Search in sources :

Example 1 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class DataGenBaseCertRefs method generate.

protected PropertyDataObject generate(Collection<X509Certificate> certs, BaseCertRefsData certRefsData, QualifyingProperty prop) throws PropertyDataGenerationException {
    if (null == certs) {
        throw new PropertyDataGenerationException(prop, "certificates not provided");
    }
    try {
        String digestAlgUri = this.algorithmsProvider.getDigestAlgorithmForReferenceProperties();
        MessageDigest messageDigest = this.messageDigestProvider.getEngine(digestAlgUri);
        for (X509Certificate cert : certs) {
            // "DigestValue contains the base-64 encoded value of the digest
            // computed on the DER-encoded certificate."
            // The base-64 encoding is done by JAXB with the configured
            // adapter (Base64XmlAdapter).
            // For X509 certificates the encoded form return by getEncoded is DER.
            byte[] digestValue = messageDigest.digest(cert.getEncoded());
            certRefsData.addCertRef(new CertRef(cert.getIssuerX500Principal().getName(), cert.getSerialNumber(), digestAlgUri, digestValue));
        }
        return certRefsData;
    } catch (UnsupportedAlgorithmException ex) {
        throw new PropertyDataGenerationException(prop, ex.getMessage(), ex);
    } catch (CertificateEncodingException ex) {
        throw new PropertyDataGenerationException(prop, "cannot get encoded certificate", ex);
    }
}
Also used : UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) CertRef(xades4j.properties.data.CertRef) CertificateEncodingException(java.security.cert.CertificateEncodingException) MessageDigest(java.security.MessageDigest) X509Certificate(java.security.cert.X509Certificate)

Example 2 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class CompleteCertRefsVerifier method verify.

@Override
public QualifyingProperty verify(CompleteCertificateRefsData propData, QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException {
    List<X509Certificate> caCerts = ctx.getCertChainData().getCertificateChain();
    caCerts = caCerts.subList(1, caCerts.size());
    Collection<CertRef> caCertRefs = propData.getCertRefs();
    for (X509Certificate caCert : caCerts) {
        CertRef caRef = CertRefUtils.findCertRef(caCert, caCertRefs);
        if (null == caRef)
            throw new CompleteCertRefsCertNotFoundException(caCert);
        try {
            CertRefUtils.checkCertRef(caRef, caCert, messageDigestProvider);
        } catch (CertRefUtils.InvalidCertRefException ex) {
            throw new CompleteCertRefsReferenceException(caCert, caRef, ex.getMessage());
        }
    }
    return new CompleteCertificateRefsProperty(Collections.unmodifiableList(caCerts));
}
Also used : CertRef(xades4j.properties.data.CertRef) CompleteCertificateRefsProperty(xades4j.properties.CompleteCertificateRefsProperty) X509Certificate(java.security.cert.X509Certificate)

Example 3 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class SigningCertificateVerifier method verify.

@Override
public QualifyingProperty verify(SigningCertificateData propData, QualifyingPropertyVerificationContext ctx) throws SigningCertificateVerificationException {
    Collection<CertRef> certRefs = propData.getCertRefs();
    CertificationChainData certChainData = ctx.getCertChainData();
    Iterator<X509Certificate> certPathIter = certChainData.getCertificateChain().iterator();
    /* Check the signing certificate */
    // "If the verifier does not find any reference matching the signing certificate,
    // the validation of this property should be taken as failed."
    X509Certificate signingCert = certPathIter.next();
    CertRef signingCertRef = CertRefUtils.findCertRef(signingCert, certRefs);
    if (null == signingCertRef)
        throw new SigningCertificateReferenceNotFoundException(signingCert);
    // "If the ds:KeyInfo contains the ds:X509IssuerSerial element, check that
    // the issuer and the serial number indicated in both, that one and IssuerSerial
    // from SigningCertificate, are the same."
    X500Principal keyInfoIssuer = certChainData.getValidationCertIssuer();
    if (keyInfoIssuer != null && (!new X500Principal(signingCertRef.issuerDN).equals(keyInfoIssuer) || !signingCertRef.serialNumber.equals(certChainData.getValidationCertSerialNumber())))
        throw new SigningCertificateIssuerSerialMismatchException(signingCertRef.issuerDN, signingCertRef.serialNumber, keyInfoIssuer.getName(), certChainData.getValidationCertSerialNumber());
    try {
        CertRefUtils.checkCertRef(signingCertRef, signingCert, messageDigestProvider);
    } catch (CertRefUtils.InvalidCertRefException ex) {
        throw new SigningCertificateReferenceException(signingCert, signingCertRef, ex);
    }
    /* Check the other certificates in the certification path */
    int nMatchedRefs = 1;
    while (certPathIter.hasNext()) {
        X509Certificate cert = certPathIter.next();
        CertRef certRef = CertRefUtils.findCertRef(cert, certRefs);
        // verification is successful (...)"
        if (null == certRef)
            continue;
        nMatchedRefs++;
        try {
            CertRefUtils.checkCertRef(certRef, cert, messageDigestProvider);
        } catch (CertRefUtils.InvalidCertRefException ex) {
            throw new SigningCertificateReferenceException(cert, certRef, ex);
        }
    }
    // assume that a failure has occurred during the verification."
    if (nMatchedRefs < certRefs.size())
        throw new SigningCertificateCertsNotInCertPathException();
    return new SigningCertificateProperty(certChainData.getCertificateChain());
}
Also used : SigningCertificateProperty(xades4j.properties.SigningCertificateProperty) X509Certificate(java.security.cert.X509Certificate) CertRef(xades4j.properties.data.CertRef) CertificationChainData(xades4j.verification.QualifyingPropertyVerificationContext.CertificationChainData) X500Principal(javax.security.auth.x500.X500Principal)

Example 4 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class ToXmlUtils method getXmlCertRefList.

/**/
static XmlCertIDListType getXmlCertRefList(BaseCertRefsData certRefsData) {
    XmlCertIDListType xmlCertRefListProp = new XmlCertIDListType();
    List<XmlCertIDType> xmlCertRefList = xmlCertRefListProp.getCert();
    XmlDigestAlgAndValueType certDigest;
    XmlDigestMethodType certDigestMethod;
    XmlX509IssuerSerialType issuerSerial;
    XmlCertIDType certID;
    for (CertRef certRef : certRefsData.getCertRefs()) {
        certDigestMethod = new XmlDigestMethodType();
        certDigestMethod.setAlgorithm(certRef.digestAlgUri);
        certDigest = new XmlDigestAlgAndValueType();
        certDigest.setDigestMethod(certDigestMethod);
        certDigest.setDigestValue(certRef.digestValue);
        issuerSerial = new XmlX509IssuerSerialType();
        issuerSerial.setX509IssuerName(certRef.issuerDN);
        issuerSerial.setX509SerialNumber(certRef.serialNumber);
        certID = new XmlCertIDType();
        certID.setCertDigest(certDigest);
        certID.setIssuerSerial(issuerSerial);
        xmlCertRefList.add(certID);
    }
    return xmlCertRefListProp;
}
Also used : XmlDigestAlgAndValueType(xades4j.xml.bind.xades.XmlDigestAlgAndValueType) XmlCertIDType(xades4j.xml.bind.xades.XmlCertIDType) XmlX509IssuerSerialType(xades4j.xml.bind.xmldsig.XmlX509IssuerSerialType) XmlCertIDListType(xades4j.xml.bind.xades.XmlCertIDListType) CertRef(xades4j.properties.data.CertRef) XmlDigestMethodType(xades4j.xml.bind.xmldsig.XmlDigestMethodType)

Example 5 with CertRef

use of xades4j.properties.data.CertRef in project xades4j by luisgoncalves.

the class FromXmlUtils method createAndCertificateRefs.

static void createAndCertificateRefs(XmlCertIDListType xmlCertRefs, BaseCertRefsData certRefsData) {
    for (XmlCertIDType xmlCertIDType : xmlCertRefs.getCert()) {
        /* All the elements within Cert are marked with 'required' */
        XmlX509IssuerSerialType is = xmlCertIDType.getIssuerSerial();
        XmlDigestAlgAndValueType d = xmlCertIDType.getCertDigest();
        CertRef ref = new CertRef(is.getX509IssuerName(), is.getX509SerialNumber(), d.getDigestMethod().getAlgorithm(), // Digest value is already decoded.
        d.getDigestValue());
        certRefsData.addCertRef(ref);
    }
}
Also used : XmlDigestAlgAndValueType(xades4j.xml.bind.xades.XmlDigestAlgAndValueType) XmlCertIDType(xades4j.xml.bind.xades.XmlCertIDType) XmlX509IssuerSerialType(xades4j.xml.bind.xmldsig.XmlX509IssuerSerialType) CertRef(xades4j.properties.data.CertRef)

Aggregations

CertRef (xades4j.properties.data.CertRef)5 X509Certificate (java.security.cert.X509Certificate)3 XmlCertIDType (xades4j.xml.bind.xades.XmlCertIDType)2 XmlDigestAlgAndValueType (xades4j.xml.bind.xades.XmlDigestAlgAndValueType)2 XmlX509IssuerSerialType (xades4j.xml.bind.xmldsig.XmlX509IssuerSerialType)2 MessageDigest (java.security.MessageDigest)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 X500Principal (javax.security.auth.x500.X500Principal)1 UnsupportedAlgorithmException (xades4j.UnsupportedAlgorithmException)1 CompleteCertificateRefsProperty (xades4j.properties.CompleteCertificateRefsProperty)1 SigningCertificateProperty (xades4j.properties.SigningCertificateProperty)1 CertificationChainData (xades4j.verification.QualifyingPropertyVerificationContext.CertificationChainData)1 XmlCertIDListType (xades4j.xml.bind.xades.XmlCertIDListType)1 XmlDigestMethodType (xades4j.xml.bind.xmldsig.XmlDigestMethodType)1