View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.ksb.security;
17  
18  import java.io.BufferedOutputStream;
19  import java.io.ByteArrayOutputStream;
20  import java.io.IOException;
21  import java.io.OutputStream;
22  import java.security.GeneralSecurityException;
23  
24  import javax.servlet.ServletOutputStream;
25  
26  /**
27   * An OutputStream which decorates another OutputStream with a wrapper that digitally
28   * signs the data when the OutputStream is closed.  Since this class does not know where
29   * the resulting digital signature will reside, a DigitalSigner will be invoked to
30   * execute the actual signing of the message (i.e. put it in a header).
31   * 
32   * @author Kuali Rice Team (rice.collab@kuali.org)
33   */
34  public class SignatureSigningOutputStream extends ServletOutputStream {
35  
36  	private boolean delayWrite;
37  	private DigitalSigner signer;
38  	private BufferedOutputStream bufferedDataHoldingStream;
39  	private ByteArrayOutputStream dataHoldingStream;
40  	private OutputStream wrappedOutputStream;
41  	
42  	/**
43  	 * Constructs a SignatureSigningOutputStream with the given DigitalSigner and underlying OutputStream.
44  	 * If true, the delayWrite boolean indicates that the stream should store all data internally until the
45  	 * stream is closed, at which point it should forward all data to the wrapped OutputStream.  If delayWrite
46  	 * is false, then the data will be forwarded immediately.
47  	 */
48  	public SignatureSigningOutputStream(DigitalSigner signer, OutputStream wrappedOutputStream, boolean delayWrite) {
49  		super();
50  		this.delayWrite = delayWrite;
51  		if (delayWrite) {
52  		    this.dataHoldingStream = new ByteArrayOutputStream();
53  		    this.bufferedDataHoldingStream = new BufferedOutputStream(this.dataHoldingStream);
54  		}
55  		this.wrappedOutputStream = wrappedOutputStream;
56  		this.signer = signer;
57  	}
58  
59  	public void write(int data) throws IOException {
60  		if (this.delayWrite) {
61  		    this.bufferedDataHoldingStream.write(data);
62  		} else {
63  		    this.wrappedOutputStream.write(data);
64  		}
65  		try {
66  		    this.signer.getSignature().update((byte)data);	
67  		} catch (GeneralSecurityException e) {
68  			IOException exception = new IOException("Error updating signature.");
69  			exception.initCause(e);
70  			throw exception;
71  		}
72  	}
73  	
74  	@Override
75  	public void close() throws IOException {
76  		// before we close, sign the message
77  		try {
78  		    this.signer.sign();
79  			if (this.delayWrite) {
80  			    this.bufferedDataHoldingStream.close();
81  				byte[] data = this.dataHoldingStream.toByteArray();
82  				for (int index = 0; index < data.length; index++) {
83  				    this.wrappedOutputStream.write(data[index]);
84  				}
85  			}
86  			this.wrappedOutputStream.close();
87  		} catch (Exception e) {
88  			IOException exception = new IOException("Error attaching digital signature to outbound response.");
89  			exception.initCause(e);
90  			throw exception;
91  		} finally {
92  			super.close();
93  		}
94  	}
95  
96  }