Example 6 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class DefaultTimeStampVerificationProvider method verifyToken.
@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
TimeStampToken tsToken;
try {
ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
asn1is.close();
tsToken = new TimeStampToken(tsContentInfo);
} catch (IOException ex) {
throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
} catch (TSPException ex) {
throw new TimeStampTokenStructureException("Invalid token", ex);
}
X509Certificate tsaCert = null;
try {
/* Validate the TSA certificate */
LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
}
ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
tsaCert = vData.getCerts().get(0);
} catch (CertificateException ex) {
throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
} catch (XAdES4jException ex) {
throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
}
try {
tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
} catch (TSPValidationException ex) {
throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
} catch (Exception ex) {
throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
}
org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
try {
String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
throw new TimeStampTokenDigestException();
}
} catch (UnsupportedAlgorithmException ex) {
throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
}
return tsTokenInfo.getGenTime();
}
Also used :
CertificateException(java.security.cert.CertificateException)
TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException)
TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
XAdES4jException(xades4j.XAdES4jException)
TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException)
MessageDigest(java.security.MessageDigest)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException)
TSPValidationException(org.bouncycastle.tsp.TSPValidationException)
TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
LinkedList(java.util.LinkedList)
TSPValidationException(org.bouncycastle.tsp.TSPValidationException)
XAdES4jException(xades4j.XAdES4jException)
TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException)
TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException)
TSPException(org.bouncycastle.tsp.TSPException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException)
TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException)
TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)
ValidationData(xades4j.providers.ValidationData)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
TSPException(org.bouncycastle.tsp.TSPException)
TimeStampToken(org.bouncycastle.tsp.TimeStampToken)
Example 7 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class CompleteRevocRefsVerifier method verify.
@Override
public QualifyingProperty verify(CompleteRevocationRefsData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
Collection<X509CRL> crls = ctx.getCertChainData().getCrls();
Collection<CRLRef> crlRefs = new ArrayList<CRLRef>(propData.getCrlRefs());
if (crls.isEmpty())
throw new CompleteRevocRefsCRLsNotAvailableException();
for (X509CRL crl : crls) {
CRLRef match = null;
for (CRLRef crlRef : crlRefs) {
// Check issuer and issue time.
if (!crl.getIssuerX500Principal().equals(new X500Principal(crlRef.issuerDN)) || !crl.getThisUpdate().equals(crlRef.issueTime.getTime()))
continue;
try {
// Check CRL number, if present.
if (crlRef.serialNumber != null) {
BigInteger crlNum = CrlExtensionsUtils.getCrlNumber(crl);
if (crlNum != null && !crlRef.serialNumber.equals(crlNum))
continue;
}
// Check digest value.
MessageDigest md = this.digestEngineProvider.getEngine(crlRef.digestAlgUri);
if (Arrays.equals(md.digest(crl.getEncoded()), crlRef.digestValue)) {
match = crlRef;
break;
}
} catch (IOException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
} catch (CRLException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
} catch (UnsupportedAlgorithmException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
}
}
if (null == match)
throw new CompleteRevocRefsReferenceException(crl, "no matching reference");
crlRefs.remove(match);
}
return new CompleteRevocationRefsProperty(crls);
}
Also used :
X509CRL(java.security.cert.X509CRL)
ArrayList(java.util.ArrayList)
CRLRef(xades4j.properties.data.CRLRef)
IOException(java.io.IOException)
CompleteRevocationRefsProperty(xades4j.properties.CompleteRevocationRefsProperty)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
MessageDigest(java.security.MessageDigest)
CRLException(java.security.cert.CRLException)
Example 8 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class CertRefUtils method checkCertRef.
static void checkCertRef(CertRef certRef, X509Certificate cert, MessageDigestEngineProvider messageDigestProvider) throws InvalidCertRefException {
MessageDigest messageDigest;
Throwable t = null;
try {
messageDigest = messageDigestProvider.getEngine(certRef.digestAlgUri);
byte[] actualDigest = messageDigest.digest(cert.getEncoded());
if (!Arrays.equals(certRef.digestValue, actualDigest))
throw new InvalidCertRefException("digests mismatch");
return;
} catch (UnsupportedAlgorithmException ex) {
t = ex;
} catch (CertificateEncodingException ex) {
t = ex;
}
throw new InvalidCertRefException(t.getMessage());
}
Also used :
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
MessageDigest(java.security.MessageDigest)
Example 9 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class TimeStampVerifierBase method verify.
@Override
public final QualifyingProperty verify(TData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
try {
TimeStampDigestInput digestInput = this.tsInputFactory.newTimeStampDigestInput(propData.getCanonicalizationAlgorithm());
QualifyingProperty prop = addPropSpecificTimeStampInputAndCreateProperty(propData, digestInput, ctx);
byte[] data = digestInput.getBytes();
/**
* Verify the time-stamp tokens on a time-stamp property data object. All
* the tokens are verified, but the returned time-stamp is from the last token.
*/
List<byte[]> tokens = propData.getTimeStampTokens();
Date ts = null;
for (byte[] tkn : tokens) {
ts = this.tsVerifier.verifyToken(tkn, data);
}
// By convention all timestamp property types have a setTime(Date) method
Method setTimeMethod = prop.getClass().getMethod("setTime", Date.class);
setTimeMethod.invoke(prop, ts);
return prop;
} catch (UnsupportedAlgorithmException ex) {
throw getEx(ex, this.propName);
} catch (CannotAddDataToDigestInputException ex) {
throw new TimeStampDigestInputException(this.propName, ex);
} catch (TimeStampTokenVerificationException ex) {
throw getEx(ex, this.propName);
} catch (Exception ex) {
// Exceptions related to setTimeMethod.invoke(...)
throw getEx(ex, this.propName);
}
}
Also used :
CannotAddDataToDigestInputException(xades4j.utils.CannotAddDataToDigestInputException)
TimeStampDigestInput(xades4j.utils.TimeStampDigestInput)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
QualifyingProperty(xades4j.properties.QualifyingProperty)
Method(java.lang.reflect.Method)
TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException)
Date(java.util.Date)
CannotAddDataToDigestInputException(xades4j.utils.CannotAddDataToDigestInputException)
TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException)
TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException)
TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)
Example 10 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class SignaturePolicyVerifier method verify.
@Override
public QualifyingProperty verify(SignaturePolicyData propData, QualifyingPropertyVerificationContext ctx) throws SignaturePolicyVerificationException {
ObjectIdentifier policyId = propData.getIdentifier();
if (null == policyId) {
return new SignaturePolicyImpliedProperty();
}
// Get the policy document
InputStream sigDocStream = this.policyDocumentProvider.getSignaturePolicyDocumentStream(policyId);
if (null == sigDocStream) {
throw new SignaturePolicyNotAvailableException(policyId, null);
}
try {
MessageDigest md = this.messageDigestProvider.getEngine(propData.getDigestAlgorithm());
byte[] sigDocDigest = MessageDigestUtils.digestStream(md, sigDocStream);
// Check the document digest.
if (!Arrays.equals(sigDocDigest, propData.getDigestValue())) {
throw new SignaturePolicyDigestMismatchException(policyId);
}
return new SignaturePolicyIdentifierProperty(policyId, sigDocStream).withLocationUrl(propData.getLocationUrl());
} catch (IOException ex) {
throw new SignaturePolicyNotAvailableException(policyId, ex);
} catch (UnsupportedAlgorithmException ex) {
throw new SignaturePolicyCannotDigestException(policyId, ex);
} finally {
try {
sigDocStream.close();
} catch (IOException ex) {
throw new SignaturePolicyNotAvailableException(policyId, ex);
}
}
}
Also used :
InputStream(java.io.InputStream)
SignaturePolicyIdentifierProperty(xades4j.properties.SignaturePolicyIdentifierProperty)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
SignaturePolicyImpliedProperty(xades4j.properties.SignaturePolicyImpliedProperty)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
ObjectIdentifier(xades4j.properties.ObjectIdentifier)
Aggregations
UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)15
MessageDigest (java.security.MessageDigest)8
IOException (java.io.IOException)6
Algorithm (xades4j.algorithms.Algorithm)4
X509Certificate (java.security.cert.X509Certificate)3
ArrayList (java.util.ArrayList)3
XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)3
Transforms (org.apache.xml.security.transforms.Transforms)3
BigInteger (java.math.BigInteger)2
CRLException (java.security.cert.CRLException)2
CertificateEncodingException (java.security.cert.CertificateEncodingException)2
CertificateException (java.security.cert.CertificateException)2
X509CRL (java.security.cert.X509CRL)2
ObjectContainer (org.apache.xml.security.signature.ObjectContainer)2
Reference (org.apache.xml.security.signature.Reference)2
Node (org.w3c.dom.Node)2
XAdES4jException (xades4j.XAdES4jException)2
DataObjectDesc (xades4j.properties.DataObjectDesc)2
CRLRef (xades4j.properties.data.CRLRef)2
TimeStampTokenDigestException (xades4j.providers.TimeStampTokenDigestException)2
