use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.
the class DataGenBaseCertRefs method generate.
protected PropertyDataObject generate(Collection<X509Certificate> certs, BaseCertRefsData certRefsData, QualifyingProperty prop) throws PropertyDataGenerationException {
if (null == certs) {
throw new PropertyDataGenerationException(prop, "certificates not provided");
}
try {
String digestAlgUri = this.algorithmsProvider.getDigestAlgorithmForReferenceProperties();
MessageDigest messageDigest = this.messageDigestProvider.getEngine(digestAlgUri);
for (X509Certificate cert : certs) {
// "DigestValue contains the base-64 encoded value of the digest
// computed on the DER-encoded certificate."
// The base-64 encoding is done by JAXB with the configured
// adapter (Base64XmlAdapter).
// For X509 certificates the encoded form return by getEncoded is DER.
byte[] digestValue = messageDigest.digest(cert.getEncoded());
certRefsData.addCertRef(new CertRef(cert.getIssuerX500Principal().getName(), cert.getSerialNumber(), digestAlgUri, digestValue));
}
return certRefsData;
} catch (UnsupportedAlgorithmException ex) {
throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
} catch (CertificateEncodingException ex) {
throw new PropertyDataGenerationException(prop, "cannot get encoded certificate", ex);
}
}
use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.
the class CompleteCertRefsVerifier method verify.
@Override
public QualifyingProperty verify(CompleteCertificateRefsData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
List<X509Certificate> caCerts = ctx.getCertChainData().getCertificateChain();
caCerts = caCerts.subList(1, caCerts.size());
Collection<CertRef> caCertRefs = propData.getCertRefs();
for (X509Certificate caCert : caCerts) {
CertRef caRef = CertRefUtils.findCertRef(caCert, caCertRefs);
if (null == caRef)
throw new CompleteCertRefsCertNotFoundException(caCert);
try {
CertRefUtils.checkCertRef(caRef, caCert, messageDigestProvider);
} catch (CertRefUtils.InvalidCertRefException ex) {
throw new CompleteCertRefsReferenceException(caCert, caRef, ex.getMessage());
}
}
return new CompleteCertificateRefsProperty(Collections.unmodifiableList(caCerts));
}
use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.
the class SigningCertificateVerifier method verify.
@Override
public QualifyingProperty verify(SigningCertificateData propData, QualifyingPropertyVerificationContext ctx) throws SigningCertificateVerificationException {
Collection<CertRef> certRefs = propData.getCertRefs();
CertificationChainData certChainData = ctx.getCertChainData();
Iterator<X509Certificate> certPathIter = certChainData.getCertificateChain().iterator();
/* Check the signing certificate */
// "If the verifier does not find any reference matching the signing certificate,
// the validation of this property should be taken as failed."
X509Certificate signingCert = certPathIter.next();
CertRef signingCertRef = CertRefUtils.findCertRef(signingCert, certRefs);
if (null == signingCertRef)
throw new SigningCertificateReferenceNotFoundException(signingCert);
// "If the ds:KeyInfo contains the ds:X509IssuerSerial element, check that
// the issuer and the serial number indicated in both, that one and IssuerSerial
// from SigningCertificate, are the same."
X500Principal keyInfoIssuer = certChainData.getValidationCertIssuer();
if (keyInfoIssuer != null && (!new X500Principal(signingCertRef.issuerDN).equals(keyInfoIssuer) || !signingCertRef.serialNumber.equals(certChainData.getValidationCertSerialNumber())))
throw new SigningCertificateIssuerSerialMismatchException(signingCertRef.issuerDN, signingCertRef.serialNumber, keyInfoIssuer.getName(), certChainData.getValidationCertSerialNumber());
try {
CertRefUtils.checkCertRef(signingCertRef, signingCert, messageDigestProvider);
} catch (CertRefUtils.InvalidCertRefException ex) {
throw new SigningCertificateReferenceException(signingCert, signingCertRef, ex);
}
/* Check the other certificates in the certification path */
int nMatchedRefs = 1;
while (certPathIter.hasNext()) {
X509Certificate cert = certPathIter.next();
CertRef certRef = CertRefUtils.findCertRef(cert, certRefs);
// verification is successful (...)"
if (null == certRef)
continue;
nMatchedRefs++;
try {
CertRefUtils.checkCertRef(certRef, cert, messageDigestProvider);
} catch (CertRefUtils.InvalidCertRefException ex) {
throw new SigningCertificateReferenceException(cert, certRef, ex);
}
}
// assume that a failure has occurred during the verification."
if (nMatchedRefs < certRefs.size())
throw new SigningCertificateCertsNotInCertPathException();
return new SigningCertificateProperty(certChainData.getCertificateChain());
}
use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.
the class ToXmlUtils method getXmlCertRefList.
/**/
static XmlCertIDListType getXmlCertRefList(BaseCertRefsData certRefsData) {
XmlCertIDListType xmlCertRefListProp = new XmlCertIDListType();
List<XmlCertIDType> xmlCertRefList = xmlCertRefListProp.getCert();
XmlDigestAlgAndValueType certDigest;
XmlDigestMethodType certDigestMethod;
XmlX509IssuerSerialType issuerSerial;
XmlCertIDType certID;
for (CertRef certRef : certRefsData.getCertRefs()) {
certDigestMethod = new XmlDigestMethodType();
certDigestMethod.setAlgorithm(certRef.digestAlgUri);
certDigest = new XmlDigestAlgAndValueType();
certDigest.setDigestMethod(certDigestMethod);
certDigest.setDigestValue(certRef.digestValue);
issuerSerial = new XmlX509IssuerSerialType();
issuerSerial.setX509IssuerName(certRef.issuerDN);
issuerSerial.setX509SerialNumber(certRef.serialNumber);
certID = new XmlCertIDType();
certID.setCertDigest(certDigest);
certID.setIssuerSerial(issuerSerial);
xmlCertRefList.add(certID);
}
return xmlCertRefListProp;
}
use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.
the class FromXmlUtils method createAndCertificateRefs.
static void createAndCertificateRefs(XmlCertIDListType xmlCertRefs, BaseCertRefsData certRefsData) {
for (XmlCertIDType xmlCertIDType : xmlCertRefs.getCert()) {
/* All the elements within Cert are marked with 'required' */
XmlX509IssuerSerialType is = xmlCertIDType.getIssuerSerial();
XmlDigestAlgAndValueType d = xmlCertIDType.getCertDigest();
CertRef ref = new CertRef(is.getX509IssuerName(), is.getX509SerialNumber(), d.getDigestMethod().getAlgorithm(), // Digest value is already decoded.
d.getDigestValue());
certRefsData.addCertRef(ref);
}
}
Aggregations