Search in sources :

Example 1 with QualifyingProperties

use of xades4j.properties.QualifyingProperties in project xades4j by luisgoncalves.

the class QualifyingPropertiesProcessor method getQualifyingProperties.

QualifyingProperties getQualifyingProperties(SignedDataObjects dataObjs, Collection<SignedSignatureProperty> formatSpecificSignedSigProps, Collection<UnsignedSignatureProperty> formatSpecificUnsignedSigProps) {
    /* **** Signature properties **** */
    // Collect the signature properties from the provider.
    SignaturePropertiesCollectorImpl signaturePropsCollector = new SignaturePropertiesCollectorImpl();
    sigPropsProvider.provideProperties(signaturePropsCollector);
    Collection<SignedSignatureProperty> collectedSignedSigProps = signaturePropsCollector.getSignedSigProps();
    Collection<SignedSignatureProperty> signedSigProps = new ArrayList<SignedSignatureProperty>(collectedSignedSigProps.size() + formatSpecificSignedSigProps.size());
    signedSigProps.addAll(collectedSignedSigProps);
    signedSigProps.addAll(formatSpecificSignedSigProps);
    Collection<UnsignedSignatureProperty> collectedUnsignedSigProps = signaturePropsCollector.getUnsignedSigProps();
    Collection<UnsignedSignatureProperty> unsignedSigProps = new ArrayList<UnsignedSignatureProperty>(collectedUnsignedSigProps.size() + formatSpecificUnsignedSigProps.size());
    unsignedSigProps.addAll(collectedUnsignedSigProps);
    unsignedSigProps.addAll(formatSpecificUnsignedSigProps);
    /* **** Data objects properties **** */
    Collection<DataObjectDesc> dataObjsInfo = dataObjs.getDataObjectsDescs();
    // The containers for all the specified signed data object properties. Since
    // some properties can be applied to multiple data objects, we need to rule
    // out repeated references (a Set is used).
    Set<SignedDataObjectProperty> signedDataObjProps = new HashSet<SignedDataObjectProperty>(dataObjsInfo.size());
    Set<UnsignedDataObjectProperty> unsignedDataObjProps = new HashSet<UnsignedDataObjectProperty>(0);
    // Add the global data object properties.
    signedDataObjProps.addAll(dataObjs.getSignedDataObjsProperties());
    unsignedDataObjProps.addAll(dataObjs.getUnsignedDataObjsProperties());
    // Add the properties specified for each data object.
    for (DataObjectDesc dataObjInfo : dataObjsInfo) {
        // If no properties were specified allow the provider to add them.
        if (!dataObjInfo.hasProperties())
            this.dataObjPropsProvider.provideProperties(dataObjInfo);
        signedDataObjProps.addAll(dataObjInfo.getSignedDataObjProps());
        unsignedDataObjProps.addAll(dataObjInfo.getUnsignedDataObjProps());
    }
    return new QualifyingProperties(new SignedProperties(signedSigProps, signedDataObjProps), new UnsignedProperties(unsignedSigProps, unsignedDataObjProps));
}
Also used : UnsignedDataObjectProperty(xades4j.properties.UnsignedDataObjectProperty) QualifyingProperties(xades4j.properties.QualifyingProperties) SignedSignatureProperty(xades4j.properties.SignedSignatureProperty) ArrayList(java.util.ArrayList) DataObjectDesc(xades4j.properties.DataObjectDesc) SignedDataObjectProperty(xades4j.properties.SignedDataObjectProperty) UnsignedProperties(xades4j.properties.UnsignedProperties) SignedProperties(xades4j.properties.SignedProperties) UnsignedSignatureProperty(xades4j.properties.UnsignedSignatureProperty) HashSet(java.util.HashSet)

Example 2 with QualifyingProperties

use of xades4j.properties.QualifyingProperties in project xades4j by luisgoncalves.

the class XAdESVerificationResult method createQualifProps.

private QualifyingProperties createQualifProps() {
    Collection<QualifyingProperty> props = this.propertiesGetter.getAll();
    Collection<SignedSignatureProperty> ssp = CollectionUtils.filterByType(props, SignedSignatureProperty.class);
    Collection<SignedDataObjectProperty> sdop = CollectionUtils.filterByType(props, SignedDataObjectProperty.class);
    Collection<UnsignedSignatureProperty> usp = CollectionUtils.filterByType(props, UnsignedSignatureProperty.class);
    Collection<UnsignedDataObjectProperty> udop = CollectionUtils.filterByType(props, UnsignedDataObjectProperty.class);
    return new QualifyingProperties(new SignedProperties(ssp, sdop), new UnsignedProperties(usp, udop));
}
Also used : UnsignedDataObjectProperty(xades4j.properties.UnsignedDataObjectProperty) QualifyingProperties(xades4j.properties.QualifyingProperties) SignedSignatureProperty(xades4j.properties.SignedSignatureProperty) SignedDataObjectProperty(xades4j.properties.SignedDataObjectProperty) UnsignedProperties(xades4j.properties.UnsignedProperties) SignedProperties(xades4j.properties.SignedProperties) UnsignedSignatureProperty(xades4j.properties.UnsignedSignatureProperty) QualifyingProperty(xades4j.properties.QualifyingProperty)

Example 3 with QualifyingProperties

use of xades4j.properties.QualifyingProperties in project xades4j by luisgoncalves.

the class SignerBES method sign.

@Override
public final XadesSignatureResult sign(SignedDataObjects signedDataObjects, Node referenceNode, SignatureAppendingStrategy appendingStrategy) throws XAdES4jException {
    if (null == referenceNode) {
        throw new NullPointerException("Reference node node cannot be null");
    }
    if (null == signedDataObjects) {
        throw new NullPointerException("References cannot be null");
    }
    if (signedDataObjects.isEmpty()) {
        throw new IllegalArgumentException("Data objects list is empty");
    }
    Document signatureDocument = DOMHelper.getOwnerDocument(referenceNode);
    // Generate unique identifiers for the Signature and the SignedProperties.
    String signatureId = String.format("xmldsig-%s", UUID.randomUUID());
    String signedPropsId = String.format("%s-signedprops", signatureId);
    // Signing certificate chain (may contain only the signing certificate).
    List<X509Certificate> signingCertificateChain = this.keyingProvider.getSigningCertificateChain();
    if (null == signingCertificateChain || signingCertificateChain.isEmpty()) {
        throw new SigningCertChainException("Signing certificate not provided");
    }
    X509Certificate signingCertificate = signingCertificateChain.get(0);
    // The XMLSignature (ds:Signature).
    XMLSignature signature = createSignature(signatureDocument, signedDataObjects.getBaseUri(), signingCertificate.getPublicKey().getAlgorithm());
    signature.setId(signatureId);
    /* References */
    // Process the data object descriptions to get the References and mappings.
    // After this call all the signed data objects References and XMLObjects
    // are added to the signature.
    Map<DataObjectDesc, Reference> referenceMappings = this.dataObjectDescsProcessor.process(signedDataObjects, signature);
    /* ds:KeyInfo */
    this.keyInfoBuilder.buildKeyInfo(signingCertificate, signature);
    /* QualifyingProperties element */
    // Create the QualifyingProperties element
    Element qualifyingPropsElem = ElementProxy.createElementForFamily(signature.getDocument(), QualifyingProperty.XADES_XMLNS, QualifyingProperty.QUALIFYING_PROPS_TAG);
    qualifyingPropsElem.setAttributeNS(null, QualifyingProperty.TARGET_ATTR, '#' + signatureId);
    qualifyingPropsElem.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:xades141", QualifyingProperty.XADESV141_XMLNS);
    // ds:Object to contain QualifyingProperties
    ObjectContainer qPropsXmlObj = new ObjectContainer(signature.getDocument());
    qPropsXmlObj.appendChild(qualifyingPropsElem);
    try {
        signature.appendObject(qPropsXmlObj);
    } catch (XMLSignatureException ex) {
        // -> xmlSignature.appendObject(xmlObj): not thrown when signing.
        throw new IllegalStateException(ex);
    }
    /* Collect the properties */
    // Get the format specific signature properties.
    Collection<SignedSignatureProperty> fsssp = new ArrayList<SignedSignatureProperty>(2);
    Collection<UnsignedSignatureProperty> fsusp = new ArrayList<UnsignedSignatureProperty>(2);
    getFormatSpecificSignatureProperties(fsssp, fsusp, signingCertificateChain);
    // Gather all the signature and data objects properties.
    QualifyingProperties qualifProps = qualifPropsProcessor.getQualifyingProperties(signedDataObjects, fsssp, fsusp);
    try {
        // The signature needs to be appended to the document from now on because
        // property data generation may need to dereference same-document data
        // object references.
        appendingStrategy.append(signature.getElement(), referenceNode);
        /* Signed properties */
        // Create the context for signed properties data objects generation.
        PropertiesDataGenerationContext propsDataGenCtx = new PropertiesDataGenerationContext(signedDataObjects.getDataObjectsDescs(), referenceMappings, signatureDocument);
        // Generate the signed properties data objects. The data objects structure
        // is verifier in the process.
        SigAndDataObjsPropertiesData signedPropsData = this.propsDataObjectsGenerator.generateSignedPropertiesData(qualifProps.getSignedProperties(), propsDataGenCtx);
        // Marshal the signed properties data to the QualifyingProperties node.
        this.signedPropsMarshaller.marshal(signedPropsData, qualifyingPropsElem);
        Element signedPropsElem = DOMHelper.getFirstChildElement(qualifyingPropsElem);
        DOMHelper.setIdAsXmlId(signedPropsElem, signedPropsId);
        // SignedProperties reference
        // XAdES 6.3.1: "In order to protect the properties with the signature,
        // a ds:Reference element MUST be added to the XMLDSIG signature (...)
        // composed in such a way that it uses the SignedProperties element (...)
        // as the input for computing its corresponding digest. Additionally,
        // (...) use the Type attribute of this particular ds:Reference element,
        // with its value set to: http://uri.etsi.org/01903#SignedProperties."
        String digestAlgUri = algorithmsProvider.getDigestAlgorithmForDataObjsReferences();
        if (StringUtils.isNullOrEmptyString(digestAlgUri)) {
            throw new NullPointerException("Digest algorithm URI not provided");
        }
        // Use same canonicalization URI as specified in the ds:CanonicalizationMethod for Signature.
        Algorithm canonAlg = this.algorithmsProvider.getCanonicalizationAlgorithmForSignature();
        try {
            CanonicalizerUtils.checkC14NAlgorithm(canonAlg);
            Transforms transforms = TransformUtils.createTransforms(canonAlg, this.algorithmsParametersMarshaller, signatureDocument);
            signature.addDocument('#' + signedPropsId, transforms, digestAlgUri, null, QualifyingProperty.SIGNED_PROPS_TYPE_URI);
        } catch (XMLSignatureException ex) {
            // shouldn't be thrown now!
            throw new UnsupportedAlgorithmException("Digest algorithm not supported in the XML Signature provider", digestAlgUri, ex);
        }
        // Apply the signature
        try {
            PrivateKey signingKey = keyingProvider.getSigningKey(signingCertificate);
            signature.sign(signingKey);
        } catch (XMLSignatureException ex) {
            throw new XAdES4jXMLSigException(ex.getMessage(), ex);
        }
        // Set the ds:SignatureValue id.
        Element sigValueElem = DOMHelper.getFirstDescendant(signature.getElement(), Constants.SignatureSpecNS, Constants._TAG_SIGNATUREVALUE);
        DOMHelper.setIdAsXmlId(sigValueElem, String.format("%s-sigvalue", signatureId));
        /* Marshal unsigned properties */
        // Generate the unsigned properties data objects. The data objects structure
        // is verifier in the process.
        propsDataGenCtx.setTargetXmlSignature(signature);
        SigAndDataObjsPropertiesData unsignedPropsData = this.propsDataObjectsGenerator.generateUnsignedPropertiesData(qualifProps.getUnsignedProperties(), propsDataGenCtx);
        // Marshal the unsigned properties to the final QualifyingProperties node.
        this.unsignedPropsMarshaller.marshal(unsignedPropsData, qualifyingPropsElem);
    } catch (XAdES4jException ex) {
        appendingStrategy.revert(signature.getElement(), referenceNode);
        throw ex;
    }
    return new XadesSignatureResult(signature, qualifProps);
}
Also used : PrivateKey(java.security.PrivateKey) SigningCertChainException(xades4j.providers.SigningCertChainException) Element(org.w3c.dom.Element) Transforms(org.apache.xml.security.transforms.Transforms) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) DataObjectDesc(xades4j.properties.DataObjectDesc) SigAndDataObjsPropertiesData(xades4j.properties.data.SigAndDataObjsPropertiesData) XAdES4jXMLSigException(xades4j.XAdES4jXMLSigException) XAdES4jException(xades4j.XAdES4jException) XMLSignature(org.apache.xml.security.signature.XMLSignature) Reference(org.apache.xml.security.signature.Reference) QualifyingProperties(xades4j.properties.QualifyingProperties) SignedSignatureProperty(xades4j.properties.SignedSignatureProperty) Algorithm(xades4j.algorithms.Algorithm) X509Certificate(java.security.cert.X509Certificate) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) UnsignedSignatureProperty(xades4j.properties.UnsignedSignatureProperty) ObjectContainer(org.apache.xml.security.signature.ObjectContainer) XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException)

Aggregations

QualifyingProperties (xades4j.properties.QualifyingProperties)3 SignedSignatureProperty (xades4j.properties.SignedSignatureProperty)3 UnsignedSignatureProperty (xades4j.properties.UnsignedSignatureProperty)3 ArrayList (java.util.ArrayList)2 DataObjectDesc (xades4j.properties.DataObjectDesc)2 SignedDataObjectProperty (xades4j.properties.SignedDataObjectProperty)2 SignedProperties (xades4j.properties.SignedProperties)2 UnsignedDataObjectProperty (xades4j.properties.UnsignedDataObjectProperty)2 UnsignedProperties (xades4j.properties.UnsignedProperties)2 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 HashSet (java.util.HashSet)1 ObjectContainer (org.apache.xml.security.signature.ObjectContainer)1 Reference (org.apache.xml.security.signature.Reference)1 XMLSignature (org.apache.xml.security.signature.XMLSignature)1 XMLSignatureException (org.apache.xml.security.signature.XMLSignatureException)1 Transforms (org.apache.xml.security.transforms.Transforms)1 Document (org.w3c.dom.Document)1 Element (org.w3c.dom.Element)1 UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)1