Examples with DataObjectDesc xades4j.properties.DataObjectDesc used on opensource projects

Example 6 with DataObjectDesc

use of xades4j.properties.DataObjectDesc in project xades4j by luisgoncalves.

the class SignerBESTest method testSignBESWithCounterSig.

@Test
public void testSignBESWithCounterSig() throws Exception {
    System.out.println("signBESWithCounterSig");
    Document doc = getTestDocument();
    Element elemToSign = doc.getDocumentElement();
    XadesBesSigningProfile profile = new XadesBesSigningProfile(keyingProviderMy);
    final XadesSigner counterSigner = profile.newSigner();
    profile.withSignaturePropertiesProvider(new SignaturePropertiesProvider() {

        @Override
        public void provideProperties(SignaturePropertiesCollector signedPropsCol) {
            signedPropsCol.addCounterSignature(new CounterSignatureProperty(counterSigner));
            signedPropsCol.setSignerRole(new SignerRoleProperty("CounterSignature maniac"));
        }
    });
    SignerBES signer = (SignerBES) profile.newSigner();
    DataObjectDesc obj1 = new DataObjectReference('#' + elemToSign.getAttribute("Id")).withTransform(new EnvelopedSignatureTransform());
    SignedDataObjects dataObjs = new SignedDataObjects().withSignedDataObject(obj1);
    signer.sign(dataObjs, elemToSign);
    outputDocument(doc, "document.signed.bes.cs.xml");
}

Example 7 with DataObjectDesc

use of xades4j.properties.DataObjectDesc in project xades4j by luisgoncalves.

the class SignedDataObjectsProcessor method process.

/**
 * Processes the signed data objects and adds the corresponding {@code Reference}s
 * and {@code Object}s to the signature. This method must be invoked before
 * adding any other {@code Reference}s to the signature.
 *
 * @return the reference mappings resulting from the data object descriptions.
 *
 * @throws UnsupportedAlgorithmException
 * @throws IllegalStateException if the signature already contains {@code Reference}s
 */
Map<DataObjectDesc, Reference> process(SignedDataObjects signedDataObjects, XMLSignature xmlSignature) throws UnsupportedAlgorithmException {
    if (xmlSignature.getSignedInfo().getLength() != 0) {
        throw new IllegalStateException("XMLSignature already contais references");
    }
    for (ResourceResolver resolver : signedDataObjects.getResourceResolvers()) {
        xmlSignature.addResourceResolver(resolver);
    }
    Collection<DataObjectDesc> dataObjsDescs = signedDataObjects.getDataObjectsDescs();
    Map<DataObjectDesc, Reference> referenceMappings = new IdentityHashMap<DataObjectDesc, Reference>(dataObjsDescs.size());
    String refUri, refType;
    Transforms transforms;
    String digestMethodUri = this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences();
    boolean hasNullURIReference = false;
    /**/
    try {
        for (DataObjectDesc dataObjDesc : dataObjsDescs) {
            transforms = processTransforms(dataObjDesc, xmlSignature.getDocument());
            if (dataObjDesc instanceof DataObjectReference) {
                // If the data object info is a DataObjectReference, the Reference uri
                // and type are the ones specified on the object.
                DataObjectReference dataObjRef = (DataObjectReference) dataObjDesc;
                refUri = dataObjRef.getUri();
                refType = dataObjRef.getType();
            } else if (dataObjDesc instanceof EnvelopedXmlObject) {
                // If the data object info is a EnvelopedXmlObject we need to create a
                // XMLObject to embed it. The Reference uri will refer the new
                // XMLObject's id.
                EnvelopedXmlObject envXmlObj = (EnvelopedXmlObject) dataObjDesc;
                refUri = String.format("%s-object%d", xmlSignature.getId(), xmlSignature.getObjectLength());
                refType = Reference.OBJECT_URI;
                ObjectContainer xmlObj = new ObjectContainer(xmlSignature.getDocument());
                xmlObj.setId(refUri);
                xmlObj.appendChild(envXmlObj.getContent());
                xmlObj.setMimeType(envXmlObj.getMimeType());
                xmlObj.setEncoding(envXmlObj.getEncoding());
                xmlSignature.appendObject(xmlObj);
                refUri = '#' + refUri;
            } else if (dataObjDesc instanceof AnonymousDataObjectReference) {
                if (hasNullURIReference) {
                    // This shouldn't happen because SignedDataObjects does the validation.
                    throw new IllegalStateException("Multiple AnonymousDataObjectReference detected");
                }
                hasNullURIReference = true;
                refUri = refType = null;
                AnonymousDataObjectReference anonymousRef = (AnonymousDataObjectReference) dataObjDesc;
                xmlSignature.addResourceResolver(new ResolverAnonymous(anonymousRef.getDataStream()));
            } else {
                throw new ClassCastException("Unsupported SignedDataObjectDesc. Must be one of DataObjectReference, EnvelopedXmlObject and AnonymousDataObjectReference");
            }
            // Add the Reference. References need an ID because data object
            // properties may refer them.
            xmlSignature.addDocument(refUri, transforms, digestMethodUri, // id
            String.format("%s-ref%d", xmlSignature.getId(), referenceMappings.size()), refType);
            // SignedDataObjects doesn't allow repeated instances, so there's no
            // need to check for duplicate entries on the map.
            Reference ref = xmlSignature.getSignedInfo().item(referenceMappings.size());
            referenceMappings.put(dataObjDesc, ref);
        }
    } catch (XMLSignatureException ex) {
        // algorithm is not supported.
        throw new UnsupportedAlgorithmException("Digest algorithm not supported in the XML Signature provider", digestMethodUri, ex);
    } catch (org.apache.xml.security.exceptions.XMLSecurityException ex) {
        // when signing.
        throw new IllegalStateException(ex);
    }
    return Collections.unmodifiableMap(referenceMappings);
}

Example 8 with DataObjectDesc

use of xades4j.properties.DataObjectDesc in project xades4j by luisgoncalves.

the class SignerBES method sign.

@Override
public final XadesSignatureResult sign(SignedDataObjects signedDataObjects, Node referenceNode, SignatureAppendingStrategy appendingStrategy) throws XAdES4jException {
    if (null == referenceNode) {
        throw new NullPointerException("Reference node node cannot be null");
    }
    if (null == signedDataObjects) {
        throw new NullPointerException("References cannot be null");
    }
    if (signedDataObjects.isEmpty()) {
        throw new IllegalArgumentException("Data objects list is empty");
    }
    Document signatureDocument = DOMHelper.getOwnerDocument(referenceNode);
    // Generate unique identifiers for the Signature and the SignedProperties.
    String signatureId = String.format("xmldsig-%s", UUID.randomUUID());
    String signedPropsId = String.format("%s-signedprops", signatureId);
    // Signing certificate chain (may contain only the signing certificate).
    List<X509Certificate> signingCertificateChain = this.keyingProvider.getSigningCertificateChain();
    if (null == signingCertificateChain || signingCertificateChain.isEmpty()) {
        throw new SigningCertChainException("Signing certificate not provided");
    }
    X509Certificate signingCertificate = signingCertificateChain.get(0);
    // The XMLSignature (ds:Signature).
    XMLSignature signature = createSignature(signatureDocument, signedDataObjects.getBaseUri(), signingCertificate.getPublicKey().getAlgorithm());
    signature.setId(signatureId);
    /* References */
    // Process the data object descriptions to get the References and mappings.
    // After this call all the signed data objects References and XMLObjects
    // are added to the signature.
    Map<DataObjectDesc, Reference> referenceMappings = this.dataObjectDescsProcessor.process(signedDataObjects, signature);
    /* ds:KeyInfo */
    this.keyInfoBuilder.buildKeyInfo(signingCertificate, signature);
    /* QualifyingProperties element */
    // Create the QualifyingProperties element
    Element qualifyingPropsElem = ElementProxy.createElementForFamily(signature.getDocument(), QualifyingProperty.XADES_XMLNS, QualifyingProperty.QUALIFYING_PROPS_TAG);
    qualifyingPropsElem.setAttributeNS(null, QualifyingProperty.TARGET_ATTR, '#' + signatureId);
    qualifyingPropsElem.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:xades141", QualifyingProperty.XADESV141_XMLNS);
    // ds:Object to contain QualifyingProperties
    ObjectContainer qPropsXmlObj = new ObjectContainer(signature.getDocument());
    qPropsXmlObj.appendChild(qualifyingPropsElem);
    try {
        signature.appendObject(qPropsXmlObj);
    } catch (XMLSignatureException ex) {
        // -> xmlSignature.appendObject(xmlObj): not thrown when signing.
        throw new IllegalStateException(ex);
    }
    /* Collect the properties */
    // Get the format specific signature properties.
    Collection<SignedSignatureProperty> fsssp = new ArrayList<SignedSignatureProperty>(2);
    Collection<UnsignedSignatureProperty> fsusp = new ArrayList<UnsignedSignatureProperty>(2);
    getFormatSpecificSignatureProperties(fsssp, fsusp, signingCertificateChain);
    // Gather all the signature and data objects properties.
    QualifyingProperties qualifProps = qualifPropsProcessor.getQualifyingProperties(signedDataObjects, fsssp, fsusp);
    try {
        // The signature needs to be appended to the document from now on because
        // property data generation may need to dereference same-document data
        // object references.
        appendingStrategy.append(signature.getElement(), referenceNode);
        /* Signed properties */
        // Create the context for signed properties data objects generation.
        PropertiesDataGenerationContext propsDataGenCtx = new PropertiesDataGenerationContext(signedDataObjects.getDataObjectsDescs(), referenceMappings, signatureDocument);
        // Generate the signed properties data objects. The data objects structure
        // is verifier in the process.
        SigAndDataObjsPropertiesData signedPropsData = this.propsDataObjectsGenerator.generateSignedPropertiesData(qualifProps.getSignedProperties(), propsDataGenCtx);
        // Marshal the signed properties data to the QualifyingProperties node.
        this.signedPropsMarshaller.marshal(signedPropsData, qualifyingPropsElem);
        Element signedPropsElem = DOMHelper.getFirstChildElement(qualifyingPropsElem);
        DOMHelper.setIdAsXmlId(signedPropsElem, signedPropsId);
        // SignedProperties reference
        // XAdES 6.3.1: "In order to protect the properties with the signature,
        // a ds:Reference element MUST be added to the XMLDSIG signature (...)
        // composed in such a way that it uses the SignedProperties element (...)
        // as the input for computing its corresponding digest. Additionally,
        // (...) use the Type attribute of this particular ds:Reference element,
        // with its value set to: http://uri.etsi.org/01903#SignedProperties."
        String digestAlgUri = algorithmsProvider.getDigestAlgorithmForDataObjsReferences();
        if (StringUtils.isNullOrEmptyString(digestAlgUri)) {
            throw new NullPointerException("Digest algorithm URI not provided");
        }
        // Use same canonicalization URI as specified in the ds:CanonicalizationMethod for Signature.
        Algorithm canonAlg = this.algorithmsProvider.getCanonicalizationAlgorithmForSignature();
        try {
            CanonicalizerUtils.checkC14NAlgorithm(canonAlg);
            Transforms transforms = TransformUtils.createTransforms(canonAlg, this.algorithmsParametersMarshaller, signatureDocument);
            signature.addDocument('#' + signedPropsId, transforms, digestAlgUri, null, QualifyingProperty.SIGNED_PROPS_TYPE_URI);
        } catch (XMLSignatureException ex) {
            // shouldn't be thrown now!
            throw new UnsupportedAlgorithmException("Digest algorithm not supported in the XML Signature provider", digestAlgUri, ex);
        }
        // Apply the signature
        try {
            PrivateKey signingKey = keyingProvider.getSigningKey(signingCertificate);
            signature.sign(signingKey);
        } catch (XMLSignatureException ex) {
            throw new XAdES4jXMLSigException(ex.getMessage(), ex);
        }
        // Set the ds:SignatureValue id.
        Element sigValueElem = DOMHelper.getFirstDescendant(signature.getElement(), Constants.SignatureSpecNS, Constants._TAG_SIGNATUREVALUE);
        DOMHelper.setIdAsXmlId(sigValueElem, String.format("%s-sigvalue", signatureId));
        /* Marshal unsigned properties */
        // Generate the unsigned properties data objects. The data objects structure
        // is verifier in the process.
        propsDataGenCtx.setTargetXmlSignature(signature);
        SigAndDataObjsPropertiesData unsignedPropsData = this.propsDataObjectsGenerator.generateUnsignedPropertiesData(qualifProps.getUnsignedProperties(), propsDataGenCtx);
        // Marshal the unsigned properties to the final QualifyingProperties node.
        this.unsignedPropsMarshaller.marshal(unsignedPropsData, qualifyingPropsElem);
    } catch (XAdES4jException ex) {
        appendingStrategy.revert(signature.getElement(), referenceNode);
        throw ex;
    }
    return new XadesSignatureResult(signature, qualifProps);
}

Example 9 with DataObjectDesc

use of xades4j.properties.DataObjectDesc in project xades4j by luisgoncalves.

the class DataGenCommitmentType method generatePropertyData.

@Override
public PropertyDataObject generatePropertyData(CommitmentTypeProperty prop, PropertiesDataGenerationContext ctx) {
    CommitmentTypeData commTypeData = new CommitmentTypeData(prop.getUri(), prop.getDescription());
    /* One ObjectReference element refers to one ds:Reference element of the
         * ds:SignedInfo corresponding with one data object qualified by this
         * property. If some but not all the signed data objects share the same
         * commitment, one ObjectReference element MUST appear for each one of
         * them. However, if all the signed data objects share the same commitment,
         * the AllSignedDataObjects empty element MUST be present.
         */
    Collection<DataObjectDesc> targets = prop.getTargetDataObjects();
    Map<DataObjectDesc, Reference> referencesMappings = ctx.getReferencesMappings();
    for (DataObjectDesc obj : targets) {
        // The ObjectReference refers the Reference element. This assumes
        // that the QualifyingProperties are in the signature's document.
        commTypeData.addObjReferences('#' + referencesMappings.get(obj).getId());
    }
    commTypeData.setQualifiers(prop.getQualifiers());
    return commTypeData;
}

Example 10 with DataObjectDesc

use of xades4j.properties.DataObjectDesc in project xades4j by luisgoncalves.

the class DataGenDataObjFormat method generatePropertyData.

@Override
public PropertyDataObject generatePropertyData(DataObjectFormatProperty prop, PropertiesDataGenerationContext ctx) {
    // DataObjectFormat applies to a single data object. The mandatory ObjectReference
    // attribute MUST reference the ds:Reference element of the ds:Signature
    // corresponding with the data object qualified by this property.
    // This assumes that the QualifyingProperties are in the signature's document.
    DataObjectDesc targetDataObjInfo = prop.getTargetDataObjects().iterator().next();
    String objRef = '#' + ctx.getReferencesMappings().get(targetDataObjInfo).getId();
    DataObjectFormatData dataObjFormatData = new DataObjectFormatData(objRef);
    dataObjFormatData.setMimeType(prop.getMimeType());
    dataObjFormatData.setEncoding(prop.getEncoding());
    dataObjFormatData.setDescription(prop.getDescription());
    dataObjFormatData.setIdentifier(prop.getIdentifier());
    dataObjFormatData.setDocumentationUris(prop.getDocumentationUris());
    return dataObjFormatData;
}