private void incorporateCanonicalizationMethod(final Element parentDom, final String signedInfoCanonicalizationMethod) { //<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> final Element canonicalizationMethodDom = DSSXMLUtils.addElement(documentDom, parentDom, XMLNS, DS_CANONICALIZATION_METHOD); canonicalizationMethodDom.setAttribute(ALGORITHM, signedInfoCanonicalizationMethod); }
/** * This method incorporates the signature value. */ protected void incorporateSignatureValue() { signatureValueDom = DSSXMLUtils.addElement(documentDom, signatureDom, XMLNS, DS_SIGNATURE_VALUE); signatureValueDom.setAttribute(ID, "value-" + deterministicId); }
/** * @throws DSSException */ protected void incorporateObject() throws DSSException { // <ds:Object> final Element objectDom = DSSXMLUtils.addElement(documentDom, signatureDom, XMLNS, DS_OBJECT); // <QualifyingProperties xmlns="http://uri.etsi.org/01903/v1.3.2#" Target="#sigId-ide5c549340079fe19f3f90f03354a5965"> qualifyingPropertiesDom = DSSXMLUtils.addElement(documentDom, objectDom, XAdES, XADES_QUALIFYING_PROPERTIES); qualifyingPropertiesDom.setAttribute(XMLNS_XADES, XAdES); qualifyingPropertiesDom.setAttribute(TARGET, "#" + deterministicId); incorporateSignedProperties(); }
/** * Creates the SignedProperties DOM object element. * * @throws DSSException */ protected void incorporateSignedProperties() throws DSSException { // <SignedProperties Id="xades-ide5c549340079fe19f3f90f03354a5965"> signedPropertiesDom = DSSXMLUtils.addElement(documentDom, qualifyingPropertiesDom, XAdES, XADES_SIGNED_PROPERTIES); signedPropertiesDom.setAttribute(ID, "xades-" + deterministicId); incorporateSignedSignatureProperties(); }
private void addRoles(final List<String> signerRoles, final Element rolesDom, final String roleType) { for (final String signerRole : signerRoles) { final Element roleDom = DSSXMLUtils.addElement(documentDom, rolesDom, XAdES, roleType); DSSXMLUtils.setTextNode(documentDom, roleDom, signerRole); } }
/** * Returns or create (if it does not exist) the SignedDataObjectProperties DOM object. * * @throws DSSException */ protected void ensureSignedDataObjectProperties() throws DSSException { final NodeList signedDataObjectPropertiesNodeList = currentSignatureDom.getElementsByTagNameNS(XAdESNamespaces.XAdES, "SignedDataObjectProperties"); final int length = signedDataObjectPropertiesNodeList.getLength(); if (length == 1) { signedDataObjectPropertiesDom = (Element) signedDataObjectPropertiesNodeList.item(0); } else if (length == 0) { signedDataObjectPropertiesDom = DSSXMLUtils.addElement(documentDom, signedPropertiesDom, XAdESNamespaces.XAdES, "xades:SignedDataObjectProperties"); } else { throw new DSSException("The signature contains more than one SignedDataObjectProperties element! Extension is not possible."); } } }
/** * Returns or creates (if it does not exist) the UnsignedSignaturePropertiesType DOM object. * * @return * @throws DSSException */ protected void ensureUnsignedSignatureProperties() throws DSSException { final NodeList unsignedSignaturePropertiesNodeList = currentSignatureDom.getElementsByTagNameNS(XAdESNamespaces.XAdES, "UnsignedSignatureProperties"); final int length = unsignedSignaturePropertiesNodeList.getLength(); if (length == 1) { unsignedSignaturePropertiesDom = (Element) unsignedSignaturePropertiesNodeList.item(0); } else if (length == 0) { unsignedSignaturePropertiesDom = DSSXMLUtils.addElement(documentDom, unsignedPropertiesDom, XAdESNamespaces.XAdES, "xades:UnsignedSignatureProperties"); } else { throw new DSSException("The signature contains more then one UnsignedSignatureProperties element! Extension is not possible."); } }
/** * Returns or creates (if it does not exist) the UnsignedPropertiesType DOM object. * * @return * @throws DSSException */ protected void ensureUnsignedProperties() throws DSSException { final NodeList qualifyingPropertiesNodeList = currentSignatureDom.getElementsByTagNameNS(XAdESNamespaces.XAdES, "QualifyingProperties"); if (qualifyingPropertiesNodeList.getLength() != 1) { throw new DSSException("The signature does not contain QualifyingProperties element (or contains more than one)! Extension is not possible."); } qualifyingPropertiesDom = (Element) qualifyingPropertiesNodeList.item(0); final NodeList unsignedPropertiesNodeList = currentSignatureDom.getElementsByTagNameNS(XAdESNamespaces.XAdES, "UnsignedProperties"); final int length = unsignedPropertiesNodeList.getLength(); if (length == 1) { unsignedPropertiesDom = (Element) qualifyingPropertiesNodeList.item(0); } else if (length == 0) { unsignedPropertiesDom = DSSXMLUtils.addElement(documentDom, qualifyingPropertiesDom, XAdESNamespaces.XAdES, "xades:UnsignedProperties"); } else { throw new DSSException("The signature contains more then one UnsignedProperties element! Extension is not possible."); } }
public void incorporateSignedInfo() { // <ds:SignedInfo> signedInfoDom = DSSXMLUtils.addElement(documentDom, signatureDom, XMLNS, DS_SIGNED_INFO); incorporateCanonicalizationMethod(signedInfoDom, signedInfoCanonicalizationMethod); //<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> final Element signatureMethod = DSSXMLUtils.addElement(documentDom, signedInfoDom, XMLNS, DS_SIGNATURE_METHOD); final EncryptionAlgorithm encryptionAlgorithm = params.getEncryptionAlgorithm(); final DigestAlgorithm digestAlgorithm = params.getDigestAlgorithm(); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm); final String signatureAlgorithmXMLId = signatureAlgorithm.getXMLId(); signatureMethod.setAttribute(ALGORITHM, signatureAlgorithmXMLId); }
private void incorporateCrlTokens(final Element parentDom, final List<CRLToken> crlTokens) { if (crlTokens.isEmpty()) { return; } // ...<xades:CRLValues/> final Element crlValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:CRLValues"); for (final RevocationToken revocationToken : crlTokens) { final byte[] encodedCRL = revocationToken.getEncoded(); final String base64EncodedCRL = DSSUtils.base64Encode(encodedCRL); DSSXMLUtils.addTextElement(documentDom, crlValuesDom, XAdESNamespaces.XAdES, "xades:EncapsulatedCRLValue", base64EncodedCRL); } }
private void incorporateCrlTokens(final Element parentDom, final List<CRLToken> crlTokens) { if (crlTokens.isEmpty()) { return; } // ...<xades:CRLValues/> final Element crlValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:CRLValues"); for (final RevocationToken revocationToken : crlTokens) { final byte[] encodedCRL = revocationToken.getEncoded(); final String base64EncodedCRL = DSSUtils.base64Encode(encodedCRL); DSSXMLUtils.addTextElement(documentDom, crlValuesDom, XAdESNamespaces.XAdES, "xades:EncapsulatedCRLValue", base64EncodedCRL); } }
/** * This method incorporates the signer claimed roleType into signed signature properties. */ private void incorporateSignerRole() { final List<String> claimedSignerRoles = params.bLevel().getClaimedSignerRoles(); final List<String> certifiedSignerRoles = params.bLevel().getCertifiedSignerRoles(); if (claimedSignerRoles != null || certifiedSignerRoles != null) { final Element signerRoleDom = DSSXMLUtils.addElement(documentDom, signedSignaturePropertiesDom, XAdES, XADES_SIGNER_ROLE); if (claimedSignerRoles != null && !claimedSignerRoles.isEmpty()) { final Element claimedRolesDom = DSSXMLUtils.addElement(documentDom, signerRoleDom, XAdES, XADES_CLAIMED_ROLES); addRoles(claimedSignerRoles, claimedRolesDom, XADES_CLAIMED_ROLE); } if (certifiedSignerRoles != null && !certifiedSignerRoles.isEmpty()) { final Element certifiedRolesDom = DSSXMLUtils.addElement(documentDom, signerRoleDom, XAdES, XADES_CERTIFIED_ROLES); addRoles(certifiedSignerRoles, certifiedRolesDom, XADES_CERTIFIED_ROLE); } } }
/** * This method incorporates the SignedDataObjectProperties DOM element <SignedDataObjectProperties> ...<DataObjectFormat ObjectReference="#detached-ref-id"> * ......<MimeType>text/plain</MimeType> ...</DataObjectFormat> </SignedDataObjectProperties> */ private void incorporateSignedDataObjectProperties() { signedDataObjectPropertiesDom = DSSXMLUtils.addElement(documentDom, signedPropertiesDom, XAdES, XADES_SIGNED_DATA_OBJECT_PROPERTIES); final List<DSSReference> references = params.getReferences(); for (final DSSReference reference : references) { final String dataObjectFormatObjectReference = "#" + reference.getId(); final Element dataObjectFormatDom = DSSXMLUtils.addElement(documentDom, signedDataObjectPropertiesDom, XAdES, XADES_DATA_OBJECT_FORMAT); dataObjectFormatDom.setAttribute(OBJECT_REFERENCE, dataObjectFormatObjectReference); final Element mimeTypeDom = DSSXMLUtils.addElement(documentDom, dataObjectFormatDom, XAdES, XADES_MIME_TYPE); MimeType dataObjectFormatMimeType = getReferenceMimeType(reference); DSSXMLUtils.setTextNode(documentDom, mimeTypeDom, dataObjectFormatMimeType.getMimeTypeString()); } incorporateContentTimestamps(); }
/** * This method incorporates the timestamp validation data in the signature * * @param validationContext */ private void incorporateTimestampValidationData(final ValidationContext validationContext) { final Element timeStampValidationDataDom = DSSXMLUtils .addElement(documentDom, unsignedSignaturePropertiesDom, XAdESNamespaces.XAdES141, "xades141:TimeStampValidationData"); final Set<CertificateToken> toIncludeSetOfCertificates = xadesSignature.getCertificatesForInclusion(validationContext); final List toIncludeCertificates = new ArrayList(); toIncludeCertificates.addAll(toIncludeSetOfCertificates); incorporateCertificateValues(timeStampValidationDataDom, toIncludeCertificates); incorporateRevocationValues(timeStampValidationDataDom, validationContext); String id = "1"; final List<TimestampToken> archiveTimestamps = xadesSignature.getArchiveTimestamps(); if (archiveTimestamps.size() > 0) { final TimestampToken timestampToken = archiveTimestamps.get(archiveTimestamps.size() - 1); id = "" + timestampToken.getDSSId(); } timeStampValidationDataDom.setAttribute("Id", "id-" + id); }
private void incorporateOcspTokens(Element parentDom, final List<OCSPToken> ocspTokens) { if (ocspTokens.isEmpty()) { return; } // ...<xades:OCSPValues> // .........<xades:EncapsulatedOCSPValue>MIIERw... final Element ocspValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:OCSPValues"); for (final RevocationToken revocationToken : ocspTokens) { final byte[] encodedOCSP = revocationToken.getEncoded(); final String base64EncodedOCSP = DSSUtils.base64Encode(encodedOCSP); DSSXMLUtils.addTextElement(documentDom, ocspValuesDom, XAdESNamespaces.XAdES, "xades:EncapsulatedOCSPValue", base64EncodedOCSP); } }
private void incorporateOcspTokens(Element parentDom, final List<OCSPToken> ocspTokens) { if (ocspTokens.isEmpty()) { return; } // ...<xades:OCSPValues> // .........<xades:EncapsulatedOCSPValue>MIIERw... final Element ocspValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:OCSPValues"); for (final RevocationToken revocationToken : ocspTokens) { final byte[] encodedOCSP = revocationToken.getEncoded(); final String base64EncodedOCSP = DSSUtils.base64Encode(encodedOCSP); DSSXMLUtils.addTextElement(documentDom, ocspValuesDom, XAdESNamespaces.XAdES, "xades:EncapsulatedOCSPValue", base64EncodedOCSP); } } }
/** * Creates SigningCertificate building block DOM object: * <p/> * <SigningCertificate> <Cert> <CertDigest> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>fj8SJujSXU4fi342bdtiKVbglA0=</ds:DigestValue> * </CertDigest> <IssuerSerial> <ds:X509IssuerName>CN=ICA A,O=DSS,C=AA</ds:X509IssuerName> <ds:X509SerialNumber>4</ds:X509SerialNumber> </IssuerSerial> </Cert> * </SigningCertificate> */ private void incorporateSigningCertificate() { final Element signingCertificateDom = DSSXMLUtils.addElement(documentDom, signedSignaturePropertiesDom, XAdES, XAdESNamespaces.getXADES_SIGNING_CERTIFICATE()); final List<X509Certificate> certificates = new ArrayList<X509Certificate>(); final List<ChainCertificate> certificateChain = params.getCertificateChain(); for (final ChainCertificate chainCertificate : certificateChain) { if (chainCertificate.isSignedAttribute()) { certificates.add(chainCertificate.getX509Certificate()); } } incorporateCertificateRef(signingCertificateDom, certificates); }
/** * This method incorporates revocation values. * * @param parentDom * @param validationContext */ protected void incorporateRevocationValues(final Element parentDom, final ValidationContext validationContext) { // <xades:RevocationValues> final DefaultAdvancedSignature.RevocationDataForInclusion revocationsForInclusion = xadesSignature.getRevocationDataForInclusion(validationContext); if (!revocationsForInclusion.isEmpty()) { final Element revocationValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:RevocationValues"); incorporateCrlTokens(revocationValuesDom, revocationsForInclusion.crlTokens); incorporateOcspTokens(revocationValuesDom, revocationsForInclusion.ocspTokens); } }
/** * This method incorporates revocation values. * * @param parentDom * @param validationContext */ protected void incorporateRevocationValues(final Element parentDom, final ValidationContext validationContext) { // <xades:RevocationValues> final DefaultAdvancedSignature.RevocationDataForInclusion revocationsForInclusion = xadesSignature.getRevocationDataForInclusion(validationContext); if (!revocationsForInclusion.isEmpty()) { final Element revocationValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:RevocationValues"); incorporateOcspTokens(revocationValuesDom, revocationsForInclusion.ocspTokens); incorporateCrlTokens(revocationValuesDom, revocationsForInclusion.crlTokens); } }
/** * Creates the SignedSignatureProperties DOM object element. * * @throws DSSException */ protected void incorporateSignedSignatureProperties() throws DSSException { // <SignedSignatureProperties> signedSignaturePropertiesDom = DSSXMLUtils.addElement(documentDom, signedPropertiesDom, XAdES, XADES_SIGNED_SIGNATURE_PROPERTIES); incorporateSigningTime(); incorporateSigningCertificate(); incorporateSignedDataObjectProperties(); incorporateSignerRole(); incorporateSignatureProductionPlace(); incorporateCommitmentTypeIndications(); incorporatePolicy(); }