com.infoengine.object.factory
Class Request

java.lang.Object
  com.infoengine.object.factory.Request

All Implemented Interfaces:

Serializable

public class Request

extends Object

implements Serializable

Wrapper for com.infoengine.object.IeRequest object. This class also supports signing and validation. This is useful to allow Info*Engines which are resident on seperate machines to share information and verify that a request comes from a 'trusted' source. Implementation uses java.security.MessageDigest and a 'secret' string in conjunction with the requested uri to create a unique fingerprint to be sent along with/retreived from a request for validation. Cooperating Info*Engines must be configured with exactly the same 'secret' string and MessageDigest algorithm. The string and algorithm are configured by setting of properties in the ie.properties file. 'secret.text' holds the secret string used in computing the fingerprint. Optionally 'secret.algorithm' sets the algorithm to be used in computing the fingerprint. Valid algorithms include: SHA or SHA-1 - defined in NIST's FIPS 180-1. output: 160-bit digest. MD2 - defined in RFC 1319. output: 128-bit (16 byte) digest. MD5 - defined in RFC 1321. output: 128-bit (16 byte) digest. (specified in Java Cryptography Architecture API Specification & Reference, Appendix A and Appendix B) if 'secret.algorithm' is not specified SHA-1 is used. if 'secret.text' is not specified requests are not validated, alternately if 'secret.text' has a value then the receiving Info*Engine requires that any sender MUST sign the request.

See Also:

Serialized Form

Field Summary

private static int	counter
private Task	myTask
private static String	OUTPUT
private static String	RESOURCE
private String	secret
private static String	SECRET_ALG_PROP
private boolean	SECRET_DEBUG
private static String	SECRET_META
private static String	SECRET_TEXT_PROP
private String	signatureAlgorithm
private static String	SOURCE
private static String	SUPER_SECRET_META
private static String	SUPER_SECRET_TEXT_PROP
private String	superSecret

Constructor Summary

Request(IeRequest req)
Constructs a Request wrapper around an IeRequest object.

Request(String name)
Constructs an empty named Request.

Method Summary

void	addContext(String type, String name, String value) Add a name/value pair to a named context area of this request.
void	addOutput(byte[] data) Adds a byte array to the output of this request.
void	addOutput(String data) Adds a string to the output of this request.
void	clearOutput() Removes all output text from this request.
void	clearSource() Removes all input text from this request.
private String	generateHash() generate the 'fingerprint' string based on value of 'secret.text' if 'secret.text' does not exist null is returned
private String	generateSuperHash() generate the 'fingerprint' string based on value of 'secret.text2' if 'secret.text2' does not exist null is returned.
private IeGroup	getContext(String name)
Group	getContextGroup(String name) Get a named context group.
String	getName() Returns the name of this request.
Enumeration	getOutput() Returns a list of strings output by this request.
String	getPassword() Returns the password of this request.
IeRequest	getRequest() Returns the standard request used to pass this request to a service.
String	getSecret() get the value of secret
String	getSignatureAlgorithm() get the algorithm
String	getSource() Returns the source string for this request.
String	getSuperSecret() get the value of superSecret
Task	getTask() Returns the task that this request encapsulates.
String	getType() Returns the type of this request.
String	getUserName() Returns the user name of this request.
private String	hash(String local_secret)
private static int	nextSeqNo()
void	printTree()
void	setContext(Group grp) Sets a context group.
void	setName(String name) Sets the name of this request.
void	setPassword(String pwd) Sets the password of this request.
void	setSecret(String secret) set the value of secret
void	setSignatureAlgorithm(String signatureAlgorithm) set the algorithm
void	setSource(File temp) Adds a file to the input source of this request.
void	setSource(String data) Adds a string to the input source of this request.
void	setSuperSecret(String secret) set the value of superSecret
void	setType(String type) Sets this request's type.
void	setUserName(String name) Sets the user name of this request.
void	sign() sign request if Info*Engine is configured to do so.
void	sign(String property_prefix) sign request if Info*Engine is configured to do so.
boolean	validate()
void	validateSignature() validate request if Info*Engine is configured to do so.
void	validateSignature(String property_prefix) validate request if Info*Engine is configured to do so.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

counter

private static int counter

SOURCE

private static final String SOURCE

See Also:

Constant Field Values

OUTPUT

private static final String OUTPUT

See Also:

Constant Field Values

SECRET_META

private static final String SECRET_META

See Also:

Constant Field Values

SUPER_SECRET_META

private static final String SUPER_SECRET_META

See Also:

Constant Field Values

SECRET_TEXT_PROP

private static final String SECRET_TEXT_PROP

See Also:

Constant Field Values

SUPER_SECRET_TEXT_PROP

private static final String SUPER_SECRET_TEXT_PROP

See Also:

Constant Field Values

SECRET_ALG_PROP

private static final String SECRET_ALG_PROP

See Also:

Constant Field Values

RESOURCE

private static final String RESOURCE

See Also:

Constant Field Values

myTask

private Task myTask

secret

private String secret

superSecret

private String superSecret

signatureAlgorithm

private String signatureAlgorithm

SECRET_DEBUG

private boolean SECRET_DEBUG

Constructor Detail

Request

public Request(String name)

Constructs an empty named Request.

Request

public Request(IeRequest req)

Constructs a Request wrapper around an IeRequest object.

Parameters:

req - the IeRequest object to be wrapped

Method Detail

getRequest

public IeRequest getRequest()

Returns the standard request used to pass this request to a service.

Returns:

This request's internal structure.

getTask

public Task getTask()

Returns the task that this request encapsulates.

Returns:

This request's task.

getName

public String getName()

Returns the name of this request.

Returns:

The request's current name.

setName

public void setName(String name)

Sets the name of this request.

Parameters:

name - The new name of the request.

getType

public String getType()

Returns the type of this request.

Returns:

The request's current type.

setType

public void setType(String type)

Sets this request's type.

Parameters:

type - The request's new type.

setPassword

public void setPassword(String pwd)

Sets the password of this request.

Parameters:

pwd - The request's new password.

getPassword

public String getPassword()

Returns the password of this request.

Returns:

The request's current password.

setUserName

public void setUserName(String name)

Sets the user name of this request.

Parameters:

name - The request's new user name.

getUserName

public String getUserName()

Returns the user name of this request.

Returns:

The request's current user name.

clearSource

public void clearSource()

Removes all input text from this request.

setSource

public void setSource(String data)

Adds a string to the input source of this request.

Parameters:

data - Template source to be processed by this request.

setSource

public void setSource(File temp)

Adds a file to the input source of this request.

Parameters:

temp - Template file to be processed by this request.

getSource

public String getSource()

Returns the source string for this request.

Returns:

The template source to be used in the processing of this request.

clearOutput

public void clearOutput()

Removes all output text from this request.

addOutput

public void addOutput(String data)

Adds a string to the output of this request.

Parameters:

data - A stream of text output by this request.

addOutput

public void addOutput(byte[] data)

Adds a byte array to the output of this request.

Parameters:

data - A byte [] output by this request.

getOutput

public Enumeration getOutput()

Returns a list of strings output by this request.

Returns:

A list of text generated during the processing of this request.

addContext

public void addContext(String type,
                       String name,
                       String value)

Add a name/value pair to a named context area of this request.

Parameters:

type - The named context area (FORMDATA, SERVERDATA, etc.)

name - The context variable name.

value - The context variable value.

setContext

public void setContext(Group grp)

Sets a context group.

Parameters:

grp - The context group (FORM, SERVER, etc.)

getContextGroup

public Group getContextGroup(String name)

Get a named context group.

Parameters:

name - The context group name (FORM, SERVER, etc.)

Returns:

The named context group

nextSeqNo

private static int nextSeqNo()

getContext

private IeGroup getContext(String name)

validate

public boolean validate()

printTree

public void printTree()

setSecret

public void setSecret(String secret)

set the value of secret

getSecret

public String getSecret()

get the value of secret

setSuperSecret

public void setSuperSecret(String secret)

set the value of superSecret

getSuperSecret

public String getSuperSecret()

get the value of superSecret

setSignatureAlgorithm

public void setSignatureAlgorithm(String signatureAlgorithm)

set the algorithm

getSignatureAlgorithm

public String getSignatureAlgorithm()

get the algorithm

generateSuperHash

private String generateSuperHash()
                          throws IEException

generate the 'fingerprint' string based on value of 'secret.text2' if 'secret.text2' does not exist null is returned. The super hash takes into account canonicalized context and vdb collections and any webject parameters.

Throws:

IEException - if the supplied algorithm is not valid.

IEException

generateHash

private String generateHash()
                     throws IEException

generate the 'fingerprint' string based on value of 'secret.text' if 'secret.text' does not exist null is returned

Throws:

IEException - if the supplied algorithm is not valid.

IEException

hash

private String hash(String local_secret)
             throws IEException

Throws:

IEException

sign

public void sign()
          throws IEException

sign request if Info*Engine is configured to do so.

Throws:

IEException - exceptions thrown by #generateHash are not caught

IEException

sign

public void sign(String property_prefix)
          throws IEException

sign request if Info*Engine is configured to do so. look for secret text and algorithm under a specific property

Throws:

IEException - exceptions thrown by #sign are not caught

IEException

validateSignature

public void validateSignature()
                       throws IEException

validate request if Info*Engine is configured to do so.

Throws:

IEException - exceptions thrown by #generateHash are not caught. Thrown if Info*Engine is configured to validate requests and sender has not signed the request. Thrown if Info*Engine is configured to validate requests, sender has signed the request but the fingerprint does not match the fingerprint computed locally for the given request.

IEException

validateSignature

public void validateSignature(String property_prefix)
                       throws IEException

validate request if Info*Engine is configured to do so. look for secret text and algorithm under a specific property

Throws:

IEException - exceptions thrown by #validateSignature are not caught

IEException