001 // Copyright (C) 2002 IAIK
002 // https://jce.iaik.tugraz.at
003 //
004 // Copyright (C) 2003 - 2025 Stiftung Secure Information and
005 // Communication Technologies SIC
006 // https://sic.tech
007 //
008 // All rights reserved.
009 //
010 // Redistribution and use in source and binary forms, with or without
011 // modification, are permitted provided that the following conditions
012 // are met:
013 // 1. Redistributions of source code must retain the above copyright
014 // notice, this list of conditions and the following disclaimer.
015 // 2. Redistributions in binary form must reproduce the above copyright
016 // notice, this list of conditions and the following disclaimer in the
017 // documentation and/or other materials provided with the distribution.
018 //
019 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
020 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
021 // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
022 // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
023 // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
024 // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
025 // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
026 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
027 // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
028 // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
029 // SUCH DAMAGE.
030
031 // Copyright (C) 2002 IAIK
032 // https://sic.tech/
033 //
034 // Copyright (C) 2003 - 2025 Stiftung Secure Information and
035 // Communication Technologies SIC
036 // https://sic.tech/
037 //
038 // All rights reserved.
039 //
040 // This source is provided for inspection purposes and recompilation only,
041 // unless specified differently in a contract with IAIK. This source has to
042 // be kept in strict confidence and must not be disclosed to any third party
043 // under any circumstances. Redistribution in source and binary forms, with
044 // or without modification, are <not> permitted in any case!
045 //
046 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
047 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
048 // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
049 // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
050 // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
051 // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
052 // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
053 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
054 // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
055 // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
056 // SUCH DAMAGE.
057 //
058 // $Header: /IAIK-CMS/current/src/demo/smime/ess/MySecurityLabelHandler.java 6 12.02.25 17:59 Dbratko $
059 // $Revision: 6 $
060 //
061
062 package demo.smime.ess;
063
064 import iaik.asn1.ObjectID;
065 import iaik.cms.SignerInfo;
066 import iaik.smime.ess.ESSSecurityLabel;
067 import iaik.smime.ess.SecurityLabelException;
068 import iaik.smime.ess.utils.SecurityLabelHandler;
069
070 import java.awt.Color;
071 import java.awt.GridBagConstraints;
072 import java.awt.GridBagLayout;
073 import java.awt.Insets;
074
075 import javax.swing.JLabel;
076 import javax.swing.JOptionPane;
077 import javax.swing.JPanel;
078 import javax.swing.JScrollPane;
079 import javax.swing.JTextArea;
080
081 /**
082 * Simple demo SecurityLabelHandler.
083 * <p>
084 * This demo SecurityLabelHandler implements a simple security policy based on the
085 * default security classifications "unmarked", "unclassified", "restricted",
086 * "confidential", "secret", "top-secret". Since the SignedData message created
087 * by this {@link demo.smime.ess.SecurityLabelDemo demo} only contains an ESS
088 * {@link iaik.smime.ess.ESSSecurityLabel SecurityLabel} attribute with
089 * classification "confidential", only this classification is processed by
090 * the {@link #processESSSecurityLabel processESSSecurityLabel} method of this
091 * demo handler. "unmarked" and "unclassified" are handled as "not critical"
092 * content (i.e. the content can be accessed by any one), "secret", "top-secret"
093 * lock the content (i.e. it is not displayed), and "restricted" and
094 * "confidential" popup a confirmation dialog reminding the recipient about
095 * the confidentiality of the message content.
096 *
097 * @see demo.smime.ess.SecurityLabelDemo
098 * @see iaik.smime.ess.ESSSecurityLabel
099 */
100 public class MySecurityLabelHandler implements SecurityLabelHandler {
101
102 // our SecurityLabelHandler only checks for presence of one specific SecurityLabel policy
103 public final static ObjectID MY_SECURITY_POLICY_ID = new ObjectID("1.3.6.1.4.1.2706.2.2.4.4.1", "My Security Policy");
104
105 /**
106 * Processes the given SecurityLabel attribute.
107 *
108 * @param securityLabel the SecurityLabel attribute to be handled
109 * @param signerInfos the SignerInfos of the SignedData message containing
110 * the SecurityLabel attribute
111 *
112 * @throws SecurityLabelException if the message content has to be locked because
113 * of the implemented security strategy
114 */
115 public void processESSSecurityLabel(ESSSecurityLabel securityLabel,
116 SignerInfo[] signerInfos)
117 throws SecurityLabelException {
118
119 if (securityLabel != null) {
120 if (securityLabel.getSecurityPolicyIdentifier().equals(MY_SECURITY_POLICY_ID)) {
121 System.out.println("Processing SecurityLabel attribute ("+MY_SECURITY_POLICY_ID.getID()+")");
122 // we only check the (default) security classification
123 int classification = securityLabel.getSecurityClassification();
124 System.out.println("Security Classification is " + classification +
125 " (" + securityLabel.getSecurityClassificationName() + ")");
126 String essPrivacyMark = securityLabel.getPrivacyMarkString();
127 if (essPrivacyMark != null) {
128 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
129 System.out.println(essPrivacyMark);
130 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
131 }
132 switch (classification) {
133 case ESSSecurityLabel.UNMARKED :
134 case ESSSecurityLabel.UNCLASSIFIED :
135 // do nothing, allow anyone to access the content
136 break;
137 case ESSSecurityLabel.RESTRICTED :
138 case ESSSecurityLabel.CONFIDENTIAL :
139 // display a dialog reminding that the contents is confidential
140
141 StringBuffer message = new StringBuffer(256);
142 String msg1 = essPrivacyMark;
143
144 message.append("Please be aware that this message contains high confidential data.\n");
145 message.append("If you are not absolutly sure to be able to keep the confidentiality\n");
146 message.append("of the message you should NOT press the OK button and NOT view\n");
147 message.append("the content of the message!\n");
148 String question = "Continue to view the message content?";
149
150 int selected = JOptionPane.showConfirmDialog(
151 null ,
152 getConfirmationPanel(msg1, message.toString(), question, 34),
153 "IAIK-CMS Demo: Confidiantality Confirmation",
154 JOptionPane.OK_CANCEL_OPTION,
155 JOptionPane.WARNING_MESSAGE);
156
157 if( selected != JOptionPane.OK_OPTION ) {
158 throw new SecurityLabelException("Content access denied "+
159 "(recipient cannot guarantee to keep the confidentiality of the message)!");
160 }
161 break;
162 case ESSSecurityLabel.SECRET :
163 case ESSSecurityLabel.TOP_SECRET :
164 // here we may implement some interaction with the user to only allow
165 // access to the content based on some user authentication (for
166 // instance by using attribute certificates)
167 // in this demo we only deny to access the content
168 throw new SecurityLabelException("Content access denied (user authentication required)!");
169 default :
170 // unknown classification: do not allow to access the content;
171 throw new SecurityLabelException("Content access denied (unknown security classification)!");
172 }
173 }
174 }
175
176 }
177
178
179
180
181 /**
182 * Returns a JPanel consisting of one messages label, a text area and one
183 * confirmation query.
184 * <p>
185 *
186 * @param msg the message
187 * @param text the text to display
188 * @param question the confirmation question
189 * @param cols the number of columns for the text area
190 *
191 * @return the JPanel consisting of message labels and text area
192 */
193 static JPanel getConfirmationPanel(String msg, String text, String question, int cols) {
194
195 int gridy = 0;
196 GridBagLayout gb = new GridBagLayout();
197 GridBagConstraints gbc = new GridBagConstraints();
198 gbc.anchor = GridBagConstraints.WEST;
199 JLabel msgLabel1 = new JLabel(msg, JLabel.CENTER);
200 gb.setConstraints(msgLabel1,gbc);
201 gbc.gridy = ++gridy;
202 gbc.insets = new Insets(10,0,0,0);
203 JTextArea textField = new JTextArea();
204 textField.setEditable(false);
205 textField.setBackground(Color.lightGray);
206 textField.setRows(5);
207 textField.setColumns(cols);
208 textField.append(text);
209 JScrollPane textPane = new JScrollPane();
210 textPane.getViewport().add(textField);
211 gb.setConstraints(textPane,gbc);
212 gbc.gridy = ++gridy;
213
214 JLabel questionLabel = new JLabel(question, JLabel.CENTER);
215 gb.setConstraints(questionLabel,gbc);
216 JPanel confirmPanel = new JPanel(gb);
217 confirmPanel.add(msgLabel1);
218 confirmPanel.add(textPane);
219 confirmPanel.add(questionLabel);
220 return confirmPanel;
221 }
222
223 }