Examples with CertRef xades4j.properties.data.CertRef used on opensource projects

Example 1 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class DataGenBaseCertRefs method generate.

protected PropertyDataObject generate(Collection<X509Certificate> certs, BaseCertRefsData certRefsData, QualifyingProperty prop) throws PropertyDataGenerationException {
    if (null == certs) {
        throw new PropertyDataGenerationException(prop, "certificates not provided");
    }
    try {
        String digestAlgUri = this.algorithmsProvider.getDigestAlgorithmForReferenceProperties();
        MessageDigest messageDigest = this.messageDigestProvider.getEngine(digestAlgUri);
        for (X509Certificate cert : certs) {
            // "DigestValue contains the base-64 encoded value of the digest
            // computed on the DER-encoded certificate."
            // The base-64 encoding is done by JAXB with the configured
            // adapter (Base64XmlAdapter).
            // For X509 certificates the encoded form return by getEncoded is DER.
            byte[] digestValue = messageDigest.digest(cert.getEncoded());
            certRefsData.addCertRef(new CertRef(cert.getIssuerX500Principal().getName(), cert.getSerialNumber(), digestAlgUri, digestValue));
        }
        return certRefsData;
    } catch (UnsupportedAlgorithmException ex) {
        throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
    } catch (CertificateEncodingException ex) {
        throw new PropertyDataGenerationException(prop, "cannot get encoded certificate", ex);
    }
}

Example 2 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class CompleteCertRefsVerifier method verify.

@Override
public QualifyingProperty verify(CompleteCertificateRefsData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
    List<X509Certificate> caCerts = ctx.getCertChainData().getCertificateChain();
    caCerts = caCerts.subList(1, caCerts.size());
    Collection<CertRef> caCertRefs = propData.getCertRefs();
    for (X509Certificate caCert : caCerts) {
        CertRef caRef = CertRefUtils.findCertRef(caCert, caCertRefs);
        if (null == caRef)
            throw new CompleteCertRefsCertNotFoundException(caCert);
        try {
            CertRefUtils.checkCertRef(caRef, caCert, messageDigestProvider);
        } catch (CertRefUtils.InvalidCertRefException ex) {
            throw new CompleteCertRefsReferenceException(caCert, caRef, ex.getMessage());
        }
    }
    return new CompleteCertificateRefsProperty(Collections.unmodifiableList(caCerts));
}

Example 3 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class SigningCertificateVerifier method verify.

@Override
public QualifyingProperty verify(SigningCertificateData propData, QualifyingPropertyVerificationContext ctx) throws SigningCertificateVerificationException {
    Collection<CertRef> certRefs = propData.getCertRefs();
    CertificationChainData certChainData = ctx.getCertChainData();
    Iterator<X509Certificate> certPathIter = certChainData.getCertificateChain().iterator();
    /* Check the signing certificate */
    // "If the verifier does not find any reference matching the signing certificate,
    // the validation of this property should be taken as failed."
    X509Certificate signingCert = certPathIter.next();
    CertRef signingCertRef = CertRefUtils.findCertRef(signingCert, certRefs);
    if (null == signingCertRef)
        throw new SigningCertificateReferenceNotFoundException(signingCert);
    // "If the ds:KeyInfo contains the ds:X509IssuerSerial element, check that
    // the issuer and the serial number indicated in both, that one and IssuerSerial
    // from SigningCertificate, are the same."
    X500Principal keyInfoIssuer = certChainData.getValidationCertIssuer();
    if (keyInfoIssuer != null && (!new X500Principal(signingCertRef.issuerDN).equals(keyInfoIssuer) || !signingCertRef.serialNumber.equals(certChainData.getValidationCertSerialNumber())))
        throw new SigningCertificateIssuerSerialMismatchException(signingCertRef.issuerDN, signingCertRef.serialNumber, keyInfoIssuer.getName(), certChainData.getValidationCertSerialNumber());
    try {
        CertRefUtils.checkCertRef(signingCertRef, signingCert, messageDigestProvider);
    } catch (CertRefUtils.InvalidCertRefException ex) {
        throw new SigningCertificateReferenceException(signingCert, signingCertRef, ex);
    }
    /* Check the other certificates in the certification path */
    int nMatchedRefs = 1;
    while (certPathIter.hasNext()) {
        X509Certificate cert = certPathIter.next();
        CertRef certRef = CertRefUtils.findCertRef(cert, certRefs);
        // verification is successful (...)"
        if (null == certRef)
            continue;
        nMatchedRefs++;
        try {
            CertRefUtils.checkCertRef(certRef, cert, messageDigestProvider);
        } catch (CertRefUtils.InvalidCertRefException ex) {
            throw new SigningCertificateReferenceException(cert, certRef, ex);
        }
    }
    // assume that a failure has occurred during the verification."
    if (nMatchedRefs < certRefs.size())
        throw new SigningCertificateCertsNotInCertPathException();
    return new SigningCertificateProperty(certChainData.getCertificateChain());
}

Example 4 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class ToXmlUtils method getXmlCertRefList.

/**/
static XmlCertIDListType getXmlCertRefList(BaseCertRefsData certRefsData) {
    XmlCertIDListType xmlCertRefListProp = new XmlCertIDListType();
    List<XmlCertIDType> xmlCertRefList = xmlCertRefListProp.getCert();
    XmlDigestAlgAndValueType certDigest;
    XmlDigestMethodType certDigestMethod;
    XmlX509IssuerSerialType issuerSerial;
    XmlCertIDType certID;
    for (CertRef certRef : certRefsData.getCertRefs()) {
        certDigestMethod = new XmlDigestMethodType();
        certDigestMethod.setAlgorithm(certRef.digestAlgUri);
        certDigest = new XmlDigestAlgAndValueType();
        certDigest.setDigestMethod(certDigestMethod);
        certDigest.setDigestValue(certRef.digestValue);
        issuerSerial = new XmlX509IssuerSerialType();
        issuerSerial.setX509IssuerName(certRef.issuerDN);
        issuerSerial.setX509SerialNumber(certRef.serialNumber);
        certID = new XmlCertIDType();
        certID.setCertDigest(certDigest);
        certID.setIssuerSerial(issuerSerial);
        xmlCertRefList.add(certID);
    }
    return xmlCertRefListProp;
}

Example 5 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class FromXmlUtils method createAndCertificateRefs.

static void createAndCertificateRefs(XmlCertIDListType xmlCertRefs, BaseCertRefsData certRefsData) {
    for (XmlCertIDType xmlCertIDType : xmlCertRefs.getCert()) {
        /* All the elements within Cert are marked with 'required' */
        XmlX509IssuerSerialType is = xmlCertIDType.getIssuerSerial();
        XmlDigestAlgAndValueType d = xmlCertIDType.getCertDigest();
        CertRef ref = new CertRef(is.getX509IssuerName(), is.getX509SerialNumber(), d.getDigestMethod().getAlgorithm(), // Digest value is already decoded.
        d.getDigestValue());
        certRefsData.addCertRef(ref);
    }
}