We have run a standard Jackrabbit WebDAV server and uploaded some files in it.
When we upload a new file with the same name we need to check if the file on the server is up to date and shouldn't be replaced. The initial idea was to use ETags but we it turned out to be too weak and is not suitable for the application.
So now the idea is to check the checksum (hash) of the incoming and existing files. As files can be pretty big and downloading everytime can be a time-consuming operation, it's better to have an option to easily obtain checksum for already uploaded files.
So my question: are there any options to get a checksum for files uploaded to the server? Maybe there are some other options or features that will help in such file handling?
There used to be Content-MD5 for that (in the HTTP spec, not Jackrabbit).
The HTTP Working Group currently works on new digest types (see https://httpwg.org/http-extensions/draft-ietf-httpbis-digest-headers.html), but this is still work-in-progress and is not implemented in Jackrabbit.
That said, getting a hash definitively could be implemented as a WebDAV property, or using a WebDAV extension report.
You can use md5 or shaxxx hashes for this purpose. I found a prebuilt MD5 Javascript library on github. I'd be shocked if there wasn't one for Java
Related
I need to generate an AWS Signature v4 signature for uploading to s3, like this: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html.
I tried a lot of examples, but have the error
<Error>
<Code>InvalidAccessKeyId</Code>
<Message>The AWS Access Key Id you provided does not exist in our records.</Message>
<AWSAccessKeyId>ASIA2AKMADUN</AWSAccessKeyId>
<RequestId>E68a1B73B15</RequestId>
<HostId>fIG19S=</HostId>
</Error>
I tried to build signature, using minio-java, like this https://github.com/minio/minio-java/blob/master/examples/PresignedPostPolicy.java
Also, I tried this code snippet https://gist.github.com/phstudy/3523576726d74a0410f8
P.S. My real target is uploading files from clients with limit of file size, like there, or there there. I can create presignS3UploadLink, but there is not way to set max size.
So, solution https://github.com/minio/minio-java/blob/master/examples/PresignedPostPolicy.java did not work, because of absent x-amz-security-token parameter.
We need to use session-token (which we get from amazon) for creating a POST-Policy and for form publishing - https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html
Sample code for minio:
conditions.add(new String[]{"eq", "$x-amz-security-token", sessionToken});
formData.put("x-amz-security-token", sessionToken);
P.S. x-amz-security-token is needed because of using of temporary security credentials - https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
I would like to create a notes mail from some html source (with possibly inline image and attachments) using java through DIIOP. I tried to use mime item to do that, but sign and encrypt would need internet certs. So rich text seems to be the only choice, but I could not find any java API to import html into richtext. In notes client GUI, one can import from text/html. And also I noticed that MIME mail exported from inbox are "Itemized by DIIOP Server". Is there any way I can programmatically import html into lotus notes message so that sign and encrypt can be used with Lotus Notes internal certs.
Thanks and Regards,
Shing
You should be able to encrypt using Java via DIIOP, but you can't sign that way.
You need a private key in order to sign a message or document. The low-level Notes APIs expect the private key to be located in the current ID file for the session. When you are using DIIOP. Your Java code is running locally and it does not have access to your user ID file. The low-level Notes APIs don't run on the same machine that the Java is running on. There usually isn't even a Notes or Domino installation on the code where the Java code is running, so the code for the low-level APIs isn't even available to the JVM.
In a DIIOP configuraiton, the low-level Notes API code is running on the Domino server. The only ID file it has access to is the server ID file, and it will not allow you to sign using the server's private key.
Eventually find a solution, abeit rather hacky. create a document using MIME, then save to database, then close the session. The open a new session, and get the saved document, it is converted to richtext by the Domino Server, but there are some traces of MIME, export to DXL using DXLExporter. In the exported DXL, remove the items "MIME_Version" and "$MIMETrack". Inline image of type other than jpg and gif (png and gif) are not handled properly, have to play around the XML DOM a bit to fix it, then import the fixed DXL using DXLImporter, and there you have a converted Richtext document, rather like what you get from importing HTML file in Note Client GUI. Better than none.
At the moment we have developed a system that can digitally sign documents using a java applet. However with the ban of applets under chrome we are looking for an alternative solution for digital signing.
At the moment the signing works the following way:
A HTTP GET is sent to a servlet to get the document that is going to
be signed;
The applet gets started, the digital signature driver gets extracted from the file system and the user enters the PIN;
The applet gets the certification chain, checks CRLs/OSCP and signs the document;
The applet sends a multipart post with the already signed file to a servlet in the system.
One alternative solution would be to import the certificate in the browser and use js to do the signing. But that won't be an user friendly solution.
Another solution could be to ask the user to download a run a program using JNLP that downloads and signs the document and automatically uploads it using HTTP multipart POST. The drawback of this approach would be it requires additional user interactions (the download action) and we lose browser http session, so we have to authenticate again.
Which is more viable? Can you think of alternative?
All post below suggests RSA based signing.
You may sign it in pure Javascript+ Web Crypto api.
Key points is extracting key with HTML5 <file> tag, use forge js library to deal with keys and hashes and canonize xml with deoxxa and use web crypto for sign/verify (in addition, forge also may sign/verify but web crypto is faster).
If you are signing xmls with exclusive canonicalization, use deoxxa (you should browserify it before using). If you sign xml and need to do inclusive canonicalization use my fork of deoxxa (hosted on own gitlab server). I was too lazy to rename exclusive to inclusive but my .js file performs inclusive, believe me) Example of usage forge+deoxxa+html5_p12_file_read in signJs, verifyJs files.
Also, forge supports signing binary files (CMS or in older naming style PKCS#7) but my JSP files doesn't have such example. About OCSP and chain test in JS - I opened the issue in forge, but it seems too difficult to handle CRL/OCSP and TSP protocols in JS, that's why you may sign in JS, but verify may be splitted - hash checking doing in JS(forge usage and additional code showed in my JSP) but smart checks like CRL, chain e.t.c do in your web service - you may extract X509Certificate and send it to your web service and use bouncycastle or any other cool library to do smart checks. X509Certificate is anyway public info, no problem in sending it to service, but digest checking requires files and you may not want to send files to service and thus use forge for checking digest which is showed in my verifyJS file.
My JS code is not refactored and even not in OOP and currently I'm not working on that project but on some stage I had fully working xml RSA siging with p12 keys in file system.
Latest JSP in my repo uses forge just for parsing p12 files and providing keys from them to Web Crypto API but my repo history also has pure Javascript sign/verify (if you don't like web crypto api). see history of the project branches.
Whilst this isn't directly a programming question, the answer will highly influence the solution adopted.
I am looking at developing a Java client to transfer data (files) into Informatica Powercentre Web Services Hub (WSH). Best practice suggests to use MTOM for large files being sent via SOAP requests.
I'm assuming support for consuming MTOM attachments is vendor specific, one can't assume it works out of the box ?
If anyone can confirm whether Power Center 9.x supports this, it'd be muchly appreciated. I've spent a lot of time on the Informatica Communities and reading documents but it is rather opaque to say the least.
RTFM
It appears that MTOM is not supported. From PowerCenter WebServices Provider Guide v 9.0.1 page 80 "WSDL Attachments".
The attachment must be a text file such as an XML document. You cannot attach binary documents... To use a binary file as a source, convert the file into hexbinary or base64binary before you pass it to the web service source. A hexbinary or base64binary files is treated as a text file.
There is any way (from browser) to read local file without open dialog?
Can be used: javascript, flash, or java.
Goal: when you paste text in WYSIWYG with images from MS Word, there will be links to image files. Like "file:///C:/Users/username/AppData/Local/Temp/msohtmlclip1/01/clip_image001.jpg". I want to read this files, upload to server and replace local path.
Accessing the disk contents from the browser without the user permission is a security risk. As such, to do that with Java you need your applet signed and the user allowing it to run.
A Java applet can do this, but it would need to be signed with an SSL certificate from a trusted authority, otherwise the applet would not be run with a security exception thrown.
You'd use any standard Java approach to loading and uploading the file (Apache Commons FileUtils and HttpClient?); if you're new to Java then there may be simpler solutions.