/** * Initialize the xml signing environment and the bouncycastle provider */ protected static synchronized void initXmlProvider() { if (isInitialized) { return; } isInitialized = true; try { Init.init(); RelationshipTransformService.registerDsigProvider(); CryptoFunctions.registerBouncyCastle(); } catch (Exception e) { throw new RuntimeException("Xml & BouncyCastle-Provider initialization failed", e); } }
/** * Adds a CRL to this revocation data set. * * @param crl */ public void addCRL(X509CRL crl) { byte[] encodedCrl; try { encodedCrl = crl.getEncoded(); } catch (CRLException e) { throw new IllegalArgumentException("CRL coding error: " + e.getMessage(), e); } addCRL(encodedCrl); }
RevocationData tsaRevocationDataXadesT = new RevocationData(); LOG.log(POILogger.DEBUG, "creating XAdES-T time-stamp"); XAdESTimeStampType signatureTimeStamp = createXAdESTimeStamp if (tsaRevocationDataXadesT.hasRevocationDataEntries()) { ValidationDataType validationData = createValidationData(tsaRevocationDataXadesT); insertXChild(unsignedSigProps, validationData); unsignedSigProps.addNewCompleteRevocationRefs(); RevocationData revocationData = signatureConfig.getRevocationDataService() .getRevocationData(certChain); if (revocationData.hasCRLs()) { CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs(); completeRevocationRefs.setCRLRefs(crlRefs); for (byte[] encodedCrl : revocationData.getCRLs()) { CRLRefType crlRef = crlRefs.addNewCRLRef(); X509CRL crl; if (revocationData.hasOCSPs()) { OCSPRefsType ocspRefs = completeRevocationRefs.addNewOCSPRefs(); for (byte[] ocsp : revocationData.getOCSPs()) { try { OCSPRefType ocspRef = ocspRefs.addNewOCSPRef(); RevocationData tsaRevocationDataXadesX1 = new RevocationData(); LOG.log(POILogger.DEBUG, "creating XAdES-X time-stamp"); XAdESTimeStampType timeStampXadesX1 = createXAdESTimeStamp (timeStampNodesXadesX1, tsaRevocationDataXadesX1);
private void createRevocationValues( RevocationValuesType revocationValues, RevocationData revocationData) { if (revocationData.hasCRLs()) { CRLValuesType crlValues = revocationValues.addNewCRLValues(); for (byte[] crl : revocationData.getCRLs()) { EncapsulatedPKIDataType encapsulatedCrlValue = crlValues.addNewEncapsulatedCRLValue(); encapsulatedCrlValue.setByteArrayValue(crl); } } if (revocationData.hasOCSPs()) { OCSPValuesType ocspValues = revocationValues.addNewOCSPValues(); for (byte[] ocsp : revocationData.getOCSPs()) { EncapsulatedPKIDataType encapsulatedOcspValue = ocspValues.addNewEncapsulatedOCSPValue(); encapsulatedOcspValue.setByteArrayValue(ocsp); } } } }
objectIdentifier.setDescription(policyService.getSignaturePolicyDescription()); identifier.setStringValue(policyService.getSignaturePolicyIdentifier()); byte[] signaturePolicyDocumentData = policyService.getSignaturePolicyDocument(); DigestAlgAndValueType sigPolicyHash = signaturePolicyId.addNewSigPolicyHash(); setDigestAlgAndValue(sigPolicyHash, signaturePolicyDocumentData, signatureConfig.getDigestAlgo()); String signaturePolicyDownloadUrl = policyService.getSignaturePolicyDownloadUrl(); if (null != signaturePolicyDownloadUrl) { SigPolicyQualifiersListType sigPolicyQualifiers = signaturePolicyId.addNewSigPolicyQualifiers();
RelationshipTransformParameterSpec parameterSpec = new RelationshipTransformParameterSpec(); for (PackageRelationship relationship : prc) { String relationshipType = relationship.getRelationshipType(); parameterSpec.addRelationshipReference(relationship.getId()); if (parameterSpec.hasSourceIds()) { List<Transform> transforms = new ArrayList<>(); transforms.add(newTransform(RelationshipTransformService.TRANSFORM_URI, parameterSpec));
requestGenerator.setReqPolicy(new ASN1ObjectIdentifier(requestPolicy)); ASN1ObjectIdentifier digestAlgoOid = mapDigestAlgoToOID(signatureConfig.getTspDigestAlgo()); TimeStampRequest request = requestGenerator.generate(digestAlgoOid, digest, nonce); byte[] encodedRequest = request.getEncoded(); signatureConfig.getTspValidator().validate(tspCertificateChain, revocationData);
private XAdESTimeStampType createXAdESTimeStamp(byte[] data, RevocationData revocationData) { // create the time-stamp byte[] timeStampToken; try { timeStampToken = signatureConfig.getTspService().timeStamp(data, revocationData); } catch (Exception e) { throw new RuntimeException("error while creating a time-stamp: " + e.getMessage(), e); } // create a XAdES time-stamp container XAdESTimeStampType xadesTimeStamp = XAdESTimeStampType.Factory.newInstance(); xadesTimeStamp.setId("time-stamp-" + UUID.randomUUID()); CanonicalizationMethodType c14nMethod = xadesTimeStamp.addNewCanonicalizationMethod(); c14nMethod.setAlgorithm(signatureConfig.getXadesCanonicalizationMethod()); // embed the time-stamp EncapsulatedPKIDataType encapsulatedTimeStamp = xadesTimeStamp.addNewEncapsulatedTimeStamp(); encapsulatedTimeStamp.setByteArrayValue(timeStampToken); encapsulatedTimeStamp.setId("time-stamp-token-" + UUID.randomUUID()); return xadesTimeStamp; }
tspService.setSignatureConfig(this);
RevocationData tsaRevocationDataXadesT = new RevocationData(); LOG.log(POILogger.DEBUG, "creating XAdES-T time-stamp"); XAdESTimeStampType signatureTimeStamp = createXAdESTimeStamp if (tsaRevocationDataXadesT.hasRevocationDataEntries()) { ValidationDataType validationData = createValidationData(tsaRevocationDataXadesT); insertXChild(unsignedSigProps, validationData); unsignedSigProps.addNewCompleteRevocationRefs(); RevocationData revocationData = signatureConfig.getRevocationDataService() .getRevocationData(certChain); if (revocationData.hasCRLs()) { CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs(); completeRevocationRefs.setCRLRefs(crlRefs); for (byte[] encodedCrl : revocationData.getCRLs()) { CRLRefType crlRef = crlRefs.addNewCRLRef(); X509CRL crl; if (revocationData.hasOCSPs()) { OCSPRefsType ocspRefs = completeRevocationRefs.addNewOCSPRefs(); for (byte[] ocsp : revocationData.getOCSPs()) { try { OCSPRefType ocspRef = ocspRefs.addNewOCSPRef(); RevocationData tsaRevocationDataXadesX1 = new RevocationData(); LOG.log(POILogger.DEBUG, "creating XAdES-X time-stamp"); XAdESTimeStampType timeStampXadesX1 = createXAdESTimeStamp (timeStampNodesXadesX1, tsaRevocationDataXadesX1);
private void createRevocationValues( RevocationValuesType revocationValues, RevocationData revocationData) { if (revocationData.hasCRLs()) { CRLValuesType crlValues = revocationValues.addNewCRLValues(); for (byte[] crl : revocationData.getCRLs()) { EncapsulatedPKIDataType encapsulatedCrlValue = crlValues.addNewEncapsulatedCRLValue(); encapsulatedCrlValue.setByteArrayValue(crl); } } if (revocationData.hasOCSPs()) { OCSPValuesType ocspValues = revocationValues.addNewOCSPValues(); for (byte[] ocsp : revocationData.getOCSPs()) { EncapsulatedPKIDataType encapsulatedOcspValue = ocspValues.addNewEncapsulatedOCSPValue(); encapsulatedOcspValue.setByteArrayValue(ocsp); } } } }
objectIdentifier.setDescription(policyService.getSignaturePolicyDescription()); identifier.setStringValue(policyService.getSignaturePolicyIdentifier()); byte[] signaturePolicyDocumentData = policyService.getSignaturePolicyDocument(); DigestAlgAndValueType sigPolicyHash = signaturePolicyId.addNewSigPolicyHash(); setDigestAlgAndValue(sigPolicyHash, signaturePolicyDocumentData, signatureConfig.getDigestAlgo()); String signaturePolicyDownloadUrl = policyService.getSignaturePolicyDownloadUrl(); if (null != signaturePolicyDownloadUrl) { SigPolicyQualifiersListType sigPolicyQualifiers = signaturePolicyId.addNewSigPolicyQualifiers();
RelationshipTransformParameterSpec parameterSpec = new RelationshipTransformParameterSpec(); for (PackageRelationship relationship : prc) { String relationshipType = relationship.getRelationshipType(); parameterSpec.addRelationshipReference(relationship.getId()); if (parameterSpec.hasSourceIds()) { List<Transform> transforms = new ArrayList<>(); transforms.add(newTransform(RelationshipTransformService.TRANSFORM_URI, parameterSpec));
requestGenerator.setReqPolicy(new ASN1ObjectIdentifier(requestPolicy)); ASN1ObjectIdentifier digestAlgoOid = mapDigestAlgoToOID(signatureConfig.getTspDigestAlgo()); TimeStampRequest request = requestGenerator.generate(digestAlgoOid, digest, nonce); byte[] encodedRequest = request.getEncoded(); signatureConfig.getTspValidator().validate(tspCertificateChain, revocationData);
/** * Initialize the xml signing environment and the bouncycastle provider */ protected static synchronized void initXmlProvider() { if (isInitialized) { return; } isInitialized = true; try { Init.init(); RelationshipTransformService.registerDsigProvider(); CryptoFunctions.registerBouncyCastle(); } catch (Exception e) { throw new RuntimeException("Xml & BouncyCastle-Provider initialization failed", e); } }
/** * Adds a CRL to this revocation data set. * * @param crl */ public void addCRL(X509CRL crl) { byte[] encodedCrl; try { encodedCrl = crl.getEncoded(); } catch (CRLException e) { throw new IllegalArgumentException("CRL coding error: " + e.getMessage(), e); } addCRL(encodedCrl); }
private XAdESTimeStampType createXAdESTimeStamp(byte[] data, RevocationData revocationData) { // create the time-stamp byte[] timeStampToken; try { timeStampToken = signatureConfig.getTspService().timeStamp(data, revocationData); } catch (Exception e) { throw new RuntimeException("error while creating a time-stamp: " + e.getMessage(), e); } // create a XAdES time-stamp container XAdESTimeStampType xadesTimeStamp = XAdESTimeStampType.Factory.newInstance(); xadesTimeStamp.setId("time-stamp-" + UUID.randomUUID()); CanonicalizationMethodType c14nMethod = xadesTimeStamp.addNewCanonicalizationMethod(); c14nMethod.setAlgorithm(signatureConfig.getXadesCanonicalizationMethod()); // embed the time-stamp EncapsulatedPKIDataType encapsulatedTimeStamp = xadesTimeStamp.addNewEncapsulatedTimeStamp(); encapsulatedTimeStamp.setByteArrayValue(timeStampToken); encapsulatedTimeStamp.setId("time-stamp-token-" + UUID.randomUUID()); return xadesTimeStamp; }