@SuppressWarnings("unchecked") public static <T> T unmarshall(Element xadesElement, Class<T> xadesType) throws XAdESValidationException { JAXBElement<T> jaxbElement; try { jaxbElement = (JAXBElement<T>) xadesUnmarshaller .unmarshal(xadesElement); } catch (JAXBException e) { throw new XAdESValidationException(e); } T value = jaxbElement.getValue(); return value; }
@SuppressWarnings("unchecked") public static QualifyingPropertiesType getQualifyingProperties( Element nsElement, XMLSignature xmlSignature, Element signatureElement) throws XAdESValidationException { try { String xadesSignedPropertiesUri = findReferenceUri(xmlSignature, "http://uri.etsi.org/01903#SignedProperties"); if (null == xadesSignedPropertiesUri) { LOG.error("no XAdES SignedProperties as part of signed XML data"); throw new XAdESValidationException("no XAdES SignedProperties"); } String xadesSignedPropertiesId = xadesSignedPropertiesUri .substring(1); Node xadesQualifyingPropertiesNode = XPathAPI.selectSingleNode( signatureElement, "ds:Object/xades:QualifyingProperties[xades:SignedProperties/@Id='" + xadesSignedPropertiesId + "']", nsElement); JAXBElement<QualifyingPropertiesType> qualifyingPropertiesElement = (JAXBElement<QualifyingPropertiesType>) xadesUnmarshaller .unmarshal(xadesQualifyingPropertiesNode); return qualifyingPropertiesElement.getValue(); } catch (TransformerException e) { throw new XAdESValidationException(e); } catch (JAXBException e) { throw new XAdESValidationException(e); } }
public static Element findQualifyingPropertiesElement(Element nsElement, XMLSignature xmlSignature, Element signatureElement) throws XAdESValidationException { String xadesSignedPropertiesUri = findReferenceUri(xmlSignature, "http://uri.etsi.org/01903#SignedProperties"); if (null == xadesSignedPropertiesUri) { LOG.error("no XAdES SignedProperties as part of signed XML data"); throw new XAdESValidationException("no XAdES SignedProperties"); } String xadesSignedPropertiesId = xadesSignedPropertiesUri.substring(1); Node xadesQualifyingPropertiesNode; try { xadesQualifyingPropertiesNode = XPathAPI.selectSingleNode( signatureElement, "ds:Object/xades:QualifyingProperties[xades:SignedProperties/@Id='" + xadesSignedPropertiesId + "']", nsElement); } catch (TransformerException e) { throw new XAdESValidationException(e); } return (Element) xadesQualifyingPropertiesNode; }
/** * Checks whether the given date-times are close enough next to each other. * * @param t1 * @param t2 * @param millis * @throws XAdESValidationException */ public static void checkCloseEnough(DateTime t1, DateTime t2, long millis) throws XAdESValidationException { Duration dt; if (t1.isBefore(t2)) { dt = new Duration(t1, t2); } else { dt = new Duration(t2, t1); } if (false == dt.isShorterThan(new Duration(millis))) { throw new XAdESValidationException("max dt of " + millis + " ms exceeded between " + t1 + " and " + t2 + " with dt = " + dt); } }
@SuppressWarnings("unchecked") public static IdentityType findIdentity(Element nsElement, XMLSignature xmlSignature, Element signatureElement) throws XAdESValidationException { try { String identityUri = XAdESUtils.findReferenceUri(xmlSignature, IdentitySignatureFacet.REFERENCE_TYPE); if (null != identityUri) { String identityId = identityUri.substring(1); Node identityNode = XPathAPI.selectSingleNode(signatureElement, "ds:Object[@Id = '" + identityId + "']/identity:Identity", nsElement); if (null != identityNode) { JAXBElement<IdentityType> identityElement = (JAXBElement<IdentityType>) identityUnmarshaller .unmarshal(identityNode); return identityElement.getValue(); } } return null; } catch (TransformerException e) { throw new XAdESValidationException(e); } catch (JAXBException e) { throw new XAdESValidationException(e); } }
public static List<X509Certificate> getCertificates( CertificateValuesType certificateValues) throws XAdESValidationException { try { List<X509Certificate> certificates = new LinkedList<X509Certificate>(); List<Object> certificateValuesContent = certificateValues .getEncapsulatedX509CertificateOrOtherCertificate(); for (Object certificateValueContent : certificateValuesContent) { if (certificateValueContent instanceof EncapsulatedPKIDataType) { EncapsulatedPKIDataType encapsulatedPkiData = (EncapsulatedPKIDataType) certificateValueContent; byte[] encodedCertificate = encapsulatedPkiData.getValue(); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream( encodedCertificate)); certificates.add(certificate); } } return certificates; } catch (CertificateException e) { throw new XAdESValidationException(e); } }
"UnsignedSignatureProperties"); if (unsignedSignaturePropertiesNodeList.getLength() == 0) { throw new XAdESValidationException( "UnsignedSignatureProperties node not present");
encodedCert = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new XAdESValidationException("X509 encoding error: " + e.getMessage(), e); throw new XAdESValidationException("missing CertRefs"); .getInstance(getDigestAlgo(xmlDigestAlgo)); } catch (NoSuchAlgorithmException e) { throw new XAdESValidationException( "message digest algo error: " + e.getMessage(), e); throw new XAdESValidationException("X509 certificate not referenced");
public static void verifyTimeStampTokenDigest( TimeStampToken timeStampToken, TimeStampDigestInput digestInput) throws XAdESValidationException { LOG.debug("digest verification: algo=" + timeStampToken.getTimeStampInfo().getMessageImprintAlgOID()); MessageDigest md; try { md = MessageDigest.getInstance(timeStampToken.getTimeStampInfo() .getMessageImprintAlgOID()); } catch (NoSuchAlgorithmException e) { throw new XAdESValidationException(e); } // LOG.debug("digest input: " + new String(digestInput.getBytes())); if (!Arrays.equals(md.digest(digestInput.getBytes()), timeStampToken .getTimeStampInfo().getMessageImprintDigest())) { throw new XAdESValidationException( "Digest verification failure for " + "timestamp token"); } }
public static List<X509CRL> getCrls(RevocationValuesType revocationValues) throws XAdESValidationException { try { List<X509CRL> crls = new LinkedList<X509CRL>(); CRLValuesType crlValues = revocationValues.getCRLValues(); if (null == crlValues) { return crls; } List<EncapsulatedPKIDataType> crlValuesList = crlValues .getEncapsulatedCRLValue(); for (EncapsulatedPKIDataType crlValue : crlValuesList) { byte[] encodedCrl = crlValue.getValue(); X509CRL crl = (X509CRL) certificateFactory .generateCRL(new ByteArrayInputStream(encodedCrl)); crls.add(crl); } return crls; } catch (CRLException e) { throw new XAdESValidationException(e); } }
throw new XAdESValidationException( "Timestamp token of type: " + timeStampTokenObject.getClass() throw new XAdESValidationException(e);
encodedOcsp = ocspResp.getEncoded(); } catch (IOException e) { throw new XAdESValidationException("OCSP encoding error: " + e.getMessage(), e); throw new XAdESValidationException("missing OCSPRefs"); .getInstance(getDigestAlgo(xmlDigestAlgo)); } catch (NoSuchAlgorithmException e) { throw new XAdESValidationException( "message digest algo error: " + e.getMessage(), e); throw new XAdESValidationException("OCSP response not referenced");
encodedCRL = crl.getEncoded(); } catch (CRLException e) { throw new XAdESValidationException("CRL encoding error: " + e.getMessage(), e); throw new XAdESValidationException("missing CRLRefs"); .getInstance(getDigestAlgo(xmlDigestAlgo)); } catch (NoSuchAlgorithmException e) { throw new XAdESValidationException( "message digest algo error: " + e.getMessage(), e); throw new XAdESValidationException("CRL not referenced");
public static List<OCSPResp> getOCSPResponses( RevocationValuesType revocationValues) throws XAdESValidationException { try { List<OCSPResp> ocspResponses = new LinkedList<OCSPResp>(); OCSPValuesType ocspValues = revocationValues.getOCSPValues(); if (null == ocspValues) { return ocspResponses; } List<EncapsulatedPKIDataType> ocspValuesList = ocspValues .getEncapsulatedOCSPValue(); for (EncapsulatedPKIDataType ocspValue : ocspValuesList) { byte[] encodedOcspResponse = ocspValue.getValue(); OCSPResp ocspResp = new OCSPResp(encodedOcspResponse); ocspResponses.add(ocspResp); } return ocspResponses; } catch (IOException e) { throw new XAdESValidationException(e); } }
if (timeStampTokens.isEmpty()) { LOG.error("No timestamp tokens present in SignatureTimeStamp"); throw new XAdESValidationException( "No timestamp tokens present in SignatureTimeStamp"); if (0 == signatureValueNodeList.getLength()) { LOG.error("no XML signature valuefound"); throw new XAdESValidationException("no XML signature valuefound");
if (timeStampTokens.isEmpty()) { LOG.error("No timestamp tokens present in SigAndRefsTimeStamp"); throw new XAdESValidationException( "No timestamp tokens present in SigAndRefsTimeStamp"); if (0 == signatureValueNodeList.getLength()) { LOG.error("no XML signature valuefound"); throw new XAdESValidationException("no XML signature valuefound"); "UnsignedSignatureProperties"); if (unsignedSignaturePropertiesNodeList.getLength() == 0) { throw new XAdESValidationException( "UnsignedSignatureProperties node not present");
throw new XAdESValidationException( "TSA certificate not present in TST"); BouncyCastleProvider.PROVIDER_NAME); } catch (Exception e) { throw new XAdESValidationException(e);
messageDigest = MessageDigest.getInstance(certDigestAlgo); } catch (NoSuchAlgorithmException e) { throw new XAdESValidationException("message digest algo error: " + e.getMessage(), e); .getEncoded()); if (!Arrays.equals(actualCertDigestValue, certDigestValue)) { throw new XAdESValidationException( "XAdES signing certificate not corresponding with actual signing certificate"); BigInteger serialNumber = issuerSerial.getX509SerialNumber(); if (false == signingCertificate.getSerialNumber().equals(serialNumber)) { throw new XAdESValidationException( "xades:SigningCertificate serial number mismatch"); .readObject()); } catch (IOException e) { throw new XAdESValidationException( "error parsing xades:SigningCertificate ds:X509IssuerName: " + e); issuerSerial.getX509IssuerName()); if (false == issuerName.equals(xadesIssuerName)) { throw new XAdESValidationException( "xades:SigningCertificate issuer name mismatch");
signatureElement); if (null == qualifyingPropertiesElement) { throw new XAdESValidationException( "no matching xades:QualifyingProperties present"); if (false == qualifyingProperties.getTarget().equals( "#" + xmlSignature.getId())) { throw new XAdESValidationException( "xades:QualifyingProperties/@Target incorrect"); qualifyingPropertiesElement, "SignatureTimeStamp"); if (null == signatureTimeStampElement) { throw new XAdESValidationException( "no xades:SignatureTimeStamp present"); if (null == sigAndRefsTimeStampElement) { LOG.error("No SigAndRefsTimeStamp present"); throw new XAdESValidationException( "no xades:SigAndRefsTimeStamp present"); timestampMaxOffset); } catch (XAdESValidationException e) { throw new XAdESValidationException( "SignatureTimeStamp too far from SigningTime", e); .getGenTime()); if (sigAndRefsTokenGenTime.isBefore(stsTokenGenTime)) { throw new XAdESValidationException( "SigAndRefsTimeStamp before SignatureTimeStamp");