Search in sources :

Example 1 with Reference

use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.

the class DataGenIndivDataObjsTimeStamp method createPropDataObj.

@Override
protected BaseXAdESTimeStampData createPropDataObj(IndividualDataObjsTimeStampProperty prop, Algorithm c14n, TimeStampTokenRes tsTknRes, PropertiesDataGenerationContext ctx) {
    Collection<DataObjectDesc> targetDataObjs = prop.getTargetDataObjects();
    Map<DataObjectDesc, Reference> refsMaps = ctx.getReferencesMappings();
    List<String> includes = new ArrayList<String>(targetDataObjs.size());
    for (DataObjectDesc dataObj : targetDataObjs) {
        Reference r = refsMaps.get(dataObj);
        includes.add('#' + r.getId());
    }
    prop.setTime(tsTknRes.timeStampTime);
    return new IndividualDataObjsTimeStampData(c14n, includes, tsTknRes.encodedTimeStampToken);
}
Also used : Reference(org.apache.xml.security.signature.Reference) ArrayList(java.util.ArrayList) DataObjectDesc(xades4j.properties.DataObjectDesc) IndividualDataObjsTimeStampData(xades4j.properties.data.IndividualDataObjsTimeStampData)

Example 2 with Reference

use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.

the class DataObjFormatVerifier method verify.

@Override
public QualifyingProperty verify(DataObjectFormatData propData, QualifyingPropertyVerificationContext ctx) throws DataObjectFormatVerificationException {
    QualifyingPropertyVerificationContext.SignedObjectsData signedObjsData = ctx.getSignedObjectsData();
    String encoding = propData.getEncoding(), mimeType = propData.getMimeType();
    // XAdES G.2.2.8: "The verifier should check that the ObjectReference element
    // actually references one ds:Reference element from the signature."
    RawDataObjectDesc signedObj = signedObjsData.findSignedDataObject(propData.getObjectRef());
    if (null == signedObj)
        throw new DataObjectFormatReferenceException(propData.getObjectRef());
    // "In addition, should this property refer to a ds:Reference that in turn
    // refers to a ds:Object, the verifier should check the values of attributes
    // MimeType and Encoding (...)."
    Reference signedObjRef = signedObj.getReference();
    if (Reference.OBJECT_URI.equals(signedObjRef.getType())) {
        // Get the referenced Object.
        ObjectContainer signedObjObj = signedObjsData.findXMLObject(signedObjRef.getURI());
        if (null == signedObjObj)
            throw new DataObjectFormatReferenceException(signedObjRef.getURI());
        String objEncoding = signedObjObj.getEncoding(), objMimeType = signedObjObj.getMimeType();
        // Compare 'encoding' and 'mimeType', if present on both.
        if (StringUtils.differentStringsIfNotNullNorEmpty(objEncoding, encoding) || StringUtils.differentStringsIfNotNullNorEmpty(objMimeType, mimeType))
            throw new DataObjectFormatMismatchException(mimeType, encoding, signedObjRef, signedObjObj);
    }
    // Create the property.
    DataObjectFormatProperty formatProp = new DataObjectFormatProperty(mimeType, encoding);
    formatProp.withDescription(propData.getDescription());
    Collection<String> docsUris = propData.getDocumentationUris();
    if (docsUris != null)
        formatProp.withDocumentationUris(docsUris);
    formatProp.withIdentifier(propData.getIdentifier());
    // Associate the property to the data object.
    signedObj.withDataObjectFormat(formatProp);
    return formatProp;
}
Also used : Reference(org.apache.xml.security.signature.Reference) DataObjectFormatProperty(xades4j.properties.DataObjectFormatProperty) ObjectContainer(org.apache.xml.security.signature.ObjectContainer)

Example 3 with Reference

use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.

the class CounterSignatureVerifier method verify.

@Override
public QualifyingProperty verify(GenericDOMData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
    XAdESVerificationResult res;
    try {
        Element sigElem = DOMHelper.getFirstChildElement(propData.getPropertyElement());
        res = verifier.verify(sigElem, null);
    } catch (XAdES4jException ex) {
        throw new CounterSignatureXadesVerificationException(ex);
    }
    // "Check that the enclosed signature correctly references the ds:SignatureValue
    // present in the countersigned XAdES signature."
    Node targetSigValueElem = ctx.getSignature().getElement().getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATUREVALUE).item(0);
    try {
        SignedInfo si = res.getXmlSignature().getSignedInfo();
        for (int i = 0; i < si.getLength(); i++) {
            Reference r = si.item(i);
            if (r.getContentsAfterTransformation().getSubNode() == targetSigValueElem)
                // The signature references the SignatureValue element.
                return new CounterSignatureProperty(res);
        }
        throw new CounterSignatureSigValueRefException();
    } catch (XMLSecurityException e) {
        // Shouldn't happen because the signature was already verified.
        throw new CounterSignatureVerificationException(e);
    }
}
Also used : XAdES4jException(xades4j.XAdES4jException) Reference(org.apache.xml.security.signature.Reference) CounterSignatureProperty(xades4j.properties.CounterSignatureProperty) Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SignedInfo(org.apache.xml.security.signature.SignedInfo)

Example 4 with Reference

use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.

the class XadesVerifierImpl method doCoreVerification.

private static void doCoreVerification(XMLSignature signature, SignatureSpecificVerificationOptions verificationOptions, X509Certificate validationCert) throws XAdES4jXMLSigException, InvalidSignatureException {
    List<ResourceResolver> resolvers = verificationOptions.getResolvers();
    if (!CollectionUtils.nullOrEmpty(resolvers)) {
        for (ResourceResolver resolver : resolvers) {
            signature.addResourceResolver(resolver);
        }
    }
    InputStream nullURIReferenceData = verificationOptions.getDataForAnonymousReference();
    if (nullURIReferenceData != null) {
        signature.addResourceResolver(new ResolverAnonymous(nullURIReferenceData));
    }
    try {
        if (signature.checkSignatureValue(validationCert)) {
            return;
        }
    } catch (XMLSignatureException ex) {
        throw new XAdES4jXMLSigException("Error verifying the signature", ex);
    }
    try {
        if (signature.getSignedInfo().verifyReferences()) // References are OK; this is a problem on the signature value
        // itself.
        {
            throw new SignatureValueException(signature);
        } else {
            // References are NOT OK; get the first invalid Reference.
            SignedInfo si = signature.getSignedInfo();
            for (int i = 0; i < si.getLength(); i++) {
                Reference r = si.item(i);
                if (!r.verify()) {
                    throw new ReferenceValueException(signature, r);
                }
            }
        }
    } catch (XMLSecurityException ex) {
        throw new XAdES4jXMLSigException("Error verifying the references", ex);
    }
}
Also used : XAdES4jXMLSigException(xades4j.XAdES4jXMLSigException) InputStream(java.io.InputStream) Reference(org.apache.xml.security.signature.Reference) ResourceResolver(org.apache.xml.security.utils.resolver.ResourceResolver) ResolverAnonymous(org.apache.xml.security.utils.resolver.implementations.ResolverAnonymous) XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SignedInfo(org.apache.xml.security.signature.SignedInfo)

Example 5 with Reference

use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.

the class SignatureUtils method processReferences.

static ReferencesRes processReferences(XMLSignature signature) throws QualifyingPropertiesIncorporationException, XAdES4jXMLSigException {
    SignedInfo signedInfo = signature.getSignedInfo();
    List<RawDataObjectDesc> dataObjsReferences = new ArrayList<RawDataObjectDesc>(signedInfo.getLength() - 1);
    Reference signedPropsRef = null;
    for (int i = 0; i < signedInfo.getLength(); i++) {
        Reference ref;
        try {
            ref = signedInfo.item(i);
        } catch (XMLSecurityException ex) {
            throw new XAdES4jXMLSigException(String.format("Cannot process the %dth reference", i), ex);
        }
        String refTypeUri = ref.getType();
        // with its value set to: http://uri.etsi.org/01903#SignedProperties."
        if (QualifyingProperty.SIGNED_PROPS_TYPE_URI.equals(refTypeUri)) {
            if (signedPropsRef != null) {
                throw new QualifyingPropertiesIncorporationException("Multiple references to SignedProperties");
            }
            signedPropsRef = ref;
        } else {
            RawDataObjectDesc dataObj = new RawDataObjectDesc(ref);
            dataObjsReferences.add(dataObj);
            try {
                Transforms transfs = ref.getTransforms();
                if (transfs != null) {
                    for (int j = 0; j < transfs.getLength(); ++j) {
                        dataObj.withTransform(new GenericAlgorithm(transfs.item(j).getURI()));
                    }
                }
            } catch (XMLSecurityException ex) {
                throw new XAdES4jXMLSigException("Cannot process transfroms", ex);
            }
        }
    }
    if (null == signedPropsRef) // !!!
    // Still may be a XAdES signature, if the signing certificate is
    // protected. For now, that scenario is not supported.
    {
        throw new QualifyingPropertiesIncorporationException("SignedProperties reference not found");
    }
    return new ReferencesRes(dataObjsReferences, signedPropsRef);
}
Also used : Reference(org.apache.xml.security.signature.Reference) Transforms(org.apache.xml.security.transforms.Transforms) ArrayList(java.util.ArrayList) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) GenericAlgorithm(xades4j.algorithms.GenericAlgorithm) SignedInfo(org.apache.xml.security.signature.SignedInfo) XAdES4jXMLSigException(xades4j.XAdES4jXMLSigException)

Aggregations

Reference (org.apache.xml.security.signature.Reference)16 Element (org.w3c.dom.Element)7 DataObjectDesc (xades4j.properties.DataObjectDesc)7 SignedInfo (org.apache.xml.security.signature.SignedInfo)6 XMLSignature (org.apache.xml.security.signature.XMLSignature)6 ObjectContainer (org.apache.xml.security.signature.ObjectContainer)5 Document (org.w3c.dom.Document)5 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)4 ArrayList (java.util.ArrayList)3 XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)3 Transforms (org.apache.xml.security.transforms.Transforms)3 XAdES4jXMLSigException (xades4j.XAdES4jXMLSigException)3 PublicKey (java.security.PublicKey)2 X509Certificate (java.security.cert.X509Certificate)2 KeyInfo (org.apache.xml.security.keys.KeyInfo)2 ReferenceData (org.apache.xml.security.signature.reference.ReferenceData)2 ReferenceNodeSetData (org.apache.xml.security.signature.reference.ReferenceNodeSetData)2 ResourceResolver (org.apache.xml.security.utils.resolver.ResourceResolver)2 ResolverAnonymous (org.apache.xml.security.utils.resolver.implementations.ResolverAnonymous)2 Test (org.junit.Test)2