Search in sources :

Example 1 with ValidationData

use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.

the class SignerC method getFormatSpecificSignatureProperties.

@Override
protected void getFormatSpecificSignatureProperties(Collection<SignedSignatureProperty> formatSpecificSignedSigProps, Collection<UnsignedSignatureProperty> formatSpecificUnsignedSigProps, List<X509Certificate> signingCertificateChain) throws XAdES4jException {
    super.getFormatSpecificSignatureProperties(formatSpecificSignedSigProps, formatSpecificUnsignedSigProps, signingCertificateChain);
    ValidationData vData = this.validationDataProvider.getValidationData(signingCertificateChain);
    if (null == vData)
        throw new ValidationDataException("Validation data not provided");
    PropertiesUtils.addXadesCProperties(formatSpecificUnsignedSigProps, vData);
}
Also used : ValidationData(xades4j.providers.ValidationData) ValidationDataException(xades4j.providers.ValidationDataException)

Example 2 with ValidationData

use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.

the class DefaultTimeStampVerificationProvider method verifyToken.

@Override
public Date verifyToken(byte[] timeStampToken, byte[] tsDigestInput) throws TimeStampTokenVerificationException {
    TimeStampToken tsToken;
    try {
        ASN1InputStream asn1is = new ASN1InputStream(timeStampToken);
        ContentInfo tsContentInfo = ContentInfo.getInstance(asn1is.readObject());
        asn1is.close();
        tsToken = new TimeStampToken(tsContentInfo);
    } catch (IOException ex) {
        throw new TimeStampTokenStructureException("Error parsing encoded token", ex);
    } catch (TSPException ex) {
        throw new TimeStampTokenStructureException("Invalid token", ex);
    }
    X509Certificate tsaCert = null;
    try {
        /* Validate the TSA certificate */
        LinkedList<X509Certificate> certs = new LinkedList<X509Certificate>();
        for (Object certHolder : tsToken.getCertificates().getMatches(new AllCertificatesSelector())) {
            certs.add(this.x509CertificateConverter.getCertificate((X509CertificateHolder) certHolder));
        }
        ValidationData vData = this.certificateValidationProvider.validate(x509CertSelectorConverter.getCertSelector(tsToken.getSID()), tsToken.getTimeStampInfo().getGenTime(), certs);
        tsaCert = vData.getCerts().get(0);
    } catch (CertificateException ex) {
        throw new TimeStampTokenVerificationException(ex.getMessage(), ex);
    } catch (XAdES4jException ex) {
        throw new TimeStampTokenTSACertException("cannot validate TSA certificate", ex);
    }
    try {
        tsToken.validate(this.signerInfoVerifierBuilder.build(tsaCert));
    } catch (TSPValidationException ex) {
        throw new TimeStampTokenSignatureException("Invalid token signature or certificate", ex);
    } catch (Exception ex) {
        throw new TimeStampTokenVerificationException("Error when verifying the token signature", ex);
    }
    org.bouncycastle.tsp.TimeStampTokenInfo tsTokenInfo = tsToken.getTimeStampInfo();
    try {
        String digestAlgUri = uriForDigest(tsTokenInfo.getMessageImprintAlgOID());
        MessageDigest md = messageDigestProvider.getEngine(digestAlgUri);
        if (!Arrays.equals(md.digest(tsDigestInput), tsTokenInfo.getMessageImprintDigest())) {
            throw new TimeStampTokenDigestException();
        }
    } catch (UnsupportedAlgorithmException ex) {
        throw new TimeStampTokenVerificationException("The token's digest algorithm is not supported", ex);
    }
    return tsTokenInfo.getGenTime();
}
Also used : CertificateException(java.security.cert.CertificateException) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) XAdES4jException(xades4j.XAdES4jException) TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException) MessageDigest(java.security.MessageDigest) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException) TSPValidationException(org.bouncycastle.tsp.TSPValidationException) TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) LinkedList(java.util.LinkedList) TSPValidationException(org.bouncycastle.tsp.TSPValidationException) XAdES4jException(xades4j.XAdES4jException) TimeStampTokenTSACertException(xades4j.providers.TimeStampTokenTSACertException) TimeStampTokenStructureException(xades4j.providers.TimeStampTokenStructureException) TSPException(org.bouncycastle.tsp.TSPException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TimeStampTokenDigestException(xades4j.providers.TimeStampTokenDigestException) TimeStampTokenVerificationException(xades4j.providers.TimeStampTokenVerificationException) TimeStampTokenSignatureException(xades4j.providers.TimeStampTokenSignatureException) ValidationData(xades4j.providers.ValidationData) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) UnsupportedAlgorithmException(xades4j.UnsupportedAlgorithmException) TSPException(org.bouncycastle.tsp.TSPException) TimeStampToken(org.bouncycastle.tsp.TimeStampToken)

Example 3 with ValidationData

use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.

the class PKIXCertificateValidationProvider method validate.

@Override
public ValidationData validate(X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts) throws CertificateValidationException, UnexpectedJCAException {
    PKIXBuilderParameters builderParams;
    try {
        builderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
    } catch (KeyStoreException ex) {
        throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore is not initialized", ex);
    } catch (InvalidAlgorithmParameterException ex) {
        throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore has no trusted certificate entries", ex);
    }
    PKIXCertPathBuilderResult builderRes;
    try {
        // - The other certificates from the signature (e.g. from KeyInfo).
        if (otherCerts != null) {
            CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(otherCerts);
            CertStore othersCertStore = CertStore.getInstance("Collection", ccsp);
            builderParams.addCertStore(othersCertStore);
        }
        // - The external certificates/CRLs.
        for (int i = 0; i < intermCertsAndCrls.length; i++) {
            builderParams.addCertStore(intermCertsAndCrls[i]);
        }
        builderParams.setRevocationEnabled(revocationEnabled);
        builderParams.setMaxPathLength(maxPathLength);
        builderParams.setDate(validationDate);
        builderParams.setSigProvider(this.signatureProvider);
        builderRes = (PKIXCertPathBuilderResult) certPathBuilder.build(builderParams);
    } catch (CertPathBuilderException ex) {
        throw new CannotBuildCertificationPathException(certSelector, ex.getMessage(), ex);
    } catch (InvalidAlgorithmParameterException ex) {
        // cannot be applied.
        throw new CannotSelectCertificateException(certSelector, ex);
    } catch (NoSuchAlgorithmException ex) {
        // SHOULD NOT be thrown.
        throw new UnexpectedJCAException("No provider for Collection CertStore", ex);
    }
    // The cert path returned by the builder ends in a certificate issued by
    // the trust anchor. However, the complete path may be needed for property
    // verification.
    List<X509Certificate> certPath = (List<X509Certificate>) builderRes.getCertPath().getCertificates();
    // - Create a new list since the previous is immutable.
    certPath = new ArrayList<X509Certificate>(certPath);
    // - Add the trust anchor certificate.
    certPath.add(builderRes.getTrustAnchor().getTrustedCert());
    if (revocationEnabled) {
        return new ValidationData(certPath, getCRLsForCertPath(certPath, validationDate));
    }
    return new ValidationData(certPath);
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) ValidationData(xades4j.providers.ValidationData) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertPathBuilderException(java.security.cert.CertPathBuilderException) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) UnexpectedJCAException(xades4j.verification.UnexpectedJCAException) CannotSelectCertificateException(xades4j.providers.CannotSelectCertificateException) ArrayList(java.util.ArrayList) List(java.util.List) CertStore(java.security.cert.CertStore) CannotBuildCertificationPathException(xades4j.providers.CannotBuildCertificationPathException)

Example 4 with ValidationData

use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.

the class PKIXCertificateValidationProviderTest method testValidateMy.

@Test
public void testValidateMy() throws Exception {
    System.out.println("validateMy");
    FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/my");
    KeyStore ks = KeyStore.getInstance("jks");
    FileInputStream fis = new FileInputStream("./src/test/cert/my/myStore");
    ks.load(fis, "mystorepass".toCharArray());
    fis.close();
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setSubject(new X500Principal("CN = Luis Goncalves,OU = CC,O = ISEL,C = PT"));
    Collection<X509Certificate> otherCerts = Collections.emptyList();
    PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, false, certStore.getStore());
    ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
    assertEquals(result.getCerts().size(), 3);
}
Also used : ValidationData(xades4j.providers.ValidationData) FileSystemDirectoryCertStore(xades4j.utils.FileSystemDirectoryCertStore) X500Principal(javax.security.auth.x500.X500Principal) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) Test(org.junit.Test)

Example 5 with ValidationData

use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.

the class PKIXCertificateValidationProviderTest method testValidateNist.

@Test
public void testValidateNist() throws Exception {
    System.out.println("validateNist");
    FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/csrc.nist");
    KeyStore ks = KeyStore.getInstance("jks");
    FileInputStream fis = new FileInputStream("./src/test/cert/csrc.nist/trustAnchor");
    ks.load(fis, "password".toCharArray());
    fis.close();
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setSubject(new X500Principal("CN = User1-CP.02.01,OU = Testing,OU = DoD,O = U.S. Government,C = US"));
    Collection<X509Certificate> otherCerts = Collections.emptyList();
    PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, true, certStore.getStore());
    ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
    assertEquals(result.getCerts().size(), 4);
    assertEquals(result.getCrls().size(), 3);
}
Also used : ValidationData(xades4j.providers.ValidationData) FileSystemDirectoryCertStore(xades4j.utils.FileSystemDirectoryCertStore) X500Principal(javax.security.auth.x500.X500Principal) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) Test(org.junit.Test)

Aggregations

ValidationData (xades4j.providers.ValidationData)6 X509Certificate (java.security.cert.X509Certificate)5 Date (java.util.Date)3 FileInputStream (java.io.FileInputStream)2 KeyStore (java.security.KeyStore)2 X509CertSelector (java.security.cert.X509CertSelector)2 X500Principal (javax.security.auth.x500.X500Principal)2 Test (org.junit.Test)2 FileSystemDirectoryCertStore (xades4j.utils.FileSystemDirectoryCertStore)2 IOException (java.io.IOException)1 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 KeyStoreException (java.security.KeyStoreException)1 MessageDigest (java.security.MessageDigest)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 CertPathBuilderException (java.security.cert.CertPathBuilderException)1 CertStore (java.security.cert.CertStore)1 CertificateException (java.security.cert.CertificateException)1 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)1 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)1 PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)1