Example 1 with CRLRef
use of xades4j.properties.data.CRLRef in project xades4j by luisgoncalves.
the class DataGenCompleteRevocRefs method generatePropertyData.
@Override
public PropertyDataObject generatePropertyData(CompleteRevocationRefsProperty prop, PropertiesDataGenerationContext ctx) throws PropertyDataGenerationException {
Collection<X509CRL> crls = prop.getCrls();
Collection<CRLRef> crlRefs = new ArrayList<CRLRef>(crls.size());
String digestAlgUri = this.algorithmsProvider.getDigestAlgorithmForReferenceProperties();
try {
MessageDigest messageDigest = this.messageDigestProvider.getEngine(digestAlgUri);
for (X509CRL crl : crls) {
GregorianCalendar crlTime = new GregorianCalendar();
crlTime.setTime(crl.getThisUpdate());
byte[] digest = messageDigest.digest(crl.getEncoded());
BigInteger crlNum = CrlExtensionsUtils.getCrlNumber(crl);
crlRefs.add(new CRLRef(crl.getIssuerX500Principal().getName(), crlNum, digestAlgUri, digest, crlTime));
}
return new CompleteRevocationRefsData(crlRefs);
} catch (CRLException ex) {
throw new PropertyDataGenerationException(prop, "cannot get encoded CRL", ex);
} catch (IOException ex) {
throw new PropertyDataGenerationException(prop, "cannot parse CRL number extension", ex);
} catch (UnsupportedAlgorithmException ex) {
throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
ArrayList(java.util.ArrayList)
GregorianCalendar(java.util.GregorianCalendar)
CRLRef(xades4j.properties.data.CRLRef)
IOException(java.io.IOException)
CompleteRevocationRefsData(xades4j.properties.data.CompleteRevocationRefsData)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
BigInteger(java.math.BigInteger)
MessageDigest(java.security.MessageDigest)
CRLException(java.security.cert.CRLException)
Example 2 with CRLRef
use of xades4j.properties.data.CRLRef in project xades4j by luisgoncalves.
the class CompleteRevocRefsVerifier method verify.
@Override
public QualifyingProperty verify(CompleteRevocationRefsData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
Collection<X509CRL> crls = ctx.getCertChainData().getCrls();
Collection<CRLRef> crlRefs = new ArrayList<CRLRef>(propData.getCrlRefs());
if (crls.isEmpty())
throw new CompleteRevocRefsCRLsNotAvailableException();
for (X509CRL crl : crls) {
CRLRef match = null;
for (CRLRef crlRef : crlRefs) {
// Check issuer and issue time.
if (!crl.getIssuerX500Principal().equals(new X500Principal(crlRef.issuerDN)) || !crl.getThisUpdate().equals(crlRef.issueTime.getTime()))
continue;
try {
// Check CRL number, if present.
if (crlRef.serialNumber != null) {
BigInteger crlNum = CrlExtensionsUtils.getCrlNumber(crl);
if (crlNum != null && !crlRef.serialNumber.equals(crlNum))
continue;
}
// Check digest value.
MessageDigest md = this.digestEngineProvider.getEngine(crlRef.digestAlgUri);
if (Arrays.equals(md.digest(crl.getEncoded()), crlRef.digestValue)) {
match = crlRef;
break;
}
} catch (IOException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
} catch (CRLException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
} catch (UnsupportedAlgorithmException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
}
}
if (null == match)
throw new CompleteRevocRefsReferenceException(crl, "no matching reference");
crlRefs.remove(match);
}
return new CompleteRevocationRefsProperty(crls);
}
Also used :
X509CRL(java.security.cert.X509CRL)
ArrayList(java.util.ArrayList)
CRLRef(xades4j.properties.data.CRLRef)
IOException(java.io.IOException)
CompleteRevocationRefsProperty(xades4j.properties.CompleteRevocationRefsProperty)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
MessageDigest(java.security.MessageDigest)
CRLException(java.security.cert.CRLException)
Example 3 with CRLRef
use of xades4j.properties.data.CRLRef in project xades4j by luisgoncalves.
the class FromXmlCompleteRevocRefsConverter method convertFromObjectTree.
@Override
public void convertFromObjectTree(XmlUnsignedSignaturePropertiesType xmlProps, QualifyingPropertiesDataCollector propertyDataCollector) throws PropertyUnmarshalException {
XmlCompleteRevocationRefsType xmlCompleteRevocRefs = xmlProps.getCompleteRevocationRefs();
if (null == xmlCompleteRevocRefs)
return;
if (xmlCompleteRevocRefs.getOCSPRefs() != null || xmlCompleteRevocRefs.getOtherRefs() != null)
throw new PropertyUnmarshalException("Only CRL references are supported", CompleteRevocationRefsProperty.PROP_NAME);
XmlCRLRefsType xmlCRLRefs = xmlCompleteRevocRefs.getCRLRefs();
if (null == xmlCRLRefs)
throw new PropertyUnmarshalException("CRL references not present", CompleteRevocationRefsProperty.PROP_NAME);
CompleteRevocationRefsData complRevocRefsData = new CompleteRevocationRefsData();
for (XmlCRLRefType xmlCRLRef : xmlCRLRefs.getCRLRef()) {
XmlCRLIdentifierType xmlCrlId = xmlCRLRef.getCRLIdentifier();
complRevocRefsData.addCRLRef(new CRLRef(xmlCrlId.getIssuer(), xmlCrlId.getNumber(), xmlCRLRef.getDigestAlgAndValue().getDigestMethod().getAlgorithm(), xmlCRLRef.getDigestAlgAndValue().getDigestValue(), xmlCrlId.getIssueTime().toGregorianCalendar()));
}
propertyDataCollector.setCompleteRevocRefs(complRevocRefsData);
}
Also used :
XmlCRLIdentifierType(xades4j.xml.bind.xades.XmlCRLIdentifierType)
XmlCRLRefType(xades4j.xml.bind.xades.XmlCRLRefType)
XmlCompleteRevocationRefsType(xades4j.xml.bind.xades.XmlCompleteRevocationRefsType)
CRLRef(xades4j.properties.data.CRLRef)
XmlCRLRefsType(xades4j.xml.bind.xades.XmlCRLRefsType)
CompleteRevocationRefsData(xades4j.properties.data.CompleteRevocationRefsData)
Example 4 with CRLRef
use of xades4j.properties.data.CRLRef in project xades4j by luisgoncalves.
the class ToXmlCompleteRevocRefsConverter method convertIntoObjectTree.
@Override
public void convertIntoObjectTree(PropertyDataObject propData, XmlUnsignedPropertiesType xmlProps, Document doc) {
CompleteRevocationRefsData complRevocRefsData = (CompleteRevocationRefsData) propData;
// Only CRL refs are supported.
XmlCRLRefsType xmlCRLRefs = new XmlCRLRefsType();
List<XmlCRLRefType> xmlCRLRefsList = xmlCRLRefs.getCRLRef();
try {
for (CRLRef crlRef : complRevocRefsData.getCrlRefs()) {
XmlCRLIdentifierType xmlCrlId = new XmlCRLIdentifierType();
xmlCrlId.setIssueTime(DatatypeFactory.newInstance().newXMLGregorianCalendar(crlRef.issueTime));
xmlCrlId.setIssuer(crlRef.issuerDN);
// May be null.
xmlCrlId.setNumber(crlRef.serialNumber);
XmlDigestAlgAndValueType xmlDigest = new XmlDigestAlgAndValueType();
XmlDigestMethodType xmlDigestMethod = new XmlDigestMethodType();
xmlDigestMethod.setAlgorithm(crlRef.digestAlgUri);
xmlDigest.setDigestValue(crlRef.digestValue);
xmlDigest.setDigestMethod(xmlDigestMethod);
XmlCRLRefType xmlCrlRef = new XmlCRLRefType();
xmlCrlRef.setCRLIdentifier(xmlCrlId);
xmlCrlRef.setDigestAlgAndValue(xmlDigest);
xmlCRLRefsList.add(xmlCrlRef);
}
} catch (DatatypeConfigurationException ex) {
throw new UnsupportedOperationException(ex.getMessage(), ex);
}
XmlCompleteRevocationRefsType xmlComplRevocRefs = new XmlCompleteRevocationRefsType();
// Only CRL refs are supported.
xmlComplRevocRefs.setCRLRefs(xmlCRLRefs);
xmlProps.getUnsignedSignatureProperties().setCompleteRevocationRefs(xmlComplRevocRefs);
}
Also used :
XmlCRLIdentifierType(xades4j.xml.bind.xades.XmlCRLIdentifierType)
XmlDigestAlgAndValueType(xades4j.xml.bind.xades.XmlDigestAlgAndValueType)
DatatypeConfigurationException(javax.xml.datatype.DatatypeConfigurationException)
XmlCRLRefType(xades4j.xml.bind.xades.XmlCRLRefType)
XmlCompleteRevocationRefsType(xades4j.xml.bind.xades.XmlCompleteRevocationRefsType)
CRLRef(xades4j.properties.data.CRLRef)
XmlDigestMethodType(xades4j.xml.bind.xmldsig.XmlDigestMethodType)
XmlCRLRefsType(xades4j.xml.bind.xades.XmlCRLRefsType)
CompleteRevocationRefsData(xades4j.properties.data.CompleteRevocationRefsData)
Aggregations
CRLRef (xades4j.properties.data.CRLRef)4
CompleteRevocationRefsData (xades4j.properties.data.CompleteRevocationRefsData)3
IOException (java.io.IOException)2
BigInteger (java.math.BigInteger)2
MessageDigest (java.security.MessageDigest)2
CRLException (java.security.cert.CRLException)2
X509CRL (java.security.cert.X509CRL)2
ArrayList (java.util.ArrayList)2
UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)2
XmlCRLIdentifierType (xades4j.xml.bind.xades.XmlCRLIdentifierType)2
XmlCRLRefType (xades4j.xml.bind.xades.XmlCRLRefType)2
XmlCRLRefsType (xades4j.xml.bind.xades.XmlCRLRefsType)2
XmlCompleteRevocationRefsType (xades4j.xml.bind.xades.XmlCompleteRevocationRefsType)2
GregorianCalendar (java.util.GregorianCalendar)1
X500Principal (javax.security.auth.x500.X500Principal)1
DatatypeConfigurationException (javax.xml.datatype.DatatypeConfigurationException)1
CompleteRevocationRefsProperty (xades4j.properties.CompleteRevocationRefsProperty)1
XmlDigestAlgAndValueType (xades4j.xml.bind.xades.XmlDigestAlgAndValueType)1
XmlDigestMethodType (xades4j.xml.bind.xmldsig.XmlDigestMethodType)1
