Search in sources :

Example 1 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class DataGenCompleteRevocRefs method generatePropertyData.

@Override
public PropertyDataObject generatePropertyData(CompleteRevocationRefsProperty prop, PropertiesDataGenerationContext ctx) throws PropertyDataGenerationException {
    Collection<X509CRL> crls = prop.getCrls();
    Collection<CRLRef> crlRefs = new ArrayList<CRLRef>(crls.size());
    String digestAlgUri = this.algorithmsProvider.getDigestAlgorithmForReferenceProperties();
    try {
        MessageDigest messageDigest = this.messageDigestProvider.getEngine(digestAlgUri);
        for (X509CRL crl : crls) {
            GregorianCalendar crlTime = new GregorianCalendar();
            crlTime.setTime(crl.getThisUpdate());
            byte[] digest = messageDigest.digest(crl.getEncoded());
            BigInteger crlNum = CrlExtensionsUtils.getCrlNumber(crl);
            crlRefs.add(new CRLRef(crl.getIssuerX500Principal().getName(), crlNum, digestAlgUri, digest, crlTime));
        }
        return new CompleteRevocationRefsData(crlRefs);
    } catch (CRLException ex) {
        throw new PropertyDataGenerationException(prop, "cannot get encoded CRL", ex);
    } catch (IOException ex) {
        throw new PropertyDataGenerationException(prop, "cannot parse CRL number extension", ex);
    } catch (UnsupportedAlgorithmException ex) {
        throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
    }
}
Also used : X509CRL(java.security.cert.X509CRL) ArrayList(java.util.ArrayList) GregorianCalendar(java.util.GregorianCalendar) CRLRef(xades4j.properties.data.CRLRef) IOException(java.io.IOException) CompleteRevocationRefsData(xades4j.properties.data.CompleteRevocationRefsData) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) BigInteger(java.math.BigInteger) MessageDigest(java.security.MessageDigest) CRLException(java.security.cert.CRLException)

Example 2 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class DataGenSigPolicy method generatePropertyData.

@Override
public PropertyDataObject generatePropertyData(SignaturePolicyIdentifierProperty prop, PropertiesDataGenerationContext ctx) throws PropertyDataGenerationException {
    try {
        // Digest the policy document.
        String digestAlgUri = this.algorithmsProvider.getDigestAlgorithmForReferenceProperties();
        MessageDigest md = this.messageDigestProvider.getEngine(digestAlgUri);
        byte[] policyDigest = MessageDigestUtils.digestStream(md, prop.getPolicyDocumentStream());
        return new SignaturePolicyData(prop.getIdentifier(), digestAlgUri, policyDigest, prop.getLocationUrl());
    } catch (IOException ex) {
        throw new PropertyDataGenerationException(prop, "Cannot digest signature policy", ex);
    } catch (UnsupportedAlgorithmException ex) {
        throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
    }
}
Also used : UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) IOException(java.io.IOException) MessageDigest(java.security.MessageDigest) SignaturePolicyData(xades4j.properties.data.SignaturePolicyData)

Example 3 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class KeyInfoBuilder method buildKeyInfo.

void buildKeyInfo(X509Certificate signingCertificate, XMLSignature xmlSig) throws KeyingDataException, UnsupportedAlgorithmException {
    // Check key usage.
    // - KeyUsage[0] = digitalSignature
    // - KeyUsage[1] = nonRepudiation
    boolean[] keyUsage = signingCertificate.getKeyUsage();
    if (keyUsage != null && !keyUsage[0] && !keyUsage[1]) {
        throw new SigningCertKeyUsageException(signingCertificate);
    }
    try {
        signingCertificate.checkValidity();
    } catch (CertificateException ce) {
        // CertificateExpiredException or CertificateNotYetValidException
        throw new SigningCertValidityException(signingCertificate);
    }
    if (this.basicSignatureOptionsProvider.includeSigningCertificate()) {
        try {
            X509Data x509Data = new X509Data(xmlSig.getDocument());
            x509Data.addCertificate(signingCertificate);
            x509Data.addSubjectName(signingCertificate);
            x509Data.addIssuerSerial(signingCertificate.getIssuerX500Principal().getName(), signingCertificate.getSerialNumber());
            xmlSig.getKeyInfo().add(x509Data);
            if (this.basicSignatureOptionsProvider.signSigningCertificate()) {
                String keyInfoId = xmlSig.getId() + "-keyinfo";
                xmlSig.getKeyInfo().setId(keyInfoId);
                // Use same canonicalization URI as specified in the ds:CanonicalizationMethod for Signature.
                Algorithm canonAlg = this.algorithmsProvider.getCanonicalizationAlgorithmForSignature();
                CanonicalizerUtils.checkC14NAlgorithm(canonAlg);
                Transforms transforms = TransformUtils.createTransforms(canonAlg, this.algorithmsParametersMarshaller, xmlSig.getDocument());
                xmlSig.addDocument('#' + keyInfoId, transforms, this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences());
            }
        } catch (XMLSignatureException ex) {
            throw new UnsupportedAlgorithmException("Digest algorithm not supported in the XML Signature provider", this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences(), ex);
        } catch (XMLSecurityException ex) {
            throw new KeyingDataException(ex.getMessage(), ex);
        }
    }
    if (this.basicSignatureOptionsProvider.includePublicKey()) {
        xmlSig.addKeyInfo(signingCertificate.getPublicKey());
    }
}
Also used : Transforms(org.apache.xml.security.transforms.Transforms) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) CertificateException(java.security.cert.CertificateException) X509Data(org.apache.xml.security.keys.content.X509Data) Algorithm(xades4j.algorithms.Algorithm) XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 4 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class DataGenBaseCertRefs method generate.

protected PropertyDataObject generate(Collection<X509Certificate> certs, BaseCertRefsData certRefsData, QualifyingProperty prop) throws PropertyDataGenerationException {
    if (null == certs) {
        throw new PropertyDataGenerationException(prop, "certificates not provided");
    }
    try {
        String digestAlgUri = this.algorithmsProvider.getDigestAlgorithmForReferenceProperties();
        MessageDigest messageDigest = this.messageDigestProvider.getEngine(digestAlgUri);
        for (X509Certificate cert : certs) {
            // "DigestValue contains the base-64 encoded value of the digest
            // computed on the DER-encoded certificate."
            // The base-64 encoding is done by JAXB with the configured
            // adapter (Base64XmlAdapter).
            // For X509 certificates the encoded form return by getEncoded is DER.
            byte[] digestValue = messageDigest.digest(cert.getEncoded());
            certRefsData.addCertRef(new CertRef(cert.getIssuerX500Principal().getName(), cert.getSerialNumber(), digestAlgUri, digestValue));
        }
        return certRefsData;
    } catch (UnsupportedAlgorithmException ex) {
        throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
    } catch (CertificateEncodingException ex) {
        throw new PropertyDataGenerationException(prop, "cannot get encoded certificate", ex);
    }
}
Also used : UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) CertRef(xades4j.properties.data.CertRef) CertificateEncodingException(java.security.cert.CertificateEncodingException) MessageDigest(java.security.MessageDigest) X509Certificate(java.security.cert.X509Certificate)

Example 5 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class DataGenBaseTimeStamp method generatePropertyData.

@Override
public final PropertyDataObject generatePropertyData(TProp prop, PropertiesDataGenerationContext ctx) throws PropertyDataGenerationException {
    Algorithm c14n = this.algsProvider.getCanonicalizationAlgorithmForTimeStampProperties();
    try {
        TimeStampDigestInput digestInput = this.tsInputFactory.newTimeStampDigestInput(c14n);
        addPropSpecificTimeStampInput(prop, digestInput, ctx);
        TimeStampTokenRes tsTknRes = this.tsTokenProvider.getTimeStampToken(digestInput.getBytes(), this.algsProvider.getDigestAlgorithmForTimeStampProperties());
        return createPropDataObj(prop, c14n, tsTknRes, ctx);
    } catch (UnsupportedAlgorithmException ex) {
        throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
    } catch (CannotAddDataToDigestInputException ex) {
        throw new PropertyDataGenerationException(prop, "cannot create time stamp input", ex);
    } catch (TimeStampTokenGenerationException ex) {
        throw new PropertyDataGenerationException(prop, "cannot get a time-stamp", ex);
    }
}
Also used : CannotAddDataToDigestInputException(xades4j.utils.CannotAddDataToDigestInputException) TimeStampDigestInput(xades4j.utils.TimeStampDigestInput) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TimeStampTokenRes(xades4j.providers.TimeStampTokenProvider.TimeStampTokenRes) Algorithm(xades4j.algorithms.Algorithm) TimeStampTokenGenerationException(xades4j.providers.TimeStampTokenGenerationException)

Aggregations

UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)15 MessageDigest (java.security.MessageDigest)8 IOException (java.io.IOException)6 Algorithm (xades4j.algorithms.Algorithm)4 X509Certificate (java.security.cert.X509Certificate)3 ArrayList (java.util.ArrayList)3 XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)3 Transforms (org.apache.xml.security.transforms.Transforms)3 BigInteger (java.math.BigInteger)2 CRLException (java.security.cert.CRLException)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 CertificateException (java.security.cert.CertificateException)2 X509CRL (java.security.cert.X509CRL)2 ObjectContainer (org.apache.xml.security.signature.ObjectContainer)2 Reference (org.apache.xml.security.signature.Reference)2 Node (org.w3c.dom.Node)2 XAdES4jException (xades4j.XAdES4jException)2 DataObjectDesc (xades4j.properties.DataObjectDesc)2 CRLRef (xades4j.properties.data.CRLRef)2 TimeStampTokenDigestException (xades4j.providers.TimeStampTokenDigestException)2