Search in sources :

Example 1 with ReferencesRes

use of xades4j.verification.SignatureUtils.ReferencesRes in project xades4j by luisgoncalves.

the class XadesVerifierImpl method verify.

@Override
public XAdESVerificationResult verify(Element signatureElem, SignatureSpecificVerificationOptions verificationOptions) throws XAdES4jException {
    if (null == signatureElem) {
        throw new NullPointerException("Signature node not specified");
    }
    if (null == verificationOptions) {
        verificationOptions = SignatureSpecificVerificationOptions.empty;
    }
    /* Unmarshal the signature */
    XMLSignature signature;
    try {
        signature = new XMLSignature(signatureElem, verificationOptions.getBaseUri(), this.secureValidation);
    } catch (XMLSecurityException ex) {
        throw new UnmarshalException("Bad XML signature", ex);
    }
    String signatureId = signature.getId();
    if (null == signatureId) {
        throw new UnmarshalException("XML signature doesn't have an Id");
    }
    ReferencesRes referencesRes = SignatureUtils.processReferences(signature);
    /* Apply early verifiers */
    RawSignatureVerifierContext rawCtx = new RawSignatureVerifierContext(signature);
    for (RawSignatureVerifier rawSignatureVerifier : this.rawSigVerifiers) {
        rawSignatureVerifier.verify(rawCtx);
    }
    /* Get and check the QualifyingProperties element */
    Element qualifyingPropsElem = SignatureUtils.getQualifyingPropertiesElement(signature);
    SignatureUtils.checkSignedPropertiesIncorporation(qualifyingPropsElem, referencesRes.signedPropsReference);
    // Check the QualifyingProperties 'Target' attribute.
    Node targetAttr = qualifyingPropsElem.getAttributeNodeNS(null, QualifyingProperty.TARGET_ATTR);
    if (null == targetAttr) {
        targetAttr = qualifyingPropsElem.getAttributeNodeNS(QualifyingProperty.XADES_XMLNS, QualifyingProperty.TARGET_ATTR);
        if (null == targetAttr) {
            throw new QualifyingPropertiesIncorporationException("QualifyingProperties Target attribute not present");
        }
    }
    String targetValue = targetAttr.getNodeValue();
    if (null == targetValue || !targetValue.startsWith("#") || !targetValue.substring(1).equals(signatureId)) {
        throw new QualifyingPropertiesIncorporationException("QualifyingProperties target doesn't match the signature's Id");
    }
    /* Unmarshal the qualifying properties */
    QualifPropsDataCollectorImpl propsDataCollector = new QualifPropsDataCollectorImpl();
    qualifPropsUnmarshaller.unmarshalProperties(qualifyingPropsElem, propsDataCollector);
    Collection<PropertyDataObject> qualifPropsData = propsDataCollector.getPropertiesData();
    /* Certification path */
    KeyInfoRes keyInfoRes = SignatureUtils.processKeyInfo(signature.getKeyInfo());
    Date validationDate = getValidationDate(qualifPropsData, signature, verificationOptions);
    ValidationData certValidationRes = this.certificateValidator.validate(keyInfoRes.certSelector, validationDate, keyInfoRes.keyInfoCerts);
    if (null == certValidationRes || certValidationRes.getCerts().isEmpty()) {
        throw new NullPointerException("Certificate validator returned null or empty data");
    }
    X509Certificate validationCert = certValidationRes.getCerts().get(0);
    /* Signature verification */
    // Core XML-DSIG verification.
    doCoreVerification(signature, verificationOptions, validationCert);
    // Create the properties verification context.
    QualifyingPropertyVerificationContext qPropsCtx = new QualifyingPropertyVerificationContext(signature, new QualifyingPropertyVerificationContext.CertificationChainData(certValidationRes.getCerts(), certValidationRes.getCrls(), keyInfoRes.issuerSerial), /**/
    new QualifyingPropertyVerificationContext.SignedObjectsData(referencesRes.dataObjsReferences, signature));
    // Verify the properties. Data structure verification is included.
    Collection<PropertyInfo> props = this.qualifyingPropertiesVerifier.verifyProperties(qualifPropsData, qPropsCtx);
    XAdESVerificationResult res = new XAdESVerificationResult(XAdESFormChecker.checkForm(props), signature, certValidationRes, props, referencesRes.dataObjsReferences);
    // Apply the custom signature verifiers.
    for (CustomSignatureVerifier customVer : this.customSigVerifiers) {
        customVer.verify(res, qPropsCtx);
    }
    return res;
}
Also used : ReferencesRes(xades4j.verification.SignatureUtils.ReferencesRes) Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) KeyInfoRes(xades4j.verification.SignatureUtils.KeyInfoRes) XMLSignature(org.apache.xml.security.signature.XMLSignature) UnmarshalException(xades4j.xml.unmarshalling.UnmarshalException) PropertyDataObject(xades4j.properties.data.PropertyDataObject) RawSignatureVerifierContext(xades4j.verification.RawSignatureVerifier.RawSignatureVerifierContext) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) ValidationData(xades4j.providers.ValidationData)

Aggregations

X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1 XMLSignature (org.apache.xml.security.signature.XMLSignature)1 Element (org.w3c.dom.Element)1 Node (org.w3c.dom.Node)1 PropertyDataObject (xades4j.properties.data.PropertyDataObject)1 ValidationData (xades4j.providers.ValidationData)1 RawSignatureVerifierContext (xades4j.verification.RawSignatureVerifier.RawSignatureVerifierContext)1 KeyInfoRes (xades4j.verification.SignatureUtils.KeyInfoRes)1 ReferencesRes (xades4j.verification.SignatureUtils.ReferencesRes)1 UnmarshalException (xades4j.xml.unmarshalling.UnmarshalException)1