Example 6 with ValidationData
use of xades4j.providers.ValidationData in project xades4j by luisgoncalves.
the class XadesVerifierImpl method verify.
@Override
public XAdESVerificationResult verify(Element signatureElem, SignatureSpecificVerificationOptions verificationOptions) throws XAdES4jException {
if (null == signatureElem) {
throw new NullPointerException("Signature node not specified");
}
if (null == verificationOptions) {
verificationOptions = SignatureSpecificVerificationOptions.empty;
}
/* Unmarshal the signature */
XMLSignature signature;
try {
signature = new XMLSignature(signatureElem, verificationOptions.getBaseUri(), this.secureValidation);
} catch (XMLSecurityException ex) {
throw new UnmarshalException("Bad XML signature", ex);
}
String signatureId = signature.getId();
if (null == signatureId) {
throw new UnmarshalException("XML signature doesn't have an Id");
}
ReferencesRes referencesRes = SignatureUtils.processReferences(signature);
/* Apply early verifiers */
RawSignatureVerifierContext rawCtx = new RawSignatureVerifierContext(signature);
for (RawSignatureVerifier rawSignatureVerifier : this.rawSigVerifiers) {
rawSignatureVerifier.verify(rawCtx);
}
/* Get and check the QualifyingProperties element */
Element qualifyingPropsElem = SignatureUtils.getQualifyingPropertiesElement(signature);
SignatureUtils.checkSignedPropertiesIncorporation(qualifyingPropsElem, referencesRes.signedPropsReference);
// Check the QualifyingProperties 'Target' attribute.
Node targetAttr = qualifyingPropsElem.getAttributeNodeNS(null, QualifyingProperty.TARGET_ATTR);
if (null == targetAttr) {
targetAttr = qualifyingPropsElem.getAttributeNodeNS(QualifyingProperty.XADES_XMLNS, QualifyingProperty.TARGET_ATTR);
if (null == targetAttr) {
throw new QualifyingPropertiesIncorporationException("QualifyingProperties Target attribute not present");
}
}
String targetValue = targetAttr.getNodeValue();
if (null == targetValue || !targetValue.startsWith("#") || !targetValue.substring(1).equals(signatureId)) {
throw new QualifyingPropertiesIncorporationException("QualifyingProperties target doesn't match the signature's Id");
}
/* Unmarshal the qualifying properties */
QualifPropsDataCollectorImpl propsDataCollector = new QualifPropsDataCollectorImpl();
qualifPropsUnmarshaller.unmarshalProperties(qualifyingPropsElem, propsDataCollector);
Collection<PropertyDataObject> qualifPropsData = propsDataCollector.getPropertiesData();
/* Certification path */
KeyInfoRes keyInfoRes = SignatureUtils.processKeyInfo(signature.getKeyInfo());
Date validationDate = getValidationDate(qualifPropsData, signature, verificationOptions);
ValidationData certValidationRes = this.certificateValidator.validate(keyInfoRes.certSelector, validationDate, keyInfoRes.keyInfoCerts);
if (null == certValidationRes || certValidationRes.getCerts().isEmpty()) {
throw new NullPointerException("Certificate validator returned null or empty data");
}
X509Certificate validationCert = certValidationRes.getCerts().get(0);
/* Signature verification */
// Core XML-DSIG verification.
doCoreVerification(signature, verificationOptions, validationCert);
// Create the properties verification context.
QualifyingPropertyVerificationContext qPropsCtx = new QualifyingPropertyVerificationContext(signature, new QualifyingPropertyVerificationContext.CertificationChainData(certValidationRes.getCerts(), certValidationRes.getCrls(), keyInfoRes.issuerSerial), /**/
new QualifyingPropertyVerificationContext.SignedObjectsData(referencesRes.dataObjsReferences, signature));
// Verify the properties. Data structure verification is included.
Collection<PropertyInfo> props = this.qualifyingPropertiesVerifier.verifyProperties(qualifPropsData, qPropsCtx);
XAdESVerificationResult res = new XAdESVerificationResult(XAdESFormChecker.checkForm(props), signature, certValidationRes, props, referencesRes.dataObjsReferences);
// Apply the custom signature verifiers.
for (CustomSignatureVerifier customVer : this.customSigVerifiers) {
customVer.verify(res, qPropsCtx);
}
return res;
}
Also used :
ReferencesRes(xades4j.verification.SignatureUtils.ReferencesRes)
Element(org.w3c.dom.Element)
Node(org.w3c.dom.Node)
KeyInfoRes(xades4j.verification.SignatureUtils.KeyInfoRes)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
UnmarshalException(xades4j.xml.unmarshalling.UnmarshalException)
PropertyDataObject(xades4j.properties.data.PropertyDataObject)
RawSignatureVerifierContext(xades4j.verification.RawSignatureVerifier.RawSignatureVerifierContext)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
ValidationData(xades4j.providers.ValidationData)
Aggregations
ValidationData (xades4j.providers.ValidationData)6
X509Certificate (java.security.cert.X509Certificate)5
Date (java.util.Date)3
FileInputStream (java.io.FileInputStream)2
KeyStore (java.security.KeyStore)2
X509CertSelector (java.security.cert.X509CertSelector)2
X500Principal (javax.security.auth.x500.X500Principal)2
Test (org.junit.Test)2
FileSystemDirectoryCertStore (xades4j.utils.FileSystemDirectoryCertStore)2
IOException (java.io.IOException)1
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1
KeyStoreException (java.security.KeyStoreException)1
MessageDigest (java.security.MessageDigest)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
CertPathBuilderException (java.security.cert.CertPathBuilderException)1
CertStore (java.security.cert.CertStore)1
CertificateException (java.security.cert.CertificateException)1
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)1
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)1
PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)1
