/** * @param packaging {@code SignaturePackaging} to be checked * @throws DSSException if the packaging is not supported for this kind of signature */ private void assertSignaturePackaging(final SignaturePackaging packaging) throws DSSException { if (packaging != SignaturePackaging.ENVELOPING && packaging != SignaturePackaging.DETACHED) { throw new DSSException("Unsupported signature packaging: " + packaging); } } }
private TrustStatusList loadLotl() { X509Certificate lotlCert = null; if (checkSignature) { lotlCert = readLOTLCertificate(); } TrustStatusList lotl; try { LOG.info("Downloading LOTL from url= {}", lotlUrl); final ArrayList<X509Certificate> x509CertificateList = new ArrayList<X509Certificate>(); x509CertificateList.add(lotlCert); lotl = getTrustStatusList(lotlUrl, x509CertificateList); } catch (DSSException e) { LOG.error("The LOTL cannot be loaded: " + e.getMessage(), e); throw e; } diagnosticInfo.put(lotlUrl, "Loaded " + new Date().toString()); return lotl; }
private void storeSignedFiles(final DSSDocument detachedDocument, final ZipOutputStream outZip) throws DSSException { DSSDocument currentDetachedDocument = detachedDocument; do { final String detachedDocumentName = currentDetachedDocument.getName(); final String name = detachedDocumentName != null ? detachedDocumentName : ZIP_ENTRY_DETACHED_FILE; final ZipEntry entryDocument = new ZipEntry(name); outZip.setLevel(ZipEntry.DEFLATED); try { createZipEntry(outZip, entryDocument); final InputStream inputStream = currentDetachedDocument.openStream(); DSSUtils.copy(inputStream, outZip); DSSUtils.closeQuietly(inputStream); } catch (DSSException e) { if (!(e.getCause() instanceof ZipException && e.getCause().getMessage().startsWith("duplicate entry:"))) { throw e; } } currentDetachedDocument = currentDetachedDocument.getNextDocument(); } while (currentDetachedDocument != null); }
/** * Returns the list of certificate representing the digital identity of this service. * * @return {@code List} of {@code Object} which can be {@code X509Certificate} or {@code X500Principal} */ List<Object> getDigitalIdentity() { final List<Object> certs = new ArrayList<Object>(); for (final DigitalIdentityType digitalIdentity : getServiceDigitalIdentity().getDigitalId()) { try { final byte[] x509CertificateBytes = digitalIdentity.getX509Certificate(); if (x509CertificateBytes != null) { final X509Certificate x509Certificate = DSSUtils.loadCertificate(x509CertificateBytes); // System.out.println(" ----- > " + x509Certificate.getSubjectX500Principal()); certs.add(x509Certificate); } else { final String x509SubjectName = digitalIdentity.getX509SubjectName(); if (x509SubjectName != null) { final X500Principal x500Principal = DSSUtils.getX500Principal(x509SubjectName); certs.add(x500Principal); } } } catch (DSSException e) { LOG.warn(e.getLocalizedMessage()); } } return certs; }
/** * This method returns the public algorithm extracted from public key infrastructure. (ex: RSA) * * @param publicKey * @return */ public static String getPublicKeyEncryptionAlgo(final Key publicKey) { String publicKeyAlgorithm = "?"; // (List of different public key implementations with instanceOf test removed) publicKeyAlgorithm = publicKey.getAlgorithm(); if (!"?".equals(publicKeyAlgorithm)) { try { publicKeyAlgorithm = EncryptionAlgorithm.forName(publicKeyAlgorithm).getName(); } catch (DSSException e) { LOG.error(e.getMessage()); } } return publicKeyAlgorithm; }
@Override protected void init() throws ControllerException { // FIXME try { getController().signDocument(); } catch (final IOException e) { throw new ControllerException(e); } catch (final NoSuchAlgorithmException e) { throw new ControllerException(e); } catch (DSSException e) { if (e.getCause() != null && (e.getCause() instanceof SignatureException && getModel().getTokenType() == SignatureTokenType.MSCAPI) || (e .getCause() instanceof javax.crypto.BadPaddingException && getModel().getTokenType() == SignatureTokenType.PKCS11)) { // probably because the digest algorithm is not supported by the card throw new ControllerException( String.format("Error when signing. The chosen digest alorithm (%s) might not be supported by your signing device.", getModel().getSignatureDigestAlgorithm()), e); } throw new ControllerException(e); } }
LOG.warn(e.getLocalizedMessage());
/** * See {@link #currentTime} * * @return */ public void setCurrentTime(final Date currentTime) { if (this.currentTime != null) { throw new DSSException(EXCEPTION_CTVSBIOO); } this.currentTime = currentTime; }
/** * */ public void doRefreshPrivateKeys() { try { final SignatureTokenConnection tokenConnection = getModel().getTokenConnection(); getModel().setPrivateKeys(tokenConnection.getKeys()); } catch (final DSSException e) { // FIXME LOG.error(e.getMessage(), e); } }
/** * The method {@code matchData} must be invoked previously. * * @return true if the message imprint data is intact, false otherwise */ public Boolean isMessageImprintDataIntact() { if (messageImprintIntact == null) { throw new DSSException("Invoke matchData(byte[] data) method before!"); } return messageImprintIntact; }
@Override public RevocationToken check(final CertificateToken toCheckToken) { if (ocspSource == null) { LOG.warn("OCSPSource null"); toCheckToken.extraInfo().infoOCSPSourceIsNull(); return null; } try { final OCSPToken ocspToken = ocspSource.getOCSPToken(toCheckToken, validationCertPool); if (ocspToken == null) { if (LOG.isInfoEnabled()) { LOG.debug("No matching OCSP response found for " + toCheckToken.getDSSIdAsString()); } } return ocspToken; } catch (DSSException e) { LOG.error("OCSP DSS Exception: " + e.getMessage(), e); toCheckToken.extraInfo().infoOCSPException(e); return null; } } }
/** * A specific constructor to allow non-file based usage of p12 data * * @param password * @param pkcs12Data */ public Pkcs12SignatureToken(char[] password, byte[] pkcs12Data) { this.password = password; if (pkcs12Data == null) { throw new DSSException("PKCS12 data not provided"); } this.pkcs12Data = pkcs12Data; }
/** * Get the issuer's certificate from Authority Information Access through id-ad-caIssuers extension. * * @param token {@code CertificateToken} for which the issuer is sought. * @return {@code CertificateToken} representing the issuer certificate or null. */ private CertificateToken getIssuerFromAIA(final CertificateToken token) { final X509Certificate issuerCert; try { LOG.info("Retrieving {} certificate's issuer using AIA.", token.getAbbreviation()); issuerCert = DSSUtils.loadIssuerCertificate(token.getCertificate(), dataLoader); if (issuerCert != null) { final CertificateToken issuerCertToken = validationCertificatePool.getInstance(issuerCert, CertificateSourceType.AIA); if (token.isSignedBy(issuerCertToken)) { return issuerCertToken; } LOG.info("The retrieved certificate using AIA does not sign the certificate {}.", token.getAbbreviation()); } else { LOG.info("The issuer certificate cannot be loaded using AIA."); } } catch (DSSException e) { LOG.error(e.getMessage()); } return null; }
private static void zipWriteBytes(final ZipOutputStream outZip, final byte[] bytes) throws DSSException { try { outZip.write(bytes); } catch (IOException e) { throw new DSSException(e); } }
/** * Checks if the {@code TimeStampToken} matches the signed data. * * @param data the array of {@code byte} representing the timestamped data * @return true if the data is verified by the TimeStampToken */ public boolean matchData(final byte[] data) { try { messageImprintData = data != null; final TimeStampTokenInfo timeStampInfo = timeStamp.getTimeStampInfo(); final ASN1ObjectIdentifier hashAlgorithm = timeStampInfo.getHashAlgorithm().getAlgorithm(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(hashAlgorithm); final byte[] computedDigest = DSSUtils.digest(digestAlgorithm, data); final byte[] timestampDigest = timeStampInfo.getMessageImprintDigest(); messageImprintIntact = Arrays.equals(computedDigest, timestampDigest); if (!messageImprintIntact) { LOG.error("Extracted data from the document: {}", DSSUtils.encodeHexString(data, 200)); LOG.error("Computed digest ({}) on the extracted data from the document : {}", digestAlgorithm, DSSUtils.encodeHexString(computedDigest)); LOG.error("Digest present in TimestampToken: {}", DSSUtils.encodeHexString(timestampDigest)); LOG.error("Digest in TimestampToken matches digest of extracted data from document: {}", messageImprintIntact); } } catch (DSSException e) { messageImprintIntact = false; signedDataMessage = "Timestamp digest problem: " + e.getMessage(); } return messageImprintIntact; }
public static byte[] getUtf8Bytes(final String string) { if (string == null) { return null; } try { final byte[] bytes = string.getBytes("UTF-8"); return bytes; } catch (UnsupportedEncodingException e) { throw new DSSException(e); } }
private static void createZipEntry(final ZipOutputStream outZip, final ZipEntry entrySignature) throws DSSException { try { outZip.putNextEntry(entrySignature); } catch (IOException e) { throw new DSSException(e); } }
public static SignatureAlgorithm forOID(final String oid) { final SignatureAlgorithm algorithm = OID_ALGORITHMS.get(oid); if (algorithm == null) { throw new DSSException("Unsupported algorithm: " + oid); } return algorithm; }
private static ZipEntry getNextZipEntry(final ZipInputStream zipInputStream) throws DSSException { try { return zipInputStream.getNextEntry(); } catch (IOException e) { throw new DSSException(e); } }
public XmlNode(final String name, final String value) { int _pos = name.indexOf(' '); if (_pos != -1) { throw new DSSException("The node name is not correct: " + name); } this.name = name; this.value = value; }