use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class SignerC method getFormatSpecificSignatureProperties.
@Override
protected void getFormatSpecificSignatureProperties(Collection<SignedSignatureProperty> formatSpecificSignedSigProps, Collection<UnsignedSignatureProperty> formatSpecificUnsignedSigProps, List<X509Certificate> signingCertificateChain) throws XAdES4jException {
super.getFormatSpecificSignatureProperties(formatSpecificSignedSigProps, formatSpecificUnsignedSigProps, signingCertificateChain);
ValidationData vData = this.validationDataProvider.getValidationData(signingCertificateChain);
if (null == vData)
throw new ValidationDataException("Validation data not provided");
PropertiesUtils.addXadesCProperties(formatSpecificUnsignedSigProps, vData);
}
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class DefaultTimeStampVerificationProvider method verifyToken.
@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
TimeStampToken tsToken;
try {
ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
asn1is.close();
tsToken = new TimeStampToken(tsContentInfo);
} catch (IOException ex) {
throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
} catch (TSPException ex) {
throw new TimeStampTokenStructureException("Invalid token", ex);
}
X509Certificate tsaCert = null;
try {
/* Validate the TSA certificate */
LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
}
ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
tsaCert = vData.getCerts().get(0);
} catch (CertificateException ex) {
throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
} catch (XAdES4jException ex) {
throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
}
try {
tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
} catch (TSPValidationException ex) {
throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
} catch (Exception ex) {
throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
}
org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
try {
String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
throw new TimeStampTokenDigestException();
}
} catch (UnsupportedAlgorithmException ex) {
throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
}
return tsTokenInfo.getGenTime();
}
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class PKIXCertificateValidationProvider method validate.
@Override
public ValidationData validate(X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts) throws CertificateValidationException, UnexpectedJCAException {
PKIXBuilderParameters builderParams;
try {
builderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
} catch (KeyStoreException ex) {
throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore is not initialized", ex);
} catch (InvalidAlgorithmParameterException ex) {
throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore has no trusted certificate entries", ex);
}
PKIXCertPathBuilderResult builderRes;
try {
// - The other certificates from the signature (e.g. from KeyInfo).
if (otherCerts != null) {
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(otherCerts);
CertStore othersCertStore = CertStore.getInstance("Collection", ccsp);
builderParams.addCertStore(othersCertStore);
}
// - The external certificates/CRLs.
for (int i = 0; i < intermCertsAndCrls.length; i++) {
builderParams.addCertStore(intermCertsAndCrls[i]);
}
builderParams.setRevocationEnabled(revocationEnabled);
builderParams.setMaxPathLength(maxPathLength);
builderParams.setDate(validationDate);
builderParams.setSigProvider(this.signatureProvider);
builderRes = (PKIXCertPathBuilderResult) certPathBuilder.build(builderParams);
} catch (CertPathBuilderException ex) {
throw new CannotBuildCertificationPathException(certSelector, ex.getMessage(), ex);
} catch (InvalidAlgorithmParameterException ex) {
// cannot be applied.
throw new CannotSelectCertificateException(certSelector, ex);
} catch (NoSuchAlgorithmException ex) {
// SHOULD NOT be thrown.
throw new UnexpectedJCAException("No provider for Collection CertStore", ex);
}
// The cert path returned by the builder ends in a certificate issued by
// the trust anchor. However, the complete path may be needed for property
// verification.
List<X509Certificate> certPath = (List<X509Certificate>) builderRes.getCertPath().getCertificates();
// - Create a new list since the previous is immutable.
certPath = new ArrayList<X509Certificate>(certPath);
// - Add the trust anchor certificate.
certPath.add(builderRes.getTrustAnchor().getTrustedCert());
if (revocationEnabled) {
return new ValidationData(certPath, getCRLsForCertPath(certPath, validationDate));
}
return new ValidationData(certPath);
}
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class PKIXCertificateValidationProviderTest method testValidateMy.
@Test
public void testValidateMy() throws Exception {
System.out.println("validateMy");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/my");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/my/myStore");
ks.load(fis, "mystorepass".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = Luis Goncalves,OU = CC,O = ISEL,C = PT"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, false, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 3);
}
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class PKIXCertificateValidationProviderTest method testValidateNist.
@Test
public void testValidateNist() throws Exception {
System.out.println("validateNist");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/csrc.nist");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/csrc.nist/trustAnchor");
ks.load(fis, "password".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = User1-CP.02.01,OU = Testing,OU = DoD,O = U.S. Government,C = US"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, true, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 4);
assertEquals(result.getCrls().size(), 3);
}
Aggregations