Search in sources :

Example 6 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class DefaultTimeStampVerificationProvider method verifyToken.

@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
    TimeStampToken tsToken;
    try {
        ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
        ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
        asn1is.close();
        tsToken = new TimeStampToken(tsContentInfo);
    } catch (IOException ex) {
        throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
    } catch (TSPException ex) {
        throw new TimeStampTokenStructureException("Invalid token", ex);
    }
    X509Certificate tsaCert = null;
    try {
        /* Validate the TSA certificate */
        LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
        for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
            certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
        }
        ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
        tsaCert = vData.getCerts().get(0);
    } catch (CertificateException ex) {
        throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
    } catch (XAdES4jException ex) {
        throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
    }
    try {
        tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
    } catch (TSPValidationException ex) {
        throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
    } catch (Exception ex) {
        throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
    }
    org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
    try {
        String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
        MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
        if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
            throw new TimeStampTokenDigestException();
        }
    } catch (UnsupportedAlgorithmException ex) {
        throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
    }
    return tsTokenInfo.getGenTime();
}
Also used : CertificateException(java.security.cert.CertificateException) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) XAdES4jException(xades4j.XAdES4jException) TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException) MessageDigest(java.security.MessageDigest) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException) TSPValidationException(org.bouncycastle.tsp.TSPValidationException) TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) LinkedList(java.util.LinkedList) TSPValidationException(org.bouncycastle.tsp.TSPValidationException) XAdES4jException(xades4j.XAdES4jException) TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException) TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException) TSPException(org.bouncycastle.tsp.TSPException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException) ValidationData(xades4j.providers.ValidationData) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TSPException(org.bouncycastle.tsp.TSPException) TimeStampToken(org.bouncycastle.tsp.TimeStampToken)

Example 7 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class CompleteRevocRefsVerifier method verify.

@Override
public QualifyingProperty verify(CompleteRevocationRefsData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
    Collection<X509CRL> crls = ctx.getCertChainData().getCrls();
    Collection<CRLRef> crlRefs = new ArrayList<CRLRef>(propData.getCrlRefs());
    if (crls.isEmpty())
        throw new CompleteRevocRefsCRLsNotAvailableException();
    for (X509CRL crl : crls) {
        CRLRef match = null;
        for (CRLRef crlRef : crlRefs) {
            // Check issuer and issue time.
            if (!crl.getIssuerX500Principal().equals(new X500Principal(crlRef.issuerDN)) || !crl.getThisUpdate().equals(crlRef.issueTime.getTime()))
                continue;
            try {
                // Check CRL number, if present.
                if (crlRef.serialNumber != null) {
                    BigInteger crlNum = CrlExtensionsUtils.getCrlNumber(crl);
                    if (crlNum != null && !crlRef.serialNumber.equals(crlNum))
                        continue;
                }
                // Check digest value.
                MessageDigest md = this.digestEngineProvider.getEngine(crlRef.digestAlgUri);
                if (Arrays.equals(md.digest(crl.getEncoded()), crlRef.digestValue)) {
                    match = crlRef;
                    break;
                }
            } catch (IOException ex) {
                throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
            } catch (CRLException ex) {
                throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
            } catch (UnsupportedAlgorithmException ex) {
                throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
            }
        }
        if (null == match)
            throw new CompleteRevocRefsReferenceException(crl, "no matching reference");
        crlRefs.remove(match);
    }
    return new CompleteRevocationRefsProperty(crls);
}
Also used : X509CRL(java.security.cert.X509CRL) ArrayList(java.util.ArrayList) CRLRef(xades4j.properties.data.CRLRef) IOException(java.io.IOException) CompleteRevocationRefsProperty(xades4j.properties.CompleteRevocationRefsProperty) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) MessageDigest(java.security.MessageDigest) CRLException(java.security.cert.CRLException)

Example 8 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class CertRefUtils method checkCertRef.

static void checkCertRef(CertRef certRef, X509Certificate cert, MessageDigestEngineProvider messageDigestProvider) throws InvalidCertRefException {
    MessageDigest messageDigest;
    Throwable t = null;
    try {
        messageDigest = messageDigestProvider.getEngine(certRef.digestAlgUri);
        byte[] actualDigest = messageDigest.digest(cert.getEncoded());
        if (!Arrays.equals(certRef.digestValue, actualDigest))
            throw new InvalidCertRefException("digests mismatch");
        return;
    } catch (UnsupportedAlgorithmException ex) {
        t = ex;
    } catch (CertificateEncodingException ex) {
        t = ex;
    }
    throw new InvalidCertRefException(t.getMessage());
}
Also used : UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) MessageDigest(java.security.MessageDigest)

Example 9 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class TimeStampVerifierBase method verify.

@Override
public final QualifyingProperty verify(TData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
    try {
        TimeStampDigestInput digestInput = this.tsInputFactory.newTimeStampDigestInput(propData.getCanonicalizationAlgorithm());
        QualifyingProperty prop = addPropSpecificTimeStampInputAndCreateProperty(propData, digestInput, ctx);
        byte[] data = digestInput.getBytes();
        /**
         * Verify the time-stamp tokens on a time-stamp property data object. All
         * the tokens are verified, but the returned time-stamp is from the last token.
         */
        List<byte[]> tokens = propData.getTimeStampTokens();
        Date ts = null;
        for (byte[] tkn : tokens) {
            ts = this.tsVerifier.verifyToken(tkn, data);
        }
        // By convention all timestamp property types have a setTime(Date) method
        Method setTimeMethod = prop.getClass().getMethod("setTime", Date.class);
        setTimeMethod.invoke(prop, ts);
        return prop;
    } catch (UnsupportedAlgorithmException ex) {
        throw getEx(ex, this.propName);
    } catch (CannotAddDataToDigestInputException ex) {
        throw new TimeStampDigestInputException(this.propName, ex);
    } catch (TimeStampTokenVerificationException ex) {
        throw getEx(ex, this.propName);
    } catch (Exception ex) {
        // Exceptions related to setTimeMethod.invoke(...)
        throw getEx(ex, this.propName);
    }
}
Also used : CannotAddDataToDigestInputException(xades4j.utils.CannotAddDataToDigestInputException) TimeStampDigestInput(xades4j.utils.TimeStampDigestInput) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) QualifyingProperty(xades4j.properties.QualifyingProperty) Method(java.lang.reflect.Method) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) Date(java.util.Date) CannotAddDataToDigestInputException(xades4j.utils.CannotAddDataToDigestInputException) TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)

Example 10 with UnsupportedAlgorithmException

use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.

the class SignaturePolicyVerifier method verify.

@Override
public QualifyingProperty verify(SignaturePolicyData propData, QualifyingPropertyVerificationContext ctx) throws SignaturePolicyVerificationException {
    ObjectIdentifier policyId = propData.getIdentifier();
    if (null == policyId) {
        return new SignaturePolicyImpliedProperty();
    }
    // Get the policy document
    InputStream sigDocStream = this.policyDocumentProvider.getSignaturePolicyDocumentStream(policyId);
    if (null == sigDocStream) {
        throw new SignaturePolicyNotAvailableException(policyId, null);
    }
    try {
        MessageDigest md = this.messageDigestProvider.getEngine(propData.getDigestAlgorithm());
        byte[] sigDocDigest = MessageDigestUtils.digestStream(md, sigDocStream);
        // Check the document digest.
        if (!Arrays.equals(sigDocDigest, propData.getDigestValue())) {
            throw new SignaturePolicyDigestMismatchException(policyId);
        }
        return new SignaturePolicyIdentifierProperty(policyId, sigDocStream).withLocationUrl(propData.getLocationUrl());
    } catch (IOException ex) {
        throw new SignaturePolicyNotAvailableException(policyId, ex);
    } catch (UnsupportedAlgorithmException ex) {
        throw new SignaturePolicyCannotDigestException(policyId, ex);
    } finally {
        try {
            sigDocStream.close();
        } catch (IOException ex) {
            throw new SignaturePolicyNotAvailableException(policyId, ex);
        }
    }
}
Also used : InputStream(java.io.InputStream) SignaturePolicyIdentifierProperty(xades4j.properties.SignaturePolicyIdentifierProperty) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) SignaturePolicyImpliedProperty(xades4j.properties.SignaturePolicyImpliedProperty) IOException(java.io.IOException) MessageDigest(java.security.MessageDigest) ObjectIdentifier(xades4j.properties.ObjectIdentifier)

Aggregations

UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)15 MessageDigest (java.security.MessageDigest)8 IOException (java.io.IOException)6 Algorithm (xades4j.algorithms.Algorithm)4 X509Certificate (java.security.cert.X509Certificate)3 ArrayList (java.util.ArrayList)3 XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)3 Transforms (org.apache.xml.security.transforms.Transforms)3 BigInteger (java.math.BigInteger)2 CRLException (java.security.cert.CRLException)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 CertificateException (java.security.cert.CertificateException)2 X509CRL (java.security.cert.X509CRL)2 ObjectContainer (org.apache.xml.security.signature.ObjectContainer)2 Reference (org.apache.xml.security.signature.Reference)2 Node (org.w3c.dom.Node)2 XAdES4jException (xades4j.XAdES4jException)2 DataObjectDesc (xades4j.properties.DataObjectDesc)2 CRLRef (xades4j.properties.data.CRLRef)2 TimeStampTokenDigestException (xades4j.providers.TimeStampTokenDigestException)2