001// Copyright (C) 2002 IAIK 002// https://sic.tech/ 003// 004// Copyright (C) 2003 - 2025 Stiftung Secure Information and 005// Communication Technologies SIC 006// https://sic.tech/ 007// 008// All rights reserved. 009// 010// This source is provided for inspection purposes and recompilation only, 011// unless specified differently in a contract with IAIK. This source has to 012// be kept in strict confidence and must not be disclosed to any third party 013// under any circumstances. Redistribution in source and binary forms, with 014// or without modification, are <not> permitted in any case! 015// 016// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 017// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 018// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 019// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 020// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 021// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 022// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 023// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 024// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 025// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 026// SUCH DAMAGE. 027// 028// $Header: /IAIK-CMS/current/src/demo/smime/ess/MySecurityLabelHandler.java 6 12.02.25 17:59 Dbratko $ 029// $Revision: 6 $ 030// 031 032package demo.smime.ess; 033 034import iaik.asn1.ObjectID; 035import iaik.cms.SignerInfo; 036import iaik.smime.ess.ESSSecurityLabel; 037import iaik.smime.ess.SecurityLabelException; 038import iaik.smime.ess.utils.SecurityLabelHandler; 039 040import java.awt.Color; 041import java.awt.GridBagConstraints; 042import java.awt.GridBagLayout; 043import java.awt.Insets; 044 045import javax.swing.JLabel; 046import javax.swing.JOptionPane; 047import javax.swing.JPanel; 048import javax.swing.JScrollPane; 049import javax.swing.JTextArea; 050 051/** 052 * Simple demo SecurityLabelHandler. 053 * <p> 054 * This demo SecurityLabelHandler implements a simple security policy based on the 055 * default security classifications "unmarked", "unclassified", "restricted", 056 * "confidential", "secret", "top-secret". Since the SignedData message created 057 * by this {@link demo.smime.ess.SecurityLabelDemo demo} only contains an ESS 058 * {@link iaik.smime.ess.ESSSecurityLabel SecurityLabel} attribute with 059 * classification "confidential", only this classification is processed by 060 * the {@link #processESSSecurityLabel processESSSecurityLabel} method of this 061 * demo handler. "unmarked" and "unclassified" are handled as "not critical" 062 * content (i.e. the content can be accessed by any one), "secret", "top-secret" 063 * lock the content (i.e. it is not displayed), and "restricted" and 064 * "confidential" popup a confirmation dialog reminding the recipient about 065 * the confidentiality of the message content. 066 * 067 * @see demo.smime.ess.SecurityLabelDemo 068 * @see iaik.smime.ess.ESSSecurityLabel 069 */ 070public class MySecurityLabelHandler implements SecurityLabelHandler { 071 072 // our SecurityLabelHandler only checks for presence of one specific SecurityLabel policy 073 public final static ObjectID MY_SECURITY_POLICY_ID = new ObjectID("1.3.6.1.4.1.2706.2.2.4.4.1", "My Security Policy"); 074 075 /** 076 * Processes the given SecurityLabel attribute. 077 * 078 * @param securityLabel the SecurityLabel attribute to be handled 079 * @param signerInfos the SignerInfos of the SignedData message containing 080 * the SecurityLabel attribute 081 * 082 * @throws SecurityLabelException if the message content has to be locked because 083 * of the implemented security strategy 084 */ 085 public void processESSSecurityLabel(ESSSecurityLabel securityLabel, 086 SignerInfo[] signerInfos) 087 throws SecurityLabelException { 088 089 if (securityLabel != null) { 090 if (securityLabel.getSecurityPolicyIdentifier().equals(MY_SECURITY_POLICY_ID)) { 091 System.out.println("Processing SecurityLabel attribute ("+MY_SECURITY_POLICY_ID.getID()+")"); 092 // we only check the (default) security classification 093 int classification = securityLabel.getSecurityClassification(); 094 System.out.println("Security Classification is " + classification + 095 " (" + securityLabel.getSecurityClassificationName() + ")"); 096 String essPrivacyMark = securityLabel.getPrivacyMarkString(); 097 if (essPrivacyMark != null) { 098 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); 099 System.out.println(essPrivacyMark); 100 System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); 101 } 102 switch (classification) { 103 case ESSSecurityLabel.UNMARKED : 104 case ESSSecurityLabel.UNCLASSIFIED : 105 // do nothing, allow anyone to access the content 106 break; 107 case ESSSecurityLabel.RESTRICTED : 108 case ESSSecurityLabel.CONFIDENTIAL : 109 // display a dialog reminding that the contents is confidential 110 111 StringBuffer message = new StringBuffer(256); 112 String msg1 = essPrivacyMark; 113 114 message.append("Please be aware that this message contains high confidential data.\n"); 115 message.append("If you are not absolutly sure to be able to keep the confidentiality\n"); 116 message.append("of the message you should NOT press the OK button and NOT view\n"); 117 message.append("the content of the message!\n"); 118 String question = "Continue to view the message content?"; 119 120 int selected = JOptionPane.showConfirmDialog( 121 null , 122 getConfirmationPanel(msg1, message.toString(), question, 34), 123 "IAIK-CMS Demo: Confidiantality Confirmation", 124 JOptionPane.OK_CANCEL_OPTION, 125 JOptionPane.WARNING_MESSAGE); 126 127 if( selected != JOptionPane.OK_OPTION ) { 128 throw new SecurityLabelException("Content access denied "+ 129 "(recipient cannot guarantee to keep the confidentiality of the message)!"); 130 } 131 break; 132 case ESSSecurityLabel.SECRET : 133 case ESSSecurityLabel.TOP_SECRET : 134 // here we may implement some interaction with the user to only allow 135 // access to the content based on some user authentication (for 136 // instance by using attribute certificates) 137 // in this demo we only deny to access the content 138 throw new SecurityLabelException("Content access denied (user authentication required)!"); 139 default : 140 // unknown classification: do not allow to access the content; 141 throw new SecurityLabelException("Content access denied (unknown security classification)!"); 142 } 143 } 144 } 145 146 } 147 148 149 150 151 /** 152 * Returns a JPanel consisting of one messages label, a text area and one 153 * confirmation query. 154 * <p> 155 * 156 * @param msg the message 157 * @param text the text to display 158 * @param question the confirmation question 159 * @param cols the number of columns for the text area 160 * 161 * @return the JPanel consisting of message labels and text area 162 */ 163 static JPanel getConfirmationPanel(String msg, String text, String question, int cols) { 164 165 int gridy = 0; 166 GridBagLayout gb = new GridBagLayout(); 167 GridBagConstraints gbc = new GridBagConstraints(); 168 gbc.anchor = GridBagConstraints.WEST; 169 JLabel msgLabel1 = new JLabel(msg, JLabel.CENTER); 170 gb.setConstraints(msgLabel1,gbc); 171 gbc.gridy = ++gridy; 172 gbc.insets = new Insets(10,0,0,0); 173 JTextArea textField = new JTextArea(); 174 textField.setEditable(false); 175 textField.setBackground(Color.lightGray); 176 textField.setRows(5); 177 textField.setColumns(cols); 178 textField.append(text); 179 JScrollPane textPane = new JScrollPane(); 180 textPane.getViewport().add(textField); 181 gb.setConstraints(textPane,gbc); 182 gbc.gridy = ++gridy; 183 184 JLabel questionLabel = new JLabel(question, JLabel.CENTER); 185 gb.setConstraints(questionLabel,gbc); 186 JPanel confirmPanel = new JPanel(gb); 187 confirmPanel.add(msgLabel1); 188 confirmPanel.add(textPane); 189 confirmPanel.add(questionLabel); 190 return confirmPanel; 191 } 192 193}