Example 11 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class ToXmlBaseTimeStampConverter method convertIntoObjectTree.
@Override
public final void convertIntoObjectTree(PropertyDataObject propData, TXml xmlProps, Document doc) {
TData tsData = (TData) propData;
XmlXAdESTimeStampType xmlTimeStamp = new XmlXAdESTimeStampType();
// Canonicalization method
XmlCanonicalizationMethodType xmlCanon = new XmlCanonicalizationMethodType();
xmlTimeStamp.setCanonicalizationMethod(xmlCanon);
Algorithm c14n = tsData.getCanonicalizationAlgorithm();
xmlCanon.setAlgorithm(c14n.getUri());
try {
List<Node> c14nParams = this.algorithmsParametersMarshallingProvider.marshalParameters(c14n, doc);
if (c14nParams != null) {
xmlCanon.getContent().addAll(c14nParams);
}
} catch (UnsupportedAlgorithmException ex) {
// Do not throw any specific exception for now.
throw new IllegalArgumentException("Cannot marshall algorithm parameters", ex);
}
// Time-stamp tokens
List<byte[]> tsTokens = tsData.getTimeStampTokens();
List<Object> xmlTSTokens = xmlTimeStamp.getEncapsulatedTimeStampOrXMLTimeStamp();
for (byte[] tsToken : tsTokens) {
XmlEncapsulatedPKIDataType xmlTSTkn = new XmlEncapsulatedPKIDataType();
xmlTSTkn.setValue(tsToken);
xmlTSTokens.add(xmlTSTkn);
}
insertIntoObjectTree(xmlTimeStamp, xmlProps, tsData);
}
Also used :
Node(org.w3c.dom.Node)
Algorithm(xades4j.algorithms.Algorithm)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
XmlEncapsulatedPKIDataType(xades4j.xml.bind.xades.XmlEncapsulatedPKIDataType)
XmlXAdESTimeStampType(xades4j.xml.bind.xades.XmlXAdESTimeStampType)
PropertyDataObject(xades4j.properties.data.PropertyDataObject)
XmlCanonicalizationMethodType(xades4j.xml.bind.xmldsig.XmlCanonicalizationMethodType)
Example 12 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class AlgorithmsParametersMarshallingProviderImpl method marshalParameters.
@Override
public List<Node> marshalParameters(Algorithm alg, Document doc) throws UnsupportedAlgorithmException {
AlgorithmParametersMarshaller marshaller;
try {
ParameterizedType pt = Types.newParameterizedType(AlgorithmParametersMarshaller.class, alg.getClass());
marshaller = (AlgorithmParametersMarshaller) injector.getInstance(Key.get(TypeLiteral.get(pt)));
} catch (RuntimeException ex) {
throw new UnsupportedAlgorithmException("AlgorithmParametersMarshaller not available", alg.getUri(), ex);
}
List<Node> params = marshaller.marshalParameters(alg, doc);
if (params != null && params.isEmpty()) {
throw new IllegalArgumentException(String.format("Parameter marshaller returned empty parameter list for algorithm %s", alg.getUri()));
}
return params;
}
Also used :
ParameterizedType(java.lang.reflect.ParameterizedType)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
Node(org.w3c.dom.Node)
Example 13 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class SignedDataObjectsProcessor method process.
/**
* Processes the signed data objects and adds the corresponding {@code Reference}s
* and {@code Object}s to the signature. This method must be invoked before
* adding any other {@code Reference}s to the signature.
*
* @return the reference mappings resulting from the data object descriptions.
*
* @throws UnsupportedAlgorithmException
* @throws IllegalStateException if the signature already contains {@code Reference}s
*/
Map<DataObjectDesc, Reference> process(SignedDataObjects signedDataObjects, XMLSignature xmlSignature) throws UnsupportedAlgorithmException {
if (xmlSignature.getSignedInfo().getLength() != 0) {
throw new IllegalStateException("XMLSignature already contais references");
}
for (ResourceResolver resolver : signedDataObjects.getResourceResolvers()) {
xmlSignature.addResourceResolver(resolver);
}
Collection<DataObjectDesc> dataObjsDescs = signedDataObjects.getDataObjectsDescs();
Map<DataObjectDesc, Reference> referenceMappings = new IdentityHashMap<DataObjectDesc, Reference>(dataObjsDescs.size());
String refUri, refType;
Transforms transforms;
String digestMethodUri = this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences();
boolean hasNullURIReference = false;
/**/
try {
for (DataObjectDesc dataObjDesc : dataObjsDescs) {
transforms = processTransforms(dataObjDesc, xmlSignature.getDocument());
if (dataObjDesc instanceof DataObjectReference) {
// If the data object info is a DataObjectReference, the Reference uri
// and type are the ones specified on the object.
DataObjectReference dataObjRef = (DataObjectReference) dataObjDesc;
refUri = dataObjRef.getUri();
refType = dataObjRef.getType();
} else if (dataObjDesc instanceof EnvelopedXmlObject) {
// If the data object info is a EnvelopedXmlObject we need to create a
// XMLObject to embed it. The Reference uri will refer the new
// XMLObject's id.
EnvelopedXmlObject envXmlObj = (EnvelopedXmlObject) dataObjDesc;
refUri = String.format("%s-object%d", xmlSignature.getId(), xmlSignature.getObjectLength());
refType = Reference.OBJECT_URI;
ObjectContainer xmlObj = new ObjectContainer(xmlSignature.getDocument());
xmlObj.setId(refUri);
xmlObj.appendChild(envXmlObj.getContent());
xmlObj.setMimeType(envXmlObj.getMimeType());
xmlObj.setEncoding(envXmlObj.getEncoding());
xmlSignature.appendObject(xmlObj);
refUri = '#' + refUri;
} else if (dataObjDesc instanceof AnonymousDataObjectReference) {
if (hasNullURIReference) {
// This shouldn't happen because SignedDataObjects does the validation.
throw new IllegalStateException("Multiple AnonymousDataObjectReference detected");
}
hasNullURIReference = true;
refUri = refType = null;
AnonymousDataObjectReference anonymousRef = (AnonymousDataObjectReference) dataObjDesc;
xmlSignature.addResourceResolver(new ResolverAnonymous(anonymousRef.getDataStream()));
} else {
throw new ClassCastException("Unsupported SignedDataObjectDesc. Must be one of DataObjectReference, EnvelopedXmlObject and AnonymousDataObjectReference");
}
// Add the Reference. References need an ID because data object
// properties may refer them.
xmlSignature.addDocument(refUri, transforms, digestMethodUri, // id
String.format("%s-ref%d", xmlSignature.getId(), referenceMappings.size()), refType);
// SignedDataObjects doesn't allow repeated instances, so there's no
// need to check for duplicate entries on the map.
Reference ref = xmlSignature.getSignedInfo().item(referenceMappings.size());
referenceMappings.put(dataObjDesc, ref);
}
} catch (XMLSignatureException ex) {
// algorithm is not supported.
throw new UnsupportedAlgorithmException("Digest algorithm not supported in the XML Signature provider", digestMethodUri, ex);
} catch (org.apache.xml.security.exceptions.XMLSecurityException ex) {
// when signing.
throw new IllegalStateException(ex);
}
return Collections.unmodifiableMap(referenceMappings);
}
Also used :
Reference(org.apache.xml.security.signature.Reference)
IdentityHashMap(java.util.IdentityHashMap)
Transforms(org.apache.xml.security.transforms.Transforms)
ResolverAnonymous(org.apache.xml.security.utils.resolver.implementations.ResolverAnonymous)
DataObjectDesc(xades4j.properties.DataObjectDesc)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
ResourceResolver(org.apache.xml.security.utils.resolver.ResourceResolver)
ObjectContainer(org.apache.xml.security.signature.ObjectContainer)
XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException)
Example 14 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class SignerBES method sign.
@Override
public final XadesSignatureResult sign(SignedDataObjects signedDataObjects, Node referenceNode, SignatureAppendingStrategy appendingStrategy) throws XAdES4jException {
if (null == referenceNode) {
throw new NullPointerException("Reference node node cannot be null");
}
if (null == signedDataObjects) {
throw new NullPointerException("References cannot be null");
}
if (signedDataObjects.isEmpty()) {
throw new IllegalArgumentException("Data objects list is empty");
}
Document signatureDocument = DOMHelper.getOwnerDocument(referenceNode);
// Generate unique identifiers for the Signature and the SignedProperties.
String signatureId = String.format("xmldsig-%s", UUID.randomUUID());
String signedPropsId = String.format("%s-signedprops", signatureId);
// Signing certificate chain (may contain only the signing certificate).
List<X509Certificate> signingCertificateChain = this.keyingProvider.getSigningCertificateChain();
if (null == signingCertificateChain || signingCertificateChain.isEmpty()) {
throw new SigningCertChainException("Signing certificate not provided");
}
X509Certificate signingCertificate = signingCertificateChain.get(0);
// The XMLSignature (ds:Signature).
XMLSignature signature = createSignature(signatureDocument, signedDataObjects.getBaseUri(), signingCertificate.getPublicKey().getAlgorithm());
signature.setId(signatureId);
/* References */
// Process the data object descriptions to get the References and mappings.
// After this call all the signed data objects References and XMLObjects
// are added to the signature.
Map<DataObjectDesc, Reference> referenceMappings = this.dataObjectDescsProcessor.process(signedDataObjects, signature);
/* ds:KeyInfo */
this.keyInfoBuilder.buildKeyInfo(signingCertificate, signature);
/* QualifyingProperties element */
// Create the QualifyingProperties element
Element qualifyingPropsElem = ElementProxy.createElementForFamily(signature.getDocument(), QualifyingProperty.XADES_XMLNS, QualifyingProperty.QUALIFYING_PROPS_TAG);
qualifyingPropsElem.setAttributeNS(null, QualifyingProperty.TARGET_ATTR, '#' + signatureId);
qualifyingPropsElem.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:xades141", QualifyingProperty.XADESV141_XMLNS);
// ds:Object to contain QualifyingProperties
ObjectContainer qPropsXmlObj = new ObjectContainer(signature.getDocument());
qPropsXmlObj.appendChild(qualifyingPropsElem);
try {
signature.appendObject(qPropsXmlObj);
} catch (XMLSignatureException ex) {
// -> xmlSignature.appendObject(xmlObj): not thrown when signing.
throw new IllegalStateException(ex);
}
/* Collect the properties */
// Get the format specific signature properties.
Collection<SignedSignatureProperty> fsssp = new ArrayList<SignedSignatureProperty>(2);
Collection<UnsignedSignatureProperty> fsusp = new ArrayList<UnsignedSignatureProperty>(2);
getFormatSpecificSignatureProperties(fsssp, fsusp, signingCertificateChain);
// Gather all the signature and data objects properties.
QualifyingProperties qualifProps = qualifPropsProcessor.getQualifyingProperties(signedDataObjects, fsssp, fsusp);
try {
// The signature needs to be appended to the document from now on because
// property data generation may need to dereference same-document data
// object references.
appendingStrategy.append(signature.getElement(), referenceNode);
/* Signed properties */
// Create the context for signed properties data objects generation.
PropertiesDataGenerationContext propsDataGenCtx = new PropertiesDataGenerationContext(signedDataObjects.getDataObjectsDescs(), referenceMappings, signatureDocument);
// Generate the signed properties data objects. The data objects structure
// is verifier in the process.
SigAndDataObjsPropertiesData signedPropsData = this.propsDataObjectsGenerator.generateSignedPropertiesData(qualifProps.getSignedProperties(), propsDataGenCtx);
// Marshal the signed properties data to the QualifyingProperties node.
this.signedPropsMarshaller.marshal(signedPropsData, qualifyingPropsElem);
Element signedPropsElem = DOMHelper.getFirstChildElement(qualifyingPropsElem);
DOMHelper.setIdAsXmlId(signedPropsElem, signedPropsId);
// SignedProperties reference
// XAdES 6.3.1: "In order to protect the properties with the signature,
// a ds:Reference element MUST be added to the XMLDSIG signature (...)
// composed in such a way that it uses the SignedProperties element (...)
// as the input for computing its corresponding digest. Additionally,
// (...) use the Type attribute of this particular ds:Reference element,
// with its value set to: http://uri.etsi.org/01903#SignedProperties."
String digestAlgUri = algorithmsProvider.getDigestAlgorithmForDataObjsReferences();
if (StringUtils.isNullOrEmptyString(digestAlgUri)) {
throw new NullPointerException("Digest algorithm URI not provided");
}
// Use same canonicalization URI as specified in the ds:CanonicalizationMethod for Signature.
Algorithm canonAlg = this.algorithmsProvider.getCanonicalizationAlgorithmForSignature();
try {
CanonicalizerUtils.checkC14NAlgorithm(canonAlg);
Transforms transforms = TransformUtils.createTransforms(canonAlg, this.algorithmsParametersMarshaller, signatureDocument);
signature.addDocument('#' + signedPropsId, transforms, digestAlgUri, null, QualifyingProperty.SIGNED_PROPS_TYPE_URI);
} catch (XMLSignatureException ex) {
// shouldn't be thrown now!
throw new UnsupportedAlgorithmException("Digest algorithm not supported in the XML Signature provider", digestAlgUri, ex);
}
// Apply the signature
try {
PrivateKey signingKey = keyingProvider.getSigningKey(signingCertificate);
signature.sign(signingKey);
} catch (XMLSignatureException ex) {
throw new XAdES4jXMLSigException(ex.getMessage(), ex);
}
// Set the ds:SignatureValue id.
Element sigValueElem = DOMHelper.getFirstDescendant(signature.getElement(), Constants.SignatureSpecNS, Constants._TAG_SIGNATUREVALUE);
DOMHelper.setIdAsXmlId(sigValueElem, String.format("%s-sigvalue", signatureId));
/* Marshal unsigned properties */
// Generate the unsigned properties data objects. The data objects structure
// is verifier in the process.
propsDataGenCtx.setTargetXmlSignature(signature);
SigAndDataObjsPropertiesData unsignedPropsData = this.propsDataObjectsGenerator.generateUnsignedPropertiesData(qualifProps.getUnsignedProperties(), propsDataGenCtx);
// Marshal the unsigned properties to the final QualifyingProperties node.
this.unsignedPropsMarshaller.marshal(unsignedPropsData, qualifyingPropsElem);
} catch (XAdES4jException ex) {
appendingStrategy.revert(signature.getElement(), referenceNode);
throw ex;
}
return new XadesSignatureResult(signature, qualifProps);
}
Also used :
PrivateKey(java.security.PrivateKey)
SigningCertChainException(xades4j.providers.SigningCertChainException)
Element(org.w3c.dom.Element)
Transforms(org.apache.xml.security.transforms.Transforms)
ArrayList(java.util.ArrayList)
Document(org.w3c.dom.Document)
DataObjectDesc(xades4j.properties.DataObjectDesc)
SigAndDataObjsPropertiesData(xades4j.properties.data.SigAndDataObjsPropertiesData)
XAdES4jXMLSigException(xades4j.XAdES4jXMLSigException)
XAdES4jException(xades4j.XAdES4jException)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Reference(org.apache.xml.security.signature.Reference)
QualifyingProperties(xades4j.properties.QualifyingProperties)
SignedSignatureProperty(xades4j.properties.SignedSignatureProperty)
Algorithm(xades4j.algorithms.Algorithm)
X509Certificate(java.security.cert.X509Certificate)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
UnsignedSignatureProperty(xades4j.properties.UnsignedSignatureProperty)
ObjectContainer(org.apache.xml.security.signature.ObjectContainer)
XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException)
Example 15 with UnsupportedAlgorithmException
use of xades4j.UnsupportedAlgorithmException in project xades4j by luisgoncalves.
the class AbstractTimeStampTokenProvider method getTimeStampToken.
@Override
public final TimeStampTokenRes getTimeStampToken(byte[] tsDigestInput, String digestAlgUri) throws TimeStampTokenGenerationException {
byte[] digest;
try {
MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
digest = md.digest(tsDigestInput);
} catch (UnsupportedAlgorithmException ex) {
throw new TimeStampTokenGenerationException("Digest algorithm not supported", ex);
}
TimeStampRequest tsRequest = this.tsRequestGenerator.generate(identifierForDigest(digestAlgUri), digest, BigInteger.valueOf(System.currentTimeMillis()));
TimeStampResponse tsResponse = getTimeStampResponse(tsRequest);
if (tsResponse.getStatus() != PKIStatus.GRANTED && tsResponse.getStatus() != PKIStatus.GRANTED_WITH_MODS) {
throw new TimeStampTokenGenerationException("Time stamp token not granted. " + tsResponse.getStatusString());
}
try {
tsResponse.validate(tsRequest);
} catch (TSPException ex) {
throw new TimeStampTokenGenerationException("Invalid time stamp response", ex);
}
TimeStampToken tsToken = tsResponse.getTimeStampToken();
TimeStampTokenRes tsTokenRes;
try {
tsTokenRes = new TimeStampTokenRes(tsToken.getEncoded(), tsToken.getTimeStampInfo().getGenTime());
} catch (IOException ex) {
throw new TimeStampTokenGenerationException("Encoding error", ex);
}
return tsTokenRes;
}
Also used :
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
TimeStampTokenGenerationException(xades4j.providers.TimeStampTokenGenerationException)
Aggregations
UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)15
MessageDigest (java.security.MessageDigest)8
IOException (java.io.IOException)6
Algorithm (xades4j.algorithms.Algorithm)4
X509Certificate (java.security.cert.X509Certificate)3
ArrayList (java.util.ArrayList)3
XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)3
Transforms (org.apache.xml.security.transforms.Transforms)3
BigInteger (java.math.BigInteger)2
CRLException (java.security.cert.CRLException)2
CertificateEncodingException (java.security.cert.CertificateEncodingException)2
CertificateException (java.security.cert.CertificateException)2
X509CRL (java.security.cert.X509CRL)2
ObjectContainer (org.apache.xml.security.signature.ObjectContainer)2
Reference (org.apache.xml.security.signature.Reference)2
Node (org.w3c.dom.Node)2
XAdES4jException (xades4j.XAdES4jException)2
DataObjectDesc (xades4j.properties.DataObjectDesc)2
CRLRef (xades4j.properties.data.CRLRef)2
TimeStampTokenDigestException (xades4j.providers.TimeStampTokenDigestException)2
