use of xades4j.properties.data.CRLRef in project xades4j by luisgoncalves.
the class DataGenCompleteRevocRefs method generatePropertyData.
@Override
public PropertyDataObject generatePropertyData(CompleteRevocationRefsProperty prop, PropertiesDataGenerationContext ctx) throws PropertyDataGenerationException {
Collection<X509CRL> crls = prop.getCrls();
Collection<CRLRef> crlRefs = new ArrayList<CRLRef>(crls.size());
String digestAlgUri = this.algorithmsProvider.getDigestAlgorithmForReferenceProperties();
try {
MessageDigest messageDigest = this.messageDigestProvider.getEngine(digestAlgUri);
for (X509CRL crl : crls) {
GregorianCalendar crlTime = new GregorianCalendar();
crlTime.setTime(crl.getThisUpdate());
byte[] digest = messageDigest.digest(crl.getEncoded());
BigInteger crlNum = CrlExtensionsUtils.getCrlNumber(crl);
crlRefs.add(new CRLRef(crl.getIssuerX500Principal().getName(), crlNum, digestAlgUri, digest, crlTime));
}
return new CompleteRevocationRefsData(crlRefs);
} catch (CRLException ex) {
throw new PropertyDataGenerationException(prop, "cannot get encoded CRL", ex);
} catch (IOException ex) {
throw new PropertyDataGenerationException(prop, "cannot parse CRL number extension", ex);
} catch (UnsupportedAlgorithmException ex) {
throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
}
}
use of xades4j.properties.data.CRLRef in project xades4j by luisgoncalves.
the class CompleteRevocRefsVerifier method verify.
@Override
public QualifyingProperty verify(CompleteRevocationRefsData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
Collection<X509CRL> crls = ctx.getCertChainData().getCrls();
Collection<CRLRef> crlRefs = new ArrayList<CRLRef>(propData.getCrlRefs());
if (crls.isEmpty())
throw new CompleteRevocRefsCRLsNotAvailableException();
for (X509CRL crl : crls) {
CRLRef match = null;
for (CRLRef crlRef : crlRefs) {
// Check issuer and issue time.
if (!crl.getIssuerX500Principal().equals(new X500Principal(crlRef.issuerDN)) || !crl.getThisUpdate().equals(crlRef.issueTime.getTime()))
continue;
try {
// Check CRL number, if present.
if (crlRef.serialNumber != null) {
BigInteger crlNum = CrlExtensionsUtils.getCrlNumber(crl);
if (crlNum != null && !crlRef.serialNumber.equals(crlNum))
continue;
}
// Check digest value.
MessageDigest md = this.digestEngineProvider.getEngine(crlRef.digestAlgUri);
if (Arrays.equals(md.digest(crl.getEncoded()), crlRef.digestValue)) {
match = crlRef;
break;
}
} catch (IOException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
} catch (CRLException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
} catch (UnsupportedAlgorithmException ex) {
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());
}
}
if (null == match)
throw new CompleteRevocRefsReferenceException(crl, "no matching reference");
crlRefs.remove(match);
}
return new CompleteRevocationRefsProperty(crls);
}
use of xades4j.properties.data.CRLRef in project xades4j by luisgoncalves.
the class FromXmlCompleteRevocRefsConverter method convertFromObjectTree.
@Override
public void convertFromObjectTree(XmlUnsignedSignaturePropertiesType xmlProps, QualifyingPropertiesDataCollector propertyDataCollector) throws PropertyUnmarshalException {
XmlCompleteRevocationRefsType xmlCompleteRevocRefs = xmlProps.getCompleteRevocationRefs();
if (null == xmlCompleteRevocRefs)
return;
if (xmlCompleteRevocRefs.getOCSPRefs() != null || xmlCompleteRevocRefs.getOtherRefs() != null)
throw new PropertyUnmarshalException("Only CRL references are supported", CompleteRevocationRefsProperty.PROP_NAME);
XmlCRLRefsType xmlCRLRefs = xmlCompleteRevocRefs.getCRLRefs();
if (null == xmlCRLRefs)
throw new PropertyUnmarshalException("CRL references not present", CompleteRevocationRefsProperty.PROP_NAME);
CompleteRevocationRefsData complRevocRefsData = new CompleteRevocationRefsData();
for (XmlCRLRefType xmlCRLRef : xmlCRLRefs.getCRLRef()) {
XmlCRLIdentifierType xmlCrlId = xmlCRLRef.getCRLIdentifier();
complRevocRefsData.addCRLRef(new CRLRef(xmlCrlId.getIssuer(), xmlCrlId.getNumber(), xmlCRLRef.getDigestAlgAndValue().getDigestMethod().getAlgorithm(), xmlCRLRef.getDigestAlgAndValue().getDigestValue(), xmlCrlId.getIssueTime().toGregorianCalendar()));
}
propertyDataCollector.setCompleteRevocRefs(complRevocRefsData);
}
use of xades4j.properties.data.CRLRef in project xades4j by luisgoncalves.
the class ToXmlCompleteRevocRefsConverter method convertIntoObjectTree.
@Override
public void convertIntoObjectTree(PropertyDataObject propData, XmlUnsignedPropertiesType xmlProps, Document doc) {
CompleteRevocationRefsData complRevocRefsData = (CompleteRevocationRefsData) propData;
// Only CRL refs are supported.
XmlCRLRefsType xmlCRLRefs = new XmlCRLRefsType();
List<XmlCRLRefType> xmlCRLRefsList = xmlCRLRefs.getCRLRef();
try {
for (CRLRef crlRef : complRevocRefsData.getCrlRefs()) {
XmlCRLIdentifierType xmlCrlId = new XmlCRLIdentifierType();
xmlCrlId.setIssueTime(DatatypeFactory.newInstance().newXMLGregorianCalendar(crlRef.issueTime));
xmlCrlId.setIssuer(crlRef.issuerDN);
// May be null.
xmlCrlId.setNumber(crlRef.serialNumber);
XmlDigestAlgAndValueType xmlDigest = new XmlDigestAlgAndValueType();
XmlDigestMethodType xmlDigestMethod = new XmlDigestMethodType();
xmlDigestMethod.setAlgorithm(crlRef.digestAlgUri);
xmlDigest.setDigestValue(crlRef.digestValue);
xmlDigest.setDigestMethod(xmlDigestMethod);
XmlCRLRefType xmlCrlRef = new XmlCRLRefType();
xmlCrlRef.setCRLIdentifier(xmlCrlId);
xmlCrlRef.setDigestAlgAndValue(xmlDigest);
xmlCRLRefsList.add(xmlCrlRef);
}
} catch (DatatypeConfigurationException ex) {
throw new UnsupportedOperationException(ex.getMessage(), ex);
}
XmlCompleteRevocationRefsType xmlComplRevocRefs = new XmlCompleteRevocationRefsType();
// Only CRL refs are supported.
xmlComplRevocRefs.setCRLRefs(xmlCRLRefs);
xmlProps.getUnsignedSignatureProperties().setCompleteRevocationRefs(xmlComplRevocRefs);
}
Aggregations