Example 1 with ValidationData
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class SignerC method getFormatSpecificSignatureProperties.
@Override
protected void getFormatSpecificSignatureProperties(Collection<SignedSignatureProperty> formatSpecificSignedSigProps, Collection<UnsignedSignatureProperty> formatSpecificUnsignedSigProps, List<X509Certificate> signingCertificateChain) throws XAdES4jException {
super.getFormatSpecificSignatureProperties(formatSpecificSignedSigProps, formatSpecificUnsignedSigProps, signingCertificateChain);
ValidationData vData = this.validationDataProvider.getValidationData(signingCertificateChain);
if (null == vData)
throw new ValidationDataException("Validation data not provided");
PropertiesUtils.addXadesCProperties(formatSpecificUnsignedSigProps, vData);
}
Also used :
ValidationData(xades4j.providers.ValidationData)
ValidationDataException(xades4j.providers.ValidationDataException)
Example 2 with ValidationData
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class DefaultTimeStampVerificationProvider method verifyToken.
@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
TimeStampToken tsToken;
try {
ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
asn1is.close();
tsToken = new TimeStampToken(tsContentInfo);
} catch (IOException ex) {
throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
} catch (TSPException ex) {
throw new TimeStampTokenStructureException("Invalid token", ex);
}
X509Certificate tsaCert = null;
try {
/* Validate the TSA certificate */
LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
}
ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
tsaCert = vData.getCerts().get(0);
} catch (CertificateException ex) {
throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
} catch (XAdES4jException ex) {
throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
}
try {
tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
} catch (TSPValidationException ex) {
throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
} catch (Exception ex) {
throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
}
org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
try {
String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
throw new TimeStampTokenDigestException();
}
} catch (UnsupportedAlgorithmException ex) {
throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
}
return tsTokenInfo.getGenTime();
}
Also used :
CertificateException(java.security.cert.CertificateException)
TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException)
TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
XAdES4jException(xades4j.XAdES4jException)
TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException)
MessageDigest(java.security.MessageDigest)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException)
TSPValidationException(org.bouncycastle.tsp.TSPValidationException)
TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
LinkedList(java.util.LinkedList)
TSPValidationException(org.bouncycastle.tsp.TSPValidationException)
XAdES4jException(xades4j.XAdES4jException)
TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException)
TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException)
TSPException(org.bouncycastle.tsp.TSPException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException)
TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException)
TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException)
ValidationData(xades4j.providers.ValidationData)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException)
TSPException(org.bouncycastle.tsp.TSPException)
TimeStampToken(org.bouncycastle.tsp.TimeStampToken)
Example 3 with ValidationData
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class PKIXCertificateValidationProvider method validate.
@Override
public ValidationData validate(X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts) throws CertificateValidationException, UnexpectedJCAException {
PKIXBuilderParameters builderParams;
try {
builderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
} catch (KeyStoreException ex) {
throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore is not initialized", ex);
} catch (InvalidAlgorithmParameterException ex) {
throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore has no trusted certificate entries", ex);
}
PKIXCertPathBuilderResult builderRes;
try {
// - The other certificates from the signature (e.g. from KeyInfo).
if (otherCerts != null) {
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(otherCerts);
CertStore othersCertStore = CertStore.getInstance("Collection", ccsp);
builderParams.addCertStore(othersCertStore);
}
// - The external certificates/CRLs.
for (int i = 0; i < intermCertsAndCrls.length; i++) {
builderParams.addCertStore(intermCertsAndCrls[i]);
}
builderParams.setRevocationEnabled(revocationEnabled);
builderParams.setMaxPathLength(maxPathLength);
builderParams.setDate(validationDate);
builderParams.setSigProvider(this.signatureProvider);
builderRes = (PKIXCertPathBuilderResult) certPathBuilder.build(builderParams);
} catch (CertPathBuilderException ex) {
throw new CannotBuildCertificationPathException(certSelector, ex.getMessage(), ex);
} catch (InvalidAlgorithmParameterException ex) {
// cannot be applied.
throw new CannotSelectCertificateException(certSelector, ex);
} catch (NoSuchAlgorithmException ex) {
// SHOULD NOT be thrown.
throw new UnexpectedJCAException("No provider for Collection CertStore", ex);
}
// The cert path returned by the builder ends in a certificate issued by
// the trust anchor. However, the complete path may be needed for property
// verification.
List<X509Certificate> certPath = (List<X509Certificate>) builderRes.getCertPath().getCertificates();
// - Create a new list since the previous is immutable.
certPath = new ArrayList<X509Certificate>(certPath);
// - Add the trust anchor certificate.
certPath.add(builderRes.getTrustAnchor().getTrustedCert());
if (revocationEnabled) {
return new ValidationData(certPath, getCRLsForCertPath(certPath, validationDate));
}
return new ValidationData(certPath);
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X509Certificate(java.security.cert.X509Certificate)
ValidationData(xades4j.providers.ValidationData)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
UnexpectedJCAException(xades4j.verification.UnexpectedJCAException)
CannotSelectCertificateException(xades4j.providers.CannotSelectCertificateException)
ArrayList(java.util.ArrayList)
List(java.util.List)
CertStore(java.security.cert.CertStore)
CannotBuildCertificationPathException(xades4j.providers.CannotBuildCertificationPathException)
Example 4 with ValidationData
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class PKIXCertificateValidationProviderTest method testValidateMy.
@Test
public void testValidateMy() throws Exception {
System.out.println("validateMy");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/my");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/my/myStore");
ks.load(fis, "mystorepass".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = Luis Goncalves,OU = CC,O = ISEL,C = PT"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, false, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 3);
}
Also used :
ValidationData(xades4j.providers.ValidationData)
FileSystemDirectoryCertStore(xades4j.utils.FileSystemDirectoryCertStore)
X500Principal(javax.security.auth.x500.X500Principal)
X509CertSelector(java.security.cert.X509CertSelector)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
Test(org.junit.Test)
Example 5 with ValidationData
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class PKIXCertificateValidationProviderTest method testValidateNist.
@Test
public void testValidateNist() throws Exception {
System.out.println("validateNist");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/csrc.nist");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/csrc.nist/trustAnchor");
ks.load(fis, "password".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = User1-CP.02.01,OU = Testing,OU = DoD,O = U.S. Government,C = US"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, true, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 4);
assertEquals(result.getCrls().size(), 3);
}
Also used :
ValidationData(xades4j.providers.ValidationData)
FileSystemDirectoryCertStore(xades4j.utils.FileSystemDirectoryCertStore)
X500Principal(javax.security.auth.x500.X500Principal)
X509CertSelector(java.security.cert.X509CertSelector)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
ValidationData (xades4j.providers.ValidationData)6
X509Certificate (java.security.cert.X509Certificate)5
Date (java.util.Date)3
FileInputStream (java.io.FileInputStream)2
KeyStore (java.security.KeyStore)2
X509CertSelector (java.security.cert.X509CertSelector)2
X500Principal (javax.security.auth.x500.X500Principal)2
Test (org.junit.Test)2
FileSystemDirectoryCertStore (xades4j.utils.FileSystemDirectoryCertStore)2
IOException (java.io.IOException)1
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1
KeyStoreException (java.security.KeyStoreException)1
MessageDigest (java.security.MessageDigest)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
CertPathBuilderException (java.security.cert.CertPathBuilderException)1
CertStore (java.security.cert.CertStore)1
CertificateException (java.security.cert.CertificateException)1
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)1
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)1
PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)1
