Example 1 with MarshalException
use of javax.xml.crypto.MarshalException in project poi by apache.
the class XAdESXLSignatureFacet method postSign.
@Override
public void postSign(Document document) throws MarshalException {
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
QualifyingPropertiesDocument qualDoc = null;
QualifyingPropertiesType qualProps = null;
// check for XAdES-BES
NodeList qualNl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties");
if (qualNl.getLength() == 1) {
try {
qualDoc = QualifyingPropertiesDocument.Factory.parse(qualNl.item(0), DEFAULT_XML_OPTIONS);
} catch (XmlException e) {
throw new MarshalException(e);
}
qualProps = qualDoc.getQualifyingProperties();
} else {
throw new MarshalException("no XAdES-BES extension present");
}
// create basic XML container structure
UnsignedPropertiesType unsignedProps = qualProps.getUnsignedProperties();
if (unsignedProps == null) {
unsignedProps = qualProps.addNewUnsignedProperties();
}
UnsignedSignaturePropertiesType unsignedSigProps = unsignedProps.getUnsignedSignatureProperties();
if (unsignedSigProps == null) {
unsignedSigProps = unsignedProps.addNewUnsignedSignatureProperties();
}
// create the XAdES-T time-stamp
NodeList nlSigVal = document.getElementsByTagNameNS(XML_DIGSIG_NS, "SignatureValue");
if (nlSigVal.getLength() != 1) {
throw new IllegalArgumentException("SignatureValue is not set.");
}
RevocationData tsaRevocationDataXadesT = new RevocationData();
LOG.log(POILogger.DEBUG, "creating XAdES-T time-stamp");
XAdESTimeStampType signatureTimeStamp = createXAdESTimeStamp(Collections.singletonList(nlSigVal.item(0)), tsaRevocationDataXadesT);
// marshal the XAdES-T extension
unsignedSigProps.addNewSignatureTimeStamp().set(signatureTimeStamp);
// xadesv141::TimeStampValidationData
if (tsaRevocationDataXadesT.hasRevocationDataEntries()) {
ValidationDataType validationData = createValidationData(tsaRevocationDataXadesT);
insertXChild(unsignedSigProps, validationData);
}
if (signatureConfig.getRevocationDataService() == null) {
/*
* Without revocation data service we cannot construct the XAdES-C
* extension.
*/
return;
}
// XAdES-C: complete certificate refs
CompleteCertificateRefsType completeCertificateRefs = unsignedSigProps.addNewCompleteCertificateRefs();
CertIDListType certIdList = completeCertificateRefs.addNewCertRefs();
/*
* We skip the signing certificate itself according to section
* 4.4.3.2 of the XAdES 1.4.1 specification.
*/
List<X509Certificate> certChain = signatureConfig.getSigningCertificateChain();
int chainSize = certChain.size();
if (chainSize > 1) {
for (X509Certificate cert : certChain.subList(1, chainSize)) {
CertIDType certId = certIdList.addNewCert();
XAdESSignatureFacet.setCertID(certId, signatureConfig, false, cert);
}
}
// XAdES-C: complete revocation refs
CompleteRevocationRefsType completeRevocationRefs = unsignedSigProps.addNewCompleteRevocationRefs();
RevocationData revocationData = signatureConfig.getRevocationDataService().getRevocationData(certChain);
if (revocationData.hasCRLs()) {
CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs();
completeRevocationRefs.setCRLRefs(crlRefs);
for (byte[] encodedCrl : revocationData.getCRLs()) {
CRLRefType crlRef = crlRefs.addNewCRLRef();
X509CRL crl;
try {
crl = (X509CRL) this.certificateFactory.generateCRL(new ByteArrayInputStream(encodedCrl));
} catch (CRLException e) {
throw new RuntimeException("CRL parse error: " + e.getMessage(), e);
}
CRLIdentifierType crlIdentifier = crlRef.addNewCRLIdentifier();
String issuerName = crl.getIssuerDN().getName().replace(",", ", ");
crlIdentifier.setIssuer(issuerName);
Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
cal.setTime(crl.getThisUpdate());
crlIdentifier.setIssueTime(cal);
crlIdentifier.setNumber(getCrlNumber(crl));
DigestAlgAndValueType digestAlgAndValue = crlRef.addNewDigestAlgAndValue();
XAdESSignatureFacet.setDigestAlgAndValue(digestAlgAndValue, encodedCrl, signatureConfig.getDigestAlgo());
}
}
if (revocationData.hasOCSPs()) {
OCSPRefsType ocspRefs = completeRevocationRefs.addNewOCSPRefs();
for (byte[] ocsp : revocationData.getOCSPs()) {
try {
OCSPRefType ocspRef = ocspRefs.addNewOCSPRef();
DigestAlgAndValueType digestAlgAndValue = ocspRef.addNewDigestAlgAndValue();
XAdESSignatureFacet.setDigestAlgAndValue(digestAlgAndValue, ocsp, signatureConfig.getDigestAlgo());
OCSPIdentifierType ocspIdentifier = ocspRef.addNewOCSPIdentifier();
OCSPResp ocspResp = new OCSPResp(ocsp);
BasicOCSPResp basicOcspResp = (BasicOCSPResp) ocspResp.getResponseObject();
Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
cal.setTime(basicOcspResp.getProducedAt());
ocspIdentifier.setProducedAt(cal);
ResponderIDType responderId = ocspIdentifier.addNewResponderID();
RespID respId = basicOcspResp.getResponderId();
ResponderID ocspResponderId = respId.toASN1Primitive();
DERTaggedObject derTaggedObject = (DERTaggedObject) ocspResponderId.toASN1Primitive();
if (2 == derTaggedObject.getTagNo()) {
ASN1OctetString keyHashOctetString = (ASN1OctetString) derTaggedObject.getObject();
byte[] key = keyHashOctetString.getOctets();
responderId.setByKey(key);
} else {
X500Name name = X500Name.getInstance(derTaggedObject.getObject());
String nameStr = name.toString();
responderId.setByName(nameStr);
}
} catch (Exception e) {
throw new RuntimeException("OCSP decoding error: " + e.getMessage(), e);
}
}
}
// marshal XAdES-C
// XAdES-X Type 1 timestamp
List<Node> timeStampNodesXadesX1 = new ArrayList<Node>();
timeStampNodesXadesX1.add(nlSigVal.item(0));
timeStampNodesXadesX1.add(signatureTimeStamp.getDomNode());
timeStampNodesXadesX1.add(completeCertificateRefs.getDomNode());
timeStampNodesXadesX1.add(completeRevocationRefs.getDomNode());
RevocationData tsaRevocationDataXadesX1 = new RevocationData();
LOG.log(POILogger.DEBUG, "creating XAdES-X time-stamp");
XAdESTimeStampType timeStampXadesX1 = createXAdESTimeStamp(timeStampNodesXadesX1, tsaRevocationDataXadesX1);
if (tsaRevocationDataXadesX1.hasRevocationDataEntries()) {
ValidationDataType timeStampXadesX1ValidationData = createValidationData(tsaRevocationDataXadesX1);
insertXChild(unsignedSigProps, timeStampXadesX1ValidationData);
}
// marshal XAdES-X
unsignedSigProps.addNewSigAndRefsTimeStamp().set(timeStampXadesX1);
// XAdES-X-L
CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues();
for (X509Certificate certificate : certChain) {
EncapsulatedPKIDataType encapsulatedPKIDataType = certificateValues.addNewEncapsulatedX509Certificate();
try {
encapsulatedPKIDataType.setByteArrayValue(certificate.getEncoded());
} catch (CertificateEncodingException e) {
throw new RuntimeException("certificate encoding error: " + e.getMessage(), e);
}
}
RevocationValuesType revocationValues = unsignedSigProps.addNewRevocationValues();
createRevocationValues(revocationValues, revocationData);
// marshal XAdES-X-L
Node n = document.importNode(qualProps.getDomNode(), true);
qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0));
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
MarshalException(javax.xml.crypto.MarshalException)
X509CRL(java.security.cert.X509CRL)
ValidationDataType(org.etsi.uri.x01903.v14.ValidationDataType)
Node(org.w3c.dom.Node)
ResponderID(org.bouncycastle.asn1.ocsp.ResponderID)
ArrayList(java.util.ArrayList)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
CRLException(java.security.cert.CRLException)
RevocationData(org.apache.poi.poifs.crypt.dsig.services.RevocationData)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
NodeList(org.w3c.dom.NodeList)
Calendar(java.util.Calendar)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
MarshalException(javax.xml.crypto.MarshalException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
XmlException(org.apache.xmlbeans.XmlException)
CRLException(java.security.cert.CRLException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XmlException(org.apache.xmlbeans.XmlException)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
RespID(org.bouncycastle.cert.ocsp.RespID)
Example 2 with MarshalException
use of javax.xml.crypto.MarshalException in project poi by apache.
the class Office2010SignatureFacet method postSign.
@Override
public void postSign(Document document) throws MarshalException {
// check for XAdES-BES
NodeList nl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties");
if (nl.getLength() != 1) {
throw new MarshalException("no XAdES-BES extension present");
}
QualifyingPropertiesType qualProps;
try {
qualProps = QualifyingPropertiesType.Factory.parse(nl.item(0), DEFAULT_XML_OPTIONS);
} catch (XmlException e) {
throw new MarshalException(e);
}
// create basic XML container structure
UnsignedPropertiesType unsignedProps = qualProps.getUnsignedProperties();
if (unsignedProps == null) {
unsignedProps = qualProps.addNewUnsignedProperties();
}
UnsignedSignaturePropertiesType unsignedSigProps = unsignedProps.getUnsignedSignatureProperties();
if (unsignedSigProps == null) {
/* unsignedSigProps = */
unsignedProps.addNewUnsignedSignatureProperties();
}
Node n = document.importNode(qualProps.getDomNode().getFirstChild(), true);
nl.item(0).getParentNode().replaceChild(n, nl.item(0));
}
Also used :
UnsignedPropertiesType(org.etsi.uri.x01903.v13.UnsignedPropertiesType)
MarshalException(javax.xml.crypto.MarshalException)
QualifyingPropertiesType(org.etsi.uri.x01903.v13.QualifyingPropertiesType)
XmlException(org.apache.xmlbeans.XmlException)
UnsignedSignaturePropertiesType(org.etsi.uri.x01903.v13.UnsignedSignaturePropertiesType)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Example 3 with MarshalException
use of javax.xml.crypto.MarshalException in project poi by apache.
the class SignatureInfo method writeDocument.
/**
* Write XML signature into the OPC package
*
* @param document the xml signature document
* @throws MarshalException
*/
protected void writeDocument(Document document) throws MarshalException {
XmlOptions xo = new XmlOptions();
Map<String, String> namespaceMap = new HashMap<String, String>();
for (Map.Entry<String, String> entry : signatureConfig.getNamespacePrefixes().entrySet()) {
namespaceMap.put(entry.getValue(), entry.getKey());
}
xo.setSaveSuggestedPrefixes(namespaceMap);
xo.setUseDefaultNamespace();
LOG.log(POILogger.DEBUG, "output signed Office OpenXML document");
/*
* Copy the original OOXML content to the signed OOXML package. During
* copying some files need to changed.
*/
OPCPackage pkg = signatureConfig.getOpcPackage();
PackagePartName sigPartName, sigsPartName;
try {
// <Override PartName="/_xmlsignatures/sig1.xml" ContentType="application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml"/>
sigPartName = PackagingURIHelper.createPartName("/_xmlsignatures/sig1.xml");
// <Default Extension="sigs" ContentType="application/vnd.openxmlformats-package.digital-signature-origin"/>
sigsPartName = PackagingURIHelper.createPartName("/_xmlsignatures/origin.sigs");
} catch (InvalidFormatException e) {
throw new MarshalException(e);
}
PackagePart sigPart = pkg.getPart(sigPartName);
if (sigPart == null) {
sigPart = pkg.createPart(sigPartName, ContentTypes.DIGITAL_SIGNATURE_XML_SIGNATURE_PART);
}
try {
OutputStream os = sigPart.getOutputStream();
SignatureDocument sigDoc = SignatureDocument.Factory.parse(document, DEFAULT_XML_OPTIONS);
sigDoc.save(os, xo);
os.close();
} catch (Exception e) {
throw new MarshalException("Unable to write signature document", e);
}
PackagePart sigsPart = pkg.getPart(sigsPartName);
if (sigsPart == null) {
// touch empty marker file
sigsPart = pkg.createPart(sigsPartName, ContentTypes.DIGITAL_SIGNATURE_ORIGIN_PART);
}
PackageRelationshipCollection relCol = pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
for (PackageRelationship pr : relCol) {
pkg.removeRelationship(pr.getId());
}
pkg.addRelationship(sigsPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
sigsPart.addRelationship(sigPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE);
}
Also used :
PackagePartName(org.apache.poi.openxml4j.opc.PackagePartName)
MarshalException(javax.xml.crypto.MarshalException)
SignatureDocument(org.w3.x2000.x09.xmldsig.SignatureDocument)
HashMap(java.util.HashMap)
PackageRelationshipCollection(org.apache.poi.openxml4j.opc.PackageRelationshipCollection)
XmlOptions(org.apache.xmlbeans.XmlOptions)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
OutputStream(java.io.OutputStream)
PackagePart(org.apache.poi.openxml4j.opc.PackagePart)
InvalidFormatException(org.apache.poi.openxml4j.exceptions.InvalidFormatException)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidFormatException(org.apache.poi.openxml4j.exceptions.InvalidFormatException)
SAXException(org.xml.sax.SAXException)
MarshalException(javax.xml.crypto.MarshalException)
XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException)
NoSuchElementException(java.util.NoSuchElementException)
IOException(java.io.IOException)
XmlException(org.apache.xmlbeans.XmlException)
EncryptedDocumentException(org.apache.poi.EncryptedDocumentException)
PackageRelationship(org.apache.poi.openxml4j.opc.PackageRelationship)
Map(java.util.Map)
HashMap(java.util.HashMap)
OPCPackage(org.apache.poi.openxml4j.opc.OPCPackage)
Example 4 with MarshalException
use of javax.xml.crypto.MarshalException in project simba-os by cegeka.
the class Utils method validateSign.
/**
* Validate signature (Message or Assertion).
*
* @param signatureElement The element we should validate
* @param cert The pubic cert
* @param fingerprint The fingerprint of the public cert
* @return True if the sign is valid, false otherwise.
*/
public static boolean validateSign(Node signatureElement, Certificate cert, String... fingerprint) throws Exception {
boolean res;
DOMValidateContext ctx = new DOMValidateContext(cert.getPublicKey(), signatureElement);
XMLSignatureFactory sigF = XMLSignatureFactory.getInstance("DOM");
try {
XMLSignature xmlSignature = sigF.unmarshalXMLSignature(ctx);
res = xmlSignature.validate(ctx);
} catch (MarshalException e) {
log.error("Cannot locate Signature Node " + e.getMessage(), e);
throw e;
} catch (NullPointerException e) {
log.error("Context can't be validated", e);
throw e;
}
return res;
}
Also used :
XMLSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory)
MarshalException(javax.xml.crypto.MarshalException)
XMLSignature(javax.xml.crypto.dsig.XMLSignature)
DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext)
Aggregations
MarshalException (javax.xml.crypto.MarshalException)4
XmlException (org.apache.xmlbeans.XmlException)3
IOException (java.io.IOException)2
Node (org.w3c.dom.Node)2
NodeList (org.w3c.dom.NodeList)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
OutputStream (java.io.OutputStream)1
GeneralSecurityException (java.security.GeneralSecurityException)1
CRLException (java.security.cert.CRLException)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
CertificateException (java.security.cert.CertificateException)1
X509CRL (java.security.cert.X509CRL)1
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
NoSuchElementException (java.util.NoSuchElementException)1
XMLSignature (javax.xml.crypto.dsig.XMLSignature)1
