@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
throws ResourceResolverException {
final Attr uriAttr = context.attr;
final String baseUriString = context.baseUri;
String documentUri = uriAttr.getNodeValue();
documentUri = decodeUrl(documentUri);
final DSSDocument document = getDocument(documentUri);
if (document != null) {
// The input stream is closed automatically by XMLSignatureInput class
// TODO-Bob (05/09/2014): There is an error concerning the input streams base64 encoded. Some
// extra bytes are added within the santuario which breaks the HASH.
// TODO-Vin (05/09/2014): Can you create an isolated test-case JIRA DSS-?
InputStream inputStream = document.openStream();
// final byte[] bytes = DSSUtils.toByteArray(inputStream);
// final String string = new String(bytes);
// inputStream = DSSUtils.toInputStream(bytes);
final XMLSignatureInput result = new XMLSignatureInput(inputStream);
result.setSourceURI(documentUri);
final MimeType mimeType = document.getMimeType();
if (mimeType != null) {
result.setMIMEType(mimeType.getMimeTypeString());
}
return result;
} else {
Object exArgs[] = {"The uriNodeValue " + documentUri + " is not configured for offline work"};
throw new ResourceResolverException(
"generic.EmptyMessage", exArgs, documentUri, baseUriString);
}
}
private DSSDocument isKnown(final String documentUri) {
for (final DSSDocument dssDocument : documents) {
if (isRightDocument(documentUri, dssDocument)) {
return dssDocument;
}
DSSDocument nextDssDocument = dssDocument.getNextDocument();
while (nextDssDocument != null) {
if (isRightDocument(documentUri, nextDssDocument)) {
return nextDssDocument;
}
nextDssDocument = nextDssDocument.getNextDocument();
}
}
return null;
}
/**
* If the {@code DSSDocument} is a CMS message and the signed content's content is not null then
* the {@code CMSSignedData} is returned. All exceptions are hidden
*
* @param dssDocument
* @return {@code CMSSignedData} or {@code null}
*/
public static CMSSignedData getOriginalSignedData(final DSSDocument dssDocument) {
CMSSignedData originalSignedData = null;
try {
// check if input toSignDocument is already signed
originalSignedData = new CMSSignedData(dssDocument.getBytes());
if (originalSignedData.getSignedContent().getContent() == null) {
originalSignedData = null;
}
} catch (Exception e) {
// not a parallel signature
}
return originalSignedData;
}
private static boolean isRightDocument(final String documentUri, final DSSDocument document) {
final String documentUri_ = document.getName();
if (documentUri.equals(documentUri_)) {
return true;
}
final int length = documentUri.length();
final int length_ = documentUri_.length();
// For the file name as "/toto.txt"
final boolean case1 = documentUri.startsWith("/") && length - 1 == length_;
// For the file name as "./toto.txt"
final boolean case2 = documentUri.startsWith("./") && length - 2 == length_;
if (documentUri.endsWith(documentUri_) && (case1 || case2)) {
return true;
}
return false;
}
/**
* @throws IOException
* @throws NoSuchAlgorithmException
* @throws DSSException
*/
public void signDocument() throws IOException, NoSuchAlgorithmException, DSSException {
final SignatureModel model = getModel();
final File fileToSign = model.getSelectedFile();
final SignatureTokenConnection tokenConnection = model.getTokenConnection();
final DSSPrivateKeyEntry privateKey = model.getSelectedPrivateKey();
final SignatureParameters parameters = new SignatureParameters();
parameters.setPrivateKeyEntry(privateKey);
parameters.setSigningToken(tokenConnection);
DigestAlgorithm digestAlgorithm = model.getSignatureDigestAlgorithm();
if (digestAlgorithm == null) {
parameters.setDigestAlgorithm(DigestAlgorithm.SHA256);
} else {
parameters.setDigestAlgorithm(digestAlgorithm);
}
if (model.isTslSignatureCheck()) {
parameters.clearCertificateChain();
parameters.setCertificateChain(parameters.getSigningCertificate());
parameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B);
parameters.setSignaturePackaging(SignaturePackaging.ENVELOPED);
final List<DSSReference> references = new ArrayList<DSSReference>();
DSSReference dssReference = new DSSReference();
dssReference.setId("xml_ref_id");
dssReference.setUri("");
final List<DSSTransform> transforms = new ArrayList<DSSTransform>();
DSSTransform dssTransform = new DSSTransform();
dssTransform.setAlgorithm(CanonicalizationMethod.ENVELOPED);
transforms.add(dssTransform);
dssTransform = new DSSTransform();
dssTransform.setAlgorithm(CanonicalizationMethod.EXCLUSIVE);
transforms.add(dssTransform);
dssReference.setTransforms(transforms);
references.add(dssReference);
// System.out.println("###APPLET - REFERENCES:");
// for (DSSReference reference : references) {
// System.out.println(" --> " + reference.getId() + "/" + reference.getUri() + "/" +
// reference.getType());
// final List<DSSTransform> transforms_ = reference.getTransforms();
// for (DSSTransform transform : transforms_) {
//
// System.out.println(" --> ---> " + transform.getElementName() + "/" +
// transform.getTextContent() + "/" + transform.getAlgorithm());
// }
// }
parameters.setReferences(references);
} else {
final String signatureLevelString = model.getLevel();
final SignatureLevel signatureLevel = SignatureLevel.valueByName(signatureLevelString);
parameters.setSignatureLevel(signatureLevel);
parameters.setSignaturePackaging(model.getPackaging());
if (model.isClaimedCheck()) {
parameters.bLevel().addClaimedSignerRole(model.getClaimedRole());
}
if (model.isSignaturePolicyCheck()) {
final byte[] hashValue = DSSUtils.base64Decode(model.getSignaturePolicyValue());
final Policy policy = new Policy();
policy.setId(model.getSignaturePolicyId());
final DigestAlgorithm policyDigestAlgorithm =
DigestAlgorithm.forName(model.getSignaturePolicyAlgo());
policy.setDigestAlgorithm(policyDigestAlgorithm);
policy.setDigestValue(hashValue);
parameters.bLevel().setSignaturePolicy(policy);
}
}
final DSSDocument signedDocument =
SigningUtils.signDocument(serviceURL, fileToSign, parameters);
final FileOutputStream fos = new FileOutputStream(model.getTargetFile());
DSSUtils.copy(signedDocument.openStream(), fos);
fos.close();
}