use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class DefaultTimeStampVerificationProvider method verifyToken.
@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
TimeStampToken tsToken;
try {
ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
asn1is.close();
tsToken = new TimeStampToken(tsContentInfo);
} catch (IOException ex) {
throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
} catch (TSPException ex) {
throw new TimeStampTokenStructureException("Invalid token", ex);
}
X509Certificate tsaCert = null;
try {
/* Validate the TSA certificate */
LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
}
ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
tsaCert = vData.getCerts().get(0);
} catch (CertificateException ex) {
throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
} catch (XAdES4jException ex) {
throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
}
try {
tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
} catch (TSPValidationException ex) {
throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
} catch (Exception ex) {
throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
}
org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
try {
String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
throw new TimeStampTokenDigestException();
}
} catch (UnsupportedAlgorithmException ex) {
throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
}
return tsTokenInfo.getGenTime();
}
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class CompleteRevocRefsVerifier method verify.
@Override
public QualifyingProperty verify(CompleteRevocationRefsData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
Collection<X509CRL> crls = ctx.getCertChainData().getCrls();
Collection<CRLRef> crlRefs = new ArrayList<CRLRef>(propData.getCrlRefs());
if (crls.isEmpty())
throw new CompleteRevocRefsCRLsNotAvailableException();
for (X509CRL crl : crls) {
CRLRef match = null;
for (CRLRef crlRef : crlRefs) {
// Check issuer and issue time.
if (!crl.getIssuerX500Principal().equals(new X500Principal(crlRef.issuerDN)) || !crl.getThisUpdate().equals(crlRef.issueTime.getTime()))
continue;
try {
// Check CRL number, if present.
if (crlRef.serialNumber != null) {
BigInteger crlNum = CrlExtensionsUtils.getCrlNumber(crl);
if (crlNum != null && !crlRef.serialNumber.equals(crlNum))
continue;
}
// Check digest value.
MessageDigest md = this.digestEngineProvider.getEngine(crlRef.digestAlgUri);
if (Arrays.equals(md.digest(crl.getEncoded()), crlRef.digestValue)) {
match = crlRef;
break;
}
} catch (IOException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
} catch (CRLException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
} catch (UnsupportedAlgorithmException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
}
}
if (null == match)
throw new CompleteRevocRefsReferenceException(crl, "no matching reference");
crlRefs.remove(match);
}
return new CompleteRevocationRefsProperty(crls);
}
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class CertRefUtils method checkCertRef.
static void checkCertRef(CertRef certRef, X509Certificate cert, MessageDigestEngineProvider messageDigestProvider) throws InvalidCertRefException {
MessageDigest messageDigest;
Throwable t = null;
try {
messageDigest = messageDigestProvider.getEngine(certRef.digestAlgUri);
byte[] actualDigest = messageDigest.digest(cert.getEncoded());
if (!Arrays.equals(certRef.digestValue, actualDigest))
throw new InvalidCertRefException("digests mismatch");
return;
} catch (UnsupportedAlgorithmException ex) {
t = ex;
} catch (CertificateEncodingException ex) {
t = ex;
}
throw new InvalidCertRefException(t.getMessage());
}
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class TimeStampVerifierBase method verify.
@Override
public final QualifyingProperty verify(TData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
try {
TimeStampDigestInput digestInput = this.tsInputFactory.newTimeStampDigestInput(propData.getCanonicalizationAlgorithm());
QualifyingProperty prop = addPropSpecificTimeStampInputAndCreateProperty(propData, digestInput, ctx);
byte[] data = digestInput.getBytes();
/**
* Verify the time-stamp tokens on a time-stamp property data object. All
* the tokens are verified, but the returned time-stamp is from the last token.
*/
List<byte[]> tokens = propData.getTimeStampTokens();
Date ts = null;
for (byte[] tkn : tokens) {
ts = this.tsVerifier.verifyToken(tkn, data);
}
// By convention all timestamp property types have a setTime(Date) method
Method setTimeMethod = prop.getClass().getMethod("setTime", Date.class);
setTimeMethod.invoke(prop, ts);
return prop;
} catch (UnsupportedAlgorithmException ex) {
throw getEx(ex, this.propName);
} catch (CannotAddDataToDigestInputException ex) {
throw new TimeStampDigestInputException(this.propName, ex);
} catch (TimeStampTokenVerificationException ex) {
throw getEx(ex, this.propName);
} catch (Exception ex) {
// Exceptions related to setTimeMethod.invoke(...)
throw getEx(ex, this.propName);
}
}
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class SignaturePolicyVerifier method verify.
@Override
public QualifyingProperty verify(SignaturePolicyData propData, QualifyingPropertyVerificationContext ctx) throws SignaturePolicyVerificationException {
ObjectIdentifier policyId = propData.getIdentifier();
if (null == policyId) {
return new SignaturePolicyImpliedProperty();
}
// Get the policy document
InputStream sigDocStream = this.policyDocumentProvider.getSignaturePolicyDocumentStream(policyId);
if (null == sigDocStream) {
throw new SignaturePolicyNotAvailableException(policyId, null);
}
try {
MessageDigest md = this.messageDigestProvider.getEngine(propData.getDigestAlgorithm());
byte[] sigDocDigest = MessageDigestUtils.digestStream(md, sigDocStream);
// Check the document digest.
if (!Arrays.equals(sigDocDigest, propData.getDigestValue())) {
throw new SignaturePolicyDigestMismatchException(policyId);
}
return new SignaturePolicyIdentifierProperty(policyId, sigDocStream).withLocationUrl(propData.getLocationUrl());
} catch (IOException ex) {
throw new SignaturePolicyNotAvailableException(policyId, ex);
} catch (UnsupportedAlgorithmException ex) {
throw new SignaturePolicyCannotDigestException(policyId, ex);
} finally {
try {
sigDocStream.close();
} catch (IOException ex) {
throw new SignaturePolicyNotAvailableException(policyId, ex);
}
}
}
Aggregations