/** * Adds the triples holding the signature data to the model of the specified resource, using the resource as the * subject. * @param subject * @param wonSignatureData */ public static void addSignature(Resource subject, WonSignatureData wonSignatureData){ assert wonSignatureData.getHash() != null; assert wonSignatureData.getSignatureValue() != null; assert wonSignatureData.getPublicKeyFingerprint() != null; assert wonSignatureData.getSignedGraphUri() != null; assert wonSignatureData.getVerificationCertificateUri() != null; Model containingGraph = subject.getModel(); subject.addProperty(RDF.type, SFSIG.SIGNATURE); subject.addProperty(WONMSG.HAS_HASH_PROPERTY, wonSignatureData.getHash()); subject.addProperty(SFSIG.HAS_SIGNATURE_VALUE, wonSignatureData.getSignatureValue()); subject.addProperty(WONMSG.HAS_SIGNED_GRAPH_PROPERTY, containingGraph.createResource(wonSignatureData.getSignedGraphUri())); subject.addProperty(WONMSG.HAS_PUBLIC_KEY_FINGERPRINT_PROPERTY, wonSignatureData.getPublicKeyFingerprint()); subject.addProperty(SFSIG.HAS_VERIFICATION_CERT, containingGraph.createResource(wonSignatureData .getVerificationCertificateUri())); } }
public void addSignatureData(WonSignatureData wonSignatureData) { signatures.add(wonSignatureData); if (!signedGraphNameToSignatureGraphName.containsKey(wonSignatureData.getSignedGraphUri())) { signedGraphNameToSignatureGraphName.put(wonSignatureData.getSignedGraphUri(), new ArrayList<String>()); } signatureGraphNameToSignedGraphName.put(wonSignatureData.getSignatureUri(), wonSignatureData.getSignedGraphUri()); signedGraphNameToSignatureGraphName.get(wonSignatureData.getSignedGraphUri()).add(wonSignatureData.getSignatureUri()); signatureGraphNameToSignatureValue.put(wonSignatureData.getSignatureUri(), wonSignatureData.getSignatureValue()); }
private void extractSignatureData(final String uri, final Model model) { WonSignatureData wonSignatureData = WonRdfUtils.SignatureUtils.extractWonSignatureData(uri,model); if (wonSignatureData != null && wonSignatureData.getSignatureValue() != null) { graphUriToSigUri.put(wonSignatureData.getSignedGraphUri(), uri); sigUriToSigReference.put(uri, wonSignatureData); } }
.getHash().toByteArray())); WonSignatureData sigRef = new WonSignatureData(signedGraphUri, signatureUri, sigValue.getSignature(), hash , fingerprint, cert);
private void addSignatureToResult(final String graphUri, final Model model) { WonSignatureData wonSignatureData = WonRdfUtils.SignatureUtils.extractWonSignatureData(graphUri, model); if (wonSignatureData != null && wonSignatureData.getSignatureValue() != null) { verificationState.addSignatureData(wonSignatureData); } }
/** * If the provided signing stage has unsigned content graphs, sign them. * This adds the signature triples to the graph, add signature graphs * to the dataset, and add signature references of those signatures into the envelope graph * that has has content property referencing signed by that signature content graph * @param msgDataset * @param sigStage * @param signer * @param privateKey * @param privateKeyUri */ private static void signContents(final Dataset msgDataset, final SigningStage sigStage, final WonSigner signer, final PrivateKey privateKey, final String privateKeyUri, final PublicKey publicKey) throws Exception { List<WonSignatureData> sigRefs = signer.sign(privateKey, privateKeyUri, publicKey, sigStage.getUnsignedContentUris()); for (WonSignatureData sigRef : sigRefs) { String envUri = sigStage.getEnvelopeUriContainingContent(sigRef.getSignedGraphUri()); addSignature(sigRef, envUri, msgDataset,true); } }
/** * If the provided signing stage has signature graphs that are not referenced from any envelope graphs, they * should be moved to the innermost not-signed envelope graph. The signature graph is to be deleted. * @param msgDataset * @param sigStage */ private static void addUnreferencedSigReferences(final Dataset msgDataset, final SigningStage sigStage) { String innemostUnsignedEnvUri = null; List<String> envUris = sigStage.getUnsignedEnvUrisOrderedByContainment(); if (envUris.isEmpty()) { return; } else { innemostUnsignedEnvUri = envUris.get(0); } WonSignatureData sigRef = sigStage.getOutermostSignature(); if (sigRef != null) { addSignature(sigRef, innemostUnsignedEnvUri, msgDataset,true); msgDataset.removeNamedModel(sigRef.getSignatureUri()); } }
public static WonSignatureData extractWonSignatureData(final Resource resource) { Statement stmt = resource.getRequiredProperty(WONMSG.HAS_SIGNED_GRAPH_PROPERTY); String signedGraphUri = stmt.getObject().asResource().getURI(); stmt = resource.getRequiredProperty(SFSIG.HAS_SIGNATURE_VALUE); String signatureValue = stmt.getObject().asLiteral().getString(); stmt = resource.getRequiredProperty(WONMSG.HAS_HASH_PROPERTY); String hash = stmt.getObject().asLiteral().getString(); stmt = resource.getRequiredProperty(WONMSG.HAS_PUBLIC_KEY_FINGERPRINT_PROPERTY); String fingerprint = stmt.getObject().asLiteral().getString(); stmt = resource.getRequiredProperty(SFSIG.HAS_VERIFICATION_CERT); String cert = stmt.getObject().asResource().getURI(); return new WonSignatureData(signedGraphUri, resource.getURI(), signatureValue, hash, fingerprint, cert); }
/** * If the provided signing stage has unsigned content graphs, sign them, add signature graphs * to the dataset, and add signatures to the envelope graph * that has contains envelope property referencing signed by that signature envelope graph * @param msgDataset * @param sigStage * @param signer * @param privateKey * @param privateKeyUri */ private static void signEnvelopes(final Dataset msgDataset, final SigningStage sigStage, final WonSigner signer, final PrivateKey privateKey, final String privateKeyUri, final PublicKey publicKey) throws Exception { List<String> envUris = sigStage.getUnsignedEnvUrisOrderedByContainment(); WonSignatureData wonSignatureData = null; String outerEnvUri = null; for (String envUri : sigStage.getUnsignedEnvUrisOrderedByContainment()) { if (wonSignatureData != null) { //this is the signature of the envelope we signed in the last iteration. //add it to the current one: addSignature(wonSignatureData, envUri, msgDataset, true); } wonSignatureData = signer.sign(privateKey, privateKeyUri, publicKey, envUri).get(0); outerEnvUri = envUri; } //this is the signature of the outermost envelopoe. put it in a new graph. msgDataset.addNamedModel(wonSignatureData.getSignatureUri(), ModelFactory.createDefaultModel()); addSignature(wonSignatureData, wonSignatureData.getSignatureUri(), msgDataset, false); }
if (!dataset.containsNamedModel(wonSignatureData.getSignedGraphUri())) { logger.debug("cannot verify signature {} as it is not part of this message ", wonSignatureData.getSignatureUri()); continue; String sigString = wonSignatureData.getSignatureValue(); if (sigString == null) { verificationState .setVerificationFailed(wonSignatureData.getSignatureUri(), "Failed to compute a signature value " + wonSignatureData.getSignatureUri()); return verificationState.isVerificationPassed(); verificationState.setVerificationFailed(wonSignatureData.getSignatureUri(), "Computed an empty signature value " + wonSignatureData.getSignatureUri()); return verificationState.isVerificationPassed(); PublicKey publicKey = publicKeys.get(wonSignatureData.getVerificationCertificateUri()); if (publicKey == null) { verificationState .setVerificationFailed(wonSignatureData.getSignatureUri(), "No public key found for " + wonSignatureData.getSignatureUri()); return verificationState.isVerificationPassed(); if (!wonSignatureData.getPublicKeyFingerprint().equals(fingerprint)){ verificationState.setVerificationFailed(wonSignatureData.getSignatureUri(), "Fingerprint computed for the " + "specified public key " + wonSignatureData.getVerificationCertificateUri() + " is " + fingerprint + ", " + "which differs from the value found in signature " + wonSignatureData.getSignatureUri()); return verificationState.isVerificationPassed(); GraphCollection inputGraph = ModelConverter.modelToGraphCollection(wonSignatureData.getSignedGraphUri(), dataset); canonicAlgorithm.canonicalize(inputGraph);
/** * Adds the signature to the specified graph. * @param sigData * @param graphUri * @param msgDataset * @param graphIsEnvelope if true, a msg:containsSignature property is added to the graph URI */ public static void addSignature(final WonSignatureData sigData, final String graphUri, final Dataset msgDataset, boolean graphIsEnvelope) { Model envelopeGraph = msgDataset.getNamedModel(graphUri); Resource envelopeResource = envelopeGraph.createResource(graphUri); Resource sigNode = envelopeGraph.createResource(sigData.getSignatureUri()); if (graphIsEnvelope) { //only connect envelope to signature. pure signature graphs are not connected this way. envelopeResource.addProperty(WONMSG.CONTAINS_SIGNATURE_PROPERTY, sigNode); } WonRdfUtils.SignatureUtils.addSignature(sigNode, sigData); }