Project

General

Profile

Revision 6445

verify that the sysmeta checksum value matches the computed checksum value when calling create()
https://redmine.dataone.org/issues/1795

View differences:

src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
68 68
import org.dataone.service.types.v1.Subject;
69 69
import org.dataone.service.types.v1.SubjectList;
70 70
import org.dataone.service.types.v1.SystemMetadata;
71
import org.dataone.service.types.v1.util.ChecksumUtil;
71 72

  
72 73
import edu.ucsb.nceas.metacat.AccessionNumberException;
73 74
import edu.ucsb.nceas.metacat.DocumentImpl;
......
188 189
      
189 190
    }
190 191
    
192
    // verify checksum, only if we can reset the inputstream
193
    if (object.markSupported()) {
194
	    String checksumAlgorithm = sysmeta.getChecksum().getAlgorithm();
195
	    String checksumValue = sysmeta.getChecksum().getValue();
196
	    try {
197
			String computedChecksumValue = ChecksumUtil.checksum(object, checksumAlgorithm).getValue();
198
			// it's very important that we don't consume the stream
199
			object.reset();
200
			if (!computedChecksumValue.equals(checksumValue)) {
201
				throw new InvalidSystemMetadata("4896", "Checksum given does not match that of the object");
202
			}
203
		} catch (Exception e) {
204
			String msg = "Error verifying checksum values";
205
	      	logMetacat.error(msg, e);
206
	        throw new ServiceFailure("1190", msg + ": " + e.getMessage());
207
		}
208
    } else {
209
    	logMetacat.warn("mark is not supported on the object's input stream - cannot verify checksum without consuming stream");
210
    }
211
    	
191 212
    // we have the go ahead
192 213
    if ( allowed ) {
193 214
      

Also available in: Unified diff