use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.
the class DataGenIndivDataObjsTimeStamp method createPropDataObj.
@Override
protected BaseXAdESTimeStampData createPropDataObj(IndividualDataObjsTimeStampProperty prop, Algorithm c14n, TimeStampTokenRes tsTknRes, PropertiesDataGenerationContext ctx) {
Collection<DataObjectDesc> targetDataObjs = prop.getTargetDataObjects();
Map<DataObjectDesc, Reference> refsMaps = ctx.getReferencesMappings();
List<String> includes = new ArrayList<String>(targetDataObjs.size());
for (DataObjectDesc dataObj : targetDataObjs) {
Reference r = refsMaps.get(dataObj);
includes.add('#' + r.getId());
}
prop.setTime(tsTknRes.timeStampTime);
return new IndividualDataObjsTimeStampData(c14n, includes, tsTknRes.encodedTimeStampToken);
}
use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.
the class DataObjFormatVerifier method verify.
@Override
public QualifyingProperty verify(DataObjectFormatData propData, QualifyingPropertyVerificationContext ctx) throws DataObjectFormatVerificationException {
QualifyingPropertyVerificationContext.SignedObjectsData signedObjsData = ctx.getSignedObjectsData();
String encoding = propData.getEncoding(), mimeType = propData.getMimeType();
// XAdES G.2.2.8: "The verifier should check that the ObjectReference element
// actually references one ds:Reference element from the signature."
RawDataObjectDesc signedObj = signedObjsData.findSignedDataObject(propData.getObjectRef());
if (null == signedObj)
throw new DataObjectFormatReferenceException(propData.getObjectRef());
// "In addition, should this property refer to a ds:Reference that in turn
// refers to a ds:Object, the verifier should check the values of attributes
// MimeType and Encoding (...)."
Reference signedObjRef = signedObj.getReference();
if (Reference.OBJECT_URI.equals(signedObjRef.getType())) {
// Get the referenced Object.
ObjectContainer signedObjObj = signedObjsData.findXMLObject(signedObjRef.getURI());
if (null == signedObjObj)
throw new DataObjectFormatReferenceException(signedObjRef.getURI());
String objEncoding = signedObjObj.getEncoding(), objMimeType = signedObjObj.getMimeType();
// Compare 'encoding' and 'mimeType', if present on both.
if (StringUtils.differentStringsIfNotNullNorEmpty(objEncoding, encoding) || StringUtils.differentStringsIfNotNullNorEmpty(objMimeType, mimeType))
throw new DataObjectFormatMismatchException(mimeType, encoding, signedObjRef, signedObjObj);
}
// Create the property.
DataObjectFormatProperty formatProp = new DataObjectFormatProperty(mimeType, encoding);
formatProp.withDescription(propData.getDescription());
Collection<String> docsUris = propData.getDocumentationUris();
if (docsUris != null)
formatProp.withDocumentationUris(docsUris);
formatProp.withIdentifier(propData.getIdentifier());
// Associate the property to the data object.
signedObj.withDataObjectFormat(formatProp);
return formatProp;
}
use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.
the class CounterSignatureVerifier method verify.
@Override
public QualifyingProperty verify(GenericDOMData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
XAdESVerificationResult res;
try {
Element sigElem = DOMHelper.getFirstChildElement(propData.getPropertyElement());
res = verifier.verify(sigElem, null);
} catch (XAdES4jException ex) {
throw new CounterSignatureXadesVerificationException(ex);
}
// "Check that the enclosed signature correctly references the ds:SignatureValue
// present in the countersigned XAdES signature."
Node targetSigValueElem = ctx.getSignature().getElement().getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATUREVALUE).item(0);
try {
SignedInfo si = res.getXmlSignature().getSignedInfo();
for (int i = 0; i < si.getLength(); i++) {
Reference r = si.item(i);
if (r.getContentsAfterTransformation().getSubNode() == targetSigValueElem)
// The signature references the SignatureValue element.
return new CounterSignatureProperty(res);
}
throw new CounterSignatureSigValueRefException();
} catch (XMLSecurityException e) {
// Shouldn't happen because the signature was already verified.
throw new CounterSignatureVerificationException(e);
}
}
use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.
the class XadesVerifierImpl method doCoreVerification.
private static void doCoreVerification(XMLSignature signature, SignatureSpecificVerificationOptions verificationOptions, X509Certificate validationCert) throws XAdES4jXMLSigException, InvalidSignatureException {
List<ResourceResolver> resolvers = verificationOptions.getResolvers();
if (!CollectionUtils.nullOrEmpty(resolvers)) {
for (ResourceResolver resolver : resolvers) {
signature.addResourceResolver(resolver);
}
}
InputStream nullURIReferenceData = verificationOptions.getDataForAnonymousReference();
if (nullURIReferenceData != null) {
signature.addResourceResolver(new ResolverAnonymous(nullURIReferenceData));
}
try {
if (signature.checkSignatureValue(validationCert)) {
return;
}
} catch (XMLSignatureException ex) {
throw new XAdES4jXMLSigException("Error verifying the signature", ex);
}
try {
if (signature.getSignedInfo().verifyReferences()) // References are OK; this is a problem on the signature value
// itself.
{
throw new SignatureValueException(signature);
} else {
// References are NOT OK; get the first invalid Reference.
SignedInfo si = signature.getSignedInfo();
for (int i = 0; i < si.getLength(); i++) {
Reference r = si.item(i);
if (!r.verify()) {
throw new ReferenceValueException(signature, r);
}
}
}
} catch (XMLSecurityException ex) {
throw new XAdES4jXMLSigException("Error verifying the references", ex);
}
}
use of org.apache.xml.security.signature.Reference in project xades4j by luisgoncalves.
the class SignatureUtils method processReferences.
static ReferencesRes processReferences(XMLSignature signature) throws QualifyingPropertiesIncorporationException, XAdES4jXMLSigException {
SignedInfo signedInfo = signature.getSignedInfo();
List<RawDataObjectDesc> dataObjsReferences = new ArrayList<RawDataObjectDesc>(signedInfo.getLength() - 1);
Reference signedPropsRef = null;
for (int i = 0; i < signedInfo.getLength(); i++) {
Reference ref;
try {
ref = signedInfo.item(i);
} catch (XMLSecurityException ex) {
throw new XAdES4jXMLSigException(String.format("Cannot process the %dth reference", i), ex);
}
String refTypeUri = ref.getType();
// with its value set to: http://uri.etsi.org/01903#SignedProperties."
if (QualifyingProperty.SIGNED_PROPS_TYPE_URI.equals(refTypeUri)) {
if (signedPropsRef != null) {
throw new QualifyingPropertiesIncorporationException("Multiple references to SignedProperties");
}
signedPropsRef = ref;
} else {
RawDataObjectDesc dataObj = new RawDataObjectDesc(ref);
dataObjsReferences.add(dataObj);
try {
Transforms transfs = ref.getTransforms();
if (transfs != null) {
for (int j = 0; j < transfs.getLength(); ++j) {
dataObj.withTransform(new GenericAlgorithm(transfs.item(j).getURI()));
}
}
} catch (XMLSecurityException ex) {
throw new XAdES4jXMLSigException("Cannot process transfroms", ex);
}
}
}
if (null == signedPropsRef) // !!!
// Still may be a XAdES signature, if the signing certificate is
// protected. For now, that scenario is not supported.
{
throw new QualifyingPropertiesIncorporationException("SignedProperties reference not found");
}
return new ReferencesRes(dataObjsReferences, signedPropsRef);
}
Aggregations