public void addSignatureData(WonSignatureData wonSignatureData) { signatures.add(wonSignatureData); if (!signedGraphNameToSignatureGraphName.containsKey(wonSignatureData.getSignedGraphUri())) { signedGraphNameToSignatureGraphName.put(wonSignatureData.getSignedGraphUri(), new ArrayList<String>()); } signatureGraphNameToSignedGraphName.put(wonSignatureData.getSignatureUri(), wonSignatureData.getSignedGraphUri()); signedGraphNameToSignatureGraphName.get(wonSignatureData.getSignedGraphUri()).add(wonSignatureData.getSignatureUri()); signatureGraphNameToSignatureValue.put(wonSignatureData.getSignatureUri(), wonSignatureData.getSignatureValue()); }
/** * If the provided signing stage has signature graphs that are not referenced from any envelope graphs, they * should be moved to the innermost not-signed envelope graph. The signature graph is to be deleted. * @param msgDataset * @param sigStage */ private static void addUnreferencedSigReferences(final Dataset msgDataset, final SigningStage sigStage) { String innemostUnsignedEnvUri = null; List<String> envUris = sigStage.getUnsignedEnvUrisOrderedByContainment(); if (envUris.isEmpty()) { return; } else { innemostUnsignedEnvUri = envUris.get(0); } WonSignatureData sigRef = sigStage.getOutermostSignature(); if (sigRef != null) { addSignature(sigRef, innemostUnsignedEnvUri, msgDataset,true); msgDataset.removeNamedModel(sigRef.getSignatureUri()); } }
/** * If the provided signing stage has unsigned content graphs, sign them, add signature graphs * to the dataset, and add signatures to the envelope graph * that has contains envelope property referencing signed by that signature envelope graph * @param msgDataset * @param sigStage * @param signer * @param privateKey * @param privateKeyUri */ private static void signEnvelopes(final Dataset msgDataset, final SigningStage sigStage, final WonSigner signer, final PrivateKey privateKey, final String privateKeyUri, final PublicKey publicKey) throws Exception { List<String> envUris = sigStage.getUnsignedEnvUrisOrderedByContainment(); WonSignatureData wonSignatureData = null; String outerEnvUri = null; for (String envUri : sigStage.getUnsignedEnvUrisOrderedByContainment()) { if (wonSignatureData != null) { //this is the signature of the envelope we signed in the last iteration. //add it to the current one: addSignature(wonSignatureData, envUri, msgDataset, true); } wonSignatureData = signer.sign(privateKey, privateKeyUri, publicKey, envUri).get(0); outerEnvUri = envUri; } //this is the signature of the outermost envelopoe. put it in a new graph. msgDataset.addNamedModel(wonSignatureData.getSignatureUri(), ModelFactory.createDefaultModel()); addSignature(wonSignatureData, wonSignatureData.getSignatureUri(), msgDataset, false); }
logger.debug("cannot verify signature {} as it is not part of this message ", wonSignatureData.getSignatureUri()); continue; if (sigString == null) { verificationState .setVerificationFailed(wonSignatureData.getSignatureUri(), "Failed to compute a signature value " + wonSignatureData.getSignatureUri()); return verificationState.isVerificationPassed(); verificationState.setVerificationFailed(wonSignatureData.getSignatureUri(), "Computed an empty signature value " + wonSignatureData.getSignatureUri()); return verificationState.isVerificationPassed(); if (publicKey == null) { verificationState .setVerificationFailed(wonSignatureData.getSignatureUri(), "No public key found for " + wonSignatureData.getSignatureUri()); return verificationState.isVerificationPassed(); verificationState.setVerificationFailed(wonSignatureData.getSignatureUri(), "Fingerprint computed for the " + "specified public key " + wonSignatureData.getVerificationCertificateUri() + " is " + fingerprint + ", " + "which differs from the value found in signature " + wonSignatureData.getSignatureUri()); return verificationState.isVerificationPassed(); String hashString = Base64.getEncoder().encodeToString(hashValue.toByteArray()); if (!wonSignatureData.getHash().equals(hashString)){ verificationState.setVerificationFailed(wonSignatureData.getSignatureUri(), "Computed hash value " + hashString + " differs from value " + wonSignatureData.getHash() + " found in signature " + wonSignatureData.getSignatureUri()); if (logger.isDebugEnabled()) {
/** * Adds the signature to the specified graph. * @param sigData * @param graphUri * @param msgDataset * @param graphIsEnvelope if true, a msg:containsSignature property is added to the graph URI */ public static void addSignature(final WonSignatureData sigData, final String graphUri, final Dataset msgDataset, boolean graphIsEnvelope) { Model envelopeGraph = msgDataset.getNamedModel(graphUri); Resource envelopeResource = envelopeGraph.createResource(graphUri); Resource sigNode = envelopeGraph.createResource(sigData.getSignatureUri()); if (graphIsEnvelope) { //only connect envelope to signature. pure signature graphs are not connected this way. envelopeResource.addProperty(WONMSG.CONTAINS_SIGNATURE_PROPERTY, sigNode); } WonRdfUtils.SignatureUtils.addSignature(sigNode, sigData); }