private void writeCanonicalizedValue(final String xPathString, final String canonicalizationMethod, final ByteArrayOutputStream buffer) throws IOException { final Element element = DSSXMLUtils.getElement(signatureElement, xPathString); if (element != null) { final byte[] canonicalizedValue = DSSXMLUtils.canonicalizeSubtree(canonicalizationMethod, element); buffer.write(canonicalizedValue); } }
@Override public byte[] getTimestampX1Data(final TimestampToken timestampToken, String canonicalizationMethod) { canonicalizationMethod = timestampToken != null ? timestampToken.getCanonicalizationMethod() : canonicalizationMethod; final ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { writeCanonicalizedValue(xPathQueryHolder.XPATH_SIGNATURE_VALUE, canonicalizationMethod, buffer); final NodeList signatureTimeStampNode = DSSXMLUtils.getNodeList(signatureElement, xPathQueryHolder.XPATH_SIGNATURE_TIMESTAMP); if (signatureTimeStampNode != null) { for (int ii = 0; ii < signatureTimeStampNode.getLength(); ii++) { final Node item = signatureTimeStampNode.item(ii); final byte[] canonicalizedValue = DSSXMLUtils.canonicalizeSubtree(canonicalizationMethod, item); buffer.write(canonicalizedValue); } } writeCanonicalizedValue(xPathQueryHolder.XPATH_COMPLETE_CERTIFICATE_REFS, canonicalizationMethod, buffer); writeCanonicalizedValue(xPathQueryHolder.XPATH_COMPLETE_REVOCATION_REFS, canonicalizationMethod, buffer); if (LOG.isTraceEnabled()) { LOG.trace("X1Timestamp (SigAndRefsTimeStamp) canonicalised string:\n" + buffer.toString()); } return buffer.toByteArray(); } catch (IOException e) { throw new DSSException("Error when computing the SigAndRefsTimeStamp (X1Timestamp)", e); } }
/** * @throws DSSException */ protected void incorporateReferenceSignedProperties() throws DSSException { // <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xades-ide5c549340079fe19f3f90f03354a5965"> final Element reference = DSSXMLUtils.addElement(documentDom, signedInfoDom, XMLNS, DS_REFERENCE); reference.setAttribute(TYPE, xPathQueryHolder.XADES_SIGNED_PROPERTIES); reference.setAttribute(URI, "#xades-" + deterministicId); // <ds:Transforms> final Element transforms = DSSXMLUtils.addElement(documentDom, reference, XMLNS, DS_TRANSFORMS); // <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> final Element transform = DSSXMLUtils.addElement(documentDom, transforms, XMLNS, DS_TRANSFORM); transform.setAttribute(ALGORITHM, signedPropertiesCanonicalizationMethod); // </ds:Transforms> // <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> final DigestAlgorithm digestAlgorithm = params.getDigestAlgorithm(); incorporateDigestMethod(reference, digestAlgorithm); // <ds:DigestValue>b/JEDQH2S1Nfe4Z3GSVtObN34aVB1kMrEbVQZswThfQ=</ds:DigestValue> final byte[] canonicalizedBytes = DSSXMLUtils.canonicalizeSubtree(signedPropertiesCanonicalizationMethod, signedPropertiesDom); if (LOG.isTraceEnabled()) { LOG.trace("Canonicalization method --> {}", signedPropertiesCanonicalizationMethod); LOG.trace("Canonicalised REF_2 --> {}", new String(canonicalizedBytes)); } incorporateDigestValue(reference, digestAlgorithm, new InMemoryDocument(canonicalizedBytes)); }
canonicalizedValue = DSSXMLUtils.canonicalize(canonicalizationMethod, bytesToCanonicalize); } else { canonicalizedValue = DSSXMLUtils.canonicalizeSubtree(canonicalizationMethod, node); byte[] canonicalizedValue = DSSXMLUtils.canonicalizeSubtree(canonicalizationMethod, node); buffer.write(canonicalizedValue);
private byte[] applyTransformations(DSSDocument dssDocument, final List<DSSTransform> transforms, Node nodeToTransform, byte[] transformedReferenceBytes) { for (final DSSTransform transform : transforms) { final String transformAlgorithm = transform.getAlgorithm(); if (Transforms.TRANSFORM_XPATH.equals(transformAlgorithm)) { final DSSTransformXPath transformXPath = new DSSTransformXPath(transform); // At the moment it is impossible to go through a medium other than byte array (Set<Node>, octet stream, Node). Further investigation is needed. final byte[] transformedBytes = nodeToTransform == null ? transformXPath.transform(dssDocument) : transformXPath.transform(nodeToTransform); dssDocument = new InMemoryDocument(transformedBytes); nodeToTransform = DSSXMLUtils.buildDOM(dssDocument); } else if (DSSXMLUtils.canCanonicalize(transformAlgorithm)) { if (nodeToTransform == null) { nodeToTransform = DSSXMLUtils.buildDOM(dssDocument); } transformedReferenceBytes = DSSXMLUtils.canonicalizeSubtree(transformAlgorithm, nodeToTransform); // The supposition is made that the last transformation is the canonicalization break; } else if (CanonicalizationMethod.ENVELOPED.equals(transformAlgorithm)) { // do nothing the new signature is not existing yet! // removeExistingSignatures(document); } else { throw new DSSException("The transformation is not implemented yet, please transform the reference before signing!"); } } return transformedReferenceBytes; }
byte[] canonicalizedSignedInfo = DSSXMLUtils.canonicalizeSubtree(signedInfoCanonicalizationMethod, signedInfoDom); if (LOG.isTraceEnabled()) { LOG.trace("Canonicalized SignedInfo --> {}", new String(canonicalizedSignedInfo));