예제 #1
0
 public static Signature finalizeXadesXL_TM(SignedDoc sdoc, Signature sig)
     throws DigiDocException {
   if (m_logger.isDebugEnabled())
     m_logger.debug("Finalize XAdES-TM: " + sig.getId() + " profile: " + sig.getProfile());
   NotaryFactory notFac = ConfigManager.instance().getNotaryFactory();
   X509Certificate cert = sig.getKeyInfo().getSignersCertificate();
   boolean bUseLocal = ConfigManager.instance().getBooleanProperty("DIGIDOC_USE_LOCAL_TSL", false);
   TrustServiceFactory tslFac = ConfigManager.instance().getTslFactory();
   String ocspUrl = tslFac.findOcspUrlForCert(cert, 0, bUseLocal);
   if (ocspUrl == null)
     ocspUrl = ConfigManager.instance().getProperty("DIGIDOC_OCSP_RESPONDER_URL");
   X509Certificate caCert = tslFac.findCaForCert(cert, bUseLocal, null);
   if (m_logger.isDebugEnabled())
     m_logger.debug(
         "Get confirmation for cert: "
             + ((cert != null)
                 ? ConvertUtils.getCommonName(cert.getSubjectDN().getName())
                 : "NULL")
             + " CA: "
             + ((caCert != null)
                 ? ConvertUtils.getCommonName(caCert.getSubjectDN().getName())
                 : "NULL")
             + " URL: "
             + ((ocspUrl != null) ? ocspUrl : "NONE"));
   System.out.println("Get conf: " + sig.getId());
   Notary not = notFac.getConfirmation(sig, cert, caCert, null, ocspUrl);
   if (m_logger.isDebugEnabled()) m_logger.debug("Resp-id: " + not.getResponderId());
   String sRespId = ConvertUtils.getCommonName(not.getResponderId());
   // if(sRespId != null && sRespId.startsWith("byName: ")) sRespId = sRespId.substring("byName:
   // ".length());
   // if(sRespId != null && sRespId.startsWith("byKey: ")) sRespId = sRespId.substring("byKey:
   // ".length());
   X509Certificate rcert = notFac.getNotaryCert(sRespId, not.getCertNr());
   if (m_logger.isDebugEnabled())
     m_logger.debug(
         "Find responder cert by: "
             + sRespId
             + " and nr: "
             + not.getCertNr()
             + " found: "
             + ((rcert != null) ? "OK" : "NO")
             + " format: "
             + sdoc.getFormat());
   // if the request was successful then
   // create new data memebers
   if (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && (rcert != null)) {
     X509Certificate rcacert = tslFac.findCaForCert(rcert, bUseLocal, null);
     if (m_logger.isDebugEnabled())
       m_logger.debug(
           "Register responders CA: "
               + ((rcacert != null) ? rcacert.getSubjectDN().getName() : "NULL"));
     String caId =
         not.getId() + "-" + ConvertUtils.getCommonName(rcacert.getSubjectDN().getName());
     registerCert(rcacert, CertID.CERTID_TYPE_RESPONDER_CA, caId, sig);
   }
   // add notary to list
   // sig.getUnsignedProperties().addNotary(not);
   // add ocsp ref for this notary
   OcspRef orf =
       new OcspRef(
           "#" + not.getId(),
           not.getResponderId(),
           not.getProducedAt(),
           (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC)
               ? SignedDoc.SHA256_DIGEST_ALGORITHM_1
               : SignedDoc.SHA1_DIGEST_ALGORITHM),
           SignedDoc.digestOfType(
               not.getOcspResponseData(),
               (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC)
                   ? SignedDoc.SHA256_DIGEST_TYPE
                   : SignedDoc.SHA1_DIGEST_TYPE)));
   sig.getUnsignedProperties().getCompleteRevocationRefs().addOcspRef(orf);
   // mark status
   sig.setProfile(SignedDoc.BDOC_PROFILE_TM);
   // change profile
   if (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && sig.getPath() != null) {
     if (m_logger.isDebugEnabled()) m_logger.debug("Find signature: " + sig.getPath());
     ManifestFileEntry mfe = sdoc.findManifestEntryByPath(sig.getPath());
     if (mfe != null) {
       mfe.setMediaType(
           SignedDoc.MIME_SIGNATURE_BDOC_ + sdoc.getVersion() + "/" + sig.getProfile());
       if (m_logger.isDebugEnabled())
         m_logger.debug("Change signature: " + sig.getPath() + " type: " + mfe.getMediaType());
     }
   }
   // TODO: update certs and refs
   return sig;
 }
예제 #2
0
  public static Signature finalizeXadesT(SignedDoc sdoc, Signature sig) throws DigiDocException {
    if (m_logger.isDebugEnabled())
      m_logger.debug("Finalize XAdES-T: " + sig.getId() + " profile: " + sig.getProfile());
    UnsignedProperties usp = new UnsignedProperties(sig);
    sig.setUnsignedProperties(usp);
    if (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
      DigiDocXmlGenFactory genFac = new DigiDocXmlGenFactory(sdoc);
      TimestampFactory tsFac = ConfigManager.instance().getTimestampFactory();
      // get <SignatureValueTimeStamp>
      StringBuffer sb = new StringBuffer();
      String tsaUrl = ConfigManager.instance().getProperty("DIGIDOC_TSA_URL");
      genFac.signatureValue2xml(sb, sig.getSignatureValue(), true);
      String sSigValXml = sb.toString().trim();
      byte[] hash =
          SignedDoc.digestOfType(
              sSigValXml.getBytes(),
              (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC)
                  ? SignedDoc.SHA256_DIGEST_TYPE
                  : SignedDoc.SHA1_DIGEST_TYPE));
      if (m_logger.isDebugEnabled())
        m_logger.debug(
            "Get sig-val-ts for: "
                + Base64Util.encode(hash)
                + " uri: "
                + tsaUrl
                + " DATA:\n---\n"
                + sSigValXml
                + "\n---\n");
      TimeStampResponse tresp = tsFac.requestTimestamp(TSPAlgorithms.SHA1.getId(), hash, tsaUrl);
      if (tresp != null) {
        TimestampInfo ti =
            new TimestampInfo(
                sig.getId() + "-T0", sig, TimestampInfo.TIMESTAMP_TYPE_SIGNATURE, hash, tresp);
        ti.addIncludeInfo(new IncludeInfo("#" + sig.getId() + "-SIG"));
        sig.addTimestampInfo(ti);
        try {
          if (m_logger.isDebugEnabled())
            m_logger.debug("Timestamp: " + Base64Util.encode(tresp.getEncoded()));
        } catch (Exception ex) {
        }
        // sb = new StringBuffer();
        // genFac.timestampInfo2xml(sb, ti, true);
        // String sToXml = sb.toString();
        // TODO: add TSA refs and certs ? Not in TSL yet!
        sig.setProfile(SignedDoc.BDOC_PROFILE_T);
        try {
          X509Certificate cert =
              SignedDoc.readCertificate(
                  new java.io.File("/Users/veiko/workspace/jdigidoc/trunk/iaik-tsa.crt"));

          /*Store st = tresp.getTimeStampToken().getCertificates();
          if(st  != null) {
           SignerInformationStore  signers = st.getSignerInfos();
           Collection              c = signers.getSigners();
           Iterator                it = c.iterator();

           while (it.hasNext())
           {
               SignerInformation   signer = (SignerInformation)it.next();
               Collection          certCollection = certStore.getMatches(signer.getSID());

               Iterator              certIt = certCollection.iterator();
               X509CertificateHolder cert = (X509CertificateHolder)certIt.next();


           }
          }*/
        } catch (Exception ex) {
          m_logger.error("Error ts: " + ex);
        }
      }
    }
    return sig;
  }