals(Object other) { + if (other instanceof Tupel) { + Tupel ot = (Tupel) other; + return (key.equals(ot.key) && val.equals(ot.val)); + } + return false; + } + + public int hashCode() { + return key.hashCode(); + } + } + + public void addParameter(String key, String value) { + paramList.add(new Tupel(key, value)); + } + + public abstract boolean checkParameter(SLCommand cmd); + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxParamChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxParamChecker.java new file mode 100644 index 00000000..33689ae0 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxParamChecker.java @@ -0,0 +1,58 @@ +package at.gv.egiz.bku.accesscontroller; + +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.InfoboxReadCommand; +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; + +public class InfoboxParamChecker extends CommandParamChecker { + private static Log log = LogFactory.getLog(InfoboxParamChecker.class); + + public final static String INFOBOX_ID = "InfoboxIdentifier"; + public final static String PERSON_ID = "PersonIdentifier"; + public final static String DERIVED = "derived"; + + @Override + public boolean checkParameter(SLCommand cmd) { + if (paramList.size() == 0) { + return true; + } + + if (cmd instanceof InfoboxReadCommand) { + InfoboxReadCommand irc = (InfoboxReadCommand) cmd; + for (Tupel param : paramList) { + if (param.getKey().equals(INFOBOX_ID)) { + if (!param.getVal().equals(irc.getInfoboxIdentifier())) { + return false; + } + } else if (param.getKey().equals(PERSON_ID)) { + if (param.getVal().equals(DERIVED)) { + if (irc.getIdentityLinkDomainId() == null) { + return false; + } + } else { + Pattern p = Pattern.compile(param.getVal()); + Matcher m = p.matcher(irc.getIdentityLinkDomainId()); + if (!m.matches()) { + return false; + } + } + + } else { + throw new SLRuntimeException("Cannot handle parameter " + + param.getKey()); + } + } + return true; + } else { + log.error("Cannot handle parameter for command: " + cmd.getName()); + throw new SLRuntimeException("Cannot handle parameters for command: " + + cmd.getName()); + } + } +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java deleted file mode 100644 index 2981d24e..00000000 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java +++ /dev/null @@ -1,14 +0,0 @@ -package at.gv.egiz.bku.accesscontroller; - -/** - * Adds infobox parameter checks - * @author wbauer - * - */ -public class InfoboxRuleChecker extends RuleChecker { - - public InfoboxRuleChecker(String id) { - super(id); - } - -} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java index c59f5b70..b0bf7fac 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java @@ -31,6 +31,7 @@ public class RuleChecker implements AccessChecker { protected Action action; protected UserAction userAction; protected String chainId; + protected CommandParamChecker paramChecker; public RuleChecker(String id) { if (id == null) { @@ -40,27 +41,33 @@ public class RuleChecker implements AccessChecker { } public void setAuthenticationClass(String ac) { - AuthenticationClass tmp = AuthenticationClass.fromString(ac); - if (tmp == null) { - throw new SLRuntimeException("Unknown authentication class " + ac); + if (ac != null) { + AuthenticationClass tmp = AuthenticationClass.fromString(ac); + if (tmp == null) { + throw new SLRuntimeException("Unknown authentication class " + ac); + } + authenticationClass = tmp; } - authenticationClass = tmp; } public void setAction(String ac) { - Action tmp = Action.fromString(ac); - if (tmp == null) { - throw new SLRuntimeException("Unknown action " + ac); + if (ac != null) { + Action tmp = Action.fromString(ac); + if (tmp == null) { + throw new SLRuntimeException("Unknown action " + ac); + } + action = tmp; } - action = tmp; } public void setUserAction(String uac) { - UserAction tmp = UserAction.fromString(uac); - if (tmp == null) { - throw new SLRuntimeException("Unknown user action " + uac); + if (uac != null) { + UserAction tmp = UserAction.fromString(uac); + if (tmp == null) { + throw new SLRuntimeException("Unknown user action " + uac); + } + userAction = tmp; } - userAction = tmp; } public void setChainId(String chainId) { @@ -76,6 +83,22 @@ public class RuleChecker implements AccessChecker { public void setCommandName(String commandName) { this.commandName = commandName; commandNamePattern = Pattern.compile(commandName); + paramChecker = AccessControllerFactory.getInstance().createParamChecker( + commandName); + } + + /** + * Make sure to set the commandName first + * + * @param key + * @param value + */ + public void addParameter(String key, String value) { + if (paramChecker == null) { + throw new IllegalArgumentException("Cannot set parameters for command " + + commandName); + } + paramChecker.addParameter(key, value); } public String getId() { @@ -83,22 +106,30 @@ public class RuleChecker implements AccessChecker { } protected boolean matchAuthenticationClass(AuthenticationClass cls) { - if (this.authenticationClass == null) { + if ((this.authenticationClass == null) || (cls == null)) { return true; } return this.authenticationClass.compareTo(cls) <= 0; } protected boolean matchCommandName(SLCommand cmd) { - if (commandName == null) { + if ((commandName == null) || (cmd == null)) { return true; } Matcher matcher = commandNamePattern.matcher(cmd.getName()); - return matcher.matches(); + if (matcher.matches()) { + if (paramChecker != null) { + return paramChecker.checkParameter(cmd); + } else { + return true; + } + } else { + return false; + } } protected boolean matchPeerId(String peerUrl) { - if (peerId == null) { + if ((peerId == null) || (peerUrl == null)) { return true; } if (peerType == PEER_TYPE.URL) { @@ -110,7 +141,8 @@ public class RuleChecker implements AccessChecker { if (peerType == PEER_TYPE.HOST) { try { String host = url.getHost(); - String hostName = InetAddress.getByName(host).getCanonicalHostName(); + String hostName = InetAddress.getByName(host) + .getCanonicalHostName(); Matcher matcher = peerIdPattern.matcher(hostName); return matcher.matches(); } catch (UnknownHostException e) { @@ -143,9 +175,13 @@ public class RuleChecker implements AccessChecker { && matchPeerId(checkCtx.getPeerUrl())) { log.debug("Match found for rule: " + id); return new RuleResult(action, userAction, true, chainId); - } + } log.debug("No match found for rule: " + id); return new RuleResult(action, userAction, false, chainId); } + public String getChainId() { + return chainId; + } + } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java new file mode 100644 index 00000000..32242772 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java @@ -0,0 +1,102 @@ +package at.gv.egiz.bku.accesscontroller; + +import java.io.InputStream; + +import javax.xml.bind.JAXBException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLSourceContext; +import at.gv.egiz.bku.slcommands.SLTargetContext; + +/** + * Facade for the access controller + */ +public class SecurityManagerFacade { + + private static Log log = LogFactory.getLog(SecurityManagerFacade.class); + + private boolean allowUnmatched = false; + private ChainChecker inputFilter = null; + private ChainChecker outputFilter = null; + + public boolean mayInvokeCommand(SLCommand cmd, SLSourceContext ctx) { + if (inputFilter != null) { + AuthenticationClass ac = AuthenticationClassifier.getAuthenticationClass( + ctx.isSourceIsDataURL(), ctx.getSourceUrl(), ctx + .getSourceCertificate()); + AccessCheckerContext acc = new AccessCheckerContext(cmd, ac, ctx + .getSourceUrl().toString()); + try { + ChainResult cr = inputFilter.check(acc); + if (cr.matchFound()) { + if (cr.getAction() == Action.ALLOW) { + return true; + } else { + return false; + } + } else { + return allowUnmatched; + } + } catch (Exception e) { + log.error(e); + return false; + } + } else { + log.warn("No input chain defined"); + return allowUnmatched; + } + } + + public boolean maySendResult(SLCommand cmd, SLTargetContext ctx) { + if (outputFilter != null) { + AuthenticationClass ac = AuthenticationClassifier.getAuthenticationClass( + ctx.isTargetIsDataURL(), ctx.getTargetUrl(), ctx + .getTargetCertificate()); + AccessCheckerContext acc = new AccessCheckerContext(cmd, ac, ctx + .getTargetUrl().toString()); + try { + ChainResult cr = outputFilter.check(acc); + if (cr.matchFound()) { + if (cr.getAction() == Action.ALLOW) { + return true; + } else { + return false; + } + } else { + return allowUnmatched; + } + } catch (Exception e) { + log.error(e); + return false; + } + } else { + log.warn("No output chain defined"); + return allowUnmatched; + } + } + + /** + * Default policy if not match was found + * + * @param allow + */ + public void setAllowUnmatched(boolean allow) { + this.allowUnmatched = allow; + } + + public void init(InputStream is) { + inputFilter = null; + outputFilter = null; + AccessControllerFactory fab = AccessControllerFactory.getInstance(); + try { + fab.init(is); + } catch (JAXBException e) { + log.error(e); + } + inputFilter = fab.getChainChecker(AccessControllerFactory.INPUT_CHAIN); + outputFilter = fab.getChainChecker(AccessControllerFactory.OUTPUT_CHAIN); + } +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java index a4e5bd90..ed37f08f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java @@ -16,6 +16,7 @@ */ package at.gv.egiz.bku.binding; +import java.net.MalformedURLException; import java.util.Locale; import java.util.Set; @@ -34,28 +35,28 @@ public interface BindingProcessorManager { * FactoryMethod creating a new BindingProcessor object. * The created binding processor must be passed to the process method to execute. * - * @param protcol - * the transport binding protocol + * @param urlString + * the source url * @param aSessionId * optional an external sessionId (e.g. http session) could be * provided. This parameter may be null. * @param locale the locale used for user interaction, may be null */ - public BindingProcessor createBindingProcessor(String protcol, - String aSessionId, Locale locale); + public BindingProcessor createBindingProcessor(String urlString, + String aSessionId, Locale locale) throws MalformedURLException; /** * FactoryMethod creating a new BindingProcessor object. * The created binding processor must be passed to the process method to execute. * * @param protcol - * the transport binding protocol + * the source url * @param aSessionId * optional an external sessionId (e.g. http session) could be * provided. This parameter may be null. */ - public BindingProcessor createBindingProcessor(String protcol, - String aSessionId); + public BindingProcessor createBindingProcessor(String urlString, + String aSessionId) throws MalformedURLException; /** diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java index 7a3b1bb9..6f5ca2d2 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java @@ -16,6 +16,8 @@ */ package at.gv.egiz.bku.binding; +import java.net.MalformedURLException; +import java.net.URL; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; @@ -152,20 +154,22 @@ public class BindingProcessorManagerImpl implements BindingProcessorManager { /** * Uses the default locale */ - public BindingProcessor createBindingProcessor(String protocol, - String aSessionId) { - return createBindingProcessor(protocol, aSessionId, null); + public BindingProcessor createBindingProcessor(String srcUrl, + String aSessionId) throws MalformedURLException { + return createBindingProcessor(srcUrl, aSessionId, null); } /** * FactoryMethod creating a new BindingProcessor object. * * @param protocol - * must not be null + * must not be null + * @throws MalformedURLException */ - public BindingProcessor createBindingProcessor(String protocol, - String aSessionId, Locale locale) { - String low = protocol.toLowerCase(); + public BindingProcessor createBindingProcessor(String srcUrl, + String aSessionId, Locale locale) throws MalformedURLException { + URL url = new URL(srcUrl); + String low = url.getProtocol().toLowerCase(); Protocol proto = null; for (int i = 0; i < SUPPORTED_PROTOCOLS.length; i++) { if (SUPPORTED_PROTOCOLS[i].toString().equals(low)) { @@ -177,7 +181,7 @@ public class BindingProcessorManagerImpl implements BindingProcessorManager { throw new UnsupportedOperationException(); } BindingProcessor bindingProcessor = new HTTPBindingProcessor(aSessionId, - commandInvokerClass.newInstance(), proto); + commandInvokerClass.newInstance(), url); STAL stal = stalFactory.createSTAL(); bindingProcessor.init(stal, commandInvokerClass.newInstance()); if (locale != null) { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnection.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnection.java index e6d5e075..6d654639 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnection.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnection.java @@ -16,12 +16,13 @@ */ package at.gv.egiz.bku.binding; -import java.io.IOException; -import java.io.InputStream; -import java.net.SocketTimeoutException; -import java.security.cert.X509Certificate; - -import at.gv.egiz.bku.slcommands.SLResult; +import java.io.IOException; +import java.io.InputStream; +import java.net.SocketTimeoutException; +import java.net.URL; +import java.security.cert.X509Certificate; + +import at.gv.egiz.bku.slcommands.SLResult; /** * Transmit a security layer result to DataURL via HTTP POST, encoded as multipart/form-data. @@ -41,7 +42,9 @@ public interface DataUrlConnection { public static final String XML_RESPONSE_ENCODING = "UTF-8"; - public String getProtocol(); + public String getProtocol(); + + public URL getUrl(); /** * Set a HTTP Header. diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index 134d765e..9f5d70cb 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -212,5 +212,10 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { @Override public DataUrlConnectionSPI newInstance() { return new DataUrlConnectionImpl(); - } + } + + @Override + public URL getUrl() { + return url; + } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java index b79f7d55..19f22126 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java @@ -1,820 +1,818 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.binding; - -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.Reader; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Locale; -import java.util.Map; - -import javax.net.ssl.SSLHandshakeException; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.URIResolver; -import javax.xml.transform.stream.StreamResult; -import javax.xml.transform.stream.StreamSource; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.SLCommand; -import at.gv.egiz.bku.slcommands.SLCommandContext; -import at.gv.egiz.bku.slcommands.SLCommandFactory; -import at.gv.egiz.bku.slcommands.SLCommandInvoker; -import at.gv.egiz.bku.slcommands.SLResult; -import at.gv.egiz.bku.slcommands.SLSourceContext; -import at.gv.egiz.bku.slcommands.SLTargetContext; -import at.gv.egiz.bku.slcommands.impl.ErrorResultImpl; -import at.gv.egiz.bku.slexceptions.SLBindingException; -import at.gv.egiz.bku.slexceptions.SLCanceledException; -import at.gv.egiz.bku.slexceptions.SLException; -import at.gv.egiz.bku.slexceptions.SLRuntimeException; -import at.gv.egiz.bku.utils.StreamUtil; -import at.gv.egiz.bku.utils.binding.Protocol; -import at.gv.egiz.bku.utils.urldereferencer.FormDataURLSupplier; -import at.gv.egiz.bku.utils.urldereferencer.SimpleFormDataContextImpl; -import at.gv.egiz.bku.utils.urldereferencer.StreamData; -import at.gv.egiz.bku.utils.urldereferencer.URIResolverAdapter; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; -import at.gv.egiz.stal.QuitRequest; -import at.gv.egiz.stal.STALRequest; - -/** - * Class performing the HTTP binding as defined by the CCE specification. - * Currently a huge monolithic class. - * @TODO refactor - */ -@SuppressWarnings("unchecked") -public class HTTPBindingProcessor extends AbstractBindingProcessor implements - FormDataURLSupplier { - - private static Log log = LogFactory.getLog(HTTPBindingProcessor.class); - - private static enum State { - INIT, PROCESS, DATAURL, TRANSFORM, FINISHED - }; - - public final static Collection XML_REQ_TRANSFER_ENCODING = Arrays - .asList(new String[] { "binary" }); - - /** - * Defines the maximum number of dataurl connects that are allowed within a - * single SL Request processing. - */ - protected static int MAX_DATAURL_HOPS = 10; - - protected static String XML_MIME_TYPE = "text/xml"; - protected static String BINARY_MIME_TYPE = "application/octet-stream"; - - /** - * If null everything is ok and the result is taken from the command invoker. - */ - protected SLException bindingProcessorError; - protected SLCommandInvoker commandInvoker; - protected DataUrlResponse dataUrlResponse; - protected Map headerMap = Collections.EMPTY_MAP; - protected SLCommand slCommand; - protected Map formParameterMap = new HashMap(); - protected SLSourceContext srcContex = new SLSourceContext(); - protected SLTargetContext targetContext = new SLTargetContext(); - protected Protocol protocol; - protected State currentState = State.INIT; - protected Transformer transformer = null; - protected String resultContentType = null; - protected SLResult slResult = null; - protected int responseCode = 200; - protected Map responseHeaders = Collections.EMPTY_MAP; - protected Locale locale = Locale.getDefault(); - - /** - * - * @param id - * may be null. In this case a new session id will be created. - * @param cmdInvoker - * must not be null; - */ - public HTTPBindingProcessor(String id, SLCommandInvoker cmdInvoker, - Protocol protocol) { - super(id); - if ((protocol != Protocol.HTTP) && (protocol != Protocol.HTTPS)) { - throw new SLRuntimeException("Protocol not supported: " + protocol); - } - if (cmdInvoker == null) { - throw new NullPointerException("Commandinvoker cannot be set to null"); - } - commandInvoker = cmdInvoker; - this.protocol = protocol; - srcContex.setSourceProtocol(protocol); - srcContex.setSourceIsDataURL(false); - } - - //---------------------------------------------------------------------------- - // ----------- BEGIN CONVENIENCE METHODS ----------- - - protected void sendSTALQuit() { - log.info("Sending QUIT command to STAL"); - List quit = new ArrayList(1); - quit.add(new QuitRequest()); - getSTAL().handleRequest(quit); - } - - protected String getFormParameterAsString(String formParameterName) { - FormParameter fp = formParameterMap.get(formParameterName); - return getFormParameterAsString(fp); - } - - protected String getFormParameterAsString(FormParameter fp) { - if (fp == null) { - return null; - } - try { - return StreamUtil.asString(fp.getFormParameterValue(), HttpUtil - .getCharset(fp.getFormParameterContentType(), true)); - } catch (IOException e) { - return null; - } - } - - protected String getDataUrl() { - return getFormParameterAsString(FixedFormParameters.DATAURL); - } - - protected String getStyleSheetUrl() { - return getFormParameterAsString(FixedFormParameters.STYLESHEETURL); - } - - protected List getFormParameters(String parameterNamePostfix) { - List resultList = new ArrayList(); - for (Iterator fpi = formParameterMap.keySet().iterator(); fpi - .hasNext();) { - String paramName = fpi.next(); - if (paramName.endsWith(parameterNamePostfix)) { - resultList.add(formParameterMap.get(paramName)); - } - } - return resultList; - } - - protected List getTransferHeaders() { - return getFormParameters("__"); - } - - protected List getTransferForms() { - List resultList = new ArrayList(); - for (Iterator fpi = formParameterMap.keySet().iterator(); fpi - .hasNext();) { - String paramName = fpi.next(); - if ((paramName.endsWith("_")) && (!paramName.endsWith("__"))) { - resultList.add(formParameterMap.get(paramName)); - } - } - return resultList; - } - - protected void closeDataUrlConnection() { - log.debug("Closing data url input stream"); - if (dataUrlResponse == null) { - return; - } - InputStream is = dataUrlResponse.getStream(); - if (is != null) { - try { - is.close(); - } catch (IOException e) { - log.info("Error closing input stream to dataurl server:" + e); - } - } - } - - //---------------------------------------------------------------------------- - // ----------- END CONVENIENCE METHODS ----------- - - //---------------------------------------------------------------------------- - // -- BEGIN Methods that handle the http binding activities as defined in the - // activity diagram -- - - protected void init() { - log.info("Starting Bindingprocessor in Thread: " - + Thread.currentThread().getId()); - if (bindingProcessorError != null) { - log.debug("Detected binding processor error, sending quit command"); - // sendSTALQuit(); - currentState = State.FINISHED; - } else if (slCommand == null) { - log.error("SLCommand not set (consumeRequest not called ??)"); - bindingProcessorError = new SLException(2000); - // sendSTALQuit(); - currentState = State.FINISHED; - } else { - currentState = State.PROCESS; - } - } - - protected void processRequest() { - log.debug("Entered State: " + State.PROCESS); - log.debug("Processing command: " + slCommand); - commandInvoker.setCommand(slCommand); - responseCode = 200; - responseHeaders = Collections.EMPTY_MAP; - try { - commandInvoker.invoke(srcContex); - } catch (SLCanceledException e) { - log.info("Caught exception: " + e); - bindingProcessorError = e; - currentState = State.TRANSFORM; - } - dataUrlResponse = null; - if (getDataUrl() != null) { - log.debug("Data Url set to: " + getDataUrl()); - currentState = State.DATAURL; - } else { - log.debug("No data url set"); - currentState = State.TRANSFORM; - } - } - - protected void handleDataUrl() { - log.debug("Entered State: " + State.DATAURL); - try { - DataUrl dataUrl = new DataUrl(getDataUrl()); - DataUrlConnection conn = dataUrl.openConnection(); - - // set transfer headers - for (FormParameter fp : getTransferHeaders()) { - String paramString = getFormParameterAsString(fp); - if (paramString == null) { - log.error("Got empty transfer header, ignoring this"); - } else { - String[] keyVal = paramString.split(":", 2); - String key = keyVal[0]; - String val = null; - if (keyVal.length == 2) { - val = keyVal[1]; - } - val = val.trim(); - log.debug("Setting header " + key + " to value " + val); - conn.setHTTPHeader(key, val); - } - } - - // set transfer form parameters - for (FormParameter fp : getTransferForms()) { - String contentTransferEncoding = null; - String contentType = fp.getFormParameterContentType(); - String charSet = HttpUtil.getCharset(contentType, false); - if (charSet != null) { - contentType = contentType.substring(0, contentType - .lastIndexOf(HttpUtil.SEPERATOR[0])); - } - for (Iterator header = fp.getHeaderNames(); header.hasNext();) { - if (HttpUtil.CONTENT_TRANSFER_ENCODING - .equalsIgnoreCase(header.next())) { - contentTransferEncoding = getFormParameterAsString(fp); - } - } - log.debug("Setting form: " + fp.getFormParameterName() - + " contentType: " + contentType + " charset: " + charSet - + " contentTransferEncoding: " + contentTransferEncoding); - conn.setHTTPFormParameter(fp.getFormParameterName(), fp - .getFormParameterValue(), contentType, charSet, - contentTransferEncoding); - } - - // connect - conn.connect(); - // fetch and set SL result - targetContext.setTargetIsDataURL(true); - targetContext.setTargetCertificate(conn.getServerCertificate()); - targetContext.setTargetProtocol(conn.getProtocol()); - SLResult result = commandInvoker.getResult(targetContext); - - // transfer result - conn.transmit(result); - - // process Dataurl response - dataUrlResponse = conn.getResponse(); - log.debug("Received data url response code: " - + dataUrlResponse.getResponseCode()); - protocol = Protocol.fromString(conn.getProtocol()); - - switch (dataUrlResponse.getResponseCode()) { - case 200: - String contentType = dataUrlResponse.getContentType(); - log.debug("Got dataurl response content type: " + contentType); - if (contentType != null) { - if ((contentType.startsWith(HttpUtil.APPLICATION_URL_ENCODED)) - || (contentType.startsWith(HttpUtil.MULTIPART_FOTMDATA))) { - log.debug("Detected SL Request in dataurl response"); - // process headers and request - setHTTPHeaders(dataUrlResponse.getResponseHeaders()); - consumeRequestStream(dataUrlResponse.getStream()); - closeDataUrlConnection(); - srcContex.setSourceCertificate(conn.getServerCertificate()); - srcContex.setSourceIsDataURL(true); - srcContex - .setSourceProtocol(Protocol.fromString(conn.getProtocol())); - currentState = State.PROCESS; - } else if (((contentType.startsWith(HttpUtil.TXT_HTML)) - || (contentType.startsWith(HttpUtil.TXT_PLAIN)) || (contentType - .startsWith(HttpUtil.TXT_XML))) - && (dataUrlResponse.isHttpResponseXMLOK())) { - log.info("Dataurl response matches with content type: " - + contentType); - currentState = State.TRANSFORM; - - } else if ((contentType.startsWith(HttpUtil.TXT_XML)) - && (!dataUrlResponse.isHttpResponseXMLOK())) { - log - .debug("Detected text/xml dataurl response with content != "); - headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); - assignXMLRequest(dataUrlResponse.getStream(), HttpUtil.getCharset( - contentType, true)); - closeDataUrlConnection(); - srcContex.setSourceCertificate(conn.getServerCertificate()); - srcContex.setSourceIsDataURL(true); - srcContex - .setSourceProtocol(Protocol.fromString(conn.getProtocol())); - currentState = State.PROCESS; - // just to be complete, actually not used - srcContex.setSourceHTTPReferer(dataUrlResponse.getResponseHeaders() - .get(HttpUtil.HTTP_HEADER_REFERER)); - } else { - resultContentType = contentType; - responseHeaders = dataUrlResponse.getResponseHeaders(); - responseCode = dataUrlResponse.getResponseCode(); - currentState = State.FINISHED; - } - } else { - log.debug("Content type not set in dataurl response"); - closeDataUrlConnection(); - throw new SLBindingException(2007); - } - - break; - case 307: - contentType = dataUrlResponse.getContentType(); - if ((contentType != null) && (contentType.startsWith(HttpUtil.TXT_XML))) { - log.debug("Received dataurl response code 307 with XML content"); - String location = dataUrlResponse.getResponseHeaders().get( - HttpUtil.HTTP_HEADER_LOCATION); - if (location == null) { - log - .error("Did not get a location header for a 307 data url response"); - throw new SLBindingException(2003); - } - // consumeRequestStream(dataUrlResponse.getStream()); - FormParameterStore fp = new FormParameterStore(); - fp.init(location.getBytes(HttpUtil.DEFAULT_CHARSET), - FixedFormParameters.DATAURL, null, null); - formParameterMap.put(FixedFormParameters.DATAURL, fp); - headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); - assignXMLRequest(dataUrlResponse.getStream(), HttpUtil.getCharset( - dataUrlResponse.getContentType(), true)); - closeDataUrlConnection(); - srcContex.setSourceCertificate(conn.getServerCertificate()); - srcContex.setSourceIsDataURL(true); - srcContex.setSourceProtocol(Protocol.fromString(conn.getProtocol())); - currentState = State.PROCESS; - // just to be complete, actually not used - srcContex.setSourceHTTPReferer(dataUrlResponse.getResponseHeaders() - .get(HttpUtil.HTTP_HEADER_REFERER)); - - } else { - log.debug("Received dataurl response code 307 non XML content: " - + dataUrlResponse.getContentType()); - resultContentType = dataUrlResponse.getContentType(); - currentState = State.FINISHED; - } - responseHeaders = dataUrlResponse.getResponseHeaders(); - responseCode = dataUrlResponse.getResponseCode(); - break; - - case 301: - case 302: - case 303: - responseHeaders = dataUrlResponse.getResponseHeaders(); - responseCode = dataUrlResponse.getResponseCode(); - resultContentType = dataUrlResponse.getContentType(); - currentState = State.FINISHED; - break; - - default: - // issue error - log.info("Unexpected response code from dataurl server: " - + dataUrlResponse.getResponseCode()); - throw new SLBindingException(2007); - } - - } catch (SLException slx) { - bindingProcessorError = slx; - log.error("Error during dataurl communication"); - resultContentType = HttpUtil.TXT_XML; - currentState = State.TRANSFORM; - } catch (SSLHandshakeException hx) { - bindingProcessorError = new SLException(2010); - log.info("Error during dataurl communication", hx); - resultContentType = HttpUtil.TXT_XML; - currentState = State.TRANSFORM; - } catch (IOException e) { - bindingProcessorError = new SLBindingException(2001); - log.error("Error while data url handling", e); - resultContentType = HttpUtil.TXT_XML; - currentState = State.TRANSFORM; - return; - } - } - - protected void transformResult() { - log.debug("Entered State: " + State.TRANSFORM); - if (bindingProcessorError != null) { - resultContentType = HttpUtil.TXT_XML; - } else if (dataUrlResponse != null) { - resultContentType = dataUrlResponse.getContentType(); - } else { - targetContext.setTargetIsDataURL(false); - targetContext.setTargetProtocol(protocol.toString()); - try { - slResult = commandInvoker.getResult(targetContext); - resultContentType = slResult.getMimeType(); - log - .debug("Successfully got SLResult from commandinvoker, setting mimetype to: " - + resultContentType); - } catch (SLCanceledException e) { - log.info("Cannot get result from invoker:", e); - bindingProcessorError = new SLException(6002); - resultContentType = HttpUtil.TXT_XML; - } - } - transformer = getTransformer(getStyleSheetUrl()); - if (transformer != null) { - log.debug("Output transformation required"); - resultContentType = transformer.getOutputProperty("media-type"); - log.debug("Got media type from stylesheet: " + resultContentType); - if (resultContentType == null) { - log.debug("Setting to default text/xml result conent type"); - resultContentType = "text/xml"; - } - log.debug("Deferring sytylesheet processing"); - } - currentState = State.FINISHED; - } - - protected void finished() { - log.debug("Entered State: " + State.FINISHED); - if (bindingProcessorError != null) { - log.debug("Binding processor error, sending quit command"); - resultContentType = HttpUtil.TXT_XML; - } - sendSTALQuit(); - log.info("Terminating Bindingprocessor; Thread: " - + Thread.currentThread().getId()); - } - - // -- END Methods that handle the http binding activities as defined in the - // activity diagram -- - //---------------------------------------------------------------------------- - - /** - * Sets the headers of the SL Request. IMPORTANT: make sure to set all headers - * before invoking {@link #consumeRequestStream(InputStream)} - * - * @param aHeaderMap - * if null all header will be cleared. - */ - public void setHTTPHeaders(Map aHeaderMap) { - headerMap = new HashMap(); - // ensure lowercase keys - if (aHeaderMap != null) { - for (String s : aHeaderMap.keySet()) { - if (s != null) { - headerMap.put(s.toLowerCase(), aHeaderMap.get(s)); - if (s.equalsIgnoreCase(HttpUtil.HTTP_HEADER_REFERER)) { - String referer = aHeaderMap.get(s); - log.debug("Got referer header: " + referer); - srcContex.setSourceHTTPReferer(referer); - } - } - } - } - } - - public void setSourceCertificate(X509Certificate aCert) { - srcContex.setSourceCertificate(aCert); - } - - /** - * The HTTPBindingProcessor does not handle redirect URLs. It only provides - * the parameter. - * - * @return null if redirect url is not set. - */ - public String getRedirectURL() { - return getFormParameterAsString(FixedFormParameters.REDIRECTURL); - } - - public String getFormDataContentType(String aParameterName) { - FormParameter fp = formParameterMap.get(aParameterName); - if (fp != null) { - return fp.getFormParameterContentType(); - } - return null; - } - - public InputStream getFormData(String aParameterName) { - FormParameter fp = formParameterMap.get(aParameterName); - if (fp != null) { - return fp.getFormParameterValue(); - } - return null; - } - - protected void assignXMLRequest(InputStream is, String charset) - throws IOException, SLException { - Reader r = new InputStreamReader(is, charset); - StreamSource source = new StreamSource(r); - SLCommandContext commandCtx = new SLCommandContext(); - commandCtx.setSTAL(getSTAL()); - commandCtx.setURLDereferencerContext(new SimpleFormDataContextImpl(this)); - slCommand = SLCommandFactory.getInstance().createSLCommand(source, - commandCtx); - log.debug("Created new command: " + slCommand); - } - - @Override - public void run() { - boolean done = false; - int hopcounter = 0; - if (bindingProcessorError != null) { - currentState = State.FINISHED; - } - try { - while (!done) { - try { - switch (currentState) { - case INIT: - init(); - break; - case PROCESS: - processRequest(); - break; - case DATAURL: - handleDataUrl(); - if (++hopcounter > MAX_DATAURL_HOPS) { - log.error("Maximum number of dataurl hops reached"); - bindingProcessorError = new SLBindingException(2000); - currentState = State.FINISHED; - } - break; - case TRANSFORM: - transformResult(); - break; - case FINISHED: - done = true; - finished(); - break; - } - } catch (RuntimeException rte) { - throw rte; - } catch (Exception t) { - log.error("Caught unexpected exception", t); - responseCode = 200; - resultContentType = HttpUtil.TXT_XML; - responseHeaders = Collections.EMPTY_MAP; - bindingProcessorError = new SLException(2000); - currentState = State.FINISHED; - } - } - } catch (Throwable t) { - log.error("Caught unexpected exception", t); - responseCode = 200; - resultContentType = HttpUtil.TXT_XML; - responseHeaders = Collections.EMPTY_MAP; - bindingProcessorError = new SLException(2000); - currentState = State.FINISHED; - } - log.debug("Terminated http binding processor"); - } - - @Override - public void consumeRequestStream(InputStream is) { - try { - log.debug("Start consuming request stream"); - formParameterMap.clear(); - String cl = headerMap - .get(HttpUtil.HTTP_HEADER_CONTENT_TYPE.toLowerCase()); - if (cl == null) { - log.info("No content type set in http header"); - throw new SLBindingException(2006); - } - InputDecoder id = InputDecoderFactory.getDecoder(cl, is); - id.setContentType(cl); - if (id == null) { - log.error("Cannot get inputdecoder for is"); - throw new SLException(2006); - } - for (Iterator fpi = id.getFormParameterIterator(); fpi - .hasNext();) { - FormParameter fp = fpi.next(); - log.debug("Got request parameter with name: " - + fp.getFormParameterName()); - if (fp.getFormParameterName().equals(FixedFormParameters.XMLREQUEST)) { - log.debug("Creating XML Request"); - for (Iterator headerIterator = fp.getHeaderNames(); headerIterator - .hasNext();) { - String headerName = headerIterator.next(); - if (HttpUtil.CONTENT_TRANSFER_ENCODING.equalsIgnoreCase(headerName)) { - String transferEncoding = fp.getHeaderValue(headerName); - log.debug("Got transfer encoding for xmlrequest: " - + transferEncoding); - if (XML_REQ_TRANSFER_ENCODING.contains(transferEncoding)) { - log.debug("Supported transfer encoding: " + transferEncoding); - } else { - log - .error("Transferencoding not supported: " - + transferEncoding); - throw new SLBindingException(2005); - } - } - } - String charset = HttpUtil.getCharset(cl, true); - assignXMLRequest(fp.getFormParameterValue(), charset); - } else { - FormParameterStore fps = new FormParameterStore(); - fps.init(fp); - if (!fps.isEmpty()) { - log.debug("Setting from parameter: " + fps.getFormParameterName()); - formParameterMap.put(fps.getFormParameterName(), fps); - } - } - } - if (slCommand == null) { - throw new SLBindingException(2004); - } - if (is.read() != -1) { - log.error("Request input stream not completely read"); - // consume rest of stream, should never occur - throw new SLRuntimeException( - "request input stream not consumed till end"); - } - } catch (SLException slx) { - log.info("Error while consuming input stream " + slx); - bindingProcessorError = slx; - } catch (Throwable t) { - log.info("Error while consuming input stream " + t, t); - bindingProcessorError = new SLException(2000); - } finally { - try { - while (is.read() != -1) - ; - } catch (IOException e) { - log.error(e); - } - } - } - - @Override - public String getResultContentType() { - return resultContentType; - } - - protected Transformer getTransformer(String styleSheetURL) { - if (styleSheetURL == null) { - log.debug("Stylesheet URL not set"); - return null; - } - try { - URLDereferencerContext urlCtx = new SimpleFormDataContextImpl(this); - URIResolver resolver = new URIResolverAdapter(URLDereferencer - .getInstance(), urlCtx); - TransformerFactory factory = TransformerFactory.newInstance(); - StreamData sd = URLDereferencer.getInstance().dereference(styleSheetURL, - urlCtx); - Transformer t = factory.newTransformer(new StreamSource(sd.getStream())); - t.setURIResolver(resolver); - return t; - } catch (Exception ex) { - log.info("Cannot instantiate transformer", ex); - bindingProcessorError = new SLException(2002); - return null; - } - } - - protected void handleBindingProcessorError(OutputStream os, String encoding, - Transformer transformer) throws IOException { - log.debug("Writing error as result"); - ErrorResultImpl error = new ErrorResultImpl(bindingProcessorError); - try { - error.writeTo(new StreamResult(new OutputStreamWriter(os, encoding)), - transformer); - } catch (TransformerException e) { - log.fatal("Cannot write error result to stream", e); - } - } - - @Override - public void writeResultTo(OutputStream os, String encoding) - throws IOException { - if (encoding == null) { - encoding = HttpUtil.DEFAULT_CHARSET; - } - if (bindingProcessorError != null) { - log.debug("Detected error in binding processor, writing error as result"); - handleBindingProcessorError(os, encoding, transformer); - return; - } else if (dataUrlResponse != null) { - log.debug("Writing data url response as result"); - String charEnc = HttpUtil.getCharset(dataUrlResponse.getContentType(), - true); - InputStreamReader isr = new InputStreamReader( - dataUrlResponse.getStream(), charEnc); - OutputStreamWriter osw = new OutputStreamWriter(os, encoding); - if (transformer == null) { - StreamUtil.copyStream(isr, osw); - } else { - try { - transformer.transform(new StreamSource(isr), new StreamResult(osw)); - } catch (TransformerException e) { - log.fatal("Exception occured during result transformation", e); - // bindingProcessorError = new SLException(2008); - // handleBindingProcessorError(os, encoding, null); - return; - } - } - osw.flush(); - isr.close(); - } else if (slResult == null) { - // result not yet assigned -> must be a cancel - bindingProcessorError = new SLException(6001); - handleBindingProcessorError(os, encoding, transformer); - return; - } else { - log.debug("Getting result from invoker"); - OutputStreamWriter osw = new OutputStreamWriter(os, encoding); - try { - slResult.writeTo(new StreamResult(osw), transformer); - } catch (TransformerException e) { - log.fatal("Cannot write result to stream", e); - // bindingProcessorError = new SLException(2008); - // handleBindingProcessorError(os, encoding, transformer); - } - osw.flush(); - } - } - - /** - * The response code from the dataurl server or 200 if no dataurl server - * created the result - * - * @return - */ - public int getResponseCode() { - return responseCode; - } - - /** - * All headers from the data url server in case of a direct forward from the - * dataurl server. - * - * @return - */ - public Map getResponseHeaders() { - return responseHeaders; - } - - @Override - public void setLocale(Locale locale) { - if (locale == null) { - throw new NullPointerException("Locale must not be set to null"); - } - this.locale = locale; - } - + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.binding; + +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.Reader; +import java.net.URL; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; + +import javax.net.ssl.SSLHandshakeException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.URIResolver; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slcommands.SLCommandFactory; +import at.gv.egiz.bku.slcommands.SLCommandInvoker; +import at.gv.egiz.bku.slcommands.SLResult; +import at.gv.egiz.bku.slcommands.SLSourceContext; +import at.gv.egiz.bku.slcommands.SLTargetContext; +import at.gv.egiz.bku.slcommands.impl.ErrorResultImpl; +import at.gv.egiz.bku.slexceptions.SLBindingException; +import at.gv.egiz.bku.slexceptions.SLException; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.bku.utils.binding.Protocol; +import at.gv.egiz.bku.utils.urldereferencer.FormDataURLSupplier; +import at.gv.egiz.bku.utils.urldereferencer.SimpleFormDataContextImpl; +import at.gv.egiz.bku.utils.urldereferencer.StreamData; +import at.gv.egiz.bku.utils.urldereferencer.URIResolverAdapter; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; +import at.gv.egiz.stal.QuitRequest; +import at.gv.egiz.stal.STALRequest; + +/** + * Class performing the HTTP binding as defined by the CCE specification. + * Currently a huge monolithic class. + * + * @TODO refactor + */ +@SuppressWarnings("unchecked") +public class HTTPBindingProcessor extends AbstractBindingProcessor implements + FormDataURLSupplier { + + private static Log log = LogFactory.getLog(HTTPBindingProcessor.class); + + private static enum State { + INIT, PROCESS, DATAURL, TRANSFORM, FINISHED + }; + + public final static Collection XML_REQ_TRANSFER_ENCODING = Arrays + .asList(new String[] { "binary" }); + + /** + * Defines the maximum number of dataurl connects that are allowed within a + * single SL Request processing. + */ + protected static int MAX_DATAURL_HOPS = 10; + + protected static String XML_MIME_TYPE = "text/xml"; + protected static String BINARY_MIME_TYPE = "application/octet-stream"; + + /** + * If null everything is ok and the result is taken from the command invoker. + */ + protected SLException bindingProcessorError; + protected SLCommandInvoker commandInvoker; + protected DataUrlResponse dataUrlResponse; + protected Map headerMap = Collections.EMPTY_MAP; + protected SLCommand slCommand; + protected Map formParameterMap = new HashMap(); + protected SLSourceContext srcContex = new SLSourceContext(); + protected SLTargetContext targetContext = new SLTargetContext(); + protected URL srcUrl; + protected State currentState = State.INIT; + protected Transformer transformer = null; + protected String resultContentType = null; + protected SLResult slResult = null; + protected int responseCode = 200; + protected Map responseHeaders = Collections.EMPTY_MAP; + protected Locale locale = Locale.getDefault(); + + /** + * + * @param id + * may be null. In this case a new session id will be created. + * @param cmdInvoker + * must not be null; + */ + public HTTPBindingProcessor(String id, SLCommandInvoker cmdInvoker, URL source) { + super(id); + this.srcUrl = source; + Protocol protocol = Protocol.fromString(source.getProtocol()); + if ((protocol != Protocol.HTTP) && (protocol != Protocol.HTTPS)) { + throw new SLRuntimeException("Protocol not supported: " + protocol); + } + if (cmdInvoker == null) { + throw new NullPointerException("Commandinvoker cannot be set to null"); + } + commandInvoker = cmdInvoker; + srcContex.setSourceUrl(source); + srcContex.setSourceIsDataURL(false); + } + + //---------------------------------------------------------------------------- + // ----------- BEGIN CONVENIENCE METHODS ----------- + + protected void sendSTALQuit() { + log.info("Sending QUIT command to STAL"); + List quit = new ArrayList(1); + quit.add(new QuitRequest()); + getSTAL().handleRequest(quit); + } + + protected String getFormParameterAsString(String formParameterName) { + FormParameter fp = formParameterMap.get(formParameterName); + return getFormParameterAsString(fp); + } + + protected String getFormParameterAsString(FormParameter fp) { + if (fp == null) { + return null; + } + try { + return StreamUtil.asString(fp.getFormParameterValue(), HttpUtil + .getCharset(fp.getFormParameterContentType(), true)); + } catch (IOException e) { + return null; + } + } + + protected String getDataUrl() { + return getFormParameterAsString(FixedFormParameters.DATAURL); + } + + protected String getStyleSheetUrl() { + return getFormParameterAsString(FixedFormParameters.STYLESHEETURL); + } + + protected List getFormParameters(String parameterNamePostfix) { + List resultList = new ArrayList(); + for (Iterator fpi = formParameterMap.keySet().iterator(); fpi + .hasNext();) { + String paramName = fpi.next(); + if (paramName.endsWith(parameterNamePostfix)) { + resultList.add(formParameterMap.get(paramName)); + } + } + return resultList; + } + + protected List getTransferHeaders() { + return getFormParameters("__"); + } + + protected List getTransferForms() { + List resultList = new ArrayList(); + for (Iterator fpi = formParameterMap.keySet().iterator(); fpi + .hasNext();) { + String paramName = fpi.next(); + if ((paramName.endsWith("_")) && (!paramName.endsWith("__"))) { + resultList.add(formParameterMap.get(paramName)); + } + } + return resultList; + } + + protected void closeDataUrlConnection() { + log.debug("Closing data url input stream"); + if (dataUrlResponse == null) { + return; + } + InputStream is = dataUrlResponse.getStream(); + if (is != null) { + try { + is.close(); + } catch (IOException e) { + log.info("Error closing input stream to dataurl server:" + e); + } + } + } + + //---------------------------------------------------------------------------- + // ----------- END CONVENIENCE METHODS ----------- + + //---------------------------------------------------------------------------- + // -- BEGIN Methods that handle the http binding activities as defined in the + // activity diagram -- + + protected void init() { + log.info("Starting Bindingprocessor in Thread: " + + Thread.currentThread().getId()); + if (bindingProcessorError != null) { + log.debug("Detected binding processor error, sending quit command"); + // sendSTALQuit(); + currentState = State.FINISHED; + } else if (slCommand == null) { + log.error("SLCommand not set (consumeRequest not called ??)"); + bindingProcessorError = new SLException(2000); + // sendSTALQuit(); + currentState = State.FINISHED; + } else { + currentState = State.PROCESS; + } + } + + protected void processRequest() { + log.debug("Entered State: " + State.PROCESS); + log.debug("Processing command: " + slCommand); + commandInvoker.setCommand(slCommand); + responseCode = 200; + responseHeaders = Collections.EMPTY_MAP; + try { + commandInvoker.invoke(srcContex); + } catch (SLException e) { + log.info("Caught exception: " + e); + bindingProcessorError = e; + currentState = State.TRANSFORM; + } + dataUrlResponse = null; + if (getDataUrl() != null) { + log.debug("Data Url set to: " + getDataUrl()); + currentState = State.DATAURL; + } else { + log.debug("No data url set"); + currentState = State.TRANSFORM; + } + } + + protected void handleDataUrl() { + log.debug("Entered State: " + State.DATAURL); + try { + DataUrl dataUrl = new DataUrl(getDataUrl()); + DataUrlConnection conn = dataUrl.openConnection(); + + // set transfer headers + for (FormParameter fp : getTransferHeaders()) { + String paramString = getFormParameterAsString(fp); + if (paramString == null) { + log.error("Got empty transfer header, ignoring this"); + } else { + String[] keyVal = paramString.split(":", 2); + String key = keyVal[0]; + String val = null; + if (keyVal.length == 2) { + val = keyVal[1]; + } + val = val.trim(); + log.debug("Setting header " + key + " to value " + val); + conn.setHTTPHeader(key, val); + } + } + + // set transfer form parameters + for (FormParameter fp : getTransferForms()) { + String contentTransferEncoding = null; + String contentType = fp.getFormParameterContentType(); + String charSet = HttpUtil.getCharset(contentType, false); + if (charSet != null) { + contentType = contentType.substring(0, contentType + .lastIndexOf(HttpUtil.SEPERATOR[0])); + } + for (Iterator header = fp.getHeaderNames(); header.hasNext();) { + if (HttpUtil.CONTENT_TRANSFER_ENCODING + .equalsIgnoreCase(header.next())) { + contentTransferEncoding = getFormParameterAsString(fp); + } + } + log.debug("Setting form: " + fp.getFormParameterName() + + " contentType: " + contentType + " charset: " + charSet + + " contentTransferEncoding: " + contentTransferEncoding); + conn.setHTTPFormParameter(fp.getFormParameterName(), fp + .getFormParameterValue(), contentType, charSet, + contentTransferEncoding); + } + + // connect + conn.connect(); + // fetch and set SL result + targetContext.setTargetIsDataURL(true); + targetContext.setTargetCertificate(conn.getServerCertificate()); + targetContext.setTargetUrl(conn.getUrl()); + SLResult result = commandInvoker.getResult(targetContext); + + // transfer result + conn.transmit(result); + + // process Dataurl response + dataUrlResponse = conn.getResponse(); + log.debug("Received data url response code: " + + dataUrlResponse.getResponseCode()); + + switch (dataUrlResponse.getResponseCode()) { + case 200: + String contentType = dataUrlResponse.getContentType(); + log.debug("Got dataurl response content type: " + contentType); + if (contentType != null) { + if ((contentType.startsWith(HttpUtil.APPLICATION_URL_ENCODED)) + || (contentType.startsWith(HttpUtil.MULTIPART_FOTMDATA))) { + log.debug("Detected SL Request in dataurl response"); + // process headers and request + setHTTPHeaders(dataUrlResponse.getResponseHeaders()); + consumeRequestStream(dataUrlResponse.getStream()); + closeDataUrlConnection(); + srcContex.setSourceCertificate(conn.getServerCertificate()); + srcContex.setSourceIsDataURL(true); + srcContex.setSourceUrl(conn.getUrl()); + currentState = State.PROCESS; + } else if (((contentType.startsWith(HttpUtil.TXT_HTML)) + || (contentType.startsWith(HttpUtil.TXT_PLAIN)) || (contentType + .startsWith(HttpUtil.TXT_XML))) + && (dataUrlResponse.isHttpResponseXMLOK())) { + log.info("Dataurl response matches with content type: " + + contentType); + currentState = State.TRANSFORM; + + } else if ((contentType.startsWith(HttpUtil.TXT_XML)) + && (!dataUrlResponse.isHttpResponseXMLOK())) { + log + .debug("Detected text/xml dataurl response with content != "); + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); + assignXMLRequest(dataUrlResponse.getStream(), HttpUtil.getCharset( + contentType, true)); + closeDataUrlConnection(); + srcContex.setSourceCertificate(conn.getServerCertificate()); + srcContex.setSourceIsDataURL(true); + srcContex.setSourceUrl(conn.getUrl()); + currentState = State.PROCESS; + // just to be complete, actually not used + srcContex.setSourceHTTPReferer(dataUrlResponse.getResponseHeaders() + .get(HttpUtil.HTTP_HEADER_REFERER)); + } else { + resultContentType = contentType; + responseHeaders = dataUrlResponse.getResponseHeaders(); + responseCode = dataUrlResponse.getResponseCode(); + currentState = State.FINISHED; + } + } else { + log.debug("Content type not set in dataurl response"); + closeDataUrlConnection(); + throw new SLBindingException(2007); + } + + break; + case 307: + contentType = dataUrlResponse.getContentType(); + if ((contentType != null) && (contentType.startsWith(HttpUtil.TXT_XML))) { + log.debug("Received dataurl response code 307 with XML content"); + String location = dataUrlResponse.getResponseHeaders().get( + HttpUtil.HTTP_HEADER_LOCATION); + if (location == null) { + log + .error("Did not get a location header for a 307 data url response"); + throw new SLBindingException(2003); + } + // consumeRequestStream(dataUrlResponse.getStream()); + FormParameterStore fp = new FormParameterStore(); + fp.init(location.getBytes(HttpUtil.DEFAULT_CHARSET), + FixedFormParameters.DATAURL, null, null); + formParameterMap.put(FixedFormParameters.DATAURL, fp); + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); + assignXMLRequest(dataUrlResponse.getStream(), HttpUtil.getCharset( + dataUrlResponse.getContentType(), true)); + closeDataUrlConnection(); + srcContex.setSourceCertificate(conn.getServerCertificate()); + srcContex.setSourceIsDataURL(true); + srcContex.setSourceUrl(conn.getUrl()); + currentState = State.PROCESS; + // just to be complete, actually not used + srcContex.setSourceHTTPReferer(dataUrlResponse.getResponseHeaders() + .get(HttpUtil.HTTP_HEADER_REFERER)); + + } else { + log.debug("Received dataurl response code 307 non XML content: " + + dataUrlResponse.getContentType()); + resultContentType = dataUrlResponse.getContentType(); + currentState = State.FINISHED; + } + responseHeaders = dataUrlResponse.getResponseHeaders(); + responseCode = dataUrlResponse.getResponseCode(); + break; + + case 301: + case 302: + case 303: + responseHeaders = dataUrlResponse.getResponseHeaders(); + responseCode = dataUrlResponse.getResponseCode(); + resultContentType = dataUrlResponse.getContentType(); + currentState = State.FINISHED; + break; + + default: + // issue error + log.info("Unexpected response code from dataurl server: " + + dataUrlResponse.getResponseCode()); + throw new SLBindingException(2007); + } + + } catch (SLException slx) { + bindingProcessorError = slx; + log.error("Error during dataurl communication"); + resultContentType = HttpUtil.TXT_XML; + currentState = State.TRANSFORM; + } catch (SSLHandshakeException hx) { + bindingProcessorError = new SLException(2010); + log.info("Error during dataurl communication", hx); + resultContentType = HttpUtil.TXT_XML; + currentState = State.TRANSFORM; + } catch (IOException e) { + bindingProcessorError = new SLBindingException(2001); + log.error("Error while data url handling", e); + resultContentType = HttpUtil.TXT_XML; + currentState = State.TRANSFORM; + return; + } + } + + protected void transformResult() { + log.debug("Entered State: " + State.TRANSFORM); + if (bindingProcessorError != null) { + resultContentType = HttpUtil.TXT_XML; + } else if (dataUrlResponse != null) { + resultContentType = dataUrlResponse.getContentType(); + } else { + targetContext.setTargetIsDataURL(false); + targetContext.setTargetUrl(srcUrl); + try { + slResult = commandInvoker.getResult(targetContext); + resultContentType = slResult.getMimeType(); + log + .debug("Successfully got SLResult from commandinvoker, setting mimetype to: " + + resultContentType); + } catch (SLException e) { + log.info("Cannot get result from invoker:", e); + bindingProcessorError = new SLException(6002); + resultContentType = HttpUtil.TXT_XML; + } + } + transformer = getTransformer(getStyleSheetUrl()); + if (transformer != null) { + log.debug("Output transformation required"); + resultContentType = transformer.getOutputProperty("media-type"); + log.debug("Got media type from stylesheet: " + resultContentType); + if (resultContentType == null) { + log.debug("Setting to default text/xml result conent type"); + resultContentType = "text/xml"; + } + log.debug("Deferring sytylesheet processing"); + } + currentState = State.FINISHED; + } + + protected void finished() { + log.debug("Entered State: " + State.FINISHED); + if (bindingProcessorError != null) { + log.debug("Binding processor error, sending quit command"); + resultContentType = HttpUtil.TXT_XML; + } + sendSTALQuit(); + log.info("Terminating Bindingprocessor; Thread: " + + Thread.currentThread().getId()); + } + + // -- END Methods that handle the http binding activities as defined in the + // activity diagram -- + //---------------------------------------------------------------------------- + + /** + * Sets the headers of the SL Request. IMPORTANT: make sure to set all headers + * before invoking {@link #consumeRequestStream(InputStream)} + * + * @param aHeaderMap + * if null all header will be cleared. + */ + public void setHTTPHeaders(Map aHeaderMap) { + headerMap = new HashMap(); + // ensure lowercase keys + if (aHeaderMap != null) { + for (String s : aHeaderMap.keySet()) { + if (s != null) { + headerMap.put(s.toLowerCase(), aHeaderMap.get(s)); + if (s.equalsIgnoreCase(HttpUtil.HTTP_HEADER_REFERER)) { + String referer = aHeaderMap.get(s); + log.debug("Got referer header: " + referer); + srcContex.setSourceHTTPReferer(referer); + } + } + } + } + } + + public void setSourceCertificate(X509Certificate aCert) { + srcContex.setSourceCertificate(aCert); + } + + /** + * The HTTPBindingProcessor does not handle redirect URLs. It only provides + * the parameter. + * + * @return null if redirect url is not set. + */ + public String getRedirectURL() { + return getFormParameterAsString(FixedFormParameters.REDIRECTURL); + } + + public String getFormDataContentType(String aParameterName) { + FormParameter fp = formParameterMap.get(aParameterName); + if (fp != null) { + return fp.getFormParameterContentType(); + } + return null; + } + + public InputStream getFormData(String aParameterName) { + FormParameter fp = formParameterMap.get(aParameterName); + if (fp != null) { + return fp.getFormParameterValue(); + } + return null; + } + + protected void assignXMLRequest(InputStream is, String charset) + throws IOException, SLException { + Reader r = new InputStreamReader(is, charset); + StreamSource source = new StreamSource(r); + SLCommandContext commandCtx = new SLCommandContext(); + commandCtx.setSTAL(getSTAL()); + commandCtx.setURLDereferencerContext(new SimpleFormDataContextImpl(this)); + slCommand = SLCommandFactory.getInstance().createSLCommand(source, + commandCtx); + log.debug("Created new command: " + slCommand); + } + + @Override + public void run() { + boolean done = false; + int hopcounter = 0; + if (bindingProcessorError != null) { + currentState = State.FINISHED; + } + try { + while (!done) { + try { + switch (currentState) { + case INIT: + init(); + break; + case PROCESS: + processRequest(); + break; + case DATAURL: + handleDataUrl(); + if (++hopcounter > MAX_DATAURL_HOPS) { + log.error("Maximum number of dataurl hops reached"); + bindingProcessorError = new SLBindingException(2000); + currentState = State.FINISHED; + } + break; + case TRANSFORM: + transformResult(); + break; + case FINISHED: + done = true; + finished(); + break; + } + } catch (RuntimeException rte) { + throw rte; + } catch (Exception t) { + log.error("Caught unexpected exception", t); + responseCode = 200; + resultContentType = HttpUtil.TXT_XML; + responseHeaders = Collections.EMPTY_MAP; + bindingProcessorError = new SLException(2000); + currentState = State.FINISHED; + } + } + } catch (Throwable t) { + log.error("Caught unexpected exception", t); + responseCode = 200; + resultContentType = HttpUtil.TXT_XML; + responseHeaders = Collections.EMPTY_MAP; + bindingProcessorError = new SLException(2000); + currentState = State.FINISHED; + } + log.debug("Terminated http binding processor"); + } + + @Override + public void consumeRequestStream(InputStream is) { + try { + log.debug("Start consuming request stream"); + formParameterMap.clear(); + String cl = headerMap + .get(HttpUtil.HTTP_HEADER_CONTENT_TYPE.toLowerCase()); + if (cl == null) { + log.info("No content type set in http header"); + throw new SLBindingException(2006); + } + InputDecoder id = InputDecoderFactory.getDecoder(cl, is); + id.setContentType(cl); + if (id == null) { + log.error("Cannot get inputdecoder for is"); + throw new SLException(2006); + } + for (Iterator fpi = id.getFormParameterIterator(); fpi + .hasNext();) { + FormParameter fp = fpi.next(); + log.debug("Got request parameter with name: " + + fp.getFormParameterName()); + if (fp.getFormParameterName().equals(FixedFormParameters.XMLREQUEST)) { + log.debug("Creating XML Request"); + for (Iterator headerIterator = fp.getHeaderNames(); headerIterator + .hasNext();) { + String headerName = headerIterator.next(); + if (HttpUtil.CONTENT_TRANSFER_ENCODING.equalsIgnoreCase(headerName)) { + String transferEncoding = fp.getHeaderValue(headerName); + log.debug("Got transfer encoding for xmlrequest: " + + transferEncoding); + if (XML_REQ_TRANSFER_ENCODING.contains(transferEncoding)) { + log.debug("Supported transfer encoding: " + transferEncoding); + } else { + log + .error("Transferencoding not supported: " + + transferEncoding); + throw new SLBindingException(2005); + } + } + } + String charset = HttpUtil.getCharset(cl, true); + assignXMLRequest(fp.getFormParameterValue(), charset); + } else { + FormParameterStore fps = new FormParameterStore(); + fps.init(fp); + if (!fps.isEmpty()) { + log.debug("Setting from parameter: " + fps.getFormParameterName()); + formParameterMap.put(fps.getFormParameterName(), fps); + } + } + } + if (slCommand == null) { + throw new SLBindingException(2004); + } + if (is.read() != -1) { + log.error("Request input stream not completely read"); + // consume rest of stream, should never occur + throw new SLRuntimeException( + "request input stream not consumed till end"); + } + } catch (SLException slx) { + log.info("Error while consuming input stream " + slx); + bindingProcessorError = slx; + } catch (Throwable t) { + log.info("Error while consuming input stream " + t, t); + bindingProcessorError = new SLException(2000); + } finally { + try { + while (is.read() != -1) + ; + } catch (IOException e) { + log.error(e); + } + } + } + + @Override + public String getResultContentType() { + return resultContentType; + } + + protected Transformer getTransformer(String styleSheetURL) { + if (styleSheetURL == null) { + log.debug("Stylesheet URL not set"); + return null; + } + try { + URLDereferencerContext urlCtx = new SimpleFormDataContextImpl(this); + URIResolver resolver = new URIResolverAdapter(URLDereferencer + .getInstance(), urlCtx); + TransformerFactory factory = TransformerFactory.newInstance(); + StreamData sd = URLDereferencer.getInstance().dereference(styleSheetURL, + urlCtx); + Transformer t = factory.newTransformer(new StreamSource(sd.getStream())); + t.setURIResolver(resolver); + return t; + } catch (Exception ex) { + log.info("Cannot instantiate transformer", ex); + bindingProcessorError = new SLException(2002); + return null; + } + } + + protected void handleBindingProcessorError(OutputStream os, String encoding, + Transformer transformer) throws IOException { + log.debug("Writing error as result"); + ErrorResultImpl error = new ErrorResultImpl(bindingProcessorError); + try { + error.writeTo(new StreamResult(new OutputStreamWriter(os, encoding)), + transformer); + } catch (TransformerException e) { + log.fatal("Cannot write error result to stream", e); + } + } + + @Override + public void writeResultTo(OutputStream os, String encoding) + throws IOException { + if (encoding == null) { + encoding = HttpUtil.DEFAULT_CHARSET; + } + if (bindingProcessorError != null) { + log.debug("Detected error in binding processor, writing error as result"); + handleBindingProcessorError(os, encoding, transformer); + return; + } else if (dataUrlResponse != null) { + log.debug("Writing data url response as result"); + String charEnc = HttpUtil.getCharset(dataUrlResponse.getContentType(), + true); + InputStreamReader isr = new InputStreamReader( + dataUrlResponse.getStream(), charEnc); + OutputStreamWriter osw = new OutputStreamWriter(os, encoding); + if (transformer == null) { + StreamUtil.copyStream(isr, osw); + } else { + try { + transformer.transform(new StreamSource(isr), new StreamResult(osw)); + } catch (TransformerException e) { + log.fatal("Exception occured during result transformation", e); + // bindingProcessorError = new SLException(2008); + // handleBindingProcessorError(os, encoding, null); + return; + } + } + osw.flush(); + isr.close(); + } else if (slResult == null) { + // result not yet assigned -> must be a cancel + bindingProcessorError = new SLException(6001); + handleBindingProcessorError(os, encoding, transformer); + return; + } else { + log.debug("Getting result from invoker"); + OutputStreamWriter osw = new OutputStreamWriter(os, encoding); + try { + slResult.writeTo(new StreamResult(osw), transformer); + } catch (TransformerException e) { + log.fatal("Cannot write result to stream", e); + // bindingProcessorError = new SLException(2008); + // handleBindingProcessorError(os, encoding, transformer); + } + osw.flush(); + } + } + + /** + * The response code from the dataurl server or 200 if no dataurl server + * created the result + * + * @return + */ + public int getResponseCode() { + return responseCode; + } + + /** + * All headers from the data url server in case of a direct forward from the + * dataurl server. + * + * @return + */ + public Map getResponseHeaders() { + return responseHeaders; + } + + @Override + public void setLocale(Locale locale) { + if (locale == null) { + throw new NullPointerException("Locale must not be set to null"); + } + this.locale = locale; + } + } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/SLCommandInvokerImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/SLCommandInvokerImpl.java index ef2affd1..a23d96e8 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/SLCommandInvokerImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/SLCommandInvokerImpl.java @@ -1,66 +1,95 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.binding; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.SLCommand; -import at.gv.egiz.bku.slcommands.SLCommandInvoker; -import at.gv.egiz.bku.slcommands.SLResult; -import at.gv.egiz.bku.slcommands.SLSourceContext; -import at.gv.egiz.bku.slcommands.SLTargetContext; - -/** - * This class implements the entry point for the CCEs security management. - * - * TODO the secuirty management is currently not implemented. - */ -public class SLCommandInvokerImpl implements SLCommandInvoker { - - private static Log log = LogFactory.getLog(SLCommandInvokerImpl.class); - - protected SLCommand command; - protected SLResult result; - - /** - * Invokes a sl command. - */ - public void invoke(SLSourceContext aContext) { - // FIXXME add security policy here. - log.warn("Security policy not implemented yet, invoking command: "+command); - result = command.execute(); - } - - public SLResult getResult(SLTargetContext aContext) { - // FIXXME - log.warn("Security policy not implemented yet, getting result of command: "+command); - return result; - } - - public void setCommand(SLCommand aCmd) { - command = aCmd; - } - - @Override - public SLCommandInvoker newInstance() { - SLCommandInvokerImpl cmdInv = new SLCommandInvokerImpl(); - return cmdInv; - } - - + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.binding; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade; +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLCommandInvoker; +import at.gv.egiz.bku.slcommands.SLResult; +import at.gv.egiz.bku.slcommands.SLSourceContext; +import at.gv.egiz.bku.slcommands.SLTargetContext; +import at.gv.egiz.bku.slexceptions.SLException; + +/** + * This class implements the entry point for the CCEs security management. + * + */ +public class SLCommandInvokerImpl implements SLCommandInvoker { + + private static Log log = LogFactory.getLog(SLCommandInvokerImpl.class); + + protected SLCommand command; + protected SLResult result; + protected SecurityManagerFacade securityManager; + + /** + * Invokes a sl command. + * + * @throws SLException + */ + public void invoke(SLSourceContext aContext) throws SLException { + if (securityManager == null) { + log.warn("Security policy not implemented yet, invoking command: " + + command); + result = command.execute(); + } else { + if (securityManager.mayInvokeCommand(command, aContext)) { + result = command.execute(); + } else { + throw new SLException(6002); + } + } + } + + public SLResult getResult(SLTargetContext aContext) throws SLException { + if (securityManager == null) { + log + .warn("Security policy not implemented yet, getting result of command: " + + command); + return result; + } else { + if (securityManager.maySendResult(command, aContext)) { + return result; + } else { + throw new SLException(6002); + } + } + } + + public void setCommand(SLCommand aCmd) { + command = aCmd; + } + + @Override + public SLCommandInvoker newInstance() { + SLCommandInvokerImpl cmdInv = new SLCommandInvokerImpl(); + cmdInv.setSecurityManager(securityManager); + return cmdInv; + } + + public SecurityManagerFacade getSecurityManager() { + return securityManager; + } + + public void setSecurityManager(SecurityManagerFacade securityManager) { + this.securityManager = securityManager; + } + } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java index 77529a36..73fddf1f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java @@ -16,5 +16,13 @@ */ package at.gv.egiz.bku.slcommands; -public interface InfoboxReadCommand extends SLCommand { +public interface InfoboxReadCommand extends SLCommand { + public String getInfoboxIdentifier(); + + /** + * Convenience method to get the domain identifier if the infobox + * referes to a Identitylink. + * @return the domain id or null if the Infobox is not of type Identitylink or no domain parameter was specified + */ + public String getIdentityLinkDomainId(); } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java index 30c6b68f..c28288c9 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java @@ -16,7 +16,8 @@ */ package at.gv.egiz.bku.slcommands; -import at.gv.egiz.bku.slexceptions.SLCanceledException; +import at.gv.egiz.bku.slexceptions.SLCanceledException; +import at.gv.egiz.bku.slexceptions.SLException; public interface SLCommandInvoker { @@ -25,7 +26,7 @@ public interface SLCommandInvoker { * @param aContext * @throws SLCanceledException if the security management prevents execution of this command */ - public void invoke(SLSourceContext aContext) throws SLCanceledException; + public void invoke(SLSourceContext aContext) throws SLException; /** * @@ -33,7 +34,7 @@ public interface SLCommandInvoker { * @return * @throws SLCanceledException if the security management prevents execution of this command */ - public SLResult getResult(SLTargetContext aContext) throws SLCanceledException; + public SLResult getResult(SLTargetContext aContext) throws SLException; public void setCommand(at.gv.egiz.bku.slcommands.SLCommand aCmd); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java index ded55b2a..f25a0ea4 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java @@ -16,6 +16,7 @@ */ package at.gv.egiz.bku.slcommands; +import java.net.URL; import java.security.cert.X509Certificate; import at.gv.egiz.bku.utils.binding.Protocol; @@ -23,17 +24,17 @@ import at.gv.egiz.bku.utils.binding.Protocol; public class SLSourceContext { - private Protocol sourceProtocol; + private URL sourceUrl; private boolean sourceIsDataURL; private X509Certificate sourceCertificate; private String sourceHTTPReferer; - public Protocol getSourceProtocol() { - return sourceProtocol; + public URL getSourceUrl() { + return sourceUrl; } - public void setSourceProtocol(Protocol sourceProtocol) { - this.sourceProtocol = sourceProtocol; + public void setSourceUrl(URL sourceProtocol) { + this.sourceUrl = sourceProtocol; } public boolean isSourceIsDataURL() { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java index cf800406..f9df3ced 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java @@ -16,19 +16,20 @@ */ package at.gv.egiz.bku.slcommands; -import java.security.cert.X509Certificate; +import java.net.URL; +import java.security.cert.X509Certificate; public class SLTargetContext { - private String targetProtocol; + private URL targetUrl; private boolean targetIsDataURL; private X509Certificate targetCertificate; - public String getTargetProtocol() { - return targetProtocol; + public URL getTargetUrl() { + return targetUrl; } - public void setTargetProtocol(String targetProtocol) { - this.targetProtocol = targetProtocol; + public void setTargetUrl(URL targetUrl) { + this.targetUrl = targetUrl; } public boolean isTargetIsDataURL() { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java index 93131cf4..b6745e1f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java @@ -405,5 +405,10 @@ public class InfoboxReadCommandImpl extends SLCommandImpl headers = new HashMap(); headers.put("Content-Type", InputDecoderFactory.MULTIPART_FORMDATA + ";boundary=---------------------------2330864292941"); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/ExpiryRemoverTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/ExpiryRemoverTest.java index 41c69a1d..61729567 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/ExpiryRemoverTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/ExpiryRemoverTest.java @@ -16,16 +16,18 @@ */ package at.gv.egiz.bku.binding; +import java.net.MalformedURLException; + import org.junit.Test; import static org.junit.Assert.*; public class ExpiryRemoverTest { @Test - public void testMe() throws InterruptedException { + public void testMe() throws InterruptedException, MalformedURLException { BindingProcessorManager manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); - BindingProcessor bp = manager.createBindingProcessor("http", null); + BindingProcessor bp = manager.createBindingProcessor("http://www.at", null); ExpiryRemover remover = new ExpiryRemover(); remover.setBindingProcessorManager(manager); remover.execute(); @@ -42,10 +44,10 @@ public class ExpiryRemoverTest { } @Test - public void testMe2() throws InterruptedException { + public void testMe2() throws InterruptedException, MalformedURLException { BindingProcessorManager manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); - BindingProcessor bp = manager.createBindingProcessor("http", null); + BindingProcessor bp = manager.createBindingProcessor("http://www.iaik.at", null); ExpiryRemover remover = new ExpiryRemover(); remover.setBindingProcessorManager(manager); remover.execute(); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/HttpBindingProcessorTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/HttpBindingProcessorTest.java index 38f61aa2..6a0792d5 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/HttpBindingProcessorTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/HttpBindingProcessorTest.java @@ -93,7 +93,7 @@ public class HttpBindingProcessorTest { manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); bindingProcessor = (HTTPBindingProcessor) manager.createBindingProcessor( - "http", null); + "http://www.iaik.at", null); clientHeaderMap = new HashMap(); clientHeaderMap.put("Content-Type", "application/x-www-form-urlencoded;charset=utf8"); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/MultipartSLRequestTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/MultipartSLRequestTest.java index 7ef1a9bf..2c48bf4e 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/MultipartSLRequestTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/MultipartSLRequestTest.java @@ -17,6 +17,7 @@ package at.gv.egiz.bku.binding; import java.io.InputStream; +import java.net.MalformedURLException; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -34,11 +35,11 @@ public class MultipartSLRequestTest { protected BindingProcessorManager manager; @Before - public void setUp() { + public void setUp() throws MalformedURLException { manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); HTTPBindingProcessor http = (HTTPBindingProcessor) manager - .createBindingProcessor("http", null); + .createBindingProcessor("http://www.at/", null); Map headers = new HashMap(); headers.put("Content-Type", InputDecoderFactory.MULTIPART_FORMDATA + ";boundary=---------------------------2330864292941"); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/NullOperationTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/NullOperationTest.java index 66b9dffb..b2a7d387 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/NullOperationTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/NullOperationTest.java @@ -17,6 +17,7 @@ package at.gv.egiz.bku.binding; import java.io.InputStream; +import java.net.MalformedURLException; import java.util.HashMap; import java.util.Map; @@ -32,9 +33,9 @@ public class NullOperationTest { protected BindingProcessorManager manager; @Before - public void setUp() { + public void setUp() throws MalformedURLException { manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); - HTTPBindingProcessor http = (HTTPBindingProcessor) manager.createBindingProcessor("http", null); + HTTPBindingProcessor http = (HTTPBindingProcessor) manager.createBindingProcessor("http://www.at/", null); Map headers = new HashMap(); headers.put("Content-Type", "application/x-www-form-urlencoded"); http.setHTTPHeaders(headers); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java index e644f964..45e38674 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java @@ -119,5 +119,10 @@ public class TestDataUrlConnection implements DataUrlConnectionSPI { @Override public DataUrlConnectionSPI newInstance() { return this; - } + } + + @Override + public URL getUrl() { + return url; + } } diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml index 2455d68d..22f9e4a5 100644 --- a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml @@ -29,7 +29,7 @@ anonymous - *.gv.at + $.gv.at allow @@ -44,7 +44,7 @@ IdentityLink - * + .* allow @@ -56,7 +56,7 @@ https://finanzonline.bmf.gv.at/* Mandates - * + .* allow diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml new file mode 100644 index 00000000..92490fb2 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml @@ -0,0 +1,39 @@ + + + + + + + pseudoanonymous + + DelegateFilter + + + + + + + + + certified + + IdentityLink + derived + + + allow + + + + certified + + IdentityLink + + + deny + + + + + + \ No newline at end of file -- cgit v1.2.3 From a3361b40aa8f92849c50db27e349e17b87bebb1e Mon Sep 17 00:00:00 2001 From: wbauer Date: Tue, 9 Sep 2008 12:40:52 +0000 Subject: improved security handling and added shutdown handler git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@27 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../online/applet/InternalSSLSocketFactory.java | 4 +- .../at/gv/egiz/bku/online/conf/Configurator.java | 8 +-- .../gv/egiz/bku/online/webapp/ResultServlet.java | 3 +- .../gv/egiz/bku/online/webapp/ShutdownHandler.java | 31 ++++++++ .../egiz/bku/online/conf/accessControlConfig.xml | 3 +- .../src/main/webapp/WEB-INF/applicationContext.xml | 6 +- .../accesscontroller/AuthenticationClassifier.java | 82 +++++++++++++++------- .../egiz/bku/binding/BindingProcessorManager.java | 4 +- .../bku/binding/BindingProcessorManagerImpl.java | 11 ++- .../AuthenticationClassifierTest.java | 28 ++++++++ .../egiz/bku/accesscontroller/www.a-trust.at.crt | 28 ++++++++ 11 files changed, 169 insertions(+), 39 deletions(-) create mode 100644 BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java create mode 100644 bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifierTest.java create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/www.a-trust.at.crt (limited to 'bkucommon/src/test/resources') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java index 79c369a2..fa3587e4 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java @@ -40,13 +40,13 @@ import org.apache.commons.logging.LogFactory; public class InternalSSLSocketFactory extends SSLSocketFactory { + private final static String GOV_DOMAIN = ".gv.at"; + private static InternalSSLSocketFactory instance = new InternalSSLSocketFactory(); private final static Log log = LogFactory .getLog(InternalSSLSocketFactory.class); - private final static String GOV_DOMAIN = ".gv.at"; - private SSLSocket sslSocket; private SSLSocketFactory proxy; diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java index a0a268e4..de577139 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java @@ -52,9 +52,9 @@ public class Configurator { protected void configureProviders() { log.debug("Registering security providers"); - Security.insertProviderAt(new IAIK(), 1); - Security.insertProviderAt(new ECCProvider(false), 2); - Security.addProvider(new STALProvider()); + Security.insertProviderAt(new IAIK(), 1); + Security.insertProviderAt(new ECCProvider(false), 2); + Security.addProvider(new STALProvider()); XSecProvider.addAsProvider(false); StringBuilder sb = new StringBuilder(); sb.append("Registered providers: "); @@ -65,7 +65,7 @@ public class Configurator { log.debug(sb.toString()); } - public void configure() { + public void configure() { configureProviders(); configUrlConnections(); } diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java index 6c1a4c3a..bc3edf18 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java @@ -115,6 +115,7 @@ public class ResultServlet extends SpringBKUServlet { resp.setContentType(bp.getResultContentType()); resp.setCharacterEncoding(encoding); bp.writeResultTo(resp.getOutputStream(), encoding); - session.invalidate(); + session.invalidate(); + getBindingProcessorManager().removeBindingProcessor(bp.getId()); } } diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java new file mode 100644 index 00000000..86da6c06 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java @@ -0,0 +1,31 @@ +package at.gv.egiz.bku.online.webapp; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.context.ApplicationEvent; +import org.springframework.context.ApplicationListener; +import org.springframework.context.event.ContextClosedEvent; + +import at.gv.egiz.bku.binding.BindingProcessorManager; + +public class ShutdownHandler implements ApplicationListener { + + private static Log log = LogFactory.getLog(ShutdownHandler.class); + + private BindingProcessorManager bindingProcessorManager; + + public void setBindingProcessorManager( + BindingProcessorManager bindingProcessorManager) { + this.bindingProcessorManager = bindingProcessorManager; + } + + @Override + public void onApplicationEvent(ApplicationEvent event) { + if (event instanceof ContextClosedEvent) { + log.info("Shutting down BKU"); + bindingProcessorManager.shutdownNow(); + } + + } + +} diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml index 69b45d1b..f8d1411c 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml @@ -54,8 +54,7 @@ certified - - + IdentityLink derived diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index 4bb5e8e2..f87d09f5 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -49,5 +49,9 @@ scope="singleton" init-method="configure"> - + + + + + \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifier.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifier.java index ace8a75a..ed4b9bda 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifier.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifier.java @@ -1,30 +1,31 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package at.gv.egiz.bku.accesscontroller; import static at.gv.egiz.bku.accesscontroller.AuthenticationClass.ANONYMOUS; import static at.gv.egiz.bku.accesscontroller.AuthenticationClass.CERTIFIED; -import static at.gv.egiz.bku.accesscontroller.AuthenticationClass.PSEUDO_ANONYMOUS; import static at.gv.egiz.bku.accesscontroller.AuthenticationClass.CERTIFIED_GOV_AGENCY; +import static at.gv.egiz.bku.accesscontroller.AuthenticationClass.PSEUDO_ANONYMOUS; -import java.net.InetAddress; import java.net.URL; -import java.net.UnknownHostException; +import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -37,6 +38,39 @@ public class AuthenticationClassifier { private AuthenticationClassifier() { } + public static boolean isGovAgency(X509Certificate cert) { + String[] rdns = (cert.getSubjectX500Principal().getName()).split(","); + for (String rdn : rdns) { + if (rdn.startsWith("CN=")) { + String dns = rdn.split("=")[1]; + log.trace("Analyzing cn dn: " + dns); + if (dns.endsWith(GOV_DOMAIN)) { + return true; + } + } + } + try { + Collection> sanList = cert.getSubjectAlternativeNames(); + if (sanList != null) { + for (List san : sanList) { + log.trace("Analyzing subj. alt name: " + san); + if ((Integer) san.get(0) == 2) { + String dns = (String) san.get(1); + if (dns.endsWith(GOV_DOMAIN)) { + return true; + } + } + } + } + } catch (CertificateParsingException e) { + log.error(e); + } + if (cert.getExtensionValue("1.2.40.0.10.1.1.1") != null) { + return true; + } + return false; + } + /** * Client Certificates are currently not supported * @@ -45,13 +79,8 @@ public class AuthenticationClassifier { URL url, X509Certificate cert) { if (isDataUrl) { if (url.getProtocol().equalsIgnoreCase("https")) { - try { - if (InetAddress.getByName(url.getHost()).getCanonicalHostName() - .endsWith(GOV_DOMAIN)) { - return CERTIFIED_GOV_AGENCY; - } - } catch (UnknownHostException e) { - log.error("Cannot determine host name", e); + if (isGovAgency(cert)) { + return CERTIFIED_GOV_AGENCY; } if (cert.getExtensionValue("1.2.40.0.10.1.1.1") != null) { return CERTIFIED_GOV_AGENCY; @@ -68,7 +97,8 @@ public class AuthenticationClassifier { /** * * @param isDataUrl - * @param url if the url's protocol is https a cert parameter must be provided. + * @param url + * if the url's protocol is https a cert parameter must be provided. * @param cert * @return */ diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java index ed37f08f..aaf81e51 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java @@ -99,5 +99,7 @@ public interface BindingProcessorManager { */ public Set getManagedIds(); - public void shutdown(); + public void shutdown(); + + public void shutdownNow(); } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java index 6f5ca2d2..0082de26 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java @@ -149,6 +149,11 @@ public class BindingProcessorManagerImpl implements BindingProcessorManager { public void shutdown() { log.info("Shutting down the BindingProcessorManager"); executorService.shutdown(); + } + + public void shutdownNow() { + log.info("Shutting down the BindingProcessorManager NOW!"); + executorService.shutdownNow(); } /** @@ -223,7 +228,8 @@ public class BindingProcessorManagerImpl implements BindingProcessorManager { throw new SLRuntimeException( "Clashing ids, cannot process bindingprocessor with id:" + aBindingProcessor.getId()); - } + } + log.debug("processing bindingprocessor: "+aBindingProcessor.getId()); Future f = executorService.submit(aBindingProcessor); bindingProcessorMap.put(aBindingProcessor.getId(), new MapEntityWrapper(f, aBindingProcessor)); @@ -235,7 +241,8 @@ public class BindingProcessorManagerImpl implements BindingProcessorManager { } @Override - public void removeBindingProcessor(Id sessionId) { + public void removeBindingProcessor(Id sessionId) { + log.debug("Removing binding processor: "+sessionId); MapEntityWrapper wrapper = bindingProcessorMap .get(sessionId); if (wrapper == null) { diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifierTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifierTest.java new file mode 100644 index 00000000..c339704e --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifierTest.java @@ -0,0 +1,28 @@ +package at.gv.egiz.bku.accesscontroller; + +import static org.junit.Assert.assertTrue; + +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + +import org.junit.Before; +import org.junit.Test; + +public class AuthenticationClassifierTest { + + private X509Certificate atrust; + + @Before + public void setUp() throws Exception { + atrust = (X509Certificate) CertificateFactory.getInstance("X509") + .generateCertificate( + getClass().getClassLoader().getResourceAsStream( + "at/gv/egiz/bku/accesscontroller/www.a-trust.at.crt")); + } + + @Test + public void testATrust() { + assertTrue(AuthenticationClassifier.isGovAgency(atrust)); + } + +} diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/www.a-trust.at.crt b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/www.a-trust.at.crt new file mode 100644 index 00000000..11cde026 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/www.a-trust.at.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyjCCA7KgAwIBAgIDA4LFMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRYwFAYDVQQLDA1hLXNpZ24tU1NM +LTAzMRYwFAYDVQQDDA1hLXNpZ24tU1NMLTAzMB4XDTA3MTIxMTExMTQ0NFoXDTEy +MTIxMTExMTQ0NFowYTELMAkGA1UEBhMCQVQxEDAOBgNVBAoMB0EtVHJ1c3QxEDAO +BgNVBAsMB0EtVHJ1c3QxFzAVBgNVBAMMDnd3dy5hLXRydXN0LmF0MRUwEwYDVQQF +Eww2NDk2ODY0MDkzMzkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2oRtJ4 +R9ipr/NUH5F4p86cjWtzT1g+ytpjg1lwh4HNY+lTjdUcx/VKBrtf0N8qnMK1UHhA +LLvvZeKTFi3L15i5or1WjZRi4RfH/4vcL0o1w/91liwMOKH3D30omnVceuxmQp2j +V9QrGPbz0/IsP51cnBWCBTWGqgfBebB8v1FLAgMBAAGjggHmMIIB4jATBgNVHSME +DDAKgAhAPqHTYrQD3TByBggrBgEFBQcBAQRmMGQwJwYIKwYBBQUHMAGGG2h0dHA6 +Ly9vY3NwLmEtdHJ1c3QuYXQvb2NzcDA5BggrBgEFBQcwAoYtaHR0cDovL3d3dy5h +LXRydXN0LmF0L2NlcnRzL2Etc2lnbi1zc2wtMDMuY3J0MEsGA1UdIAREMEIwQAYG +KigAEQEUMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2Nz +L2NwL2Etc2lnbi1zc2wwgY8GA1UdHwSBhzCBhDCBgaB/oH2Ge2xkYXA6Ly9sZGFw +LmEtdHJ1c3QuYXQvb3U9YS1zaWduLVNTTC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0 +aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlm +aWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQIRu1a/pOZZpMwDgYDVR0PAQH/BAQD +AgWgMEoGA1UdEQRDMEGBEW9mZmljZUBhLXRydXN0LmF0gg53d3cuYS10cnVzdC5h +dIIcemRhLnNvemlhbHZlcnNpY2hlcnVuZy5ndi5hdDAJBgNVHRMEAjAAMA0GCSqG +SIb3DQEBBQUAA4IBAQCQGheDpci0lnSEoKw/N3tbJqn/KG49/OWZcsw6XZiAEHsx +Rx9TlNJhL2d/SqFXBmmqfR496gdzTb4823WJsmXtyBY2t5ZnmD9tY5oJi5bHKchO +50QCd1x24HzH1mxPReCJzRxzLEM/znojEMdYqQ5Y+BZuj7n9BY+l2nY0Qnhn09FE +dxXAfNcuZnZavLJgk7vTBg8OFkAh6DJ21ACxf/y+rN53gKFK4Jh+PodRu0J2tK8B +wAZg7HlnT8U7tcEsf1JnsBhlzAWCHgZc6whgBbDHFs6WSFWuobKN+maU91g/Tvgk +Obos/EhVNti54Zhu1PO9RSKpKkwzTJT4kmGtaOJN +-----END CERTIFICATE----- -- cgit v1.2.3 From 27d91275555207f9e152c2867d52fbbf83f92ba7 Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 8 Oct 2008 08:39:17 +0000 Subject: changed ssl certificate validation, now using iaik_pki git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@83 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../src/main/webapp/WEB-INF/applicationContext.xml | 2 + .../at/gv/egiz/bku/local/defaultConf/template.zip | Bin 17759 -> 23517 bytes .../egiz/bku/online/webapp/BKURequestHandler.java | 4 +- .../bku/online/webapp/HashDataInputServlet.java | 96 +++++ .../stal/service/impl/STALRequestBrokerImpl.java | 6 +- .../online/conf/certs/certStore/a-sign-SSL-03.cer | 26 -- .../conf/certs/certStore/a-sign-corporate-03.cer | 27 -- .../certs/certStore/a-sign-corporate-light-01a.cer | 21 - .../certs/certStore/a-sign-corporate-light-02a.cer | 27 -- .../certs/certStore/a-sign-corporate-light-03.cer | 27 -- .../certStore/a-sign-corporate-medium-01a.cer | 21 - .../certStore/a-sign-corporate-medium-02a.cer | 27 -- .../certs/certStore/tobeadded/A-Trust-Qual-01a.cer | Bin 0 -> 1111 bytes .../certs/certStore/tobeadded/A-Trust-Qual-02a.cer | Bin 0 -> 975 bytes .../certs/certStore/tobeadded/A-Trust-Qual-03a.cer | Bin 0 -> 975 bytes .../certStore/tobeadded/A-Trust-nQual-01a.cer | Bin 0 -> 865 bytes .../certs/certStore/tobeadded/A-Trust-nQual-03.cer | Bin 0 -> 979 bytes .../certs/certStore/tobeadded/a-sign-SSL-03.cer | 26 ++ .../certStore/tobeadded/a-sign-corporate-03.cer | 27 ++ .../tobeadded/a-sign-corporate-light-01a.cer | 21 + .../tobeadded/a-sign-corporate-light-02a.cer | 27 ++ .../tobeadded/a-sign-corporate-light-03.cer | 27 ++ .../tobeadded/a-sign-corporate-medium-01a.cer | 21 + .../tobeadded/a-sign-corporate-medium-02a.cer | 27 ++ .../gv/egiz/bku/online/conf/defaultConf.properties | 10 +- .../src/main/webapp/WEB-INF/applicationContext.xml | 4 + BKUOnline/src/main/webapp/WEB-INF/web.xml | 191 +++++----- .../src/test/resources/applicationContext.xml | 2 + STALService/pom.xml | 5 + .../at/gv/egiz/stal/util/HashDataInputProxy.java | 67 ++++ bkucommon/pom.xml | 159 ++++---- .../java/at/gv/egiz/bku/conf/CertValidator.java | 13 + .../at/gv/egiz/bku/conf/CertValidatorImpl.java | 83 ++++ .../java/at/gv/egiz/bku/conf/Configurator.java | 140 +++---- .../at/gv/egiz/bku/conf/CertValidatorTest.java | 32 ++ .../bku/conf/certs/CACerts/A-Trust-Qual-01a.cer | Bin 0 -> 1111 bytes .../bku/conf/certs/CACerts/A-Trust-Qual-02a.cer | Bin 0 -> 975 bytes .../bku/conf/certs/CACerts/A-Trust-Qual-03a.cer | Bin 0 -> 975 bytes .../bku/conf/certs/CACerts/A-Trust-nQual-01a.cer | Bin 0 -> 865 bytes .../bku/conf/certs/CACerts/A-Trust-nQual-03.cer | Bin 0 -> 979 bytes .../bku/conf/certs/certStore/A-Trust-Qual-01a.cer | Bin 0 -> 1111 bytes .../bku/conf/certs/certStore/A-Trust-Qual-02a.cer | Bin 0 -> 975 bytes .../bku/conf/certs/certStore/A-Trust-Qual-03a.cer | Bin 0 -> 975 bytes .../bku/conf/certs/certStore/A-Trust-nQual-01a.cer | Bin 0 -> 865 bytes .../bku/conf/certs/certStore/A-Trust-nQual-03.cer | Bin 0 -> 979 bytes .../bku/conf/certs/certStore/a-sign-SSL-03.cer | 26 ++ .../conf/certs/certStore/a-sign-corporate-03.cer | 27 ++ .../certs/certStore/a-sign-corporate-light-01a.cer | 21 + .../certs/certStore/a-sign-corporate-light-02a.cer | 27 ++ .../certs/certStore/a-sign-corporate-light-03.cer | 27 ++ .../certStore/a-sign-corporate-medium-01a.cer | 21 + .../certStore/a-sign-corporate-medium-02a.cer | 27 ++ .../bku/conf/certs/testCerts/www.a-trust.at.der | Bin 0 -> 1230 bytes pom.xml | 424 +++++++++++---------- 54 files changed, 1142 insertions(+), 624 deletions(-) create mode 100644 BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java delete mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer delete mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer delete mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer delete mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer delete mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer delete mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer delete mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer create mode 100644 STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java create mode 100644 bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der (limited to 'bkucommon/src/test/resources') diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml index a4003a2a..a951f056 100644 --- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -48,11 +48,13 @@ + + diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip index f57e8930..8bdcbb0d 100644 Binary files a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip and b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip differ diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java index 20320d8e..544bbc99 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java @@ -31,6 +31,7 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.HTTPBindingProcessor; import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.binding.IdFactory; import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; /** @@ -51,7 +52,8 @@ public class BKURequestHandler extends SpringBKUServlet { log.debug("Using locale: " + locale); HttpSession session = req.getSession(); if (session != null) { - session.invalidate(); + log.warn("Already a session with id: "+session.getId()+ " active, deleting this one"); + getBindingProcessorManager().removeBindingProcessor(IdFactory.getInstance().createId(session.getId())); } String id = req.getSession(true).getId(); log.debug("Using session id: " + id); diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java new file mode 100644 index 00000000..59766586 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java @@ -0,0 +1,96 @@ +package at.gv.egiz.bku.online.webapp; + +import java.io.IOException; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.Reader; +import java.io.Writer; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.BindingProcessor; +import at.gv.egiz.bku.binding.Id; +import at.gv.egiz.bku.binding.IdFactory; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.service.impl.STALRequestBroker; +import at.gv.egiz.stal.service.impl.STALRequestBrokerImpl; +import at.gv.egiz.stal.service.impl.STALServiceImpl; + +public class HashDataInputServlet extends SpringBKUServlet { + + private static Log log = LogFactory.getLog(HashDataInputServlet.class); + + public HashDataInputServlet() { + } + + private STALRequestBroker getSTAL(Id id) { + BindingProcessor bp = getBindingProcessorManager().getBindingProcessor(id); + if (bp == null) { + return null; + } + STAL stal = bp.getSTAL(); + if (stal instanceof STALRequestBroker) { + return (STALRequestBroker) stal; + } else { + throw new SLRuntimeException("Unexpected STAL type"); + } + } + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + if ((req.getSession() == null) && (req.getSession().getId() != null)) { + log.warn("Got request for hashdatainput without session info"); + resp.sendRedirect("expired.html"); + return; + } + Id sessionId = IdFactory.getInstance().createId(req.getSession().getId()); + log.debug("Got request for hashdata for session " + sessionId); + STALRequestBroker rb = getSTAL(sessionId); + if (rb == null) { + log.info("STAL instance not found for session: " + sessionId); + resp.sendRedirect("expired.html"); + return; + } + List hdi = rb.getHashDataInput(); + log.debug("Got hashdata list with " + hdi.size() + " entries"); + String param = req.getParameter("number"); + int num = 0; + if (param != null) { + log.debug("Got request for hashdata#" + num); + num = Integer.parseInt(param); + } + if ((hdi.size() <= num) || (num < 0)){ + log.warn("Requested hashdatainput exceeds listsize"); + resp.sendError(-1); + return; + } + resp.setCharacterEncoding(req.getCharacterEncoding()); + resp.setContentType(hdi.get(num).getMimeType()); + String charSet = req.getCharacterEncoding(); + if (charSet == null) { + charSet = "UTF-8"; + } + Reader r = new InputStreamReader(hdi.get(num).getHashDataInput(), charSet); + Writer w = new OutputStreamWriter(resp.getOutputStream(), charSet); + StreamUtil.copyStream(r, w); + w.close(); + return; + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + doGet(req, resp); + } + +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java index 4aa5130a..074aff2d 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java @@ -32,6 +32,7 @@ import at.gv.egiz.stal.service.types.QuitRequestType; import at.gv.egiz.stal.service.types.RequestType; import at.gv.egiz.stal.service.types.ResponseType; import at.gv.egiz.stal.service.types.SignRequestType; +import at.gv.egiz.stal.util.HashDataInputProxy; import at.gv.egiz.stal.util.STALTranslator; import java.util.ArrayList; import java.util.Collections; @@ -108,7 +109,10 @@ public class STALRequestBrokerImpl implements STALRequestBroker { req.setKeyIdentifier(((SignRequest) stalRequest).getKeyIdentifier()); req.setSignedInfo(((SignRequest) stalRequest).getSignedInfo()); requests.add(req); - hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput()); + for (HashDataInput hdi : ((SignRequest) stalRequest).getHashDataInput()) { + hashDataInputs.add(new HashDataInputProxy(hdi)); + } + //hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput()); break; } else if (stalRequest instanceof InfoboxReadRequest) { log.trace("Received InfoboxReadRequest"); diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer deleted file mode 100644 index ee859434..00000000 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEdzCCA1+gAwIBAgIDAmU4MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB -VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp -bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R -dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA2MDgxNjIyMDAw -MFoXDTE2MDgxNjIyMDAwMFowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy -dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 -ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt -c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6 -PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK -k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj -r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG -AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt -Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd -LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E -CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG -MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv -b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl -dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1 -dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAHKlnV3R9sbXojtONugyazkZCEzmC -nZF1Dz4cOL0vPzzvS8MVWtG43zAgVI1NT/0ETSWsXD3YfzRi+f+/CxrGn0gwZX2t -VGx+Z9w5ufiy1vuhxDUPmpos1TbJ4Wv3Une0E7iuHmNLg5qVlKeHWpcU8t1Y0nCt -eRz34Qm87AVAykta33XST1fYvGoPKsDtn3qx9ye/pcbDvWjPwmqF2UUoql+d5hmJ -Umgzwezqk4I+FS98BrnaPgC5UVFHg+yUjiUDLjYy7UvDZ5Led6kkLXuzVhQolLvr -KTrGp5k42PG2MMkw8f6GMF/6yePXgzFMCRN8ReR7J5Htv33SytLRmFRd8g== ------END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer deleted file mode 100644 index 7e67be95..00000000 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEgzCCA2ugAwIBAgIDAarsMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB -VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp -bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R -dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw -MFoXDTE1MTExMzIzMDAwMFowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy -dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 -ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1jb3Jwb3JhdGUtMDMxHDAaBgNV -BAMME2Etc2lnbi1jb3Jwb3JhdGUtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCp44qY+AiVXlcnHoKvch9s3ujoWFNktvcteIPwK7s0mb/uxTUW9UIF -Die9n3AbyTsJE6R3nZYSJVHHi+1DKD72/WEo/B5NOOtd6KUMfJgca1tDmcsIwhFn -82qkZrbNQwdIIdLe6+nDmjd9UBIaKv7yy1kq20jh09HOK3/bWhafVQE7EAgDfNrn -8f0JfnnF0EA/La5kkg878L22fh9lRzt8H21THqJPtK4/e9SttjrJnPhFk2/MjAGS -uaDufG6BV5Hnn7klR5qm5q32ypleLA6Zi4m9jRCVtPd4jRPYM40XpRkrJuFw+lxp -rejfEZt/SRh1eQXiXDUgtgX8OaIylH9pAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUw -AwEB/zARBgNVHQ4ECgQIQj75YZ1a5XIwEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYD -VR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFw -LmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9j -ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy -dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEARu7e1SyBRjlA -g/thtFwtKQRvopTZKWj2LWpEdvPvwThOvf8Depnas+ly5af8r8YzsqJzfX3XWvhN -qOOI24g5FmXfCUTq/kbtaeTq/AqV94793IJfcilPnpMOEHMqXNDiRUoAgR/9EVj8 -mDVvL2lLlJzeAltqOD5Bi9QwguaD2/3/E5ymFnqkf1dnlXbo8AhcwPEzReNKn1eM -Ilg4FwP1bP0HUK3Fyz1UQ/Hncg+MS7c+SkjpNEd4sH7/GdxuQs5Sk7IRwot1+sbX -3CkkPhSqiUzig9raxJYrtbb2kyiUO8+d5HzRyoP4BNzsdZdPc0gDYweXg5qarHOQ -16IEOtBmKg== ------END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer deleted file mode 100644 index 0c68e593..00000000 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEJjCCAw6gAwIBAgIDAOJEMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK -EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R -dWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgw -RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 -ZW52ZXJrZWhyIEdtYkgxIjAgBgNVBAsTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDExIjAgBgNV -BAMTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDGC65v8rni63DojEBriynPwRqNCp14/SkN5ROkTUGNvLSabfSJV4PKGLTzasPAaChwX0g/ -kebahFM3R7nIyeVx2YB8VRvC4I/spP/mCs5+6pf1N+6Kiq4NcswgNBBfqAteaQIylBMy6HDkjoXY -X/c+SxjyrqAkeZCK+SHMOraXCO1PZHWbYwleKXf4R2Z6ayEfJ2XWeVuqqon76WHp/POI0RADBchA -6Vm1ROzSAHz39bay1TZunQXSs3VQ9cE3uQPjN+80efmf0ZgNF0sXsDTssoZg2feTANSOkTGM1bMC -5xe1hWFL8MZNe4yZ+NSgFN2fofb8BPvyQAW0no2PNA6PAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUw -AwEB/zARBgNVHQ4ECgQITp5/1C/JHx8wEwYDVR0jBAwwCoAITlnOxwIyhzAwDgYDVR0PAQH/BAQD -AgEGMGUGA1UdHwReMFwwWqBYoFaGVGxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1u -UXVhbC0wMSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0PzANBgkqhkiG -9w0BAQUFAAOCAQEAOtuz2GqnTibk/poCLrdYKpZSrLyfWFsJJpfBYA9HMasnfpJBCHgRHJud6DAO -xD900Vhmwy66D8dqsN3+fR8Bx8ZMKspnFN1B2Wz7LWOxMaKqP3JolJ/oVwzJRm0afcUMAfAumkc5 -Yqu0nC5qCF9zYY9YbJklh84uEzEg9j85kuRBHOCUc+5MVrnv7WPbirx6c95YFqXBQ0arA5QE9zYq -MDO8aUYPOWEHgtrVI+kMwELYHqLDX7i9VqsXhgFPeVz1wIV7s/i3budGeHMS6hjnyIc30FqM7CTY -fcvqVNZliErbjD1k1W1gMgvjLJowNvQC0W7K9/yoQhwTqtNMR4WZwA== ------END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer deleted file mode 100644 index c300891d..00000000 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEizCCA3OgAwIBAgIDAOSoMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB -VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp -bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 -YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa -Fw0xNDEyMTMyMzAwMDBaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz -dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy -a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw -IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM -LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS -dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS -p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/ -vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O -sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G -A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9 -KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk -YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz -dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz -cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBH -opWG7LKmPBvuGjZnRV4KGKzzUYVuxSRS1E0VIUPbVLf5xW2r5uUpR8ud5EpiPrcw -k6K0dzu2Vb4ZbMIP+6J16S/0qvTp/3A/3q87+nJ+ot+IT8GZFJfSw18th2WmZdzR -ShbM6sgViPtGsFROCdWeiHl248w2+zG+09sf8Bu3UyvwLRAiiKaxuwVdQ9kc0TL3 -gvv+K5eisWWthQOX2IF2jGSEqoAVwfHhl7bc9Vt7XnJSpQFebHnsIVuV4Mv6w4ww -86hQPCLLvvV7wWDiBQ8l2FWneX0pNH3Wg+A1TRUoptc+pPDdpoP272MDm4fXyPKV -7QgIaIK+gXNUj2GGt1K9 ------END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer deleted file mode 100644 index 2251ca22..00000000 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEjzCCA3egAwIBAgIDAartMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB -VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp -bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R -dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw -MFoXDTE1MTExMzIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy -dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 -ZXJrZWhyIEdtYkgxIjAgBgNVBAsMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMx -IjAgBgNVBAMMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC359oitbHkkEgdErRPeBdkcYRK2DLdxfcnn+SI -umSEYzWVscRTchPKSzb7f1a6EHPbB5WZsGJaUDX9KfTqsJNMo+7bASKk3gsLVxNZ -qY2t2G+y8HvREYYejDOIzjAkcBQrt+nvuBUlGYVJQjEuyAn18f2vG0Y3VNvZFGKn -PK8AVycUMk0Uw21RbK3vX5tbbPgQ/kcZkN4czi5VHepMvf6hAwwLoJj+KL9zxm8j -yPK88qCBKAjMNCpZKsEhyanw1CjYbVmHs45Q5W6FBtqDcS6Iq4mC6TtUPGtCTuoH -7/JLuhEp075ohp87v3fSlzeLJjBpkUDP9U8Tv7l2euD0t1UVAgMBAAGjgeMwgeAw -DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQZFpHL+t2JgwEwYDVR0jBAwwCoAI -RGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCG -fmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEt -VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0 -Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC -AQEADTRIaQtPwoPS6/TpyBhOw4wAHk/RM4gkLT76URPY2sUHihxqy+8qEElN+f5l -I61myCP3IFTClflcHVR1QCoMg0ZI5/EcQTI8Dgd5iQkXuVjh3wCj87Ka2Tu7d1K+ -i9VJ4BR/ph/qmPKR7Lx/PtATw/vWo4k2rbt5o1QwixZ7CPt+BF9xCaAC4uL0bB0M -9M3i9W2ePmqX6WIB3jMkT9FQC0KihPPfw/17KddNi4rFMMEiTyKvJTtTqDnIAwWW -TqsL1G7oxMMtnnYaKWMQ6gQiOiRzCY7efcAi/3YwUX6ULW5zxqapNs1vqEbSGsQE -l1eFl67HBZHYAPdoHGUnZF0KaQ== ------END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer deleted file mode 100644 index 2d7f1a03..00000000 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEKDCCAxCgAwIBAgIDAOKKMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK -EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R -dWFsLTAxMB4XDTA0MTIwNTIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgaExCzAJBgNVBAYTAkFUMUgw -RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 -ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1jb3Jwb3JhdGUtbWVkaXVtLTAxMSMwIQYD -VQQDExphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBANEbZyIMIXZYBjTj/+3TrNGssRKNNdTedQlWB3vJQWLzeG89Kzmhy1WDX8IqDrMtvpXH -5w6urK3ZT7HGu2Jldrib8rkEOdE9+uNGRtkP8Kuz//CvdXCbIDvBLqgvWn9a3Sl/rUicPqKwcEcN -bP2Q0iU6NvvALmoqs93PymfTZlkGOwzUe+O88huXkauGWT/DkJd4JYDNJ0wlaGrJa+OorT4Izk1J -EipqqedUjsAj4Gq3SKrZKG/H/CkoH9uWTzrzFgg8zQhCES4AClo84XVk//EIv3ABDw4hr+lqV1nF -eXch9o4mLIe5u045471YLJLmyuCPDopb8U2VUoyldpMx+Y8CAwEAAaOBszCBsDAPBgNVHRMBAf8E -BTADAQH/MBEGA1UdDgQKBAhOuHKxmCmfZDATBgNVHSMEDDAKgAhOWc7HAjKHMDAOBgNVHQ8BAf8E -BAMCAQYwZQYDVR0fBF4wXDBaoFigVoZUbGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0 -LW5RdWFsLTAxLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/MA0GCSqG -SIb3DQEBBQUAA4IBAQDaukYSeJVxWAh8QShqGqA6Plp9aXCTzwl9hE2gb+/xGPASo+NVQi/sUa0+ -bx29oSJaW6lKzdHQLAx4dwW9XTpJ+0mebB4fQfYHH0lGc1O4au/4O9k+C3SrD6x4WeY9k/SpUFu1 -qjzH+tjta81UWtU7Jve1BhckNwdOFx7cR8fdW+pUQSDV9XnPJfyb+gb9KWhvX+XAbgJoXW1HjJOO -P5sx6mFhMb3UqAfKQVoAuGbl4+uxIThBTqpICkaaD8WLdukqQjomUMDRbWIf6SblPuOEpPi1G/WM -qkTkpqX77Wkj08QY/yj5DDrsYJ5NymnWvu7jcoxCFCKvEQ8Q4g7AYKnG ------END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer deleted file mode 100644 index 194d4d7c..00000000 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEjTCCA3WgAwIBAgIDAOSpMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB -VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp -bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 -YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa -Fw0xNDEyMTMyMzAwMDBaMIGhMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz -dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy -a2VociBHbWJIMSMwIQYDVQQLDBphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMjEj -MCEGA1UEAwwaYS1zaWduLWNvcnBvcmF0ZS1tZWRpdW0tMDIwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCuaTBb6rHd5JZqAdvpmGIl5ne0Hg6GbpJvBeCI -U6l9Rs8ebMY6aIS++qJOE9rnJHdfZNzLzduuoWEzEuwm9a/azQThM+eT+xlG/Vcf -NuOQTTjAuXHLvYQ7WxSrBIT/kmAyqJgq/DEPvdX4jmCtVkuZ1gbxYIChLOVBWkVC -FCK49BuXECtNy5fzK/GyfouZOVoQgiQ1YfecqzibcwO0t+f68Pvp/s6HESAH5tXY -PdENDw4c/W/qKaeR87jPq98AJ8Lr4bmjWLjK8/ITtGglnJy8osFz22oR7f6fbWl6 -5LdhJ3giM68WEabQcZkw8cx3RDOzbnL2Kn+PVNHHyp3Wh849AgMBAAGjgeEwgd4w -DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISoLnpz/+q98wEwYDVR0jBAwwCoAI -Qj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMIGSBgNVHR8EgYowgYcwgYSggYGgf4Z9 -bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0LVF1YWwtMDIsbz1BLVRy -dXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdD9iYXNlP29iamVjdGNs -YXNzPWVpZENlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEB -ABqg1oRs/TZ0hJLJRV/xJglFzgn2fDAXeoVvWnAE09F1d0n+ZorKAKbMfiZ2CuKs -M0AhU23/5zM90DdrtYWXpa+P8ONALZtHJIqGfVuRKYJq7jY5TpE3yRkTcrp47smp -WqTwUgG+0aBeU9m+ZtGUFOsBkq+MudD8IZGc7VcLd1n4ltND9ITjX20hu01ju56c -YC69vFa5hmIccXg/Q3dGEV5Amx8MTQJluG3QvqBOY74yrAFICvK1zsvu+vOGvJQj -i+PxKlbQdehrV82VDxyfSjpEUADWMGRfE5vg4YBGgfRosh4w7a6ThD2LMLFPmIhy -P6+VGUBCm2tMDDOo9DVkXFs= ------END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer new file mode 100644 index 00000000..f9fef65f Binary files /dev/null and b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer differ diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer new file mode 100644 index 00000000..36a442b8 Binary files /dev/null and b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer differ diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer new file mode 100644 index 00000000..ab9e0cd7 Binary files /dev/null and b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer differ diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer new file mode 100644 index 00000000..efa28178 Binary files /dev/null and b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer differ diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer new file mode 100644 index 00000000..33e77636 Binary files /dev/null and b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer differ diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer new file mode 100644 index 00000000..ee859434 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdzCCA1+gAwIBAgIDAmU4MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA2MDgxNjIyMDAw +MFoXDTE2MDgxNjIyMDAwMFowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt +c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6 +PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK +k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj +r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG +AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt +Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd +LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E +CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG +MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv +b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl +dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1 +dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAHKlnV3R9sbXojtONugyazkZCEzmC +nZF1Dz4cOL0vPzzvS8MVWtG43zAgVI1NT/0ETSWsXD3YfzRi+f+/CxrGn0gwZX2t +VGx+Z9w5ufiy1vuhxDUPmpos1TbJ4Wv3Une0E7iuHmNLg5qVlKeHWpcU8t1Y0nCt +eRz34Qm87AVAykta33XST1fYvGoPKsDtn3qx9ye/pcbDvWjPwmqF2UUoql+d5hmJ +Umgzwezqk4I+FS98BrnaPgC5UVFHg+yUjiUDLjYy7UvDZ5Led6kkLXuzVhQolLvr +KTrGp5k42PG2MMkw8f6GMF/6yePXgzFMCRN8ReR7J5Htv33SytLRmFRd8g== +-----END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer new file mode 100644 index 00000000..7e67be95 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEgzCCA2ugAwIBAgIDAarsMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw +MFoXDTE1MTExMzIzMDAwMFowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1jb3Jwb3JhdGUtMDMxHDAaBgNV +BAMME2Etc2lnbi1jb3Jwb3JhdGUtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCp44qY+AiVXlcnHoKvch9s3ujoWFNktvcteIPwK7s0mb/uxTUW9UIF +Die9n3AbyTsJE6R3nZYSJVHHi+1DKD72/WEo/B5NOOtd6KUMfJgca1tDmcsIwhFn +82qkZrbNQwdIIdLe6+nDmjd9UBIaKv7yy1kq20jh09HOK3/bWhafVQE7EAgDfNrn +8f0JfnnF0EA/La5kkg878L22fh9lRzt8H21THqJPtK4/e9SttjrJnPhFk2/MjAGS +uaDufG6BV5Hnn7klR5qm5q32ypleLA6Zi4m9jRCVtPd4jRPYM40XpRkrJuFw+lxp +rejfEZt/SRh1eQXiXDUgtgX8OaIylH9pAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQIQj75YZ1a5XIwEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYD +VR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFw +LmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9j +ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy +dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEARu7e1SyBRjlA +g/thtFwtKQRvopTZKWj2LWpEdvPvwThOvf8Depnas+ly5af8r8YzsqJzfX3XWvhN +qOOI24g5FmXfCUTq/kbtaeTq/AqV94793IJfcilPnpMOEHMqXNDiRUoAgR/9EVj8 +mDVvL2lLlJzeAltqOD5Bi9QwguaD2/3/E5ymFnqkf1dnlXbo8AhcwPEzReNKn1eM +Ilg4FwP1bP0HUK3Fyz1UQ/Hncg+MS7c+SkjpNEd4sH7/GdxuQs5Sk7IRwot1+sbX +3CkkPhSqiUzig9raxJYrtbb2kyiUO8+d5HzRyoP4BNzsdZdPc0gDYweXg5qarHOQ +16IEOtBmKg== +-----END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer new file mode 100644 index 00000000..0c68e593 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEJjCCAw6gAwIBAgIDAOJEMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIjAgBgNVBAsTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDExIjAgBgNV +BAMTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDGC65v8rni63DojEBriynPwRqNCp14/SkN5ROkTUGNvLSabfSJV4PKGLTzasPAaChwX0g/ +kebahFM3R7nIyeVx2YB8VRvC4I/spP/mCs5+6pf1N+6Kiq4NcswgNBBfqAteaQIylBMy6HDkjoXY +X/c+SxjyrqAkeZCK+SHMOraXCO1PZHWbYwleKXf4R2Z6ayEfJ2XWeVuqqon76WHp/POI0RADBchA +6Vm1ROzSAHz39bay1TZunQXSs3VQ9cE3uQPjN+80efmf0ZgNF0sXsDTssoZg2feTANSOkTGM1bMC +5xe1hWFL8MZNe4yZ+NSgFN2fofb8BPvyQAW0no2PNA6PAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQITp5/1C/JHx8wEwYDVR0jBAwwCoAITlnOxwIyhzAwDgYDVR0PAQH/BAQD +AgEGMGUGA1UdHwReMFwwWqBYoFaGVGxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1u +UXVhbC0wMSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0PzANBgkqhkiG +9w0BAQUFAAOCAQEAOtuz2GqnTibk/poCLrdYKpZSrLyfWFsJJpfBYA9HMasnfpJBCHgRHJud6DAO +xD900Vhmwy66D8dqsN3+fR8Bx8ZMKspnFN1B2Wz7LWOxMaKqP3JolJ/oVwzJRm0afcUMAfAumkc5 +Yqu0nC5qCF9zYY9YbJklh84uEzEg9j85kuRBHOCUc+5MVrnv7WPbirx6c95YFqXBQ0arA5QE9zYq +MDO8aUYPOWEHgtrVI+kMwELYHqLDX7i9VqsXhgFPeVz1wIV7s/i3budGeHMS6hjnyIc30FqM7CTY +fcvqVNZliErbjD1k1W1gMgvjLJowNvQC0W7K9/yoQhwTqtNMR4WZwA== +-----END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer new file mode 100644 index 00000000..c300891d --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCA3OgAwIBAgIDAOSoMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa +Fw0xNDEyMTMyMzAwMDBaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw +IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM +LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS +dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS +p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/ +vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O +sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G +A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9 +KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk +YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz +dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz +cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBH +opWG7LKmPBvuGjZnRV4KGKzzUYVuxSRS1E0VIUPbVLf5xW2r5uUpR8ud5EpiPrcw +k6K0dzu2Vb4ZbMIP+6J16S/0qvTp/3A/3q87+nJ+ot+IT8GZFJfSw18th2WmZdzR +ShbM6sgViPtGsFROCdWeiHl248w2+zG+09sf8Bu3UyvwLRAiiKaxuwVdQ9kc0TL3 +gvv+K5eisWWthQOX2IF2jGSEqoAVwfHhl7bc9Vt7XnJSpQFebHnsIVuV4Mv6w4ww +86hQPCLLvvV7wWDiBQ8l2FWneX0pNH3Wg+A1TRUoptc+pPDdpoP272MDm4fXyPKV +7QgIaIK+gXNUj2GGt1K9 +-----END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer new file mode 100644 index 00000000..2251ca22 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgIDAartMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw +MFoXDTE1MTExMzIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxIjAgBgNVBAsMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMx +IjAgBgNVBAMMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC359oitbHkkEgdErRPeBdkcYRK2DLdxfcnn+SI +umSEYzWVscRTchPKSzb7f1a6EHPbB5WZsGJaUDX9KfTqsJNMo+7bASKk3gsLVxNZ +qY2t2G+y8HvREYYejDOIzjAkcBQrt+nvuBUlGYVJQjEuyAn18f2vG0Y3VNvZFGKn +PK8AVycUMk0Uw21RbK3vX5tbbPgQ/kcZkN4czi5VHepMvf6hAwwLoJj+KL9zxm8j +yPK88qCBKAjMNCpZKsEhyanw1CjYbVmHs45Q5W6FBtqDcS6Iq4mC6TtUPGtCTuoH +7/JLuhEp075ohp87v3fSlzeLJjBpkUDP9U8Tv7l2euD0t1UVAgMBAAGjgeMwgeAw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQZFpHL+t2JgwEwYDVR0jBAwwCoAI +RGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCG +fmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEt +VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0 +Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC +AQEADTRIaQtPwoPS6/TpyBhOw4wAHk/RM4gkLT76URPY2sUHihxqy+8qEElN+f5l +I61myCP3IFTClflcHVR1QCoMg0ZI5/EcQTI8Dgd5iQkXuVjh3wCj87Ka2Tu7d1K+ +i9VJ4BR/ph/qmPKR7Lx/PtATw/vWo4k2rbt5o1QwixZ7CPt+BF9xCaAC4uL0bB0M +9M3i9W2ePmqX6WIB3jMkT9FQC0KihPPfw/17KddNi4rFMMEiTyKvJTtTqDnIAwWW +TqsL1G7oxMMtnnYaKWMQ6gQiOiRzCY7efcAi/3YwUX6ULW5zxqapNs1vqEbSGsQE +l1eFl67HBZHYAPdoHGUnZF0KaQ== +-----END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer new file mode 100644 index 00000000..2d7f1a03 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIDAOKKMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTIwNTIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgaExCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1jb3Jwb3JhdGUtbWVkaXVtLTAxMSMwIQYD +VQQDExphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANEbZyIMIXZYBjTj/+3TrNGssRKNNdTedQlWB3vJQWLzeG89Kzmhy1WDX8IqDrMtvpXH +5w6urK3ZT7HGu2Jldrib8rkEOdE9+uNGRtkP8Kuz//CvdXCbIDvBLqgvWn9a3Sl/rUicPqKwcEcN +bP2Q0iU6NvvALmoqs93PymfTZlkGOwzUe+O88huXkauGWT/DkJd4JYDNJ0wlaGrJa+OorT4Izk1J +EipqqedUjsAj4Gq3SKrZKG/H/CkoH9uWTzrzFgg8zQhCES4AClo84XVk//EIv3ABDw4hr+lqV1nF +eXch9o4mLIe5u045471YLJLmyuCPDopb8U2VUoyldpMx+Y8CAwEAAaOBszCBsDAPBgNVHRMBAf8E +BTADAQH/MBEGA1UdDgQKBAhOuHKxmCmfZDATBgNVHSMEDDAKgAhOWc7HAjKHMDAOBgNVHQ8BAf8E +BAMCAQYwZQYDVR0fBF4wXDBaoFigVoZUbGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0 +LW5RdWFsLTAxLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/MA0GCSqG +SIb3DQEBBQUAA4IBAQDaukYSeJVxWAh8QShqGqA6Plp9aXCTzwl9hE2gb+/xGPASo+NVQi/sUa0+ +bx29oSJaW6lKzdHQLAx4dwW9XTpJ+0mebB4fQfYHH0lGc1O4au/4O9k+C3SrD6x4WeY9k/SpUFu1 +qjzH+tjta81UWtU7Jve1BhckNwdOFx7cR8fdW+pUQSDV9XnPJfyb+gb9KWhvX+XAbgJoXW1HjJOO +P5sx6mFhMb3UqAfKQVoAuGbl4+uxIThBTqpICkaaD8WLdukqQjomUMDRbWIf6SblPuOEpPi1G/WM +qkTkpqX77Wkj08QY/yj5DDrsYJ5NymnWvu7jcoxCFCKvEQ8Q4g7AYKnG +-----END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer new file mode 100644 index 00000000..194d4d7c --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjTCCA3WgAwIBAgIDAOSpMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa +Fw0xNDEyMTMyMzAwMDBaMIGhMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSMwIQYDVQQLDBphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMjEj +MCEGA1UEAwwaYS1zaWduLWNvcnBvcmF0ZS1tZWRpdW0tMDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCuaTBb6rHd5JZqAdvpmGIl5ne0Hg6GbpJvBeCI +U6l9Rs8ebMY6aIS++qJOE9rnJHdfZNzLzduuoWEzEuwm9a/azQThM+eT+xlG/Vcf +NuOQTTjAuXHLvYQ7WxSrBIT/kmAyqJgq/DEPvdX4jmCtVkuZ1gbxYIChLOVBWkVC +FCK49BuXECtNy5fzK/GyfouZOVoQgiQ1YfecqzibcwO0t+f68Pvp/s6HESAH5tXY +PdENDw4c/W/qKaeR87jPq98AJ8Lr4bmjWLjK8/ITtGglnJy8osFz22oR7f6fbWl6 +5LdhJ3giM68WEabQcZkw8cx3RDOzbnL2Kn+PVNHHyp3Wh849AgMBAAGjgeEwgd4w +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISoLnpz/+q98wEwYDVR0jBAwwCoAI +Qj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMIGSBgNVHR8EgYowgYcwgYSggYGgf4Z9 +bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0LVF1YWwtMDIsbz1BLVRy +dXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdD9iYXNlP29iamVjdGNs +YXNzPWVpZENlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEB +ABqg1oRs/TZ0hJLJRV/xJglFzgn2fDAXeoVvWnAE09F1d0n+ZorKAKbMfiZ2CuKs +M0AhU23/5zM90DdrtYWXpa+P8ONALZtHJIqGfVuRKYJq7jY5TpE3yRkTcrp47smp +WqTwUgG+0aBeU9m+ZtGUFOsBkq+MudD8IZGc7VcLd1n4ltND9ITjX20hu01ju56c +YC69vFa5hmIccXg/Q3dGEV5Amx8MTQJluG3QvqBOY74yrAFICvK1zsvu+vOGvJQj +i+PxKlbQdehrV82VDxyfSjpEUADWMGRfE5vg4YBGgfRosh4w7a6ThD2LMLFPmIhy +P6+VGUBCm2tMDDOo9DVkXFs= +-----END CERTIFICATE----- diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index 9766ae26..eebe36cd 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -28,18 +28,18 @@ AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessContr # directory where certificates for # chain constructions can be placed +#SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore + # Directory where trusted CA # certificates are placed SSL.caDirectory=classpath:at/gv/egiz/bku/online/conf/certs/CACerts - -SSL.doRevocationChecking=true SSL.sslProtocol=TLS -SSL.cache.lifetime=3600 -# use authority info access extension to find ca certs. -SSL.useAIA=true +# warning do not set the following property to true +# its intended for debugging and testing only +SSL.disableAllChecks=false # ------------ END SSL Config -------------------- diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index b074da59..4069cdc9 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -45,9 +45,13 @@ + + + + diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml index 282d4db2..6b2ec35c 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/web.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml @@ -1,97 +1,104 @@ - + + http-security-layer-request - http://www.apache.org/licenses/LICENSE-2.0 + + + contextConfigLocation + /WEB-INF/applicationContext.xml + + + org.springframework.web.context.ContextLoaderListener + + - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> - - http-security-layer-request - - - - contextConfigLocation - /WEB-INF/applicationContext.xml - - - - org.springframework.web.context.ContextLoaderListener - - - - - - - at.gv.egiz.bku.online.webapp.SessionTimeout - - - BKUServlet - at.gv.egiz.bku.online.webapp.BKURequestHandler - - - ResultServlet - at.gv.egiz.bku.online.webapp.ResultServlet - - responseEncoding - UTF-8 - - - expiredPage - - expired.html - - - - BKUServlet - /http-security-layer-request - - - BKUServlet - /https-security-layer-request - - - ResultServlet - /bkuResult - - - - - - - - com.sun.xml.ws.transport.http.servlet.WSServletContextListener - - - STALPort - com.sun.xml.ws.transport.http.servlet.WSServlet - 1 - - - STALPort - /stal - - - - index.html - index.htm - index.jsp - default.html - default.htm - default.jsp - - - 5 - + + + at.gv.egiz.bku.online.webapp.SessionTimeout + + + BKUServlet + at.gv.egiz.bku.online.webapp.BKURequestHandler + + + ResultServlet + at.gv.egiz.bku.online.webapp.ResultServlet + + responseEncoding + UTF-8 + + + expiredPage + + expired.html + + + + HashDataInputServlet + at.gv.egiz.bku.online.webapp.HashDataInputServlet + + + BKUServlet + /http-security-layer-request + + + BKUServlet + /https-security-layer-request + + + ResultServlet + /bkuResult + + + HashDataInputServlet + /hashDataInput + + + + + + + + + + + com.sun.xml.ws.transport.http.servlet.WSServletContextListener + + + STALPort + com.sun.xml.ws.transport.http.servlet.WSServlet + 1 + + + STALPort + /stal + + + + + index.html + index.htm + index.jsp + default.html + default.htm + default.jsp + + + 5 + \ No newline at end of file diff --git a/BKUOnline/src/test/resources/applicationContext.xml b/BKUOnline/src/test/resources/applicationContext.xml index 4bb5e8e2..5f2487bf 100644 --- a/BKUOnline/src/test/resources/applicationContext.xml +++ b/BKUOnline/src/test/resources/applicationContext.xml @@ -45,9 +45,11 @@ + + \ No newline at end of file diff --git a/STALService/pom.xml b/STALService/pom.xml index 93181adb..e9c573f1 100644 --- a/STALService/pom.xml +++ b/STALService/pom.xml @@ -18,5 +18,10 @@ STAL 1.0-SNAPSHOT + + at.gv.egiz + utils + 1.0-SNAPSHOT + \ No newline at end of file diff --git a/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java b/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java new file mode 100644 index 00000000..dda20968 --- /dev/null +++ b/STALService/src/main/java/at/gv/egiz/stal/util/HashDataInputProxy.java @@ -0,0 +1,67 @@ +package at.gv.egiz.stal.util; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.stal.HashDataInput; + +/** + * Enables multiple read requests. + * + */ +public class HashDataInputProxy implements HashDataInput { + + private static Log log = LogFactory.getLog(HashDataInputProxy.class); + + private HashDataInput delegate; + private byte[] hashInput; + + /** + * + * @param delegate + * != null + */ + public HashDataInputProxy(HashDataInput delegate) { + if (delegate == null) { + throw new NullPointerException("Constructor argument must not be null"); + } + this.delegate = delegate; + } + + @Override + public String getEncoding() { + return delegate.getEncoding(); + } + + @Override + public InputStream getHashDataInput() { + if (hashInput == null) { + ByteArrayOutputStream os = new ByteArrayOutputStream(); + try { + StreamUtil.copyStream(delegate.getHashDataInput(), os); + hashInput = os.toByteArray(); + } catch (IOException e) { + log.error("Cannot access hashdatainput stream", e); + hashInput = new byte[0]; + } + } + return new ByteArrayInputStream(hashInput); + } + + @Override + public String getMimeType() { + return delegate.getMimeType(); + } + + @Override + public String getReferenceId() { + return delegate.getReferenceId(); + } + +} diff --git a/bkucommon/pom.xml b/bkucommon/pom.xml index 40b73e48..a90aebf5 100644 --- a/bkucommon/pom.xml +++ b/bkucommon/pom.xml @@ -1,78 +1,85 @@ - - - bku - at.gv.egiz - 1.0-SNAPSHOT - - 4.0.0 - at.gv.egiz - bkucommon - BKU Common - 1.0-SNAPSHOT - http://maven.apache.org - - - at.gv.egiz - utils - 1.0-SNAPSHOT - - - at.gv.egiz - STAL - 1.0-SNAPSHOT - - - commons-logging - commons-logging - - - iaik - iaik_jce_full_signed - - - commons-fileupload - commons-fileupload - compile - - - commons-httpclient - commons-httpclient - compile - - - xerces - xercesImpl - - - xalan - xalan - - - iaik - iaik_xsect - - - - - - - - + + + bku + at.gv.egiz + 1.0-SNAPSHOT + + 4.0.0 + at.gv.egiz + bkucommon + BKU Common + 1.0-SNAPSHOT + http://maven.apache.org + + + at.gv.egiz + utils + 1.0-SNAPSHOT + + + at.gv.egiz + STAL + 1.0-SNAPSHOT + + + commons-logging + commons-logging + + + iaik + iaik_jce_full_signed + + + commons-fileupload + commons-fileupload + compile + + + commons-httpclient + commons-httpclient + compile + + + xerces + xercesImpl + + + xalan + xalan + + + iaik + iaik_xsect + + + iaik + iaik_pki + compile + + + + + + + + \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java new file mode 100644 index 00000000..6a95b369 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java @@ -0,0 +1,13 @@ +package at.gv.egiz.bku.conf; + +import iaik.x509.X509Certificate; + +import java.io.File; + +public interface CertValidator { + + public abstract void init(File certDir, File caDir); + + public abstract boolean isCertificateValid(String transactionId, X509Certificate[] certs); + +} \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java new file mode 100644 index 00000000..125233c1 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java @@ -0,0 +1,83 @@ +package at.gv.egiz.bku.conf; + +import iaik.logging.TransactionId; +import iaik.logging.impl.TransactionIdImpl; +import iaik.pki.DefaultPKIConfiguration; +import iaik.pki.DefaultPKIProfile; +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIModule; +import iaik.pki.PKIProfile; +import iaik.pki.store.certstore.CertStoreParameters; +import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters; +import iaik.pki.store.truststore.DefaultTrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; +import iaik.x509.X509Certificate; + +import java.io.File; +import java.util.Date; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class CertValidatorImpl implements CertValidator { + + private static Log log = LogFactory.getLog(CertValidatorImpl.class); + + private PKIFactory pkiFactory; + private PKIProfile profile; + + public CertValidatorImpl() { + + } + + /* (non-Javadoc) + * @see at.gv.egiz.bku.conf.CertValidator#init(java.io.File, java.io.File) + */ + public void init(File certDir, File caDir) { + // the parameters specifying the directory certstore + CertStoreParameters[] certStoreParameters = { new DefaultDirectoryCertStoreParameters( + "CS-001", certDir.getAbsolutePath(), true, false) }; + + // create a new PKI configuration using the certstore parameters + PKIConfiguration pkiConfig = new DefaultPKIConfiguration( + certStoreParameters); + + // Transaction ID for logging + TransactionId tid = new TransactionIdImpl("Configure-PKI"); + // get PKI factory for creating PKI module(s) + pkiFactory = PKIFactory.getInstance(); + // configure the factory + try { + pkiFactory.configure(pkiConfig, tid); + } catch (PKIException e) { + log.error("Cannot configure PKI module", e); + } + // the truststore to be used + TrustStoreProfile trustProfile = new DefaultTrustStoreProfile("TS-001", + TrustStoreTypes.DIRECTORY, caDir.getAbsolutePath()); + profile = new DefaultPKIProfile(trustProfile); + ((DefaultPKIProfile)profile).setAutoAddCertificates(true); + } + + /* (non-Javadoc) + * @see at.gv.egiz.bku.conf.CertValidator#isCertificateValid(java.lang.String, iaik.x509.X509Certificate[]) + */ + public boolean isCertificateValid(String transactionId, + X509Certificate[] certs) { + // Transaction ID for logging + TransactionId tid = new TransactionIdImpl(transactionId); + // get a PKIModule + PKIModule pkiModule; + try { + pkiModule = pkiFactory.getPKIModule(profile); + return pkiModule.validateCertificate(new Date(), certs[0], certs, null, + tid).isCertificateValid(); + } catch (PKIException e) { + log.error("Cannot validate certificate", e); + } + return false; + } +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 9a1e7020..9ed99190 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -9,6 +9,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; +import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.Provider; @@ -18,27 +19,18 @@ import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CollectionCertStoreParameters; import java.security.cert.LDAPCertStoreParameters; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CertSelector; import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.HashSet; -import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Properties; -import java.util.Set; -import javax.net.ssl.CertPathTrustManagerParameters; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; -import javax.net.ssl.ManagerFactoryParameters; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import org.apache.commons.logging.Log; @@ -55,6 +47,8 @@ public abstract class Configurator { protected Properties properties; + protected CertValidator certValidator; + protected Configurator() { } @@ -64,9 +58,9 @@ public abstract class Configurator { protected abstract InputStream getManifest(); - private Set getCACerts() throws IOException, + private X509Certificate[] getCACerts() throws IOException, CertificateException { - Set caCerts = new HashSet(); + List caCerts = new ArrayList(); File caDir = getCADir(); if (caDir != null) { if (!caDir.isDirectory()) { @@ -81,13 +75,12 @@ public abstract class Configurator { X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); fis.close(); log.debug("Adding trusted cert " + cert.getSubjectDN()); - caCerts.add(new TrustAnchor(cert, null)); + caCerts.add(cert); } catch (Exception e) { log.error("Cannot add trusted ca", e); } } - return caCerts; - + return caCerts.toArray(new X509Certificate[caCerts.size()]); } else { log.warn("No CA certificates configured"); } @@ -239,69 +232,33 @@ public abstract class Configurator { } public void configureSSL() { - Set caCerts = null; + X509Certificate[] caCerts = null; try { caCerts = getCACerts(); } catch (Exception e1) { log.error("Cannot load CA certificates", e1); } - List certStoreList = null; - try { - certStoreList = getCertstore(); - } catch (Exception e1) { - log.error("Cannot load certstore certificates", e1); - } - String aia = getProperty("SSL.useAIA"); - if ((aia == null) || (aia.equals(""))) { - System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - } else { - System.setProperty("com.sun.security.enableAIAcaIssuers", aia); - } - String lifetime = getProperty("SSL.cache.lifetime"); - if ((lifetime == null) || (lifetime.equals(""))) { - System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0"); - } else { - System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime); - } - X509CertSelector selector = new X509CertSelector(); - PKIXBuilderParameters pkixParams; + String disableAll = getProperty("SSL.disableAllChecks"); try { - pkixParams = new PKIXBuilderParameters(caCerts, selector); - if ((getProperty("SSL.doRevocationChecking") != null) - && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { - log.info("Enable revocation checking"); - System.setProperty("com.sun.security.enableCRLDP", "true"); - Security.setProperty("ocsp.enable", "true"); - } else { - log.warn("Revocation checking disabled"); - } - for (CertStore cs : certStoreList) { - pkixParams.addCertStore(cs); - } - ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( - pkixParams); - TrustManagerFactory trustFab; - trustFab = TrustManagerFactory.getInstance("PKIX"); - trustFab.init(trustParams); KeyManager[] km = null; SSLContext sslCtx = SSLContext .getInstance(getProperty("SSL.sslProtocol")); - String disableAll = getProperty("SSL.disableAllChecks"); if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { log.warn("--------------------------------------"); log.warn(" Disabling SSL Certificate Validation "); log.warn("--------------------------------------"); - sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, - certStoreList) }, null); + sslCtx.init(km, + new TrustManager[] { new MyAlwaysTrustManager(caCerts) }, null); } else { - sslCtx.init(km, trustFab.getTrustManagers(), null); + MyPKITrustManager pkixTM = new MyPKITrustManager(certValidator, + getCertDir(), getCADir(), caCerts); + sslCtx.init(km, new TrustManager[] { pkixTM }, null); } HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } - String disableAll = getProperty("SSL.disableAllChecks"); if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { log.warn("---------------------------------"); log.warn(" Disabling Hostname Verification "); @@ -315,19 +272,74 @@ public abstract class Configurator { } } - private static class MyTrustManager implements X509TrustManager { - private static Log log = LogFactory.getLog(MyTrustManager.class); + + + public void setCertValidator(CertValidator certValidator) { + this.certValidator = certValidator; + } + + private static class MyPKITrustManager implements X509TrustManager { + private static Log log = LogFactory.getLog(MyPKITrustManager.class); + + private CertValidator certValidator; private X509Certificate[] trustedCerts; - public MyTrustManager(Set caCerts, List cs) { - trustedCerts = new X509Certificate[caCerts.size()]; + public MyPKITrustManager(CertValidator cv, File certStore, File trustStore, + X509Certificate[] trustedCerts) { + certValidator = cv; + certValidator.init(certStore, trustStore); + this.trustedCerts = trustedCerts; + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + log.error("Did not expect this method to get called"); + throw new CertificateException("Method not implemented"); + } + + private static iaik.x509.X509Certificate[] convertCerts( + X509Certificate[] certs) throws GeneralSecurityException { + iaik.x509.X509Certificate[] retVal = new iaik.x509.X509Certificate[certs.length]; int i = 0; - for (Iterator it = caCerts.iterator(); it.hasNext();) { - TrustAnchor ta = it.next(); - trustedCerts[i++] = ta.getTrustedCert(); + for (X509Certificate cert : certs) { + if (cert instanceof iaik.x509.X509Certificate) { + retVal[i++] = (iaik.x509.X509Certificate) cert; + } else { + retVal[i++] = new iaik.x509.X509Certificate(cert.getEncoded()); + } + } + return retVal; + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + try { + boolean valid = certValidator.isCertificateValid(Thread.currentThread() + .getName(), convertCerts(chain)); + if (!valid) { + throw new CertificateException("Certificate not valid"); + } + } catch (GeneralSecurityException e) { + throw new CertificateException(e); } } + @Override + public X509Certificate[] getAcceptedIssuers() { + return trustedCerts; + } + } + + private static class MyAlwaysTrustManager implements X509TrustManager { + private static Log log = LogFactory.getLog(MyAlwaysTrustManager.class); + private X509Certificate[] trustedCerts; + + public MyAlwaysTrustManager(X509Certificate[] trustedCerts) { + this.trustedCerts = trustedCerts; + } + @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java new file mode 100644 index 00000000..7bc0daa5 --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/conf/CertValidatorTest.java @@ -0,0 +1,32 @@ +package at.gv.egiz.bku.conf; + +import iaik.x509.X509Certificate; + +import java.io.File; +import java.io.IOException; +import java.security.cert.CertificateException; + +import static org.junit.Assert.*; + +import org.junit.Before; +import org.junit.Test; + +public class CertValidatorTest { + + private CertValidator cv; + + @Before + public void setUp() { + cv = new CertValidatorImpl(); + String caDir = getClass().getClassLoader().getResource("at/gv/egiz/bku/conf/certs/CACerts").getPath(); + String certDir = getClass().getClassLoader().getResource("at/gv/egiz/bku/conf/certs/certStore").getPath(); + cv.init(new File(caDir), new File(certDir)); + } + + @Test + public void testValid() throws CertificateException, IOException { + X509Certificate cert = new X509Certificate(getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der")); + assertTrue(cv.isCertificateValid("TID", new X509Certificate[]{cert})); + } + +} diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer new file mode 100644 index 00000000..f9fef65f Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-01a.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer new file mode 100644 index 00000000..36a442b8 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-02a.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer new file mode 100644 index 00000000..ab9e0cd7 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-Qual-03a.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer new file mode 100644 index 00000000..efa28178 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-01a.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer new file mode 100644 index 00000000..33e77636 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/CACerts/A-Trust-nQual-03.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer new file mode 100644 index 00000000..f9fef65f Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-01a.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer new file mode 100644 index 00000000..36a442b8 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-02a.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer new file mode 100644 index 00000000..ab9e0cd7 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-Qual-03a.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer new file mode 100644 index 00000000..efa28178 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-01a.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer new file mode 100644 index 00000000..33e77636 Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/A-Trust-nQual-03.cer differ diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer new file mode 100644 index 00000000..ee859434 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-SSL-03.cer @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdzCCA1+gAwIBAgIDAmU4MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA2MDgxNjIyMDAw +MFoXDTE2MDgxNjIyMDAwMFowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt +c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6 +PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK +k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj +r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG +AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt +Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd +LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E +CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG +MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv +b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl +dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1 +dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAHKlnV3R9sbXojtONugyazkZCEzmC +nZF1Dz4cOL0vPzzvS8MVWtG43zAgVI1NT/0ETSWsXD3YfzRi+f+/CxrGn0gwZX2t +VGx+Z9w5ufiy1vuhxDUPmpos1TbJ4Wv3Une0E7iuHmNLg5qVlKeHWpcU8t1Y0nCt +eRz34Qm87AVAykta33XST1fYvGoPKsDtn3qx9ye/pcbDvWjPwmqF2UUoql+d5hmJ +Umgzwezqk4I+FS98BrnaPgC5UVFHg+yUjiUDLjYy7UvDZ5Led6kkLXuzVhQolLvr +KTrGp5k42PG2MMkw8f6GMF/6yePXgzFMCRN8ReR7J5Htv33SytLRmFRd8g== +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer new file mode 100644 index 00000000..7e67be95 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEgzCCA2ugAwIBAgIDAarsMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw +MFoXDTE1MTExMzIzMDAwMFowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1jb3Jwb3JhdGUtMDMxHDAaBgNV +BAMME2Etc2lnbi1jb3Jwb3JhdGUtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCp44qY+AiVXlcnHoKvch9s3ujoWFNktvcteIPwK7s0mb/uxTUW9UIF +Die9n3AbyTsJE6R3nZYSJVHHi+1DKD72/WEo/B5NOOtd6KUMfJgca1tDmcsIwhFn +82qkZrbNQwdIIdLe6+nDmjd9UBIaKv7yy1kq20jh09HOK3/bWhafVQE7EAgDfNrn +8f0JfnnF0EA/La5kkg878L22fh9lRzt8H21THqJPtK4/e9SttjrJnPhFk2/MjAGS +uaDufG6BV5Hnn7klR5qm5q32ypleLA6Zi4m9jRCVtPd4jRPYM40XpRkrJuFw+lxp +rejfEZt/SRh1eQXiXDUgtgX8OaIylH9pAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQIQj75YZ1a5XIwEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYD +VR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFw +LmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9j +ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy +dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEARu7e1SyBRjlA +g/thtFwtKQRvopTZKWj2LWpEdvPvwThOvf8Depnas+ly5af8r8YzsqJzfX3XWvhN +qOOI24g5FmXfCUTq/kbtaeTq/AqV94793IJfcilPnpMOEHMqXNDiRUoAgR/9EVj8 +mDVvL2lLlJzeAltqOD5Bi9QwguaD2/3/E5ymFnqkf1dnlXbo8AhcwPEzReNKn1eM +Ilg4FwP1bP0HUK3Fyz1UQ/Hncg+MS7c+SkjpNEd4sH7/GdxuQs5Sk7IRwot1+sbX +3CkkPhSqiUzig9raxJYrtbb2kyiUO8+d5HzRyoP4BNzsdZdPc0gDYweXg5qarHOQ +16IEOtBmKg== +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer new file mode 100644 index 00000000..0c68e593 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEJjCCAw6gAwIBAgIDAOJEMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIjAgBgNVBAsTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDExIjAgBgNV +BAMTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDGC65v8rni63DojEBriynPwRqNCp14/SkN5ROkTUGNvLSabfSJV4PKGLTzasPAaChwX0g/ +kebahFM3R7nIyeVx2YB8VRvC4I/spP/mCs5+6pf1N+6Kiq4NcswgNBBfqAteaQIylBMy6HDkjoXY +X/c+SxjyrqAkeZCK+SHMOraXCO1PZHWbYwleKXf4R2Z6ayEfJ2XWeVuqqon76WHp/POI0RADBchA +6Vm1ROzSAHz39bay1TZunQXSs3VQ9cE3uQPjN+80efmf0ZgNF0sXsDTssoZg2feTANSOkTGM1bMC +5xe1hWFL8MZNe4yZ+NSgFN2fofb8BPvyQAW0no2PNA6PAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQITp5/1C/JHx8wEwYDVR0jBAwwCoAITlnOxwIyhzAwDgYDVR0PAQH/BAQD +AgEGMGUGA1UdHwReMFwwWqBYoFaGVGxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1u +UXVhbC0wMSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0PzANBgkqhkiG +9w0BAQUFAAOCAQEAOtuz2GqnTibk/poCLrdYKpZSrLyfWFsJJpfBYA9HMasnfpJBCHgRHJud6DAO +xD900Vhmwy66D8dqsN3+fR8Bx8ZMKspnFN1B2Wz7LWOxMaKqP3JolJ/oVwzJRm0afcUMAfAumkc5 +Yqu0nC5qCF9zYY9YbJklh84uEzEg9j85kuRBHOCUc+5MVrnv7WPbirx6c95YFqXBQ0arA5QE9zYq +MDO8aUYPOWEHgtrVI+kMwELYHqLDX7i9VqsXhgFPeVz1wIV7s/i3budGeHMS6hjnyIc30FqM7CTY +fcvqVNZliErbjD1k1W1gMgvjLJowNvQC0W7K9/yoQhwTqtNMR4WZwA== +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer new file mode 100644 index 00000000..c300891d --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCA3OgAwIBAgIDAOSoMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa +Fw0xNDEyMTMyMzAwMDBaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw +IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM +LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS +dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS +p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/ +vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O +sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G +A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9 +KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk +YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz +dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz +cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBH +opWG7LKmPBvuGjZnRV4KGKzzUYVuxSRS1E0VIUPbVLf5xW2r5uUpR8ud5EpiPrcw +k6K0dzu2Vb4ZbMIP+6J16S/0qvTp/3A/3q87+nJ+ot+IT8GZFJfSw18th2WmZdzR +ShbM6sgViPtGsFROCdWeiHl248w2+zG+09sf8Bu3UyvwLRAiiKaxuwVdQ9kc0TL3 +gvv+K5eisWWthQOX2IF2jGSEqoAVwfHhl7bc9Vt7XnJSpQFebHnsIVuV4Mv6w4ww +86hQPCLLvvV7wWDiBQ8l2FWneX0pNH3Wg+A1TRUoptc+pPDdpoP272MDm4fXyPKV +7QgIaIK+gXNUj2GGt1K9 +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer new file mode 100644 index 00000000..2251ca22 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-light-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgIDAartMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw +MFoXDTE1MTExMzIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxIjAgBgNVBAsMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMx +IjAgBgNVBAMMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC359oitbHkkEgdErRPeBdkcYRK2DLdxfcnn+SI +umSEYzWVscRTchPKSzb7f1a6EHPbB5WZsGJaUDX9KfTqsJNMo+7bASKk3gsLVxNZ +qY2t2G+y8HvREYYejDOIzjAkcBQrt+nvuBUlGYVJQjEuyAn18f2vG0Y3VNvZFGKn +PK8AVycUMk0Uw21RbK3vX5tbbPgQ/kcZkN4czi5VHepMvf6hAwwLoJj+KL9zxm8j +yPK88qCBKAjMNCpZKsEhyanw1CjYbVmHs45Q5W6FBtqDcS6Iq4mC6TtUPGtCTuoH +7/JLuhEp075ohp87v3fSlzeLJjBpkUDP9U8Tv7l2euD0t1UVAgMBAAGjgeMwgeAw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQZFpHL+t2JgwEwYDVR0jBAwwCoAI +RGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCG +fmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEt +VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0 +Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC +AQEADTRIaQtPwoPS6/TpyBhOw4wAHk/RM4gkLT76URPY2sUHihxqy+8qEElN+f5l +I61myCP3IFTClflcHVR1QCoMg0ZI5/EcQTI8Dgd5iQkXuVjh3wCj87Ka2Tu7d1K+ +i9VJ4BR/ph/qmPKR7Lx/PtATw/vWo4k2rbt5o1QwixZ7CPt+BF9xCaAC4uL0bB0M +9M3i9W2ePmqX6WIB3jMkT9FQC0KihPPfw/17KddNi4rFMMEiTyKvJTtTqDnIAwWW +TqsL1G7oxMMtnnYaKWMQ6gQiOiRzCY7efcAi/3YwUX6ULW5zxqapNs1vqEbSGsQE +l1eFl67HBZHYAPdoHGUnZF0KaQ== +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer new file mode 100644 index 00000000..2d7f1a03 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIDAOKKMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTIwNTIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgaExCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1jb3Jwb3JhdGUtbWVkaXVtLTAxMSMwIQYD +VQQDExphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANEbZyIMIXZYBjTj/+3TrNGssRKNNdTedQlWB3vJQWLzeG89Kzmhy1WDX8IqDrMtvpXH +5w6urK3ZT7HGu2Jldrib8rkEOdE9+uNGRtkP8Kuz//CvdXCbIDvBLqgvWn9a3Sl/rUicPqKwcEcN +bP2Q0iU6NvvALmoqs93PymfTZlkGOwzUe+O88huXkauGWT/DkJd4JYDNJ0wlaGrJa+OorT4Izk1J +EipqqedUjsAj4Gq3SKrZKG/H/CkoH9uWTzrzFgg8zQhCES4AClo84XVk//EIv3ABDw4hr+lqV1nF +eXch9o4mLIe5u045471YLJLmyuCPDopb8U2VUoyldpMx+Y8CAwEAAaOBszCBsDAPBgNVHRMBAf8E +BTADAQH/MBEGA1UdDgQKBAhOuHKxmCmfZDATBgNVHSMEDDAKgAhOWc7HAjKHMDAOBgNVHQ8BAf8E +BAMCAQYwZQYDVR0fBF4wXDBaoFigVoZUbGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0 +LW5RdWFsLTAxLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/MA0GCSqG +SIb3DQEBBQUAA4IBAQDaukYSeJVxWAh8QShqGqA6Plp9aXCTzwl9hE2gb+/xGPASo+NVQi/sUa0+ +bx29oSJaW6lKzdHQLAx4dwW9XTpJ+0mebB4fQfYHH0lGc1O4au/4O9k+C3SrD6x4WeY9k/SpUFu1 +qjzH+tjta81UWtU7Jve1BhckNwdOFx7cR8fdW+pUQSDV9XnPJfyb+gb9KWhvX+XAbgJoXW1HjJOO +P5sx6mFhMb3UqAfKQVoAuGbl4+uxIThBTqpICkaaD8WLdukqQjomUMDRbWIf6SblPuOEpPi1G/WM +qkTkpqX77Wkj08QY/yj5DDrsYJ5NymnWvu7jcoxCFCKvEQ8Q4g7AYKnG +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer new file mode 100644 index 00000000..194d4d7c --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/certStore/a-sign-corporate-medium-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjTCCA3WgAwIBAgIDAOSpMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa +Fw0xNDEyMTMyMzAwMDBaMIGhMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSMwIQYDVQQLDBphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMjEj +MCEGA1UEAwwaYS1zaWduLWNvcnBvcmF0ZS1tZWRpdW0tMDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCuaTBb6rHd5JZqAdvpmGIl5ne0Hg6GbpJvBeCI +U6l9Rs8ebMY6aIS++qJOE9rnJHdfZNzLzduuoWEzEuwm9a/azQThM+eT+xlG/Vcf +NuOQTTjAuXHLvYQ7WxSrBIT/kmAyqJgq/DEPvdX4jmCtVkuZ1gbxYIChLOVBWkVC +FCK49BuXECtNy5fzK/GyfouZOVoQgiQ1YfecqzibcwO0t+f68Pvp/s6HESAH5tXY +PdENDw4c/W/qKaeR87jPq98AJ8Lr4bmjWLjK8/ITtGglnJy8osFz22oR7f6fbWl6 +5LdhJ3giM68WEabQcZkw8cx3RDOzbnL2Kn+PVNHHyp3Wh849AgMBAAGjgeEwgd4w +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISoLnpz/+q98wEwYDVR0jBAwwCoAI +Qj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMIGSBgNVHR8EgYowgYcwgYSggYGgf4Z9 +bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0LVF1YWwtMDIsbz1BLVRy +dXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdD9iYXNlP29iamVjdGNs +YXNzPWVpZENlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEB +ABqg1oRs/TZ0hJLJRV/xJglFzgn2fDAXeoVvWnAE09F1d0n+ZorKAKbMfiZ2CuKs +M0AhU23/5zM90DdrtYWXpa+P8ONALZtHJIqGfVuRKYJq7jY5TpE3yRkTcrp47smp +WqTwUgG+0aBeU9m+ZtGUFOsBkq+MudD8IZGc7VcLd1n4ltND9ITjX20hu01ju56c +YC69vFa5hmIccXg/Q3dGEV5Amx8MTQJluG3QvqBOY74yrAFICvK1zsvu+vOGvJQj +i+PxKlbQdehrV82VDxyfSjpEUADWMGRfE5vg4YBGgfRosh4w7a6ThD2LMLFPmIhy +P6+VGUBCm2tMDDOo9DVkXFs= +-----END CERTIFICATE----- diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der new file mode 100644 index 00000000..61ce8dff Binary files /dev/null and b/bkucommon/src/test/resources/at/gv/egiz/bku/conf/certs/testCerts/www.a-trust.at.der differ diff --git a/pom.xml b/pom.xml index c18a4c2c..d2fe06a1 100644 --- a/pom.xml +++ b/pom.xml @@ -1,211 +1,217 @@ - - 4.0.0 - at.gv.egiz - bku - pom - 1.0-SNAPSHOT - BKU - http://bku.egiz.gv.at - - utils - bkucommon - STAL - BKUOnline - smcc - BKULocal - BKUApplet - smccSTAL - STALService - BKUCommonGUI - BKUViewer - BKULocalApp - - - - mcentner - Martin Centner - mcentner@egiz.gv.at - - - wbauer - Wolfgang Bauer - wbauer@egiz.gv.at - - - corthacker - Clemens Orthacker - corthacker@egiz.gv.at - - - - svn://svn.egovlabs.gv.at/svnroot/mocca - - - E-Government Innovation Center (EGIZ) - http://www.egiz.gv.at - - - - - - maven-compiler-plugin - org.apache.maven.plugins - 2.0.2 - - - 1.6 - 1.6 - true - true - - - - maven-assembly-plugin - org.apache.maven.plugins - 2.2-beta-2 - - - maven-dependency-plugin - org.apache.maven.plugins - 2.0 - - - - jaxws-maven-plugin - org.codehaus.mojo - 1.10 - - - - - - maven-assembly-plugin - - - ${basedir}/src/main/assemblies/assembly-test.xml - - - - - - - - - - mocca-egovlabs - MOCCA EGovLabs - http://mocca.egovlabs.gv.at/m2/repository/ - - - maven2-repository.dev.java.net - Java.net Repository for Maven 2 - http://download.java.net/maven/2/ - - - maven1-repository.dev.java.net - Java.net Repository for Maven 1 - http://download.java.net/maven/1/ - legacy - - - - - log4j - log4j - runtime - - - junit - junit - test - - - - - - log4j - log4j - 1.2.12 - runtime - - - commons-logging - commons-logging - 1.1.1 - compile - - - junit - junit - 4.4 - test - - - xerces - xercesImpl - 2.9.1 - - - xalan - xalan - 2.7.0 - - - iaik - iaik_jce_full_signed - 3.16 - compile - - - iaik - iaik_jce_me4se - 3.04 - - - iaik - iaik_ecc_signed - 2.15 - - - iaik - iaik_xsect - 1.14 - - - commons-fileupload - commons-fileupload - 1.2.1 - compile - - - commons-httpclient - commons-httpclient - 3.1 - compile - - - + + 4.0.0 + at.gv.egiz + bku + pom + 1.0-SNAPSHOT + BKU + http://bku.egiz.gv.at + + utils + bkucommon + STAL + BKUOnline + smcc + BKULocal + BKUApplet + smccSTAL + STALService + BKUCommonGUI + BKUViewer + BKULocalApp + + + + mcentner + Martin Centner + mcentner@egiz.gv.at + + + wbauer + Wolfgang Bauer + wbauer@egiz.gv.at + + + corthacker + Clemens Orthacker + corthacker@egiz.gv.at + + + + svn://svn.egovlabs.gv.at/svnroot/mocca + + + E-Government Innovation Center (EGIZ) + http://www.egiz.gv.at + + + + + + maven-compiler-plugin + org.apache.maven.plugins + 2.0.2 + + + 1.6 + 1.6 + true + true + + + + maven-assembly-plugin + org.apache.maven.plugins + 2.2-beta-2 + + + maven-dependency-plugin + org.apache.maven.plugins + 2.0 + + + + jaxws-maven-plugin + org.codehaus.mojo + 1.10 + + + + + + maven-assembly-plugin + + + ${basedir}/src/main/assemblies/assembly-test.xml + + + + + + + + + + mocca-egovlabs + MOCCA EGovLabs + http://mocca.egovlabs.gv.at/m2/repository/ + + + maven2-repository.dev.java.net + Java.net Repository for Maven 2 + http://download.java.net/maven/2/ + + + maven1-repository.dev.java.net + Java.net Repository for Maven 1 + http://download.java.net/maven/1/ + legacy + + + + + log4j + log4j + runtime + + + junit + junit + test + + + + + + log4j + log4j + 1.2.12 + runtime + + + commons-logging + commons-logging + 1.1.1 + compile + + + junit + junit + 4.4 + test + + + xerces + xercesImpl + 2.9.1 + + + xalan + xalan + 2.7.0 + + + iaik + iaik_jce_full_signed + 3.16 + compile + + + iaik + iaik_jce_me4se + 3.04 + + + iaik + iaik_ecc_signed + 2.15 + + + iaik + iaik_xsect + 1.14 + + + iaik + iaik_pki + 1.0-SNAPSHOT + compile + + + commons-fileupload + commons-fileupload + 1.2.1 + compile + + + commons-httpclient + commons-httpclient + 3.1 + compile + + + \ No newline at end of file -- cgit v1.2.3 From 3aadcf8f877a560bed75af7e0db918aa26ef2a03 Mon Sep 17 00:00:00 2001 From: mcentner Date: Thu, 4 Dec 2008 10:00:31 +0000 Subject: Refactoring of infobox implementation. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@232 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../src/main/webapp/WEB-INF/applicationContext.xml | 34 ++ .../src/main/webapp/WEB-INF/applicationContext.xml | 17 + .../main/java/at/gv/egiz/bku/binding/DataUrl.java | 1 + .../bku/binding/LegacyDataUrlConnectionImpl.java | 230 +++++++++ .../java/at/gv/egiz/bku/conf/Configurator.java | 41 +- .../egiz/bku/slcommands/InfoboxUpdateCommand.java | 23 + .../egiz/bku/slcommands/InfoboxUpdateResult.java | 21 + .../slcommands/impl/AbstractAssocArrayInfobox.java | 284 ++++++++++ .../slcommands/impl/AbstractBinaryFileInfobox.java | 68 +++ .../impl/AbstractInfoboxCommandImpl.java | 55 ++ .../bku/slcommands/impl/AbstractInfoboxImpl.java | 26 + .../bku/slcommands/impl/AssocArrayInfobox.java | 27 + .../bku/slcommands/impl/BinaryFileInfobox.java | 27 + .../slcommands/impl/CertificatesInfoboxImpl.java | 112 ++++ .../impl/CreateXMLSignatureCommandImpl.java | 37 +- .../slcommands/impl/IdentityLinkInfoboxImpl.java | 291 +++++++++++ .../at/gv/egiz/bku/slcommands/impl/Infobox.java | 53 ++ .../egiz/bku/slcommands/impl/InfoboxFactory.java | 151 ++++++ .../slcommands/impl/InfoboxReadCommandImpl.java | 569 ++------------------- .../bku/slcommands/impl/InfoboxReadResultImpl.java | 3 +- .../slcommands/impl/InfoboxUpdateCommandImpl.java | 158 ++++++ .../slcommands/impl/InfoboxUpdateResultImpl.java | 43 ++ .../gv/egiz/bku/slcommands/impl/SLCommandImpl.java | 107 +--- .../at/gv/egiz/bku/slcommands/impl/STALHelper.java | 218 ++++++++ .../egiz/bku/slcommands/testApplicationContext.xml | 36 -- .../egiz/bku/slcommands/testApplicationContext.xml | 53 ++ 26 files changed, 1968 insertions(+), 717 deletions(-) create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/binding/LegacyDataUrlConnectionImpl.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateCommand.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateResult.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractAssocArrayInfobox.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AssocArrayInfobox.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/BinaryFileInfobox.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CertificatesInfoboxImpl.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/IdentityLinkInfoboxImpl.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/Infobox.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateCommandImpl.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateResultImpl.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java delete mode 100644 bkucommon/src/main/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml (limited to 'bkucommon/src/test/resources') diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml index 1d09aa7e..5ac12ece 100644 --- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -48,6 +48,40 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index 9c7194dd..321e1e98 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -45,6 +45,23 @@ + + + + + + + + + + + + diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java index d462ac60..531772cf 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java @@ -65,5 +65,6 @@ public class DataUrl { public static void setConfiguration(Properties props) { configuration = props; + defaultDataUrlConnection.setConfiguration(configuration); } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/LegacyDataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/LegacyDataUrlConnectionImpl.java new file mode 100644 index 00000000..5339d689 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/LegacyDataUrlConnectionImpl.java @@ -0,0 +1,230 @@ +package at.gv.egiz.bku.binding; + + +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.StringWriter; +import java.net.HttpURLConnection; +import java.net.SocketTimeoutException; +import java.net.URL; +import java.net.URLEncoder; +import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Set; + +import javax.net.ssl.HttpsURLConnection; +import javax.xml.transform.stream.StreamResult; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.SLResult; +import at.gv.egiz.bku.slcommands.SLResult.SLResultType; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.bku.utils.binding.Protocol; + +/** + * not thread-safe thus newInsance always returns a new object + * + */ +public class LegacyDataUrlConnectionImpl implements DataUrlConnectionSPI { + + private final static Log log = LogFactory.getLog(DataUrlConnectionImpl.class); + + public final static Protocol[] SUPPORTED_PROTOCOLS = { Protocol.HTTP, + Protocol.HTTPS }; + protected X509Certificate serverCertificate; + protected Protocol protocol; + protected URL url; + private HttpURLConnection connection; + protected Map requestHttpHeaders; + protected Map formParams; + protected String boundary; + protected Properties config = null; + + protected DataUrlResponse result; + + public String getProtocol() { + if (protocol == null) { + return null; + } + return protocol.toString(); + } + + /** + * opens a connection sets the headers gets the server certificate + * + * @throws java.net.SocketTimeoutException + * @throws java.io.IOException + * @pre url != null + * @pre httpHeaders != null + */ + public void connect() throws SocketTimeoutException, IOException { + connection = (HttpURLConnection) url.openConnection(); + connection.setDoOutput(true); + Set headers = requestHttpHeaders.keySet(); + Iterator headerIt = headers.iterator(); + while (headerIt.hasNext()) { + String name = headerIt.next(); + connection.setRequestProperty(name, requestHttpHeaders.get(name)); + } + log.trace("Connecting to: "+url); + connection.connect(); + if (connection instanceof HttpsURLConnection) { + HttpsURLConnection ssl = (HttpsURLConnection) connection; + X509Certificate[] certs = (X509Certificate[]) ssl.getServerCertificates(); + if ((certs != null) && (certs.length >= 1)) { + log.trace("Server certificate: "+certs[0]); + serverCertificate = certs[0]; + } + } + } + + public X509Certificate getServerCertificate() { + return serverCertificate; + } + + public void setHTTPHeader(String name, String value) { + if (name != null && value != null) { + requestHttpHeaders.put(name, value); + } + } + + public void setHTTPFormParameter(String name, InputStream data, + String contentType, String charSet, String transferEncoding) { + StringBuilder sb = new StringBuilder(); + try { + InputStreamReader reader = new InputStreamReader(data, (charSet != null) ? charSet : "UTF-8"); + char[] c = new char[512]; + for (int l; (l = reader.read(c)) != -1;) { + sb.append(c, 0, l); + } + } catch (IOException e) { + throw new SLRuntimeException("Failed to set HTTP form parameter.", e); + } + formParams.put(name, sb.toString()); + } + + /** + * send all formParameters + * + * @throws java.io.IOException + */ + public void transmit(SLResult slResult) throws IOException { + StringWriter writer = new StringWriter(); + slResult.writeTo(new StreamResult(writer)); + formParams.put( + (slResult.getResultType() == SLResultType.XML) + ? DataUrlConnection.FORMPARAM_XMLRESPONSE + : DataUrlConnection.FORMPARAM_BINARYRESPONSE, + writer.toString()); + + OutputStream os = connection.getOutputStream(); + OutputStreamWriter streamWriter = new OutputStreamWriter(os, HttpUtil.DEFAULT_CHARSET); + + log.trace("Sending data"); + Iterator keys = formParams.keySet().iterator(); + while(keys.hasNext()) { + String key = keys.next(); + streamWriter.write(URLEncoder.encode(key, "UTF-8")); + streamWriter.write("="); + streamWriter.write(URLEncoder.encode(formParams.get(key), "UTF-8")); + if (keys.hasNext()) { + streamWriter.write("&"); + } + } + streamWriter.flush(); + os.close(); + + // MultipartRequestEntity PostMethod + InputStream is = null; + try { + is = connection.getInputStream(); + } catch (IOException iox) { + log.info(iox); + } + log.trace("Reading response"); + result = new DataUrlResponse(url.toString(), connection.getResponseCode(), is); + Map responseHttpHeaders = new HashMap(); + Map> httpHeaders = connection.getHeaderFields(); + for (Iterator keyIt = httpHeaders.keySet().iterator(); keyIt + .hasNext();) { + String key = keyIt.next(); + StringBuffer value = new StringBuffer(); + for (String val : httpHeaders.get(key)) { + value.append(val); + value.append(HttpUtil.SEPERATOR[0]); + } + String valString = value.substring(0, value.length() - 1); + if ((key != null) && (value.length() > 0)) { + responseHttpHeaders.put(key, valString); + } + } + result.setResponseHttpHeaders(responseHttpHeaders); + } + + @Override + public DataUrlResponse getResponse() throws IOException { + return result; + } + + /** + * inits protocol, url, httpHeaders, formParams + * + * @param url + * must not be null + */ + @Override + public void init(URL url) { + + for (int i = 0; i < SUPPORTED_PROTOCOLS.length; i++) { + if (SUPPORTED_PROTOCOLS[i].toString().equalsIgnoreCase(url.getProtocol())) { + protocol = SUPPORTED_PROTOCOLS[i]; + break; + } + } + if (protocol == null) { + throw new SLRuntimeException("Protocol " + url.getProtocol() + + " not supported for data url"); + } + this.url = url; + requestHttpHeaders = new HashMap(); + if ((config != null) + && (config.getProperty(USER_AGENT_PROPERTY_KEY) != null)) { + requestHttpHeaders.put(HttpUtil.HTTP_HEADER_USER_AGENT, config + .getProperty(USER_AGENT_PROPERTY_KEY)); + } else { + requestHttpHeaders + .put(HttpUtil.HTTP_HEADER_USER_AGENT, DEFAULT_USERAGENT); + + } + requestHttpHeaders.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, + HttpUtil.APPLICATION_URL_ENCODED); + + formParams = new HashMap(); + } + + @Override + public DataUrlConnectionSPI newInstance() { + DataUrlConnectionSPI uc = new LegacyDataUrlConnectionImpl(); + uc.setConfiguration(config); + return uc; + } + + @Override + public URL getUrl() { + return url; + } + + @Override + public void setConfiguration(Properties config) { + this.config = config; + } +} \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 9ed99190..6078de36 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -187,28 +187,29 @@ public abstract class Configurator { } public void configureVersion() { - Properties p = new Properties(); - try { - InputStream is = getManifest(); - if (is != null) { - p.load(getManifest()); - String version = p.getProperty("Implementation-Build"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, - "citizen-card-environment/1.2 MOCCA " + version); - DataUrl.setConfiguration(properties); - log - .debug("Setting user agent to: " - + properties - .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); - } else { - log.warn("Cannot read manifest"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, - "citizen-card-environment/1.2 MOCCA UNKNOWN"); - DataUrl.setConfiguration(properties); + if (properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY) == null) { + Properties p = new Properties(); + try { + InputStream is = getManifest(); + if (is != null) { + p.load(getManifest()); + String version = p.getProperty("Implementation-Build"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA " + version); + log + .debug("Setting user agent to: " + + properties + .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + } else { + log.warn("Cannot read manifest"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA UNKNOWN"); + } + } catch (IOException e) { + log.error(e); } - } catch (IOException e) { - log.error(e); } + DataUrl.setConfiguration(properties); } public void configure() { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateCommand.java new file mode 100644 index 00000000..c2974785 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateCommand.java @@ -0,0 +1,23 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands; + +public interface InfoboxUpdateCommand extends SLCommand { + + public String getInfoboxIdentifier(); + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateResult.java new file mode 100644 index 00000000..d180facf --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxUpdateResult.java @@ -0,0 +1,21 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands; + +public interface InfoboxUpdateResult extends SLResult { + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractAssocArrayInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractAssocArrayInfobox.java new file mode 100644 index 00000000..e49ed6c0 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractAssocArrayInfobox.java @@ -0,0 +1,284 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.slcommands.impl; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.buergerkarte.namespaces.securitylayer._1.InfoboxAssocArrayPairType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadDataAssocArrayType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType; +import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory; +import at.buergerkarte.namespaces.securitylayer._1.XMLContentType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadKeys; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadPairs; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadValue; +import at.gv.egiz.bku.slcommands.InfoboxReadResult; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slexceptions.SLCommandException; + +/** + * An abstract base class for {@link Infobox} implementations of type associative array. + * + * @author mcentner + */ +public abstract class AbstractAssocArrayInfobox extends AbstractInfoboxImpl + implements AssocArrayInfobox { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(AbstractAssocArrayInfobox.class); + + /** + * The search string pattern. + */ + public static final String SEARCH_STRING_PATTERN = ".&&[^/](/.&&[^/])*"; + + /** + * @return the keys available in this infobox. + */ + public abstract String[] getKeys(); + + /** + * @return true if the values are XML entities, or false otherwise. + */ + public abstract boolean isValuesAreXMLEntities(); + + /** + * Returns a key to value mapping for the given keys. + * + * @param keys a list of keys + * @param cmdCtx the command context + * + * @return a key to value mapping for the given keys. + * + * @throws SLCommandException if obtaining the values fails + */ + public abstract Map getValues(List keys, SLCommandContext cmdCtx) throws SLCommandException; + + /** + * Returns all keys that match the given searchString. + * + * @param searchString the search string + * + * @return all keys that match the given searchString + * + * @throws SLCommandException if the given search string is invalid + */ + protected List selectKeys(String searchString) throws SLCommandException { + + if ("*".equals(searchString) || "**".equals(searchString)) { + return Arrays.asList(getKeys()); + } + + if (Pattern.matches(SEARCH_STRING_PATTERN, searchString)) { + +// for (int i = 0; i < searchString.length(); i++) { +// int codePoint = searchString.codePointAt(i); +// +// } + + // TODO : build pattern + return Collections.emptyList(); + } else { + log.info("Got invalid search string '" + searchString + "'"); + throw new SLCommandException(4010); + } + + } + + /** + * Read all keys specified by readKeys. + * + * @param readKeys + * the ReadKeys element + * @param cmdCtx + * the command context + * @return a corresponding InfoboxReadResult + * + * @throws SLCommandException + * if the ReadKeys element is invalid or obtaining the corresponding + * values fails + */ + protected InfoboxReadResult readKeys(ReadKeys readKeys, SLCommandContext cmdCtx) throws SLCommandException { + + List selectedKeys = selectKeys(readKeys.getSearchString()); + + if (readKeys.isUserMakesUnique() && selectedKeys.size() > 1) { + log.info("UserMakesUnique not supported"); + // TODO: give more specific error message + throw new SLCommandException(4010); + } + + ObjectFactory objectFactory = new ObjectFactory(); + + InfoboxReadDataAssocArrayType infoboxReadDataAssocArrayType = objectFactory + .createInfoboxReadDataAssocArrayType(); + + List keys = infoboxReadDataAssocArrayType.getKey(); + keys.addAll(selectedKeys); + + return new InfoboxReadResultImpl(infoboxReadDataAssocArrayType); + + } + + /** + * Read all pairs specified by readPairs. + * + * @param readPairs + * the readPairs element + * @param cmdCtx + * the command context + * @return a corresponding InfoboxReadResult + * + * @throws SLCommandException + * if the ReadPairs element is invalid or obtaining the corresponding + * values fails + */ + protected InfoboxReadResult readPairs(ReadPairs readPairs, SLCommandContext cmdCtx) throws SLCommandException { + + if (readPairs.isValuesAreXMLEntities() && !isValuesAreXMLEntities()) { + log.info("Got valuesAreXMLEntities=" + readPairs + " but infobox type is binary."); + throw new SLCommandException(4010); + } + + if (!readPairs.isValuesAreXMLEntities() && isValuesAreXMLEntities()) { + log.info("Got valuesAreXMLEntities=" + readPairs + " but infobox type is XML."); + throw new SLCommandException(4010); + } + + List selectedKeys = selectKeys(readPairs.getSearchString()); + + if (readPairs.isUserMakesUnique() && selectedKeys.size() > 1) { + log.info("UserMakesUnique not supported"); + // TODO: give more specific error message + throw new SLCommandException(4010); + } + + ObjectFactory objectFactory = new ObjectFactory(); + + InfoboxReadDataAssocArrayType infoboxReadDataAssocArrayType = objectFactory.createInfoboxReadDataAssocArrayType(); + + Map values = getValues(selectedKeys, cmdCtx); + for (String key : selectedKeys) { + InfoboxAssocArrayPairType infoboxAssocArrayPairType = objectFactory.createInfoboxAssocArrayPairType(); + infoboxAssocArrayPairType.setKey(key); + Object value = values.get(key); + if (value instanceof byte[]) { + infoboxAssocArrayPairType.setBase64Content((byte[]) value); + } else { + infoboxAssocArrayPairType.setXMLContent((XMLContentType) value); + } + infoboxReadDataAssocArrayType.getPair().add(infoboxAssocArrayPairType); + } + + return new InfoboxReadResultImpl(infoboxReadDataAssocArrayType); + } + + /** + * Read the value specified by readPairs. + * + * @param readValue + * the readValue element + * @param cmdCtx + * the command context + * @return a corresponding InfoboxReadResult + * + * @throws SLCommandException + * if the ReadValue element is invalid or obtaining the corresponding + * values fails + */ + protected InfoboxReadResult readValue(ReadValue readValue, SLCommandContext cmdCtx) throws SLCommandException { + + if (readValue.isValueIsXMLEntity() && !isValuesAreXMLEntities()) { + log.info("Got valuesAreXMLEntities=" + readValue + " but infobox type is binary."); + throw new SLCommandException(4010); + } + + if (!readValue.isValueIsXMLEntity() && isValuesAreXMLEntities()) { + log.info("Got valuesAreXMLEntities=" + readValue + " but infobox type is XML."); + throw new SLCommandException(4010); + } + + List selectedKeys; + + if (Arrays.asList(getKeys()).contains(readValue.getKey())) { + selectedKeys = Collections.singletonList(readValue.getKey()); + } else { + selectedKeys = Collections.emptyList(); + } + + ObjectFactory objectFactory = new ObjectFactory(); + + InfoboxReadDataAssocArrayType infoboxReadDataAssocArrayType = objectFactory.createInfoboxReadDataAssocArrayType(); + + Map values = getValues(selectedKeys, cmdCtx); + for (String key : selectedKeys) { + InfoboxAssocArrayPairType infoboxAssocArrayPairType = objectFactory.createInfoboxAssocArrayPairType(); + infoboxAssocArrayPairType.setKey(key); + Object value = values.get(key); + if (value instanceof byte[]) { + infoboxAssocArrayPairType.setBase64Content((byte[]) value); + } else { + infoboxAssocArrayPairType.setXMLContent((XMLContentType) value); + } + infoboxReadDataAssocArrayType.getPair().add(infoboxAssocArrayPairType); + } + + return new InfoboxReadResultImpl(infoboxReadDataAssocArrayType); + } + + @Override + public InfoboxReadResult read(InfoboxReadRequestType req, + SLCommandContext cmdCtx) throws SLCommandException { + + InfoboxReadParamsAssocArrayType assocArrayParameters = req + .getAssocArrayParameters(); + + if (assocArrayParameters == null) { + log.info("Infobox type is AssocArray but got no AssocArrayParameters."); + throw new SLCommandException(4010); + } + + if (assocArrayParameters.getReadKeys() != null) { + return readKeys(assocArrayParameters.getReadKeys(), cmdCtx); + } + + if (assocArrayParameters.getReadPairs() != null) { + return readPairs(assocArrayParameters.getReadPairs(), cmdCtx); + } + + // ReadValue + if (assocArrayParameters.getReadValue() != null) { + return readValue(assocArrayParameters.getReadValue(), cmdCtx); + } + + log + .info("Infobox type is AssocArray but got invalid AssocArrayParameters."); + throw new SLCommandException(4010); + + } + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java new file mode 100644 index 00000000..07ca639c --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java @@ -0,0 +1,68 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsBinaryFileType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType; + +/** + * An abstract base class for {@link Infobox} implementations of type binary file. + * + * @author mcentner + */ +public abstract class AbstractBinaryFileInfobox extends AbstractInfoboxImpl implements BinaryFileInfobox { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(AbstractBinaryFileInfobox.class); + + /** + * Is this infobox' content an XML entity? + */ + private boolean isXMLEntity = false; + + /** + * @return true if this infobox' content is an XML entity or false otherwise. + */ + public boolean isXMLEntity() { + return isXMLEntity; + } + + /** + * Sets the value returned by {@link #isXMLEntity()} according to the given + * request. + * + * @param request the InfoboxReadRequest + */ + public void setIsXMLEntity(InfoboxReadRequestType request) { + + InfoboxReadParamsBinaryFileType binaryFileParameters = request.getBinaryFileParameters(); + if (binaryFileParameters != null) { + isXMLEntity = binaryFileParameters.isContentIsXMLEntity(); + log.debug("Got ContentIsXMLEntity=" + isXMLEntity + "."); + } + + } + + + + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java new file mode 100644 index 00000000..305769a8 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java @@ -0,0 +1,55 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slexceptions.SLCommandException; + +/** + * An abstract base class for implementations of security layer infobox requests. + * + * @author mcentner + * + * @param + */ +public abstract class AbstractInfoboxCommandImpl extends SLCommandImpl { + + /** + * The infobox implementation. + */ + protected Infobox infobox; + + @Override + public void init(SLCommandContext ctx, Object request) + throws SLCommandException { + super.init(ctx, request); + + String infoboxIdentifier = getInfoboxIdentifier(getRequestValue()); + + infobox = InfoboxFactory.getInstance().createInfobox(infoboxIdentifier); + } + + /** + * Returns the infobox identifier given in request. + * + * @param request the request value + * + * @return the infobox identifier givne in request + */ + protected abstract String getInfoboxIdentifier(T request); + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java new file mode 100644 index 00000000..e5c7afcc --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java @@ -0,0 +1,26 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.slcommands.impl; + +/** + * An abstract base class for {@link Infobox} implementations. + * + * @author mcentner + */ +public abstract class AbstractInfoboxImpl implements Infobox { + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AssocArrayInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AssocArrayInfobox.java new file mode 100644 index 00000000..908d95da --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AssocArrayInfobox.java @@ -0,0 +1,27 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.slcommands.impl; + +/** + * An {@link Infobox} of type associative array as defined in Security Layer + * 1.2. + * + * @author mcentner + */ +public interface AssocArrayInfobox extends Infobox { + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/BinaryFileInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/BinaryFileInfobox.java new file mode 100644 index 00000000..c27f9446 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/BinaryFileInfobox.java @@ -0,0 +1,27 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +/** + * An {@link Infobox} of type binary file as defined in Security Layer + * 1.2. + * + * @author mcentner + */ +public interface BinaryFileInfobox extends Infobox { + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CertificatesInfoboxImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CertificatesInfoboxImpl.java new file mode 100644 index 00000000..0208f137 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CertificatesInfoboxImpl.java @@ -0,0 +1,112 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.stal.InfoboxReadRequest; +import at.gv.egiz.stal.STALRequest; + +/** + * An implementation of the {@link Infobox} Certificates as + * specified in Security Layer 1.2. + * + * @author mcentner + */ +public class CertificatesInfoboxImpl extends AbstractAssocArrayInfobox { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(CertificatesInfoboxImpl.class); + + /** + * The valid keys. + */ + public static final String[] CERTIFICATES_KEYS = new String[] { + "SecureSignatureKeypair", + "CertifiedKeypair" }; + + @Override + public String getIdentifier() { + return "Certificates"; + } + + @Override + public String[] getKeys() { + return CERTIFICATES_KEYS; + } + + @Override + public boolean isValuesAreXMLEntities() { + return false; + } + + @Override + public Map getValues(List certificates, SLCommandContext cmdCtx) throws SLCommandException { + + STALHelper stalHelper = new STALHelper(cmdCtx.getSTAL()); + + if (certificates != null && !certificates.isEmpty()) { + + List stalRequests = new ArrayList(); + + // get certificates + InfoboxReadRequest infoboxReadRequest; + for (int i = 0; i < certificates.size(); i++) { + infoboxReadRequest = new InfoboxReadRequest(); + infoboxReadRequest.setInfoboxIdentifier(certificates.get(i)); + stalRequests.add(infoboxReadRequest); + } + + stalHelper.transmitSTALRequest(stalRequests); + + List x509Certs = stalHelper.getCertificatesFromResponses(); + + Map values = new HashMap(); + + for (int i = 0; i < certificates.size(); i++) { + try { + values.put(certificates.get(i), x509Certs.get(i).getEncoded()); + } catch (CertificateEncodingException e) { + log.error("Failed to encode certificate.", e); + throw new SLCommandException(4000); + } + } + + return values; + + } else { + + return new HashMap(); + + } + + + } + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index b2e3b303..01686641 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -16,13 +16,11 @@ */ package at.gv.egiz.bku.slcommands.impl; -import java.io.ByteArrayInputStream; import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Date; +import java.util.List; import javax.xml.crypto.MarshalException; import javax.xml.crypto.URIReferenceException; @@ -48,11 +46,8 @@ import at.gv.egiz.bku.slexceptions.SLException; import at.gv.egiz.bku.slexceptions.SLRequestException; import at.gv.egiz.bku.slexceptions.SLViewerException; import at.gv.egiz.dom.DOMUtils; -import at.gv.egiz.stal.ErrorResponse; import at.gv.egiz.stal.InfoboxReadRequest; -import at.gv.egiz.stal.InfoboxReadResponse; import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; /** * This class implements the security layer command @@ -147,33 +142,13 @@ public class CreateXMLSignatureCommandImpl extends InfoboxReadRequest stalRequest = new InfoboxReadRequest(); stalRequest.setInfoboxIdentifier(keyboxIdentifier); - requestSTAL(Collections.singletonList((STALRequest) stalRequest)); - - STALResponse stalResponse = stalResponses.next(); - - if (stalResponse instanceof InfoboxReadResponse) { - byte[] infobox = ((InfoboxReadResponse) stalResponse).getInfoboxValue(); - - try { - CertificateFactory certFactory = CertificateFactory.getInstance("X509"); - signingCertificate = (X509Certificate) certFactory - .generateCertificate(new ByteArrayInputStream(infobox)); - } catch (CertificateException e) { - log.info("Failed to decode signing certificate.", e); - // TODO: issue appropriate error - throw new SLCommandException(4000); - } - - } else if (stalResponse instanceof ErrorResponse) { - ErrorResponse err = (ErrorResponse) stalResponse; - log.info("Received an error response from STAL with code: " - + err.getErrorCode()); - throw new SLCommandException(err.getErrorCode()); - - } else { - log.info("Failed to get signing certificate."); + stalHelper.transmitSTALRequest(Collections.singletonList((STALRequest) stalRequest)); + List certificates = stalHelper.getCertificatesFromResponses(); + if (certificates == null || certificates.size() != 1) { + log.info("Got an unexpected number of certificates from STAL."); throw new SLCommandException(4000); } + signingCertificate = certificates.get(0); } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/IdentityLinkInfoboxImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/IdentityLinkInfoboxImpl.java new file mode 100644 index 00000000..20d20c9d --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/IdentityLinkInfoboxImpl.java @@ -0,0 +1,291 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.net.MalformedURLException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Result; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMResult; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Node; + +import at.buergerkarte.namespaces.personenbindung._20020506_.CompressedIdentityLinkType; +import at.buergerkarte.namespaces.securitylayer._1.AnyChildrenType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType; +import at.gv.egiz.bku.slcommands.InfoboxReadResult; +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLExceptionMessages; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.idlink.CompressedIdentityLinkFactory; +import at.gv.egiz.idlink.IdentityLinkTransformer; +import at.gv.egiz.idlink.ans1.IdentityLink; +import at.gv.egiz.stal.InfoboxReadRequest; +import at.gv.egiz.stal.STALRequest; + +/** + * An implementation of the {@link Infobox} IdentityLink as + * specified in Security Layer 1.2 + * + * @author mcentner + */ +public class IdentityLinkInfoboxImpl extends AbstractBinaryFileInfobox { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(IdentityLinkInfoboxImpl.class); + + /** + * The box specific parameter IdentityLinkDomainIdentifier. + */ + public static final String BOX_SPECIFIC_PARAMETER_IDENTITY_LINK_DOMAIN_IDENTIFIER = "IdentityLinkDomainIdentifier"; + + /** + * The value of the box specific parameter IdentityLinkDomainIdentifier. + */ + private String domainIdentifier; + + @Override + public String getIdentifier() { + return "IdentityLink"; + } + + /** + * @return the value of the box specific parameter IdentityLinkDomainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + @Override + public InfoboxReadResult read(InfoboxReadRequestType req, SLCommandContext cmdCtx) throws SLCommandException { + + AnyChildrenType boxSpecificParameters = req.getBoxSpecificParameters(); + + if (boxSpecificParameters != null) { + // check BoxSpecificParameters + List parameter = boxSpecificParameters.getAny(); + JAXBElement element; + if (parameter != null + && parameter.size() == 1 + && parameter.get(0) instanceof JAXBElement + && SLCommand.NAMESPACE_URI.equals((element = (JAXBElement) parameter.get(0)).getName().getNamespaceURI()) + && BOX_SPECIFIC_PARAMETER_IDENTITY_LINK_DOMAIN_IDENTIFIER.equals(element.getName().getLocalPart()) + && element.getValue() instanceof String) { + domainIdentifier = (String) element.getValue(); + log.debug("Got sl:IdentityLinkDomainIdentifier: " + domainIdentifier); + } else { + log.info("Got invalid BoxSpecificParameters."); + throw new SLCommandException(4010); + } + } + + setIsXMLEntity(req); + + STALHelper stalHelper = new STALHelper(cmdCtx.getSTAL()); + + List stalRequests = new ArrayList(); + + InfoboxReadRequest infoboxReadRequest; + // get raw identity link + infoboxReadRequest = new InfoboxReadRequest(); + infoboxReadRequest.setInfoboxIdentifier(getIdentifier()); + infoboxReadRequest.setDomainIdentifier(domainIdentifier); + stalRequests.add(infoboxReadRequest); + + // get certificates + infoboxReadRequest = new InfoboxReadRequest(); + infoboxReadRequest.setInfoboxIdentifier("SecureSignatureKeypair"); + stalRequests.add(infoboxReadRequest); + infoboxReadRequest = new InfoboxReadRequest(); + infoboxReadRequest.setInfoboxIdentifier("CertifiedKeypair"); + stalRequests.add(infoboxReadRequest); + + stalHelper.transmitSTALRequest(stalRequests); + log.trace("Got STAL response"); + + IdentityLink identityLink = stalHelper.getIdentityLinkFromResponses(); + List certificates = stalHelper.getCertificatesFromResponses(); + + + CompressedIdentityLinkFactory idLinkFactory = CompressedIdentityLinkFactory.getInstance(); + JAXBElement compressedIdentityLink = idLinkFactory + .createCompressedIdentityLink(identityLink, certificates, getDomainIdentifier()); + + IdentityLinkTransformer identityLinkTransformer = IdentityLinkTransformer.getInstance(); + String issuerTemplate = identityLink.getIssuerTemplate(); + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + DocumentBuilder db; + try { + db = dbf.newDocumentBuilder(); + } catch (ParserConfigurationException e) { + log.error("Failed to create XML document.", e); + throw new SLRuntimeException(e); + } + + Document document = db.newDocument(); + try { + idLinkFactory.marshallCompressedIdentityLink(compressedIdentityLink, document, null, true); + } catch (JAXBException e) { + log.info("Failed to marshall CompressedIdentityLink.", e); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_INFOBOX_INVALID, + new Object[] { getIdentifier() }); + } + + InfoboxReadResultFileImpl result = new InfoboxReadResultFileImpl(); + ByteArrayOutputStream resultBytes = null; + Result xmlResult = (isXMLEntity() || getDomainIdentifier() != null) + ? result.getXmlResult(true) + : new StreamResult((resultBytes = new ByteArrayOutputStream())); + try { + log.trace("Trying to transform identitylink"); + identityLinkTransformer.transformIdLink(issuerTemplate, new DOMSource(document), xmlResult); + } catch (MalformedURLException e) { + log.warn("Malformed issuer template URL '" + issuerTemplate + "'."); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } catch (IOException e) { + log.warn("Failed to dereferene issuer template URL '" + issuerTemplate + "'." ,e); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } catch (TransformerConfigurationException e) { + log.warn("Failed to create transformation template from issuer template URL '" + issuerTemplate + "'", e); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } catch (TransformerException e) { + log.info("Faild to transform CompressedIdentityLink.", e); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } + + // TODO: Report BUG in IssuerTemplates + // Some IssuerTemplate stylesheets do not consider the pr:Type-Element of the CompressedIdentityLink ... + if (getDomainIdentifier() != null) { + if (xmlResult instanceof DOMResult) { + Node node = ((DOMResult) xmlResult).getNode(); + Node nextSibling = ((DOMResult) xmlResult).getNextSibling(); + Node idLinkNode; + if (nextSibling != null) { + idLinkNode = nextSibling.getPreviousSibling(); + } else if (node != null) { + idLinkNode = node.getFirstChild(); + } else { + log + .error("An IdentityLinkDomainIdentifier of '" + + getDomainIdentifier() + + "' has been given. However, it cannot be set, as the transformation result does not contain a node."); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } + IdentityLinkTransformer.setDomainIdentifier(idLinkNode, getDomainIdentifier()); + } else { + log + .error("An IdentityLinkDomainIdentifier of '" + + getDomainIdentifier() + + "' has been given. However, it cannot be set, as the transformation result is not of type DOM."); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } + } + + if (!isXMLEntity()) { + if (resultBytes == null) { + resultBytes = new ByteArrayOutputStream(); + + if (xmlResult instanceof DOMResult) { + Node node = ((DOMResult) xmlResult).getNode(); + Node nextSibling = ((DOMResult) xmlResult).getNextSibling(); + + DOMSource xmlSource; + if (nextSibling != null) { + xmlSource = new DOMSource(nextSibling.getPreviousSibling()); + } else if (node != null) { + xmlSource = new DOMSource(node.getFirstChild()); + } else { + log + .error("IssuerTemplate transformation returned no node."); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + try { + Transformer transformer = transformerFactory.newTransformer(); + transformer.transform(xmlSource, new StreamResult(resultBytes)); + } catch (TransformerConfigurationException e) { + log.error(e); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } catch (TransformerException e) { + log.error(e); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } + } else if (xmlResult instanceof StreamResult) { + OutputStream outputStream = ((StreamResult) xmlResult).getOutputStream(); + if (outputStream instanceof ByteArrayOutputStream) { + result.setResultBytes(((ByteArrayOutputStream) outputStream).toByteArray()); + } else { + log.error("ContentIsXMLEntity is set to 'false'. However, an XMLResult has already been set."); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, + new Object[] { issuerTemplate }); + } + } + } else { + result.setResultBytes(resultBytes.toByteArray()); + } + } + + return result; + + } + + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/Infobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/Infobox.java new file mode 100644 index 00000000..a6f8cbb2 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/Infobox.java @@ -0,0 +1,53 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.slcommands.impl; + +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType; +import at.gv.egiz.bku.slcommands.InfoboxReadResult; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slexceptions.SLCommandException; + +/** + * An implementation of this interface represents a infobox as defined in + * Security-Layer 1.2. + * + * @author mcentner + */ +public interface Infobox { + + /** + * @return the identifier of this infobox + */ + public String getIdentifier(); + + /** + * Read data from this infobox. + * + * @param request + * the InfoboxReadRequest + * @param cmdCtx + * the command context + * + * @return the data read from this infobox as InfoboxReadResult + * + * @throws SLCommandException + * if reading from this infobox fails + */ + public InfoboxReadResult read(InfoboxReadRequestType request, + SLCommandContext cmdCtx) throws SLCommandException; + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java new file mode 100644 index 00000000..4a03fe74 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java @@ -0,0 +1,151 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLExceptionMessages; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; + +/** + * A factory for creating {@link Infobox}es. + * + * @author mcentner + */ +public class InfoboxFactory { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(InfoboxFactory.class); + + /** + * The singleton instance of this InfoboxFactory. + */ + private static InfoboxFactory instance; + + /** + * @return an instance of this InfoboxFactory + */ + public synchronized static InfoboxFactory getInstance() { + if (instance == null) { + instance = new InfoboxFactory(); + } + return instance; + } + + /** + * The mapping of infobox identifier to implementation class. + */ + private HashMap> implementations; + + /** + * Private constructor. + */ + private InfoboxFactory() { + } + + /** + * Sets the mapping of infobox identifier to implementation class name. + * + * @param infoboxImplMap + * a mapping of infobox identifiers to implementation class names + * + * @throws ClassNotFoundException + * if implementation class is not an instance of {@link Infobox} + */ + @SuppressWarnings("unchecked") + public void setInfoboxImpl(Map infoboxImplMap) throws ClassNotFoundException { + HashMap> implMap = new HashMap>(); + ClassLoader cl = getClass().getClassLoader(); + for (String key : infoboxImplMap.keySet()) { + Class impl = (Class) cl.loadClass(infoboxImplMap.get(key)); + log.debug("Registering infobox '" + key + "' implementation '" + impl.getCanonicalName() + "'."); + implementations.put(key, impl); + } + implementations = implMap; + } + + /** + * Returns the configured implementation class for the given + * infoboxIdentifier. + * + * @param infoboxIdentifier + * the infobox identifier + * + * @return the implementation class for the given infobox identifier or + * null if there is no implementation class configured + */ + public Class getImplClass(String infoboxIdentifier) { + if (implementations != null) { + return implementations.get(infoboxIdentifier); + } else { + return null; + } + } + + /** + * Create a new {@link Infobox} instance for the given + * infoboxIdentifier. + * + * @param infoboxIdentifier + * the infobox identifier + * + * @return an {@link Infobox} implementation for the given infobox identifier + * + * @throws SLCommandException + * if there is no implementation for the given infobox identifier + * @throws SLRuntimeException + * if creating an {@link Infobox} instance fails + */ + public Infobox createInfobox(String infoboxIdentifier) throws SLCommandException, SLRuntimeException { + + Class implClass = getImplClass(infoboxIdentifier); + if (implClass == null) { + // infobox not supported + log.info("Unsupported infobox '" + infoboxIdentifier + "."); + throw new SLCommandException(4002, + SLExceptionMessages.EC4002_INFOBOX_UNKNOWN, + new Object[] { infoboxIdentifier }); + } + + // try to instantiate + Infobox infobox; + try { + infobox = implClass.newInstance(); + log.debug("Infobox '" + infobox.getIdentifier() + "' created."); + } catch (InstantiationException e) { + // unexpected error + log.error("Failed to instantiate infobox implementation.", e); + throw new SLRuntimeException(e); + } catch (IllegalAccessException e) { + // unexpected error + log.error("Failed to instantiate infobox implementation.", e); + throw new SLRuntimeException(e); + } + + return infobox; + + } + + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java index c7bb5205..aaa786a6 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java @@ -16,67 +16,14 @@ */ package at.gv.egiz.bku.slcommands.impl; -import iaik.asn1.CodingException; -import iaik.asn1.DerCoder; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.net.MalformedURLException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.regex.Pattern; - -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.Result; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.w3c.dom.Document; -import org.w3c.dom.Node; -import at.buergerkarte.namespaces.personenbindung._20020506_.CompressedIdentityLinkType; -import at.buergerkarte.namespaces.securitylayer._1.AnyChildrenType; -import at.buergerkarte.namespaces.securitylayer._1.InfoboxAssocArrayPairType; -import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadDataAssocArrayType; -import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType; -import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsBinaryFileType; import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType; -import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory; -import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadKeys; -import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadPairs; -import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadParamsAssocArrayType.ReadValue; import at.gv.egiz.bku.slcommands.InfoboxReadCommand; -import at.gv.egiz.bku.slcommands.SLCommand; import at.gv.egiz.bku.slcommands.SLCommandContext; import at.gv.egiz.bku.slcommands.SLResult; import at.gv.egiz.bku.slexceptions.SLCommandException; -import at.gv.egiz.bku.slexceptions.SLExceptionMessages; -import at.gv.egiz.bku.slexceptions.SLRuntimeException; -import at.gv.egiz.idlink.CompressedIdentityLinkFactory; -import at.gv.egiz.idlink.IdentityLinkTransformer; -import at.gv.egiz.idlink.ans1.IdentityLink; -import at.gv.egiz.stal.InfoboxReadRequest; -import at.gv.egiz.stal.InfoboxReadResponse; -import at.gv.egiz.stal.STALRequest; /** * This class implements the security layer command @@ -88,7 +35,7 @@ import at.gv.egiz.stal.STALRequest; * * @author mcentner */ -public class InfoboxReadCommandImpl extends SLCommandImpl implements +public class InfoboxReadCommandImpl extends AbstractInfoboxCommandImpl implements InfoboxReadCommand { /** @@ -96,511 +43,63 @@ public class InfoboxReadCommandImpl extends SLCommandImplInfoboxIdentifier - */ - protected String infoboxIdentifier; - - /** - * The IdentityLinkDomainIdentifier value of an IdentyLink infobox. - */ - protected String identityLinkDomainIdentifier; - - /** - * The list of certificates to be read from an Certificates infobox. - */ - protected List certificates; - - /** - * The result type. - */ - protected int assocArrayResult; - - /** - * Is content XML entity? - */ - protected boolean isXMLEntity; - @Override public String getName() { return "InfoboxReadRequest"; } - /** - * @return the infoboxIdentifier - */ - public String getInfoboxIdentifier() { - return infoboxIdentifier; - } - + @Override + protected String getInfoboxIdentifier(InfoboxReadRequestType request) { + return request.getInfoboxIdentifier(); + } + @Override public void init(SLCommandContext ctx, Object request) throws SLCommandException { super.init(ctx, request); InfoboxReadRequestType req = getRequestValue(); - - infoboxIdentifier = req.getInfoboxIdentifier(); - - if (INFOBOX_IDENTIFIER_IDENTITY_LINK.equals(infoboxIdentifier)) { - - if (req.getAssocArrayParameters() != null) { - log.info("Got AssocArrayParameters but Infobox type is BinaryFile."); - throw new SLCommandException(4010); - } - - InfoboxReadParamsBinaryFileType binaryFileParameters = req.getBinaryFileParameters(); - if (binaryFileParameters != null) { - isXMLEntity = binaryFileParameters.isContentIsXMLEntity(); - log.debug("Got ContentIsXMLEntity=" + isXMLEntity + "."); - } - - AnyChildrenType boxSpecificParameters = req.getBoxSpecificParameters(); - - if (boxSpecificParameters != null) { - // check BoxSpecificParameters - List parameter = boxSpecificParameters.getAny(); - JAXBElement element; - if (parameter != null - && parameter.size() == 1 - && parameter.get(0) instanceof JAXBElement - && SLCommand.NAMESPACE_URI.equals((element = (JAXBElement) parameter.get(0)).getName().getNamespaceURI()) - && BOX_SPECIFIC_PARAMETER_IDENTITY_LINK_DOMAIN_IDENTIFIER.equals(element.getName().getLocalPart()) - && element.getValue() instanceof String) { - identityLinkDomainIdentifier = (String) element.getValue(); - log.debug("Got sl:IdentityLinkDomainIdentifier: " + identityLinkDomainIdentifier); - } else { - log.info("Got invalid BoxSpecificParameters."); - throw new SLCommandException(4010); - } - } - } else if (INFOBOX_IDENTIFIER_CERTIFICATES.equals(infoboxIdentifier)) { - - if (req.getBinaryFileParameters() != null) { - log.info("Got BinaryFileParameters but Infobox type is AssocArray."); - throw new SLCommandException(4010); - } - - if (req.getBoxSpecificParameters() != null) { - log.info("Got invalid BoxSpecificParameters."); - throw new SLCommandException(4010); - } - - InfoboxReadParamsAssocArrayType assocArrayParameters = req - .getAssocArrayParameters(); - if (assocArrayParameters == null) { - log.info("Infobox type is AssocArray but got no AssocArrayParameters."); - throw new SLCommandException(4010); - } - - // RreadKeys? - if (assocArrayParameters.getReadKeys() != null) { - assocArrayResult = ASSOC_ARRAY_READ_KEYS; - ReadKeys readKeys = assocArrayParameters.getReadKeys(); - certificates = findCertificates(readKeys.getSearchString()); - if (readKeys.isUserMakesUnique() && certificates.size() > 1) { - log.info("UserMakesUnique not supported"); - // TODO: give more specific error message - throw new SLCommandException(4010); - } - } - - // ReadPairs? - if (assocArrayParameters.getReadPairs() != null) { - assocArrayResult = ASSOC_ARRAY_READ_PAIRS; - ReadPairs readPairs = assocArrayParameters.getReadPairs(); - if (readPairs.isValuesAreXMLEntities()) { - log.info("Got valuesAreXMLEntities but infobox type is binary."); - throw new SLCommandException(4010); - } - certificates = findCertificates(readPairs.getSearchString()); - if (readPairs.isUserMakesUnique() && certificates.size() > 1) { - log.info("UserMakesUnique not supported"); - // TODO: give more specific error message - throw new SLCommandException(4010); - } - } - - // ReadValue - if (assocArrayParameters.getReadValue() != null) { - assocArrayResult = ASSOC_ARRAY_READ_VALUE; - ReadValue readValue = assocArrayParameters.getReadValue(); - if (readValue.isValueIsXMLEntity()) { - log.info("Got valuesAreXMLEntities but infobox type is binary."); - throw new SLCommandException(4010); - } - String key = readValue.getKey(); - if (Arrays.asList(INFOXBOX_CERTIFICATES_KEYS).contains(key)) { - certificates = Collections.singletonList(key); - } else { - certificates = Collections.emptyList(); - } - } - - if (assocArrayResult == 0) { - log.info("Infobox type is AssocArray but got invalid AssocArrayParameters."); - throw new SLCommandException(4010); - } - - } else { - throw new SLCommandException(4002, - SLExceptionMessages.EC4002_INFOBOX_UNKNOWN, - new Object[] { infoboxIdentifier }); - } + if (req.getAssocArrayParameters() != null && + !(infobox instanceof AssocArrayInfobox)) { + log.info("Got AssocArrayParameters but Infobox type is not AssocArray."); + throw new SLCommandException(4010); + } + + if (req.getBinaryFileParameters() != null && + !(infobox instanceof BinaryFileInfobox)) { + log.info("Got BinaryFileParameters but Infobox type is not BinaryFile."); + throw new SLCommandException(4010); + } } @Override public SLResult execute() { - try { - if (INFOBOX_IDENTIFIER_IDENTITY_LINK.equals(infoboxIdentifier)) { - return readIdentityLink(); - } else if (INFOBOX_IDENTIFIER_CERTIFICATES.equals(infoboxIdentifier)) { - return readCertificates(); - } else { - throw new SLCommandException(4000); - } - } catch (SLCommandException e) { - return new ErrorResultImpl(e, cmdCtx.getLocale()); - } - } - - /** - * Gets the IdentitiyLink form the next STAL response. - * - * @return the IdentityLink - * - * @throws SLCommandException if getting the IdentitiyLink fails - */ - private IdentityLink getIdentityLinkFromResponses() throws SLCommandException { - - // IdentityLink - InfoboxReadResponse response; - if (hasNextResponse()) { - response = (InfoboxReadResponse) nextResponse(InfoboxReadResponse.class); - byte[] idLink = response.getInfoboxValue(); - try { - return new IdentityLink(DerCoder.decode(idLink)); - } catch (CodingException e) { - log.info("Failed to decode infobox '" + INFOBOX_IDENTIFIER_IDENTITY_LINK + "'.", e); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_INFOBOX_INVALID, - new Object[] { INFOBOX_IDENTIFIER_IDENTITY_LINK }); - } - } else { - log.info("No infobox '" + INFOBOX_IDENTIFIER_IDENTITY_LINK + "' returned from STAL."); - throw new SLCommandException(4000); - } - - } - - /** - * Gets the list of certificates from the next STAL responses. - * - * @return the list of certificates - * - * @throws SLCommandException if getting the list of certificates fails - */ - private List getCertificatesFromResponses() throws SLCommandException { - - List certificates = new ArrayList(); - - CertificateFactory certFactory; - try { - certFactory = CertificateFactory.getInstance("X509"); - } catch (CertificateException e) { - // we should always be able to get an X509 certificate factory - log.error("CertificateFactory.getInstance(\"X509\") failed.", e); - throw new SLRuntimeException(e); - } - - InfoboxReadResponse response; - while(hasNextResponse()) { - response = (InfoboxReadResponse) nextResponse(InfoboxReadResponse.class); - byte[] cert = response.getInfoboxValue(); - try { - certificates.add((X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(cert))); - } catch (CertificateException e) { - log.info("Failed to decode certificate.", e); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_INFOBOX_INVALID, - new Object[] { INFOBOX_IDENTIFIER_CERTIFICATES }); - } - } - - return certificates; - - } - - /** - * Uses STAL to read the IdentityLink. - * - * @return the corresponding security layer result - * - * @throws SLCommandException if reading the IdentityLink fails - */ - private SLResult readIdentityLink() throws SLCommandException { - - List stalRequests = new ArrayList(); - - InfoboxReadRequest infoboxReadRequest; - // get raw identity link - infoboxReadRequest = new InfoboxReadRequest(); - infoboxReadRequest.setInfoboxIdentifier(INFOBOX_IDENTIFIER_IDENTITY_LINK); - infoboxReadRequest.setDomainIdentifier(identityLinkDomainIdentifier); - stalRequests.add(infoboxReadRequest); - - // get certificates - infoboxReadRequest = new InfoboxReadRequest(); - infoboxReadRequest.setInfoboxIdentifier("SecureSignatureKeypair"); - stalRequests.add(infoboxReadRequest); - infoboxReadRequest = new InfoboxReadRequest(); - infoboxReadRequest.setInfoboxIdentifier("CertifiedKeypair"); - stalRequests.add(infoboxReadRequest); - - requestSTAL(stalRequests); - log.trace("Got STAL response"); - - IdentityLink identityLink = getIdentityLinkFromResponses(); - List certificates = getCertificatesFromResponses(); - - - CompressedIdentityLinkFactory idLinkFactory = CompressedIdentityLinkFactory.getInstance(); - JAXBElement compressedIdentityLink = idLinkFactory - .createCompressedIdentityLink(identityLink, certificates, identityLinkDomainIdentifier); - - IdentityLinkTransformer identityLinkTransformer = IdentityLinkTransformer.getInstance(); - String issuerTemplate = identityLink.getIssuerTemplate(); - - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - DocumentBuilder db; - try { - db = dbf.newDocumentBuilder(); - } catch (ParserConfigurationException e) { - log.error("Failed to create XML document.", e); - throw new SLRuntimeException(e); - } - - Document document = db.newDocument(); - try { - idLinkFactory.marshallCompressedIdentityLink(compressedIdentityLink, document, null, true); - } catch (JAXBException e) { - log.info("Failed to marshall CompressedIdentityLink.", e); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_INFOBOX_INVALID, - new Object[] { INFOBOX_IDENTIFIER_IDENTITY_LINK }); - } - - InfoboxReadResultFileImpl result = new InfoboxReadResultFileImpl(); - ByteArrayOutputStream resultBytes = null; - Result xmlResult = (isXMLEntity || identityLinkDomainIdentifier != null) - ? result.getXmlResult(true) - : new StreamResult((resultBytes = new ByteArrayOutputStream())); + try { - log.trace("Trying to transform identitylink"); - identityLinkTransformer.transformIdLink(issuerTemplate, new DOMSource(document), xmlResult); - } catch (MalformedURLException e) { - log.warn("Malformed issuer template URL '" + issuerTemplate + "'."); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } catch (IOException e) { - log.warn("Failed to dereferene issuer template URL '" + issuerTemplate + "'." ,e); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } catch (TransformerConfigurationException e) { - log.warn("Failed to create transformation template from issuer template URL '" + issuerTemplate + "'", e); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } catch (TransformerException e) { - log.info("Faild to transform CompressedIdentityLink.", e); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } - - // TODO: Report BUG in IssuerTemplates - // Some IssuerTemplate stylesheets do not consider the pr:Type-Element of the CompressedIdentityLink ... - if (identityLinkDomainIdentifier != null) { - if (xmlResult instanceof DOMResult) { - Node node = ((DOMResult) xmlResult).getNode(); - Node nextSibling = ((DOMResult) xmlResult).getNextSibling(); - Node idLinkNode; - if (nextSibling != null) { - idLinkNode = nextSibling.getPreviousSibling(); - } else if (node != null) { - idLinkNode = node.getFirstChild(); - } else { - log - .error("An IdentityLinkDomainIdentifier of '" - + identityLinkDomainIdentifier - + "' has been given. However, it cannot be set, as the transformation result does not contain a node."); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } - IdentityLinkTransformer.setDomainIdentifier(idLinkNode, identityLinkDomainIdentifier); - } else { - log - .error("An IdentityLinkDomainIdentifier of '" - + identityLinkDomainIdentifier - + "' has been given. However, it cannot be set, as the transformation result is not of type DOM."); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } - } - - if (!isXMLEntity) { - if (resultBytes == null) { - resultBytes = new ByteArrayOutputStream(); - - if (xmlResult instanceof DOMResult) { - Node node = ((DOMResult) xmlResult).getNode(); - Node nextSibling = ((DOMResult) xmlResult).getNextSibling(); - - DOMSource xmlSource; - if (nextSibling != null) { - xmlSource = new DOMSource(nextSibling.getPreviousSibling()); - } else if (node != null) { - xmlSource = new DOMSource(node.getFirstChild()); - } else { - log - .error("IssuerTemplate transformation returned no node."); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } - TransformerFactory transformerFactory = TransformerFactory.newInstance(); - try { - Transformer transformer = transformerFactory.newTransformer(); - transformer.transform(xmlSource, new StreamResult(resultBytes)); - } catch (TransformerConfigurationException e) { - log.error(e); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } catch (TransformerException e) { - log.error(e); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } - } else if (xmlResult instanceof StreamResult) { - OutputStream outputStream = ((StreamResult) xmlResult).getOutputStream(); - if (outputStream instanceof ByteArrayOutputStream) { - result.setResultBytes(((ByteArrayOutputStream) outputStream).toByteArray()); - } else { - log.error("ContentIsXMLEntity is set to 'false'. However, an XMLResult has already been set."); - throw new SLCommandException(4000, - SLExceptionMessages.EC4000_UNCLASSIFIED_IDLINK_TRANSFORMATION_FAILED, - new Object[] { issuerTemplate }); - } - } - } else { - result.setResultBytes(resultBytes.toByteArray()); - } - } - - - return result; - - } - - protected List findCertificates(String searchString) throws SLCommandException { - - if ("*".equals(searchString) || "**".equals(searchString)) { - return Arrays.asList(INFOXBOX_CERTIFICATES_KEYS); + return infobox.read(getRequestValue(), getCmdCtx()); + } catch (SLCommandException e) { + return new ErrorResultImpl(e, getCmdCtx().getLocale()); } - if (Pattern.matches(SEARCH_STRING_PATTERN, searchString)) { - -// for (int i = 0; i < searchString.length(); i++) { -// int codePoint = searchString.codePointAt(i); -// -// } - - // TODO : build pattern - return Collections.emptyList(); + } + + + @Override + public String getIdentityLinkDomainId() { + if (infobox instanceof IdentityLinkInfoboxImpl) { + return ((IdentityLinkInfoboxImpl) infobox).getDomainIdentifier(); } else { - log.info("Got invalid search string '" + searchString + "'"); - throw new SLCommandException(4010); + return null; } - } - private SLResult readCertificates() throws SLCommandException { - - ObjectFactory objectFactory = new ObjectFactory(); - - InfoboxReadDataAssocArrayType infoboxReadDataAssocArrayType = objectFactory - .createInfoboxReadDataAssocArrayType(); - - if (assocArrayResult == ASSOC_ARRAY_READ_KEYS) { - - List keys = infoboxReadDataAssocArrayType.getKey(); - keys.addAll(certificates); - + @Override + public String getInfoboxIdentifier() { + if (infobox != null) { + return infobox.getIdentifier(); } else { - - if (certificates != null && !certificates.isEmpty()) { - - List stalRequests = new ArrayList(); - - // get certificates - InfoboxReadRequest infoboxReadRequest; - for (int i = 0; i < certificates.size(); i++) { - infoboxReadRequest = new InfoboxReadRequest(); - infoboxReadRequest.setInfoboxIdentifier(certificates.get(i)); - stalRequests.add(infoboxReadRequest); - } - - requestSTAL(stalRequests); - - List x509Certs = getCertificatesFromResponses(); - - for (int i = 0; i < certificates.size(); i++) { - InfoboxAssocArrayPairType infoboxAssocArrayPairType = objectFactory.createInfoboxAssocArrayPairType(); - infoboxAssocArrayPairType.setKey(certificates.get(i)); - try { - infoboxAssocArrayPairType.setBase64Content(x509Certs.get(i).getEncoded()); - } catch (CertificateEncodingException e) { - log.error("Failed to encode certificate.", e); - throw new SLCommandException(4000); - } - infoboxReadDataAssocArrayType.getPair().add(infoboxAssocArrayPairType); - } - - } - + return null; } - - return new InfoboxReadResultImpl(infoboxReadDataAssocArrayType); - - } - - @Override - public String getIdentityLinkDomainId() { - return identityLinkDomainIdentifier; } } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java index 8904eac6..a2b8ac9f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadResultImpl.java @@ -23,8 +23,9 @@ import javax.xml.transform.Templates; import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadDataAssocArrayType; import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadResponseType; import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory; +import at.gv.egiz.bku.slcommands.InfoboxReadResult; -public class InfoboxReadResultImpl extends SLResultImpl { +public class InfoboxReadResultImpl extends SLResultImpl implements InfoboxReadResult { /** * The InfoboxReadResponse diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateCommandImpl.java new file mode 100644 index 00000000..6d281686 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateCommandImpl.java @@ -0,0 +1,158 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.buergerkarte.namespaces.cardchannel.CommandAPDUType; +import at.buergerkarte.namespaces.cardchannel.ResetType; +import at.buergerkarte.namespaces.cardchannel.ScriptType; +import at.buergerkarte.namespaces.cardchannel.VerifyAPDUType; +import at.buergerkarte.namespaces.securitylayer._1.Base64XMLContentType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxUpdateRequestType; +import at.gv.egiz.bku.slcommands.InfoboxUpdateCommand; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slcommands.SLResult; +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLExceptionMessages; + +public class InfoboxUpdateCommandImpl extends + SLCommandImpl implements InfoboxUpdateCommand { + + private static Log log = LogFactory.getLog(InfoboxUpdateCommandImpl.class); + + public static final String INFOBOX_IDENTIFIER_CARD_CHANNEL = "CardChannel"; + + protected String infoboxIdentifier; + + protected List cardChannelScript; + + @Override + public String getInfoboxIdentifier() { + return infoboxIdentifier; + } + + @Override + public void init(SLCommandContext ctx, Object request) + throws SLCommandException { + super.init(ctx, request); + + InfoboxUpdateRequestType req = getRequestValue(); + + infoboxIdentifier = req.getInfoboxIdentifier(); + + if (INFOBOX_IDENTIFIER_CARD_CHANNEL.equals(infoboxIdentifier)) { + + if (req.getAssocArrayParameters() != null) { + log.info("Got AssocArrayParameters but Infobox type is BinaryFile."); + throw new SLCommandException(4010); + } + + Base64XMLContentType binaryFileParameters = req.getBinaryFileParameters(); + if (binaryFileParameters == null) { + log.info("Got no BinaryFileParameters but Infobox type is BinaryFile."); + throw new SLCommandException(4010); + } + + if (binaryFileParameters.getBase64Content() == null) { + log.info("Got Base64Content but ContentIsXMLEntity is true."); + throw new SLCommandException(4010); + } + + List content = binaryFileParameters.getXMLContent().getContent(); + if (content.isEmpty()) { + log.info("Got no XMLContent but ContentIsXMLEntity is true."); + throw new SLCommandException(4010); + } + + for (Object element : content) { + if (!(element instanceof ScriptType)) { + log.info("Infobox identifier is '" + infoboxIdentifier + "' but XMLContent does not contain 'Script'."); + throw new SLCommandException(4010); + } + + setCardChannelScript(((ScriptType) element).getResetOrCommandAPDUOrVerifyAPDU()); + } + + if (getCardChannelScript() == null) { + log.info("Infobox identifier is '" + infoboxIdentifier + "' but XMLContent does not contain 'Script'."); + throw new SLCommandException(4010); + } + + } else { + throw new SLCommandException(4002, + SLExceptionMessages.EC4002_INFOBOX_UNKNOWN, + new Object[] { infoboxIdentifier }); + } + + } + + public List getCardChannelScript() { + return cardChannelScript; + } + + public void setCardChannelScript(List cardChannelScript) { + this.cardChannelScript = cardChannelScript; + } + + @Override + public SLResult execute() { + + try { + if (INFOBOX_IDENTIFIER_CARD_CHANNEL.equals(getInfoboxIdentifier())) { + + executeCardChannelScript(); + return new InfoboxUpdateResultImpl(); + + } else { + throw new SLCommandException(4002, + SLExceptionMessages.EC4002_INFOBOX_UNKNOWN, + new Object[] { infoboxIdentifier }); + } + } catch (SLCommandException e) { + return new ErrorResultImpl(e, cmdCtx.getLocale()); + } + + } + + protected void executeCardChannelScript() throws SLCommandException { + + if (cardChannelScript != null) { + + for (Object element : cardChannelScript) { + if (element instanceof ResetType) { + + } else if (element instanceof CommandAPDUType) { + + } else if (element instanceof VerifyAPDUType) { + + } + } + + } + + } + + @Override + public String getName() { + return "InfoboxUpdateRequest"; + } + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateResultImpl.java new file mode 100644 index 00000000..15064756 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxUpdateResultImpl.java @@ -0,0 +1,43 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import javax.xml.bind.JAXBElement; +import javax.xml.transform.Result; +import javax.xml.transform.Templates; + +import at.buergerkarte.namespaces.securitylayer._1.InfoboxUpdateResponseType; +import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory; +import at.gv.egiz.bku.slcommands.InfoboxUpdateResult; + +public class InfoboxUpdateResultImpl extends SLResultImpl implements + InfoboxUpdateResult { + + protected static JAXBElement RESPONSE; + + static { + ObjectFactory factory = new ObjectFactory(); + InfoboxUpdateResponseType type = factory.createInfoboxUpdateResponseType(); + RESPONSE = factory.createInfoboxUpdateResponse(type); + } + + @Override + public void writeTo(Result result, Templates templates) { + writeTo(RESPONSE, result, templates); + } + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLCommandImpl.java index 9a3a2984..ed055b69 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLCommandImpl.java @@ -16,22 +16,11 @@ */ package at.gv.egiz.bku.slcommands.impl; -import java.util.Iterator; -import java.util.List; -import java.util.NoSuchElementException; - -import javax.xml.bind.JAXBElement; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.SLCommand; -import at.gv.egiz.bku.slcommands.SLCommandContext; -import at.gv.egiz.bku.slexceptions.SLCommandException; -import at.gv.egiz.stal.ErrorResponse; -import at.gv.egiz.stal.STAL; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; +import javax.xml.bind.JAXBElement; + +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slexceptions.SLCommandException; /** * This class serves as abstract base class for the implementation of a security @@ -47,19 +36,18 @@ public abstract class SLCommandImpl implements SLCommand { /** * The SLCommandContext for this SLCommand. */ - protected SLCommandContext cmdCtx; + protected SLCommandContext cmdCtx; + + /** + * The STAL helper. + */ + protected STALHelper stalHelper; /** * The request element of this command. */ protected JAXBElement request; - /** - * An iterator over the STALResponses received in - * {@link SLCommandImpl#requestSTAL(List)}. - */ - protected Iterator stalResponses; - @SuppressWarnings("unchecked") @Override public void init(SLCommandContext ctx, Object request) @@ -67,8 +55,8 @@ public abstract class SLCommandImpl implements SLCommand { this.request = (JAXBElement) request; - this.cmdCtx = ctx; - assert this.cmdCtx != null; + this.cmdCtx = ctx; + stalHelper = new STALHelper(cmdCtx.getSTAL()); } @@ -90,73 +78,4 @@ public abstract class SLCommandImpl implements SLCommand { protected SLCommandContext getCmdCtx() { return cmdCtx; } - - /** - * Calls {@link STAL#handleRequest(List)} with the given - * stalRequests. - * - * @param stalRequests - * @throws SLCommandException - */ - protected void requestSTAL(List stalRequests) throws SLCommandException { - List responses = cmdCtx.getSTAL().handleRequest(stalRequests); - if (responses == null) { - Log log = LogFactory.getLog(this.getClass()); - log.info("Received no responses from STAL."); - throw new SLCommandException(4000); - } else if (responses.size() != stalRequests.size()) { - Log log = LogFactory.getLog(this.getClass()); - log.info("Received invalid count of responses from STAL. Expected " - + stalRequests.size() + ", but got " + responses.size() + "."); - // throw new SLCommandException(4000); - } - stalResponses = responses.iterator(); - } - - /** - * @return true if there are more {@link STALResponse}s to be - * fetched with {@link #nextResponse(Class)}, or false - * otherwise. - */ - protected boolean hasNextResponse() { - return (stalResponses != null) ? stalResponses.hasNext() : false; - } - - /** - * Returns the next response of type responseClass that has been - * received by {@link #requestSTAL(List)}. - * - * @param responseClass - * the response must be an instance of - * @return the next response of type responseClass - * - * @throws NoSuchElementException - * if there is no more response - * @throws SLCommandException - * if the next response is of type {@link ErrorResponse} or not of - * type responseClass - */ - protected STALResponse nextResponse( - Class responseClass) throws SLCommandException { - - if (stalResponses == null) { - throw new NoSuchElementException(); - } - - STALResponse response = stalResponses.next(); - - if (response instanceof ErrorResponse) { - throw new SLCommandException(((ErrorResponse) response).getErrorCode()); - } - - if (!(responseClass.isAssignableFrom(response.getClass()))) { - Log log = LogFactory.getLog(this.getClass()); - log.info("Received " + response.getClass() + " from STAL but expected " - + responseClass); - throw new SLCommandException(4000); - } - - return response; - - } } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java new file mode 100644 index 00000000..969288c1 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/STALHelper.java @@ -0,0 +1,218 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import iaik.asn1.CodingException; +import iaik.asn1.DerCoder; + +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.NoSuchElementException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLExceptionMessages; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.idlink.ans1.IdentityLink; +import at.gv.egiz.stal.ErrorResponse; +import at.gv.egiz.stal.InfoboxReadResponse; +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; + +/** + * A helper class for transmitting {@link STALRequest}s and obtaining their + * respective {@link STALResponse}s. + * + * @author mcentner + */ +public class STALHelper { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(STALHelper.class); + + /** + * The STAL implementation. + */ + private STAL stal; + + /** + * An iterator over the STALResponses received in + * {@link SLCommandImpl#transmitSTALRequest(List)}. + */ + protected Iterator stalResponses; + + /** + * Creates a new instance of this STALHelper with the given + * stal. + * + * @param stal the STAL to be used + */ + public STALHelper(STAL stal) { + if (stal == null) { + throw new NullPointerException("Argument 'stal' must not be null."); + } + this.stal = stal; + } + + /** + * Calls {@link STAL#handleRequest(List)} with the given + * stalRequests. + * + * @param stalRequests + * @throws SLCommandException + */ + public void transmitSTALRequest(List stalRequests) throws SLCommandException { + List responses = stal.handleRequest(stalRequests); + if (responses == null) { + Log log = LogFactory.getLog(this.getClass()); + log.info("Received no responses from STAL."); + throw new SLCommandException(4000); + } else if (responses.size() != stalRequests.size()) { + Log log = LogFactory.getLog(this.getClass()); + log.info("Received invalid count of responses from STAL. Expected " + + stalRequests.size() + ", but got " + responses.size() + "."); + // throw new SLCommandException(4000); + } + stalResponses = responses.iterator(); + } + + /** + * @return true if there are more {@link STALResponse}s to be + * fetched with {@link #nextResponse(Class)}, or false + * otherwise. + */ + public boolean hasNextResponse() { + return (stalResponses != null) ? stalResponses.hasNext() : false; + } + + /** + * Returns the next response of type responseClass that has been + * received by {@link #transmitSTALRequest(List)}. + * + * @param responseClass + * the response must be an instance of + * @return the next response of type responseClass + * + * @throws NoSuchElementException + * if there is no more response + * @throws SLCommandException + * if the next response is of type {@link ErrorResponse} or not of + * type responseClass + */ + public STALResponse nextResponse( + Class responseClass) throws SLCommandException { + + if (stalResponses == null) { + throw new NoSuchElementException(); + } + + STALResponse response = stalResponses.next(); + + if (response instanceof ErrorResponse) { + throw new SLCommandException(((ErrorResponse) response).getErrorCode()); + } + + if (!(responseClass.isAssignableFrom(response.getClass()))) { + Log log = LogFactory.getLog(this.getClass()); + log.info("Received " + response.getClass() + " from STAL but expected " + + responseClass); + throw new SLCommandException(4000); + } + + return response; + + } + + /** + * Gets the list of certificates from the next STAL responses. + * + * @return the list of certificates + * + * @throws SLCommandException if getting the list of certificates fails + */ + public List getCertificatesFromResponses() throws SLCommandException { + + List certificates = new ArrayList(); + + CertificateFactory certFactory; + try { + certFactory = CertificateFactory.getInstance("X509"); + } catch (CertificateException e) { + // we should always be able to get an X509 certificate factory + log.error("CertificateFactory.getInstance(\"X509\") failed.", e); + throw new SLRuntimeException(e); + } + + InfoboxReadResponse response; + while(hasNextResponse()) { + response = (InfoboxReadResponse) nextResponse(InfoboxReadResponse.class); + byte[] cert = response.getInfoboxValue(); + try { + certificates.add((X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(cert))); + } catch (CertificateException e) { + log.info("Failed to decode certificate.", e); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_INFOBOX_INVALID, + new Object[] { "Certificates" }); + } + } + + return certificates; + + } + + /** + * Gets the IdentitiyLink form the next STAL response. + * + * @return the IdentityLink + * + * @throws SLCommandException if getting the IdentitiyLink fails + */ + public IdentityLink getIdentityLinkFromResponses() throws SLCommandException { + + // IdentityLink + InfoboxReadResponse response; + if (hasNextResponse()) { + response = (InfoboxReadResponse) nextResponse(InfoboxReadResponse.class); + byte[] idLink = response.getInfoboxValue(); + try { + return new IdentityLink(DerCoder.decode(idLink)); + } catch (CodingException e) { + log.info("Failed to decode infobox 'IdentityLink'.", e); + throw new SLCommandException(4000, + SLExceptionMessages.EC4000_UNCLASSIFIED_INFOBOX_INVALID, + new Object[] { "IdentityLink" }); + } + } else { + log.info("No infobox 'IdentityLink' returned from STAL."); + throw new SLCommandException(4000); + } + + } + + +} diff --git a/bkucommon/src/main/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml b/bkucommon/src/main/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml deleted file mode 100644 index 885e35f3..00000000 --- a/bkucommon/src/main/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml new file mode 100644 index 00000000..13365931 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml @@ -0,0 +1,53 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3 From 3e101b29f0ac1efa5088ba953bea0acbba932339 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 5 Dec 2008 11:41:29 +0000 Subject: Feature Request #362 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@234 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUOnline/src/main/webapp/appletPage.jsp | 2 +- .../main/java/at/gv/egiz/bku/binding/DataUrl.java | 25 +++++++++++-- .../gv/egiz/bku/binding/DataUrlConnectionImpl.java | 42 +++++++++++++++++++--- .../gv/egiz/bku/binding/DataUrlConnectionSPI.java | 17 ++++++++- .../bku/binding/LegacyDataUrlConnectionImpl.java | 24 +++++++++++++ .../java/at/gv/egiz/bku/conf/Configurator.java | 15 ++++---- .../gv/egiz/bku/binding/TestDataUrlConnection.java | 15 ++++++++ .../egiz/bku/slcommands/testApplicationContext.xml | 8 ++--- 8 files changed, 125 insertions(+), 23 deletions(-) (limited to 'bkucommon/src/test/resources') diff --git a/BKUOnline/src/main/webapp/appletPage.jsp b/BKUOnline/src/main/webapp/appletPage.jsp index 366a390a..ee5f429c 100644 --- a/BKUOnline/src/main/webapp/appletPage.jsp +++ b/BKUOnline/src/main/webapp/appletPage.jsp @@ -55,7 +55,7 @@ GuiStyle : '<%=guiStyle%>', Locale : '<%=locale%>', Background : '<%=backgroundImg%>', - WSDL_URL :'../stal?wsdl', + WSDL_URL :'../stal;jsessionid=<%=session.getId()%>?wsdl', HelpURL : '../help/', HashDataDisplay : '<%=hashDataDisplay%>', HashDataURL : '../hashDataInput', diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java index 531772cf..2e2cc38a 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java @@ -20,6 +20,9 @@ import java.net.MalformedURLException; import java.net.URL; import java.util.Properties; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSocketFactory; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -32,7 +35,10 @@ import at.gv.egiz.bku.slexceptions.SLRuntimeException; public class DataUrl { private static DataUrlConnectionSPI defaultDataUrlConnection = new DataUrlConnectionImpl(); private static Log log = LogFactory.getLog(DataUrl.class); - private static Properties configuration; + private static Properties configuration; + private static SSLSocketFactory sslSocketFactory; + private static HostnameVerifier hostNameVerifier; + private URL url; @@ -44,7 +50,10 @@ public class DataUrl { if (dataUrlConnection == null) { throw new NullPointerException("Default dataurlconnection must not be set to null"); } - defaultDataUrlConnection = dataUrlConnection; + defaultDataUrlConnection = dataUrlConnection; + defaultDataUrlConnection.setConfiguration(configuration); + defaultDataUrlConnection.setSSLSocketFactory(sslSocketFactory); + defaultDataUrlConnection.setHostnameVerifier(hostNameVerifier); } public DataUrl(String aUrlString) throws MalformedURLException { @@ -66,5 +75,15 @@ public class DataUrl { public static void setConfiguration(Properties props) { configuration = props; defaultDataUrlConnection.setConfiguration(configuration); - } + } + + public static void setSSLSocketFactory(SSLSocketFactory socketFactory) { + sslSocketFactory = socketFactory; + defaultDataUrlConnection.setSSLSocketFactory(socketFactory); + } + + public static void setHostNameVerifier(HostnameVerifier hostNameVerifier) { + DataUrl.hostNameVerifier = hostNameVerifier; + defaultDataUrlConnection.setHostnameVerifier(hostNameVerifier); + } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index 6ad0bb78..408330cc 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -31,7 +31,9 @@ import java.util.Map; import java.util.Properties; import java.util.Set; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSocketFactory; import org.apache.commons.httpclient.methods.multipart.FilePart; import org.apache.commons.httpclient.methods.multipart.Part; @@ -51,11 +53,12 @@ import at.gv.egiz.bku.utils.binding.Protocol; * */ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { - + private final static Log log = LogFactory.getLog(DataUrlConnectionImpl.class); public final static Protocol[] SUPPORTED_PROTOCOLS = { Protocol.HTTP, Protocol.HTTPS }; + protected X509Certificate serverCertificate; protected Protocol protocol; protected URL url; @@ -64,6 +67,8 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { protected ArrayList formParams; protected String boundary; protected Properties config = null; + protected SSLSocketFactory sslSocketFactory; + protected HostnameVerifier hostnameVerifier; protected DataUrlResponse result; @@ -84,6 +89,21 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { */ public void connect() throws SocketTimeoutException, IOException { connection = (HttpURLConnection) url.openConnection(); + if (connection instanceof HttpsURLConnection) { + log.trace("Detected ssl connection"); + HttpsURLConnection https = (HttpsURLConnection) connection; + if (sslSocketFactory != null) { + log.debug("Setting custom ssl socket factory for ssl connection"); + https.setSSLSocketFactory(sslSocketFactory); + } else { + log.trace("No custom socket factory set"); + } + if (hostnameVerifier != null) { + log.debug("Setting custom hostname verifier"); + } + } else { + log.trace("No secure connection with: "+url+ " class="+connection.getClass()); + } connection.setDoOutput(true); Set headers = requestHttpHeaders.keySet(); Iterator headerIt = headers.iterator(); @@ -91,13 +111,13 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { String name = headerIt.next(); connection.setRequestProperty(name, requestHttpHeaders.get(name)); } - log.trace("Connecting to: "+url); + log.trace("Connecting to: " + url); connection.connect(); if (connection instanceof HttpsURLConnection) { HttpsURLConnection ssl = (HttpsURLConnection) connection; X509Certificate[] certs = (X509Certificate[]) ssl.getServerCertificates(); if ((certs != null) && (certs.length >= 1)) { - log.trace("Server certificate: "+certs[0]); + log.trace("Server certificate: " + certs[0]); serverCertificate = certs[0]; } } @@ -155,8 +175,9 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { } catch (IOException iox) { log.info(iox); } - log.trace("Reading response"); - result = new DataUrlResponse(url.toString(), connection.getResponseCode(), is); + log.trace("Reading response"); + result = new DataUrlResponse(url.toString(), connection.getResponseCode(), + is); Map responseHttpHeaders = new HashMap(); Map> httpHeaders = connection.getHeaderFields(); for (Iterator keyIt = httpHeaders.keySet().iterator(); keyIt @@ -227,6 +248,7 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { public DataUrlConnectionSPI newInstance() { DataUrlConnectionSPI uc = new DataUrlConnectionImpl(); uc.setConfiguration(config); + uc.setSSLSocketFactory(sslSocketFactory); return uc; } @@ -239,4 +261,14 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { public void setConfiguration(Properties config) { this.config = config; } + + @Override + public void setSSLSocketFactory(SSLSocketFactory socketFactory) { + this.sslSocketFactory = socketFactory; + } + + @Override + public void setHostnameVerifier(HostnameVerifier hostnameVerifier) { + this.hostnameVerifier = hostnameVerifier; + } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionSPI.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionSPI.java index 80cc3a0b..f838b919 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionSPI.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionSPI.java @@ -18,6 +18,9 @@ package at.gv.egiz.bku.binding; import java.net.URL; import java.util.Properties; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSocketFactory; /** * Prototype of a DataurlconnectionSPI @@ -43,7 +46,19 @@ public interface DataUrlConnectionSPI extends DataUrlConnection { * Sets configuration parameters for this connection * @param config */ - public void setConfiguration(Properties config); + public void setConfiguration(Properties config); + + /** + * Sets the socketfactory to be used for ssl connections. + * @param socketFactory if null the socket factory will not be set explicitly + */ + public void setSSLSocketFactory(SSLSocketFactory socketFactory); + + /** + * Sets the hostname verifier to be used, + * @param hostnameVerifier if null the default hostname verifier will be used + */ + public void setHostnameVerifier(HostnameVerifier hostnameVerifier); } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/LegacyDataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/LegacyDataUrlConnectionImpl.java index 5339d689..ef8034aa 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/LegacyDataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/LegacyDataUrlConnectionImpl.java @@ -19,7 +19,9 @@ import java.util.Map; import java.util.Properties; import java.util.Set; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSocketFactory; import javax.xml.transform.stream.StreamResult; import org.apache.commons.logging.Log; @@ -48,6 +50,8 @@ public class LegacyDataUrlConnectionImpl implements DataUrlConnectionSPI { protected Map formParams; protected String boundary; protected Properties config = null; + protected SSLSocketFactory sslSocketFactory; + protected HostnameVerifier hostnameVerifier; protected DataUrlResponse result; @@ -68,6 +72,16 @@ public class LegacyDataUrlConnectionImpl implements DataUrlConnectionSPI { */ public void connect() throws SocketTimeoutException, IOException { connection = (HttpURLConnection) url.openConnection(); + if (connection instanceof HttpsURLConnection) { + HttpsURLConnection https = (HttpsURLConnection) connection; + if (sslSocketFactory != null) { + log.debug("Setting custom ssl socket factory for ssl connection"); + https.setSSLSocketFactory(sslSocketFactory); + } + if (hostnameVerifier != null) { + log.debug("Setting custom hostname verifier"); + } + } connection.setDoOutput(true); Set headers = requestHttpHeaders.keySet(); Iterator headerIt = headers.iterator(); @@ -227,4 +241,14 @@ public class LegacyDataUrlConnectionImpl implements DataUrlConnectionSPI { public void setConfiguration(Properties config) { this.config = config; } + + @Override + public void setSSLSocketFactory(SSLSocketFactory socketFactory) { + this.sslSocketFactory = socketFactory; + } + + @Override + public void setHostnameVerifier(HostnameVerifier hostnameVerifier) { + this.hostnameVerifier = hostnameVerifier; + } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 6078de36..e37d107f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -80,7 +80,7 @@ public abstract class Configurator { log.error("Cannot add trusted ca", e); } } - return caCerts.toArray(new X509Certificate[caCerts.size()]); + return caCerts.toArray(new X509Certificate[caCerts.size()]); } else { log.warn("No CA certificates configured"); } @@ -196,10 +196,9 @@ public abstract class Configurator { String version = p.getProperty("Implementation-Build"); properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, "citizen-card-environment/1.2 MOCCA " + version); - log - .debug("Setting user agent to: " - + properties - .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + log.debug("Setting user agent to: " + + properties + .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); } else { log.warn("Cannot read manifest"); properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, @@ -256,7 +255,7 @@ public abstract class Configurator { getCertDir(), getCADir(), caCerts); sslCtx.init(km, new TrustManager[] { pkixTM }, null); } - HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); + DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } @@ -264,7 +263,7 @@ public abstract class Configurator { log.warn("---------------------------------"); log.warn(" Disabling Hostname Verification "); log.warn("---------------------------------"); - HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + DataUrl.setHostNameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; @@ -273,8 +272,6 @@ public abstract class Configurator { } } - - public void setCertValidator(CertValidator certValidator) { this.certValidator = certValidator; } diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java index 8a607b80..0a24b5c5 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java @@ -26,6 +26,9 @@ import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.Properties; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSocketFactory; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -131,5 +134,17 @@ public class TestDataUrlConnection implements DataUrlConnectionSPI { public void setConfiguration(Properties config) { // TODO Auto-generated method stub + } + + @Override + public void setHostnameVerifier(HostnameVerifier hostnameVerifier) { + // TODO Auto-generated method stub + + } + + @Override + public void setSSLSocketFactory(SSLSocketFactory socketFactory) { + // TODO Auto-generated method stub + } } diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml index 13365931..a7b588aa 100644 --- a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/testApplicationContext.xml @@ -39,14 +39,14 @@ + value="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxImpl" /> - + -- cgit v1.2.3 From 6576428966f1e3d688269a407b072fb01f9f7647 Mon Sep 17 00:00:00 2001 From: clemenso Date: Thu, 26 Feb 2009 19:39:00 +0000 Subject: 1.1 candidate (activation) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@309 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/online/applet/AppletBKUWorker.java | 9 +- .../java/at/gv/egiz/bku/gui/PINManagementGUI.java | 519 ++++- .../at/gv/egiz/bku/gui/PINManagementGUIFacade.java | 47 +- .../java/at/gv/egiz/bku/gui/PINSpecRenderer.java | 39 + .../java/at/gv/egiz/bku/gui/PINStatusProvider.java | 32 - .../java/at/gv/egiz/bku/gui/PINStatusRenderer.java | 63 + .../at/gv/egiz/bku/gui/PINStatusTableModel.java | 60 + .../bku/online/applet/PINManagementApplet.java | 3 +- .../bku/online/applet/PINManagementBKUWorker.java | 82 +- .../smccstal/ext/PINManagementRequestHandler.java | 331 ++++ .../bku/smccstal/ext/PINMgmtRequestHandler.java | 93 - .../gv/egiz/bku/gui/ActivationMessages.properties | 28 +- .../egiz/bku/gui/ActivationMessages_en.properties | 30 +- .../test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java | 4 +- BKUAppletExt/src/test/resources/appletTest.html | 2 +- .../main/java/at/gv/egiz/bku/gui/BKUGUIImpl.java | 8 +- .../main/java/at/gv/egiz/bku/gui/PinDocument.java | 28 +- .../at/gv/egiz/bku/gui/Messages.properties | 4 +- .../test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java | 2 +- .../at/gv/egiz/stal/ext/ActivatePINRequest.java | 28 - .../java/at/gv/egiz/stal/ext/ChangePINRequest.java | 28 - .../at/gv/egiz/stal/ext/PINManagementRequest.java | 31 + .../at/gv/egiz/stal/ext/PINManagementResponse.java | 28 + .../at/gv/egiz/stal/ext/UnblockPINRequest.java | 28 - .../egiz/bku/slcommands/impl/xsect/DataObject.java | 2078 ++++++++++---------- .../egiz/bku/slcommands/impl/xsect/Signature.java | 5 +- .../bku/slcommands/impl/xsect/SignatureTest.java | 1505 +++++++------- .../egiz/bku/slcommands/impl/TransformsInfo_2.xml | 397 ++++ smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 25 +- .../at/gv/egiz/smcc/AbstractSignatureCard.java | 10 + smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java | 30 +- .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 25 +- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 14 +- .../main/java/at/gv/egiz/smcc/SignatureCard.java | 5 +- .../at/gv/egiz/bku/smccstal/AbstractBKUWorker.java | 3 + .../java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java | 9 +- .../java/at/gv/egiz/marshal/NamespacePrefix.java | 34 + .../gv/egiz/marshal/NamespacePrefixMapperImpl.java | 16 +- .../at/gv/egiz/slbinding/RedirectEventFilter.java | 389 ++-- .../gv/egiz/slbinding/impl/TransformsInfoType.java | 1 + .../at/gv/egiz/slbinding/impl/XMLContentType.java | 2 +- .../org/w3/_2000/_09/xmldsig_/ObjectFactory.java | 1 + .../org/w3/_2000/_09/xmldsig_/TransformsType.java | 2 +- .../java/at/gv/egiz/slbinding/RedirectTest.java | 29 +- .../CreateXMLSignatureRequest02.xml_redirect.txt | 5 +- 45 files changed, 3813 insertions(+), 2299 deletions(-) create mode 100644 BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINSpecRenderer.java delete mode 100644 BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusProvider.java create mode 100644 BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusRenderer.java create mode 100644 BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusTableModel.java create mode 100644 BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java delete mode 100644 BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINMgmtRequestHandler.java delete mode 100644 STALExt/src/main/java/at/gv/egiz/stal/ext/ActivatePINRequest.java delete mode 100644 STALExt/src/main/java/at/gv/egiz/stal/ext/ChangePINRequest.java create mode 100644 STALExt/src/main/java/at/gv/egiz/stal/ext/PINManagementRequest.java create mode 100644 STALExt/src/main/java/at/gv/egiz/stal/ext/PINManagementResponse.java delete mode 100644 STALExt/src/main/java/at/gv/egiz/stal/ext/UnblockPINRequest.java create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_2.xml create mode 100644 utils/src/main/java/at/gv/egiz/marshal/NamespacePrefix.java (limited to 'bkucommon/src/test/resources') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java index 5a57ef18..8c1bd2bd 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java @@ -195,11 +195,16 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { } } + /** + * + * @param err_code + * @param ex if not null, the message will be appended as parameter to the error message + */ protected void showErrorDialog(String err_code, Exception ex) { actionCommandList.clear(); actionCommandList.add("ok"); - gui.showErrorDialog(err_code, - new Object[]{ex.getMessage()}, this, "ok"); + Object[] params = (ex != null) ? new Object[] { ex.getMessage() } : null; + gui.showErrorDialog(err_code, params, this, "ok"); try { waitForAction(); } catch (InterruptedException e) { diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUI.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUI.java index 8acf051e..8eef8aea 100644 --- a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUI.java +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUI.java @@ -17,15 +17,28 @@ package at.gv.egiz.bku.gui; +import at.gv.egiz.smcc.PINSpec; import java.awt.Container; +import java.awt.Cursor; +import java.awt.event.ActionEvent; import java.awt.event.ActionListener; +import java.awt.event.MouseEvent; +import java.awt.event.MouseMotionAdapter; import java.net.URL; +import java.text.MessageFormat; import java.util.Locale; +import java.util.Map; import javax.swing.GroupLayout; import javax.swing.JButton; import javax.swing.JLabel; +import javax.swing.JPasswordField; +import javax.swing.JScrollPane; +import javax.swing.JTable; import javax.swing.LayoutStyle; +import javax.swing.ListSelectionModel; import javax.swing.SwingUtilities; +import javax.swing.event.ListSelectionEvent; +import javax.swing.event.ListSelectionListener; /** * TODO pull out ResourceBundle to common superclass for activationGUI and pinMgmtGUI @@ -33,9 +46,10 @@ import javax.swing.SwingUtilities; */ public class PINManagementGUI extends ActivationGUI implements PINManagementGUIFacade { - public static final String BUTTON_ACTIVATE = "button.activate"; - public static final String BUTTON_UNBLOCK = "button.unblock"; - public static final String BUTTON_CHANGE = "button.change"; + /** remember the pinfield to return to worker */ + protected JPasswordField oldPinField; + /** remember the pinSpec to return to worker */ + protected PINSpec pinSpec; public PINManagementGUI(Container contentPane, Locale locale, @@ -46,12 +60,31 @@ public class PINManagementGUI extends ActivationGUI implements PINManagementGUIF } @Override - public void showPINManagementDialog(final PINStatusProvider pinStatusProvider, - final ActionListener activateListener, final String activateCmd, - final ActionListener changeListener, final String changeCmd, - final ActionListener unblockListener, final String unblockCmd, - final ActionListener cancelListener, final String cancelCmd) { -// try { + public char[] getOldPin() { + if (oldPinField != null) { + char[] pin = oldPinField.getPassword(); + oldPinField = null; + return pin; + } + return null; + } + + @Override + public PINSpec getSelectedPIN() { + return pinSpec; + } + + @Override + public void showPINManagementDialog(final Map pins, + final ActionListener activateListener, + final String activateCmd, + final String changeCmd, + final String unblockCmd, + final ActionListener cancelListener, + final String cancelCmd) { + + log.debug("scheduling PIN managment dialog"); + SwingUtilities.invokeLater(new Runnable() { @Override @@ -68,13 +101,76 @@ public class PINManagementGUI extends ActivationGUI implements PINManagementGUIF if (renderHeaderPanel) { titleLabel.setText(cardmgmtMessages.getString(TITLE_PINMGMT)); - mgmtLabel.setText(cardmgmtMessages.getString(MESSAGE_PINMGMT)); + String infoPattern = cardmgmtMessages.getString(MESSAGE_PINMGMT); + mgmtLabel.setText(MessageFormat.format(infoPattern, pins.size())); } else { mgmtLabel.setText(cardmgmtMessages.getString(TITLE_PINMGMT)); } + final PINStatusTableModel tableModel = new PINStatusTableModel(pins); + final JTable pinStatusTable = new JTable(tableModel); + pinStatusTable.setDefaultRenderer(PINSpec.class, new PINSpecRenderer()); + pinStatusTable.setDefaultRenderer(STATUS.class, new PINStatusRenderer(cardmgmtMessages)); + pinStatusTable.setTableHeader(null); - + pinStatusTable.addMouseMotionListener(new MouseMotionAdapter() { + + @Override + public void mouseMoved(MouseEvent e) { + if (pinStatusTable.columnAtPoint(e.getPoint()) == 0) { + pinStatusTable.setCursor(Cursor.getPredefinedCursor(Cursor.HAND_CURSOR)); + } else { + pinStatusTable.setCursor(Cursor.getDefaultCursor()); + } + } + }); + + final JButton activateButton = new JButton(); + activateButton.setFont(activateButton.getFont().deriveFont(activateButton.getFont().getStyle() & ~java.awt.Font.BOLD)); + activateButton.addActionListener(activateListener); + + pinStatusTable.setSelectionMode(ListSelectionModel.SINGLE_SELECTION); + pinStatusTable.getSelectionModel().addListSelectionListener(new ListSelectionListener() { + + @Override + public void valueChanged(final ListSelectionEvent e) { + //invoke later to allow thread to paint selection background + SwingUtilities.invokeLater(new Runnable() { + + @Override + public void run() { + ListSelectionModel lsm = (ListSelectionModel) e.getSource(); + int selectionIdx = lsm.getMinSelectionIndex(); + if (selectionIdx >= 0) { + pinSpec = (PINSpec) tableModel.getValueAt(selectionIdx, 0); + STATUS status = (STATUS) tableModel.getValueAt(selectionIdx, 1); + + if (status == STATUS.NOT_ACTIV) { + activateButton.setText(cardmgmtMessages.getString(BUTTON_ACTIVATE)); + activateButton.setEnabled(true); + activateButton.setActionCommand(activateCmd); + } else if (status == STATUS.BLOCKED) { + activateButton.setText(cardmgmtMessages.getString(BUTTON_UNBLOCK)); + activateButton.setEnabled(true); + activateButton.setActionCommand(unblockCmd); + } else if (status == STATUS.ACTIV) { + activateButton.setText(cardmgmtMessages.getString(BUTTON_CHANGE)); + activateButton.setEnabled(true); + activateButton.setActionCommand(changeCmd); + } else { + activateButton.setText(cardmgmtMessages.getString(BUTTON_ACTIVATE)); + activateButton.setEnabled(false); + } + } + } + }); + } + }); + + //select first entry + pinStatusTable.getSelectionModel().setSelectionInterval(0, 0); + + JScrollPane pinStatusScrollPane = new JScrollPane(pinStatusTable); GroupLayout mainPanelLayout = new GroupLayout(mainPanel); mainPanel.setLayout(mainPanelLayout); @@ -91,30 +187,16 @@ public class PINManagementGUI extends ActivationGUI implements PINManagementGUIF .addComponent(helpLabel); } - mainPanelLayout.setHorizontalGroup(messageHorizontal); - mainPanelLayout.setVerticalGroup(messageVertical); + mainPanelLayout.setHorizontalGroup( + mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addGroup(messageHorizontal) + .addComponent(pinStatusScrollPane, 0, 0, Short.MAX_VALUE)); - - JButton activateButton = new JButton(); - activateButton.setFont(activateButton.getFont().deriveFont(activateButton.getFont().getStyle() & ~java.awt.Font.BOLD)); - activateButton.setText(cardmgmtMessages.getString(BUTTON_ACTIVATE)); - activateButton.setEnabled(true);//false); - activateButton.setActionCommand(activateCmd); - activateButton.addActionListener(activateListener); - - JButton changeButton = new JButton(); - changeButton.setFont(activateButton.getFont().deriveFont(activateButton.getFont().getStyle() & ~java.awt.Font.BOLD)); - changeButton.setText(cardmgmtMessages.getString(BUTTON_CHANGE)); - changeButton.setEnabled(false); - changeButton.setActionCommand(changeCmd); - changeButton.addActionListener(changeListener); - - JButton unblockButton = new JButton(); - unblockButton.setFont(activateButton.getFont().deriveFont(activateButton.getFont().getStyle() & ~java.awt.Font.BOLD)); - unblockButton.setText(cardmgmtMessages.getString(BUTTON_UNBLOCK)); - unblockButton.setEnabled(false); - unblockButton.setActionCommand(unblockCmd); - unblockButton.addActionListener(unblockListener); + mainPanelLayout.setVerticalGroup( + mainPanelLayout.createSequentialGroup() + .addGroup(messageVertical) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addComponent(pinStatusScrollPane, 0, 0, pinStatusTable.getPreferredSize().height+3)); JButton cancelButton = new JButton(); cancelButton.setFont(cancelButton.getFont().deriveFont(cancelButton.getFont().getStyle() & ~java.awt.Font.BOLD)); @@ -129,30 +211,377 @@ public class PINManagementGUI extends ActivationGUI implements PINManagementGUIF .addContainerGap(GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(activateButton, GroupLayout.PREFERRED_SIZE, buttonSize, GroupLayout.PREFERRED_SIZE) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) - .addComponent(changeButton, GroupLayout.PREFERRED_SIZE, buttonSize, GroupLayout.PREFERRED_SIZE) - .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) - .addComponent(unblockButton, GroupLayout.PREFERRED_SIZE, buttonSize, GroupLayout.PREFERRED_SIZE) - .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addComponent(cancelButton, GroupLayout.PREFERRED_SIZE, buttonSize, GroupLayout.PREFERRED_SIZE); GroupLayout.Group buttonVertical = buttonPanelLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(activateButton) - .addComponent(changeButton) - .addComponent(unblockButton) .addComponent(cancelButton); buttonPanelLayout.setHorizontalGroup(buttonHorizontal); buttonPanelLayout.setVerticalGroup(buttonVertical); contentPanel.validate(); - } }); + } + + @Override + public void showActivatePINDialog(final PINSpec pin, + final ActionListener okListener, final String okCommand, + final ActionListener cancelListener, final String cancelCommand) { + log.debug("scheduling activate pin dialog"); + showPINDialog(false, pin, okListener, okCommand, cancelListener, cancelCommand); + } + + + private void showPINDialog(final boolean changePin, final PINSpec pinSpec, + final ActionListener okListener, final String okCommand, + final ActionListener cancelListener, final String cancelCommand) { + + SwingUtilities.invokeLater(new Runnable() { + + @Override + public void run() { + + String HELP_TOPIC, TITLE, MESSAGE_MGMT; + if (changePin) { + log.debug("show change pin dialog"); + HELP_TOPIC = HELP_PINMGMT; + TITLE = TITLE_CHANGE_PIN; + MESSAGE_MGMT = MESSAGE_CHANGE_PIN; + } else { + log.debug("show activate pin dialog"); + HELP_TOPIC = HELP_PINMGMT; + TITLE = TITLE_ACTIVATE_PIN; + MESSAGE_MGMT = MESSAGE_ACTIVATE_PIN; + oldPinField = null; + } + + mainPanel.removeAll(); + buttonPanel.removeAll(); + + helpListener.setHelpTopic(HELP_TOPIC); + + JLabel mgmtLabel = new JLabel(); + mgmtLabel.setFont(mgmtLabel.getFont().deriveFont(mgmtLabel.getFont().getStyle() & ~java.awt.Font.BOLD)); + + if (renderHeaderPanel) { + titleLabel.setText(cardmgmtMessages.getString(TITLE)); + String mgmtPattern = cardmgmtMessages.getString(MESSAGE_MGMT); + if (shortText) { + mgmtLabel.setText(MessageFormat.format(mgmtPattern, "PIN")); + } else { + mgmtLabel.setText(MessageFormat.format(mgmtPattern, pinSpec.getLocalizedName())); + } + } else { + mgmtLabel.setText(cardmgmtMessages.getString(TITLE)); + } + + JButton okButton = new JButton(); + okButton.setFont(okButton.getFont().deriveFont(okButton.getFont().getStyle() & ~java.awt.Font.BOLD)); + okButton.setText(messages.getString(BUTTON_OK)); + okButton.setEnabled(false); + okButton.setActionCommand(okCommand); + okButton.addActionListener(okListener); + + JLabel pinLabel = new JLabel(); + pinLabel.setFont(pinLabel.getFont().deriveFont(pinLabel.getFont().getStyle() & ~java.awt.Font.BOLD)); + String pinLabelPattern = (changePin) ? cardmgmtMessages.getString(LABEL_NEW_PIN) : messages.getString(LABEL_PIN); + pinLabel.setText(MessageFormat.format(pinLabelPattern, new Object[]{pinSpec.getLocalizedName()})); + + final JPasswordField repeatPinField = new JPasswordField(); + pinField = new JPasswordField(); + pinField.setText(""); + pinField.setDocument(new PINDocument(pinSpec, null)); + pinField.setActionCommand(okCommand); + pinField.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + if (pinField.getPassword().length >= pinSpec.getMinLength()) { + repeatPinField.requestFocusInWindow(); + } + } + }); + JLabel repeatPinLabel = new JLabel(); + repeatPinLabel.setFont(pinLabel.getFont()); + String repeatPinLabelPattern = cardmgmtMessages.getString(LABEL_REPEAT_PIN); + repeatPinLabel.setText(MessageFormat.format(repeatPinLabelPattern, new Object[]{pinSpec.getLocalizedName()})); + + repeatPinField.setText(""); + repeatPinField.setDocument(new PINDocument(pinSpec, okButton, pinField.getDocument())); + repeatPinField.setActionCommand(okCommand); + repeatPinField.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + if (pinField.getPassword().length >= pinSpec.getMinLength()) { + okListener.actionPerformed(e); + } + } + }); + + JLabel oldPinLabel = null; + if (changePin) { + oldPinLabel = new JLabel(); + oldPinLabel.setFont(oldPinLabel.getFont().deriveFont(oldPinLabel.getFont().getStyle() & ~java.awt.Font.BOLD)); + String oldPinLabelPattern = cardmgmtMessages.getString(LABEL_OLD_PIN); + oldPinLabel.setText(MessageFormat.format(oldPinLabelPattern, new Object[]{pinSpec.getLocalizedName()})); + + oldPinField = new JPasswordField(); + oldPinField.setText(""); + oldPinField.setDocument(new PINDocument(pinSpec, null)); + oldPinField.setActionCommand(okCommand); + oldPinField.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + if (oldPinField.getPassword().length >= pinSpec.getMinLength()) { + pinField.requestFocusInWindow(); + } + } + }); + } + + JLabel pinsizeLabel = new JLabel(); + pinsizeLabel.setFont(pinsizeLabel.getFont().deriveFont(pinsizeLabel.getFont().getStyle() & ~java.awt.Font.BOLD, pinsizeLabel.getFont().getSize()-2)); + String pinsizePattern = messages.getString(LABEL_PINSIZE); + String pinSize = String.valueOf(pinSpec.getMinLength()); + if (pinSpec.getMinLength() != pinSpec.getMaxLength()) { + pinSize += "-" + pinSpec.getMaxLength(); + } + pinsizeLabel.setText(MessageFormat.format(pinsizePattern, new Object[]{pinSize})); + + GroupLayout mainPanelLayout = new GroupLayout(mainPanel); + mainPanel.setLayout(mainPanelLayout); + + GroupLayout.SequentialGroup infoHorizontal = mainPanelLayout.createSequentialGroup() + .addComponent(mgmtLabel); + GroupLayout.ParallelGroup infoVertical = mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addComponent(mgmtLabel); + + if (!renderHeaderPanel) { + infoHorizontal + .addPreferredGap(LayoutStyle.ComponentPlacement.UNRELATED, 0, Short.MAX_VALUE) + .addComponent(helpLabel); + infoVertical + .addComponent(helpLabel); + } -// } catch (Exception ex) { -// log.error(ex.getMessage(), ex); -// showErrorDialog(ERR_UNKNOWN_WITH_PARAM, new Object[] {ex.getMessage()}); -// } + GroupLayout.ParallelGroup pinHorizontal = mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING); + GroupLayout.SequentialGroup pinVertical = mainPanelLayout.createSequentialGroup(); + + if (pinLabelPos == PinLabelPosition.ABOVE) { + if (changePin) { + pinHorizontal + .addComponent(oldPinLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addComponent(oldPinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE); + pinVertical + .addComponent(oldPinLabel) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addComponent(oldPinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED); + } + pinHorizontal + .addComponent(pinLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addComponent(pinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(repeatPinLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addComponent(repeatPinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addGroup(mainPanelLayout.createSequentialGroup() + .addPreferredGap(LayoutStyle.ComponentPlacement.UNRELATED, 0, Short.MAX_VALUE) + .addComponent(pinsizeLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)); + pinVertical + .addComponent(pinLabel) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addComponent(pinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addComponent(repeatPinLabel) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addComponent(repeatPinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addComponent(pinsizeLabel); + } else { + if (changePin) { + pinHorizontal + .addGroup(mainPanelLayout.createSequentialGroup() + .addGroup(mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addComponent(oldPinLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addComponent(pinLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addComponent(repeatPinLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addGroup(mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addComponent(oldPinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(pinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(repeatPinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))); + + pinVertical + .addGroup(mainPanelLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) + .addComponent(oldPinLabel) + .addComponent(oldPinField)) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED); + } else { + pinHorizontal + .addGroup(mainPanelLayout.createSequentialGroup() + .addGroup(mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addComponent(pinLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) + .addComponent(repeatPinLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addGroup(mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addComponent(pinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(repeatPinField, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))); + + } + pinHorizontal + .addGroup(mainPanelLayout.createSequentialGroup() + .addPreferredGap(LayoutStyle.ComponentPlacement.UNRELATED, 0, Short.MAX_VALUE) + .addComponent(pinsizeLabel, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)); + pinVertical + .addGroup(mainPanelLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) + .addComponent(pinLabel) + .addComponent(pinField)) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addGroup(mainPanelLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) + .addComponent(repeatPinLabel) + .addComponent(repeatPinField)) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addComponent(pinsizeLabel); + } + + mainPanelLayout.setHorizontalGroup( + mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addGroup(infoHorizontal) + .addGroup(pinHorizontal)); + + mainPanelLayout.setVerticalGroup( + mainPanelLayout.createSequentialGroup() + .addGroup(infoVertical) + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addGroup(pinVertical)); + + GroupLayout buttonPanelLayout = new GroupLayout(buttonPanel); + buttonPanel.setLayout(buttonPanelLayout); + + GroupLayout.SequentialGroup buttonHorizontal = buttonPanelLayout.createSequentialGroup() + .addContainerGap(GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(okButton, GroupLayout.PREFERRED_SIZE, buttonSize, GroupLayout.PREFERRED_SIZE); + GroupLayout.Group buttonVertical; + + JButton cancelButton = new JButton(); + cancelButton.setFont(cancelButton.getFont().deriveFont(cancelButton.getFont().getStyle() & ~java.awt.Font.BOLD)); + cancelButton.setText(messages.getString(BUTTON_CANCEL)); + cancelButton.setActionCommand(cancelCommand); + cancelButton.addActionListener(cancelListener); + + buttonHorizontal + .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) + .addComponent(cancelButton, GroupLayout.PREFERRED_SIZE, buttonSize, GroupLayout.PREFERRED_SIZE); + buttonVertical = buttonPanelLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) + .addComponent(okButton) + .addComponent(cancelButton); + + buttonPanelLayout.setHorizontalGroup(buttonHorizontal); + buttonPanelLayout.setVerticalGroup(buttonVertical); + + if (oldPinField != null) { + oldPinField.requestFocusInWindow(); + } else { + pinField.requestFocusInWindow(); + } + contentPanel.validate(); + + } + }); + } + + @Override + public void showChangePINDialog(final PINSpec pin, + final ActionListener okListener, final String okCommand, + final ActionListener cancelListener, final String cancelCommand) { + + log.debug("scheduling change pin dialog"); + showPINDialog(true, pin, okListener, okCommand, cancelListener, cancelCommand); + } + + @Override + public void showUnblockPINDialog(final PINSpec pin, + final ActionListener okListener, final String okCommand, + final ActionListener cancelListener, final String cancelCommand) { + + log.debug("scheduling unblock PIN dialog"); + + SwingUtilities.invokeLater(new Runnable() { + + @Override + public void run() { + + log.debug("show unblock PIN dialog"); + + log.error("unblock pin not supported"); + + mainPanel.removeAll(); + buttonPanel.removeAll(); + + if (renderHeaderPanel) { + titleLabel.setText(messages.getString(TITLE_ERROR)); + } + + helpListener.setHelpTopic(HELP_PINMGMT); + + String errorMsgPattern = cardmgmtMessages.getString(ERR_UNBLOCK); + String errorMsg = MessageFormat.format(errorMsgPattern, pin.getLocalizedName()); + + JLabel errorMsgLabel = new JLabel(); + errorMsgLabel.setFont(errorMsgLabel.getFont().deriveFont(errorMsgLabel.getFont().getStyle() & ~java.awt.Font.BOLD)); + errorMsgLabel.setText(errorMsg); + + GroupLayout mainPanelLayout = new GroupLayout(mainPanel); + mainPanel.setLayout(mainPanelLayout); + + GroupLayout.ParallelGroup mainHorizontal = mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING); + GroupLayout.SequentialGroup mainVertical = mainPanelLayout.createSequentialGroup(); + + if (!renderHeaderPanel) { + JLabel errorTitleLabel = new JLabel(); + errorTitleLabel.setFont(errorTitleLabel.getFont().deriveFont(errorTitleLabel.getFont().getStyle() | java.awt.Font.BOLD)); + errorTitleLabel.setText(messages.getString(TITLE_ERROR)); + errorTitleLabel.setForeground(ERROR_COLOR); + + mainHorizontal + .addGroup(mainPanelLayout.createSequentialGroup() + .addComponent(errorTitleLabel) + .addPreferredGap(LayoutStyle.ComponentPlacement.UNRELATED, 0, Short.MAX_VALUE) + .addComponent(helpLabel)); + mainVertical + .addGroup(mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addComponent(errorTitleLabel) + .addComponent(helpLabel)); + } + + mainPanelLayout.setHorizontalGroup(mainHorizontal + .addComponent(errorMsgLabel)); + mainPanelLayout.setVerticalGroup(mainVertical + .addComponent(errorMsgLabel)); + + JButton okButton = new JButton(); + okButton.setFont(okButton.getFont().deriveFont(okButton.getFont().getStyle() & ~java.awt.Font.BOLD)); + okButton.setText(messages.getString(BUTTON_OK)); + okButton.setActionCommand(cancelCommand); + okButton.addActionListener(cancelListener); + + GroupLayout buttonPanelLayout = new GroupLayout(buttonPanel); + buttonPanel.setLayout(buttonPanelLayout); + + buttonPanelLayout.setHorizontalGroup( + buttonPanelLayout.createSequentialGroup() + .addContainerGap(GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(okButton, GroupLayout.PREFERRED_SIZE, buttonSize, GroupLayout.PREFERRED_SIZE)); + buttonPanelLayout.setVerticalGroup( + buttonPanelLayout.createSequentialGroup() + .addComponent(okButton)); + + contentPanel.validate(); + } + }); } diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUIFacade.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUIFacade.java index 3d653fab..2a8f28d2 100644 --- a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUIFacade.java +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUIFacade.java @@ -17,7 +17,9 @@ package at.gv.egiz.bku.gui; +import at.gv.egiz.smcc.PINSpec; import java.awt.event.ActionListener; +import java.util.Map; /** * @@ -27,8 +29,49 @@ public interface PINManagementGUIFacade extends BKUGUIFacade { public static final String HELP_PINMGMT = "help.pin.mgmt"; public static final String TITLE_PINMGMT = "title.pin.mgmt"; + public static final String TITLE_ACTIVATE_PIN = "title.activate.pin"; + public static final String TITLE_CHANGE_PIN = "title.change.pin"; + public static final String TITLE_UNBLOCK_PIN = "title.unblock.pin"; public static final String MESSAGE_PINMGMT = "message.pin.mgmt"; - - public void showPINManagementDialog(PINStatusProvider pinStatusProvider, ActionListener activateListener, String activateCmd, ActionListener changeListener, String changeCmd, ActionListener unblockListener, String unblockCmd, ActionListener cancelListener, String cancelCmd); + public static final String MESSAGE_ACTIVATE_PIN = "message.activate.pin"; + public static final String MESSAGE_CHANGE_PIN = "message.change.pin"; + public static final String MESSAGE_UNBLOCK_PIN = "message.unblock.pin"; + public static final String LABEL_OLD_PIN = "label.old.pin"; + public static final String LABEL_NEW_PIN = "label.new.pin"; + public static final String LABEL_REPEAT_PIN = "label.repeat.pin"; + public static final String ERR_ACTIVATE = "err.activate"; + public static final String ERR_CHANGE = "err.change"; + public static final String ERR_UNBLOCK = "err.unblock"; + + public static final String BUTTON_ACTIVATE = "button.activate"; + public static final String BUTTON_UNBLOCK = "button.unblock"; + public static final String BUTTON_CHANGE = "button.change"; + + public static final String STATUS_ACTIVE = "status.active"; + public static final String STATUS_BLOCKED = "status.blocked"; + public static final String STATUS_NOT_ACTIVE = "status.not.active"; + public static final String STATUS_UNKNOWN = "status.unknown"; + + public enum STATUS { ACTIV, NOT_ACTIV, BLOCKED, UNKNOWN }; + + public void showPINManagementDialog(Map pins, + ActionListener activateListener, String activateCmd, String changeCmd, String unblockCmd, + ActionListener cancelListener, String cancelCmd); + + public void showActivatePINDialog(PINSpec pin, + ActionListener okListener, String okCmd, + ActionListener cancelListener, String cancelCmd); + + public void showChangePINDialog(PINSpec pin, + ActionListener okListener, String okCmd, + ActionListener cancelListener, String cancelCmd); + + public void showUnblockPINDialog(PINSpec pin, + ActionListener okListener, String okCmd, + ActionListener cancelListener, String cancelCmd); + + public char[] getOldPin(); + + public PINSpec getSelectedPIN(); } diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINSpecRenderer.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINSpecRenderer.java new file mode 100644 index 00000000..e3d73e1f --- /dev/null +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINSpecRenderer.java @@ -0,0 +1,39 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.bku.gui; + +import at.gv.egiz.smcc.PINSpec; +import javax.swing.table.DefaultTableCellRenderer; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker + */ +public class PINSpecRenderer extends DefaultTableCellRenderer { + + private static final Log log = LogFactory.getLog(PINSpecRenderer.class); + + @Override + protected void setValue(Object value) { + PINSpec pinSpec = (PINSpec) value; + super.setText(pinSpec.getLocalizedName()); + } + +} diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusProvider.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusProvider.java deleted file mode 100644 index 73fa0920..00000000 --- a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusProvider.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package at.gv.egiz.bku.gui; - -import at.gv.egiz.smcc.SignatureCardException; - -/** - * - * @author Clemens Orthacker - */ -public interface PINStatusProvider { - - public enum STATUS { ACTIV, NOT_ACTIV, BLOCKED }; - - public STATUS getPINStatus(int pin) throws SignatureCardException; - -} diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusRenderer.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusRenderer.java new file mode 100644 index 00000000..2f8852ff --- /dev/null +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusRenderer.java @@ -0,0 +1,63 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.bku.gui; + +import at.gv.egiz.bku.gui.PINManagementGUIFacade.STATUS; +import java.awt.Color; +import java.awt.Font; +import java.util.ResourceBundle; +import javax.swing.table.DefaultTableCellRenderer; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker + */ +public class PINStatusRenderer extends DefaultTableCellRenderer { + + private static final Log log = LogFactory.getLog(PINStatusRenderer.class); + + public static final Color RED = new Color(0.9f, 0.0f, 0.0f); + public static final Color GREEN = new Color(0.0f, 0.8f, 0.0f); + protected ResourceBundle messages; + + public PINStatusRenderer(ResourceBundle messages) { + this.messages = messages; + } + + @Override + protected void setValue(Object value) { + STATUS pinStatus = (STATUS) value; + super.setFont(super.getFont().deriveFont(super.getFont().getStyle() | Font.BOLD)); + + if (pinStatus == STATUS.NOT_ACTIV) { + super.setForeground(RED); + super.setText("" + messages.getString(PINManagementGUIFacade.STATUS_NOT_ACTIVE) + ""); + } else if (pinStatus == STATUS.ACTIV) { + super.setForeground(GREEN); + super.setText("" + messages.getString(PINManagementGUIFacade.STATUS_ACTIVE) + ""); + } else if (pinStatus == STATUS.BLOCKED) { + super.setForeground(RED); + super.setText("" + messages.getString(PINManagementGUIFacade.STATUS_BLOCKED) + ""); + } else { + super.setForeground(Color.BLACK); + super.setText("" + messages.getString(PINManagementGUIFacade.STATUS_UNKNOWN) + ""); + } + } +} diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusTableModel.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusTableModel.java new file mode 100644 index 00000000..feaa5072 --- /dev/null +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/gui/PINStatusTableModel.java @@ -0,0 +1,60 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.gui; + +import at.gv.egiz.bku.gui.PINManagementGUIFacade.STATUS; +import at.gv.egiz.smcc.PINSpec; +import java.util.Map; +import javax.swing.table.DefaultTableModel; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker + */ +public class PINStatusTableModel extends DefaultTableModel { + + protected static final Log log = LogFactory.getLog(PINStatusTableModel.class); + protected Class[] types; + + public PINStatusTableModel(Map pinStatuses) { + super(0, 2); + if (pinStatuses == null) { + throw new RuntimeException("pinStatuses must not be null"); + } + log.trace(pinStatuses.size() + " PINs"); + types = new Class[] { PINSpec.class, STATUS.class }; + for (PINSpec pinSpec : pinStatuses.keySet()) { + addRow(new Object[] { pinSpec, pinStatuses.get(pinSpec) }); + } +// PINSpec activePIN = new PINSpec(0, 1, null, "active-PIN", (byte) 0x01); +// PINSpec blockedPIN = new PINSpec(0, 1, null, "blocked-PIN", (byte) 0x01); +// addRow(new Object[] { activePIN, PINStatusProvider.STATUS.ACTIV }); +// addRow(new Object[] { blockedPIN, PINStatusProvider.STATUS.BLOCKED }); + } + + @Override + public Class getColumnClass(int columnIndex) { + return types[columnIndex]; + } + + @Override + public boolean isCellEditable(int rowIndex, int columnIndex) { + return false; + } +} diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/online/applet/PINManagementApplet.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/online/applet/PINManagementApplet.java index 72d06618..d948ac03 100644 --- a/BKUAppletExt/src/main/java/at/gv/egiz/bku/online/applet/PINManagementApplet.java +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/online/applet/PINManagementApplet.java @@ -19,6 +19,7 @@ package at.gv.egiz.bku.online.applet; import at.gv.egiz.bku.gui.AbstractHelpListener; import at.gv.egiz.bku.gui.BKUGUIFacade; import at.gv.egiz.bku.gui.PINManagementGUI; +import at.gv.egiz.bku.gui.PINManagementGUIFacade; import java.awt.Container; import java.net.URL; import java.util.Locale; @@ -45,6 +46,6 @@ public class PINManagementApplet extends BKUApplet { @Override protected AppletBKUWorker createBKUWorker(BKUApplet applet, BKUGUIFacade gui) { - return new PINManagementBKUWorker(applet, gui); + return new PINManagementBKUWorker(applet, (PINManagementGUIFacade) gui); } } diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/online/applet/PINManagementBKUWorker.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/online/applet/PINManagementBKUWorker.java index e65d98ca..ffd83e42 100644 --- a/BKUAppletExt/src/main/java/at/gv/egiz/bku/online/applet/PINManagementBKUWorker.java +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/online/applet/PINManagementBKUWorker.java @@ -18,35 +18,28 @@ package at.gv.egiz.bku.online.applet; import at.gv.egiz.bku.gui.BKUGUIFacade; import at.gv.egiz.bku.gui.PINManagementGUIFacade; -import at.gv.egiz.bku.smccstal.ext.PINMgmtRequestHandler; +import at.gv.egiz.bku.smccstal.ext.PINManagementRequestHandler; +import at.gv.egiz.stal.ErrorResponse; import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.ext.ActivatePINRequest; -import at.gv.egiz.stal.ext.ChangePINRequest; -import at.gv.egiz.stal.ext.UnblockPINRequest; -import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; -import java.util.Collection; +import at.gv.egiz.stal.ext.PINManagementRequest; +import at.gv.egiz.stal.ext.PINManagementResponse; import java.util.Collections; import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; /** - * + * This BKU Worker does not connect to STAL webservice + * (no Internet connection permitted while activating PINs). + * * @author Clemens Orthacker */ public class PINManagementBKUWorker extends AppletBKUWorker { - protected PINMgmtRequestHandler handler = new PINMgmtRequestHandler(); - protected PINManagementActionListener listener = new PINManagementActionListener(); - - public PINManagementBKUWorker(BKUApplet applet, BKUGUIFacade gui) { + public PINManagementBKUWorker(BKUApplet applet, PINManagementGUIFacade gui) { super(applet, gui); handlerMap.clear(); -// PINMgmtRequestHandler handler = new PINMgmtRequestHandler(); -// addRequestHandler(ActivatePINRequest.class, handler); -// addRequestHandler(ChangePINRequest.class, handler); -// addRequestHandler(UnblockPINRequest.class, handler); + addRequestHandler(PINManagementRequest.class, new PINManagementRequestHandler()); } @Override @@ -54,22 +47,24 @@ public class PINManagementBKUWorker extends AppletBKUWorker { gui.showWelcomeDialog(); try { - - if (waitForCard()) { - gui.showErrorDialog("no card, canceled PIN mgmt dialog", null); + List responses = handleRequest(Collections.singletonList(new PINManagementRequest())); + + if (responses.size() == 1) { + STALResponse response = responses.get(0); + if (response instanceof PINManagementResponse) { + log.debug("PIN management dialog finished"); + } else if (response instanceof ErrorResponse) { + showErrorDialog(BKUGUIFacade.ERR_UNKNOWN, null); + } else { + throw new RuntimeException("Invalid STAL response: " + response.getClass().getName()); + } + } else { + throw new RuntimeException("invalid number of STAL responses: " + responses.size()); } - actionCommandList.clear(); - actionCommandList.add("cancel"); - - ((PINManagementGUIFacade) gui).showPINManagementDialog(handler, - listener, "activate", - listener, "change", - listener, "unblock", - this, "cancel"); - - waitForAction(); - + } catch (RuntimeException ex) { + log.error("unexpected error: " + ex.getMessage(), ex); + showErrorDialog(BKUGUIFacade.ERR_UNKNOWN, null); } catch (Exception ex) { log.error(ex.getMessage(), ex); showErrorDialog(BKUGUIFacade.ERR_UNKNOWN_WITH_PARAM, ex); @@ -82,31 +77,4 @@ public class PINManagementBKUWorker extends AppletBKUWorker { applet.sendRedirect(sessionId); } - protected class PINManagementActionListener implements ActionListener { - - @Override - public void actionPerformed(ActionEvent e) { - try { - String cmd = e.getActionCommand(); - if ("activate".equals(cmd)) { - //create STAL request, call handle(req) - ActivatePINRequest stalReq = new ActivatePINRequest(); - STALResponse stalResp = handler.handleRequest(stalReq); - gui.showErrorDialog(BKUGUIFacade.ERR_UNKNOWN_WITH_PARAM, new Object[]{"debug"}, this, "back"); - } else if ("change".equals(cmd)) { - } else if ("unblock".equals(cmd)) { - } else if ("back".equals(cmd)) { - - ((PINManagementGUIFacade) gui).showPINManagementDialog(handler, - this, "activate", - this, "change", - this, "unblock", - PINManagementBKUWorker.this, "cancel"); - - } - } catch (InterruptedException ex) { - log.fatal(ex); - } - } } -} diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java new file mode 100644 index 00000000..fcef3191 --- /dev/null +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java @@ -0,0 +1,331 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.smccstal.ext; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.gui.PINManagementGUIFacade; +import at.gv.egiz.bku.gui.PINManagementGUIFacade.STATUS; +import at.gv.egiz.bku.smccstal.AbstractRequestHandler; +import at.gv.egiz.smcc.PINSpec; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.util.SMCCHelper; +import at.gv.egiz.stal.ErrorResponse; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.ext.PINManagementRequest; +import at.gv.egiz.stal.ext.PINManagementResponse; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker + */ +public class PINManagementRequestHandler extends AbstractRequestHandler { + + public static final String ERR_NOPIN_SELECTED = "err.no.pin.selected"; + protected static final Log log = LogFactory.getLog(PINManagementRequestHandler.class); + +// protected ResourceBundle messages; + +// public PINManagementRequestHandler(ResourceBundle messages) { +// this.messages = messages; +// } + @Override + public STALResponse handleRequest(STALRequest request) throws InterruptedException { + if (request instanceof PINManagementRequest) { + + PINManagementGUIFacade gui = (PINManagementGUIFacade) this.gui; + + showPINManagementDialog(gui); + + while (true) { + + waitForAction(); + + if ("cancel".equals(actionCommand)) { + return new PINManagementResponse(); + } else if ("back".equals(actionCommand)) { + showPINManagementDialog(gui); + } else { + PINSpec selectedPIN = gui.getSelectedPIN(); + + if (selectedPIN == null) { + throw new RuntimeException("no PIN selected for activation/change"); + } + + if ("activate_enterpin".equals(actionCommand)) { + gui.showActivatePINDialog(selectedPIN, this, "activate", this, "back"); + } else if ("change_enterpin".equals(actionCommand)) { + gui.showChangePINDialog(selectedPIN, this, "change", this, "back"); + } else if ("unblock_enterpuk".equals(actionCommand)) { + gui.showUnblockPINDialog(selectedPIN, this, "unblock", this, "back"); + } else if ("activate".equals(actionCommand)) { + try { + byte[] pin = encodePIN(gui.getPin()); + activatePIN(selectedPIN.getKID(), selectedPIN.getContextAID(), pin); + showPINManagementDialog(gui); + } catch (SignatureCardException ex) { + log.error("failed to activate " + selectedPIN.getLocalizedName() + ": " + ex.getMessage()); + gui.showErrorDialog(PINManagementGUIFacade.ERR_ACTIVATE, + new Object[] {selectedPIN.getLocalizedName()}, + this, "cancel"); + } + } else if ("change".equals(actionCommand)) { + try { + byte[] oldPin = encodePIN(gui.getOldPin()); //new byte[]{(byte) 0x25, (byte) 0x40, (byte) 0x01}; + byte[] pin = encodePIN(gui.getPin()); //new byte[]{(byte) 0x25, (byte) 0x40}; + changePIN(selectedPIN.getKID(), selectedPIN.getContextAID(), oldPin, pin); + showPINManagementDialog(gui); + } catch (SignatureCardException ex) { + log.error("failed to change " + selectedPIN.getLocalizedName() + ": " + ex.getMessage()); + gui.showErrorDialog(PINManagementGUIFacade.ERR_CHANGE, + new Object[] {selectedPIN.getLocalizedName()}, + this, "cancel"); + } + } else if ("unblock".equals(actionCommand)) { + log.error("unblock PIN not implemented"); + gui.showErrorDialog(PINManagementGUIFacade.ERR_UNBLOCK, null, this, "cancel"); + } else { + throw new RuntimeException("unsupported action " + actionCommand); + } + } + } + } else { + log.error("Got unexpected STAL request: " + request); + return new ErrorResponse(1000); + } + } + + @Override + public boolean requireCard() { + return true; + } + + /** + * pin.length < 4bit + * @param kid + * @param contextAID + * @param pin + * @throws at.gv.egiz.smcc.SignatureCardException + */ + private void activatePIN(byte kid, byte[] contextAID, byte[] pin) throws SignatureCardException { + try { + Card icc = card.getCard(); + icc.beginExclusive(); + CardChannel channel = icc.getBasicChannel(); + + if (contextAID != null) { + CommandAPDU selectAPDU = new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, contextAID); + ResponseAPDU responseAPDU = channel.transmit(selectAPDU); + if (responseAPDU.getSW() != 0x9000) { + String msg = "Failed to activate PIN " + SMCCHelper.toString(new byte[]{kid}) + + ": Failed to select AID " + SMCCHelper.toString(contextAID) + + ": " + SMCCHelper.toString(responseAPDU.getBytes()); + log.error(msg); + throw new SignatureCardException(msg); + } + } + + if (pin.length > 7) { + log.error("Invalid PIN"); + throw new SignatureCardException("Invalid PIN"); + } + byte length = (byte) (0x20 | pin.length * 2); + + byte[] apdu = new byte[]{ + (byte) 0x00, (byte) 0x24, (byte) 0x01, kid, (byte) 0x08, + (byte) length, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; + for (int i = 0; i < pin.length; i++) { + apdu[i + 6] = pin[i]; + } + + CommandAPDU verifyAPDU = new CommandAPDU(apdu); + ResponseAPDU responseAPDU = channel.transmit(verifyAPDU); + + if (responseAPDU.getSW() != 0x9000) { + String msg = "Failed to activate PIN " + SMCCHelper.toString(new byte[]{kid}) + ": " + SMCCHelper.toString(responseAPDU.getBytes()); + log.error(msg); + throw new SignatureCardException(msg); + } + + + icc.endExclusive(); + + + } catch (CardException ex) { + log.error("Failed to get PIN status: " + ex.getMessage()); + throw new SignatureCardException("Failed to get PIN status", ex); + } + } + + private void changePIN(byte kid, byte[] contextAID, byte[] oldPIN, byte[] newPIN) throws SignatureCardException { + try { + Card icc = card.getCard(); + icc.beginExclusive(); + CardChannel channel = icc.getBasicChannel(); + + if (contextAID != null) { + CommandAPDU selectAPDU = new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, contextAID); + ResponseAPDU responseAPDU = channel.transmit(selectAPDU); + if (responseAPDU.getSW() != 0x9000) { + String msg = "Failed to change PIN " + SMCCHelper.toString(new byte[]{kid}) + + ": Failed to select AID " + SMCCHelper.toString(contextAID) + + ": " + SMCCHelper.toString(responseAPDU.getBytes()); + log.error(msg); + throw new SignatureCardException(msg); + } + } + + if (oldPIN.length > 7 || newPIN.length > 7) { + log.error("Invalid PIN"); + throw new SignatureCardException("Invalid PIN"); + } + byte oldLength = (byte) (0x20 | oldPIN.length * 2); + byte newLength = (byte) (0x20 | newPIN.length * 2); + + byte[] apdu = new byte[]{ + (byte) 0x00, (byte) 0x24, (byte) 0x00, kid, (byte) 0x10, + oldLength, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + newLength, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF}; + for (int i = 0; i < oldPIN.length; i++) { + apdu[i + 6] = oldPIN[i]; + } + for (int i = 0; i < newPIN.length; i++) { + apdu[i + 14] = newPIN[i]; + } + + CommandAPDU verifyAPDU = new CommandAPDU(apdu); + ResponseAPDU responseAPDU = channel.transmit(verifyAPDU); + + if (responseAPDU.getSW() != 0x9000) { + String msg = "Failed to change PIN " + SMCCHelper.toString(new byte[]{kid}) + ": " + SMCCHelper.toString(responseAPDU.getBytes()); + log.error(msg); + throw new SignatureCardException(msg); + } + + + icc.endExclusive(); + + + } catch (CardException ex) { + log.error("Failed to get PIN status: " + ex.getMessage()); + throw new SignatureCardException("Failed to get PIN status", ex); + } + } + + public Map getPINStatuses() throws SignatureCardException { + try { + Card icc = card.getCard(); + icc.beginExclusive(); + CardChannel channel = icc.getBasicChannel(); + + HashMap pinStatuses = new HashMap(); + List pins = card.getPINSpecs(); + + //select DF_SichereSignatur 00 A4 04 0C 08 D0 40 00 00 17 00 12 01 +// CommandAPDU selectAPDU = new CommandAPDU(new byte[]{(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x0c, (byte) 0x08, +// (byte) 0xd0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x12, (byte) 0x01}); +// ResponseAPDU rAPDU = channel.transmit(selectAPDU); +// log.debug("SELECT FILE DF_SichereSignatur: " + SMCCHelper.toString(rAPDU.getBytes())); + + //select DF_SIG DF 70 +// CommandAPDU selectAPDU = new CommandAPDU(new byte[]{(byte) 0x00, (byte) 0xa4, (byte) 0x00, (byte) 0x0c, (byte) 0x02, +// (byte) 0xdf, (byte) 0x70 }); +// ResponseAPDU rAPDU = channel.transmit(selectAPDU); +// log.debug("SELECT FILE DF_SIG: " + SMCCHelper.toString(rAPDU.getBytes())); + + //select DF_DEC DF 71 +// CommandAPDU selectAPDU = new CommandAPDU(new byte[]{(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x0c, (byte) 0x08, +// (byte) 0xd0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x12, (byte) 0x01}); +// ResponseAPDU rAPDU = channel.transmit(selectAPDU); +// log.debug("SELECT FILE DF_SichereSignatur: " + SMCCHelper.toString(rAPDU.getBytes())); + + for (PINSpec pinSpec : pins) { + byte kid = pinSpec.getKID(); + byte[] contextAID = pinSpec.getContextAID(); + + if (contextAID != null) { + CommandAPDU selectAPDU = new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, contextAID); + ResponseAPDU responseAPDU = channel.transmit(selectAPDU); + if (responseAPDU.getSW() != 0x9000) { + String msg = "Failed to activate PIN " + SMCCHelper.toString(new byte[]{kid}) + + ": Failed to select AID " + SMCCHelper.toString(contextAID) + + ": " + SMCCHelper.toString(responseAPDU.getBytes()); + log.error(msg); + throw new SignatureCardException(msg); + } + } + + CommandAPDU verifyAPDU = new CommandAPDU(new byte[]{(byte) 0x00, (byte) 0x20, (byte) 00, kid}); + ResponseAPDU responseAPDU = channel.transmit(verifyAPDU); + + STATUS status = STATUS.UNKNOWN; + if (responseAPDU.getSW() == 0x6984) { + status = STATUS.NOT_ACTIV; + } else if (responseAPDU.getSW() == 0x63c0) { + status = STATUS.BLOCKED; + } else if (responseAPDU.getSW1() == 0x63) { + status = STATUS.ACTIV; + } + if (log.isDebugEnabled()) { + log.debug("PIN " + pinSpec.getLocalizedName() + " status: " + SMCCHelper.toString(responseAPDU.getBytes())); + } + + pinStatuses.put(pinSpec, status); + } + icc.endExclusive(); + + return pinStatuses; + + } catch (CardException ex) { + log.error("Failed to get PIN status: " + ex.getMessage()); + throw new SignatureCardException("Failed to get PIN status", ex); + } + } + + private byte[] encodePIN(char[] pinChars) { + int length = (int) Math.ceil(pinChars.length/2); + byte[] pin = new byte[length]; + for (int i = 0; i < length; i++) { + pin[i] = (byte) (16*Character.digit(pinChars[i*2], 16) + Character.digit(pinChars[i*2+1], 16)); + } + log.trace("***** " + SMCCHelper.toString(pin) + " ******"); + return pin; + } + + private void showPINManagementDialog(PINManagementGUIFacade gui) { + try { + Map pins = getPINStatuses(); + gui.showPINManagementDialog(pins, + this, "activate_enterpin", "change_enterpin", "unblock_enterpuk", + this, "cancel"); + } catch (SignatureCardException ex) { + gui.showErrorDialog(BKUGUIFacade.ERR_UNKNOWN_WITH_PARAM, + new Object[]{"FAILED TO GET PIN STATUSES: " + ex.getMessage()}, + this, "cancel"); + } + } +} diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINMgmtRequestHandler.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINMgmtRequestHandler.java deleted file mode 100644 index b2d34ff2..00000000 --- a/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINMgmtRequestHandler.java +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package at.gv.egiz.bku.smccstal.ext; - -import at.gv.egiz.bku.gui.PINStatusProvider; -import at.gv.egiz.bku.smccstal.AbstractRequestHandler; -import at.gv.egiz.smcc.SignatureCardException; -import at.gv.egiz.stal.ErrorResponse; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.ext.ActivatePINRequest; -import at.gv.egiz.stal.ext.ChangePINRequest; -import at.gv.egiz.stal.ext.UnblockPINRequest; -import java.util.logging.Level; -import java.util.logging.Logger; -import javax.smartcardio.Card; -import javax.smartcardio.CardChannel; -import javax.smartcardio.CardException; -import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * - * @author Clemens Orthacker - */ -public class PINMgmtRequestHandler extends AbstractRequestHandler implements PINStatusProvider { - - protected static final Log log = LogFactory.getLog(PINMgmtRequestHandler.class); - - @Override - public STALResponse handleRequest(STALRequest request) throws InterruptedException { - if (request instanceof ActivatePINRequest) { - log.error("not implemented yet"); - return new ErrorResponse(1000); - - } else if (request instanceof ChangePINRequest) { - log.error("not implemented yet"); - return new ErrorResponse(1000); - - } else if (request instanceof UnblockPINRequest) { - log.error("not implemented yet"); - return new ErrorResponse(1000); - - } else { - log.error("Got unexpected STAL request: " + request); - return new ErrorResponse(1000); - } - } - - @Override - public boolean requireCard() { - return true; - } - - @Override - public STATUS getPINStatus(int pin) throws SignatureCardException { - try { - Card icc = card.getCard(); - icc.beginExclusive(); - CardChannel channel = icc.getBasicChannel(); - CommandAPDU verifyAPDU = new CommandAPDU(new byte[] {(byte) 0x00} ); - ResponseAPDU responseAPDU = channel.transmit(verifyAPDU); - byte sw1 = (byte) responseAPDU.getSW1(); - byte[] sw = new byte[] { - (byte) (0xFF & responseAPDU.getSW1()), - (byte) (0xFF & responseAPDU.getSW2()) }; - - icc.endExclusive(); - return STATUS.ACTIV; - } catch (CardException ex) { - log.error("Failed to get PIN status: " + ex.getMessage()); - throw new SignatureCardException("Failed to get PIN status", ex); - } - } - -} diff --git a/BKUAppletExt/src/main/resources/at/gv/egiz/bku/gui/ActivationMessages.properties b/BKUAppletExt/src/main/resources/at/gv/egiz/bku/gui/ActivationMessages.properties index 469af15f..e51044af 100644 --- a/BKUAppletExt/src/main/resources/at/gv/egiz/bku/gui/ActivationMessages.properties +++ b/BKUAppletExt/src/main/resources/at/gv/egiz/bku/gui/ActivationMessages.properties @@ -15,10 +15,34 @@ title.activation=Aktivierung title.pin.mgmt=PIN Verwaltung -message.pin.mgmt=under construction +title.activate.pin=PIN Aktivieren +title.change.pin=PIN \u00C4ndern +title.unblock.pin=PIN Entsperren + +message.pin.mgmt=Die Karte verf\u00FCgt \u00FCber {0} PINs +message.activate.pin={0} eingeben und best\u00E4tigen +message.change.pin={0} eingeben und best\u00E4tigen +message.unblock.pin=PUK zu {0} eingeben + label.activation=e-card Aktivierungsprozess label.activation.step=Schritt {0} label.activation.idle=Warte auf Server... +label.old.pin=Alte {0}: +label.new.pin=Neue {0}: +label.repeat.pin=Best\u00E4tigung: + button.activate=Aktivieren button.change=\u00C4ndern -button.unblock=Entsperren \ No newline at end of file +button.unblock=Entsperren + +help.activation=help.activation +help.pin.mgmt=help.pin.mgmt + +err.activate=Beim Aktivieren der {0} trat ein Fehler auf. +err.change=Beim \u00C4ndern der {0} trat ein Fehler auf. +err.unblock=Das Entsperren der {0} wird nicht unterst\u00FCtzt. + +status.not.active=NICHT AKTIV +status.active=AKTIV +status.blocked=GESPERRT +status.unknown=UNBEKANNT diff --git a/BKUAppletExt/src/main/resources/at/gv/egiz/bku/gui/ActivationMessages_en.properties b/BKUAppletExt/src/main/resources/at/gv/egiz/bku/gui/ActivationMessages_en.properties index 16ac7d0b..1cf4a102 100644 --- a/BKUAppletExt/src/main/resources/at/gv/egiz/bku/gui/ActivationMessages_en.properties +++ b/BKUAppletExt/src/main/resources/at/gv/egiz/bku/gui/ActivationMessages_en.properties @@ -13,12 +13,36 @@ # See the License for the specific language governing permissions and # limitations under the License. -title.activation=Aktivation +title.activation=Activation title.pin.mgmt=PIN Management -message.pin.mgmt=under construction +title.activate.pin=Activate PIN +title.change.pin=Change PIN +title.unblock.pin=Unblock PIN + +message.pin.mgmt=The smartcard has {0} PINs +message.activate.pin=Enter and confirm {0} +message.change.pin=Enter and confirm {0} +message.unblock.pin=Enter PUK for {0} + label.activation=e-card activation process label.activation.step=Step {0} label.activation.idle=Wait for server... +label.old.pin=Old {0}: +label.new.pin=New {0}: +label.repeat.pin=Confirmation: + button.activate=Activate button.change=Change -button.unblock=Unblock \ No newline at end of file +button.unblock=Unblock + +help.activation=help.activation +help.pin.mgmt=help.pin.mgmt + +err.activate=An error occured during activation of {0}. +err.change=An error occured during changing of {0}. +err.unblock=Unblocking of {0} is not supported. + +status.not.active=Not active +status.active=Active +status.blocked=Blocked +status.unknown=Unknown diff --git a/BKUAppletExt/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java b/BKUAppletExt/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java index 669a63fc..ef8c87e4 100644 --- a/BKUAppletExt/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java +++ b/BKUAppletExt/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java @@ -25,8 +25,6 @@ import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; -import java.io.ByteArrayInputStream; -import java.io.InputStream; import java.util.ArrayList; import java.util.List; @@ -46,7 +44,7 @@ public class BKUGUIWorker implements Runnable { public void run() { try { - final PINSpec signPinSpec = new PINSpec(6, 10, "[0-9]", "Signatur-PIN"); + final PINSpec signPinSpec = new PINSpec(6, 10, "[0-9]", "Signatur-PIN", (byte)0x00, null); final ActionListener cancelListener = new ActionListener() { diff --git a/BKUAppletExt/src/test/resources/appletTest.html b/BKUAppletExt/src/test/resources/appletTest.html index 9add4309..813ee1f0 100644 --- a/BKUAppletExt/src/test/resources/appletTest.html +++ b/BKUAppletExt/src/test/resources/appletTest.html @@ -19,7 +19,7 @@
+ width=270 height=180> diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIImpl.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIImpl.java index f564c07a..1d5a2cf4 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIImpl.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIImpl.java @@ -38,9 +38,6 @@ import java.util.Collections; import java.util.List; import java.util.Locale; import java.util.ResourceBundle; -import java.util.logging.Level; -import java.util.logging.Logger; -import javax.swing.CellRendererPane; import javax.swing.GroupLayout; import javax.swing.ImageIcon; import javax.swing.JButton; @@ -51,7 +48,6 @@ import javax.swing.JPanel; import javax.swing.JPasswordField; import javax.swing.JScrollPane; import javax.swing.JTable; -import javax.swing.JTextField; import javax.swing.LayoutStyle; import javax.swing.ListSelectionModel; import javax.swing.SwingUtilities; @@ -1064,7 +1060,9 @@ public class BKUGUIImpl implements BKUGUIFacade { @Override public char[] getPin() { if (pinField != null) { - return pinField.getPassword(); + char[] pin = pinField.getPassword(); + pinField = null; + return pin; } return null; } diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/PinDocument.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/PinDocument.java index 2054ae86..87b636f0 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/PinDocument.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/PinDocument.java @@ -22,6 +22,7 @@ import java.util.regex.Pattern; import javax.swing.JButton; import javax.swing.text.AttributeSet; import javax.swing.text.BadLocationException; +import javax.swing.text.Document; import javax.swing.text.PlainDocument; /** @@ -30,9 +31,10 @@ import javax.swing.text.PlainDocument; */ class PINDocument extends PlainDocument { - private PINSpec pinSpec; - private Pattern pinPattern; - private JButton enterButton; + protected PINSpec pinSpec; + protected Pattern pinPattern; + protected JButton enterButton; + protected Document compareTo; public PINDocument(PINSpec pinSpec, JButton enterButton) { this.pinSpec = pinSpec; @@ -44,6 +46,11 @@ class PINDocument extends PlainDocument { this.enterButton = enterButton; } + public PINDocument(PINSpec pinSpec, JButton enterButton, Document compareTo) { + this(pinSpec, enterButton); + this.compareTo = compareTo; + } + @Override public void insertString(int offs, String str, AttributeSet a) throws BadLocationException { if (pinSpec.getMaxLength() < 0 || pinSpec.getMaxLength() >= (getLength() + str.length())) { @@ -58,12 +65,23 @@ class PINDocument extends PlainDocument { super.insertString(offs, str, a); } } - enterButton.setEnabled(getLength() >= pinSpec.getMinLength()); + if (enterButton != null) { + enterButton.setEnabled(getLength() >= pinSpec.getMinLength() && compare()); + } } @Override public void remove(int offs, int len) throws BadLocationException { super.remove(offs, len); - enterButton.setEnabled(getLength() >= pinSpec.getMinLength()); + if (enterButton != null) { + enterButton.setEnabled(getLength() >= pinSpec.getMinLength() && compare()); + } + } + + private boolean compare() throws BadLocationException { + if (compareTo == null) { + return true; + } + return compareTo.getText(0, compareTo.getLength()).equals(getText(0, getLength())); } } \ No newline at end of file diff --git a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties index 8436a730..1e0bc9f5 100644 --- a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties +++ b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties @@ -20,7 +20,7 @@ title.cardnotsupported=Die Karte wird nicht unterst\u00FCtzt title.cardpin=Karte wird gelesen title.sign=Signatur erstellen title.error=Fehler -title.retry=Falscher PIN +title.retry=Falsche PIN title.wait=Bitte warten title.hashdata=Signaturdaten windowtitle.save=Signaturdaten speichern @@ -84,7 +84,7 @@ help.cardnotsupported=Nicht unterst\u00FCtzte B\u00FCrgerkarte help.insertcard=Keine B\u00FCrgerkarte im Kartenleser help.cardpin=Pineingabe help.signpin=Signatur-Pineingabe -help.retry=Falscher Pin +help.retry=Falsche Pin help.hashdata=Signierte Inhalte help.hashdatalist=Signierte Inhalte help.hashdataviewer=Anzeige signierter Inhalte \ No newline at end of file diff --git a/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java b/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java index 73aaab46..08ecaa7f 100644 --- a/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java +++ b/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java @@ -46,7 +46,7 @@ public class BKUGUIWorker implements Runnable { public void run() { // try { - final PINSpec signPinSpec = new PINSpec(6, 10, "[0-9]", "Signatur-PIN"); + final PINSpec signPinSpec = new PINSpec(6, 10, "[0-9]", "Signatur-PIN", (byte) 0x81, null); final ActionListener cancelListener = new ActionListener() { diff --git a/STALExt/src/main/java/at/gv/egiz/stal/ext/ActivatePINRequest.java b/STALExt/src/main/java/at/gv/egiz/stal/ext/ActivatePINRequest.java deleted file mode 100644 index f2039388..00000000 --- a/STALExt/src/main/java/at/gv/egiz/stal/ext/ActivatePINRequest.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package at.gv.egiz.stal.ext; - -import at.gv.egiz.stal.STALRequest; - -/** - * - * @author Clemens Orthacker - */ -public class ActivatePINRequest extends STALRequest { - -} diff --git a/STALExt/src/main/java/at/gv/egiz/stal/ext/ChangePINRequest.java b/STALExt/src/main/java/at/gv/egiz/stal/ext/ChangePINRequest.java deleted file mode 100644 index ea508146..00000000 --- a/STALExt/src/main/java/at/gv/egiz/stal/ext/ChangePINRequest.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package at.gv.egiz.stal.ext; - -import at.gv.egiz.stal.STALRequest; - -/** - * - * @author Clemens Orthacker - */ -public class ChangePINRequest extends STALRequest { - -} diff --git a/STALExt/src/main/java/at/gv/egiz/stal/ext/PINManagementRequest.java b/STALExt/src/main/java/at/gv/egiz/stal/ext/PINManagementRequest.java new file mode 100644 index 00000000..87c53e24 --- /dev/null +++ b/STALExt/src/main/java/at/gv/egiz/stal/ext/PINManagementRequest.java @@ -0,0 +1,31 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.stal.ext; + +import at.gv.egiz.stal.STALRequest; + +/** + * Dummy STAL request to trigger PIN Management. (no proper STAL requests + * for PIN activation, unblocking) + * + * + * @author Clemens Orthacker + */ +public class PINManagementRequest extends STALRequest { + +} diff --git a/STALExt/src/main/java/at/gv/egiz/stal/ext/PINManagementResponse.java b/STALExt/src/main/java/at/gv/egiz/stal/ext/PINManagementResponse.java new file mode 100644 index 00000000..b8b90604 --- /dev/null +++ b/STALExt/src/main/java/at/gv/egiz/stal/ext/PINManagementResponse.java @@ -0,0 +1,28 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.stal.ext; + +import at.gv.egiz.stal.STALResponse; + +/** + * + * @author Clemens Orthacker + */ +public class PINManagementResponse extends STALResponse { + +} diff --git a/STALExt/src/main/java/at/gv/egiz/stal/ext/UnblockPINRequest.java b/STALExt/src/main/java/at/gv/egiz/stal/ext/UnblockPINRequest.java deleted file mode 100644 index 543de31c..00000000 --- a/STALExt/src/main/java/at/gv/egiz/stal/ext/UnblockPINRequest.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package at.gv.egiz.stal.ext; - -import at.gv.egiz.stal.STALRequest; - -/** - * - * @author Clemens Orthacker - */ -public class UnblockPINRequest extends STALRequest { - -} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java index ae4918ce..b64306aa 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java @@ -14,98 +14,105 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package at.gv.egiz.bku.slcommands.impl.xsect; - -import iaik.xml.crypto.dom.DOMCryptoContext; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.SequenceInputStream; -import java.io.StringWriter; -import java.io.UnsupportedEncodingException; -import java.net.URISyntaxException; -import java.nio.charset.Charset; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; +package at.gv.egiz.bku.slcommands.impl.xsect; + +import iaik.xml.crypto.dom.DOMCryptoContext; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.SequenceInputStream; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.net.URISyntaxException; +import java.nio.charset.Charset; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.xml.crypto.MarshalException; -import javax.xml.crypto.dom.DOMStructure; -import javax.xml.crypto.dsig.CanonicalizationMethod; -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.Reference; -import javax.xml.crypto.dsig.Transform; -import javax.xml.crypto.dsig.XMLObject; -import javax.xml.crypto.dsig.spec.TransformParameterSpec; -import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec; -import javax.xml.crypto.dsig.spec.XPathType; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.w3c.dom.DOMConfiguration; -import org.w3c.dom.DOMException; -import org.w3c.dom.Document; -import org.w3c.dom.DocumentFragment; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.Text; -import org.w3c.dom.bootstrap.DOMImplementationRegistry; -import org.w3c.dom.ls.DOMImplementationLS; -import org.w3c.dom.ls.LSException; -import org.w3c.dom.ls.LSInput; -import org.w3c.dom.ls.LSOutput; -import org.w3c.dom.ls.LSParser; -import org.w3c.dom.ls.LSSerializer; - -import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefOptRefContentType; -import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; -import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType; -import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType; -import at.gv.egiz.bku.binding.HttpUtil; -import at.gv.egiz.bku.slexceptions.SLCommandException; -import at.gv.egiz.bku.slexceptions.SLRequestException; -import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dom.DOMStructure; +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.Reference; +import javax.xml.crypto.dsig.Transform; +import javax.xml.crypto.dsig.XMLObject; +import javax.xml.crypto.dsig.spec.TransformParameterSpec; +import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec; +import javax.xml.crypto.dsig.spec.XPathType; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3._2000._09.xmldsig_.TransformType; +import org.w3._2000._09.xmldsig_.TransformsType; +import org.w3c.dom.DOMConfiguration; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.DocumentFragment; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.Text; +import org.w3c.dom.bootstrap.DOMImplementationRegistry; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSException; +import org.w3c.dom.ls.LSInput; +import org.w3c.dom.ls.LSOutput; +import org.w3c.dom.ls.LSParser; +import org.w3c.dom.ls.LSSerializer; + +import at.buergerkarte.namespaces.securitylayer._1.Base64XMLLocRefOptRefContentType; +import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; +import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType; +import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLRequestException; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.bku.utils.urldereferencer.StreamData; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; +import at.gv.egiz.bku.utils.urldereferencer.StreamData; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; import at.gv.egiz.bku.viewer.ValidationException; import at.gv.egiz.bku.viewer.Validator; import at.gv.egiz.bku.viewer.ValidatorFactory; -import at.gv.egiz.dom.DOMUtils; -import at.gv.egiz.slbinding.impl.XMLContentType; - -/** - * This class represents a DataObject of an XML-Signature - * created by the security layer command CreateXMLSignature. - * - * @author mcentner - */ -public class DataObject { - - /** - * Logging facility. - */ - private static Log log = LogFactory.getLog(DataObject.class); - - /** - * DOM Implementation. - */ - private static final String DOM_LS_3_0 = "LS 3.0"; - - /** - * The array of the default preferred MIME type order. - */ - private static final String[] DEFAULT_PREFFERED_MIME_TYPES = - new String[] { +import at.gv.egiz.dom.DOMUtils; +import at.gv.egiz.marshal.NamespacePrefix; +import at.gv.egiz.marshal.NamespacePrefixMapperImpl; +import at.gv.egiz.slbinding.impl.XMLContentType; +import javax.xml.namespace.NamespaceContext; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +/** + * This class represents a DataObject of an XML-Signature + * created by the security layer command CreateXMLSignature. + * + * @author mcentner + */ +public class DataObject { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(DataObject.class); + + /** + * DOM Implementation. + */ + private static final String DOM_LS_3_0 = "LS 3.0"; + + /** + * The array of the default preferred MIME type order. + */ + private static final String[] DEFAULT_PREFFERED_MIME_TYPES = + new String[] { "text/plain", - "application/xhtml+xml" + "application/xhtml+xml" }; /** @@ -149,87 +156,87 @@ public class DataObject { validMimeTypes = mediaTypes; } - /** - * The DOM implementation used. - */ - private DOMImplementationLS domImplLS; - - /** - * The signature context. - */ - private SignatureContext ctx; - - /** - * The Reference for this DataObject. - */ - private XSECTReference reference; - - /** - * The XMLObject for this DataObject. - */ - private XMLObject xmlObject; - - /** - * The MIME-Type of the digest input. - */ - private String mimeType; - - /** - * An optional description of the digest input. - */ - private String description; - - /** - * Creates a new instance. - * - * @param document the document of the target signature - */ - public DataObject(SignatureContext signatureContext) { - this.ctx = signatureContext; - - DOMImplementationRegistry registry; - try { - registry = DOMImplementationRegistry.newInstance(); - } catch (Exception e) { - log.error("Failed to get DOMImplementationRegistry.", e); - throw new SLRuntimeException("Failed to get DOMImplementationRegistry."); - } - - domImplLS = (DOMImplementationLS) registry.getDOMImplementation(DOM_LS_3_0); - if (domImplLS == null) { - log.error("Failed to get DOMImplementation " + DOM_LS_3_0); - throw new SLRuntimeException("Failed to get DOMImplementation " + DOM_LS_3_0); - } - - } - - /** - * @return the reference - */ - public Reference getReference() { - return reference; - } - - /** - * @return the xmlObject - */ - public XMLObject getXmlObject() { - return xmlObject; - } - - /** - * @return the mimeType - */ - public String getMimeType() { - return mimeType; - } - - /** - * @return the description - */ - public String getDescription() { - return description; - } + /** + * The DOM implementation used. + */ + private DOMImplementationLS domImplLS; + + /** + * The signature context. + */ + private SignatureContext ctx; + + /** + * The Reference for this DataObject. + */ + private XSECTReference reference; + + /** + * The XMLObject for this DataObject. + */ + private XMLObject xmlObject; + + /** + * The MIME-Type of the digest input. + */ + private String mimeType; + + /** + * An optional description of the digest input. + */ + private String description; + + /** + * Creates a new instance. + * + * @param document the document of the target signature + */ + public DataObject(SignatureContext signatureContext) { + this.ctx = signatureContext; + + DOMImplementationRegistry registry; + try { + registry = DOMImplementationRegistry.newInstance(); + } catch (Exception e) { + log.error("Failed to get DOMImplementationRegistry.", e); + throw new SLRuntimeException("Failed to get DOMImplementationRegistry."); + } + + domImplLS = (DOMImplementationLS) registry.getDOMImplementation(DOM_LS_3_0); + if (domImplLS == null) { + log.error("Failed to get DOMImplementation " + DOM_LS_3_0); + throw new SLRuntimeException("Failed to get DOMImplementation " + DOM_LS_3_0); + } + + } + + /** + * @return the reference + */ + public Reference getReference() { + return reference; + } + + /** + * @return the xmlObject + */ + public XMLObject getXmlObject() { + return xmlObject; + } + + /** + * @return the mimeType + */ + public String getMimeType() { + return mimeType; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } public void validateHashDataInput() throws SLViewerException { @@ -293,823 +300,920 @@ public class DataObject { } } - - /** - * Configures this DataObject with the information provided within the given - * sl:DataObjectInfo. - * - * @param dataObjectInfo - * the sl:DataObjectInfo - * - * @throws SLCommandException - * if configuring this DataObject with the information provided in - * the sl:DataObjectInfo fails. - * @throws SLRequestException - * if the information provided in the sl:DataObjectInfo - * does not conform to the security layer specification. - * @throws NullPointerException - * if dataObjectInfo is null - */ - public void setDataObjectInfo(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException { - - Base64XMLLocRefOptRefContentType dataObject = dataObjectInfo.getDataObject(); - String structure = dataObjectInfo.getStructure(); - - // select and unmarshal an appropriate transformation path if provided - // and set the final data meta information - XSECTTransforms transforms = createTransformsAndSetFinalDataMetaInfo(dataObjectInfo.getTransformsInfo()); - - if ("enveloping".equals(structure)) { - - // configure this DataObject as an enveloped DataObject - setEnvelopedDataObject(dataObject, transforms); - - } else if ("detached".equals(structure)) { - - // configure this DataObject as an detached DataObject - setDetachedDataObject(dataObject, transforms); - - } - // other values are not allowed by the schema and are therefore ignored - - } - - /** - * Configures this DataObject as an enveloped DataObject with the information - * provided within the given sl:DataObject. - * - * @param dataObject - * the sl:DataObject - * @param transforms - * an optional Transforms element (may be - * null) - * - * @throws SLCommandException - * if configuring this DataObject with the information provided in - * the sl:DataObject fails. - * @throws SLRequestException - * if the information provided in the sl:DataObject - * does not conform to the security layer specification. - * @throws NullPointerException - * if dataObject is null - */ - private void setEnvelopedDataObject( - Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms) - throws SLCommandException, SLRequestException { - - String reference = dataObject.getReference(); - if (reference == null) { - // - // case A - // - // The Reference attribute is not used; the content of sl:DataObject represents the data object. - // If the data object is XML-coded (the sl:XMLContent element is used in sl:DataObject), then it - // must be incorporated in the signature structure as parsed XML. - // - - if (dataObject.getBase64Content() != null) { - - log.debug("Adding DataObject (Base64Content) without a reference URI."); - - // create XMLObject - XMLObject xmlObject = createXMLObject(new ByteArrayInputStream(dataObject.getBase64Content())); - - setXMLObjectAndReferenceBase64(xmlObject, transforms); - - } else if (dataObject.getXMLContent() != null) { - - log.debug("Adding DataObject (XMLContent) without a reference URI."); - - // create XMLObject - DocumentFragment content = parseDataObject((XMLContentType) dataObject.getXMLContent()); - XMLObject xmlObject = createXMLObject(content); - - setXMLObjectAndReferenceXML(xmlObject, transforms); - - } else if (dataObject.getLocRefContent() != null) { - - log.debug("Adding DataObject (LocRefContent) without a reference URI."); - - setEnvelopedDataObject(dataObject.getLocRefContent(), transforms); - - } else { - - // not allowed - log.info("XML structure of the command request contains an " + - "invalid combination of optional elements or attributes. " + - "DataObject of structure='enveloped' without a reference must contain content."); - throw new SLRequestException(3003); - - } - - } else { - - if (dataObject.getBase64Content() == null && - dataObject.getXMLContent() == null && - dataObject.getLocRefContent() == null) { - - // - // case B - // - // The Reference attribute contains a URI that must be resolved by the - // Citizen Card Environment to obtain the data object. - // The content of sl:DataObject remains empty - // - - log.debug("Adding DataObject from reference URI '" + reference + "'."); - - setEnvelopedDataObject(reference, transforms); - - } else { - - // not allowed - log.info("XML structure of the command request contains an " + - "invalid combination of optional elements or attributes. " + - "DataObject of structure='enveloped' with reference must not contain content."); - throw new SLRequestException(3003); - - } - - - } - - } - - /** - * Configures this DataObject as an enveloped DataObject with the content to - * be dereferenced from the given reference. - * - * @param reference - * the reference URI - * @param transforms - * an optional Transforms element (may be - * null) - * - * @throws SLCommandException - * if dereferencing the given reference fails, or if - * configuring this DataObject with the data dereferenced from the - * given reference fails. - * @throws NullPointerException - * if reference is null - */ - private void setEnvelopedDataObject(String reference, XSECTTransforms transforms) throws SLCommandException { - - if (reference == null) { - throw new NullPointerException("Argument 'reference' must not be null."); - } - - // dereference URL - URLDereferencer dereferencer = URLDereferencer.getInstance(); - - StreamData streamData; - try { - streamData = dereferencer.dereference(reference, ctx.getDereferencerContext()); - } catch (IOException e) { - log.info("Failed to dereference XMLObject from '" + reference + "'.", e); - throw new SLCommandException(4110); - } - - Node childNode; - - String contentType = streamData.getContentType(); - if (contentType.startsWith("text/xml")) { - - // If content type is text/xml parse content. - String charset = HttpUtil.getCharset(contentType, true); - - Document doc = parseDataObject(streamData.getStream(), charset); - - childNode = doc.getDocumentElement(); - - if (childNode == null) { - log.info("Failed to parse XMLObject from '" + reference + "'."); - throw new SLCommandException(4111); - } - - XMLObject xmlObject = createXMLObject(childNode); - - setXMLObjectAndReferenceXML(xmlObject, transforms); - - } else { - - // Include content Base64 encoded. - XMLObject xmlObject = createXMLObject(streamData.getStream()); - - setXMLObjectAndReferenceBase64(xmlObject, transforms); - - } - - } - - /** - * Configures this DataObject as an detached DataObject with the information - * provided in the given sl:DataObject and optionally - * transforms. - * - * @param dataObject - * the sl:DataObject - * @param transforms - * an optional Transforms object, may be null - * - * @throws SLCommandException - * if configuring this DataObject with the information provided in - * the sl:DataObject fails. - * @throws SLRequestException - * if the information provided in the sl:DataObject - * does not conform to the security layer specification. - * @throws NullPointerException - * if dataObject is null - */ - private void setDetachedDataObject( - Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms) - throws SLCommandException, SLRequestException { - - String referenceURI = dataObject.getReference(); - - if (referenceURI == null) { - - // not allowed - log.info("XML structure of the command request contains an " + - "invalid combination of optional elements or attributes. " + - "DataObject of structure='detached' must contain a reference."); - throw new SLRequestException(3003); - - } else { - - DigestMethod dm; - try { - dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } - - String idValue = ctx.getIdValueFactory().createIdValue("Reference"); - - reference = new XSECTReference(referenceURI, dm, transforms, null, idValue); - - // case D: - // - // The Reference attribute contains a URI that is used by the Citizen Card - // Environment to code the reference to the data object as part of the XML - // signature (attribute URI in the dsig:Reference) element. The content of - // sl:DataObject represents the data object. - - if (dataObject.getLocRefContent() != null) { - String locRef = dataObject.getLocRefContent(); - try { - this.reference.setDereferencer(new LocRefDereferencer(ctx.getDereferencerContext(), locRef)); - } catch (URISyntaxException e) { - log.info("Invalid URI '" + locRef + "' in DataObject.", e); - throw new SLCommandException(4003); - } catch (IllegalArgumentException e) { - log.info("LocRef URI of '" + locRef + "' not supported in DataObject. ", e); - throw new SLCommandException(4003); - } - } else if (dataObject.getBase64Content() != null) { - byte[] base64Content = dataObject.getBase64Content(); - this.reference.setDereferencer(new ByteArrayDereferencer(base64Content)); - } else if (dataObject.getXMLContent() != null) { - XMLContentType xmlContent = (XMLContentType) dataObject.getXMLContent(); - byte[] bytes = xmlContent.getRedirectedStream().toByteArray(); - this.reference.setDereferencer(new ByteArrayDereferencer(bytes)); - } else { - - // case C: - // - // The Reference attribute contains a URI that must be resolved by the - // Citizen Card Environment to obtain the data object. The Reference - // attribute contains a URI that is used by the Citizen Card Environment - // to code the reference to the data object as part of the XML signature - // (attribute URI in the dsig:Reference) element. The content of - // sl:DataObject remains empty. - - } - - } - } - - /** - * Returns the preferred sl:TransformInfo from the given list of - * transformInfos, or null if none of the given - * transformInfos is preferred over the others. - * - * @param transformsInfos - * a list of sl:TransformInfos - * - * @return the selected sl:TransformInfo or null, if - * none is preferred over the others - */ - private TransformsInfoType selectPreferredTransformsInfo(List transformsInfos) { - - Map mimeTypes = new HashMap(); - - StringBuilder debugString = null; - if (log.isDebugEnabled()) { - debugString = new StringBuilder(); - debugString.append("Got " + transformsInfos.size() + " TransformsInfo(s):"); - } - - for (TransformsInfoType transformsInfoType : transformsInfos) { - MetaInfoType finalDataMetaInfo = transformsInfoType.getFinalDataMetaInfo(); - String mimeType = finalDataMetaInfo.getMimeType(); - String description = finalDataMetaInfo.getDescription(); - mimeTypes.put(mimeType, transformsInfoType); - if (debugString != null) { - debugString.append("\n FinalDataMetaInfo: MIME-Type="); - debugString.append(mimeType); - if (description != null) { - debugString.append(" "); - debugString.append(description); - } - } - } - - if (debugString != null) { - log.debug(debugString); - } - - // look for preferred transform - for (String mimeType : DEFAULT_PREFFERED_MIME_TYPES) { - if (mimeTypes.containsKey(mimeType)) { - return mimeTypes.get(mimeType); - } - } - - // no preferred transform - return null; - - } - - /** - * Create an instance of ds:Transforms from the given - * sl:TransformsInfo. - * - * @param transformsInfo - * the sl:TransformsInfo - * - * @return a corresponding unmarshalled ds:Transforms, or - * null if the given sl:TransformsInfo does - * not contain a dsig:Transforms element - * - * @throws SLRequestException - * if the ds:Transforms in the given - * transformsInfo are not valid or cannot be parsed. - * - * @throws MarshalException - * if the ds:Transforms in the given - * transformsInfo cannot be unmarshalled. - */ - private XSECTTransforms createTransforms(TransformsInfoType transformsInfo) throws SLRequestException, MarshalException { - - ByteArrayOutputStream redirectedStream = ((at.gv.egiz.slbinding.impl.TransformsInfoType) transformsInfo).getRedirectedStream(); - byte[] transformBytes = (redirectedStream != null) ? redirectedStream.toByteArray() : null; - - if (transformBytes != null && transformBytes.length > 0) { - - // debug - if (log.isTraceEnabled()) { - StringBuilder sb = new StringBuilder(); - sb.append("Trying to parse transforms:\n"); - sb.append(new String(transformBytes, Charset.forName("UTF-8"))); - log.trace(sb); - } - - DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); - LSInput input = domImplLS.createLSInput(); - input.setByteStream(new ByteArrayInputStream(transformBytes)); - - LSParser parser = domImplLS.createLSParser( - DOMImplementationLS.MODE_SYNCHRONOUS, null); - DOMConfiguration domConfig = parser.getDomConfig(); - SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); - domConfig.setParameter("error-handler", errorHandler); - domConfig.setParameter("validate", Boolean.FALSE); - - Document document; - try { - document = parser.parse(input); - } catch (DOMException e) { - log.info("Failed to parse dsig:Transforms.", e); - throw new SLRequestException(3002); - } catch (LSException e) { - log.info("Failed to parse dsig:Transforms.", e); - throw new SLRequestException(3002); - } - - // adopt ds:Transforms - Element documentElement = document.getDocumentElement(); - Node adoptedTransforms = ctx.getDocument().adoptNode(documentElement); - - DOMCryptoContext context = new DOMCryptoContext(); - - // unmarshall ds:Transforms - return new XSECTTransforms(context, adoptedTransforms); - - } else { - return null; - } - - } - - /** - * Sets the mimeType and the description value - * for this DataObject. - * - * @param metaInfoType the sl:FinalMetaDataInfo - * - * @throws NullPointerException if metaInfoType is null - */ - private void setFinalDataMetaInfo(MetaInfoType metaInfoType) { - - this.mimeType = metaInfoType.getMimeType(); - this.description = metaInfoType.getDescription(); - - } - - /** - * Selects an appropriate transformation path (if present) from the given list - * of sl:TransformInfos, sets the corresponding final data meta info and - * returns the corresponding unmarshalled ds:Transforms. - * - * @param transformsInfos the sl:TransformInfos - * - * @return the unmarshalled ds:Transforms, or null if - * no transformation path has been selected. - * - * @throws SLRequestException if the given list ds:TransformsInfo contains - * an invalid ds:Transforms element, or no suitable transformation path - * can be found. - */ - private XSECTTransforms createTransformsAndSetFinalDataMetaInfo( - List transformsInfos) throws SLRequestException { - - TransformsInfoType preferredTransformsInfo = selectPreferredTransformsInfo(transformsInfos); - // try preferred transform - if (preferredTransformsInfo != null) { - - try { - XSECTTransforms transforms = createTransforms(preferredTransformsInfo); - setFinalDataMetaInfo(preferredTransformsInfo.getFinalDataMetaInfo()); - return transforms; - } catch (MarshalException e) { - - String mimeType = preferredTransformsInfo.getFinalDataMetaInfo().getMimeType(); - log.info("Failed to unmarshal preferred transformation path (MIME-Type=" - + mimeType + ").", e); - - } - - } - - // look for another suitable transformation path - for (TransformsInfoType transformsInfoType : transformsInfos) { - - try { - XSECTTransforms transforms = createTransforms(transformsInfoType); - setFinalDataMetaInfo(transformsInfoType.getFinalDataMetaInfo()); - return transforms; - } catch (MarshalException e) { - - String mimeType = transformsInfoType.getFinalDataMetaInfo().getMimeType(); - log.info("Failed to unmarshal transformation path (MIME-Type=" - + mimeType + ").", e); - } - - } - - // no suitable transformation path found - throw new SLRequestException(3003); - - } - - /** - * Create an XMLObject with the Base64 encoding of the given - * content. - * - * @param content - * the to-be Base64 encoded content - * @return an XMLObject with the Base64 encoded content - */ - private XMLObject createXMLObject(InputStream content) { - - Text textNode; - try { - textNode = at.gv.egiz.dom.DOMUtils.createBase64Text(content, ctx.getDocument()); - } catch (IOException e) { - log.error(e); - throw new SLRuntimeException(e); - } - - DOMStructure structure = new DOMStructure(textNode); - - String idValue = ctx.getIdValueFactory().createIdValue("Object"); - - return ctx.getSignatureFactory().newXMLObject(Collections.singletonList(structure), idValue, null, null); - - } - - /** - * Create an XMLObject with the given content node. - * - * @param content the content node - * - * @return an XMLObject with the given content - */ - private XMLObject createXMLObject(Node content) { - - String idValue = ctx.getIdValueFactory().createIdValue("Object"); - - List structures = Collections.singletonList(new DOMStructure(content)); - - return ctx.getSignatureFactory().newXMLObject(structures, idValue, null, null); - - } - - /** - * Sets the given xmlObject and creates and sets a corresponding - * Reference. - *

- * A transform to Base64-decode the xmlObject's content is inserted at the top - * of to the optional transforms if given, or to a newly created - * Transforms element if transforms is - * null. - * - * @param xmlObject - * the XMLObject - * @param transforms - * an optional Transforms element (may be - * null) - * - * @throws SLCommandException - * if creating the Reference fails - * @throws NullPointerException - * if xmlObject is null - */ - private void setXMLObjectAndReferenceBase64(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException { - - // create reference URI - // - // NOTE: the ds:Object can be referenced directly, as the Base64 transform - // operates on the text() of the input nodelist. - // - String referenceURI = "#" + xmlObject.getId(); - - // create Base64 Transform - Transform transform; - try { - transform = ctx.getSignatureFactory().newTransform(Transform.BASE64, (TransformParameterSpec) null); - } catch (NoSuchAlgorithmException e) { - // algorithm must be present - throw new SLRuntimeException(e); - } catch (InvalidAlgorithmParameterException e) { - // algorithm does not take parameters - throw new SLRuntimeException(e); - } - - if (transforms == null) { - transforms = new XSECTTransforms(Collections.singletonList(transform)); - } else { - transforms.insertTransform(transform); - } - - DigestMethod dm; - try { - dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } - String id = ctx.getIdValueFactory().createIdValue("Reference"); - - this.xmlObject = xmlObject; - this.reference = new XSECTReference(referenceURI, dm, transforms, null, id); - - } - - /** - * Sets the given xmlObject and creates and sets a corresponding - * Reference. - *

- * A transform to select the xmlObject's content is inserted at the top of to - * the optional transforms if given, or to a newly created - * Transforms element if transforms is - * null. - *

- * - * @param xmlObject - * the XMLObject - * @param transforms - * an optional Transforms element (may be - * null) - * - * @throws SLCommandException - * if creating the Reference fails - * @throws NullPointerException - * if xmlObject is null - */ - private void setXMLObjectAndReferenceXML(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException { - - // create reference URI - String referenceURI = "#" + xmlObject.getId(); - - // create Transform to select ds:Object's children - Transform xpathTransform; - Transform c14nTransform; - try { - - XPathType xpath = new XPathType("id(\"" + xmlObject.getId() + "\")/node()", XPathType.Filter.INTERSECT); - List xpaths = Collections.singletonList(xpath); - XPathFilter2ParameterSpec params = new XPathFilter2ParameterSpec(xpaths); - - xpathTransform = ctx.getSignatureFactory().newTransform(Transform.XPATH2, params); - - // add exclusive canonicalization to avoid signing the namespace context of the ds:Object - c14nTransform = ctx.getSignatureFactory().newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); - - } catch (NoSuchAlgorithmException e) { - // algorithm must be present - throw new SLRuntimeException(e); - } catch (InvalidAlgorithmParameterException e) { - // params must be appropriate - throw new SLRuntimeException(e); - } - - if (transforms == null) { - List newTransfroms = new ArrayList(); - newTransfroms.add(xpathTransform); - newTransfroms.add(c14nTransform); - transforms = new XSECTTransforms(newTransfroms); - } else { - transforms.insertTransform(xpathTransform); - } - - DigestMethod dm; - try { - dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } catch (InvalidAlgorithmParameterException e) { - log.error("Failed to get DigestMethod.", e); - throw new SLCommandException(4006); - } - String id = ctx.getIdValueFactory().createIdValue("Reference"); - - this.xmlObject = xmlObject; - this.reference = new XSECTReference(referenceURI, dm, transforms, null, id); - - } - - /** - * Parses the given xmlContent and returns a corresponding - * document fragment. - * - *

- * The to-be parsed content is surrounded by ... elements to - * allow for mixed (e.g. Text and Element) content in XMLContent. - *

- * - * @param xmlContent - * the XMLContent to-be parsed - * - * @return a document fragment containing the parsed nodes - * - * @throws SLCommandException - * if parsing the given xmlContent fails - * - * @throws NullPointerException - * if xmlContent is null - */ - private DocumentFragment parseDataObject(XMLContentType xmlContent) throws SLCommandException { - - ByteArrayOutputStream redirectedStream = xmlContent.getRedirectedStream(); - - // Note: We can assume a fixed character encoding of UTF-8 for the - // content of the redirect stream as the content has already been parsed - // and serialized again to the redirect stream. - - List inputStreams = new ArrayList(); - try { - // dummy start element - inputStreams.add(new ByteArrayInputStream("".getBytes("UTF-8"))); - - // content - inputStreams.add(new ByteArrayInputStream(redirectedStream.toByteArray())); - - // dummy end element - inputStreams.add(new ByteArrayInputStream("".getBytes("UTF-8"))); - } catch (UnsupportedEncodingException e) { - throw new SLRuntimeException(e); - } - - SequenceInputStream inputStream = new SequenceInputStream(Collections.enumeration(inputStreams)); - - // parse DataObject - Document doc = parseDataObject(inputStream, "UTF-8"); - - Element documentElement = doc.getDocumentElement(); - - if (documentElement == null || - !"dummy".equals(documentElement.getLocalName())) { - log.info("Failed to parse DataObject XMLContent."); - throw new SLCommandException(4111); - } - - DocumentFragment fragment = doc.createDocumentFragment(); - while (documentElement.getFirstChild() != null) { - fragment.appendChild(documentElement.getFirstChild()); - } - - // log parsed document - if (log.isTraceEnabled()) { - - StringWriter writer = new StringWriter(); - - writer.write("DataObject:\n"); - - LSOutput output = domImplLS.createLSOutput(); - output.setCharacterStream(writer); - output.setEncoding("UTF-8"); - LSSerializer serializer = domImplLS.createLSSerializer(); - serializer.getDomConfig().setParameter("xml-declaration", Boolean.FALSE); - serializer.write(fragment, output); - - log.trace(writer.toString()); - } - - return fragment; - - } - - /** - * Parses the given inputStream using the given - * encoding and returns the parsed document. - * - * @param inputStream - * the to-be parsed input - * - * @param encoding - * the encoding to be used for parsing the given - * inputStream - * - * @return the parsed document - * - * @throws SLCommandException - * if parsing the inputStream fails. - * - * @throws NullPointerException - * if inputStram is null - */ - private Document parseDataObject(InputStream inputStream, String encoding) throws SLCommandException { - - LSInput input = domImplLS.createLSInput(); - input.setByteStream(inputStream); - - if (encoding != null) { - input.setEncoding(encoding); - } - - LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null); - DOMConfiguration domConfig = parser.getDomConfig(); - SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); - domConfig.setParameter("error-handler", errorHandler); - domConfig.setParameter("validate", Boolean.FALSE); - - Document doc; - try { - doc = parser.parse(input); - } catch (DOMException e) { - log.info("Existing XML document cannot be parsed.", e); - throw new SLCommandException(4111); - } catch (LSException e) { - log.info("Existing XML document cannot be parsed. ", e); - throw new SLCommandException(4111); - } - - if (errorHandler.hasErrors()) { - // log errors - if (log.isInfoEnabled()) { - List errorMessages = errorHandler.getErrorMessages(); - StringBuffer sb = new StringBuffer(); - for (String errorMessage : errorMessages) { - sb.append(" "); - sb.append(errorMessage); - } - log.info("Existing XML document cannot be parsed. " + sb.toString()); - } - throw new SLCommandException(4111); - } - - return doc; - - } - - -} + + /** + * Configures this DataObject with the information provided within the given + * sl:DataObjectInfo. + * + * @param dataObjectInfo + * the sl:DataObjectInfo + * + * @throws SLCommandException + * if configuring this DataObject with the information provided in + * the sl:DataObjectInfo fails. + * @throws SLRequestException + * if the information provided in the sl:DataObjectInfo + * does not conform to the security layer specification. + * @throws NullPointerException + * if dataObjectInfo is null + */ + public void setDataObjectInfo(DataObjectInfoType dataObjectInfo) throws SLCommandException, SLRequestException { + + Base64XMLLocRefOptRefContentType dataObject = dataObjectInfo.getDataObject(); + String structure = dataObjectInfo.getStructure(); + + // select and unmarshal an appropriate transformation path if provided + // and set the final data meta information + XSECTTransforms transforms = createTransformsAndSetFinalDataMetaInfo(dataObjectInfo.getTransformsInfo()); + + if ("enveloping".equals(structure)) { + + // configure this DataObject as an enveloped DataObject + setEnvelopedDataObject(dataObject, transforms); + + } else if ("detached".equals(structure)) { + + // configure this DataObject as an detached DataObject + setDetachedDataObject(dataObject, transforms); + + } + // other values are not allowed by the schema and are therefore ignored + + } + + private byte[] getTransformsBytes(at.gv.egiz.slbinding.impl.TransformsInfoType ti) { + return ti.getRedirectedStream().toByteArray(); +// byte[] transformsBytes = ti.getRedirectedStream().toByteArray(); +// +// if (transformsBytes == null || transformsBytes.length == 0) { +// return null; +// } +// +// String dsigPrefix = ti.getNamespaceContext().getNamespaceURI("http://www.w3.org/2000/09/xmldsig#"); +// byte[] pre, post; +// if (dsigPrefix == null) { +// log.trace("XMLDSig not declared in outside dsig:Transforms"); +// pre = "".getBytes(); +// post = "".getBytes(); +// } else { +// log.trace("XMLDSig bound to prefix " + dsigPrefix); +// pre = ("").getBytes(); +// post = "".getBytes(); +// } +// +// byte[] workaround = new byte[pre.length + transformsBytes.length + post.length]; +// System.arraycopy(pre, 0, workaround, 0, pre.length); +// System.arraycopy(transformsBytes, 0, workaround, pre.length, transformsBytes.length); +// System.arraycopy(post, 0, workaround, pre.length + transformsBytes.length, post.length); +// return workaround; + } + + /** + * Configures this DataObject as an enveloped DataObject with the information + * provided within the given sl:DataObject. + * + * @param dataObject + * the sl:DataObject + * @param transforms + * an optional Transforms element (may be + * null) + * + * @throws SLCommandException + * if configuring this DataObject with the information provided in + * the sl:DataObject fails. + * @throws SLRequestException + * if the information provided in the sl:DataObject + * does not conform to the security layer specification. + * @throws NullPointerException + * if dataObject is null + */ + private void setEnvelopedDataObject( + Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms) + throws SLCommandException, SLRequestException { + + String reference = dataObject.getReference(); + if (reference == null) { + // + // case A + // + // The Reference attribute is not used; the content of sl:DataObject represents the data object. + // If the data object is XML-coded (the sl:XMLContent element is used in sl:DataObject), then it + // must be incorporated in the signature structure as parsed XML. + // + + if (dataObject.getBase64Content() != null) { + + log.debug("Adding DataObject (Base64Content) without a reference URI."); + + // create XMLObject + XMLObject xmlObject = createXMLObject(new ByteArrayInputStream(dataObject.getBase64Content())); + + setXMLObjectAndReferenceBase64(xmlObject, transforms); + + } else if (dataObject.getXMLContent() != null) { + + log.debug("Adding DataObject (XMLContent) without a reference URI."); + + // create XMLObject + DocumentFragment content = parseDataObject((XMLContentType) dataObject.getXMLContent()); + XMLObject xmlObject = createXMLObject(content); + + setXMLObjectAndReferenceXML(xmlObject, transforms); + + } else if (dataObject.getLocRefContent() != null) { + + log.debug("Adding DataObject (LocRefContent) without a reference URI."); + + setEnvelopedDataObject(dataObject.getLocRefContent(), transforms); + + } else { + + // not allowed + log.info("XML structure of the command request contains an " + + "invalid combination of optional elements or attributes. " + + "DataObject of structure='enveloped' without a reference must contain content."); + throw new SLRequestException(3003); + + } + + } else { + + if (dataObject.getBase64Content() == null && + dataObject.getXMLContent() == null && + dataObject.getLocRefContent() == null) { + + // + // case B + // + // The Reference attribute contains a URI that must be resolved by the + // Citizen Card Environment to obtain the data object. + // The content of sl:DataObject remains empty + // + + log.debug("Adding DataObject from reference URI '" + reference + "'."); + + setEnvelopedDataObject(reference, transforms); + + } else { + + // not allowed + log.info("XML structure of the command request contains an " + + "invalid combination of optional elements or attributes. " + + "DataObject of structure='enveloped' with reference must not contain content."); + throw new SLRequestException(3003); + + } + + + } + + } + + /** + * Configures this DataObject as an enveloped DataObject with the content to + * be dereferenced from the given reference. + * + * @param reference + * the reference URI + * @param transforms + * an optional Transforms element (may be + * null) + * + * @throws SLCommandException + * if dereferencing the given reference fails, or if + * configuring this DataObject with the data dereferenced from the + * given reference fails. + * @throws NullPointerException + * if reference is null + */ + private void setEnvelopedDataObject(String reference, XSECTTransforms transforms) throws SLCommandException { + + if (reference == null) { + throw new NullPointerException("Argument 'reference' must not be null."); + } + + // dereference URL + URLDereferencer dereferencer = URLDereferencer.getInstance(); + + StreamData streamData; + try { + streamData = dereferencer.dereference(reference, ctx.getDereferencerContext()); + } catch (IOException e) { + log.info("Failed to dereference XMLObject from '" + reference + "'.", e); + throw new SLCommandException(4110); + } + + Node childNode; + + String contentType = streamData.getContentType(); + if (contentType.startsWith("text/xml")) { + + // If content type is text/xml parse content. + String charset = HttpUtil.getCharset(contentType, true); + + Document doc = parseDataObject(streamData.getStream(), charset); + + childNode = doc.getDocumentElement(); + + if (childNode == null) { + log.info("Failed to parse XMLObject from '" + reference + "'."); + throw new SLCommandException(4111); + } + + XMLObject xmlObject = createXMLObject(childNode); + + setXMLObjectAndReferenceXML(xmlObject, transforms); + + } else { + + // Include content Base64 encoded. + XMLObject xmlObject = createXMLObject(streamData.getStream()); + + setXMLObjectAndReferenceBase64(xmlObject, transforms); + + } + + } + + /** + * Configures this DataObject as an detached DataObject with the information + * provided in the given sl:DataObject and optionally + * transforms. + * + * @param dataObject + * the sl:DataObject + * @param transforms + * an optional Transforms object, may be null + * + * @throws SLCommandException + * if configuring this DataObject with the information provided in + * the sl:DataObject fails. + * @throws SLRequestException + * if the information provided in the sl:DataObject + * does not conform to the security layer specification. + * @throws NullPointerException + * if dataObject is null + */ + private void setDetachedDataObject( + Base64XMLLocRefOptRefContentType dataObject, XSECTTransforms transforms) + throws SLCommandException, SLRequestException { + + String referenceURI = dataObject.getReference(); + + if (referenceURI == null) { + + // not allowed + log.info("XML structure of the command request contains an " + + "invalid combination of optional elements or attributes. " + + "DataObject of structure='detached' must contain a reference."); + throw new SLRequestException(3003); + + } else { + + DigestMethod dm; + try { + dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } catch (InvalidAlgorithmParameterException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } + + String idValue = ctx.getIdValueFactory().createIdValue("Reference"); + + reference = new XSECTReference(referenceURI, dm, transforms, null, idValue); + + // case D: + // + // The Reference attribute contains a URI that is used by the Citizen Card + // Environment to code the reference to the data object as part of the XML + // signature (attribute URI in the dsig:Reference) element. The content of + // sl:DataObject represents the data object. + + if (dataObject.getLocRefContent() != null) { + String locRef = dataObject.getLocRefContent(); + try { + this.reference.setDereferencer(new LocRefDereferencer(ctx.getDereferencerContext(), locRef)); + } catch (URISyntaxException e) { + log.info("Invalid URI '" + locRef + "' in DataObject.", e); + throw new SLCommandException(4003); + } catch (IllegalArgumentException e) { + log.info("LocRef URI of '" + locRef + "' not supported in DataObject. ", e); + throw new SLCommandException(4003); + } + } else if (dataObject.getBase64Content() != null) { + byte[] base64Content = dataObject.getBase64Content(); + this.reference.setDereferencer(new ByteArrayDereferencer(base64Content)); + } else if (dataObject.getXMLContent() != null) { + XMLContentType xmlContent = (XMLContentType) dataObject.getXMLContent(); + byte[] bytes = xmlContent.getRedirectedStream().toByteArray(); + this.reference.setDereferencer(new ByteArrayDereferencer(bytes)); + } else { + + // case C: + // + // The Reference attribute contains a URI that must be resolved by the + // Citizen Card Environment to obtain the data object. The Reference + // attribute contains a URI that is used by the Citizen Card Environment + // to code the reference to the data object as part of the XML signature + // (attribute URI in the dsig:Reference) element. The content of + // sl:DataObject remains empty. + + } + + } + } + + /** + * Returns the preferred sl:TransformInfo from the given list of + * transformInfos, or null if none of the given + * transformInfos is preferred over the others. + * + * @param transformsInfos + * a list of sl:TransformInfos + * + * @return the selected sl:TransformInfo or null, if + * none is preferred over the others + */ + private TransformsInfoType selectPreferredTransformsInfo(List transformsInfos) { + + Map mimeTypes = new HashMap(); + + StringBuilder debugString = null; + if (log.isDebugEnabled()) { + debugString = new StringBuilder(); + debugString.append("Got " + transformsInfos.size() + " TransformsInfo(s):"); + } + + for (TransformsInfoType transformsInfoType : transformsInfos) { + MetaInfoType finalDataMetaInfo = transformsInfoType.getFinalDataMetaInfo(); + String mimeType = finalDataMetaInfo.getMimeType(); + String description = finalDataMetaInfo.getDescription(); + mimeTypes.put(mimeType, transformsInfoType); + if (debugString != null) { + debugString.append("\n FinalDataMetaInfo: MIME-Type="); + debugString.append(mimeType); + if (description != null) { + debugString.append(" "); + debugString.append(description); + } + } + } + + if (debugString != null) { + log.debug(debugString); + } + + // look for preferred transform + for (String mimeType : DEFAULT_PREFFERED_MIME_TYPES) { + if (mimeTypes.containsKey(mimeType)) { + return mimeTypes.get(mimeType); + } + } + + // no preferred transform + return null; + + } + + /** + * Create an instance of ds:Transforms from the given + * sl:TransformsInfo. + * + * @param transformsInfo + * the sl:TransformsInfo + * + * @return a corresponding unmarshalled ds:Transforms, or + * null if the given sl:TransformsInfo does + * not contain a dsig:Transforms element + * + * @throws SLRequestException + * if the ds:Transforms in the given + * transformsInfo are not valid or cannot be parsed. + * + * @throws MarshalException + * if the ds:Transforms in the given + * transformsInfo cannot be unmarshalled. + */ + private XSECTTransforms createTransforms(TransformsInfoType transformsInfo) throws SLRequestException, MarshalException { + + byte[] transforms = getTransformsBytes((at.gv.egiz.slbinding.impl.TransformsInfoType) transformsInfo); + + if (transforms != null && transforms.length > 0) { + // debug + if (log.isTraceEnabled()) { + StringBuilder sb = new StringBuilder(); + sb.append("Trying to parse transforms:\n"); + sb.append(new String(transforms, Charset.forName("UTF-8"))); + log.trace(sb); + } + + DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); + LSInput input = domImplLS.createLSInput(); + input.setByteStream(new ByteArrayInputStream(transforms)); + + LSParser parser = domImplLS.createLSParser( + DOMImplementationLS.MODE_SYNCHRONOUS, null); + DOMConfiguration domConfig = parser.getDomConfig(); + SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); + domConfig.setParameter("error-handler", errorHandler); + domConfig.setParameter("validate", Boolean.FALSE); + + Document document; + try { + document = parser.parse(input); + } catch (DOMException e) { + log.info("Failed to parse dsig:Transforms.", e); + throw new SLRequestException(3002); + } catch (LSException e) { + log.info("Failed to parse dsig:Transforms.", e); + throw new SLRequestException(3002); + } + + // adopt ds:Transforms + Element transformsElt = document.getDocumentElement(); + Node adoptedTransforms = ctx.getDocument().adoptNode(transformsElt); + + DOMCryptoContext context = new DOMCryptoContext(); + + // unmarshall ds:Transforms + return new XSECTTransforms(context, adoptedTransforms); + + } else { + return null; + } + + +// TransformsType transformsType = transformsInfo.getTransforms(); +// if (transformsType == null) { +// return null; +// } +// List transformList = transformsType.getTransform(); +// +// DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); +//// Document transformsDoc = ((DOMImplementation) domImplLS).createDocument("http://www.w3.org/2000/09/xmldsig#", "Transforms", null); +//// Element transforms = transformsDoc.getDocumentElement(); +// Document transformsDoc = DOMUtils.createDocument(); +// Element transforms = transformsDoc.createElementNS( +// "http://www.w3.org/2000/09/xmldsig#", +// Signature.XMLDSIG_PREFIX + ":Transforms"); +// transformsDoc.appendChild(transforms); +// +// for (TransformType transformType : transformList) { +// log.trace("found " + transformType.getClass().getName()); +// Element transform = transformsDoc.createElementNS( +// "http://www.w3.org/2000/09/xmldsig#", +// Signature.XMLDSIG_PREFIX + ":Transform"); +// String algorithm = transformType.getAlgorithm(); +// if (algorithm != null) { +// log.trace("found algorithm " + algorithm); +// transform.setAttribute("Algorithm", algorithm); +// } +// +// at.gv.egiz.slbinding.impl.TransformType t = (at.gv.egiz.slbinding.impl.TransformType) transformType; +// byte[] redirectedBytes = t.getRedirectedStream().toByteArray(); +// if (redirectedBytes != null && redirectedBytes.length > 0) { +// if (log.isTraceEnabled()) { +// StringBuilder sb = new StringBuilder(); +// sb.append("Trying to parse dsig:Transform:\n"); +// sb.append(new String(redirectedBytes, Charset.forName("UTF-8"))); +// log.trace(sb); +// } +// LSInput input = domImplLS.createLSInput(); +// input.setByteStream(new ByteArrayInputStream(redirectedBytes)); +// +// LSParser parser = domImplLS.createLSParser( +// DOMImplementationLS.MODE_SYNCHRONOUS, null); +// DOMConfiguration domConfig = parser.getDomConfig(); +// SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); +// domConfig.setParameter("error-handler", errorHandler); +// domConfig.setParameter("validate", Boolean.FALSE); +// +// try { +// Document redirectedDoc = parser.parse(input); +// Node redirected = transformsDoc.adoptNode(redirectedDoc.getDocumentElement()); +// transform.appendChild(redirected); +// +// //not supported by Xerces2.9.1 +//// Node redirected = parser.parseWithContext(input, transform, LSParser.ACTION_APPEND_AS_CHILDREN); +// +// } catch (DOMException e) { +// log.info("Failed to parse dsig:Transform.", e); +// throw new SLRequestException(3002); +// } catch (LSException e) { +// log.info("Failed to parse dsig:Transform.", e); +// throw new SLRequestException(3002); +// } +// } +// transforms.appendChild(transform); +// } +// +// //adopt ds:Transforms +// Node adoptedTransforms = ctx.getDocument().adoptNode(transforms); +// DOMCryptoContext context = new DOMCryptoContext(); +// +// // unmarshall ds:Transforms +// return new XSECTTransforms(context, adoptedTransforms); + + } + + /** + * Sets the mimeType and the description value + * for this DataObject. + * + * @param metaInfoType the sl:FinalMetaDataInfo + * + * @throws NullPointerException if metaInfoType is null + */ + private void setFinalDataMetaInfo(MetaInfoType metaInfoType) { + + this.mimeType = metaInfoType.getMimeType(); + this.description = metaInfoType.getDescription(); + + } + + /** + * Selects an appropriate transformation path (if present) from the given list + * of sl:TransformInfos, sets the corresponding final data meta info and + * returns the corresponding unmarshalled ds:Transforms. + * + * @param transformsInfos the sl:TransformInfos + * + * @return the unmarshalled ds:Transforms, or null if + * no transformation path has been selected. + * + * @throws SLRequestException if the given list ds:TransformsInfo contains + * an invalid ds:Transforms element, or no suitable transformation path + * can be found. + */ + private XSECTTransforms createTransformsAndSetFinalDataMetaInfo( + List transformsInfos) throws SLRequestException { + + TransformsInfoType preferredTransformsInfo = selectPreferredTransformsInfo(transformsInfos); + // try preferred transform + if (preferredTransformsInfo != null) { + + try { + XSECTTransforms transforms = createTransforms(preferredTransformsInfo); + setFinalDataMetaInfo(preferredTransformsInfo.getFinalDataMetaInfo()); + return transforms; + } catch (MarshalException e) { + + String mimeType = preferredTransformsInfo.getFinalDataMetaInfo().getMimeType(); + log.info("Failed to unmarshal preferred transformation path (MIME-Type=" + + mimeType + ").", e); + + } + + } + + // look for another suitable transformation path + for (TransformsInfoType transformsInfoType : transformsInfos) { + + try { + XSECTTransforms transforms = createTransforms(transformsInfoType); + setFinalDataMetaInfo(transformsInfoType.getFinalDataMetaInfo()); + return transforms; + } catch (MarshalException e) { + + String mimeType = transformsInfoType.getFinalDataMetaInfo().getMimeType(); + log.info("Failed to unmarshal transformation path (MIME-Type=" + + mimeType + ").", e); + } + + } + + // no suitable transformation path found + throw new SLRequestException(3003); + + } + + /** + * Create an XMLObject with the Base64 encoding of the given + * content. + * + * @param content + * the to-be Base64 encoded content + * @return an XMLObject with the Base64 encoded content + */ + private XMLObject createXMLObject(InputStream content) { + + Text textNode; + try { + textNode = at.gv.egiz.dom.DOMUtils.createBase64Text(content, ctx.getDocument()); + } catch (IOException e) { + log.error(e); + throw new SLRuntimeException(e); + } + + DOMStructure structure = new DOMStructure(textNode); + + String idValue = ctx.getIdValueFactory().createIdValue("Object"); + + return ctx.getSignatureFactory().newXMLObject(Collections.singletonList(structure), idValue, null, null); + + } + + /** + * Create an XMLObject with the given content node. + * + * @param content the content node + * + * @return an XMLObject with the given content + */ + private XMLObject createXMLObject(Node content) { + + String idValue = ctx.getIdValueFactory().createIdValue("Object"); + + List structures = Collections.singletonList(new DOMStructure(content)); + + return ctx.getSignatureFactory().newXMLObject(structures, idValue, null, null); + + } + + /** + * Sets the given xmlObject and creates and sets a corresponding + * Reference. + *

+ * A transform to Base64-decode the xmlObject's content is inserted at the top + * of to the optional transforms if given, or to a newly created + * Transforms element if transforms is + * null. + * + * @param xmlObject + * the XMLObject + * @param transforms + * an optional Transforms element (may be + * null) + * + * @throws SLCommandException + * if creating the Reference fails + * @throws NullPointerException + * if xmlObject is null + */ + private void setXMLObjectAndReferenceBase64(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException { + + // create reference URI + // + // NOTE: the ds:Object can be referenced directly, as the Base64 transform + // operates on the text() of the input nodelist. + // + String referenceURI = "#" + xmlObject.getId(); + + // create Base64 Transform + Transform transform; + try { + transform = ctx.getSignatureFactory().newTransform(Transform.BASE64, (TransformParameterSpec) null); + } catch (NoSuchAlgorithmException e) { + // algorithm must be present + throw new SLRuntimeException(e); + } catch (InvalidAlgorithmParameterException e) { + // algorithm does not take parameters + throw new SLRuntimeException(e); + } + + if (transforms == null) { + transforms = new XSECTTransforms(Collections.singletonList(transform)); + } else { + transforms.insertTransform(transform); + } + + DigestMethod dm; + try { + dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } catch (InvalidAlgorithmParameterException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } + String id = ctx.getIdValueFactory().createIdValue("Reference"); + + this.xmlObject = xmlObject; + this.reference = new XSECTReference(referenceURI, dm, transforms, null, id); + + } + + /** + * Sets the given xmlObject and creates and sets a corresponding + * Reference. + *

+ * A transform to select the xmlObject's content is inserted at the top of to + * the optional transforms if given, or to a newly created + * Transforms element if transforms is + * null. + *

+ * + * @param xmlObject + * the XMLObject + * @param transforms + * an optional Transforms element (may be + * null) + * + * @throws SLCommandException + * if creating the Reference fails + * @throws NullPointerException + * if xmlObject is null + */ + private void setXMLObjectAndReferenceXML(XMLObject xmlObject, XSECTTransforms transforms) throws SLCommandException { + + // create reference URI + String referenceURI = "#" + xmlObject.getId(); + + // create Transform to select ds:Object's children + Transform xpathTransform; + Transform c14nTransform; + try { + + XPathType xpath = new XPathType("id(\"" + xmlObject.getId() + "\")/node()", XPathType.Filter.INTERSECT); + List xpaths = Collections.singletonList(xpath); + XPathFilter2ParameterSpec params = new XPathFilter2ParameterSpec(xpaths); + + xpathTransform = ctx.getSignatureFactory().newTransform(Transform.XPATH2, params); + + // add exclusive canonicalization to avoid signing the namespace context of the ds:Object + c14nTransform = ctx.getSignatureFactory().newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null); + + } catch (NoSuchAlgorithmException e) { + // algorithm must be present + throw new SLRuntimeException(e); + } catch (InvalidAlgorithmParameterException e) { + // params must be appropriate + throw new SLRuntimeException(e); + } + + if (transforms == null) { + List newTransfroms = new ArrayList(); + newTransfroms.add(xpathTransform); + newTransfroms.add(c14nTransform); + transforms = new XSECTTransforms(newTransfroms); + } else { + transforms.insertTransform(xpathTransform); + } + + DigestMethod dm; + try { + dm = ctx.getAlgorithmMethodFactory().createDigestMethod(ctx); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } catch (InvalidAlgorithmParameterException e) { + log.error("Failed to get DigestMethod.", e); + throw new SLCommandException(4006); + } + String id = ctx.getIdValueFactory().createIdValue("Reference"); + + this.xmlObject = xmlObject; + this.reference = new XSECTReference(referenceURI, dm, transforms, null, id); + + } + + /** + * Parses the given xmlContent and returns a corresponding + * document fragment. + * + *

+ * The to-be parsed content is surrounded by ... elements to + * allow for mixed (e.g. Text and Element) content in XMLContent. + *

+ * + * @param xmlContent + * the XMLContent to-be parsed + * + * @return a document fragment containing the parsed nodes + * + * @throws SLCommandException + * if parsing the given xmlContent fails + * + * @throws NullPointerException + * if xmlContent is null + */ + private DocumentFragment parseDataObject(XMLContentType xmlContent) throws SLCommandException { + + ByteArrayOutputStream redirectedStream = xmlContent.getRedirectedStream(); + + // Note: We can assume a fixed character encoding of UTF-8 for the + // content of the redirect stream as the content has already been parsed + // and serialized again to the redirect stream. + + List inputStreams = new ArrayList(); + try { + // dummy start element + inputStreams.add(new ByteArrayInputStream("".getBytes("UTF-8"))); + + // content + inputStreams.add(new ByteArrayInputStream(redirectedStream.toByteArray())); + + // dummy end element + inputStreams.add(new ByteArrayInputStream("".getBytes("UTF-8"))); + } catch (UnsupportedEncodingException e) { + throw new SLRuntimeException(e); + } + + SequenceInputStream inputStream = new SequenceInputStream(Collections.enumeration(inputStreams)); + + // parse DataObject + Document doc = parseDataObject(inputStream, "UTF-8"); + + Element documentElement = doc.getDocumentElement(); + + if (documentElement == null || + !"dummy".equals(documentElement.getLocalName())) { + log.info("Failed to parse DataObject XMLContent."); + throw new SLCommandException(4111); + } + + DocumentFragment fragment = doc.createDocumentFragment(); + while (documentElement.getFirstChild() != null) { + fragment.appendChild(documentElement.getFirstChild()); + } + + // log parsed document + if (log.isTraceEnabled()) { + + StringWriter writer = new StringWriter(); + + writer.write("DataObject:\n"); + + LSOutput output = domImplLS.createLSOutput(); + output.setCharacterStream(writer); + output.setEncoding("UTF-8"); + LSSerializer serializer = domImplLS.createLSSerializer(); + serializer.getDomConfig().setParameter("xml-declaration", Boolean.FALSE); + serializer.write(fragment, output); + + log.trace(writer.toString()); + } + + return fragment; + + } + + /** + * Parses the given inputStream using the given + * encoding and returns the parsed document. + * + * @param inputStream + * the to-be parsed input + * + * @param encoding + * the encoding to be used for parsing the given + * inputStream + * + * @return the parsed document + * + * @throws SLCommandException + * if parsing the inputStream fails. + * + * @throws NullPointerException + * if inputStram is null + */ + private Document parseDataObject(InputStream inputStream, String encoding) throws SLCommandException { + + LSInput input = domImplLS.createLSInput(); + input.setByteStream(inputStream); + + if (encoding != null) { + input.setEncoding(encoding); + } + + LSParser parser = domImplLS.createLSParser(DOMImplementationLS.MODE_SYNCHRONOUS, null); + DOMConfiguration domConfig = parser.getDomConfig(); + SimpleDOMErrorHandler errorHandler = new SimpleDOMErrorHandler(); + domConfig.setParameter("error-handler", errorHandler); + domConfig.setParameter("validate", Boolean.FALSE); + + Document doc; + try { + doc = parser.parse(input); + } catch (DOMException e) { + log.info("Existing XML document cannot be parsed.", e); + throw new SLCommandException(4111); + } catch (LSException e) { + log.info("Existing XML document cannot be parsed. ", e); + throw new SLCommandException(4111); + } + + if (errorHandler.hasErrors()) { + // log errors + if (log.isInfoEnabled()) { + List errorMessages = errorHandler.getErrorMessages(); + StringBuffer sb = new StringBuffer(); + for (String errorMessage : errorMessages) { + sb.append(" "); + sb.append(errorMessage); + } + log.info("Existing XML document cannot be parsed. " + sb.toString()); + } + throw new SLCommandException(4111); + } + + return doc; + + } + + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java index 8baa0137..9182e824 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java @@ -87,6 +87,8 @@ import at.gv.egiz.bku.utils.urldereferencer.StreamData; import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; import at.gv.egiz.dom.DOMUtils; +import at.gv.egiz.marshal.NamespacePrefix; +import at.gv.egiz.marshal.NamespacePrefixMapperImpl; import at.gv.egiz.slbinding.impl.XMLContentType; import at.gv.egiz.stal.STAL; import at.gv.egiz.xades.QualifyingPropertiesException; @@ -99,6 +101,7 @@ import at.gv.egiz.xades.QualifyingPropertiesFactory; * @author mcentner */ public class Signature { + public static final String XMLDSIG_PREFIX = "dsig"; /** * Logging facility. @@ -407,7 +410,7 @@ public class Signature { signContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); - signContext.putNamespacePrefix(XMLSignature.XMLNS, "dsig"); + signContext.putNamespacePrefix(XMLSignature.XMLNS,XMLDSIG_PREFIX); signContext.setURIDereferencer(new URIDereferncerAdapter(ctx.getDereferencerContext())); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java index 78172dcb..7ce7b42d 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java @@ -14,185 +14,186 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package at.gv.egiz.bku.slcommands.impl.xsect; - -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; - -import iaik.xml.crypto.XSecProvider; - -import java.io.IOException; -import java.io.InputStream; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.List; - +package at.gv.egiz.bku.slcommands.impl.xsect; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import iaik.xml.crypto.XSecProvider; + +import java.io.IOException; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.List; + import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSocketFactory; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import javax.xml.crypto.MarshalException; -import javax.xml.crypto.dsig.CanonicalizationMethod; -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.Reference; -import javax.xml.crypto.dsig.SignatureMethod; -import javax.xml.crypto.dsig.Transform; -import javax.xml.crypto.dsig.XMLObject; -import javax.xml.crypto.dsig.XMLSignatureException; -import javax.xml.crypto.dsig.XMLSignatureFactory; -import javax.xml.crypto.dsig.dom.DOMSignContext; -import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; -import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; -import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; -import javax.xml.stream.XMLEventReader; -import javax.xml.stream.XMLInputFactory; -import javax.xml.stream.XMLStreamException; - -import org.junit.BeforeClass; -import org.junit.Test; -import org.w3c.dom.Document; -import org.w3c.dom.Node; -import org.w3c.dom.ls.DOMImplementationLS; -import org.w3c.dom.ls.LSOutput; -import org.w3c.dom.ls.LSSerializer; - -import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType; -import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; -import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory; -import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType; -import at.gv.egiz.bku.slexceptions.SLCommandException; -import at.gv.egiz.bku.slexceptions.SLRequestException; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.Reference; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.Transform; +import javax.xml.crypto.dsig.XMLObject; +import javax.xml.crypto.dsig.XMLSignatureException; +import javax.xml.crypto.dsig.XMLSignatureFactory; +import javax.xml.crypto.dsig.dom.DOMSignContext; +import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; +import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; +import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLStreamException; + +import org.junit.BeforeClass; +import org.junit.Test; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSOutput; +import org.w3c.dom.ls.LSSerializer; + +import at.buergerkarte.namespaces.securitylayer._1.CreateXMLSignatureRequestType; +import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; +import at.buergerkarte.namespaces.securitylayer._1.ObjectFactory; +import at.buergerkarte.namespaces.securitylayer._1.SignatureInfoCreationType; +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLRequestException; import at.gv.egiz.bku.slexceptions.SLViewerException; -import at.gv.egiz.bku.utils.urldereferencer.StreamData; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; -import at.gv.egiz.bku.utils.urldereferencer.URLProtocolHandler; -import at.gv.egiz.dom.DOMUtils; -import at.gv.egiz.slbinding.RedirectEventFilter; -import at.gv.egiz.slbinding.RedirectUnmarshallerListener; - -public class SignatureTest { - - private class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { - - @Override - public CanonicalizationMethod createCanonicalizationMethod( - SignatureContext signatureContext) { - - XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); - - try { - return signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - - @Override - public DigestMethod createDigestMethod(SignatureContext signatureContext) { - - XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); - - try { - return signatureFactory.newDigestMethod(DigestMethod.SHA1, (DigestMethodParameterSpec) null); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - - @Override - public SignatureMethod createSignatureMethod( - SignatureContext signatureContext) { - - XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); - - try { - return signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, (SignatureMethodParameterSpec) null); - } catch (Exception e) { - throw new RuntimeException(e); - } - - } - - } - - private static final String RESOURCE_PREFIX = "at/gv/egiz/bku/slcommands/impl/"; - - private static Unmarshaller unmarshaller; - - private static PrivateKey privateKey; - - private static X509Certificate certificate; - - @BeforeClass - public static void setUpClass() throws JAXBException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException { - - XSecProvider.addAsProvider(true); - - String packageName = ObjectFactory.class.getPackage().getName(); - packageName += ":" - + org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName(); - JAXBContext jaxbContext = JAXBContext.newInstance(packageName); - - unmarshaller = jaxbContext.createUnmarshaller(); - - initURLDereferencer(); - - ClassLoader classLoader = SignatureTest.class.getClassLoader(); - InputStream certStream = classLoader.getResourceAsStream(RESOURCE_PREFIX + "Cert.p12"); - assertNotNull("Certificate not found.", certStream); - - char[] passwd = "1622".toCharArray(); - - KeyStore keystore = KeyStore.getInstance("PKCS12"); - keystore.load(certStream, passwd); - String firstAlias = keystore.aliases().nextElement(); - certificate = (X509Certificate) keystore.getCertificate(firstAlias); - privateKey = (PrivateKey) keystore.getKey(firstAlias, passwd); - - } - - private static void initURLDereferencer() { - - URLDereferencer.getInstance().registerHandler("testlocal", new URLProtocolHandler() { - - @Override - public StreamData dereference(String url, URLDereferencerContext context) - throws IOException { - - ClassLoader classLoader = SignatureTest.class.getClassLoader(); - - String filename = url.split(":", 2)[1]; - - InputStream stream = classLoader.getResourceAsStream(RESOURCE_PREFIX + filename); - - if (stream == null) { - - throw new IOException("Failed to resolve resource '" + url + "'."); - - } else { - - String contentType; - if (filename.endsWith(".xml")) { - contentType = "text/xml"; - } else if (filename.endsWith(".txt")) { - contentType = "text/plain"; - } else { - contentType = ""; - } - - return new StreamData(url, contentType, stream); - - } - +import at.gv.egiz.bku.utils.urldereferencer.StreamData; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; +import at.gv.egiz.bku.utils.urldereferencer.URLProtocolHandler; +import at.gv.egiz.dom.DOMUtils; +import at.gv.egiz.slbinding.RedirectEventFilter; +import at.gv.egiz.slbinding.RedirectUnmarshallerListener; +import org.junit.Ignore; + +public class SignatureTest { + + private class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { + + @Override + public CanonicalizationMethod createCanonicalizationMethod( + SignatureContext signatureContext) { + + XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); + + try { + return signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + @Override + public DigestMethod createDigestMethod(SignatureContext signatureContext) { + + XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); + + try { + return signatureFactory.newDigestMethod(DigestMethod.SHA1, (DigestMethodParameterSpec) null); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + @Override + public SignatureMethod createSignatureMethod( + SignatureContext signatureContext) { + + XMLSignatureFactory signatureFactory = signatureContext.getSignatureFactory(); + + try { + return signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, (SignatureMethodParameterSpec) null); + } catch (Exception e) { + throw new RuntimeException(e); + } + + } + + } + + private static final String RESOURCE_PREFIX = "at/gv/egiz/bku/slcommands/impl/"; + + private static Unmarshaller unmarshaller; + + private static PrivateKey privateKey; + + private static X509Certificate certificate; + + @BeforeClass + public static void setUpClass() throws JAXBException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException { + + XSecProvider.addAsProvider(true); + + String packageName = ObjectFactory.class.getPackage().getName(); + packageName += ":" + + org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName(); + JAXBContext jaxbContext = JAXBContext.newInstance(packageName); + + unmarshaller = jaxbContext.createUnmarshaller(); + + initURLDereferencer(); + + ClassLoader classLoader = SignatureTest.class.getClassLoader(); + InputStream certStream = classLoader.getResourceAsStream(RESOURCE_PREFIX + "Cert.p12"); + assertNotNull("Certificate not found.", certStream); + + char[] passwd = "1622".toCharArray(); + + KeyStore keystore = KeyStore.getInstance("PKCS12"); + keystore.load(certStream, passwd); + String firstAlias = keystore.aliases().nextElement(); + certificate = (X509Certificate) keystore.getCertificate(firstAlias); + privateKey = (PrivateKey) keystore.getKey(firstAlias, passwd); + + } + + private static void initURLDereferencer() { + + URLDereferencer.getInstance().registerHandler("testlocal", new URLProtocolHandler() { + + @Override + public StreamData dereference(String url, URLDereferencerContext context) + throws IOException { + + ClassLoader classLoader = SignatureTest.class.getClassLoader(); + + String filename = url.split(":", 2)[1]; + + InputStream stream = classLoader.getResourceAsStream(RESOURCE_PREFIX + filename); + + if (stream == null) { + + throw new IOException("Failed to resolve resource '" + url + "'."); + + } else { + + String contentType; + if (filename.endsWith(".xml")) { + contentType = "text/xml"; + } else if (filename.endsWith(".txt")) { + contentType = "text/plain"; + } else { + contentType = ""; + } + + return new StreamData(url, contentType, stream); + + } + } @Override @@ -205,558 +206,600 @@ public class SignatureTest { public void setSSLSocketFactory(SSLSocketFactory socketFactory) { // TODO Auto-generated method stub - } - - }); - - } - - private Object unmarshal(String file) throws XMLStreamException, JAXBException { - - ClassLoader classLoader = SignatureTest.class.getClassLoader(); - InputStream resourceStream = classLoader.getResourceAsStream(RESOURCE_PREFIX + file); - assertNotNull(resourceStream); - - XMLInputFactory inputFactory = XMLInputFactory.newInstance(); - XMLEventReader eventReader = inputFactory.createXMLEventReader(resourceStream); - RedirectEventFilter redirectEventFilter = new RedirectEventFilter(); - XMLEventReader filteredReader = inputFactory.createFilteredReader(eventReader, redirectEventFilter); - - unmarshaller.setListener(new RedirectUnmarshallerListener(redirectEventFilter)); - - return unmarshaller.unmarshal(filteredReader); - - } - - // - // - // SignatureInfo - // - // - - @SuppressWarnings("unchecked") - private SignatureInfoCreationType unmarshalSignatureInfo(String file) throws JAXBException, XMLStreamException { - - Object object = unmarshal(file); - - Object requestType = ((JAXBElement) object).getValue(); - - assertTrue(requestType instanceof CreateXMLSignatureRequestType); - - SignatureInfoCreationType signatureInfo = ((CreateXMLSignatureRequestType) requestType).getSignatureInfo(); - - assertNotNull(signatureInfo); - - return signatureInfo; - - } - - @Test - public void testSetSignatureInfo_Base64_1() throws JAXBException, SLCommandException, XMLStreamException { - - SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), null); - - signature.setSignatureInfo(signatureInfo); - - Node parent = signature.getParent(); - Node nextSibling = signature.getNextSibling(); - - assertNotNull(parent); - assertTrue("urn:document".equals(parent.getNamespaceURI())); - assertTrue("XMLDocument".equals(parent.getLocalName())); - - assertNotNull(nextSibling); - assertTrue("urn:document".equals(nextSibling.getNamespaceURI())); - assertTrue("Paragraph".equals(nextSibling.getLocalName())); - - } - - @Test - public void testSetSignature_Base64_2() throws JAXBException, SLCommandException, XMLStreamException { - - SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), null); - - signature.setSignatureInfo(signatureInfo); - - Node parent = signature.getParent(); - Node nextSibling = signature.getNextSibling(); - - assertNotNull(parent); - assertTrue("XMLDocument".equals(parent.getLocalName())); - - assertNotNull(nextSibling); - assertTrue("Paragraph".equals(nextSibling.getLocalName())); - - } - - @Test - public void testSetSignature_Base64_3() throws JAXBException, SLCommandException, XMLStreamException { - - SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_3.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), null); - - signature.setSignatureInfo(signatureInfo); - - Node parent = signature.getParent(); - Node nextSibling = signature.getNextSibling(); - - assertNotNull(parent); - assertTrue("XMLDocument".equals(parent.getLocalName())); - - assertNotNull(nextSibling); - assertTrue("Paragraph".equals(nextSibling.getLocalName())); - - } - - @Test - public void testSetSignatureInfo_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException { - - SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_XMLContent_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), null); - - signature.setSignatureInfo(signatureInfo); - - Node parent = signature.getParent(); - Node nextSibling = signature.getNextSibling(); - - assertNotNull(parent); - assertTrue("urn:document".equals(parent.getNamespaceURI())); - assertTrue("Whole".equals(parent.getLocalName())); - - assertNull(nextSibling); - - } - - @Test - public void testSetSignature_Reference_1() throws JAXBException, SLCommandException, XMLStreamException { - - SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Reference_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), null); - - signature.setSignatureInfo(signatureInfo); - - Node parent = signature.getParent(); - Node nextSibling = signature.getNextSibling(); - - assertNotNull(parent); - assertTrue("urn:document".equals(parent.getNamespaceURI())); - assertTrue("Paragraph".equals(parent.getLocalName())); - - assertNull(nextSibling); - - } - - // - // - // DataObject - // - // - - @SuppressWarnings("unchecked") - private List unmarshalDataObjectInfo(String file) throws JAXBException, XMLStreamException { - - Object object = unmarshal(file); - - Object requestType = ((JAXBElement) object).getValue(); - - assertTrue(requestType instanceof CreateXMLSignatureRequestType); - - List dataObjectInfos = ((CreateXMLSignatureRequestType) requestType).getDataObjectInfo(); - - assertNotNull(dataObjectInfos); - - return dataObjectInfos; - - } - - private void signAndMarshalSignature(Signature signature) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException { - - Node parent = signature.getParent(); - Node nextSibling = signature.getNextSibling(); - - DOMSignContext signContext = (nextSibling == null) - ? new DOMSignContext(privateKey, parent) - : new DOMSignContext(privateKey, parent, nextSibling); - - signature.sign(signContext); - - Document document = signature.getDocument(); - - DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); - LSOutput output = domImplLS.createLSOutput(); - output.setByteStream(System.out); - - LSSerializer serializer = domImplLS.createLSSerializer(); -// serializer.getDomConfig().setParameter("format-pretty-print", Boolean.TRUE); - serializer.getDomConfig().setParameter("namespaces", Boolean.FALSE); - serializer.write(document, output); - - } - - @SuppressWarnings("unchecked") - @Test - public void testDataObject_Base64Content_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Base64Content_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.setSignerCeritifcate(certificate); - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue(transforms.size() == 1); - - Transform transform = transforms.get(0); - assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); - - XMLObject object = objects.get(0); - - assertTrue(("#" + object.getId()).equals(reference.getURI())); - - } - - @SuppressWarnings("unchecked") - @Test - public void testDataObject_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.setSignerCeritifcate(certificate); - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue(transforms.size() == 2); - - Transform transform = transforms.get(0); - assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); - - XMLObject object = objects.get(0); - - assertTrue(("#" + object.getId()).equals(reference.getURI())); - - } - - @SuppressWarnings("unchecked") - @Test - public void testDataObject_XMLContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_2.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.setSignerCeritifcate(certificate); - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue(transforms.size() == 2); - - Transform transform = transforms.get(0); - assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); - - XMLObject object = objects.get(0); - - assertTrue(("#" + object.getId()).equals(reference.getURI())); - - } - - - @SuppressWarnings("unchecked") - @Test - public void testDataObject_LocRefContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue(transforms.size() == 2); - - Transform transform = transforms.get(0); - assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); - - XMLObject object = objects.get(0); - - assertTrue(("#" + object.getId()).equals(reference.getURI())); - - } - - @SuppressWarnings("unchecked") - @Test - public void testDataObject_LocRefContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_2.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue(transforms.size() == 1); - - Transform transform = transforms.get(0); - assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); - - XMLObject object = objects.get(0); - - assertTrue(("#" + object.getId()).equals(reference.getURI())); - - } - - @SuppressWarnings("unchecked") - @Test - public void testDataObject_Reference_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Reference_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue(transforms.size() == 1); - - Transform transform = transforms.get(0); - assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); - - XMLObject object = objects.get(0); - - assertTrue(("#" + object.getId()).equals(reference.getURI())); - - } - - @SuppressWarnings("unchecked") - @Test - public void testDataObject_Detached_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue(transforms.size() == 0); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue(objects.size() == 1); - - } - - @SuppressWarnings("unchecked") - @Test - public void testDataObject_Detached_Base64Content() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_Base64Content.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue(transforms.size() == 0); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue(objects.size() == 1); - - } - - // - // - // TransformsInfo - // - // - - @SuppressWarnings("unchecked") - private CreateXMLSignatureRequestType unmarshalCreateXMLSignatureRequest(String file) throws JAXBException, XMLStreamException { - - Object object = unmarshal(file); - - Object requestType = ((JAXBElement) object).getValue(); - - assertTrue(requestType instanceof CreateXMLSignatureRequestType); - - return (CreateXMLSignatureRequestType) requestType; - - } - - - @SuppressWarnings("unchecked") - @Test - public void testTransformsInfo_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { - - CreateXMLSignatureRequestType requestType = unmarshalCreateXMLSignatureRequest("TransformsInfo_1.xml"); - - Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); - - - signature.setSignatureInfo(requestType.getSignatureInfo()); - - List dataObjectInfos = requestType.getDataObjectInfo(); - - for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { - signature.addDataObject(dataObjectInfo); - } - - signature.setSignerCeritifcate(certificate); - - signature.buildXMLSignature(); - - signAndMarshalSignature(signature); - - List references = signature.getReferences(); - assertTrue(references.size() == 2); - - Reference reference = references.get(0); - assertNotNull(reference.getId()); - - List transforms = reference.getTransforms(); - assertTrue("Size " + transforms.size() + "", transforms.size() == 3); - - Transform transform = transforms.get(0); - assertTrue(Transform.ENVELOPED.equals(transform.getAlgorithm())); - - List objects = signature.getXMLObjects(); - assertNotNull(objects); - assertTrue("Size " + objects.size() + " but should be 1.", objects.size() == 1); - - } - - -} + } + + }); + + } + + private Object unmarshal(String file) throws XMLStreamException, JAXBException { + + ClassLoader classLoader = SignatureTest.class.getClassLoader(); + InputStream resourceStream = classLoader.getResourceAsStream(RESOURCE_PREFIX + file); + assertNotNull(resourceStream); + + XMLInputFactory inputFactory = XMLInputFactory.newInstance(); + XMLEventReader eventReader = inputFactory.createXMLEventReader(resourceStream); + RedirectEventFilter redirectEventFilter = new RedirectEventFilter(); + XMLEventReader filteredReader = inputFactory.createFilteredReader(eventReader, redirectEventFilter); + + unmarshaller.setListener(new RedirectUnmarshallerListener(redirectEventFilter)); + + return unmarshaller.unmarshal(filteredReader); + + } + + // + // + // SignatureInfo + // + // + + @SuppressWarnings("unchecked") + private SignatureInfoCreationType unmarshalSignatureInfo(String file) throws JAXBException, XMLStreamException { + + Object object = unmarshal(file); + + Object requestType = ((JAXBElement) object).getValue(); + + assertTrue(requestType instanceof CreateXMLSignatureRequestType); + + SignatureInfoCreationType signatureInfo = ((CreateXMLSignatureRequestType) requestType).getSignatureInfo(); + + assertNotNull(signatureInfo); + + return signatureInfo; + + } + + @Test + public void testSetSignatureInfo_Base64_1() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("urn:document".equals(parent.getNamespaceURI())); + assertTrue("XMLDocument".equals(parent.getLocalName())); + + assertNotNull(nextSibling); + assertTrue("urn:document".equals(nextSibling.getNamespaceURI())); + assertTrue("Paragraph".equals(nextSibling.getLocalName())); + + } + + @Test + public void testSetSignature_Base64_2() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("XMLDocument".equals(parent.getLocalName())); + + assertNotNull(nextSibling); + assertTrue("Paragraph".equals(nextSibling.getLocalName())); + + } + + @Test + public void testSetSignature_Base64_3() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_3.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("XMLDocument".equals(parent.getLocalName())); + + assertNotNull(nextSibling); + assertTrue("Paragraph".equals(nextSibling.getLocalName())); + + } + + @Test + public void testSetSignatureInfo_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_XMLContent_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("urn:document".equals(parent.getNamespaceURI())); + assertTrue("Whole".equals(parent.getLocalName())); + + assertNull(nextSibling); + + } + + @Test + public void testSetSignature_Reference_1() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Reference_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), null); + + signature.setSignatureInfo(signatureInfo); + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + assertNotNull(parent); + assertTrue("urn:document".equals(parent.getNamespaceURI())); + assertTrue("Paragraph".equals(parent.getLocalName())); + + assertNull(nextSibling); + + } + + // + // + // DataObject + // + // + + @SuppressWarnings("unchecked") + private List unmarshalDataObjectInfo(String file) throws JAXBException, XMLStreamException { + + Object object = unmarshal(file); + + Object requestType = ((JAXBElement) object).getValue(); + + assertTrue(requestType instanceof CreateXMLSignatureRequestType); + + List dataObjectInfos = ((CreateXMLSignatureRequestType) requestType).getDataObjectInfo(); + + assertNotNull(dataObjectInfos); + + return dataObjectInfos; + + } + + private void signAndMarshalSignature(Signature signature) throws MarshalException, XMLSignatureException, SLCommandException, SLViewerException { + + Node parent = signature.getParent(); + Node nextSibling = signature.getNextSibling(); + + DOMSignContext signContext = (nextSibling == null) + ? new DOMSignContext(privateKey, parent) + : new DOMSignContext(privateKey, parent, nextSibling); + + signature.sign(signContext); + + Document document = signature.getDocument(); + + DOMImplementationLS domImplLS = DOMUtils.getDOMImplementationLS(); + LSOutput output = domImplLS.createLSOutput(); + output.setByteStream(System.out); + + LSSerializer serializer = domImplLS.createLSSerializer(); +// serializer.getDomConfig().setParameter("format-pretty-print", Boolean.TRUE); + serializer.getDomConfig().setParameter("namespaces", Boolean.FALSE); + serializer.write(document, output); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Base64Content_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Base64Content_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 1); + + Transform transform = transforms.get(0); + assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 2); + + Transform transform = transforms.get(0); + assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_XMLContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_2.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 2); + + Transform transform = transforms.get(0); + assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_LocRefContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 2); + + Transform transform = transforms.get(0); + assertTrue(Transform.XPATH2.equals(transform.getAlgorithm())); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_LocRefContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_2.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 1); + + Transform transform = transforms.get(0); + assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Reference_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Reference_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 1); + + Transform transform = transforms.get(0); + assertTrue(Transform.BASE64.equals(transform.getAlgorithm())); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 2.", objects.size() == 2); + + XMLObject object = objects.get(0); + + assertTrue(("#" + object.getId()).equals(reference.getURI())); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Detached_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 0); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue(objects.size() == 1); + + } + + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Detached_Base64Content() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_Base64Content.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 0); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue(objects.size() == 1); + + } + + // + // + // TransformsInfo + // + // + + @SuppressWarnings("unchecked") + private CreateXMLSignatureRequestType unmarshalCreateXMLSignatureRequest(String file) throws JAXBException, XMLStreamException { + + Object object = unmarshal(file); + + Object requestType = ((JAXBElement) object).getValue(); + + assertTrue(requestType instanceof CreateXMLSignatureRequestType); + + return (CreateXMLSignatureRequestType) requestType; + + } + + + @SuppressWarnings("unchecked") + @Test + public void testTransformsInfo_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + CreateXMLSignatureRequestType requestType = unmarshalCreateXMLSignatureRequest("TransformsInfo_1.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + + signature.setSignatureInfo(requestType.getSignatureInfo()); + + List dataObjectInfos = requestType.getDataObjectInfo(); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue("Size " + transforms.size() + "", transforms.size() == 3); + + Transform transform = transforms.get(0); + assertTrue(Transform.ENVELOPED.equals(transform.getAlgorithm())); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 1.", objects.size() == 1); + + } + + @SuppressWarnings("unchecked") + @Test + @Ignore + public void testTransformsInfo_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + CreateXMLSignatureRequestType requestType = unmarshalCreateXMLSignatureRequest("TransformsInfo_2.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + + signature.setSignatureInfo(requestType.getSignatureInfo()); + + List dataObjectInfos = requestType.getDataObjectInfo(); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.setSignerCeritifcate(certificate); + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue("Size " + transforms.size() + "", transforms.size() == 2); + + Transform transform = transforms.get(0); + assertTrue(Transform.XSLT.equals(transform.getAlgorithm())); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue("Size " + objects.size() + " but should be 1.", objects.size() == 1); + + } + + +} diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_2.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_2.xml new file mode 100644 index 00000000..f43dc61a --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/TransformsInfo_2.xml @@ -0,0 +1,397 @@ + + + SecureSignatureKeypair + + + + + + + + + + + Signatur der Anmeldedaten + + + +

Signatur der Anmeldedaten

+

+

Mit meiner elektronischen Signatur beantrage ich, + + , geboren am . . , in der Rolle als (OID***= ), den Zugang zur gesicherten Anwendung.

+

+

Datum und Uhrzeit: . . , : + : +

+ +

HPI(**):

+ + +

wbPK(*):

+ + +
+

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. +

wbPK(*) des Vollmachtgebers:

+ +

+

+ + + +

+

+ + +

+

+ + +

+

+ + + +
(*) wbPK: Das wirtschaftsbereichsspezifische + Personenkennzeichen wird aus den jeweiligen + Stammzahlen des Bürgers und des Wirtschaftsunternehmens + berechnet und ermöglicht eine eindeutige Zuordnung des + Bürgers zum Wirtschaftsunternehmen.
+ + +
(**) HPI: Der eHealth Professional + Identifier wird aus den jeweiligen Stammzahlen + der Gesundheitsdiensteanbieterinnen / + Gesundheitsdiensteanbieter berechnet und ermöglicht eine + eindeutige Zuordnung der Gesundheitsdiensteanbieterin / + des Gesundheitsdiensteanbieters im + Gesundheitsbereich.
+ + +
(***) OID: Object Identifier sind + standardisierte Objekt-Bezeichner und beschreiben + eindeutig die Rollen des GDA-Token Inhabers.
+ + + + + + + + + + application/xhtml+xml + + + + + + + + + + + + Signatur der Anmeldedaten + + +

Signatur der Anmeldedaten

+

+

Mit meiner elektronischen Signatur beantrage ich, + + , geboren am . . , in der Rolle als (OID***= ), den Zugang zur gesicherten Anwendung.

+

+

Datum und Uhrzeit: . . , : + : +

+ +

HPI(**):

+ + +

wbPK(*):

+ + +
+

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. +

wbPK(*) des Vollmachtgebers:

+ +

+

+ + + +

+

+ + +

+

+ + +

+

+ + + +
(*) wbPK: Das wirtschaftsbereichsspezifische + Personenkennzeichen wird aus den jeweiligen + Stammzahlen des Bürgers und des Wirtschaftsunternehmens + berechnet und ermöglicht eine eindeutige Zuordnung des + Bürgers zum Wirtschaftsunternehmen.
+ + +
(**) HPI: Der eHealth Professional Identifier + wird aus den jeweiligen Stammzahlen der + Gesundheitsdiensteanbieterinnen / + Gesundheitsdiensteanbieter berechnet und ermöglicht eine + eindeutige Zuordnung der Gesundheitsdiensteanbieterin / + des Gesundheitsdiensteanbieters im + Gesundheitsbereich.
+ + +
(***) OID: Object Identifier sind standardisierte + Objekt-Bezeichner und beschreiben eindeutig die Rollen + des GDA-Token Inhabers.
+ + + + + + + + + + text/html + + + + + + + + + + Mit meiner elektronischen Signatur beantrage ich, + + , geboren am + + . + + . + + , + + in der Rolle als + + (OID***= + ) + , + + den Zugang zur gesicherten Anwendung. + Datum und Uhrzeit: + + . + + . + + , + + : + + : + + + + HPI(**): + + + + + wbPK(*): + + + + + Ich bin weiters ermächtigt als + + von + + + , geboren am + + . + + . + + + + , + + + , in deren Auftrag zu handeln. + + + wbPK(*) des Vollmachtgebers: + + + + + + (*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen. + + + (**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich. + + + (***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und beschreiben eindeutig die Rollen des GDA-Token Inhabers. + + + + + + + not(text()) + + + + text/plain + + + + + + + + + + https://demo.egiz.gv.at/exchange-moa-id-auth/ + + + + + LTpz8VYzns2jrx0J8Gm/R/nAhxA= + urn:publicid:gv.at:wbpk+FN+TODO + + + + + https://apps.egiz.gv.at/urlaubsschein-frontend/moaid-login + + + 1971-11-10 + + + + + + /saml:Assertion + + diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index 13c57686..86223854 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -30,8 +30,6 @@ package at.gv.egiz.smcc; import java.nio.charset.Charset; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.smartcardio.CardChannel; import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; @@ -41,7 +39,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; public class ACOSCard extends AbstractSignatureCard implements SignatureCard { - + private static Log log = LogFactory.getLog(ACOSCard.class); public static final byte[] AID_DEC = new byte[] { (byte) 0xA0, (byte) 0x00, @@ -100,8 +98,15 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { (byte) 0x01 // RSA // TODO: Not verified yet }; + private static final int PINSPEC_INF = 0; + private static final int PINSPEC_DEC = 1; + private static final int PINSPEC_SIG = 2; + public ACOSCard() { super("at/gv/egiz/smcc/ACOSCard"); + pinSpecs.add(PINSPEC_INF, new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name"), KID_PIN_INF, null)); + pinSpecs.add(PINSPEC_DEC, new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("dec.pin.name"), KID_PIN_DEC, null)); + pinSpecs.add(PINSPEC_SIG, new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name"), KID_PIN_SIG, null)); } /* (non-Javadoc) @@ -165,7 +170,8 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { try { if ("IdentityLink".equals(infobox)) { - PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name")); + PINSpec spec = pinSpecs.get(PINSPEC_INF); + //new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name")); int retries = -1; String pin = null; @@ -219,7 +225,8 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { - PINSpec spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); + PINSpec spec = pinSpecs.get(PINSPEC_SIG); + //new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); int retries = -1; String pin = null; @@ -260,7 +267,8 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { - PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("dec.pin.name")); + PINSpec spec = pinSpecs.get(PINSPEC_DEC); + //new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("dec.pin.name")); int retries = -1; String pin = null; @@ -321,11 +329,6 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { 0x00, fid, 256)); } - @Override - public byte[] getKIDs() { - return new byte[] { KID_PIN_DEC, KID_PIN_INF, KID_PIN_SIG }; - } - @Override public int verifyPIN(String pin, byte kid) throws LockedException, NotActivatedException, SignatureCardException { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index 67f090a5..cb068725 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -31,7 +31,11 @@ package at.gv.egiz.smcc; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.ByteBuffer; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; import java.util.Locale; +import java.util.Map; import java.util.ResourceBundle; import javax.smartcardio.ATR; @@ -49,6 +53,8 @@ public abstract class AbstractSignatureCard implements SignatureCard { private static Log log = LogFactory.getLog(AbstractSignatureCard.class); + protected List pinSpecs = new ArrayList(); + private ResourceBundle i18n; private String resourceBundleName; @@ -433,4 +439,8 @@ public abstract class AbstractSignatureCard implements SignatureCard { } } + @Override + public List getPINSpecs() { + return pinSpecs; + } } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java index 0852d664..d180ddf0 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java @@ -35,23 +35,40 @@ public class PINSpec { String name_; + byte kid_; + + byte[] context_aid_; + + /** + * + * @param minLenght + * @param maxLength + * @param rexepPattern + * @param resourceBundle + * @param name + * @param kid the keyId for this pin + */ public PINSpec(int minLenght, int maxLength, String rexepPattern, - ResourceBundle resourceBundle, String name) { + ResourceBundle resourceBundle, String name, byte kid, byte[] contextAID) { minLength_ = minLenght; maxLength_ = maxLength; rexepPattern_ = rexepPattern; resourceBundle_ = resourceBundle; name_ = name; + kid_ = kid; + context_aid_ = contextAID; } public PINSpec(int minLenght, int maxLength, String rexepPattern, - String name) { + String name, byte kid, byte[] contextAID) { minLength_ = minLenght; maxLength_ = maxLength; rexepPattern_ = rexepPattern; name_ = name; + kid_ = kid; + context_aid_ = contextAID; } @@ -75,7 +92,14 @@ public class PINSpec { public String getRexepPattern() { return rexepPattern_; } - + + public byte getKID() { + return kid_; + } + + public byte[] getContextAID() { + return context_aid_; + } } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index e80c6683..ae43629e 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -29,10 +29,8 @@ package at.gv.egiz.smcc; import java.math.BigInteger; -import java.util.ArrayList; import java.util.Arrays; -import java.util.List; import javax.smartcardio.CardChannel; import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; @@ -42,7 +40,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; public class STARCOSCard extends AbstractSignatureCard implements SignatureCard { - + /** * Logging facility. */ @@ -155,12 +153,17 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard }; public static final byte KID_PIN_CARD = (byte) 0x01; - + + private static final int PINSPEC_CARD = 0; + private static final int PINSPEC_SS = 1; + /** * Creates an new instance. */ public STARCOSCard() { super("at/gv/egiz/smcc/STARCOSCard"); + pinSpecs.add(PINSPEC_CARD, new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name"), KID_PIN_CARD, null)); + pinSpecs.add(PINSPEC_SS, new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name"), KID_PIN_SS, AID_DF_SS)); } @Override @@ -210,7 +213,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard try { if ("IdentityLink".equals(infobox)) { - PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + PINSpec spec = pinSpecs.get(PINSPEC_CARD); + //new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); int retries = -1; String pin = null; @@ -302,7 +306,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { - PINSpec spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); + PINSpec spec = pinSpecs.get(PINSPEC_SS); + //new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); int retries = -1; String pin = null; @@ -334,7 +339,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { - PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + PINSpec spec = pinSpecs.get(PINSPEC_CARD); + //new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); int retries = -1; String pin = null; @@ -455,11 +461,6 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } } - @Override - public byte[] getKIDs() { - return new byte[] { KID_PIN_CARD, KID_PIN_SS }; - } - /** * VERIFY PIN *

diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index bad7ccf6..8dc4ac2a 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -36,9 +36,13 @@ import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; +import java.util.ArrayList; import java.util.Enumeration; +import java.util.HashMap; +import java.util.List; import java.util.Locale; +import java.util.Map; import javax.smartcardio.Card; import javax.smartcardio.CardTerminal; @@ -311,7 +315,7 @@ public class SWCard implements SignatureCard { if (password == null) { - PINSpec pinSpec = new PINSpec(0, -1, ".", "KeyStore-Password"); + PINSpec pinSpec = new PINSpec(0, -1, ".", "KeyStore-Password", (byte) 0x01, null); password = provider.providePIN(pinSpec, -1); @@ -390,13 +394,13 @@ public class SWCard implements SignatureCard { } @Override - public byte[] getKIDs() { - return null; + public int verifyPIN(String pin, byte kid) throws LockedException, NotActivatedException, SignatureCardException { + return -1; } @Override - public int verifyPIN(String pin, byte kid) throws LockedException, NotActivatedException, SignatureCardException { - return -1; + public List getPINSpecs() { + return new ArrayList(); } } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index 1ec35b78..1e5e09c8 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -31,6 +31,7 @@ package at.gv.egiz.smcc; import java.util.List; import java.util.Locale; +import java.util.Map; import javax.smartcardio.Card; import javax.smartcardio.CardTerminal; @@ -118,10 +119,10 @@ public interface SignatureCard { PINProvider provider) throws SignatureCardException, InterruptedException; /** - * get the KIDs for the availabel PINs + * Get the KIDs for all available PINs and the corresponding PINSpecs * @return array of KIDs */ - public byte[] getKIDs(); + public List getPINSpecs(); /** * diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractBKUWorker.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractBKUWorker.java index e10ba8f9..b6c5a8ca 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractBKUWorker.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractBKUWorker.java @@ -102,6 +102,9 @@ public abstract class AbstractBKUWorker extends AbstractSMCCSTAL implements Acti @Override protected boolean waitForCard() { + if (signatureCard != null) { + return false; + } SMCCHelper smccHelper = new SMCCHelper(); actionCommandList.clear(); actionCommandList.add("cancel"); diff --git a/smccSTAL/src/test/java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java b/smccSTAL/src/test/java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java index a5f8a771..a5d6df23 100644 --- a/smccSTAL/src/test/java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java +++ b/smccSTAL/src/test/java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java @@ -86,15 +86,16 @@ public class AbstractSMCCSTALTest extends AbstractSMCCSTAL implements } - @Override - public byte[] getKIDs() { - return null; - } @Override public int verifyPIN(String pin, byte kid) throws LockedException, NotActivatedException, SignatureCardException { return 0; } + + @Override + public List getPINSpecs() { + return new ArrayList(); + } }; return false; diff --git a/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefix.java b/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefix.java new file mode 100644 index 00000000..c03f17cd --- /dev/null +++ b/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefix.java @@ -0,0 +1,34 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.marshal; + +/** + * + * @author Clemens Orthacker + */ +public interface NamespacePrefix { + String CARDCHANNEL_PREFIX = "cc"; + String ECDSA_PREFIX = "ecdsa"; + String PERSONDATA_PREFIX = "pr"; + String SAML10_PREFIX = "saml"; + String SL_PREFIX = "sl"; + String XADES_PREFIX = "xades"; + String XMLDSIG_PREFIX = "xmldsig"; + String XSI_PREFIX = "xsi"; + +} diff --git a/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java b/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java index a08c1188..519f6b1f 100644 --- a/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java +++ b/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java @@ -36,35 +36,35 @@ public class NamespacePrefixMapperImpl extends NamespacePrefixMapper { log.trace("prefix for namespace " + namespaceUri + " requested"); } if ("http://www.w3.org/2001/XMLSchema-instance".equals(namespaceUri)) { - return "xsi"; + return NamespacePrefix.XSI_PREFIX; } if ("http://www.w3.org/2000/09/xmldsig#".equals(namespaceUri)) { - return "dsig"; + return NamespacePrefix.XMLDSIG_PREFIX; } if ("http://www.buergerkarte.at/namespaces/securitylayer/1.2#".equals(namespaceUri)) { - return "sl"; + return NamespacePrefix.SL_PREFIX; } if ("http://www.buergerkarte.at/cardchannel".equals(namespaceUri)) { - return "cc"; + return NamespacePrefix.CARDCHANNEL_PREFIX; } if ("http://www.w3.org/2001/04/xmldsig-more#".equals(namespaceUri)) { - return "ecdsa"; + return NamespacePrefix.ECDSA_PREFIX; } if ("http://reference.e-government.gv.at/namespace/persondata/20020228#".equals(namespaceUri)) { - return "pr"; + return NamespacePrefix.PERSONDATA_PREFIX; } if ("urn:oasis:names:tc:SAML:1.0:assertion".equals(namespaceUri)) { - return "saml"; + return NamespacePrefix.SAML10_PREFIX; } if ("http://uri.etsi.org/01903/v1.1.1#".equals(namespaceUri)) { - return "xades"; + return NamespacePrefix.XADES_PREFIX; } return suggestion; diff --git a/utils/src/main/java/at/gv/egiz/slbinding/RedirectEventFilter.java b/utils/src/main/java/at/gv/egiz/slbinding/RedirectEventFilter.java index d2a7fb30..14c5ba48 100644 --- a/utils/src/main/java/at/gv/egiz/slbinding/RedirectEventFilter.java +++ b/utils/src/main/java/at/gv/egiz/slbinding/RedirectEventFilter.java @@ -1,19 +1,19 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ /* * To change this template, choose Tools | Templates * and open the template in the editor. @@ -33,79 +33,84 @@ import javax.xml.stream.events.XMLEvent; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +/* + * TODO: don't set redirect stream from caller (caller does not know whether redirection will be triggered) + * rather create on trigger and pass to caller + */ public class RedirectEventFilter implements EventFilter { - public static final String DEFAULT_ENCODING = "UTF-8"; - private static Log log = LogFactory.getLog(RedirectEventFilter.class); - protected XMLEventWriter redirectWriter = null; - protected Set redirectTriggers = null; - private int depth = -1; - protected NamespaceContext currentNamespaceContext = null; + public static final String DEFAULT_ENCODING = "UTF-8"; + private static Log log = LogFactory.getLog(RedirectEventFilter.class); + protected XMLEventWriter redirectWriter = null; + protected Set redirectTriggers = null; + private int depth = -1; + protected NamespaceContext currentNamespaceContext = null; - /** - * Event redirection is disabled, set a redirect stream to enable. - */ - public RedirectEventFilter() { - redirectWriter = null; - // redirectTriggers = null; - } + /** + * Event redirection is disabled, set a redirect stream to enable. + */ + public RedirectEventFilter() { + redirectWriter = null; + // redirectTriggers = null; + } - /** - * - * @param redirectStream - * if null, no events are redirected - * @param redirectTriggers - * if null, all events are redirected - */ - public RedirectEventFilter(OutputStream redirectStream, String encoding) - throws XMLStreamException { // , List redirectTriggers - if (redirectStream != null) { - XMLOutputFactory outputFactory = XMLOutputFactory.newInstance(); - if (encoding == null) { - encoding = DEFAULT_ENCODING; - } - this.redirectWriter = outputFactory.createXMLEventWriter(redirectStream, + /** + * + * @param redirectStream + * if null, no events are redirected + * @param redirectTriggers + * if null, all events are redirected + */ + public RedirectEventFilter(OutputStream redirectStream, String encoding) + throws XMLStreamException { // , List redirectTriggers + if (redirectStream != null) { + XMLOutputFactory outputFactory = XMLOutputFactory.newInstance(); + if (encoding == null) { + encoding = DEFAULT_ENCODING; + } + this.redirectWriter = outputFactory.createXMLEventWriter(redirectStream, encoding); - } - // this.redirectTriggers = redirectTriggers; } + // this.redirectTriggers = redirectTriggers; + } - /** - * All startElement events occuring in the redirectTriggers list will trigger - * redirection of the entire (sub-)fragment. - * - * @param event - * @return false if an event is redirected - */ - @Override - public boolean accept(XMLEvent event) { - int eventType = event.getEventType(); + /** + * All startElement events occuring in the redirectTriggers list will trigger + * redirection of the entire (sub-)fragment. + * + * @param event + * @return false if an event is redirected + */ + @Override + public boolean accept(XMLEvent event) { + int eventType = event.getEventType(); - if (eventType == XMLStreamConstants.START_ELEMENT) { - currentNamespaceContext = event.asStartElement().getNamespaceContext(); - } - if (redirectWriter == null) { - return true; - } - if (eventType == XMLStreamConstants.START_ELEMENT) { - if (depth >= 0 || triggersRedirect(event.asStartElement().getName())) { - depth++; - } - } else if (eventType == XMLStreamConstants.END_ELEMENT) { - if (depth >= 0 && --depth < 0) { - // redirect the end element of the trigger, - // but do not redirect the end element of the calling type - if (redirectTriggers != null) { - redirectEvent(event); - return false; - } - } - } - if (depth >= 0) { //|| (depth == 0 && redirectTriggers == null)) { - redirectEvent(event); - return false; + if (eventType == XMLStreamConstants.START_ELEMENT) { + //hopefully, this is a copy + currentNamespaceContext = event.asStartElement().getNamespaceContext(); + } + if (redirectWriter == null) { + return true; + } + if (eventType == XMLStreamConstants.START_ELEMENT) { + if (depth >= 0 || triggersRedirect(event.asStartElement().getName())) { + depth++; + } + } else if (eventType == XMLStreamConstants.END_ELEMENT) { + if (depth >= 0 && --depth < 0) { + // redirect the end element of the trigger, + // but do not redirect the end element of the calling type + if (redirectTriggers != null) { + redirectEvent(event); + return false; } - return true; // depth < 0; + } + } + if (depth >= 0) { //|| (depth == 0 && redirectTriggers == null)) { + redirectEvent(event); + return false; + } + return true; // depth < 0; // switch (event.getEventType()) { // case XMLStreamConstants.START_ELEMENT: @@ -132,128 +137,130 @@ public class RedirectEventFilter implements EventFilter { // return false; // } // return true; // depth < 0; - } + } - /** - * @param startElt - * @return true if the set of triggers contains startElement - * (or no triggers are registered, i.e. everything is redirected) - */ - private boolean triggersRedirect(QName startElement) { - if (redirectTriggers != null) { - return redirectTriggers.contains(startElement); - } - return true; + /** + * @param startElt + * @return true if the set of triggers contains startElement + * (or no triggers are registered, i.e. everything is redirected) + */ + private boolean triggersRedirect(QName startElement) { + if (redirectTriggers != null) { + return redirectTriggers.contains(startElement); } + return true; + } - private void redirectEvent(XMLEvent event) { - try { - if (log.isTraceEnabled()) { - log.trace("redirecting StAX event " + event); - } - redirectWriter.add(event); - } catch (XMLStreamException ex) { - ex.printStackTrace(); - } + private void redirectEvent(XMLEvent event) { + try { + if (log.isTraceEnabled()) { + log.trace("redirecting StAX event " + event); + } + redirectWriter.add(event); + } catch (XMLStreamException ex) { + ex.printStackTrace(); } + } - /** - * Enable/disable redirection of all events from now on. - * The redirected events will be UTF-8 encoded and written to the stream. - * - * @param redirectstream - * if null, redirection is disabled - */ - public void setRedirectStream(OutputStream redirectStream) throws XMLStreamException { - setRedirectStream(redirectStream, DEFAULT_ENCODING, null); - } + /** + * Enable/disable redirection of all events from now on. + * The redirected events will be UTF-8 encoded and written to the stream. + * + * @param redirectstream + * if null, redirection is disabled + */ + public void setRedirectStream(OutputStream redirectStream) throws XMLStreamException { + setRedirectStream(redirectStream, DEFAULT_ENCODING, null); + } - /** - * Enable/disable redirection of all events from now on. - * - * @param redirectStream if null, redirection is disabled - * @param encoding The encoding for the redirect stream - * @throws javax.xml.stream.XMLStreamException - */ - public void setRedirectStream(OutputStream redirectStream, String encoding) throws XMLStreamException { - setRedirectStream(redirectStream, encoding, null); - } + /** + * Enable/disable redirection of all events from now on. + * + * @param redirectStream if null, redirection is disabled + * @param encoding The encoding for the redirect stream + * @throws javax.xml.stream.XMLStreamException + */ + public void setRedirectStream(OutputStream redirectStream, String encoding) throws XMLStreamException { + setRedirectStream(redirectStream, encoding, null); + } - /** - * Enable/disable redirection of all (child) elements contained in redirect triggers. - * The redirected events will be UTF-8 encoded and written to the stream. - * - * @param redirectstream - * if null, redirection is disabled - * @param redirectTriggers elements that trigger the redirection - */ - public void setRedirectStream(OutputStream redirectStream, Set redirectTriggers) throws XMLStreamException { - setRedirectStream(redirectStream, DEFAULT_ENCODING, redirectTriggers); - } + /** + * Enable/disable redirection of all (child) elements contained in redirect triggers. + * The redirected events will be UTF-8 encoded and written to the stream. + * + * @param redirectstream + * if null, redirection is disabled + * @param redirectTriggers elements that trigger the redirection + */ + public void setRedirectStream(OutputStream redirectStream, Set redirectTriggers) throws XMLStreamException { + setRedirectStream(redirectStream, DEFAULT_ENCODING, redirectTriggers); + } - /** - * Enable/disable redirection of all (child) elements contained in redirect triggers. - * - * @param redirectstream - * if null, redirection is disabled - * @param encoding The encoding for the redirect stream - * @param redirectTriggers elements that trigger the redirection - */ - public void setRedirectStream(OutputStream redirectStream, String encoding, Set redirectTriggers) throws XMLStreamException { - if (redirectStream != null) { - XMLOutputFactory outputFactory = XMLOutputFactory.newInstance(); - if (encoding == null) { - encoding = DEFAULT_ENCODING; - } - redirectWriter = outputFactory.createXMLEventWriter(redirectStream, + /** + * Enable/disable redirection of all (child) elements contained in redirect triggers. + * + * TODO: don't set redirect stream from caller (caller does not know whether redirection will be triggered) + * rather create on trigger and pass to caller + * @param redirectstream + * if null, redirection is disabled + * @param encoding The encoding for the redirect stream + * @param redirectTriggers elements that trigger the redirection + */ + public void setRedirectStream(OutputStream redirectStream, String encoding, Set redirectTriggers) throws XMLStreamException { + if (redirectStream != null) { + XMLOutputFactory outputFactory = XMLOutputFactory.newInstance(); + if (encoding == null) { + encoding = DEFAULT_ENCODING; + } + redirectWriter = outputFactory.createXMLEventWriter(redirectStream, encoding); - if (redirectTriggers == null) { - // start redirecting - depth = 0; - } - this.redirectTriggers = redirectTriggers; - } else { - redirectWriter = null; - this.redirectTriggers = null; - } + if (redirectTriggers == null) { + // start redirecting + depth = 0; + } + this.redirectTriggers = redirectTriggers; + } else { + redirectWriter = null; + this.redirectTriggers = null; } + } - /** - * Enable/disable redirection of fragments (defined by elements in - * redirectTriggers) - * - * @param redirectStream - * if null, redirection is disabled - * @param redirectTriggers - * All startElement events occuring in this list will trigger - * redirection of the entire fragment. If null, all events are - * redirected - */ - // public void setRedirectStream(OutputStream redirectStream, List - // redirectTriggers) throws XMLStreamException { - // if (redirectStream != null) { - // XMLOutputFactory outputFactory = XMLOutputFactory.newInstance(); - // redirectWriter = outputFactory.createXMLEventWriter(redirectStream); - // } else { - // redirectWriter = null; - // } - // this.redirectTriggers = (redirectStream == null) ? null : redirectTriggers; - // } - /** - * flushes the internal EventWriter - * - * @throws javax.xml.stream.XMLStreamException - */ - public void flushRedirectStream() throws XMLStreamException { - redirectWriter.flush(); - } + /** + * Enable/disable redirection of fragments (defined by elements in + * redirectTriggers) + * + * @param redirectStream + * if null, redirection is disabled + * @param redirectTriggers + * All startElement events occuring in this list will trigger + * redirection of the entire fragment. If null, all events are + * redirected + */ + // public void setRedirectStream(OutputStream redirectStream, List + // redirectTriggers) throws XMLStreamException { + // if (redirectStream != null) { + // XMLOutputFactory outputFactory = XMLOutputFactory.newInstance(); + // redirectWriter = outputFactory.createXMLEventWriter(redirectStream); + // } else { + // redirectWriter = null; + // } + // this.redirectTriggers = (redirectStream == null) ? null : redirectTriggers; + // } + /** + * flushes the internal EventWriter + * + * @throws javax.xml.stream.XMLStreamException + */ + public void flushRedirectStream() throws XMLStreamException { + redirectWriter.flush(); + } - /** - * the namespaceContext of the last startelement event read - * - * @return - */ - public NamespaceContext getCurrentNamespaceContext() { - return currentNamespaceContext; - } + /** + * the namespaceContext of the last startelement event read + * + * @return + */ + public NamespaceContext getCurrentNamespaceContext() { + return currentNamespaceContext; + } } diff --git a/utils/src/main/java/at/gv/egiz/slbinding/impl/TransformsInfoType.java b/utils/src/main/java/at/gv/egiz/slbinding/impl/TransformsInfoType.java index b4e988f0..1180e9fa 100644 --- a/utils/src/main/java/at/gv/egiz/slbinding/impl/TransformsInfoType.java +++ b/utils/src/main/java/at/gv/egiz/slbinding/impl/TransformsInfoType.java @@ -25,6 +25,7 @@ import java.io.ByteArrayOutputStream; import java.util.HashSet; import java.util.Set; import javax.xml.bind.annotation.XmlTransient; +import javax.xml.namespace.NamespaceContext; import javax.xml.namespace.QName; import javax.xml.stream.XMLStreamException; import org.apache.commons.logging.Log; diff --git a/utils/src/main/java/at/gv/egiz/slbinding/impl/XMLContentType.java b/utils/src/main/java/at/gv/egiz/slbinding/impl/XMLContentType.java index c32542aa..eb147f88 100644 --- a/utils/src/main/java/at/gv/egiz/slbinding/impl/XMLContentType.java +++ b/utils/src/main/java/at/gv/egiz/slbinding/impl/XMLContentType.java @@ -35,7 +35,7 @@ import org.apache.commons.logging.LogFactory; public class XMLContentType extends at.buergerkarte.namespaces.securitylayer._1.XMLContentType implements RedirectCallback { @XmlTransient - private static Log log = LogFactory.getLog(TransformsInfoType.class); + private static Log log = LogFactory.getLog(XMLContentType.class); @XmlTransient protected ByteArrayOutputStream redirectOS = null; diff --git a/utils/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java b/utils/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java index 4ab376f1..fae77451 100644 --- a/utils/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java +++ b/utils/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java @@ -167,6 +167,7 @@ public class ObjectFactory { * */ public TransformType createTransformType() { +// return new at.gv.egiz.slbinding.impl.TransformType(); return new TransformType(); } diff --git a/utils/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java b/utils/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java index 584baf80..c7044c4c 100644 --- a/utils/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java +++ b/utils/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java @@ -57,7 +57,7 @@ import javax.xml.bind.annotation.XmlType; }) public class TransformsType { - @XmlElement(name = "Transform", required = true) + @XmlElement(name = "Transform", required = true) //, type=at.gv.egiz.slbinding.impl.TransformType.class) protected List transform; /** diff --git a/utils/src/test/java/at/gv/egiz/slbinding/RedirectTest.java b/utils/src/test/java/at/gv/egiz/slbinding/RedirectTest.java index 99d353ac..7c8c206a 100644 --- a/utils/src/test/java/at/gv/egiz/slbinding/RedirectTest.java +++ b/utils/src/test/java/at/gv/egiz/slbinding/RedirectTest.java @@ -52,6 +52,8 @@ import javax.xml.stream.XMLEventReader; import javax.xml.stream.XMLInputFactory; import static org.junit.Assert.*; +import org.w3._2000._09.xmldsig_.TransformType; +import org.w3._2000._09.xmldsig_.TransformsType; /** * @@ -131,11 +133,34 @@ public class RedirectTest { Iterator tiIt = transformsInfos.iterator(); while (tiIt.hasNext()) { at.gv.egiz.slbinding.impl.TransformsInfoType ti = (at.gv.egiz.slbinding.impl.TransformsInfoType) tiIt.next(); +// TransformsInfoType ti = tiIt.next(); assertNotNull(ti); - System.out.println("found at.gv.egiz.slbinding.impl.TransformsInfoType TransformsInfo"); + System.out.println("found sl:TransformsInfo: " + ti.getClass().getName()); //at.gv.egiz.slbinding.impl.TransformsInfoType TransformsInfo"); +// TransformsType ts = ti.getTransforms(); +// assertNotNull(ts); +// System.out.println("found dsig:Transforms " + ts.getClass().getName()); //org.w3._2000._09.xmldsig_.TransformsType dsig:Transforms"); +// List tL = ts.getTransform(); +// assertNotNull(tL); +// System.out.println("found " + tL.size() + " org.w3._2000._09.xmldsig_.TransformType dsig:Transform"); +// for (TransformType t : tL) { +// if (t instanceof at.gv.egiz.slbinding.impl.TransformType) { +// System.out.println("found at.gv.egiz.slbinding.impl.TransformType"); +// byte[] redirectedBytes = ((at.gv.egiz.slbinding.impl.TransformType) t).getRedirectedStream().toByteArray(); +// if (redirectedBytes != null && redirectedBytes.length > 0) { +// System.out.println("reading redirected stream..."); +// os.write("--- redirected Transform ---".getBytes()); +// os.write(redirectedBytes); +// os.write("\n".getBytes()); +// } else { +// System.out.println("no redirected stream"); +// } +// } +// } + ByteArrayOutputStream dsigTransforms = ti.getRedirectedStream(); + os.write("--- redirected TransformsInfo content ---".getBytes()); os.write(dsigTransforms.toByteArray()); - os.write("\n".getBytes()); + os.write("\n---".getBytes()); MetaInfoType mi = ti.getFinalDataMetaInfo(); assertNotNull(mi); diff --git a/utils/src/test/requests/CreateXMLSignatureRequest02.xml_redirect.txt b/utils/src/test/requests/CreateXMLSignatureRequest02.xml_redirect.txt index 31be50b7..fc0e4f14 100644 --- a/utils/src/test/requests/CreateXMLSignatureRequest02.xml_redirect.txt +++ b/utils/src/test/requests/CreateXMLSignatureRequest02.xml_redirect.txt @@ -1,4 +1,4 @@ - +--- redirected TransformsInfo content --- @@ -82,7 +82,7 @@ - +------ redirected TransformsInfo content --- @@ -162,3 +162,4 @@ +--- \ No newline at end of file -- cgit v1.2.3 From 2882e14d19cfa58ea382083434210aaf0cfea3e3 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 13 Mar 2009 07:49:49 +0000 Subject: Fixed Bug#405 and added according test case Fixed Bug#402 Added Feature#403 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@320 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 2 + .../egiz/bku/local/webapp/BKURequestHandler.java | 21 ++++- .../gv/egiz/bku/local/webapp/SpringBKUServlet.java | 67 ++++++++------- BKULocal/src/main/webapp/WEB-INF/web.xml | 2 +- .../java/at/gv/egiz/bku/local/app/BKULauncher.java | 1 + .../gv/egiz/bku/online/webapp/ResultServlet.java | 23 ++++-- bkucommon/pom.xml | 80 ++++++++++-------- .../gv/egiz/bku/binding/DataUrlConnectionImpl.java | 16 +++- .../gv/egiz/bku/binding/HTTPBindingProcessor.java | 4 +- .../main/java/at/gv/egiz/bku/binding/HttpUtil.java | 3 +- .../java/at/gv/egiz/bku/conf/Configurator.java | 59 ++++++++++--- .../slcommands/impl/xsect/LocRefDereferencer.java | 1 - .../bku/binding/EmptyMultipartSLRequestTest.java | 96 ++++++++++++++++++++++ .../at/gv/egiz/bku/binding/MultipartEmpty.txt | 17 ++++ .../HTTPURLProtocolHandlerImpl.java | 9 +- 15 files changed, 307 insertions(+), 94 deletions(-) create mode 100644 bkucommon/src/test/java/at/gv/egiz/bku/binding/EmptyMultipartSLRequestTest.java create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/MultipartEmpty.txt (limited to 'bkucommon/src/test/resources') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index bcb96c2f..09b0ebab 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -29,6 +29,7 @@ import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; import at.gv.egiz.bku.conf.Configurator; +import at.gv.egiz.bku.local.webapp.SpringBKUServlet; import at.gv.egiz.bku.slexceptions.SLRuntimeException; public class SpringConfigurator extends Configurator implements @@ -72,6 +73,7 @@ public class SpringConfigurator extends Configurator implements defaultInit(); } super.configure(); + SpringBKUServlet.setConfigurator(this); } public void defaultInit() { diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java index 62705d1e..b39b4d02 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java @@ -33,16 +33,15 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.BindingProcessorManager; import at.gv.egiz.bku.binding.HTTPBindingProcessor; import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.conf.Configurator; import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; -public abstract class BKURequestHandler extends HttpServlet { +public class BKURequestHandler extends SpringBKUServlet { public final static String ENCODING = "UTF-8"; protected Log log = LogFactory.getLog(BKURequestHandler.class); - protected abstract BindingProcessorManager getBindingProcessorManager(); - protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, java.io.IOException { log.debug("Got new request"); @@ -77,6 +76,22 @@ public abstract class BKURequestHandler extends HttpServlet { String header = it.next(); resp.setHeader(header, bindingProcessor.getResponseHeaders().get(header)); } + String sigLayout=""; + String version = configurator.getProperty(Configurator.SIGNATURE_LAYOUT); + if ((version != null) && (!"".equals(version.trim()))) { + resp.setHeader(Configurator.SIGNATURE_LAYOUT, version); + } else { + log.debug("Do not set siglayout header"); + } + + if (configurator.getProperty(Configurator.USERAGENT_CONFIG_P) != null) { + resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, configurator + .getProperty(Configurator.USERAGENT_CONFIG_P)); + } else { + resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, + Configurator.USERAGENT_DEFAULT); + } + resp.setContentType(bindingProcessor.getResultContentType()); resp.setCharacterEncoding(ENCODING); bindingProcessor.writeResultTo(resp.getOutputStream(), ENCODING); diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java index c573e52f..3bd50ba7 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java @@ -1,30 +1,39 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.webapp; - -import at.gv.egiz.bku.binding.BindingProcessorManager; - -public class SpringBKUServlet extends BKURequestHandler { - - public final static String BEAN_NAME="bindingProcessorManager"; - - @Override - protected BindingProcessorManager getBindingProcessorManager() { - return (BindingProcessorManager) getServletContext().getAttribute(BEAN_NAME); - } - -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import javax.servlet.http.HttpServlet; + +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.conf.Configurator; + +public abstract class SpringBKUServlet extends HttpServlet { + + public final static String BEAN_NAME = "bindingProcessorManager"; + + protected static Configurator configurator; + + protected BindingProcessorManager getBindingProcessorManager() { + return (BindingProcessorManager) getServletContext() + .getAttribute(BEAN_NAME); + } + + public static void setConfigurator(Configurator conf) { + configurator = conf; + } + +} diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml index 36087d17..3b2e7e10 100644 --- a/BKULocal/src/main/webapp/WEB-INF/web.xml +++ b/BKULocal/src/main/webapp/WEB-INF/web.xml @@ -34,7 +34,7 @@ BKUServlet - at.gv.egiz.bku.local.webapp.SpringBKUServlet + at.gv.egiz.bku.local.webapp.BKURequestHandler help diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java index b2022d22..09695808 100644 --- a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java @@ -26,6 +26,7 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.local.ui.BKUControllerInterface; import at.gv.egiz.bku.local.ui.TrayIconDialog; +import at.gv.egiz.bku.utils.HexDump; import at.gv.egiz.bku.utils.StreamUtil; public class BKULauncher implements BKUControllerInterface { diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java index a4d3e5d1..e9d9a38a 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java @@ -79,7 +79,21 @@ public class ResultServlet extends SpringBKUServlet { } protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { + throws ServletException, java.io.IOException { + String version = configurator.getProperty(Configurator.SIGNATURE_LAYOUT); + if ((version != null) && (!"".equals(version.trim()))) { + resp.setHeader(Configurator.SIGNATURE_LAYOUT, version); + } else { + log.debug("Do not set siglayout header"); + } + + if (configurator.getProperty(Configurator.USERAGENT_CONFIG_P) != null) { + resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, configurator + .getProperty(Configurator.USERAGENT_CONFIG_P)); + } else { + resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, + Configurator.USERAGENT_DEFAULT); + } HttpSession session = req.getSession(false); if (session == null) { @@ -119,13 +133,6 @@ public class ResultServlet extends SpringBKUServlet { resp.setHeader("Cache-Control", "no-store"); // HTTP 1.1 resp.setHeader("Pragma", "no-cache"); // HTTP 1.0 resp.setDateHeader("Expires", 0); - if (configurator.getProperty(Configurator.USERAGENT_CONFIG_P) != null) { - resp.setHeader(HttpUtil.HTTP_HEADER_USER_AGENT, configurator - .getProperty(Configurator.USERAGENT_CONFIG_P)); - } else { - resp.setHeader(HttpUtil.HTTP_HEADER_USER_AGENT, - Configurator.USERAGENT_DEFAULT); - } for (Iterator it = bp.getResponseHeaders().keySet().iterator(); it .hasNext();) { String header = it.next(); diff --git a/bkucommon/pom.xml b/bkucommon/pom.xml index ccc1814d..5084abcb 100644 --- a/bkucommon/pom.xml +++ b/bkucommon/pom.xml @@ -1,5 +1,6 @@ - + bku at.gv.egiz @@ -10,7 +11,43 @@ bkucommon BKU Common 1.0.5-SNAPSHOT - http://maven.apache.org + + + + + + + org.apache.maven.plugins + maven-jar-plugin + + + + + + 1.0 + + + + + + at.gv.egiz @@ -58,35 +95,14 @@ compile - org.springframework - spring-context - test - - - - com.sun.xml.bind - jaxb-impl - + org.springframework + spring-context + test + + + + com.sun.xml.bind + jaxb-impl + - - - - - - \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index 4c235456..c8bddbbd 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -225,10 +225,17 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { this.url = url; boundary = "--" + IdFactory.getInstance().createId().toString(); requestHttpHeaders = new HashMap(); - if ((config != null) - && (config.getProperty(Configurator.USERAGENT_CONFIG_P) != null)) { - requestHttpHeaders.put(HttpUtil.HTTP_HEADER_USER_AGENT, config - .getProperty(Configurator.USERAGENT_CONFIG_P)); + + if (config != null) { + String sigLayout=""; + String version = config.getProperty(Configurator.SIGNATURE_LAYOUT); + if ((version != null) && (!"".equals(version.trim()))) { + requestHttpHeaders.put(Configurator.SIGNATURE_LAYOUT, version); + } else { + log.debug("Do not set siglayout header"); + } + String userAgent = config.getProperty(Configurator.USERAGENT_CONFIG_P, Configurator.USERAGENT_DEFAULT); + requestHttpHeaders.put(HttpUtil.HTTP_HEADER_USER_AGENT, userAgent); } else { requestHttpHeaders .put(HttpUtil.HTTP_HEADER_USER_AGENT, Configurator.USERAGENT_DEFAULT); @@ -251,6 +258,7 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { DataUrlConnectionSPI uc = new DataUrlConnectionImpl(); uc.setConfiguration(config); uc.setSSLSocketFactory(sslSocketFactory); + uc.setHostnameVerifier(hostnameVerifier); return uc; } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java index 43f42331..d0b2dac1 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java @@ -672,10 +672,10 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements } else { FormParameterStore fps = new FormParameterStore(); fps.init(fp); - if (!fps.isEmpty()) { + //if (!fps.isEmpty()) { log.debug("Setting form parameter: " + fps.getFormParameterName()); formParameterMap.put(fps.getFormParameterName(), fps); - } + //} } } if (slCommand == null) { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HttpUtil.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HttpUtil.java index b11a4d85..5ea7b25e 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HttpUtil.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HttpUtil.java @@ -29,7 +29,8 @@ public class HttpUtil { public final static String CHAR_SET = "charset"; public final static String DEFAULT_CHARSET = "ISO-8859-1"; public final static String HTTP_HEADER_CONTENT_TYPE = "Content-Type"; - public static final String HTTP_HEADER_USER_AGENT = "User-Agent"; + public static final String HTTP_HEADER_USER_AGENT = "User-Agent"; + public static final String HTTP_HEADER_SERVER = "Server"; public final static String HTTP_HEADER_REFERER = "Referer"; public final static String CONTENT_TRANSFER_ENCODING = "Content-Transfer-Encoding"; public final static String MULTIPART_FOTMDATA = "multipart/form-data"; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 6213ffcf..8a94e88d 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -9,6 +9,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; +import java.net.URL; import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; @@ -26,6 +27,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Properties; import java.util.Set; +import java.util.jar.Attributes; +import java.util.jar.Manifest; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; @@ -39,7 +42,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.DataUrl; -import at.gv.egiz.bku.binding.DataUrlConnection; import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; import at.gv.egiz.bku.slexceptions.SLRuntimeException; @@ -55,10 +57,12 @@ public abstract class Configurator { public static final String USERAGENT_DEFAULT = "citizen-card-environment/1.2 MOCCA/UNKNOWN"; public static final String USERAGENT_BASE = "citizen-card-environment/1.2 MOCCA/"; + public static final String SIGNATURE_LAYOUT = "SignatureLayout"; protected Properties properties; protected CertValidator certValidator; + protected String signaturLayoutVersion; protected Configurator() { } @@ -161,7 +165,7 @@ public abstract class Configurator { log.debug("Registering security providers"); Security.insertProviderAt(new IAIK(), 1); Security.insertProviderAt(new ECCProvider(false), 2); - + // registering STALProvider as delegation provider for XSECT STALProvider stalProvider = new STALProvider(); Set services = stalProvider.getServices(); @@ -171,8 +175,10 @@ public abstract class Configurator { XSecProvider.setDelegationProvider(algorithm, stalProvider.getName()); sb.append("\n" + algorithm); } - log.debug("Registered STALProvider as XSecProvider delegation provider for the following services : " + sb.toString()); - + log + .debug("Registered STALProvider as XSecProvider delegation provider for the following services : " + + sb.toString()); + Security.addProvider(stalProvider); XSecProvider.addAsProvider(false); sb = new StringBuilder(); @@ -193,6 +199,31 @@ public abstract class Configurator { } } + public void configureSingatureLayoutVersion() { + if (properties.get(SIGNATURE_LAYOUT) == null) { + try { + String classContainer = Configurator.class.getProtectionDomain() + .getCodeSource().getLocation().toString(); + URL manifestUrl = new URL("jar:" + classContainer + + "!/META-INF/MANIFEST.MF"); + Manifest manifest = new Manifest(manifestUrl.openStream()); + Attributes att = manifest.getMainAttributes(); + String layout = null; + if (att != null) { + layout = att.getValue(SIGNATURE_LAYOUT); + } + if (layout != null) { + log.info("Setting signature layout to: " + layout); + properties.put(SIGNATURE_LAYOUT, layout); + } else { + log.warn("No signature layout version defined"); + } + } catch (Exception ex) { + log.warn("Cannot read manifest", ex); + } + } + } + public void configureNetwork() { String proxy = getProperty("HTTPProxyHost"); String portString = getProperty("HTTPProxyPort"); @@ -217,15 +248,15 @@ public abstract class Configurator { if (is != null) { p.load(getManifest()); String version = p.getProperty("Implementation-Build"); - properties.setProperty(USERAGENT_CONFIG_P, - USERAGENT_BASE + version); + if (version == null) { + version="UNKNOWN"; + } + properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_BASE + version); log.debug("Setting user agent to: " - + properties - .getProperty(USERAGENT_CONFIG_P)); + + properties.getProperty(USERAGENT_CONFIG_P)); } else { log.warn("Cannot read manifest"); - properties.setProperty(USERAGENT_CONFIG_P, - USERAGENT_DEFAULT); + properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_DEFAULT); } } catch (IOException e) { log.error(e); @@ -240,6 +271,7 @@ public abstract class Configurator { configViewer(); configureSSL(); configureVersion(); + configureSingatureLayoutVersion(); configureNetwork(); } @@ -280,11 +312,14 @@ public abstract class Configurator { sslCtx.init(km, new TrustManager[] { pkixTM }, null); } DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory()); - URLDereferencer.getInstance().setSSLSocketFactory(sslCtx.getSocketFactory()); + URLDereferencer.getInstance().setSSLSocketFactory( + sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } - if ((disableAll != null && Boolean.parseBoolean(disableAll)) || (disableHostnameVerification != null && Boolean.parseBoolean(disableHostnameVerification))) { + if ((disableAll != null && Boolean.parseBoolean(disableAll)) + || (disableHostnameVerification != null && Boolean + .parseBoolean(disableHostnameVerification))) { log.warn("---------------------------------"); log.warn(" Disabling Hostname Verification "); log.warn("---------------------------------"); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java index a6399c9b..f5394157 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/LocRefDereferencer.java @@ -105,7 +105,6 @@ public class LocRefDereferencer implements URIDereferencer { throw new URIReferenceException("Failed to dereference URI '" + locRef + "'. " + e.getMessage(), e); } - return new OctetStreamData(streamData.getStream(), locRef, streamData .getContentType()); } diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/EmptyMultipartSLRequestTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/EmptyMultipartSLRequestTest.java new file mode 100644 index 00000000..dd315f7f --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/EmptyMultipartSLRequestTest.java @@ -0,0 +1,96 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.binding; + +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; +import iaik.xml.crypto.XSecProvider; + +import java.io.InputStream; +import java.net.MalformedURLException; +import java.security.Provider; +import java.security.Security; +import java.security.Provider.Service; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.junit.Before; +import org.junit.Test; + +import at.gv.egiz.bku.conf.Configurator; +import at.gv.egiz.bku.slcommands.SLCommandFactory; +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; + +public class EmptyMultipartSLRequestTest { + + private static Log log = LogFactory.getLog(EmptyMultipartSLRequestTest.class); + + protected String resourceName = "at/gv/egiz/bku/binding/MultipartEmpty.txt"; + + protected BindingProcessor bindingProcessor; + protected InputStream dataStream; + protected BindingProcessorManager manager; + + @Before + public void setUp() throws MalformedURLException, ClassNotFoundException { + manager = new BindingProcessorManagerImpl(new DummyStalFactory(), + new SLCommandInvokerImpl()); + HTTPBindingProcessor http = (HTTPBindingProcessor) manager + .createBindingProcessor("http://www.at/", null); + Map headers = new HashMap(); + headers.put("Content-Type", InputDecoderFactory.MULTIPART_FORMDATA + + ";boundary=uW10q_I9UeqKyw-1o5EW4jtEAaGs7-mC6o"); + http.setHTTPHeaders(headers); + dataStream = getClass().getClassLoader().getResourceAsStream(resourceName); + bindingProcessor = http; + Map commandMap = new HashMap(); + commandMap + .put( + "http://www.buergerkarte.at/namespaces/securitylayer/1.2#:CreateXMLSignatureRequest", + "at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandImpl"); + commandMap + .put( + "http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxReadRequest", + "at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl"); + SLCommandFactory.getInstance().setCommandImpl(commandMap); + Security.insertProviderAt(new IAIK(), 1); + Security.insertProviderAt(new ECCProvider(false), 2); + XSecProvider.addAsProvider(false); + // registering STALProvider as delegation provider for XSECT + STALProvider stalProvider = new STALProvider(); + Security.addProvider(stalProvider); + Set services = stalProvider.getServices(); + StringBuilder sb = new StringBuilder(); + for (Service service : services) { + String algorithm = service.getType() + "." + service.getAlgorithm(); + XSecProvider.setDelegationProvider(algorithm, stalProvider.getName()); + sb.append("\n" + algorithm); + } + log.debug(sb); + } + + @Test + public void testBasicNop() { + bindingProcessor.consumeRequestStream(dataStream); + // manager.process(bindingProcessor); + bindingProcessor.run(); + } + +} diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/MultipartEmpty.txt b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/MultipartEmpty.txt new file mode 100644 index 00000000..97c29894 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/MultipartEmpty.txt @@ -0,0 +1,17 @@ +POST /http-security-layer-request HTTP/1.1 +User-Agent: Jakarta Commons-HttpClient/3.0 +Host: 127.0.0.1:13495 +Content-Length: 855 +Content-Type: multipart/form-data; boundary=uW10q_I9UeqKyw-1o5EW4jtEAaGs7-mC6o + +--uW10q_I9UeqKyw-1o5EW4jtEAaGs7-mC6o +Content-Disposition: form-data; name="XMLRequest" + +SecureSignatureKeypairformdata:fileuploadtext/plain +--uW10q_I9UeqKyw-1o5EW4jtEAaGs7-mC6o +Content-Disposition: form-data; name="fileupload"; filename="myfile.txt" +Content-Type: text/plain; charset=ISO-8859-1 +Content-Transfer-Encoding: binary + + +--uW10q_I9UeqKyw-1o5EW4jtEAaGs7-mC6o-- diff --git a/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/HTTPURLProtocolHandlerImpl.java b/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/HTTPURLProtocolHandlerImpl.java index 99f804b7..dfe7d5e6 100644 --- a/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/HTTPURLProtocolHandlerImpl.java +++ b/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/HTTPURLProtocolHandlerImpl.java @@ -81,6 +81,13 @@ public class HTTPURLProtocolHandlerImpl implements URLProtocolHandler { .getInputStream()); } + /** + * + * @param aUrl + * @param aContext + * @return + * @throws IOException if the data cannot be found or reading the stream failed. + */ protected StreamData dereferenceFormData(String aUrl, URLDereferencerContext aContext) throws IOException { log.debug("Dereferencing formdata url: " + aUrl); @@ -96,7 +103,7 @@ public class HTTPURLProtocolHandlerImpl implements URLProtocolHandler { if (is != null) { return new StreamData(aUrl, contentType, is); } - return null; + throw new IOException("Cannot dereference url: formdata not found"); } @Override -- cgit v1.2.3 From aaf34f6dfc26ef28c6ddbe2987ebf7c3dd48e664 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 16 Oct 2009 14:58:21 +0000 Subject: Fixed some further issues in XWWWFormUrlInputIterator. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@532 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../egiz/bku/binding/XWWWFormUrlInputIterator.java | 34 ++--- .../bku/binding/XWWWFormUrlInputIteratorTest.java | 147 +++++++++++++++++++++ .../at/gv/egiz/bku/binding/XWWWFormUrlEncoded1.txt | 1 + .../at/gv/egiz/bku/binding/XWWWFormUrlEncoded2.txt | 1 + 4 files changed, 168 insertions(+), 15 deletions(-) create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/XWWWFormUrlEncoded1.txt create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/binding/XWWWFormUrlEncoded2.txt (limited to 'bkucommon/src/test/resources') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/XWWWFormUrlInputIterator.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/XWWWFormUrlInputIterator.java index f60b42b3..9279130d 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/XWWWFormUrlInputIterator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/XWWWFormUrlInputIterator.java @@ -83,23 +83,25 @@ public class XWWWFormUrlInputIterator implements Iterator { if (done) { return false; } - if (currentParameter != null) { - // we have to disconnect the current parameter - // to look for further parameters - try { + try { + if (currentParameter != null) { + // we have to disconnect the current parameter + // to look for further parameters currentParameter.formParameterValue.disconnect(); - // fill buffer if empty - if (pos >= count) { - if ((count = in.read(buf)) == -1) { - // done - done = true; - return false; - } - pos = 0; + } + // fill buffer if empty + if (pos >= count) { + if ((count = in.read(buf)) == -1) { + // done + done = true; + return false; } - } catch (IOException e) { - deferredIOException = e; + pos = 0; } + } catch (IOException e) { + deferredIOException = e; + // return true to be able to report error + return true; } return true; } @@ -108,7 +110,9 @@ public class XWWWFormUrlInputIterator implements Iterator { public FormParameter next() { if (hasNext()) { // skip separator - pos++; + if (buf[pos] == PARAM_SEP) { + pos++; + } currentParameter = new XWWWFormUrlEncodedParameter(); return currentParameter; } else { diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/XWWWFormUrlInputIteratorTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/XWWWFormUrlInputIteratorTest.java index 703e4460..4d81f038 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/XWWWFormUrlInputIteratorTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/XWWWFormUrlInputIteratorTest.java @@ -1,20 +1,41 @@ package at.gv.egiz.bku.binding; +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStreamWriter; +import java.io.UnsupportedEncodingException; +import java.net.URL; import java.net.URLEncoder; +import java.nio.CharBuffer; +import java.nio.channels.FileChannel; import java.nio.charset.Charset; import org.junit.Ignore; import org.junit.Test; + +import at.gv.egiz.bku.utils.URLEncodingWriter; import static org.junit.Assert.*; public class XWWWFormUrlInputIteratorTest { + @Test + public void testEmpty() throws IOException { + + ByteArrayInputStream emptyStream = new ByteArrayInputStream(new byte[] {}); + + XWWWFormUrlInputIterator decoder = new XWWWFormUrlInputIterator(emptyStream); + + assertFalse(decoder.hasNext()); + + } + @Test public void testOneParam() throws IOException { @@ -148,5 +169,131 @@ public class XWWWFormUrlInputIteratorTest { } + @Test + public void testURLEnc1() throws IOException { + + InputStream urlEncStream = new BufferedInputStream(getClass() + .getResourceAsStream("XWWWFormUrlEncoded1.txt")); + + XWWWFormUrlInputIterator decoder = new XWWWFormUrlInputIterator(urlEncStream); + + assertTrue(decoder.hasNext()); + FormParameter param = decoder.next(); + assertNotNull(param); + assertEquals("XMLRequest", param.getFormParameterName()); + InputStream vis = param.getFormParameterValue(); + assertNotNull(vis); + ByteArrayOutputStream os = new ByteArrayOutputStream(); + byte[] buf = new byte[1024]; + for (int l; (l = vis.read(buf)) != -1;) { + os.write(buf, 0, l); + } + assertEquals(-1, vis.read()); + assertFalse(decoder.hasNext()); + assertEquals(-1, urlEncStream.read()); + + } + + @Test + public void testURLEnc2() throws IOException { + + InputStream urlEncStream = new BufferedInputStream(getClass() + .getResourceAsStream("XWWWFormUrlEncoded2.txt")); + + XWWWFormUrlInputIterator decoder = new XWWWFormUrlInputIterator(urlEncStream); + + assertTrue(decoder.hasNext()); + FormParameter param = decoder.next(); + assertNotNull(param); + assertEquals("XMLRequest", param.getFormParameterName()); + InputStream vis = param.getFormParameterValue(); + assertNotNull(vis); + ByteArrayOutputStream os = new ByteArrayOutputStream(); + byte[] buf = new byte[1024]; + for (int l; (l = vis.read(buf)) != -1;) { + os.write(buf, 0, l); + } + assertEquals(-1, vis.read()); + vis.close(); + + assertTrue(decoder.hasNext()); + param = decoder.next(); + assertNotNull(param); + assertEquals("EmptyParam", param.getFormParameterName()); + vis = param.getFormParameterValue(); + assertNotNull(vis); + assertEquals(-1, vis.read()); + vis.close(); + + assertTrue(decoder.hasNext()); + param = decoder.next(); + assertNotNull(param); + assertEquals("TransferParam__", param.getFormParameterName()); + vis = param.getFormParameterValue(); + assertNotNull(vis); + for (int l = 0; (l = vis.read(buf)) != -1;) { + os.write(buf, 0, l); + } + assertEquals(-1, vis.read()); + vis.close(); + + } + + @Ignore + @Test + public void testURLEncLoremIpsum() throws IOException { + + InputStream urlEncStream = new BufferedInputStream(getClass() + .getResourceAsStream("UrlEncodedLoremIpsum.txt")); + + XWWWFormUrlInputIterator decoder = new XWWWFormUrlInputIterator(urlEncStream); + + assertTrue(decoder.hasNext()); + FormParameter param = decoder.next(); + assertNotNull(param); + assertEquals("LoremIpsum", param.getFormParameterName()); + InputStream vis = param.getFormParameterValue(); + assertNotNull(vis); + ByteArrayOutputStream os = new ByteArrayOutputStream(); + byte[] buf = new byte[1024]; + for (int l; (l = vis.read(buf)) != -1;) { + os.write(buf, 0, l); + } + assertEquals(-1, vis.read()); + vis.close(); + + assertFalse(decoder.hasNext()); + + } + + + public static void main(String[] args) throws IOException { + + URL resource = XWWWFormUrlInputIteratorTest.class + .getResource("LoremIpsum.txt"); + + BufferedInputStream is = new BufferedInputStream(resource.openStream()); + + InputStreamReader reader = new InputStreamReader(is, "UTF-8"); + + StringBuilder sb = new StringBuilder(); + char[] b = new char[1024]; + for (int l; (l = reader.read(b)) != -1;) { + sb.append(b, 0, l); + } + String li = sb.toString(); + + FileOutputStream os = new FileOutputStream("UrlEncodedLoremIpsum.txt"); + OutputStreamWriter writer = new OutputStreamWriter(new BufferedOutputStream(os), "ISO-8859-1"); + URLEncodingWriter encoder = new URLEncodingWriter(writer); + + for (int i = 0; i < 100; i++) { + encoder.write(li); + } + + encoder.flush(); + encoder.close(); + + } } diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/XWWWFormUrlEncoded1.txt b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/XWWWFormUrlEncoded1.txt new file mode 100644 index 00000000..32804c17 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/XWWWFormUrlEncoded1.txt @@ -0,0 +1 @@ +XMLRequest=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0D%0A%3Csl%3ACreateXMLSignatureRequest+%0D%0A++xmlns%3Asl%3D%22http%3A%2F%2Fwww.buergerkarte.at%2Fnamespaces%2Fsecuritylayer%2F1.2%23%22%3E%0D%0A%3Csl%3AKeyboxIdentifier%3ESecureSignatureKeypair%3C%2Fsl%3AKeyboxIdentifier%3E%0D%0A++%3Csl%3ADataObjectInfo+Structure%3D%22enveloping%22%3E%0D%0A++++%3Csl%3ADataObject%3E%0D%0A++++++%3Csl%3AXMLContent%3ELorem+ipsum+dolor+sit+amet%2C+consectetur+adipiscing+elit.+Pellentesque+sed+dui+sed+enim+lobortis+ullamcorper+eu+sit+amet+libero.+Cras+mi+dolor%2C+ultrices+quis+tincidunt+non%2C+imperdiet+in+orci.+Nulla+placerat+sodales+nibh+sit+amet+ornare.+Suspendisse+potenti.+Duis+ultricies+metus+tortor%2C+id+mattis+nulla.+Proin+cursus+commodo+aliquet.+In+posuere%2C+lorem+sit+amet+egestas+consequat%2C+diam+ligula+accumsan+dui%2C+non+placerat+diam+nisl+id+tortor.+Aliquam+blandit+viverra+tellus%2C+vel+facilisis+eros+fermentum+ultrices.+Nullam+sodales+mattis+vulputate.+Suspendisse+luctus+dapibus+odio%2C+tincidunt+tempus+dui+sollicitudin+sed.%0D%0A%0D%0AMauris+auctor%2C+est+non+mattis+consequat%2C+ante+sem+tristique+sem%2C+eget+porttitor+nisl+magna+consectetur+tortor.+Sed+semper+diam+nec+leo+fermentum+dictum.+Suspendisse+sed+ipsum+orci.+Phasellus+rhoncus+odio+sed+lorem+rhoncus+et+tincidunt+mi+semper.+Etiam+accumsan+aliquam+augue%2C+id+aliquet+dui+lacinia+non.+Suspendisse+non+purus+a+turpis+imperdiet+vestibulum+id+in+nisi.+Sed+quis+leo+nec+massa+rhoncus+pharetra+ac+non+ipsum.+Proin+tristique+est+eget+dolor+euismod+vitae+rhoncus+metus+molestie.+Duis+volutpat+leo+libero%2C+molestie+fermentum+turpis.+Praesent+interdum+tellus+mattis+lorem+mollis+sit+amet+elementum+risus+cursus.+Nam+erat+nulla%2C+mollis+sit+amet+rutrum+ut%2C+pharetra+gravida+ligula.+In+hac+habitasse+platea+dictumst.+Maecenas+non+massa+ac+ipsum+eleifend+tempor.+Ut+sed+diam+nisi%2C+in+volutpat+libero.+Duis+vehicula+purus+eu+risus+ultricies+rutrum.+Duis+risus+mi%2C+aliquam+nec+venenatis+vel%2C+scelerisque+eget+eros.+Pellentesque+mollis+aliquet+nibh%2C+et+hendrerit+tortor+lobortis+sed.%0D%0A%0D%0AAenean+odio+sem%2C+pretium+eget+sagittis+sed%2C+rhoncus+a+nisi.+Nulla+cursus+diam+sit+amet+massa+iaculis+ultricies.+Aenean+odio+lorem%2C+bibendum+vitae+consequat+vel%2C+luctus+id+diam.+Proin+congue%2C+dui+non+eleifend+interdum%2C+lorem+lorem+semper+ligula%2C+in+condimentum+orci+enim+eget+tellus.+Aliquam+erat+volutpat.+Quisque+porttitor+volutpat+elit%2C+quis+ultricies+elit+imperdiet+at.+Donec+dictum+ultricies+ligula.+Aliquam+in+condimentum+quam.+Ut+placerat+suscipit+dolor%2C+a+aliquet+arcu+suscipit+ut.+Suspendisse+et+arcu+id+quam+vehicula+ultrices.+Duis+erat+leo%2C+tempor+vel+aliquet+eu%2C+feugiat+eget+erat.+Nulla+facilisi.+Nulla+sed+lorem+sapien.+Aliquam+ullamcorper+dui+sed+nisl+sollicitudin+tempus.+Donec+ipsum+quam%2C+placerat+at+tincidunt+et%2C+condimentum+sit+amet+sapien.+In+luctus+ullamcorper+molestie.+Cras+non+augue+elit.+Ut+cursus+volutpat+augue%2C+sed+condimentum+est+mollis+vitae.+Class+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Donec+consectetur+lacus+quis+turpis+semper+elementum+vitae+eleifend+dui.%0D%0A%0D%0APraesent+sed+libero+metus.+Nulla+est+nulla%2C+condimentum+non+volutpat+nec%2C+elementum+at+nisi.+Vivamus+posuere+dignissim+ultricies.+Fusce+massa+velit%2C+dignissim+quis+vehicula+in%2C+consequat+at+purus.+Duis+accumsan+lacinia+mattis.+Aliquam+eget+felis+eget+odio+viverra+ornare+ut+non+orci.+Vivamus+porta%2C+magna+sit+amet+ornare+lacinia%2C+sem+erat+porta+lectus%2C+at+porttitor+nisl+nisl+tincidunt+nisi.+Pellentesque+ornare+massa+ac+urna+feugiat+dignissim.+Ut+at+metus+nunc%2C+sit+amet+vulputate+arcu.+In+hac+habitasse+platea+dictumst.+Suspendisse+eget+elit+nec+erat+iaculis+accumsan+ac+nec+velit.+Aliquam+erat+volutpat.+Proin+id+nibh+odio.+Cras+ullamcorper%2C+dolor+a+rutrum+pharetra%2C+turpis+ligula+adipiscing+nisl%2C+a+tristique+tortor+lorem+in+dolor.+Proin+ac+ligula+felis%2C+et+malesuada+orci.+Aliquam+erat+volutpat.+Phasellus+faucibus+ipsum+quis+libero+posuere+vitae+accumsan+enim+mollis.+Cras+metus+odio%2C+eleifend+sed+suscipit+at%2C+gravida+quis+diam.%0D%0A%0D%0AEtiam+lorem+turpis%2C+consequat+sit+amet+vestibulum+faucibus%2C+accumsan+in+libero.+Nam+ornare+laoreet+placerat.+Nam+pellentesque+lectus+at+urna+tincidunt+facilisis.+Suspendisse+a+libero+in+arcu+eleifend+semper+vitae+sed+tortor.+Curabitur+ac+magna+a+eros+blandit+eleifend+vel+in+tortor.+Morbi+pretium+ullamcorper+ligula+rutrum+porta.+Pellentesque+vitae+viverra+erat.+Quisque+neque+orci%2C+condimentum+id+tempus+in%2C+porttitor+nec+nibh.+Donec+a+odio+a+lectus+dapibus+fermentum+a+sit+amet+sem.+Cras+risus+dolor%2C+ultricies+eget+suscipit+nec%2C+tempus+eget+justo.+Aenean+suscipit+fermentum+nisl%2C+vel+sodales+elit+euismod+ac.+In+non+laoreet+mi.+Morbi+aliquet+quam+id+nunc+aliquet+facilisis.+Nulla+elementum+fringilla+eleifend.+Sed+tristique+nunc+eget+turpis+ullamcorper+varius.+Pellentesque+non+diam+nec+lorem+mollis+vulputate.+In+hac+habitasse+platea+dictumst.+Aenean+pellentesque+leo+ac+augue+molestie+non+varius+nibh+consectetur.+Donec+quis+dui+eget+tortor+pharetra+convallis+vel+quis+orci.+Nulla+at+odio+nisi%2C+sit+amet+luctus+diam.%0D%0A%0D%0ANam+nisl+nibh%2C+faucibus+eu+aliquet+non%2C+elementum+vitae+quam.+Etiam+massa+massa%2C+gravida+ut+pharetra+non%2C+mollis+in+augue.+Integer+urna+quam%2C+tincidunt+et+lacinia+et%2C+vehicula+sit+amet+justo.+Nulla+dui+dui%2C+semper+eget+adipiscing+rutrum%2C+dignissim+a+mi.+Cras+sit+amet+mauris+ac+neque+pretium+ultricies+sit+amet+non+elit.+Praesent+viverra+vehicula+orci+ut+congue.+Quisque+fermentum+neque+eu+turpis+scelerisque+sit+amet+luctus+erat+imperdiet.+Nulla+volutpat+quam+ut+ante+eleifend+in+tempus+diam+laoreet.+Cum+sociis+natoque+penatibus+et+magnis+dis+parturient+montes%2C+nascetur+ridiculus+mus.+Proin+et+lacus+ligula%2C+eget+fermentum+urna.+Ut+quis+urna+ac+nibh+molestie+sollicitudin.+Morbi+interdum+arcu+mauris.%0D%0A%0D%0ASed+posuere%2C+eros+eu+tempus+tempus%2C+nulla+felis+ultrices+tortor%2C+vel+fermentum+nunc+lectus+a+nisi.+Duis+enim+nisl%2C+facilisis+sit+amet+ullamcorper+nec%2C+imperdiet+vulputate+massa.+Nam+semper+aliquet+nunc%2C+vitae+malesuada+turpis+congue+a.+Proin+dolor+eros%2C+sollicitudin+eget+gravida+id%2C+adipiscing+a+risus.+Praesent+sed+mauris+ut+diam+mollis+tempus.+Curabitur+pulvinar+tortor+non+sapien+interdum+in+aliquet+metus+dignissim.+Aliquam+ut+orci+id+nunc+elementum+dapibus+non+ac+odio.+Etiam+nibh+ligula%2C+varius+sed+congue+et%2C+euismod+ac+dui.+Suspendisse+sit+amet+malesuada+ligula.+Aliquam+tempus+nunc+et+massa+mattis+iaculis.%0D%0A%0D%0ADonec+sit+amet+tincidunt+elit.+Vestibulum+ante+ipsum+primis+in+faucibus+orci+luctus+et+ultrices+posuere+cubilia+Curae%3B+Aenean+id+ante+ligula.+Fusce+at+libero+sed+nisl+luctus+sagittis.+Vivamus+sodales+nibh+eros%2C+at+pulvinar+neque.+Lorem+ipsum+dolor+sit+amet%2C+consectetur+adipiscing+elit.+Proin+augue+libero%2C+euismod+nec+semper+quis%2C+sollicitudin+ut+nulla.+Suspendisse+egestas+sapien+et+ante+interdum+ac+sollicitudin+arcu+malesuada.+Nulla+posuere+pretium+felis+id+ultricies.+Curabitur+nec+porttitor+lectus.%0D%0A%0D%0ANam+consectetur+tempor+sapien.+Nam+lobortis+porttitor+bibendum.+Maecenas+ac+enim+at+magna+tempor+imperdiet.+Donec+sed+ligula+ligula.+Morbi+et+orci+tortor.+Nulla+egestas+enim+vitae+libero+tincidunt+quis+rhoncus+quam+aliquam.+Etiam+non+justo+orci%2C+sit+amet+aliquam+eros.+Proin+vestibulum+leo+convallis+velit+tincidunt+nec+egestas+odio+lacinia.+Quisque+pellentesque+tempus+nisl%2C+ut+porta+tellus+aliquet+in.+Vestibulum+mollis+dapibus+velit+non+egestas.+Proin+vel+viverra+sapien.+Aliquam+erat+volutpat.+Curabitur+enim+eros%2C+aliquam+nec+dictum+eu%2C+fermentum+quis+nibh.+Donec+eget+enim+in+velit+viverra+scelerisque+sit+amet+in+lectus.+Etiam+sit+amet+orci+nisi.+Maecenas+ullamcorper%2C+nibh+quis+eleifend+euismod%2C+enim+turpis+pretium+nibh%2C+nec+venenatis+velit+risus+eu+tellus.%0D%0A%0D%0APraesent+elementum+mattis+placerat.+Curabitur+at+interdum+nibh.+Quisque+ullamcorper+eleifend+nunc+a+mollis.+Cras+ut+nulla+risus%2C+et+suscipit+risus.+Aenean+erat+diam%2C+facilisis+at+placerat+id%2C+placerat+sed+est.+Ut+nibh+libero%2C+varius+eget+suscipit+sed%2C+ultrices+eget+nisl.+Aenean+dignissim+enim+eget+dui+malesuada+et+consectetur+lorem+ullamcorper.+Class+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Donec+at+nisl+ut+eros+facilisis+congue+nec+at+dui.+Vestibulum+ante+ipsum+primis+in+faucibus+orci+luctus+et+ultrices+posuere+cubilia+Curae%3B+Proin+in+sem+nulla.+Class+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Integer+facilisis%2C+odio+vel+euismod+pretium%2C+libero+lorem+elementum+lorem%2C+at+accumsan+nisl+est+sed+nibh.+Etiam+blandit+diam+sed+tortor+molestie+at+rutrum+neque+viverra.%0D%0A%0D%0AUt+ultricies+pharetra+velit%2C+a+viverra+metus+elementum+vel.+Pellentesque+vitae+interdum+lorem.+Nam+tincidunt+nibh+eu+neque+rutrum+vehicula.+Vestibulum+vitae+arcu+vel+ante+commodo+blandit.+Sed+placerat+lobortis+nisi%2C+et+hendrerit+justo+ultrices+aliquam.+Suspendisse+eget+risus+vel+sapien+hendrerit+dignissim.+Sed+interdum+pellentesque+varius.+Nam+scelerisque%2C+mauris+ut+cursus+hendrerit%2C+purus+felis+rutrum+ante%2C+in+convallis+velit+urna+ornare+nisi.+Vestibulum+et+sapien+quis+justo+pretium+interdum.+Praesent+volutpat%2C+nisi+at+hendrerit+aliquet%2C+elit+libero+tincidunt+purus%2C+egestas+viverra+risus+magna+quis+risus.%0D%0A%0D%0ADonec+id+justo+sem.+Aenean+facilisis+pulvinar+est+ut+auctor.+Morbi+tincidunt+mollis+adipiscing.+Sed+pulvinar+lorem+neque.+Duis+eros+felis%2C+ultricies+eget+ultrices+ut%2C+dignissim+vitae+arcu.+Proin+quis+quam+mi.+Nunc+sagittis+ultricies+nibh%2C+eu+porttitor+urna+eleifend+in.+Sed+eget+lorem+eros.+Duis+non+tincidunt+sapien.+Vivamus+blandit+facilisis+ante.+Quisque+lectus+neque%2C+varius+vel+fringilla+eget%2C+vulputate+non+libero.%0D%0A%0D%0AClass+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Aenean+varius+congue+ultrices.+Phasellus+suscipit+vulputate+tristique.+Donec+nec+libero+vel+diam+sagittis+dignissim.+Donec+sed+dui+at+augue+sollicitudin+tristique+sollicitudin+in+nulla.+Nullam+id+magna+enim.+Etiam+convallis+mollis+urna+a+malesuada.+Duis+ac+iaculis+tellus.+Donec+scelerisque+eleifend+elit+ut+ornare.+Cras+vitae+sem+augue%2C+quis+lacinia+elit.+Pellentesque+sit+amet+nunc+metus%2C+luctus+lobortis+erat.+Nulla+lacus+lorem%2C+pharetra+ac+consectetur+at%2C+mattis+id+arcu.%0D%0A%0D%0ANunc+mi+est%2C+pharetra+vel+mattis+sit+amet%2C+faucibus+ut+tortor.+Morbi+ut+ante+eget+purus+gravida+dictum+in+sit+amet+ligula.+Aliquam+malesuada+metus+quis+nunc+placerat+lobortis.+Nulla+venenatis+vehicula+lacus%2C+sed+vestibulum+nibh+egestas+ornare.+Sed+a+lorem+nulla.+Donec+malesuada+dolor+congue+est+condimentum+eu+tincidunt+orci+ullamcorper.+Nam+porttitor+fermentum+purus+nec+molestie.+Nunc+porttitor+tincidunt+lobortis.+Nullam+vulputate+imperdiet+neque%2C+et+consectetur+lectus+molestie+vitae.+Nulla+facilisi.%0D%0A%0D%0APhasellus+laoreet+auctor+elit%2C+ac+sagittis+mi+tincidunt+eu.+Nunc+cursus+ipsum+eget+nulla+molestie+sollicitudin.+Vivamus+sapien+orci%2C+cursus+ut+fringilla+sed%2C+suscipit+id+libero.+Proin+convallis+lectus+et+mauris+suscipit+aliquet+non+quis+urna.+Donec+sit+amet+consequat+metus.+Praesent+lacus+ligula%2C+interdum+quis+rutrum+ut%2C+sodales+in+neque.+Donec+sed+nisi+nibh%2C+aliquet+volutpat+est.+Curabitur+volutpat+nunc+ante.+Nullam+pharetra+enim+at+eros+pulvinar+in+tincidunt+augue+interdum.+Maecenas+mi+quam%2C+placerat+nec+mollis+nec%2C+iaculis+eu+lorem.+Suspendisse+potenti.+Aenean+eu+neque+sit+amet+sapien+pulvinar+pretium.+Etiam+augue+quam%2C+malesuada+non+pretium+at%2C+feugiat+sit+amet+tortor.%0D%0A%0D%0ADonec+a+dui+in+augue+lacinia+pellentesque.+Praesent+vitae+tortor+sit+amet+velit+posuere+accumsan.+Phasellus+et+augue+ac+mauris+porttitor+tempus.+Pellentesque+non+odio+quis+nulla+dictum+facilisis.+Donec+blandit+odio+quam.+Mauris+quam+nunc%2C+semper+semper+posuere+eu%2C+pharetra+sed+diam.+Donec+tincidunt+ultrices+cursus.+Sed+venenatis+rhoncus+nisl%2C+nec+tempus+augue+imperdiet+non.+Nulla+facilisi.+Sed+rutrum+accumsan+velit+sit+amet+placerat.+Sed+rhoncus+quam+nec+enim+feugiat+ultricies.+Sed+et+lorem+elit.+Integer+semper+aliquam+nibh%2C+non+lobortis+lorem+fringilla+a.+Suspendisse+potenti.+Suspendisse+suscipit+est+mattis+massa+imperdiet+lacinia.+Integer+interdum+nisl+a+neque+posuere+porta.+Ut+eget+velit+ut+leo+elementum+vulputate.+Maecenas+congue+dignissim+bibendum.%0D%0A%0D%0ACurabitur+sed+cursus+nunc.+Pellentesque+aliquet+odio+et+augue+cursus+lacinia.+Nullam+molestie%2C+lorem+nec+gravida+aliquet%2C+augue+diam+vestibulum+tellus%2C+vitae+gravida+eros+ante+consequat+metus.+Donec+tempor+rhoncus+interdum.+Proin+laoreet+pretium+placerat.+Mauris+id+eros+eget+nisl+cursus+consequat+et+id+mauris.+Cras+non+nulla+a+tellus+sodales+eleifend+nec+quis+augue.+Class+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Nunc+blandit+est+nec+dolor+facilisis+eget+placerat+libero+imperdiet.+Cras+ultricies+mollis+nulla%2C+ut+ullamcorper+neque+bibendum+a.+Fusce+ullamcorper+orci+vitae+metus+auctor+tempor.+In+sit+amet+tellus+sed+libero+sagittis+consequat.+Aenean+posuere+nisi+id+sapien+tristique+a+malesuada+lorem+fermentum.+Quisque+pretium+malesuada+fermentum.+Sed+ut+nunc+ac+risus+consectetur+consequat+a+quis+dolor.+Cras+sit+amet+leo+felis.%0D%0A%0D%0ASed+vitae+justo+dolor%2C+eu+adipiscing+nibh.+Aliquam+ut+ultrices+ligula.+Cum+sociis+natoque+penatibus+et+magnis+dis+parturient+montes%2C+nascetur+ridiculus+mus.+Ut+sed+porttitor+felis.+Etiam+lectus+dolor%2C+egestas+id+scelerisque+vitae%2C+tristique+sed+justo.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Suspendisse+eu+quam+vel+lorem+sollicitudin+mattis.+Nulla+dictum+consequat+convallis.+Morbi+convallis+ligula+ac+sem+pellentesque+consequat.+Nam+et+est+nec+diam+eleifend+blandit+at+ac+metus.+Duis+rutrum+elementum+consequat.+Sed+semper+accumsan+pharetra.+Suspendisse+volutpat+nisi+hendrerit+justo+tincidunt+tempus.+Ut+venenatis+tincidunt+pretium.+Phasellus+porta+diam+in+purus+pulvinar+et+iaculis+massa+mollis.+Nulla+facilisi.+Vivamus+justo+felis%2C+euismod+vel+volutpat+vel%2C+euismod+at+orci.+Morbi+cursus%2C+massa+nec+ornare+consequat%2C+quam+leo+laoreet+lectus%2C+non+placerat+tortor+enim+eu+tellus.+Sed+ut+purus+nibh%2C+eget+dictum+purus.%0D%0A%0D%0ADonec+nisl+est%2C+pretium+sit+amet+faucibus+id%2C+vestibulum+et+nisl.+Morbi+egestas+pulvinar+sollicitudin.+Duis+tincidunt+enim+id+nulla+commodo+nec+lobortis+lacus+tristique.+Mauris+iaculis+mattis+turpis+non+molestie.+Quisque+non+ante+sed+orci+dictum+egestas.+In+ac+enim+at+dolor+posuere+laoreet.+Morbi+tortor+libero%2C+iaculis+nec+rhoncus+id%2C+laoreet+at+elit.+Cras+orci+dui%2C+interdum+at+lacinia+non%2C+venenatis+a+elit.+Etiam+suscipit+massa+in+ante+auctor+faucibus.+Praesent+non+quam+a+diam+viverra+gravida+sit+amet+eu+eros.+Quisque+sit+amet+suscipit+turpis.%0D%0A%0D%0APhasellus+non+tellus+purus%2C+sed+tempor+elit.+Cras+rutrum+condimentum+congue.+Sed+nec+felis+nibh.+Nam+condimentum+nisi+et+nulla+eleifend+in+imperdiet+velit+imperdiet.+Cras+ut+leo+sed+lectus+interdum+vehicula+quis+in+erat.+Nulla+et+semper+risus.+Cras+velit+sem%2C+sagittis+sit+amet+scelerisque+ut%2C+cursus+vitae+quam.+Maecenas+neque+dui%2C+dictum+non+porttitor+sed%2C+adipiscing+at+massa.+Phasellus+pulvinar+dui+ut+turpis+sagittis+et+imperdiet+nisl+porttitor.+Curabitur+porttitor+velit+in+justo+luctus+vel+placerat+est+tristique.+Maecenas+non+nisi+eget+est+feugiat+blandit.+Proin+eget+dui+lorem.+Aenean+id+sem+non+velit+commodo+sagittis+eget+in+quam.+Mauris+vitae+diam+quam%2C+et+mattis+turpis.+Integer+a+fringilla+erat.+Nunc+ligula+enim%2C+varius+eget+varius+non%2C+consectetur+sit+amet+nibh.+In+interdum+justo+sollicitudin+ipsum+pulvinar+ornare.+Aenean+et+gravida+nunc.+Fusce+in+ipsum+quis+lectus+commodo+laoreet+eu+eget+lorem.%0D%0A%0D%0APhasellus+dui+justo%2C+pulvinar+scelerisque+consectetur+nec%2C+mollis+vitae+metus.+Integer+id+tortor+nec+dui+rhoncus+vulputate+sed+id+tellus.+Nulla+sodales+suscipit+dolor%2C+vitae+pharetra+lacus+sagittis+ullamcorper.+Aenean+convallis+dapibus+sapien%2C+eget+interdum+tellus+accumsan+eget.+Nulla+at+purus+vel+nulla+auctor+fermentum+sed+aliquet+odio.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Pellentesque+laoreet%2C+nunc+vitae+venenatis+viverra%2C+velit+purus+aliquam+neque%2C+vitae+luctus+risus+magna+a+ante.+Proin+et+lectus+odio%2C+id+pulvinar+sapien.+Maecenas+vulputate+gravida+laoreet.+Sed+ut+nisl+vel+risus+malesuada+auctor.+Aenean+viverra+fermentum+sem+nec+sodales.+Etiam+eget+arcu+nibh.+Sed+eget+euismod+massa.+Sed+feugiat+nibh+aliquam+odio+lobortis+vehicula.+Duis+vulputate+mattis+enim+at+semper.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Aenean+laoreet+ultricies+neque.+Vestibulum+ante+ipsum+primis+in+faucibus+orci+luctus+et+ultrices+posuere+cubilia+Curae%3B%0D%0A%0D%0ACras+condimentum+magna+nec+mauris+viverra+eu+vulputate+nunc+feugiat.+Proin+lobortis+ultrices+mauris.+Sed+euismod%2C+nunc+et+ullamcorper+tincidunt%2C+eros+lectus+egestas+lectus%2C+eget+aliquam+elit+augue+in+eros.+Aenean+in+lorem+sed+tellus+porta+convallis.+Phasellus+sem+nunc%2C+facilisis+vel+luctus+ut%2C+mattis+vel+risus.+Donec+quis+feugiat+nulla.+Donec+eleifend+tempor+sodales.+Sed+mattis+congue+orci+non+tincidunt.+Fusce+massa+nisi%2C+pretium+ac+consequat+non%2C+sagittis+et+justo.+Phasellus+est+velit%2C+placerat+quis+posuere+et%2C+pellentesque+at+est.+Etiam+quis+lacus+a+nibh+eleifend+adipiscing.+Sed+vel+leo+arcu.+Fusce+porta+fringilla+felis+in+blandit.%0D%0A%0D%0ADonec+pretium%2C+eros+eget+auctor+elementum%2C+neque+tortor+placerat+urna%2C+id+dapibus+magna+lacus+sed+elit.+Quisque+auctor+molestie+turpis+et+mollis.+Nam+ipsum+metus%2C+lacinia+et+blandit+a%2C+egestas+aliquam+quam.+Suspendisse+potenti.+Morbi+tempus+lorem+eget+nibh+ultricies+congue.+Maecenas+in+enim+sed+odio+cursus+tincidunt.+Aliquam+erat+volutpat.+Fusce+fermentum+consectetur+bibendum.+Aenean+adipiscing+augue+non+ante+mattis+egestas.+Maecenas+porttitor+egestas+convallis.+Pellentesque+rhoncus+tincidunt+volutpat.+Aliquam+sed+sem+ac+augue+placerat+placerat+nec+sed+neque.%0D%0A%0D%0AMorbi+congue+eleifend+metus+at+pellentesque.+Maecenas+odio+mauris%2C+suscipit+eu+placerat+rutrum%2C+venenatis+ac+libero.+Duis+eleifend%2C+risus+placerat+congue+vestibulum%2C+neque+sem+varius+diam%2C+ultricies+auctor+nisi+massa+et+tellus.+Morbi+neque+odio%2C+suscipit+eleifend+dapibus+eget%2C+sodales+ac+massa.+Nullam+laoreet%2C+libero+sit+amet+ultricies+gravida%2C+neque+sem+eleifend+metus%2C+nec+consectetur+eros+lacus+ac+mauris.+Quisque+sollicitudin+consectetur+ante+non+lacinia.+Sed+quis+dolor+dolor%2C+eu+euismod+turpis.+In+posuere+metus+et+ligula+imperdiet+vitae+placerat+eros+bibendum.+Nullam+tincidunt+tincidunt+nisl+ac+mollis.+Mauris+at+augue+justo.+Nam+ac+vestibulum+justo.+In+id+elit+tortor.+Nunc+feugiat+molestie+orci%2C+in+molestie+elit+bibendum+eu.+Proin+libero+ipsum%2C+consectetur+sit+amet+facilisis+euismod%2C+bibendum+vel+felis.+Aliquam+posuere+quam+non+sapien+placerat+porttitor.%0D%0A%0D%0ANunc+volutpat%2C+arcu+sed+fringilla+blandit%2C+odio+risus+gravida+odio%2C+sollicitudin+tincidunt+lacus+odio+a+lectus.+Morbi+lacus+quam%2C+hendrerit+nec+facilisis+non%2C+luctus+ac+velit.+Lorem+ipsum+dolor+sit+amet%2C+consectetur+adipiscing+elit.+Proin+vitae+quam+orci%2C+quis+pellentesque+nisl.+Nullam+congue+risus+non+nisl+pulvinar+iaculis.+Integer+id+nisl+lorem%2C+eget+egestas+lacus.+Sed+nec+felis+eget+nisl+sagittis+sagittis.+Nunc+eu+laoreet+velit.+Vestibulum+quis+turpis+mi%2C+eget+tempor+ipsum.+Mauris+aliquet+tristique+feugiat.+Nulla+condimentum+bibendum+augue%2C+et+hendrerit+quam+porta+eget.+Etiam+imperdiet+tellus+nisl%2C+non+laoreet+neque.+Integer+sit+amet+pulvinar+lectus.+Cras+aliquam+turpis+at+urna+aliquam+vitae+dignissim+enim+tempor.+In+hac+habitasse+platea+dictumst.+Nulla+facilisi.+Integer+id+metus+orci.+Fusce+posuere+fermentum+scelerisque.+Praesent+non+facilisis+arcu.+Mauris+cursus+sem+sed+est+consequat+et+iaculis+orci+tincidunt.%0D%0A%0D%0ACurabitur+vulputate+faucibus+elit%2C+vitae+euismod+enim+condimentum+quis.+Aenean+pretium+cursus+odio%2C+in+interdum+magna+elementum+eu.+Donec+mi+lacus%2C+pulvinar+at+euismod+id%2C+mattis+sed+mi.+Vivamus+vehicula+dolor+id+arcu+commodo+scelerisque.+Nunc+ante+enim%2C+elementum+eu+sodales+pharetra%2C+placerat+id+orci.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Nam+porttitor+ornare+sapien%2C+sit+amet+ultrices+lorem+viverra+ac.+Nunc+nec+consequat+arcu.+Pellentesque+quis+pharetra+purus.+Vestibulum+consequat+sapien+non+velit+euismod+ultrices.+Donec+ultrices+mattis+metus%2C+id+suscipit+ipsum+tempus+vitae.+Duis+sodales%2C+arcu+et+tempor+molestie%2C+nibh+enim+ornare+dolor%2C+eu+rutrum+sapien+mauris+porttitor+sem.+Cras+at+convallis+dui.+Integer+sed+magna+turpis.+Morbi+congue+dictum+mauris%2C+ut+pellentesque+lorem+rhoncus+sit+amet.+Praesent+venenatis+purus+a+augue+rutrum+scelerisque.+Nulla+vitae+enim+quis+massa+mattis+malesuada+vitae+sed+purus.+Integer+luctus+posuere+arcu%2C+eu+lacinia+nunc+porttitor+vitae.+Curabitur+ullamcorper+consectetur+velit%2C+ut+porttitor+nulla+consequat+at.+Proin+quis+sapien+quis+lorem+venenatis+venenatis+sed+a+ante.%0D%0A%0D%0ANam+elementum+mauris+in+felis+accumsan+dignissim.+Etiam+sit+amet+elit+velit%2C+id+pellentesque+lorem.+Suspendisse+potenti.+Nam+imperdiet+interdum+lacus+et+facilisis.+Mauris+a+erat+leo%2C+posuere+dignissim+ante.+Pellentesque+at+turpis+sit+amet+odio+venenatis+accumsan+ut+in+diam.+Duis+vel+dolor+condimentum+erat+cursus+ornare.+Praesent+tempor+erat+vel+sapien+tempus+tincidunt.+Curabitur+consequat+lectus+lacus.+Suspendisse+ac+lectus+mauris%2C+ut+pharetra+diam.+Nam+massa+eros%2C+tincidunt+sit+amet+rhoncus+quis%2C+tincidunt+id+ipsum.+Aenean+tempus+porta+nibh+volutpat+iaculis.+Nulla+eleifend+laoreet+laoreet.+Aliquam+erat+volutpat.+Praesent+dolor+purus%2C+congue+eu+condimentum+sollicitudin%2C+posuere+ac+purus.+Sed+dolor+augue%2C+pretium+vel+mattis+sit+amet%2C+volutpat+eget+elit.%0D%0A%0D%0AAenean+sed+turpis+ac+odio+varius+bibendum.+Suspendisse+nulla+metus%2C+accumsan+non+euismod+nec%2C+fermentum+id+turpis.+Integer+venenatis+ante+et+odio+viverra+eget+condimentum+ipsum+blandit.+Morbi+convallis+venenatis+massa+ut+varius.+Vivamus+non+massa+sed+augue+pulvinar+porta.+Phasellus+sem+orci%2C+ultricies+et+lobortis+ac%2C+iaculis+non+libero.+Donec+non+magna+sit+amet+dolor+eleifend+pharetra+eu+eu+risus.+Duis+in+nisi+nulla%2C+sed+egestas+diam.+Morbi+at+nisl+metus%2C+in+tincidunt+tellus.+Mauris+a+rutrum+justo.+Proin+ligula+quam%2C+hendrerit+eu+viverra+non%2C+blandit+at+massa.+Praesent+ornare+nisi+et+dolor+vulputate+vel+porttitor+quam+varius.%0D%0A%0D%0ASuspendisse+tempor+pretium+luctus.+Nunc+cursus+sapien+rutrum+dolor+dictum+a+tincidunt+leo+pretium.+Ut+porta%2C+magna+bibendum+cursus+mollis%2C+lorem+augue+rhoncus+metus%2C+in+convallis+diam+elit+rhoncus+ante.+Integer+ut+condimentum+turpis.+Nulla+quis+erat+lectus.+Phasellus+volutpat+pulvinar+convallis.+Donec+quis+ante+sem%2C+ac+elementum+urna.+Suspendisse+ullamcorper+commodo+tortor%2C+a+venenatis+nisl+ullamcorper+a.+Integer+euismod+lobortis+purus%2C+non+fringilla+nunc+aliquam+vitae.+Sed+sit+amet+dolor+dui.+Donec+ultricies+bibendum+condimentum.+Nunc+mi+elit%2C+viverra+vitae+volutpat+blandit%2C+laoreet+id+diam.%0D%0A%0D%0AAenean+at+venenatis+nisi.+Morbi+vulputate+elit+sit+amet+felis+placerat+nec+bibendum+erat+aliquam.+Nullam+dignissim+nulla+sit+amet+tortor+dictum+pulvinar+ut+at+massa.+Sed+a+feugiat+nisi.+Quisque+ultricies+egestas+dui%2C+imperdiet+accumsan+leo+rhoncus+eget.+Mauris+molestie+diam+eget+nulla+sollicitudin+ut+lobortis+purus+rhoncus.+Aenean+ut+ligula+et+lacus+iaculis+ullamcorper.+Mauris+non+felis+sed+massa+imperdiet+mollis.+Proin+tristique+lorem+id+sem+placerat+ac+egestas+ipsum+vestibulum.+Maecenas+enim+nisl%2C+sollicitudin+quis+consequat+eu%2C+mollis+quis+ipsum.+Proin+leo+mauris%2C+pulvinar+sit+amet+vestibulum+ac%2C+pulvinar+ac+quam.%0D%0A%0D%0AFusce+sem+odio%2C+pretium+non+bibendum+nec%2C+suscipit+nec+tortor.+Donec+elit+odio%2C+sollicitudin+vitae+pretium+in%2C+ultricies+sit+amet+turpis.+Curabitur+at+justo+nunc.+Sed+in+consectetur+magna.+Cras+imperdiet+felis+a+turpis+ultricies+blandit.+In+aliquam+dictum+ante+eget+vehicula.+Aliquam+erat+volutpat.+Nulla+interdum+purus+dolor.+Nullam+convallis+hendrerit+commodo.+Donec+consectetur+nulla+ac+ligula+suscipit+dignissim.+Pellentesque+eget+mauris+nec+orci+pharetra+tempus+at+eu+quam.+Phasellus+neque+massa%2C+convallis+sed+interdum+et%2C+iaculis+vel+tellus.%0D%0A%0D%0ADonec+tincidunt+nulla+sed+orci+tempor+eget+pretium+magna+ultrices.+Fusce+vestibulum+lacus+vel+ante+hendrerit+fringilla.+Donec+risus+felis%2C+varius+sit+amet+semper+a%2C+porttitor+at+metus.+Curabitur+dui+nulla%2C+convallis+in+posuere+eget%2C+iaculis+non+arcu.+In+facilisis+erat+vitae+ligula+rhoncus+eget+mollis+nibh+tempor.+Nunc+posuere+pretium+lacinia.+Sed+condimentum+bibendum+fringilla.+Donec+sit+amet+purus+id+odio+venenatis+pulvinar.+Nam+vitae+risus+sed+libero+luctus+blandit.+In+eget+massa+sit+amet+mi+tempor+semper+in+quis+nisi.+Fusce+nec+semper+ligula.+Aliquam+a+orci+id+lectus+adipiscing+bibendum+eget+non+nulla.+Morbi+vitae+ornare+lorem.+Nunc+faucibus%2C+enim+vel+vehicula+faucibus%2C+ligula+nibh+interdum+ipsum%2C+ut+eleifend+nisl+dolor+nec+nisi.%0D%0A%0D%0AIn+et+venenatis+ligula.+Quisque+pulvinar%2C+tellus+sed+molestie+vulputate%2C+lacus+odio+ultrices+lorem%2C+a+ornare+tortor+sapien+ac+sem.+Vestibulum+nibh+enim%2C+auctor+at+condimentum+ut%2C+tincidunt+at+orci.+Phasellus+placerat+sem+id+purus+consequat+non+venenatis+dui+consequat.+Cum+sociis+natoque+penatibus+et+magnis+dis+parturient+montes%2C+nascetur+ridiculus+mus.+Vivamus+aliquam+rutrum+diam+at+rutrum.+Vivamus+a+nunc+eros.+Donec+aliquam+turpis+facilisis+lorem+aliquam+sit+amet+euismod+augue+lacinia.+Duis+ligula+orci%2C+dictum+sed+venenatis+vitae%2C+elementum+scelerisque+neque.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Curabitur+imperdiet+tincidunt+auctor.+Integer+ut+tellus+sed+justo+blandit+congue+sit+amet+malesuada+diam.+Aenean+egestas+congue+augue+ac+mattis.+Nam+vestibulum+dapibus+mattis.+Morbi+elit+metus%2C+sagittis+quis+faucibus+sit+amet%2C+varius+in+elit.+Maecenas+eu+ante+et+arcu+sagittis+sodales+at+in+volutpat.%3C%2Fsl%3AXMLContent%3E%0D%0A++++%3C%2Fsl%3ADataObject%3E%0D%0A+++%3Csl%3ATransformsInfo%3E%0D%0A+++++%3Csl%3AFinalDataMetaInfo%3E%0D%0A++++++%3Csl%3AMimeType%3Etext%2Fplain%3C%2Fsl%3AMimeType%3E%0D%0A++++++%3C%2Fsl%3AFinalDataMetaInfo%3E%0D%0A+++%3C%2Fsl%3ATransformsInfo%3E%0D%0A+%3C%2Fsl%3ADataObjectInfo%3E%0D%0A%3C%2Fsl%3ACreateXMLSignatureRequest%3E \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/binding/XWWWFormUrlEncoded2.txt b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/XWWWFormUrlEncoded2.txt new file mode 100644 index 00000000..de63c03c --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/binding/XWWWFormUrlEncoded2.txt @@ -0,0 +1 @@ +XMLRequest=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0D%0A%3Csl%3ACreateXMLSignatureRequest+%0D%0A++xmlns%3Asl%3D%22http%3A%2F%2Fwww.buergerkarte.at%2Fnamespaces%2Fsecuritylayer%2F1.2%23%22%3E%0D%0A%3Csl%3AKeyboxIdentifier%3ESecureSignatureKeypair%3C%2Fsl%3AKeyboxIdentifier%3E%0D%0A++%3Csl%3ADataObjectInfo+Structure%3D%22enveloping%22%3E%0D%0A++++%3Csl%3ADataObject%3E%0D%0A++++++%3Csl%3AXMLContent%3ELorem+ipsum+dolor+sit+amet%2C+consectetur+adipiscing+elit.+Pellentesque+sed+dui+sed+enim+lobortis+ullamcorper+eu+sit+amet+libero.+Cras+mi+dolor%2C+ultrices+quis+tincidunt+non%2C+imperdiet+in+orci.+Nulla+placerat+sodales+nibh+sit+amet+ornare.+Suspendisse+potenti.+Duis+ultricies+metus+tortor%2C+id+mattis+nulla.+Proin+cursus+commodo+aliquet.+In+posuere%2C+lorem+sit+amet+egestas+consequat%2C+diam+ligula+accumsan+dui%2C+non+placerat+diam+nisl+id+tortor.+Aliquam+blandit+viverra+tellus%2C+vel+facilisis+eros+fermentum+ultrices.+Nullam+sodales+mattis+vulputate.+Suspendisse+luctus+dapibus+odio%2C+tincidunt+tempus+dui+sollicitudin+sed.%0D%0A%0D%0AMauris+auctor%2C+est+non+mattis+consequat%2C+ante+sem+tristique+sem%2C+eget+porttitor+nisl+magna+consectetur+tortor.+Sed+semper+diam+nec+leo+fermentum+dictum.+Suspendisse+sed+ipsum+orci.+Phasellus+rhoncus+odio+sed+lorem+rhoncus+et+tincidunt+mi+semper.+Etiam+accumsan+aliquam+augue%2C+id+aliquet+dui+lacinia+non.+Suspendisse+non+purus+a+turpis+imperdiet+vestibulum+id+in+nisi.+Sed+quis+leo+nec+massa+rhoncus+pharetra+ac+non+ipsum.+Proin+tristique+est+eget+dolor+euismod+vitae+rhoncus+metus+molestie.+Duis+volutpat+leo+libero%2C+molestie+fermentum+turpis.+Praesent+interdum+tellus+mattis+lorem+mollis+sit+amet+elementum+risus+cursus.+Nam+erat+nulla%2C+mollis+sit+amet+rutrum+ut%2C+pharetra+gravida+ligula.+In+hac+habitasse+platea+dictumst.+Maecenas+non+massa+ac+ipsum+eleifend+tempor.+Ut+sed+diam+nisi%2C+in+volutpat+libero.+Duis+vehicula+purus+eu+risus+ultricies+rutrum.+Duis+risus+mi%2C+aliquam+nec+venenatis+vel%2C+scelerisque+eget+eros.+Pellentesque+mollis+aliquet+nibh%2C+et+hendrerit+tortor+lobortis+sed.%0D%0A%0D%0AAenean+odio+sem%2C+pretium+eget+sagittis+sed%2C+rhoncus+a+nisi.+Nulla+cursus+diam+sit+amet+massa+iaculis+ultricies.+Aenean+odio+lorem%2C+bibendum+vitae+consequat+vel%2C+luctus+id+diam.+Proin+congue%2C+dui+non+eleifend+interdum%2C+lorem+lorem+semper+ligula%2C+in+condimentum+orci+enim+eget+tellus.+Aliquam+erat+volutpat.+Quisque+porttitor+volutpat+elit%2C+quis+ultricies+elit+imperdiet+at.+Donec+dictum+ultricies+ligula.+Aliquam+in+condimentum+quam.+Ut+placerat+suscipit+dolor%2C+a+aliquet+arcu+suscipit+ut.+Suspendisse+et+arcu+id+quam+vehicula+ultrices.+Duis+erat+leo%2C+tempor+vel+aliquet+eu%2C+feugiat+eget+erat.+Nulla+facilisi.+Nulla+sed+lorem+sapien.+Aliquam+ullamcorper+dui+sed+nisl+sollicitudin+tempus.+Donec+ipsum+quam%2C+placerat+at+tincidunt+et%2C+condimentum+sit+amet+sapien.+In+luctus+ullamcorper+molestie.+Cras+non+augue+elit.+Ut+cursus+volutpat+augue%2C+sed+condimentum+est+mollis+vitae.+Class+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Donec+consectetur+lacus+quis+turpis+semper+elementum+vitae+eleifend+dui.%0D%0A%0D%0APraesent+sed+libero+metus.+Nulla+est+nulla%2C+condimentum+non+volutpat+nec%2C+elementum+at+nisi.+Vivamus+posuere+dignissim+ultricies.+Fusce+massa+velit%2C+dignissim+quis+vehicula+in%2C+consequat+at+purus.+Duis+accumsan+lacinia+mattis.+Aliquam+eget+felis+eget+odio+viverra+ornare+ut+non+orci.+Vivamus+porta%2C+magna+sit+amet+ornare+lacinia%2C+sem+erat+porta+lectus%2C+at+porttitor+nisl+nisl+tincidunt+nisi.+Pellentesque+ornare+massa+ac+urna+feugiat+dignissim.+Ut+at+metus+nunc%2C+sit+amet+vulputate+arcu.+In+hac+habitasse+platea+dictumst.+Suspendisse+eget+elit+nec+erat+iaculis+accumsan+ac+nec+velit.+Aliquam+erat+volutpat.+Proin+id+nibh+odio.+Cras+ullamcorper%2C+dolor+a+rutrum+pharetra%2C+turpis+ligula+adipiscing+nisl%2C+a+tristique+tortor+lorem+in+dolor.+Proin+ac+ligula+felis%2C+et+malesuada+orci.+Aliquam+erat+volutpat.+Phasellus+faucibus+ipsum+quis+libero+posuere+vitae+accumsan+enim+mollis.+Cras+metus+odio%2C+eleifend+sed+suscipit+at%2C+gravida+quis+diam.%0D%0A%0D%0AEtiam+lorem+turpis%2C+consequat+sit+amet+vestibulum+faucibus%2C+accumsan+in+libero.+Nam+ornare+laoreet+placerat.+Nam+pellentesque+lectus+at+urna+tincidunt+facilisis.+Suspendisse+a+libero+in+arcu+eleifend+semper+vitae+sed+tortor.+Curabitur+ac+magna+a+eros+blandit+eleifend+vel+in+tortor.+Morbi+pretium+ullamcorper+ligula+rutrum+porta.+Pellentesque+vitae+viverra+erat.+Quisque+neque+orci%2C+condimentum+id+tempus+in%2C+porttitor+nec+nibh.+Donec+a+odio+a+lectus+dapibus+fermentum+a+sit+amet+sem.+Cras+risus+dolor%2C+ultricies+eget+suscipit+nec%2C+tempus+eget+justo.+Aenean+suscipit+fermentum+nisl%2C+vel+sodales+elit+euismod+ac.+In+non+laoreet+mi.+Morbi+aliquet+quam+id+nunc+aliquet+facilisis.+Nulla+elementum+fringilla+eleifend.+Sed+tristique+nunc+eget+turpis+ullamcorper+varius.+Pellentesque+non+diam+nec+lorem+mollis+vulputate.+In+hac+habitasse+platea+dictumst.+Aenean+pellentesque+leo+ac+augue+molestie+non+varius+nibh+consectetur.+Donec+quis+dui+eget+tortor+pharetra+convallis+vel+quis+orci.+Nulla+at+odio+nisi%2C+sit+amet+luctus+diam.%0D%0A%0D%0ANam+nisl+nibh%2C+faucibus+eu+aliquet+non%2C+elementum+vitae+quam.+Etiam+massa+massa%2C+gravida+ut+pharetra+non%2C+mollis+in+augue.+Integer+urna+quam%2C+tincidunt+et+lacinia+et%2C+vehicula+sit+amet+justo.+Nulla+dui+dui%2C+semper+eget+adipiscing+rutrum%2C+dignissim+a+mi.+Cras+sit+amet+mauris+ac+neque+pretium+ultricies+sit+amet+non+elit.+Praesent+viverra+vehicula+orci+ut+congue.+Quisque+fermentum+neque+eu+turpis+scelerisque+sit+amet+luctus+erat+imperdiet.+Nulla+volutpat+quam+ut+ante+eleifend+in+tempus+diam+laoreet.+Cum+sociis+natoque+penatibus+et+magnis+dis+parturient+montes%2C+nascetur+ridiculus+mus.+Proin+et+lacus+ligula%2C+eget+fermentum+urna.+Ut+quis+urna+ac+nibh+molestie+sollicitudin.+Morbi+interdum+arcu+mauris.%0D%0A%0D%0ASed+posuere%2C+eros+eu+tempus+tempus%2C+nulla+felis+ultrices+tortor%2C+vel+fermentum+nunc+lectus+a+nisi.+Duis+enim+nisl%2C+facilisis+sit+amet+ullamcorper+nec%2C+imperdiet+vulputate+massa.+Nam+semper+aliquet+nunc%2C+vitae+malesuada+turpis+congue+a.+Proin+dolor+eros%2C+sollicitudin+eget+gravida+id%2C+adipiscing+a+risus.+Praesent+sed+mauris+ut+diam+mollis+tempus.+Curabitur+pulvinar+tortor+non+sapien+interdum+in+aliquet+metus+dignissim.+Aliquam+ut+orci+id+nunc+elementum+dapibus+non+ac+odio.+Etiam+nibh+ligula%2C+varius+sed+congue+et%2C+euismod+ac+dui.+Suspendisse+sit+amet+malesuada+ligula.+Aliquam+tempus+nunc+et+massa+mattis+iaculis.%0D%0A%0D%0ADonec+sit+amet+tincidunt+elit.+Vestibulum+ante+ipsum+primis+in+faucibus+orci+luctus+et+ultrices+posuere+cubilia+Curae%3B+Aenean+id+ante+ligula.+Fusce+at+libero+sed+nisl+luctus+sagittis.+Vivamus+sodales+nibh+eros%2C+at+pulvinar+neque.+Lorem+ipsum+dolor+sit+amet%2C+consectetur+adipiscing+elit.+Proin+augue+libero%2C+euismod+nec+semper+quis%2C+sollicitudin+ut+nulla.+Suspendisse+egestas+sapien+et+ante+interdum+ac+sollicitudin+arcu+malesuada.+Nulla+posuere+pretium+felis+id+ultricies.+Curabitur+nec+porttitor+lectus.%0D%0A%0D%0ANam+consectetur+tempor+sapien.+Nam+lobortis+porttitor+bibendum.+Maecenas+ac+enim+at+magna+tempor+imperdiet.+Donec+sed+ligula+ligula.+Morbi+et+orci+tortor.+Nulla+egestas+enim+vitae+libero+tincidunt+quis+rhoncus+quam+aliquam.+Etiam+non+justo+orci%2C+sit+amet+aliquam+eros.+Proin+vestibulum+leo+convallis+velit+tincidunt+nec+egestas+odio+lacinia.+Quisque+pellentesque+tempus+nisl%2C+ut+porta+tellus+aliquet+in.+Vestibulum+mollis+dapibus+velit+non+egestas.+Proin+vel+viverra+sapien.+Aliquam+erat+volutpat.+Curabitur+enim+eros%2C+aliquam+nec+dictum+eu%2C+fermentum+quis+nibh.+Donec+eget+enim+in+velit+viverra+scelerisque+sit+amet+in+lectus.+Etiam+sit+amet+orci+nisi.+Maecenas+ullamcorper%2C+nibh+quis+eleifend+euismod%2C+enim+turpis+pretium+nibh%2C+nec+venenatis+velit+risus+eu+tellus.%0D%0A%0D%0APraesent+elementum+mattis+placerat.+Curabitur+at+interdum+nibh.+Quisque+ullamcorper+eleifend+nunc+a+mollis.+Cras+ut+nulla+risus%2C+et+suscipit+risus.+Aenean+erat+diam%2C+facilisis+at+placerat+id%2C+placerat+sed+est.+Ut+nibh+libero%2C+varius+eget+suscipit+sed%2C+ultrices+eget+nisl.+Aenean+dignissim+enim+eget+dui+malesuada+et+consectetur+lorem+ullamcorper.+Class+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Donec+at+nisl+ut+eros+facilisis+congue+nec+at+dui.+Vestibulum+ante+ipsum+primis+in+faucibus+orci+luctus+et+ultrices+posuere+cubilia+Curae%3B+Proin+in+sem+nulla.+Class+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Integer+facilisis%2C+odio+vel+euismod+pretium%2C+libero+lorem+elementum+lorem%2C+at+accumsan+nisl+est+sed+nibh.+Etiam+blandit+diam+sed+tortor+molestie+at+rutrum+neque+viverra.%0D%0A%0D%0AUt+ultricies+pharetra+velit%2C+a+viverra+metus+elementum+vel.+Pellentesque+vitae+interdum+lorem.+Nam+tincidunt+nibh+eu+neque+rutrum+vehicula.+Vestibulum+vitae+arcu+vel+ante+commodo+blandit.+Sed+placerat+lobortis+nisi%2C+et+hendrerit+justo+ultrices+aliquam.+Suspendisse+eget+risus+vel+sapien+hendrerit+dignissim.+Sed+interdum+pellentesque+varius.+Nam+scelerisque%2C+mauris+ut+cursus+hendrerit%2C+purus+felis+rutrum+ante%2C+in+convallis+velit+urna+ornare+nisi.+Vestibulum+et+sapien+quis+justo+pretium+interdum.+Praesent+volutpat%2C+nisi+at+hendrerit+aliquet%2C+elit+libero+tincidunt+purus%2C+egestas+viverra+risus+magna+quis+risus.%0D%0A%0D%0ADonec+id+justo+sem.+Aenean+facilisis+pulvinar+est+ut+auctor.+Morbi+tincidunt+mollis+adipiscing.+Sed+pulvinar+lorem+neque.+Duis+eros+felis%2C+ultricies+eget+ultrices+ut%2C+dignissim+vitae+arcu.+Proin+quis+quam+mi.+Nunc+sagittis+ultricies+nibh%2C+eu+porttitor+urna+eleifend+in.+Sed+eget+lorem+eros.+Duis+non+tincidunt+sapien.+Vivamus+blandit+facilisis+ante.+Quisque+lectus+neque%2C+varius+vel+fringilla+eget%2C+vulputate+non+libero.%0D%0A%0D%0AClass+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Aenean+varius+congue+ultrices.+Phasellus+suscipit+vulputate+tristique.+Donec+nec+libero+vel+diam+sagittis+dignissim.+Donec+sed+dui+at+augue+sollicitudin+tristique+sollicitudin+in+nulla.+Nullam+id+magna+enim.+Etiam+convallis+mollis+urna+a+malesuada.+Duis+ac+iaculis+tellus.+Donec+scelerisque+eleifend+elit+ut+ornare.+Cras+vitae+sem+augue%2C+quis+lacinia+elit.+Pellentesque+sit+amet+nunc+metus%2C+luctus+lobortis+erat.+Nulla+lacus+lorem%2C+pharetra+ac+consectetur+at%2C+mattis+id+arcu.%0D%0A%0D%0ANunc+mi+est%2C+pharetra+vel+mattis+sit+amet%2C+faucibus+ut+tortor.+Morbi+ut+ante+eget+purus+gravida+dictum+in+sit+amet+ligula.+Aliquam+malesuada+metus+quis+nunc+placerat+lobortis.+Nulla+venenatis+vehicula+lacus%2C+sed+vestibulum+nibh+egestas+ornare.+Sed+a+lorem+nulla.+Donec+malesuada+dolor+congue+est+condimentum+eu+tincidunt+orci+ullamcorper.+Nam+porttitor+fermentum+purus+nec+molestie.+Nunc+porttitor+tincidunt+lobortis.+Nullam+vulputate+imperdiet+neque%2C+et+consectetur+lectus+molestie+vitae.+Nulla+facilisi.%0D%0A%0D%0APhasellus+laoreet+auctor+elit%2C+ac+sagittis+mi+tincidunt+eu.+Nunc+cursus+ipsum+eget+nulla+molestie+sollicitudin.+Vivamus+sapien+orci%2C+cursus+ut+fringilla+sed%2C+suscipit+id+libero.+Proin+convallis+lectus+et+mauris+suscipit+aliquet+non+quis+urna.+Donec+sit+amet+consequat+metus.+Praesent+lacus+ligula%2C+interdum+quis+rutrum+ut%2C+sodales+in+neque.+Donec+sed+nisi+nibh%2C+aliquet+volutpat+est.+Curabitur+volutpat+nunc+ante.+Nullam+pharetra+enim+at+eros+pulvinar+in+tincidunt+augue+interdum.+Maecenas+mi+quam%2C+placerat+nec+mollis+nec%2C+iaculis+eu+lorem.+Suspendisse+potenti.+Aenean+eu+neque+sit+amet+sapien+pulvinar+pretium.+Etiam+augue+quam%2C+malesuada+non+pretium+at%2C+feugiat+sit+amet+tortor.%0D%0A%0D%0ADonec+a+dui+in+augue+lacinia+pellentesque.+Praesent+vitae+tortor+sit+amet+velit+posuere+accumsan.+Phasellus+et+augue+ac+mauris+porttitor+tempus.+Pellentesque+non+odio+quis+nulla+dictum+facilisis.+Donec+blandit+odio+quam.+Mauris+quam+nunc%2C+semper+semper+posuere+eu%2C+pharetra+sed+diam.+Donec+tincidunt+ultrices+cursus.+Sed+venenatis+rhoncus+nisl%2C+nec+tempus+augue+imperdiet+non.+Nulla+facilisi.+Sed+rutrum+accumsan+velit+sit+amet+placerat.+Sed+rhoncus+quam+nec+enim+feugiat+ultricies.+Sed+et+lorem+elit.+Integer+semper+aliquam+nibh%2C+non+lobortis+lorem+fringilla+a.+Suspendisse+potenti.+Suspendisse+suscipit+est+mattis+massa+imperdiet+lacinia.+Integer+interdum+nisl+a+neque+posuere+porta.+Ut+eget+velit+ut+leo+elementum+vulputate.+Maecenas+congue+dignissim+bibendum.%0D%0A%0D%0ACurabitur+sed+cursus+nunc.+Pellentesque+aliquet+odio+et+augue+cursus+lacinia.+Nullam+molestie%2C+lorem+nec+gravida+aliquet%2C+augue+diam+vestibulum+tellus%2C+vitae+gravida+eros+ante+consequat+metus.+Donec+tempor+rhoncus+interdum.+Proin+laoreet+pretium+placerat.+Mauris+id+eros+eget+nisl+cursus+consequat+et+id+mauris.+Cras+non+nulla+a+tellus+sodales+eleifend+nec+quis+augue.+Class+aptent+taciti+sociosqu+ad+litora+torquent+per+conubia+nostra%2C+per+inceptos+himenaeos.+Nunc+blandit+est+nec+dolor+facilisis+eget+placerat+libero+imperdiet.+Cras+ultricies+mollis+nulla%2C+ut+ullamcorper+neque+bibendum+a.+Fusce+ullamcorper+orci+vitae+metus+auctor+tempor.+In+sit+amet+tellus+sed+libero+sagittis+consequat.+Aenean+posuere+nisi+id+sapien+tristique+a+malesuada+lorem+fermentum.+Quisque+pretium+malesuada+fermentum.+Sed+ut+nunc+ac+risus+consectetur+consequat+a+quis+dolor.+Cras+sit+amet+leo+felis.%0D%0A%0D%0ASed+vitae+justo+dolor%2C+eu+adipiscing+nibh.+Aliquam+ut+ultrices+ligula.+Cum+sociis+natoque+penatibus+et+magnis+dis+parturient+montes%2C+nascetur+ridiculus+mus.+Ut+sed+porttitor+felis.+Etiam+lectus+dolor%2C+egestas+id+scelerisque+vitae%2C+tristique+sed+justo.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Suspendisse+eu+quam+vel+lorem+sollicitudin+mattis.+Nulla+dictum+consequat+convallis.+Morbi+convallis+ligula+ac+sem+pellentesque+consequat.+Nam+et+est+nec+diam+eleifend+blandit+at+ac+metus.+Duis+rutrum+elementum+consequat.+Sed+semper+accumsan+pharetra.+Suspendisse+volutpat+nisi+hendrerit+justo+tincidunt+tempus.+Ut+venenatis+tincidunt+pretium.+Phasellus+porta+diam+in+purus+pulvinar+et+iaculis+massa+mollis.+Nulla+facilisi.+Vivamus+justo+felis%2C+euismod+vel+volutpat+vel%2C+euismod+at+orci.+Morbi+cursus%2C+massa+nec+ornare+consequat%2C+quam+leo+laoreet+lectus%2C+non+placerat+tortor+enim+eu+tellus.+Sed+ut+purus+nibh%2C+eget+dictum+purus.%0D%0A%0D%0ADonec+nisl+est%2C+pretium+sit+amet+faucibus+id%2C+vestibulum+et+nisl.+Morbi+egestas+pulvinar+sollicitudin.+Duis+tincidunt+enim+id+nulla+commodo+nec+lobortis+lacus+tristique.+Mauris+iaculis+mattis+turpis+non+molestie.+Quisque+non+ante+sed+orci+dictum+egestas.+In+ac+enim+at+dolor+posuere+laoreet.+Morbi+tortor+libero%2C+iaculis+nec+rhoncus+id%2C+laoreet+at+elit.+Cras+orci+dui%2C+interdum+at+lacinia+non%2C+venenatis+a+elit.+Etiam+suscipit+massa+in+ante+auctor+faucibus.+Praesent+non+quam+a+diam+viverra+gravida+sit+amet+eu+eros.+Quisque+sit+amet+suscipit+turpis.%0D%0A%0D%0APhasellus+non+tellus+purus%2C+sed+tempor+elit.+Cras+rutrum+condimentum+congue.+Sed+nec+felis+nibh.+Nam+condimentum+nisi+et+nulla+eleifend+in+imperdiet+velit+imperdiet.+Cras+ut+leo+sed+lectus+interdum+vehicula+quis+in+erat.+Nulla+et+semper+risus.+Cras+velit+sem%2C+sagittis+sit+amet+scelerisque+ut%2C+cursus+vitae+quam.+Maecenas+neque+dui%2C+dictum+non+porttitor+sed%2C+adipiscing+at+massa.+Phasellus+pulvinar+dui+ut+turpis+sagittis+et+imperdiet+nisl+porttitor.+Curabitur+porttitor+velit+in+justo+luctus+vel+placerat+est+tristique.+Maecenas+non+nisi+eget+est+feugiat+blandit.+Proin+eget+dui+lorem.+Aenean+id+sem+non+velit+commodo+sagittis+eget+in+quam.+Mauris+vitae+diam+quam%2C+et+mattis+turpis.+Integer+a+fringilla+erat.+Nunc+ligula+enim%2C+varius+eget+varius+non%2C+consectetur+sit+amet+nibh.+In+interdum+justo+sollicitudin+ipsum+pulvinar+ornare.+Aenean+et+gravida+nunc.+Fusce+in+ipsum+quis+lectus+commodo+laoreet+eu+eget+lorem.%0D%0A%0D%0APhasellus+dui+justo%2C+pulvinar+scelerisque+consectetur+nec%2C+mollis+vitae+metus.+Integer+id+tortor+nec+dui+rhoncus+vulputate+sed+id+tellus.+Nulla+sodales+suscipit+dolor%2C+vitae+pharetra+lacus+sagittis+ullamcorper.+Aenean+convallis+dapibus+sapien%2C+eget+interdum+tellus+accumsan+eget.+Nulla+at+purus+vel+nulla+auctor+fermentum+sed+aliquet+odio.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Pellentesque+laoreet%2C+nunc+vitae+venenatis+viverra%2C+velit+purus+aliquam+neque%2C+vitae+luctus+risus+magna+a+ante.+Proin+et+lectus+odio%2C+id+pulvinar+sapien.+Maecenas+vulputate+gravida+laoreet.+Sed+ut+nisl+vel+risus+malesuada+auctor.+Aenean+viverra+fermentum+sem+nec+sodales.+Etiam+eget+arcu+nibh.+Sed+eget+euismod+massa.+Sed+feugiat+nibh+aliquam+odio+lobortis+vehicula.+Duis+vulputate+mattis+enim+at+semper.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Aenean+laoreet+ultricies+neque.+Vestibulum+ante+ipsum+primis+in+faucibus+orci+luctus+et+ultrices+posuere+cubilia+Curae%3B%0D%0A%0D%0ACras+condimentum+magna+nec+mauris+viverra+eu+vulputate+nunc+feugiat.+Proin+lobortis+ultrices+mauris.+Sed+euismod%2C+nunc+et+ullamcorper+tincidunt%2C+eros+lectus+egestas+lectus%2C+eget+aliquam+elit+augue+in+eros.+Aenean+in+lorem+sed+tellus+porta+convallis.+Phasellus+sem+nunc%2C+facilisis+vel+luctus+ut%2C+mattis+vel+risus.+Donec+quis+feugiat+nulla.+Donec+eleifend+tempor+sodales.+Sed+mattis+congue+orci+non+tincidunt.+Fusce+massa+nisi%2C+pretium+ac+consequat+non%2C+sagittis+et+justo.+Phasellus+est+velit%2C+placerat+quis+posuere+et%2C+pellentesque+at+est.+Etiam+quis+lacus+a+nibh+eleifend+adipiscing.+Sed+vel+leo+arcu.+Fusce+porta+fringilla+felis+in+blandit.%0D%0A%0D%0ADonec+pretium%2C+eros+eget+auctor+elementum%2C+neque+tortor+placerat+urna%2C+id+dapibus+magna+lacus+sed+elit.+Quisque+auctor+molestie+turpis+et+mollis.+Nam+ipsum+metus%2C+lacinia+et+blandit+a%2C+egestas+aliquam+quam.+Suspendisse+potenti.+Morbi+tempus+lorem+eget+nibh+ultricies+congue.+Maecenas+in+enim+sed+odio+cursus+tincidunt.+Aliquam+erat+volutpat.+Fusce+fermentum+consectetur+bibendum.+Aenean+adipiscing+augue+non+ante+mattis+egestas.+Maecenas+porttitor+egestas+convallis.+Pellentesque+rhoncus+tincidunt+volutpat.+Aliquam+sed+sem+ac+augue+placerat+placerat+nec+sed+neque.%0D%0A%0D%0AMorbi+congue+eleifend+metus+at+pellentesque.+Maecenas+odio+mauris%2C+suscipit+eu+placerat+rutrum%2C+venenatis+ac+libero.+Duis+eleifend%2C+risus+placerat+congue+vestibulum%2C+neque+sem+varius+diam%2C+ultricies+auctor+nisi+massa+et+tellus.+Morbi+neque+odio%2C+suscipit+eleifend+dapibus+eget%2C+sodales+ac+massa.+Nullam+laoreet%2C+libero+sit+amet+ultricies+gravida%2C+neque+sem+eleifend+metus%2C+nec+consectetur+eros+lacus+ac+mauris.+Quisque+sollicitudin+consectetur+ante+non+lacinia.+Sed+quis+dolor+dolor%2C+eu+euismod+turpis.+In+posuere+metus+et+ligula+imperdiet+vitae+placerat+eros+bibendum.+Nullam+tincidunt+tincidunt+nisl+ac+mollis.+Mauris+at+augue+justo.+Nam+ac+vestibulum+justo.+In+id+elit+tortor.+Nunc+feugiat+molestie+orci%2C+in+molestie+elit+bibendum+eu.+Proin+libero+ipsum%2C+consectetur+sit+amet+facilisis+euismod%2C+bibendum+vel+felis.+Aliquam+posuere+quam+non+sapien+placerat+porttitor.%0D%0A%0D%0ANunc+volutpat%2C+arcu+sed+fringilla+blandit%2C+odio+risus+gravida+odio%2C+sollicitudin+tincidunt+lacus+odio+a+lectus.+Morbi+lacus+quam%2C+hendrerit+nec+facilisis+non%2C+luctus+ac+velit.+Lorem+ipsum+dolor+sit+amet%2C+consectetur+adipiscing+elit.+Proin+vitae+quam+orci%2C+quis+pellentesque+nisl.+Nullam+congue+risus+non+nisl+pulvinar+iaculis.+Integer+id+nisl+lorem%2C+eget+egestas+lacus.+Sed+nec+felis+eget+nisl+sagittis+sagittis.+Nunc+eu+laoreet+velit.+Vestibulum+quis+turpis+mi%2C+eget+tempor+ipsum.+Mauris+aliquet+tristique+feugiat.+Nulla+condimentum+bibendum+augue%2C+et+hendrerit+quam+porta+eget.+Etiam+imperdiet+tellus+nisl%2C+non+laoreet+neque.+Integer+sit+amet+pulvinar+lectus.+Cras+aliquam+turpis+at+urna+aliquam+vitae+dignissim+enim+tempor.+In+hac+habitasse+platea+dictumst.+Nulla+facilisi.+Integer+id+metus+orci.+Fusce+posuere+fermentum+scelerisque.+Praesent+non+facilisis+arcu.+Mauris+cursus+sem+sed+est+consequat+et+iaculis+orci+tincidunt.%0D%0A%0D%0ACurabitur+vulputate+faucibus+elit%2C+vitae+euismod+enim+condimentum+quis.+Aenean+pretium+cursus+odio%2C+in+interdum+magna+elementum+eu.+Donec+mi+lacus%2C+pulvinar+at+euismod+id%2C+mattis+sed+mi.+Vivamus+vehicula+dolor+id+arcu+commodo+scelerisque.+Nunc+ante+enim%2C+elementum+eu+sodales+pharetra%2C+placerat+id+orci.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Nam+porttitor+ornare+sapien%2C+sit+amet+ultrices+lorem+viverra+ac.+Nunc+nec+consequat+arcu.+Pellentesque+quis+pharetra+purus.+Vestibulum+consequat+sapien+non+velit+euismod+ultrices.+Donec+ultrices+mattis+metus%2C+id+suscipit+ipsum+tempus+vitae.+Duis+sodales%2C+arcu+et+tempor+molestie%2C+nibh+enim+ornare+dolor%2C+eu+rutrum+sapien+mauris+porttitor+sem.+Cras+at+convallis+dui.+Integer+sed+magna+turpis.+Morbi+congue+dictum+mauris%2C+ut+pellentesque+lorem+rhoncus+sit+amet.+Praesent+venenatis+purus+a+augue+rutrum+scelerisque.+Nulla+vitae+enim+quis+massa+mattis+malesuada+vitae+sed+purus.+Integer+luctus+posuere+arcu%2C+eu+lacinia+nunc+porttitor+vitae.+Curabitur+ullamcorper+consectetur+velit%2C+ut+porttitor+nulla+consequat+at.+Proin+quis+sapien+quis+lorem+venenatis+venenatis+sed+a+ante.%0D%0A%0D%0ANam+elementum+mauris+in+felis+accumsan+dignissim.+Etiam+sit+amet+elit+velit%2C+id+pellentesque+lorem.+Suspendisse+potenti.+Nam+imperdiet+interdum+lacus+et+facilisis.+Mauris+a+erat+leo%2C+posuere+dignissim+ante.+Pellentesque+at+turpis+sit+amet+odio+venenatis+accumsan+ut+in+diam.+Duis+vel+dolor+condimentum+erat+cursus+ornare.+Praesent+tempor+erat+vel+sapien+tempus+tincidunt.+Curabitur+consequat+lectus+lacus.+Suspendisse+ac+lectus+mauris%2C+ut+pharetra+diam.+Nam+massa+eros%2C+tincidunt+sit+amet+rhoncus+quis%2C+tincidunt+id+ipsum.+Aenean+tempus+porta+nibh+volutpat+iaculis.+Nulla+eleifend+laoreet+laoreet.+Aliquam+erat+volutpat.+Praesent+dolor+purus%2C+congue+eu+condimentum+sollicitudin%2C+posuere+ac+purus.+Sed+dolor+augue%2C+pretium+vel+mattis+sit+amet%2C+volutpat+eget+elit.%0D%0A%0D%0AAenean+sed+turpis+ac+odio+varius+bibendum.+Suspendisse+nulla+metus%2C+accumsan+non+euismod+nec%2C+fermentum+id+turpis.+Integer+venenatis+ante+et+odio+viverra+eget+condimentum+ipsum+blandit.+Morbi+convallis+venenatis+massa+ut+varius.+Vivamus+non+massa+sed+augue+pulvinar+porta.+Phasellus+sem+orci%2C+ultricies+et+lobortis+ac%2C+iaculis+non+libero.+Donec+non+magna+sit+amet+dolor+eleifend+pharetra+eu+eu+risus.+Duis+in+nisi+nulla%2C+sed+egestas+diam.+Morbi+at+nisl+metus%2C+in+tincidunt+tellus.+Mauris+a+rutrum+justo.+Proin+ligula+quam%2C+hendrerit+eu+viverra+non%2C+blandit+at+massa.+Praesent+ornare+nisi+et+dolor+vulputate+vel+porttitor+quam+varius.%0D%0A%0D%0ASuspendisse+tempor+pretium+luctus.+Nunc+cursus+sapien+rutrum+dolor+dictum+a+tincidunt+leo+pretium.+Ut+porta%2C+magna+bibendum+cursus+mollis%2C+lorem+augue+rhoncus+metus%2C+in+convallis+diam+elit+rhoncus+ante.+Integer+ut+condimentum+turpis.+Nulla+quis+erat+lectus.+Phasellus+volutpat+pulvinar+convallis.+Donec+quis+ante+sem%2C+ac+elementum+urna.+Suspendisse+ullamcorper+commodo+tortor%2C+a+venenatis+nisl+ullamcorper+a.+Integer+euismod+lobortis+purus%2C+non+fringilla+nunc+aliquam+vitae.+Sed+sit+amet+dolor+dui.+Donec+ultricies+bibendum+condimentum.+Nunc+mi+elit%2C+viverra+vitae+volutpat+blandit%2C+laoreet+id+diam.%0D%0A%0D%0AAenean+at+venenatis+nisi.+Morbi+vulputate+elit+sit+amet+felis+placerat+nec+bibendum+erat+aliquam.+Nullam+dignissim+nulla+sit+amet+tortor+dictum+pulvinar+ut+at+massa.+Sed+a+feugiat+nisi.+Quisque+ultricies+egestas+dui%2C+imperdiet+accumsan+leo+rhoncus+eget.+Mauris+molestie+diam+eget+nulla+sollicitudin+ut+lobortis+purus+rhoncus.+Aenean+ut+ligula+et+lacus+iaculis+ullamcorper.+Mauris+non+felis+sed+massa+imperdiet+mollis.+Proin+tristique+lorem+id+sem+placerat+ac+egestas+ipsum+vestibulum.+Maecenas+enim+nisl%2C+sollicitudin+quis+consequat+eu%2C+mollis+quis+ipsum.+Proin+leo+mauris%2C+pulvinar+sit+amet+vestibulum+ac%2C+pulvinar+ac+quam.%0D%0A%0D%0AFusce+sem+odio%2C+pretium+non+bibendum+nec%2C+suscipit+nec+tortor.+Donec+elit+odio%2C+sollicitudin+vitae+pretium+in%2C+ultricies+sit+amet+turpis.+Curabitur+at+justo+nunc.+Sed+in+consectetur+magna.+Cras+imperdiet+felis+a+turpis+ultricies+blandit.+In+aliquam+dictum+ante+eget+vehicula.+Aliquam+erat+volutpat.+Nulla+interdum+purus+dolor.+Nullam+convallis+hendrerit+commodo.+Donec+consectetur+nulla+ac+ligula+suscipit+dignissim.+Pellentesque+eget+mauris+nec+orci+pharetra+tempus+at+eu+quam.+Phasellus+neque+massa%2C+convallis+sed+interdum+et%2C+iaculis+vel+tellus.%0D%0A%0D%0ADonec+tincidunt+nulla+sed+orci+tempor+eget+pretium+magna+ultrices.+Fusce+vestibulum+lacus+vel+ante+hendrerit+fringilla.+Donec+risus+felis%2C+varius+sit+amet+semper+a%2C+porttitor+at+metus.+Curabitur+dui+nulla%2C+convallis+in+posuere+eget%2C+iaculis+non+arcu.+In+facilisis+erat+vitae+ligula+rhoncus+eget+mollis+nibh+tempor.+Nunc+posuere+pretium+lacinia.+Sed+condimentum+bibendum+fringilla.+Donec+sit+amet+purus+id+odio+venenatis+pulvinar.+Nam+vitae+risus+sed+libero+luctus+blandit.+In+eget+massa+sit+amet+mi+tempor+semper+in+quis+nisi.+Fusce+nec+semper+ligula.+Aliquam+a+orci+id+lectus+adipiscing+bibendum+eget+non+nulla.+Morbi+vitae+ornare+lorem.+Nunc+faucibus%2C+enim+vel+vehicula+faucibus%2C+ligula+nibh+interdum+ipsum%2C+ut+eleifend+nisl+dolor+nec+nisi.%0D%0A%0D%0AIn+et+venenatis+ligula.+Quisque+pulvinar%2C+tellus+sed+molestie+vulputate%2C+lacus+odio+ultrices+lorem%2C+a+ornare+tortor+sapien+ac+sem.+Vestibulum+nibh+enim%2C+auctor+at+condimentum+ut%2C+tincidunt+at+orci.+Phasellus+placerat+sem+id+purus+consequat+non+venenatis+dui+consequat.+Cum+sociis+natoque+penatibus+et+magnis+dis+parturient+montes%2C+nascetur+ridiculus+mus.+Vivamus+aliquam+rutrum+diam+at+rutrum.+Vivamus+a+nunc+eros.+Donec+aliquam+turpis+facilisis+lorem+aliquam+sit+amet+euismod+augue+lacinia.+Duis+ligula+orci%2C+dictum+sed+venenatis+vitae%2C+elementum+scelerisque+neque.+Pellentesque+habitant+morbi+tristique+senectus+et+netus+et+malesuada+fames+ac+turpis+egestas.+Curabitur+imperdiet+tincidunt+auctor.+Integer+ut+tellus+sed+justo+blandit+congue+sit+amet+malesuada+diam.+Aenean+egestas+congue+augue+ac+mattis.+Nam+vestibulum+dapibus+mattis.+Morbi+elit+metus%2C+sagittis+quis+faucibus+sit+amet%2C+varius+in+elit.+Maecenas+eu+ante+et+arcu+sagittis+sodales+at+in+volutpat.%3C%2Fsl%3AXMLContent%3E%0D%0A++++%3C%2Fsl%3ADataObject%3E%0D%0A+++%3Csl%3ATransformsInfo%3E%0D%0A+++++%3Csl%3AFinalDataMetaInfo%3E%0D%0A++++++%3Csl%3AMimeType%3Etext%2Fplain%3C%2Fsl%3AMimeType%3E%0D%0A++++++%3C%2Fsl%3AFinalDataMetaInfo%3E%0D%0A+++%3C%2Fsl%3ATransformsInfo%3E%0D%0A+%3C%2Fsl%3ADataObjectInfo%3E%0D%0A%3C%2Fsl%3ACreateXMLSignatureRequest%3E&EmptyParam=&TransferParam__=%21%22%23%24%25%26%27%28%29*%2B%2C-.%2F0123456789%3A%3B%3C%3D%3E%3F%40ABCDEFGHIJKLMNOPQRSTUVWXYZ%5B%5C%5D%5E_%60abcdefghijklmnopqrstuvwxyz%7B%7C%7D%7E%C2%A1%C2%A2%C2%A3%C2%A4%C2%A5%C2%A6%C2%A7%C2%A8%C2%A9%C2%AA%C2%AB%C2%AC+%C2%AE%C2%AF%C2%B0%C2%B1%C2%B2%C2%B3%C2%B4%C2%B5%C2%B6%C2%B7%C2%B8%C2%B9%C2%BA%C2%BB%C2%BC%C2%BD%C2%BE%C2%BF%C3%80%C3%81%C3%82%C3%83%C3%84%C3%85%C3%86%C3%87%C3%88%C3%89%C3%8A%C3%8B%C3%8C%C3%8D%C3%8E%C3%8F%C3%90%C3%91%C3%92%C3%93%C3%94%C3%95%C3%96%C3%97%C3%98%C3%99%C3%9A%C3%9B%C3%9C%C3%9D%C3%9E%C3%9F%C3%A0%C3%A1%C3%A2%C3%A3%C3%A4%C3%A5%C3%A6%C3%A7%C3%A8%C3%A9%C3%AA%C3%AB%C3%AC%C3%AD%C3%AE%C3%AF%C3%B0%C3%B1%C3%B2%C3%B3%C3%B4%C3%B5%C3%B6%C3%B7%C3%B8%C3%B9%C3%BA%C3%BB%C3%BC%C3%BD%C3%BE%C3%BF%CE%8E%CE%8F%CE%90%CE%91%CE%92%CE%93%CE%94%CE%95%CE%96%CE%97%CE%98%CE%99%CE%9A%CE%9B%CE%9C%CE%9D%CE%9E%CE%9F%CE%A0%CE%A1%CE%A3%CE%A4%CE%A5%CE%A6%CE%A7%CE%A8%CE%A9%CE%AA%CE%AB%CE%AC%CE%AD%CE%AE%CE%AF%CE%B0%CE%B1%CE%B2%CE%B3%CE%B4%CE%B5%CE%B6%CE%B7%CE%B8%CE%B9%CE%BA%CE%BB%CE%BC%CE%BD%CE%BE%CE%BF%CF%80%CF%81%CF%82%CF%83%CF%84%CF%85%CF%86%CF%87%CF%88%CF%89%CF%8A%CF%8B%CF%8C%CF%8D%CF%8E%CF%90%CF%91%CF%92%CF%93%CF%94%CF%95%CF%96%CF%97%CF%98%CF%99%CF%9A%CF%9B%CF%9C%CF%9D%CF%9E%CF%9F%CF%A0%CF%A1%D0%80%D0%81%D0%82%D0%83%D0%84%D0%85%D0%86%D0%87%D0%88%D0%89%D0%8A%D0%8B%D0%8C%D0%8D%D0%8E%D0%8F%D0%90%D0%91%D0%92%D0%93%D0%94%D0%95%D0%96%D0%97%D0%98%D0%99%D0%9A%D0%9B%D0%9C%D0%9D%D0%9E%D0%9F%D0%A0%D0%A1%D0%A2%D0%A3%D0%A4%D0%A5%D0%A6%D0%A7%D0%A8%D0%A9%D0%AA%D0%AB%D0%AC%D0%AD%D0%AE%D0%AF%D0%B0%D0%B1%D0%B2%D0%B3%D0%B4%D0%B5%D0%B6%D0%B7%D0%B8%D0%B9%D0%BA%D0%BB%D0%BC%D0%BD%D0%BE%D0%BF%D1%80%D1%81%D1%82%D1%83%D1%84%D1%85%D1%86%D1%87%D1%88%D1%89%D1%8A%D1%8B%D1%8C%D1%8D%D1%8E%D1%8F%D1%90%D1%91%D1%92%D1%93%D1%94%D1%95%D1%96%D1%97%D1%98%D1%99%D1%9A%D1%9B%D1%9C%D1%9D%D1%9E%D1%9F%D2%90%D2%91%D2%92%D2%93%D2%94%D2%95%D2%96%D2%97%D2%98%D2%99%D2%9A%D2%9B%D2%B0%D2%B1%D2%B2%D2%B3%D3%80%D3%81%D3%82%D3%83%D3%84%D3%90%D3%91%D3%92%D3%93%D3%94%D3%95%D3%96%D3%97%D3%98%D3%99%D3%9A%D3%9B%D3%9C%D3%9D%D3%9E%D3%9F%D3%A0%D3%A1%D3%A2%D3%A3%D3%A4%D3%A5%D3%A6%D3%A7%D3%A8%D3%A9%D3%AA%D3%AB%D3%AC%D3%AD%D3%AE%D3%AF%D3%B0%D3%B1%D3%B2%D3%B3%D3%B4%D3%B5%D3%B6%D3%B7%D3%B8%D3%B9 \ No newline at end of file -- cgit v1.2.3 From 5af9b75dccc1b52d1382fe0f2df30affd509f5b9 Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 24 Nov 2009 18:48:00 +0000 Subject: Filenames derived from reference URI git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@553 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../egiz/bku/online/applet/AppletSecureViewer.java | 3 +- .../java/at/gv/egiz/bku/gui/HyperlinkRenderer.java | 10 ++- .../java/at/gv/egiz/bku/gui/viewer/MimeFilter.java | 56 +------------- .../java/at/gv/egiz/bku/gui/viewer/MimeTypes.java | 53 +++++++++++++ .../bku/gui/viewer/SecureViewerSaveDialog.java | 5 +- .../gv/egiz/stal/impl/ByteArrayHashDataInput.java | 9 ++- .../at/gv/egiz/bku/gui/Messages.properties | 3 +- .../at/gv/egiz/bku/gui/Messages_en.properties | 1 + .../test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java | 12 ++- .../at/gv/egiz/bku/gui/SecureViewerDialogTest.java | 6 +- BKUOnline/pom.xml | 2 +- .../gv/egiz/stal/service/impl/STALServiceImpl.java | 1 + BKUOnline/src/main/webapp/META-INF/context.xml | 2 +- BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.xsd | 1 + BKUOnline/src/main/wsdl/stal-service.xsd | 1 + .../egiz/stal/service/STALRequestBrokerTest.java | 21 ++++++ .../main/java/at/gv/egiz/stal/HashDataInput.java | 2 + .../types/GetHashDataInputResponseType.java | 28 +++++++ .../gv/egiz/bku/binding/HTTPBindingProcessor.java | 1 + .../slcommands/impl/DataObjectHashDataInput.java | 6 ++ .../egiz/bku/slcommands/impl/xsect/DataObject.java | 88 ++++++++++++++++++++-- .../bku/slcommands/impl/xsect/SignatureTest.java | 50 +++++++++++- .../impl/DataObjectInfo_Detached_LocRefContent.xml | 13 ++++ .../impl/DataObjectInfo_LocRefContent_2.xml | 2 +- .../at/gv/egiz/slbinding/RedirectEventFilter.java | 3 - .../gv/egiz/slbinding/impl/TransformsInfoType.java | 8 ++ .../at/gv/egiz/slbinding/impl/XMLContentType.java | 9 +++ 27 files changed, 313 insertions(+), 83 deletions(-) create mode 100644 BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/MimeTypes.java create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_LocRefContent.xml (limited to 'bkucommon/src/test/resources') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java index 2e0cb331..c67699af 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java @@ -180,6 +180,7 @@ public class AppletSecureViewer implements SecureViewer { byte[] hdi = hashDataInput.getValue(); String mimeType = hashDataInput.getMimeType(); String encoding = hashDataInput.getEncoding(); + String filename = hashDataInput.getFilename(); if (hdi == null) { throw new Exception("No hashdata input for reference " + signedRefId + " provided by service"); @@ -199,7 +200,7 @@ public class AppletSecureViewer implements SecureViewer { throw new DigestException("Bad digest value for reference " + signedRefId); } - verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding)); + verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding, filename)); } } diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/HyperlinkRenderer.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/HyperlinkRenderer.java index 16024fcc..6af22815 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/HyperlinkRenderer.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/HyperlinkRenderer.java @@ -39,10 +39,14 @@ public class HyperlinkRenderer extends DefaultTableCellRenderer { @Override protected void setValue(Object value) { String hrefText; - if (renderReferenceId) { - hrefText = ((HashDataInput) value).getReferenceId(); + if (((HashDataInput) value).getFilename() != null) { + hrefText = ((HashDataInput) value).getFilename(); } else { - hrefText = ((HashDataInput) value).getMimeType(); + if (renderReferenceId) { + hrefText = ((HashDataInput) value).getReferenceId(); + } else { + hrefText = ((HashDataInput) value).getMimeType(); + } } super.setText("" + hrefText + ""); setForeground(BKUGUIFacade.HYPERLINK_COLOR); diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/MimeFilter.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/MimeFilter.java index c0385dce..5d64eb4f 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/MimeFilter.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/MimeFilter.java @@ -26,14 +26,6 @@ import javax.swing.filechooser.FileFilter; */ class MimeFilter extends FileFilter { - private static final String MIMETYPE_DESC_XML = "mimetype.desc.xml"; - private static final String MIMETYPE_DESC_HTML = "mimetype.desc.html"; - private static final String MIMETYPE_DESC_XHTML = "mimetype.desc.xhtml"; - private static final String MIMETYPE_DESC_TXT = "mimetype.desc.txt"; - private static final String MIMETYPE_DESC_PDF = "mimetype.desc.pdf"; - private static final String MIMETYPE_DESC_BIN = "mimetype.desc.bin"; - private static final String MIMETYPE_DESC_UNKNOWN = "mimetype.desc.unknown"; - protected String mimeType; protected ResourceBundle messages; @@ -48,21 +40,7 @@ class MimeFilter extends FileFilter { if (f.isDirectory()) { return true; } - - String ext = getExtension(f); - if ("text/xml".equals(mimeType)) { - return "xml".equalsIgnoreCase(ext); - } else if ("text/html".equals(mimeType)) { - return "html".equalsIgnoreCase(ext) || "htm".equalsIgnoreCase(ext); - } else if ("application/xhtml+xml".equals(mimeType)) { - return "xhtml".equalsIgnoreCase(ext); - } else if ("text/plain".equals(mimeType)) { - return "txt".equalsIgnoreCase(ext); - } else if ("application/pdf".equals(mimeType)) { - return "pdf".equalsIgnoreCase(ext); - } else { - return true; - } + return MimeTypes.getExtension(mimeType).equalsIgnoreCase(getExtension(f)); } private String getExtension(File f) { @@ -78,38 +56,10 @@ class MimeFilter extends FileFilter { @Override public String getDescription() { - if ("text/xml".equals(mimeType)) { - return messages.getString(MIMETYPE_DESC_XML); - } else if ("text/html".equals(mimeType)) { - return messages.getString(MIMETYPE_DESC_HTML); - } else if ("application/xhtml+xml".equals(mimeType)) { - return messages.getString(MIMETYPE_DESC_XHTML); - } else if ("text/plain".equals(mimeType)) { - return messages.getString(MIMETYPE_DESC_TXT); - } else if ("application/pdf".equals(mimeType)) { - return messages.getString(MIMETYPE_DESC_PDF); - } else if ("application/octet-stream".equals(mimeType)) { - return messages.getString(MIMETYPE_DESC_BIN); - } else { - return messages.getString(MIMETYPE_DESC_UNKNOWN); - } + return messages.getString(MimeTypes.getDescriptionKey(mimeType)); } public static String getExtension(String mimeType) { - if ("text/xml".equals(mimeType)) { - return ".xml"; - } else if ("text/html".equals(mimeType)) { - return ".html"; - } else if ("application/xhtml+xml".equals(mimeType)) { - return ".xhtml"; - } else if ("text/plain".equals(mimeType)) { - return ".txt"; - } else if ("application/pdf".equals(mimeType)) { - return ".pdf"; - } else if ("application/octet-stream".equals(mimeType)) { - return ".bin"; - } else { - return ""; - } + return MimeTypes.getExtension(mimeType); } } \ No newline at end of file diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/MimeTypes.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/MimeTypes.java new file mode 100644 index 00000000..4500fa71 --- /dev/null +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/MimeTypes.java @@ -0,0 +1,53 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.bku.gui.viewer; + +import java.util.HashMap; +import java.util.Map; + +/** + * + * @author clemens + */ +public class MimeTypes { + + private static final Map FILE_EXTENSIONS = new HashMap() {{ + put("application/msword", ".doc"); + put("application/octet-stream", ".bin"); + put("application/pdf", ".pdf"); + put("application/xhtml+xml", ".xhtml"); + put("text/html", ".html"); + put("text/plain", ".txt"); + put("text/xml", ".xml"); + }}; + + private static final Map DESCRIPTIONS = new HashMap() {{ + put("application/msword", "mimetype.desc.doc"); + put("application/octet-stream", "mimetype.desc.bin"); + put("application/pdf", "mimetype.desc.pdf"); + put("application/xhtml+xml", "mimetype.desc.xhtml"); + put("text/html", "mimetype.desc.html"); + put("text/plain", "mimetype.desc.txt"); + put("text/xml", "mimetype.desc.xml"); + }}; + + public static String getExtension(String mimetype) { + if (FILE_EXTENSIONS.containsKey(mimetype)) { + return FILE_EXTENSIONS.get(mimetype); + } + return ""; + } + + /** + * @return bundle key to be resolved in message resource bundle + */ + public static String getDescriptionKey(String mimetype) { + if (DESCRIPTIONS.containsKey(mimetype)) { + return DESCRIPTIONS.get(mimetype); + } + return "mimetype.desc.unknown"; + } +} diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/SecureViewerSaveDialog.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/SecureViewerSaveDialog.java index 40133f95..3303d4ef 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/SecureViewerSaveDialog.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/viewer/SecureViewerSaveDialog.java @@ -52,8 +52,9 @@ public class SecureViewerSaveDialog { String mimeType = hashDataInput.getMimeType(); MimeFilter mimeFilter = new MimeFilter(mimeType, messages); fileDialog.setFileFilter(mimeFilter); - String filename = messages - .getString(BKUGUIFacade.SAVE_HASHDATAINPUT_PREFIX) + String filename = (hashDataInput.getFilename() != null) ? + hashDataInput.getFilename() : + messages.getString(BKUGUIFacade.SAVE_HASHDATAINPUT_PREFIX) + MimeFilter.getExtension(mimeType); fileDialog.setSelectedFile(new File(userHome, filename)); diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java b/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java index 6ca9a0b2..b9416845 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java @@ -36,8 +36,9 @@ public class ByteArrayHashDataInput implements HashDataInput { protected String id; protected String mimeType; protected String encoding; + protected String filename; - public ByteArrayHashDataInput(byte[] hashData, String id, String mimeType, String encoding) { + public ByteArrayHashDataInput(byte[] hashData, String id, String mimeType, String encoding, String filename) { if (hashData == null) { throw new NullPointerException("HashDataInput not provided."); } @@ -45,6 +46,7 @@ public class ByteArrayHashDataInput implements HashDataInput { this.id = id; this.mimeType = mimeType; this.encoding = encoding; + this.filename = filename; } /** @@ -96,5 +98,10 @@ public class ByteArrayHashDataInput implements HashDataInput { return encoding; } + @Override + public String getFilename() { + return filename; + } + } diff --git a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties index 7135b561..3e483fc8 100644 --- a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties +++ b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties @@ -48,7 +48,7 @@ hashdatalink.tiny.focus=[Signaturdaten] #verwenden sie bitte die von ihrem System zur Verf\u00FCgung gestellte {0} Anwendung. hashdatalist={0} Signaturdaten: hashdata.viewer=Signaturdaten werden im Betrachter angezeigt -unsupported.mimetype=Signaturdaten können nicht angezeigt werden +unsupported.mimetype=Signaturdaten k\u00F6nnen nicht angezeigt werden retries.last=Letzter Versuch! retries=Noch {0} Versuche retries.pinpad.last=Eingabe wiederholen, letzter Versuch! @@ -71,6 +71,7 @@ mimetype.desc.xhtml=XHTML-Dateien (.xhtml) mimetype.desc.txt=Textdateien (.txt) mimetype.desc.pdf=Adobe PDF-Dateien (.pdf) mimetype.desc.bin=Bin\u00E4rdateien (.bin) +mimetype.desc.doc=Microsoft Word-Dateien (.doc) mimetype.desc.unknown=Alle Dateien (.*) save.hashdatainput.prefix=Signaturdaten alt.help=Hilfe diff --git a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages_en.properties b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages_en.properties index 6e89510e..c553bcb5 100644 --- a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages_en.properties +++ b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages_en.properties @@ -69,6 +69,7 @@ mimetype.desc.xhtml=XHTML-files (.xhtml) mimetype.desc.txt=Textfiles (.txt) mimetype.desc.pdf=Adobe PDF-files (.pdf) mimetype.desc.bin=Binary files (.bin) +mimetype.desc.doc=Microsoft Word-files (.doc) mimetype.desc.unknown=All files (.*) save.hashdatainput.prefix=signaturedata alt.help=help diff --git a/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java b/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java index 20654141..6e345ee3 100644 --- a/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java +++ b/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java @@ -85,25 +85,29 @@ public class BKUGUIWorker implements Runnable { "Ich bin ein einfacher Text mit Umlauten: öäüßéç@€\n123\n456\n\tHello, world!\n\nlkjsd\nnksdjf".getBytes(), "ref-id-0000000000000000000000001", "text/plain", - "UTF-8"); + "UTF-8", + "file.txt"); HashDataInput signedRef2 = new ByteArrayHashDataInput( "HashDataInput_002".getBytes(), "ref-id-000000002", "application/xhtml+xml", - "UTF-8"); + "UTF-8", + "file.xhtml"); HashDataInput signedRef3 = new ByteArrayHashDataInput( "HashDataInput_003".getBytes(), "ref-id-000000003", "application/xhtml+xml", - "UTF-8"); + "UTF-8", + "file2.xhtml"); HashDataInput signedRef4 = new ByteArrayHashDataInput( "HashDataInput_004".getBytes(), "ref-id-000000004", "text/xml", - "UTF-8"); + "UTF-8", + "file.xml"); // List signedRefs = new ArrayList(); diff --git a/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/SecureViewerDialogTest.java b/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/SecureViewerDialogTest.java index 131a344f..9bbc1b1a 100644 --- a/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/SecureViewerDialogTest.java +++ b/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/SecureViewerDialogTest.java @@ -66,7 +66,7 @@ public class SecureViewerDialogTest { String s = new String(bytes, "iso-8859-1"); System.out.println("read iso-8859-1 bytes " + s); - secureViewer.setContent(new ByteArrayHashDataInput(s.getBytes("UTF-8"), "id-1", "text/plain", "iso-8859-1")); + secureViewer.setContent(new ByteArrayHashDataInput(s.getBytes("UTF-8"), "id-1", "text/plain", "iso-8859-1", "file.txt")); } @@ -87,7 +87,7 @@ public class SecureViewerDialogTest { } System.out.println(data.toString()); - secureViewer.setContent(new ByteArrayHashDataInput(data.toString().getBytes("UTF-8"), "id-1", "text/plain", "UTF-8")); + secureViewer.setContent(new ByteArrayHashDataInput(data.toString().getBytes("UTF-8"), "id-1", "text/plain", "UTF-8", "file.txt")); } @@ -146,7 +146,7 @@ public class SecureViewerDialogTest { // byte[] bytes2 = data.getBytes("cp1252"); // System.out.println(data + "\t" + SMCCHelper.toString(bytes2)); - secureViewer.setContent(new ByteArrayHashDataInput(data.toString().getBytes("UTF-8"), "id-1", "text/plain", "UTF-8")); + secureViewer.setContent(new ByteArrayHashDataInput(data.toString().getBytes("UTF-8"), "id-1", "text/plain", "UTF-8", "file.txt")); System.out.println("\n\n=============================\n"); // diff --git a/BKUOnline/pom.xml b/BKUOnline/pom.xml index ed7f228c..c7c40982 100644 --- a/BKUOnline/pom.xml +++ b/BKUOnline/pom.xml @@ -263,7 +263,7 @@ staltypes-custom.xml cardchannel-custom.xml - ${basedir}/src/main/webapp/WEB-INF/wsdl + ${basedir}/src/main/wsdl stal-service.wsdl diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java index eab9bed5..c8ab280f 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java @@ -267,6 +267,7 @@ public class STALServiceImpl implements STALPortType { ref.setID(reqRefId); ref.setMimeType(reqHdi.getMimeType()); ref.setEncoding(reqHdi.getEncoding()); + ref.setFilename(reqHdi.getFilename()); ref.setValue(baos.toByteArray()); response.getReference().add(ref); } catch (IOException ex) { diff --git a/BKUOnline/src/main/webapp/META-INF/context.xml b/BKUOnline/src/main/webapp/META-INF/context.xml index f38215a1..2a2da79e 100644 --- a/BKUOnline/src/main/webapp/META-INF/context.xml +++ b/BKUOnline/src/main/webapp/META-INF/context.xml @@ -16,4 +16,4 @@ limitations under the License. --> - + diff --git a/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.xsd b/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.xsd index 2389e043..a420035f 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.xsd +++ b/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.xsd @@ -151,6 +151,7 @@ + diff --git a/BKUOnline/src/main/wsdl/stal-service.xsd b/BKUOnline/src/main/wsdl/stal-service.xsd index 870e2db6..177b9e7f 100644 --- a/BKUOnline/src/main/wsdl/stal-service.xsd +++ b/BKUOnline/src/main/wsdl/stal-service.xsd @@ -166,6 +166,7 @@ + diff --git a/BKUOnline/src/test/java/at/gv/egiz/stal/service/STALRequestBrokerTest.java b/BKUOnline/src/test/java/at/gv/egiz/stal/service/STALRequestBrokerTest.java index a1f3864e..741974eb 100644 --- a/BKUOnline/src/test/java/at/gv/egiz/stal/service/STALRequestBrokerTest.java +++ b/BKUOnline/src/test/java/at/gv/egiz/stal/service/STALRequestBrokerTest.java @@ -126,6 +126,12 @@ public class STALRequestBrokerTest { public String getEncoding() { return "UTF-8"; } + + + @Override + public String getFilename() { + return "file.txt"; + } }; r1.setHashDataInput(Collections.singletonList(hdi)); requests.add(r1); @@ -172,6 +178,11 @@ public class STALRequestBrokerTest { public String getEncoding() { return "UTF-8"; } + + @Override + public String getFilename() { + return "file.txt"; + } }; r1.setHashDataInput(Collections.singletonList(hdi)); requests.add(r1); @@ -231,6 +242,11 @@ public class STALRequestBrokerTest { public String getEncoding() { return "UTF-8"; } + + @Override + public String getFilename() { + return "file.txt"; + } }; r1.setHashDataInput(Collections.singletonList(hdi)); requests.add(r1); @@ -259,6 +275,11 @@ public class STALRequestBrokerTest { public String getEncoding() { return "UTF-8"; } + + @Override + public String getFilename() { + return "file.xml"; + } }; r2.setHashDataInput(Collections.singletonList(hdi2)); requests2.add(r2); diff --git a/STAL/src/main/java/at/gv/egiz/stal/HashDataInput.java b/STAL/src/main/java/at/gv/egiz/stal/HashDataInput.java index 62c25fc4..7092470c 100644 --- a/STAL/src/main/java/at/gv/egiz/stal/HashDataInput.java +++ b/STAL/src/main/java/at/gv/egiz/stal/HashDataInput.java @@ -31,6 +31,8 @@ public interface HashDataInput { public String getEncoding(); + public String getFilename(); + public InputStream getHashDataInput(); } diff --git a/STALService/src/main/java/at/gv/egiz/stal/service/types/GetHashDataInputResponseType.java b/STALService/src/main/java/at/gv/egiz/stal/service/types/GetHashDataInputResponseType.java index 7536d936..ad029757 100644 --- a/STALService/src/main/java/at/gv/egiz/stal/service/types/GetHashDataInputResponseType.java +++ b/STALService/src/main/java/at/gv/egiz/stal/service/types/GetHashDataInputResponseType.java @@ -28,6 +28,7 @@ import javax.xml.bind.annotation.XmlValue; * <attribute name="ID" type="{http://www.w3.org/2001/XMLSchema}string" /> * <attribute name="MimeType" type="{http://www.w3.org/2001/XMLSchema}string" /> * <attribute name="Encoding" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="Filename" type="{http://www.w3.org/2001/XMLSchema}string" /> * </extension> * </simpleContent> * </complexType> @@ -118,6 +119,7 @@ public class GetHashDataInputResponseType { * <attribute name="ID" type="{http://www.w3.org/2001/XMLSchema}string" /> * <attribute name="MimeType" type="{http://www.w3.org/2001/XMLSchema}string" /> * <attribute name="Encoding" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="Filename" type="{http://www.w3.org/2001/XMLSchema}string" /> * </extension> * </simpleContent> * </complexType> @@ -139,6 +141,8 @@ public class GetHashDataInputResponseType { protected String mimeType; @XmlAttribute(name = "Encoding") protected String encoding; + @XmlAttribute(name = "Filename") + protected String filename; /** * Gets the value of the value property. @@ -234,6 +238,30 @@ public class GetHashDataInputResponseType { this.encoding = value; } + /** + * Gets the value of the filename property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getFilename() { + return filename; + } + + /** + * Sets the value of the filename property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setFilename(String value) { + this.filename = value; + } + } } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java index b1906666..e39addb5 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java @@ -339,6 +339,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements // process headers and request setHTTPHeaders(dataUrlResponse.getResponseHeaders()); consumeRequestStream(dataUrlResponse.getStream()); + //TODO check for bindingProcessorError closeDataUrlConnection(); srcContex.setSourceCertificate(conn.getServerCertificate()); srcContex.setSourceIsDataURL(true); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java index 1a9b56fb..57358ba0 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java @@ -50,4 +50,10 @@ public class DataObjectHashDataInput implements HashDataInput { return HttpUtil.getCharset(dataObject.getMimeType(), false); } + @Override + public String getFilename() { + //TODO obtain filename from dataObject, if not set return null or get filename (extension!) from mimetype + return dataObject.getFilename(); + } + } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java index 89124d16..6e84081e 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/DataObject.java @@ -49,8 +49,6 @@ import javax.xml.crypto.dsig.spec.XPathType; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.w3._2000._09.xmldsig_.TransformType; -import org.w3._2000._09.xmldsig_.TransformsType; import org.w3c.dom.DOMConfiguration; import org.w3c.dom.DOMException; import org.w3c.dom.Document; @@ -71,6 +69,7 @@ import at.buergerkarte.namespaces.securitylayer._1.DataObjectInfoType; import at.buergerkarte.namespaces.securitylayer._1.MetaInfoType; import at.buergerkarte.namespaces.securitylayer._1.TransformsInfoType; import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.gui.viewer.MimeTypes; import at.gv.egiz.bku.slexceptions.SLCommandException; import at.gv.egiz.bku.slexceptions.SLRequestException; import at.gv.egiz.bku.slexceptions.SLRuntimeException; @@ -81,11 +80,11 @@ import at.gv.egiz.bku.viewer.ValidationException; import at.gv.egiz.bku.viewer.Validator; import at.gv.egiz.bku.viewer.ValidatorFactory; import at.gv.egiz.dom.DOMUtils; -import at.gv.egiz.marshal.NamespacePrefixMapperImpl; import at.gv.egiz.slbinding.impl.XMLContentType; -import javax.xml.namespace.NamespaceContext; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; +import java.io.File; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URL; /** * This class represents a DataObject of an XML-Signature @@ -184,7 +183,9 @@ public class DataObject { * An optional description of the digest input. */ private String description; - + + private String filename; + /** * Creates a new instance. * @@ -230,6 +231,10 @@ public class DataObject { return mimeType; } + public String getFilename() { + return filename; + } + /** * @return the description */ @@ -336,7 +341,74 @@ public class DataObject { } // other values are not allowed by the schema and are therefore ignored - + + this.filename = deriveFilename(); + } + + /** + * Extract filename from reference URI + * or propose reference Id with an apropriate (mime-type) file extension + * + * @return if neither reference nor id can be extracted return null (or data.extension?) + */ + private String deriveFilename() { + + String filename = null; + + if (reference != null) { + if (reference.getURI() != null && !"".equals(reference.getURI())) { + try { + log.info("deriving filename from reference URI " + reference.getURI()); + URI refURI = new URI(reference.getURI()); + + if (refURI.isOpaque()) { + // could check scheme component, but also allow other schemes (e.g. testlocal) + log.trace("opaque reference URI, use scheme-specific part as filename"); + filename = refURI.getSchemeSpecificPart(); + if (!hasExtension(filename)) { + filename += MimeTypes.getExtension(mimeType); + } + // else hierarchical URI: + // for shorthand xpointer use fragment as filename, + // for any other xpointer use reference Id and + // for any other hierarchical (absolute or relative) use filename (ignore fragment, see xmldsig section 4.3.3.2: fragments not recommendet) + } else if ("".equals(refURI.getPath()) && + refURI.getFragment() != null && + refURI.getFragment().indexOf('(') < 0) { // exclude (schemebased) xpointer expressions + log.trace("fragment (shorthand xpointer) URI, use fragment as filename"); + filename = refURI.getFragment(); + if(!hasExtension(filename)) { + filename += MimeTypes.getExtension(mimeType); + } + } else if (!"".equals(refURI.getPath())) { + log.trace("hierarchical URI with path component, use path as filename"); + File refFile = new File(refURI.getPath()); + filename = refFile.getName(); + if(!hasExtension(filename)) { + filename += MimeTypes.getExtension(mimeType); + } + } else { + log.info("failed to derive filename from URI '" + refURI + "', derive filename from reference ID"); + filename = reference.getId() + MimeTypes.getExtension(mimeType); + } + } catch (URISyntaxException ex) { + log.error("failed to derive filename from invalid URI " + ex.getMessage()); + filename = reference.getId() + MimeTypes.getExtension(mimeType); + } + } else { + log.info("same-document URI, derive filename from reference ID"); + filename = reference.getId() + MimeTypes.getExtension(mimeType); + } + } else { + log.error("failed to derive filename, no reference created"); + } + log.debug("derived filename for reference " + reference.getId() + ": " + filename); + return filename; + } + + private static boolean hasExtension(String filename) { + int extDelimiterInd = filename.lastIndexOf('.'); + return extDelimiterInd >= 0 && extDelimiterInd >= filename.length() - 4; } private byte[] getTransformsBytes(at.gv.egiz.slbinding.impl.TransformsInfoType ti) { diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java index 7ce7b42d..ccd29e85 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java @@ -443,8 +443,11 @@ public class SignatureTest { @SuppressWarnings("unchecked") @Test + public void testDataObject_XMLContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + System.out.println("\n ****************** testDataObject_XMLContent_1 \n"); + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_1.xml"); Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); @@ -485,6 +488,8 @@ public class SignatureTest { @Test public void testDataObject_XMLContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + System.out.println("\n ****************** testDataObject_XMLContent_2 \n"); + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_XMLContent_2.xml"); Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); @@ -526,6 +531,8 @@ public class SignatureTest { @Test public void testDataObject_LocRefContent_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + System.out.println("\n ****************** testDataObject_LocRefContent_1 \n"); + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_1.xml"); Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); @@ -535,7 +542,7 @@ public class SignatureTest { } signature.buildXMLSignature(); - + signAndMarshalSignature(signature); List references = signature.getReferences(); @@ -564,6 +571,8 @@ public class SignatureTest { @Test public void testDataObject_LocRefContent_2() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + System.out.println("\n ****************** testDataObject_LocRefContent_2 \n"); + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_LocRefContent_2.xml"); Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); @@ -602,6 +611,8 @@ public class SignatureTest { @Test public void testDataObject_Reference_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + System.out.println("\n ****************** testDataObject_Reference_1 \n"); + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Reference_1.xml"); Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); @@ -640,6 +651,8 @@ public class SignatureTest { @Test public void testDataObject_Detached_1() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + System.out.println("\n ****************** testDataObject_Detached_1 \n"); + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_1.xml"); Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); @@ -671,6 +684,8 @@ public class SignatureTest { @Test public void testDataObject_Detached_Base64Content() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + System.out.println("\n ****************** testDataObject_Detached_Base64Content \n"); + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_Base64Content.xml"); Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); @@ -698,6 +713,39 @@ public class SignatureTest { } + @SuppressWarnings("unchecked") + @Test + public void testDataObject_Detached_LocRefContent() throws JAXBException, SLCommandException, XMLStreamException, SLRequestException, MarshalException, XMLSignatureException, SLViewerException { + + System.out.println("\n ****************** testDataObject_Detached_LocRefContent \n"); + + List dataObjectInfos = unmarshalDataObjectInfo("DataObjectInfo_Detached_LocRefContent.xml"); + + Signature signature = new Signature(null, new IdValueFactoryImpl(), new AlgorithmMethodFactoryImpl()); + + for (DataObjectInfoType dataObjectInfo : dataObjectInfos) { + signature.addDataObject(dataObjectInfo); + } + + signature.buildXMLSignature(); + + signAndMarshalSignature(signature); + + List references = signature.getReferences(); + assertTrue(references.size() == 2); + + Reference reference = references.get(0); + assertNotNull(reference.getId()); + + List transforms = reference.getTransforms(); + assertTrue(transforms.size() == 0); + + List objects = signature.getXMLObjects(); + assertNotNull(objects); + assertTrue(objects.size() == 1); + + } + // // // TransformsInfo diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_LocRefContent.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_LocRefContent.xml new file mode 100644 index 00000000..75f45ff0 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_Detached_LocRefContent.xml @@ -0,0 +1,13 @@ + + + + + testlocal:DataObject1.bin + + + + application/octet-stream + + + + \ No newline at end of file diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_2.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_2.xml index 852c115f..a94f51b6 100644 --- a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_2.xml +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/DataObjectInfo_LocRefContent_2.xml @@ -6,7 +6,7 @@ - application/octetstream + application/octet-stream diff --git a/utils/src/main/java/at/gv/egiz/slbinding/RedirectEventFilter.java b/utils/src/main/java/at/gv/egiz/slbinding/RedirectEventFilter.java index 14c5ba48..5fe84aae 100644 --- a/utils/src/main/java/at/gv/egiz/slbinding/RedirectEventFilter.java +++ b/utils/src/main/java/at/gv/egiz/slbinding/RedirectEventFilter.java @@ -153,9 +153,6 @@ public class RedirectEventFilter implements EventFilter { private void redirectEvent(XMLEvent event) { try { - if (log.isTraceEnabled()) { - log.trace("redirecting StAX event " + event); - } redirectWriter.add(event); } catch (XMLStreamException ex) { ex.printStackTrace(); diff --git a/utils/src/main/java/at/gv/egiz/slbinding/impl/TransformsInfoType.java b/utils/src/main/java/at/gv/egiz/slbinding/impl/TransformsInfoType.java index 1180e9fa..b1de9406 100644 --- a/utils/src/main/java/at/gv/egiz/slbinding/impl/TransformsInfoType.java +++ b/utils/src/main/java/at/gv/egiz/slbinding/impl/TransformsInfoType.java @@ -22,6 +22,7 @@ package at.gv.egiz.slbinding.impl; import at.gv.egiz.slbinding.*; import java.io.ByteArrayOutputStream; +import java.io.UnsupportedEncodingException; import java.util.HashSet; import java.util.Set; import javax.xml.bind.annotation.XmlTransient; @@ -62,6 +63,13 @@ public class TransformsInfoType extends at.buergerkarte.namespaces.securitylayer log.debug("disabling event redirection for TransformsInfoType"); filter.flushRedirectStream(); filter.setRedirectStream(null); + if (log.isDebugEnabled()) { + try { + log.debug("redirected events (UTF-8): " + redirectOS.toString("UTF-8")); + } catch (UnsupportedEncodingException ex) { + log.debug("failed to log redirected events", ex); + } + } } @Override diff --git a/utils/src/main/java/at/gv/egiz/slbinding/impl/XMLContentType.java b/utils/src/main/java/at/gv/egiz/slbinding/impl/XMLContentType.java index eb147f88..fd52e378 100644 --- a/utils/src/main/java/at/gv/egiz/slbinding/impl/XMLContentType.java +++ b/utils/src/main/java/at/gv/egiz/slbinding/impl/XMLContentType.java @@ -23,6 +23,8 @@ package at.gv.egiz.slbinding.impl; import at.gv.egiz.slbinding.RedirectCallback; import at.gv.egiz.slbinding.RedirectEventFilter; import java.io.ByteArrayOutputStream; +import java.io.UnsupportedEncodingException; + import javax.xml.bind.annotation.XmlTransient; import javax.xml.stream.XMLStreamException; import org.apache.commons.logging.Log; @@ -51,6 +53,13 @@ public class XMLContentType extends at.buergerkarte.namespaces.securitylayer._1. log.debug("disabling event redirection for XMLContentType"); filter.flushRedirectStream(); filter.setRedirectStream(null); + if (log.isDebugEnabled()) { + try { + log.debug("redirected events (UTF-8): " + redirectOS.toString("UTF-8")); + } catch (UnsupportedEncodingException ex) { + log.debug("failed to log redirected events", ex); + } + } } @Override -- cgit v1.2.3 From ebede55b888e8232cef37a2f4b40dbb0746dd28a Mon Sep 17 00:00:00 2001 From: mcentner Date: Mon, 30 Nov 2009 15:05:21 +0000 Subject: Added test classes for creating a signature with MOCCA and sending it to MOA-SP for verification. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@557 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- bkucommon/pom.xml | 6 + bkucommon/src/test/java/moaspss/MOASPClient.java | 276 +++++++++++++++++++++ bkucommon/src/test/java/moaspss/MOASPSSTest.java | 119 --------- bkucommon/src/test/java/moaspss/SLClient.java | 175 +++++++++++++ bkucommon/src/test/java/moaspss/SLException.java | 40 +++ .../java/moaspss/TestCreateAndVerifySignature.java | 163 ++++++++++++ bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl | 6 +- .../moaspss/CreateXMLSignatureRequest.xml | 16 ++ 8 files changed, 677 insertions(+), 124 deletions(-) create mode 100644 bkucommon/src/test/java/moaspss/MOASPClient.java delete mode 100644 bkucommon/src/test/java/moaspss/MOASPSSTest.java create mode 100644 bkucommon/src/test/java/moaspss/SLClient.java create mode 100644 bkucommon/src/test/java/moaspss/SLException.java create mode 100644 bkucommon/src/test/java/moaspss/TestCreateAndVerifySignature.java create mode 100644 bkucommon/src/test/resources/moaspss/CreateXMLSignatureRequest.xml (limited to 'bkucommon/src/test/resources') diff --git a/bkucommon/pom.xml b/bkucommon/pom.xml index 7a5c5167..53dfbf46 100644 --- a/bkucommon/pom.xml +++ b/bkucommon/pom.xml @@ -97,6 +97,12 @@ spring-context test + + com.sun.xml.ws + jaxws-rt + test + 2.1.5 + com.sun.xml.bind diff --git a/bkucommon/src/test/java/moaspss/MOASPClient.java b/bkucommon/src/test/java/moaspss/MOASPClient.java new file mode 100644 index 00000000..ade5b38b --- /dev/null +++ b/bkucommon/src/test/java/moaspss/MOASPClient.java @@ -0,0 +1,276 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package moaspss; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.net.URL; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.SchemaOutputResolver; +import javax.xml.bind.Unmarshaller; +import javax.xml.bind.Validator; +import javax.xml.namespace.QName; +import javax.xml.transform.Result; + +import moaspss.generated.ContentOptionalRefType; +import moaspss.generated.InputDataType; +import moaspss.generated.MOAFault; +import moaspss.generated.ObjectFactory; +import moaspss.generated.SignatureVerificationPortType; +import moaspss.generated.SignatureVerificationService; +import moaspss.generated.VerifyXMLSignatureRequestType; +import moaspss.generated.VerifyXMLSignatureResponseType; +import moaspss.generated.VerifyXMLSignatureRequestType.VerifySignatureInfo; + +import org.w3c.dom.Node; +import org.w3c.dom.bootstrap.DOMImplementationRegistry; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSOutput; +import org.w3c.dom.ls.LSSerializer; + +import com.sun.xml.bind.api.Bridge; +import com.sun.xml.bind.api.BridgeContext; +import com.sun.xml.bind.api.JAXBRIContext; +import com.sun.xml.bind.api.RawAccessor; +import com.sun.xml.bind.api.TypeReference; +import com.sun.xml.bind.marshaller.NamespacePrefixMapper; +import com.sun.xml.ws.api.model.SEIModel; +import com.sun.xml.ws.developer.JAXBContextFactory; +import com.sun.xml.ws.developer.UsesJAXBContextFeature; + +@SuppressWarnings("deprecation") +public class MOASPClient { + + private static class JAXBContextHolder { + + private static final JAXBContext context; + + static { + try { + context = JAXBRIContext.newInstance(VerifyXMLSignatureRequestType.class.getPackage().getName()); + } catch (JAXBException e) { + throw new RuntimeException("Failed to setup JAXBContext.", e); + } + } + + } + + public static JAXBContext getJAXBContext() { + return JAXBContextHolder.context; + } + + public static class ClientJAXBContextFactory implements JAXBContextFactory { + + @SuppressWarnings("unchecked") + public JAXBRIContext createJAXBContext(final SEIModel sei, + final List classesToBind, final List typeReferences) + throws JAXBException { + + System.out.println("Create Context"); + + return new JAXBRIContext() { + + JAXBRIContext context = JAXBRIContext.newInstance(classesToBind.toArray + (new Class[classesToBind.size()]), + typeReferences, null, sei.getTargetNamespace(), false, null); + + @Override + public Validator createValidator() throws JAXBException { + return context.createValidator(); + } + + @Override + public Unmarshaller createUnmarshaller() throws JAXBException { + return context.createUnmarshaller(); + } + + @Override + public Marshaller createMarshaller() throws JAXBException { + Marshaller marshaller = context.createMarshaller(); + ClientNamespacePrefixMapper pm = new ClientNamespacePrefixMapper(); + System.out.println(pm.toString()); + marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", pm); + return marshaller; + } + + @Override + public boolean hasSwaRef() { + return context.hasSwaRef(); + } + + @Override + public QName getTypeName(TypeReference arg0) { + return context.getTypeName(arg0); + } + + @Override + public List getKnownNamespaceURIs() { + return context.getKnownNamespaceURIs(); + } + + @Override + public RawAccessor getElementPropertyAccessor(Class arg0, + String arg1, String arg2) throws JAXBException { + return context.getElementPropertyAccessor(arg0, arg1, arg2); + } + + @Override + public QName getElementName(Object arg0) throws JAXBException { + return context.getElementName(arg0); + } + + @Override + public String getBuildId() { + return context.getBuildId(); + } + + @Override + public void generateSchema(SchemaOutputResolver arg0) throws IOException { + context.generateSchema(arg0); + } + + @Override + public void generateEpisode(Result arg0) { + context.generateEpisode(arg0); + } + + @Override + public BridgeContext createBridgeContext() { + return context.createBridgeContext(); + } + + @Override + public Bridge createBridge(TypeReference arg0) { + return context.createBridge(arg0); + } + }; + + } + + } + + public static class ClientNamespacePrefixMapper extends NamespacePrefixMapper { + + protected static final Map prefixMap = new HashMap(); + + static { + prefixMap.put("http://www.w3.org/2001/XMLSchema-instance", "xsi"); + prefixMap.put("http://reference.e-government.gv.at/namespace/moa/20020822#", "moa"); + prefixMap.put("http://www.w3.org/2000/09/xmldsig#", "dsig"); + prefixMap.put("http://uri.etsi.org/01903/v1.1.1#", "xades"); + } + + + @Override + public String getPreferredPrefix(String namespaceUri, String suggestion, boolean requirePrefix) { + + String prefix = prefixMap.get(namespaceUri); + + return (prefix != null) ? prefix : suggestion; + } + + /** + * Returns a list of namespace URIs that should be declared + * at the root element. + *

+ * By default, the JAXB RI produces namespace declarations only when + * they are necessary, only at where they are used. Because of this + * lack of look-ahead, sometimes the marshaller produces a lot of + * namespace declarations that look redundant to human eyes. For example, + */ + @Override + public String[] getPreDeclaredNamespaceUris() { + return new String[]{ "http://www.w3.org/2000/09/xmldsig#" }; + } + } + + + private SignatureVerificationPortType port; + + public MOASPClient() { + QName serviceName = new QName("http://reference.e-government.gv.at/namespace/moa/wsdl/20020822#", "SignatureVerificationService"); + + URL wsdlURL = MOASPClient.class.getClassLoader().getResource("MOA-SPSS-1.3.wsdl"); + + SignatureVerificationService service = new SignatureVerificationService(wsdlURL, serviceName); + + UsesJAXBContextFeature feature = new UsesJAXBContextFeature(ClientJAXBContextFactory.class); + + port = service.getSignatureVerificationPort(feature); + } + + public JAXBElement verifySignature(Node node, + String signatureLocation, String trustProfileId) throws JAXBException, + IOException, ClassCastException, ClassNotFoundException, + InstantiationException, IllegalAccessException { + + DOMImplementationLS domImpl = (DOMImplementationLS) DOMImplementationRegistry + .newInstance().getDOMImplementation("LS"); + + LSSerializer serializer = domImpl.createLSSerializer(); + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + LSOutput output = domImpl.createLSOutput(); + output.setByteStream(bos); + serializer.write(node, output); + + ObjectFactory factory = new ObjectFactory(); + + ContentOptionalRefType contentOptionalRefType = factory.createContentOptionalRefType(); + contentOptionalRefType.setBase64Content(bos.toByteArray()); + + VerifySignatureInfo verifySignatureInfo = factory.createVerifyXMLSignatureRequestTypeVerifySignatureInfo(); + verifySignatureInfo.setVerifySignatureEnvironment(contentOptionalRefType); + verifySignatureInfo.setVerifySignatureLocation(signatureLocation); + + VerifyXMLSignatureRequestType verifyXMLSignatureRequestType = factory.createVerifyXMLSignatureRequestType(); + verifyXMLSignatureRequestType.setVerifySignatureInfo(verifySignatureInfo); + verifyXMLSignatureRequestType.setTrustProfileID(trustProfileId); + verifyXMLSignatureRequestType.setReturnHashInputData(Boolean.TRUE); + + VerifyXMLSignatureResponseType resp = null; + try { + resp = port.verifyXMLSignature(verifyXMLSignatureRequestType); + } catch (MOAFault e) { + e.printStackTrace(); + } + + JAXBElement verifyXMLSignatureResponse = factory.createVerifyXMLSignatureResponse(resp); + + Marshaller marshaller = getJAXBContext().createMarshaller(); + marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + marshaller.marshal(verifyXMLSignatureResponse, System.out); + + List hashInputData = resp.getHashInputData(); + for (InputDataType inputDataType : hashInputData) { + System.out.println("------------------------------------------"); + System.out.println("HashInputData: " + inputDataType.getPartOf() + " " + inputDataType.getReferringSigReference()); + System.out.println("------------------------------------------"); + System.out.write(inputDataType.getBase64Content()); + System.out.println(); + } + + return verifyXMLSignatureResponse; + } +} diff --git a/bkucommon/src/test/java/moaspss/MOASPSSTest.java b/bkucommon/src/test/java/moaspss/MOASPSSTest.java deleted file mode 100644 index 21d42176..00000000 --- a/bkucommon/src/test/java/moaspss/MOASPSSTest.java +++ /dev/null @@ -1,119 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package moaspss; - -import static org.junit.Assert.assertNotNull; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.List; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.namespace.QName; - -import moaspss.generated.ContentOptionalRefType; -import moaspss.generated.InputDataType; -import moaspss.generated.MOAFault; -import moaspss.generated.ObjectFactory; -import moaspss.generated.SignatureVerificationPortType; -import moaspss.generated.SignatureVerificationService; -import moaspss.generated.VerifyXMLSignatureRequestType; -import moaspss.generated.VerifyXMLSignatureResponseType; -import moaspss.generated.VerifyXMLSignatureRequestType.VerifySignatureInfo; - -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; - -@Ignore -public class MOASPSSTest { - - public static final String REQ_FILE = "TODO.xml"; - private static JAXBContext ctx; - private static SignatureVerificationPortType port; - - @BeforeClass - public static void setUp() throws JAXBException, MalformedURLException { - QName serviceName = new QName("http://reference.e-government.gv.at/namespace/moa/wsdl/20020822#", "SignatureVerificationService"); - - URL wsdlURL = MOASPSSTest.class.getClassLoader().getResource("MOA-SPSS-1.3.wsdl"); - - assertNotNull(wsdlURL); - - SignatureVerificationService service = new SignatureVerificationService(wsdlURL, serviceName); - - port = service.getSignatureVerificationPort(); - assertNotNull(port); - ctx = JAXBContext.newInstance(VerifyXMLSignatureRequestType.class.getPackage().getName()); - } - - @Test - public void verifySignature() throws JAXBException, IOException { - - InputStream stream = MOASPSSTest.class.getClassLoader().getResourceAsStream("Untitled1.xml"); - assertNotNull(stream); - - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - int b; - while ((b = stream.read()) != -1) { - bos.write(b); - } - stream.close(); - - ObjectFactory factory = new ObjectFactory(); - - ContentOptionalRefType contentOptionalRefType = factory.createContentOptionalRefType(); - contentOptionalRefType.setBase64Content(bos.toByteArray()); - - VerifySignatureInfo verifySignatureInfo = factory.createVerifyXMLSignatureRequestTypeVerifySignatureInfo(); - verifySignatureInfo.setVerifySignatureEnvironment(contentOptionalRefType); - verifySignatureInfo.setVerifySignatureLocation("/child::*[1]/child::*[2]"); - - VerifyXMLSignatureRequestType verifyXMLSignatureRequestType = factory.createVerifyXMLSignatureRequestType(); - verifyXMLSignatureRequestType.setVerifySignatureInfo(verifySignatureInfo); - verifyXMLSignatureRequestType.setTrustProfileID("IdentityLink"); - verifyXMLSignatureRequestType.setReturnHashInputData(Boolean.TRUE); - - VerifyXMLSignatureResponseType resp = null; - try { - resp = port.verifyXMLSignature(verifyXMLSignatureRequestType); - } catch (MOAFault e) { - e.printStackTrace(); - } - - JAXBElement verifyXMLSignatureResponse = factory.createVerifyXMLSignatureResponse(resp); - - Marshaller marshaller = ctx.createMarshaller(); - marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); - marshaller.marshal(verifyXMLSignatureResponse, System.out); - - List hashInputData = resp.getHashInputData(); - for (InputDataType inputDataType : hashInputData) { - System.out.println("------------------------------------------"); - System.out.println("HashInputData: " + inputDataType.getPartOf() + " " + inputDataType.getReferringSigReference()); - System.out.println("------------------------------------------"); - System.out.write(inputDataType.getBase64Content()); - System.out.println(); - } - } -} diff --git a/bkucommon/src/test/java/moaspss/SLClient.java b/bkucommon/src/test/java/moaspss/SLClient.java new file mode 100644 index 00000000..c3561bfe --- /dev/null +++ b/bkucommon/src/test/java/moaspss/SLClient.java @@ -0,0 +1,175 @@ +package moaspss; + +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.Reader; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; +import java.net.MalformedURLException; +import java.net.ProtocolException; +import java.net.URL; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import at.gv.egiz.bku.utils.URLEncodingWriter; + +public class SLClient { + + private static class JAXBContextHolder { + + private static JAXBContext context; + + { + String slPkg = at.buergerkarte.namespaces.securitylayer._1.ObjectFactory.class.getPackage().getName(); + String xmldsigPkg = org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName(); + String samlPkg = oasis.names.tc.saml._1_0.assertion.ObjectFactory.class.getPackage().getName(); + String prPkg = at.buergerkarte.namespaces.personenbindung._20020506_.ObjectFactory.class.getPackage().getName(); + try { + context = JAXBContext.newInstance(slPkg + ":" + xmldsigPkg + ":" + samlPkg + ":" + prPkg); + } catch (JAXBException e) { + throw new RuntimeException("Failed to setup JAXBContext.", e); + } + } + + } + + public static JAXBContext getJAXBContext() { + return JAXBContextHolder.context; + } + + private URL slUrl; + + private URL slUrlSSL; + + private boolean useSSL = false; + + public SLClient() { + try { + slUrl = new URL("http://localhost:3495/http-security-layer-request"); + slUrlSSL = new URL("https://localhost:3496/https-security-layer-request"); + } catch (MalformedURLException e) { + throw new RuntimeException(e); + } + } + + public Object submitRequest(Element request, Class responseType) + throws SLException, TransformerException, IOException { + + URL url = (useSSL) ? slUrlSSL : slUrl; + + HttpURLConnection connection; + int responseCode; + try { + connection = (HttpURLConnection) url.openConnection(); + connection.setRequestMethod("POST"); + connection.setDoOutput(true); + connection.setDoInput(true); + connection.connect(); + + OutputStream outputStream = connection.getOutputStream(); + OutputStreamWriter streamWriter = new OutputStreamWriter(outputStream, "ISO-8859-1"); + streamWriter.write("XMLRequest="); + URLEncodingWriter urlEnc = new URLEncodingWriter(streamWriter); + + TransformerFactory tf = TransformerFactory.newInstance(); + Transformer transformer = tf.newTransformer(); + Source source = new DOMSource(request); + Result result = new StreamResult(urlEnc); + transformer.transform(source, result); + urlEnc.flush(); + streamWriter.flush(); + outputStream.close(); + responseCode = connection.getResponseCode(); + + } catch (ProtocolException e) { + throw new RuntimeException(e); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + + if (responseCode == 200) { + String[] contentType = connection.getContentType().split(";", 2); + + if ("text/xml".equals(contentType[0])) { + + Reader streamReader; + try { + InputStream inputStream = connection.getInputStream(); + + String charset = "ISO-8859-1"; + if (contentType.length > 1 + && (contentType[1].trim()).startsWith("charset=")) { + charset = contentType[1].split("=", 2)[1]; + } + + streamReader = new InputStreamReader(inputStream, charset); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + + if (JAXBElement.class.isAssignableFrom(responseType)) { + Object obj; + try { + Unmarshaller unmarshaller = getJAXBContext().createUnmarshaller(); + obj = unmarshaller.unmarshal(streamReader); + } catch (JAXBException e) { + throw new SLException(9000, e); + } + if (obj instanceof JAXBElement) { + return obj; + } else { + throw new SLException(9000, "Got unexpected response."); + } + } else if (Element.class.isAssignableFrom(responseType)) { + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + Document doc; + try { + DocumentBuilder db = dbf.newDocumentBuilder(); + doc = db.parse(new InputSource(streamReader)); + } catch (ParserConfigurationException e) { + throw new SLException(9000, e); + } catch (SAXException e) { + throw new SLException(9000, e); + } catch (IOException e) { + throw new SLException(9000, e); + } + return doc.getDocumentElement(); + } else { + throw new SLException(9000, "Unsupported response type " + + responseType); + } + + } else { + throw new SLException(9000, "Got unexpected content type " + + contentType + "."); + } + } else { + throw new SLException(9000, "Got unexpected response code " + + responseCode + "."); + } + + } + +} diff --git a/bkucommon/src/test/java/moaspss/SLException.java b/bkucommon/src/test/java/moaspss/SLException.java new file mode 100644 index 00000000..4b43d6e7 --- /dev/null +++ b/bkucommon/src/test/java/moaspss/SLException.java @@ -0,0 +1,40 @@ +package moaspss; + +public class SLException extends Exception { + + private static final long serialVersionUID = 1L; + + private int code; + + private String info; + + public SLException() { + super(); + } + + public SLException(int code, String info) { + super(code + ": " + info); + this.code = code; + this.info = info; + } + + public SLException(Throwable cause, int code, String info) { + super(code + ": " + info, cause); + this.code = code; + this.info = info; + } + + public SLException(int code, Throwable cause) { + super(code + ": " + cause.getMessage(), cause); + this.code = code; + } + + public int getCode() { + return code; + } + + public String getInfo() { + return info; + } + +} diff --git a/bkucommon/src/test/java/moaspss/TestCreateAndVerifySignature.java b/bkucommon/src/test/java/moaspss/TestCreateAndVerifySignature.java new file mode 100644 index 00000000..8d995530 --- /dev/null +++ b/bkucommon/src/test/java/moaspss/TestCreateAndVerifySignature.java @@ -0,0 +1,163 @@ +package moaspss; + +import static junit.framework.Assert.fail; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Iterator; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import moaspss.generated.KeyInfoType; +import moaspss.generated.VerifyXMLSignatureResponseType; +import moaspss.generated.X509DataType; + +import org.junit.Ignore; +import org.junit.Test; +import org.w3c.dom.Document; +import org.w3c.dom.DocumentFragment; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + +import at.buergerkarte.namespaces.securitylayer._1.ErrorResponseType; + +@Ignore +public class TestCreateAndVerifySignature { + + protected Element parseCreateXMLSignatureRequest(InputStream is) + throws ParserConfigurationException, SAXException, IOException { + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + Document doc; + DocumentBuilder db = dbf.newDocumentBuilder(); + doc = db.parse(is); + + Element docElem = doc.getDocumentElement(); + if ("http://www.buergerkarte.at/namespaces/securitylayer/1.2#".equals(docElem.getNamespaceURI()) + && "CreateXMLSignatureRequest".equals(docElem.getLocalName())) { + return docElem; + } else { + return null; + } + + } + + protected DocumentFragment getXMLSignatureFromResponse(String xpath, Object response) throws SLException, JAXBException { + + if (response instanceof Element) { + + Element respElem = (Element) response; + if ("http://www.buergerkarte.at/namespaces/securitylayer/1.2#".equals(respElem.getNamespaceURI()) + && "CreateXMLSignatureResponse".equals(respElem.getLocalName())) { + + NodeList childNodes = respElem.getChildNodes(); + + Document doc = respElem.getOwnerDocument(); + DocumentFragment fragment = doc.createDocumentFragment(); + + for (int i = 0; i < childNodes.getLength(); i++) { + fragment.appendChild(childNodes.item(i)); + } + + return fragment; + + } else { + Unmarshaller unmarshaller = SLClient.getJAXBContext().createUnmarshaller(); + Object obj = unmarshaller.unmarshal(respElem); + + if (obj instanceof JAXBElement) { + JAXBElement element = (JAXBElement) obj; + if (element.getValue() instanceof ErrorResponseType) { + ErrorResponseType error = (ErrorResponseType) element.getValue(); + throw new SLException(error.getErrorCode(), error.getInfo()); + } + } + } + } + + return null; + + } + + public X509Certificate getCertFromKeyInfo(KeyInfoType keyInfo) throws CertificateException { + + Iterator keyInfos = keyInfo.getContent().iterator(); + while (keyInfos.hasNext()) { + Object ki = keyInfos.next(); + if (ki instanceof JAXBElement + && X509DataType.class.isAssignableFrom(((JAXBElement) ki) + .getDeclaredType())) { + X509DataType x509data = (X509DataType) ((JAXBElement) ki).getValue(); + Iterator contents = x509data + .getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); + while (contents.hasNext()) { + Object content = (Object) contents.next(); + if (byte[].class.isAssignableFrom(((JAXBElement) content) + .getDeclaredType())) { + CertificateFactory certFactory = CertificateFactory.getInstance("X509"); + byte[] b = (byte[]) ((JAXBElement) content).getValue(); + return (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(b)); + } + } + + } + } + + return null; + + } + + @Test + public void testCreateAndVerifyXMLSignature() + throws ParserConfigurationException, SAXException, IOException, + TransformerException, JAXBException, ClassCastException, + ClassNotFoundException, InstantiationException, IllegalAccessException, CertificateException { + + ClassLoader cl = TestCreateAndVerifySignature.class.getClassLoader(); + InputStream is = cl.getResourceAsStream("moaspss/CreateXMLSignatureRequest.xml"); + Element cxsReq = parseCreateXMLSignatureRequest(is); + + Node cxsResp; + try { + SLClient slClient = new SLClient(); + Object response = slClient.submitRequest(cxsReq, Element.class); + cxsResp = getXMLSignatureFromResponse(".", response); + } catch (SLException e) { + fail(e.getMessage()); + return; + } + + MOASPClient spClient = new MOASPClient(); + JAXBElement verifySignature = spClient.verifySignature(cxsResp, ".", "qualifiedSignature"); + VerifyXMLSignatureResponseType vxsResp = verifySignature.getValue(); + int signatureCheck = vxsResp.getSignatureCheck().getCode().intValue(); + if (signatureCheck != 0) { + fail("SignatureCheck = " + signatureCheck); + } + int certificateCheck = vxsResp.getCertificateCheck().getCode().intValue(); + if (certificateCheck != 0) { + + X509Certificate certificate = getCertFromKeyInfo(vxsResp.getSignerInfo()); + if (certificate != null) { + System.out.println(certificate); + } + + fail("CertificateCheck = " + certificateCheck); + } + + } + +} diff --git a/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl b/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl index 29f3e25d..8ec61420 100644 --- a/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl +++ b/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl @@ -51,11 +51,7 @@ - - + diff --git a/bkucommon/src/test/resources/moaspss/CreateXMLSignatureRequest.xml b/bkucommon/src/test/resources/moaspss/CreateXMLSignatureRequest.xml new file mode 100644 index 00000000..586b1494 --- /dev/null +++ b/bkucommon/src/test/resources/moaspss/CreateXMLSignatureRequest.xml @@ -0,0 +1,16 @@ + + +SecureSignatureKeypair + + + I'm a simple text. + + + + text/plain + + + + + \ No newline at end of file -- cgit v1.2.3 From 4a334069beb85654e3cb35aef7e4508e04127036 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 26 Jan 2010 16:22:56 +0000 Subject: MOCCA 1.2.11 with SHA-2 enabled. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/branches/mocca-1.2.11-sha2/mocca-1.2.11@599 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUFonts/.classpath | 2 +- BKUFonts/.project | 4 +- BKULocal/src/main/resources/log4j.properties | 2 + BKUOnline/src/main/webapp/PINManagement.jsp | 3 +- .../src/main/webapp/WEB-INF/applicationContext.xml | 83 +++++++++++-------- .../gv/egiz/bku/binding/DataUrlConnectionImpl.java | 7 +- .../gv/egiz/bku/slcommands/SLCommandFactory.java | 54 ++++++------ .../impl/AbstractInfoboxCommandImpl.java | 21 ++++- .../egiz/bku/slcommands/impl/InfoboxFactory.java | 95 ++++------------------ .../java/moaspss/TestCreateAndVerifySignature.java | 4 +- bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl | 2 +- 11 files changed, 128 insertions(+), 149 deletions(-) (limited to 'bkucommon/src/test/resources') diff --git a/BKUFonts/.classpath b/BKUFonts/.classpath index d2236dff..54382402 100644 --- a/BKUFonts/.classpath +++ b/BKUFonts/.classpath @@ -2,7 +2,7 @@ - + diff --git a/BKUFonts/.project b/BKUFonts/.project index 484ff825..62c74cfb 100644 --- a/BKUFonts/.project +++ b/BKUFonts/.project @@ -16,12 +16,12 @@ - org.maven.ide.eclipse.maven2Builder + org.eclipse.wst.validation.validationbuilder - org.eclipse.wst.validation.validationbuilder + org.maven.ide.eclipse.maven2Builder diff --git a/BKULocal/src/main/resources/log4j.properties b/BKULocal/src/main/resources/log4j.properties index 86ddc7b4..a56f2683 100644 --- a/BKULocal/src/main/resources/log4j.properties +++ b/BKULocal/src/main/resources/log4j.properties @@ -17,6 +17,8 @@ # loglever DEBUG, appender STDOUT log4j.rootLogger=DEBUG, STDOUT +log4j.logger.at.gv.egiz.smcc=TRACE + # STDOUT appender log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout diff --git a/BKUOnline/src/main/webapp/PINManagement.jsp b/BKUOnline/src/main/webapp/PINManagement.jsp index 3555f99e..e48b8405 100644 --- a/BKUOnline/src/main/webapp/PINManagement.jsp +++ b/BKUOnline/src/main/webapp/PINManagement.jsp @@ -75,7 +75,8 @@ HelpURL : '../help/', SessionID : '<%=request.getSession().getId()%>', RedirectURL : '../', - RedirectTarget: '_parent' + RedirectTarget: '_parent', + EnforceRecommendedPINLength: 'true' }; var version = '1.6.0_04'; deployJava.runApplet(attributes, parameters, version); diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index 0324030e..fb3cae63 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -30,47 +30,64 @@ - - - - - - - - + + + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + + + + + + + diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index 93e5bb1c..82c1be53 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -274,7 +274,12 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { InputStreamReader reader = new InputStreamReader(formParameter.getData(), (formParameter.getCharSet() != null) ? formParameter.getCharSet() - : "UTF-8"); // assume request was application/x-www-form-urlencoded, formParam therefore UTF-8 + : "UTF-8"); + // Note, using UTF-8 as fallback for decoding is safe. + // If the request was x-www-form-urlencoded, + // UTF-8 has been used for encoding of non-ASCII characters. + // If the request was multipart/form-data and contains any transfer parameters, + // the data URL request is going to be multipart/form-data encoded (see below). while ((len = reader.read(cbuf)) != -1) { urlEnc.write(cbuf, 0, len); } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java index 8e3f6ece..6e84867e 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java @@ -87,6 +87,11 @@ public class SLCommandFactory { */ private Map> slRequestTypeMap = new HashMap>(); + /** + * The mapping of a requests's qualified name to a concrete command factories. + */ + private Map slCommandFactories = new HashMap(); + /** * Configures the singleton instance with command implementations * @param commandImplMap @@ -101,7 +106,19 @@ public class SLCommandFactory { slRequestTypeMap.put(key, impl); } } - + + public void setConcreteFactories(Map factories) { + if (log.isDebugEnabled()) { + StringBuilder sb = new StringBuilder(); + sb.append("Registered sl command factory for"); + for (QName qname : factories.keySet()) { + sb.append("\n " + qname + " : " + factories.get(qname).getClass()); + } + log.debug(sb); + } + slCommandFactories = factories; + } + /** * Register an {@link SLCommand} implementation class of a Security Layer * command with the given namespaceUri and localname @@ -363,37 +380,16 @@ public class SLCommandFactory { log.info("Unsupported security layer request version : " + qName.getNamespaceURI()); throw new SLVersionException(qName.getNamespaceURI()); } - - Class implClass = getImplClass(qName); - if (implClass == null) { - // command not supported - log.info("Unsupported command received: " + qName.toString()); - throw new SLCommandException(4011, - SLExceptionMessages.EC4011_NOTIMPLEMENTED, new Object[]{qName.toString()}); - } - - - // try to instantiate - SLCommand slCommand; - try { - slCommand = implClass.newInstance(); - log.debug("SLCommand " + slCommand.getName() + " created."); - } catch (InstantiationException e) { - // unexpected error - log.error("Failed to instantiate security layer command implementation.", - e); - throw new SLRuntimeException(e); - } catch (IllegalAccessException e) { - // unexpected error - log.error("Failed to instantiate security layer command implementation.", - e); - throw new SLRuntimeException(e); + AbstractSLCommandFactory concreteFactory = slCommandFactories.get(qName); + if (concreteFactory == null) { + // command not supported + log.info("Unsupported command received: " + qName.toString()); + throw new SLCommandException(4011, + SLExceptionMessages.EC4011_NOTIMPLEMENTED, new Object[]{qName.toString()}); } - slCommand.init(context, (JAXBElement) object); - - return slCommand; + return concreteFactory.createSLCommand(context, (JAXBElement) object); } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java index 8a7edb71..b8e4030d 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java @@ -32,6 +32,25 @@ public abstract class AbstractInfoboxCommandImpl extends SLCommandImpl { * The infobox implementation. */ protected Infobox infobox; + + /** + * The infobox factory. + */ + protected InfoboxFactory infoboxFactory; + + /** + * @return the infoboxFactory + */ + public InfoboxFactory getInfoboxFactory() { + return infoboxFactory; + } + + /** + * @param infoboxFactory the infoboxFactory to set + */ + public void setInfoboxFactory(InfoboxFactory infoboxFactory) { + this.infoboxFactory = infoboxFactory; + } @Override public void init(SLCommandContext ctx, Object request) @@ -40,7 +59,7 @@ public abstract class AbstractInfoboxCommandImpl extends SLCommandImpl { String infoboxIdentifier = getInfoboxIdentifier(getRequestValue()); - infobox = InfoboxFactory.getInstance().createInfobox(infoboxIdentifier); + infobox = infoboxFactory.createInfobox(infoboxIdentifier); } /** diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java index e9736f6d..fdf94297 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxFactory.java @@ -17,7 +17,6 @@ package at.gv.egiz.bku.slcommands.impl; import java.util.HashMap; -import java.util.Map; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -39,68 +38,24 @@ public class InfoboxFactory { private static Log log = LogFactory.getLog(InfoboxFactory.class); /** - * The singleton instance of this InfoboxFactory. + * The mapping of Infobox name to concrete Infobox factory. */ - private static InfoboxFactory instance; - - /** - * @return an instance of this InfoboxFactory - */ - public synchronized static InfoboxFactory getInstance() { - if (instance == null) { - instance = new InfoboxFactory(); - } - return instance; - } - - /** - * The mapping of infobox identifier to implementation class. - */ - private HashMap> implementations; - - /** - * Private constructor. - */ - private InfoboxFactory() { - } - - /** - * Sets the mapping of infobox identifier to implementation class name. - * - * @param infoboxImplMap - * a mapping of infobox identifiers to implementation class names - * - * @throws ClassNotFoundException - * if implementation class is not an instance of {@link Infobox} - */ - @SuppressWarnings("unchecked") - public void setInfoboxImpl(Map infoboxImplMap) throws ClassNotFoundException { - HashMap> implMap = new HashMap>(); - ClassLoader cl = getClass().getClassLoader(); - for (String key : infoboxImplMap.keySet()) { - Class impl = (Class) cl.loadClass(infoboxImplMap.get(key)); - log.debug("Registering infobox '" + key + "' implementation '" + impl.getCanonicalName() + "'."); - implMap.put(key, impl); - } - implementations = implMap; - } - + private HashMap infoboxFactories = new HashMap(); + /** - * Returns the configured implementation class for the given - * infoboxIdentifier. - * - * @param infoboxIdentifier - * the infobox identifier - * - * @return the implementation class for the given infobox identifier or - * null if there is no implementation class configured + * @param infoboxFactories the infoboxFactories to set */ - public Class getImplClass(String infoboxIdentifier) { - if (implementations != null) { - return implementations.get(infoboxIdentifier); - } else { - return null; + public void setInfoboxFactories( + HashMap factories) { + if (log.isDebugEnabled()) { + StringBuilder sb = new StringBuilder(); + sb.append("Registered infobox factories for"); + for (String name : factories.keySet()) { + sb.append("\n " + name + " : " + factories.get(name).getClass()); + } + log.debug(sb); } + this.infoboxFactories = factories; } /** @@ -119,31 +74,15 @@ public class InfoboxFactory { */ public Infobox createInfobox(String infoboxIdentifier) throws SLCommandException, SLRuntimeException { - Class implClass = getImplClass(infoboxIdentifier); - if (implClass == null) { - // infobox not supported + AbstractInfoboxFactory factory = infoboxFactories.get(infoboxIdentifier); + if (factory == null) { log.info("Unsupported infobox '" + infoboxIdentifier + "."); throw new SLCommandException(4002, SLExceptionMessages.EC4002_INFOBOX_UNKNOWN, new Object[] { infoboxIdentifier }); } - // try to instantiate - Infobox infobox; - try { - infobox = implClass.newInstance(); - log.debug("Infobox '" + infobox.getIdentifier() + "' created."); - } catch (InstantiationException e) { - // unexpected error - log.error("Failed to instantiate infobox implementation.", e); - throw new SLRuntimeException(e); - } catch (IllegalAccessException e) { - // unexpected error - log.error("Failed to instantiate infobox implementation.", e); - throw new SLRuntimeException(e); - } - - return infobox; + return factory.createInfobox(); } diff --git a/bkucommon/src/test/java/moaspss/TestCreateAndVerifySignature.java b/bkucommon/src/test/java/moaspss/TestCreateAndVerifySignature.java index 8d995530..a9397d31 100644 --- a/bkucommon/src/test/java/moaspss/TestCreateAndVerifySignature.java +++ b/bkucommon/src/test/java/moaspss/TestCreateAndVerifySignature.java @@ -33,7 +33,7 @@ import org.xml.sax.SAXException; import at.buergerkarte.namespaces.securitylayer._1.ErrorResponseType; -@Ignore +//@Ignore public class TestCreateAndVerifySignature { protected Element parseCreateXMLSignatureRequest(InputStream is) @@ -141,7 +141,7 @@ public class TestCreateAndVerifySignature { } MOASPClient spClient = new MOASPClient(); - JAXBElement verifySignature = spClient.verifySignature(cxsResp, ".", "qualifiedSignature"); + JAXBElement verifySignature = spClient.verifySignature(cxsResp, ".", "qualifiedSignature+Test"); VerifyXMLSignatureResponseType vxsResp = verifySignature.getValue(); int signatureCheck = vxsResp.getSignatureCheck().getCode().intValue(); if (signatureCheck != 0) { diff --git a/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl b/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl index 8ec61420..25accfce 100644 --- a/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl +++ b/bkucommon/src/test/resources/MOA-SPSS-1.3.wsdl @@ -51,7 +51,7 @@ - + -- cgit v1.2.3