Ecoinformatics Redmine: Activityhttps://projects.ecoinformatics.org/ecoinfo/https://projects.ecoinformatics.org/ecoinfo/ecoinfo/favicon.ico?14691340362018-01-18T00:10:54ZEcoinformatics Redmine
Redmine Metacat - Bug #7234: Validate SystemMetadata.checksumAlgorithm in the DataONE API callshttps://projects.ecoinformatics.org/ecoinfo/issues/7234#change-232222018-01-18T00:10:54ZJing Taotao@nceas.ucsb.edu
<p>According the list here <a class="external" href="http://id.loc.gov/vocabulary/preservation/cryptographicHashFunctions.html">http://id.loc.gov/vocabulary/preservation/cryptographicHashFunctions.html</a><br />some names from the list are:<br />MD5<br />SHA-1<br />SHA-256<br />SHA-384<br />SHA-512</p>
<p>It doesn't show SHA-224. I am not sure if it is in the list.</p> Metacat - Bug #7234: Validate SystemMetadata.checksumAlgorithm in the DataONE API callshttps://projects.ecoinformatics.org/ecoinfo/issues/7234#change-232212017-12-20T17:31:11ZMatt Jonesjones@nceas.ucsb.edu
<p>The definition of the [ChecksumAlgorithm](<a class="external" href="https://releases.dataone.org/online/api-documentation-v2.0.1/apis/Types.html#Types.ChecksumAlgorithm">https://releases.dataone.org/online/api-documentation-v2.0.1/apis/Types.html#Types.ChecksumAlgorithm</a>) type says that algorithm names must be drawn from the Library of Congress controlled vocabulary:</p>
<pre>
The cryptographic hash algorithm used to calculate a checksum. DataONE recognizes the Library of Congress list of cryptographic hash algorithms that can be used as names in this field, and specifically uses the madsrdf:authoritativeLabel field as the name of the algorithm in this field. See: Library of Congress Cryptographic Algorithm Vocabulary. All compliant implementations must support at least SHA-1 and MD5, but may support other algorithms as well.
</pre>
<p>We should be checking against that list, and not the Java names, which may not be language neutral.</p> Metacat - Bug #7234 (New): Validate SystemMetadata.checksumAlgorithm in the DataONE API callshttps://projects.ecoinformatics.org/ecoinfo/issues/72342017-12-20T07:00:31ZChris Jonescjones@nceas.ucsb.edu
<p>Bryce pointed out that we have many incorrect <code>checksumAlgorithm</code> strings various MNs. See <a class="external" href="https://github.nceas.ucsb.edu/KNB/arctic-data/issues/283">https://github.nceas.ucsb.edu/KNB/arctic-data/issues/283</a>. The upshot is that <code>SHA-*</code> is the broadly supported syntax.</p>
<p>I checked the strings with:<br /><pre>
package org.dataone.tests;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
public class MessageDigestDTest {
public static void main(String[] args) {
MessageDigest md = null;
List<String> algorithms = new ArrayList<String>();
algorithms.add("MD5");
algorithms.add("MD-5");
algorithms.add("SHA1");
algorithms.add("SHA-1");
algorithms.add("SHA224");
algorithms.add("SHA-224");
algorithms.add("SHA256");
algorithms.add("SHA-256");
algorithms.add("SHA384");
algorithms.add("SHA-384");
algorithms.add("SHA512");
algorithms.add("SHA-512");
for (String algorithm : algorithms) {
try {
md = MessageDigest.getInstance(algorithm);
System.out.println(md.getAlgorithm() + " is recognized.");
} catch (NoSuchAlgorithmException e) {
System.out.println(e.getMessage());
}
}
}
}
</pre></p>
<p>and got:<br /><pre>
MD5 is recognized.
MD-5 MessageDigest not available
SHA1 is recognized.
SHA-1 is recognized.
SHA224 MessageDigest not available
SHA-224 is recognized.
SHA256 MessageDigest not available
SHA-256 is recognized.
SHA384 MessageDigest not available
SHA-384 is recognized.
SHA512 MessageDigest not available
SHA-512 is recognized.
</pre></p>
<p>Change <code>MNodeService</code>, <code>CNodeService</code>, and <code>D1NodeService</code> methods that send or receive <code>SystemMetadata</code> documents and validate the given string with <code>MessageDigest.getInstance(algorithm)</code>. If we get a <code>NoSuchAlgorithm</code> exception, throw an <code>InvalidSystemMetadata</code> exception for the call.</p> Metacat - Revision 10490 (metacat): Add the release note of 2.8.6https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104902017-12-18T19:21:18ZJing Taotao@nceas.ucsb.eduMetacat - Revision 10488 (metacat): Exclude an IT test from the test target.https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104882017-12-15T21:25:18ZJing Taotao@nceas.ucsb.eduMetacat - Bug #7219 (In Progress): reCAPTCHA v1 will be turned off on March 31, 2018https://projects.ecoinformatics.org/ecoinfo/issues/7219#change-232202017-12-14T23:16:53ZJing Taotao@nceas.ucsb.eduMetacat - Task #7233 (Resolved): D1ResourceHandler.serializeException should not log all exceptio...https://projects.ecoinformatics.org/ecoinfo/issues/7233#change-232192017-12-14T23:15:54ZJing Taotao@nceas.ucsb.eduMetacat - Task #7233 (Resolved): D1ResourceHandler.serializeException should not log all exceptio...https://projects.ecoinformatics.org/ecoinfo/issues/72332017-12-14T23:15:43ZJing Taotao@nceas.ucsb.edu
<p>Details see <a class="external" href="https://redmine.dataone.org/issues/8111">https://redmine.dataone.org/issues/8111</a></p> Metacat - Revision 10486 (metacat): Comment out some fine debug level for dataone package.https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104862017-12-14T23:12:50ZJing Taotao@nceas.ucsb.eduMetacat - Revision 10484 (metacat): When it serialize the NotFound exception, it will use info de...https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104842017-12-14T18:54:17ZJing Taotao@nceas.ucsb.eduMetacat - Revision 10482 (metacat): Don't print out the stack trace for a not found exception.https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104822017-12-14T18:45:23ZJing Taotao@nceas.ucsb.eduMetacat - Revision 10480 (metacat): Downgrade the debug level from error to warn for a not found ...https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104802017-12-14T18:42:42ZJing Taotao@nceas.ucsb.eduMetacat - Revision 10478 (metacat): Use the recaptcha v2 version.https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104782017-12-13T23:43:18ZJing Taotao@nceas.ucsb.eduMetacat - Revision 10477 (metacat): Use the recaptcha v2 code.https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104772017-12-13T23:41:54ZJing Taotao@nceas.ucsb.eduMetacat - Revision 10474 (metacat): Change the version of metacatui to 1.14.14.https://projects.ecoinformatics.org/ecoinfo/projects/metacat-5/repository/metacat/revisions/104742017-12-08T23:12:20ZJing Taotao@nceas.ucsb.edu