private void addCertificate(final Element x509DataDom, final X509Certificate x509Certificate) { final byte[] encoded = DSSUtils.getEncoded(x509Certificate); final String base64Encoded = DSSUtils.base64Encode(encoded); // <ds:X509Certificate>...</ds:X509Certificate> DSSXMLUtils.addTextElement(documentDom, x509DataDom, XMLNS, DS_X509_CERTIFICATE, base64Encoded); }
private void incorporateOcspTokens(Element parentDom, final List<OCSPToken> ocspTokens) { if (ocspTokens.isEmpty()) { return; } // ...<xades:OCSPValues> // .........<xades:EncapsulatedOCSPValue>MIIERw... final Element ocspValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:OCSPValues"); for (final RevocationToken revocationToken : ocspTokens) { final byte[] encodedOCSP = revocationToken.getEncoded(); final String base64EncodedOCSP = DSSUtils.base64Encode(encodedOCSP); DSSXMLUtils.addTextElement(documentDom, ocspValuesDom, XAdESNamespaces.XAdES, "xades:EncapsulatedOCSPValue", base64EncodedOCSP); } } }
private void incorporateCrlTokens(final Element parentDom, final List<CRLToken> crlTokens) { if (crlTokens.isEmpty()) { return; } // ...<xades:CRLValues/> final Element crlValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:CRLValues"); for (final RevocationToken revocationToken : crlTokens) { final byte[] encodedCRL = revocationToken.getEncoded(); final String base64EncodedCRL = DSSUtils.base64Encode(encodedCRL); DSSXMLUtils.addTextElement(documentDom, crlValuesDom, XAdESNamespaces.XAdES, "xades:EncapsulatedCRLValue", base64EncodedCRL); } }
private void incorporateCrlTokens(final Element parentDom, final List<CRLToken> crlTokens) { if (crlTokens.isEmpty()) { return; } // ...<xades:CRLValues/> final Element crlValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:CRLValues"); for (final RevocationToken revocationToken : crlTokens) { final byte[] encodedCRL = revocationToken.getEncoded(); final String base64EncodedCRL = DSSUtils.base64Encode(encodedCRL); DSSXMLUtils.addTextElement(documentDom, crlValuesDom, XAdESNamespaces.XAdES, "xades:EncapsulatedCRLValue", base64EncodedCRL); } }
private void incorporateOcspTokens(Element parentDom, final List<OCSPToken> ocspTokens) { if (ocspTokens.isEmpty()) { return; } // ...<xades:OCSPValues> // .........<xades:EncapsulatedOCSPValue>MIIERw... final Element ocspValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdESNamespaces.XAdES, "xades:OCSPValues"); for (final RevocationToken revocationToken : ocspTokens) { final byte[] encodedOCSP = revocationToken.getEncoded(); final String base64EncodedOCSP = DSSUtils.base64Encode(encodedOCSP); DSSXMLUtils.addTextElement(documentDom, ocspValuesDom, XAdESNamespaces.XAdES, "xades:EncapsulatedOCSPValue", base64EncodedOCSP); } }
private void incorporateSignatureProductionPlace() { final BLevelParameters.SignerLocation signatureProductionPlace = params.bLevel().getSignerLocation(); if (signatureProductionPlace != null) { final Element signatureProductionPlaceDom = DSSXMLUtils.addElement(documentDom, signedSignaturePropertiesDom, XAdES, XADES_SIGNATURE_PRODUCTION_PLACE); final String city = signatureProductionPlace.getCity(); if (city != null) { DSSXMLUtils.addTextElement(documentDom, signatureProductionPlaceDom, XAdES, XADES_CITY, city); } final String postalCode = signatureProductionPlace.getPostalCode(); if (postalCode != null) { DSSXMLUtils.addTextElement(documentDom, signatureProductionPlaceDom, XAdES, XADES_POSTAL_CODE, postalCode); } final String stateOrProvince = signatureProductionPlace.getStateOrProvince(); if (stateOrProvince != null) { DSSXMLUtils.addTextElement(documentDom, signatureProductionPlaceDom, XAdES, XADES_STATE_OR_PROVINCE, stateOrProvince); } final String country = signatureProductionPlace.getCountry(); if (country != null) { DSSXMLUtils.addTextElement(documentDom, signatureProductionPlaceDom, XAdES, XADES_COUNTRY_NAME, country); } } }
static void createTransform(final Document document, final DSSTransform dssTransform, final Element transformDom) { transformDom.setAttribute(ALGORITHM, dssTransform.getAlgorithm()); final String elementName = dssTransform.getElementName(); final String textContent = dssTransform.getTextContent(); if (DSSUtils.isNotBlank(elementName)) { final String namespace = dssTransform.getNamespace(); DSSXMLUtils.addTextElement(document, transformDom, namespace, elementName, textContent); } else if (DSSUtils.isNotBlank(textContent)) { final Document transformContentDoc = DSSXMLUtils.buildDOM(textContent); final Element contextDocumentElement = transformContentDoc.getDocumentElement(); document.adoptNode(contextDocumentElement); transformDom.appendChild(contextDocumentElement); } }
/** * * This method incorporates all certificates passed as parameter. * * @param parentDom * @param toIncludeCertificates */ protected void incorporateCertificateValues(final Element parentDom, final List<CertificateToken> toIncludeCertificates) { // <xades:CertificateValues> // ...<xades:EncapsulatedX509Certificate>MIIC9TC... if (!toIncludeCertificates.isEmpty()) { final Element certificateValuesDom = DSSXMLUtils.addElement(documentDom, parentDom, XAdES, XADES_CERTIFICATE_VALUES); final CertificatePool certificatePool = getCertificatePool(); final boolean trustAnchorBPPolicy = params.bLevel().isTrustAnchorBPPolicy(); boolean trustAnchorIncluded = false; for (final CertificateToken certificateToken : toIncludeCertificates) { if (trustAnchorBPPolicy && certificatePool != null) { final List<CertificateToken> certificateTokens = certificatePool.get(certificateToken.getSubjectX500Principal()); if (certificateTokens.size() > 0) { trustAnchorIncluded = true; } } final byte[] bytes = certificateToken.getEncoded(); final String base64EncodeCertificate = DSSUtils.base64Encode(bytes); DSSXMLUtils.addTextElement(documentDom, certificateValuesDom, XAdES, XADES_ENCAPSULATED_X509_CERTIFICATE, base64EncodeCertificate); } if (trustAnchorBPPolicy && !trustAnchorIncluded) { LOG.warn("The trust anchor is missing but its inclusion is required by the signature policy!"); } } }
DSSXMLUtils.addTextElement(documentDom, crlRefDom, XAdESNamespaces.XAdES, "xades:Issuer", issuerX500PrincipalName); DSSXMLUtils.addTextElement(documentDom, crlRefDom, XAdESNamespaces.XAdES, "xades:IssueTime", thisUpdateAsXmlFormat);
final Element objectDom = DSSXMLUtils.addTextElement(documentDom, signatureDom, XMLSignature.XMLNS, DS_OBJECT, base64EncodedOriginalDocument); final String id = reference.getUri().substring(1); objectDom.setAttribute(ID, id);
/** * Below follows the schema definition for this element. <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType"/> * <p/> * <xsd:complexType name="CommitmentTypeIndicationType"> ...<xsd:sequence> ......<xsd:element name="CommitmentTypeId" type="ObjectIdentifierType"/> ......<xsd:choice> * .........<xsd:element name="ObjectReference" type="xsd:anyURI" maxOccurs="unbounded"/> .........< xsd:element name="AllSignedDataObjects"/> ......</xsd:choice> * ......<xsd:element name="CommitmentTypeQualifiers" type="CommitmentTypeQualifiersListType" minOccurs="0"/> ...</xsd:sequence> </xsd:complexType> <xsd:complexType * name="CommitmentTypeQualifiersListType"> ...<xsd:sequence> ......<xsd:element name="CommitmentTypeQualifier" type="AnyType" minOccurs="0" maxOccurs="unbounded"/> * ...</xsd:sequence> </xsd:complexType> */ private void incorporateCommitmentTypeIndications() { final List<String> commitmentTypeIndications = params.bLevel().getCommitmentTypeIndications(); if (commitmentTypeIndications != null) { final Element commitmentTypeIndicationDom = DSSXMLUtils.addElement(documentDom, signedDataObjectPropertiesDom, XAdES, XADES_COMMITMENT_TYPE_INDICATION); final Element commitmentTypeIdDom = DSSXMLUtils.addElement(documentDom, commitmentTypeIndicationDom, XAdES, XADES_COMMITMENT_TYPE_ID); for (final String commitmentTypeIndication : commitmentTypeIndications) { DSSXMLUtils.addTextElement(documentDom, commitmentTypeIdDom, XAdES, XADES_IDENTIFIER, commitmentTypeIndication); } //final Element objectReferenceDom = DSSXMLUtils.addElement(documentDom, commitmentTypeIndicationDom, XADES, "ObjectReference"); // or final Element allSignedDataObjectsDom = DSSXMLUtils.addElement(documentDom, commitmentTypeIndicationDom, XAdES, XADES_ALL_SIGNED_DATA_OBJECTS); //final Element commitmentTypeQualifiersDom = DSSXMLUtils.addElement(documentDom, commitmentTypeIndicationDom, XADES, "CommitmentTypeQualifiers"); } }
private void incorporatePolicy() { final BLevelParameters.Policy signaturePolicy = params.bLevel().getSignaturePolicy(); if (signaturePolicy != null && signaturePolicy.getId() != null) { final Element signaturePolicyIdentifierDom = DSSXMLUtils.addElement(documentDom, signedSignaturePropertiesDom, XAdES, XADES_SIGNATURE_POLICY_IDENTIFIER); final Element signaturePolicyIdDom = DSSXMLUtils.addElement(documentDom, signaturePolicyIdentifierDom, XAdES, XADES_SIGNATURE_POLICY_ID); if ("".equals(signaturePolicy.getId())) { // implicit final Element signaturePolicyImpliedDom = DSSXMLUtils.addElement(documentDom, signaturePolicyIdDom, XAdES, XADES_SIGNATURE_POLICY_IMPLIED); } else { // explicit final Element sigPolicyIdDom = DSSXMLUtils.addElement(documentDom, signaturePolicyIdDom, XAdES, XADES_SIG_POLICY_ID); final String signaturePolicyId = signaturePolicy.getId(); DSSXMLUtils.addTextElement(documentDom, sigPolicyIdDom, XAdES, XADES_IDENTIFIER, signaturePolicyId); if (signaturePolicy.getDigestAlgorithm() != null && signaturePolicy.getDigestValue() != null) { final Element sigPolicyHashDom = DSSXMLUtils.addElement(documentDom, signaturePolicyIdDom, XAdES, XADES_SIG_POLICY_HASH); // <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> final DigestAlgorithm digestAlgorithm = signaturePolicy.getDigestAlgorithm(); incorporateDigestMethod(sigPolicyHashDom, digestAlgorithm); final byte[] hashValue = signaturePolicy.getDigestValue(); final String bas64EncodedHashValue = DSSUtils.base64Encode(hashValue); DSSXMLUtils.addTextElement(documentDom, sigPolicyHashDom, XMLNS, DS_DIGEST_VALUE, bas64EncodedHashValue); } } } }
final byte[] keyHashOctetStringBytes = keyHashOctetString.getOctets(); final String base65EncodedKeyHashOctetStringBytes = DSSUtils.base64Encode(keyHashOctetStringBytes); DSSXMLUtils.addTextElement(documentDom, responderIDDom, XAdESNamespaces.XAdES, "xades:ByKey", base65EncodedKeyHashOctetStringBytes); } else { DSSXMLUtils.addTextElement(documentDom, responderIDDom, XAdESNamespaces.XAdES, "xades:ByName", name.toString()); final XMLGregorianCalendar xmlGregorianCalendar = DSSXMLUtils.createXMLGregorianCalendar(producedAt); final String producedAtXmlEncoded = xmlGregorianCalendar.toXMLFormat(); DSSXMLUtils.addTextElement(documentDom, ocspIdentifierDom, XAdESNamespaces.XAdES, "xades:ProducedAt", producedAtXmlEncoded);