public static Signature finalizeXadesXL_TM(SignedDoc sdoc, Signature sig)
throws DigiDocException {
if (m_logger.isDebugEnabled())
m_logger.debug("Finalize XAdES-TM: " + sig.getId() + " profile: " + sig.getProfile());
NotaryFactory notFac = ConfigManager.instance().getNotaryFactory();
X509Certificate cert = sig.getKeyInfo().getSignersCertificate();
boolean bUseLocal = ConfigManager.instance().getBooleanProperty("DIGIDOC_USE_LOCAL_TSL", false);
TrustServiceFactory tslFac = ConfigManager.instance().getTslFactory();
String ocspUrl = tslFac.findOcspUrlForCert(cert, 0, bUseLocal);
if (ocspUrl == null)
ocspUrl = ConfigManager.instance().getProperty("DIGIDOC_OCSP_RESPONDER_URL");
X509Certificate caCert = tslFac.findCaForCert(cert, bUseLocal, null);
if (m_logger.isDebugEnabled())
m_logger.debug(
"Get confirmation for cert: "
+ ((cert != null)
? ConvertUtils.getCommonName(cert.getSubjectDN().getName())
: "NULL")
+ " CA: "
+ ((caCert != null)
? ConvertUtils.getCommonName(caCert.getSubjectDN().getName())
: "NULL")
+ " URL: "
+ ((ocspUrl != null) ? ocspUrl : "NONE"));
System.out.println("Get conf: " + sig.getId());
Notary not = notFac.getConfirmation(sig, cert, caCert, null, ocspUrl);
if (m_logger.isDebugEnabled()) m_logger.debug("Resp-id: " + not.getResponderId());
String sRespId = ConvertUtils.getCommonName(not.getResponderId());
// if(sRespId != null && sRespId.startsWith("byName: ")) sRespId = sRespId.substring("byName:
// ".length());
// if(sRespId != null && sRespId.startsWith("byKey: ")) sRespId = sRespId.substring("byKey:
// ".length());
X509Certificate rcert = notFac.getNotaryCert(sRespId, not.getCertNr());
if (m_logger.isDebugEnabled())
m_logger.debug(
"Find responder cert by: "
+ sRespId
+ " and nr: "
+ not.getCertNr()
+ " found: "
+ ((rcert != null) ? "OK" : "NO")
+ " format: "
+ sdoc.getFormat());
// if the request was successful then
// create new data memebers
if (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && (rcert != null)) {
X509Certificate rcacert = tslFac.findCaForCert(rcert, bUseLocal, null);
if (m_logger.isDebugEnabled())
m_logger.debug(
"Register responders CA: "
+ ((rcacert != null) ? rcacert.getSubjectDN().getName() : "NULL"));
String caId =
not.getId() + "-" + ConvertUtils.getCommonName(rcacert.getSubjectDN().getName());
registerCert(rcacert, CertID.CERTID_TYPE_RESPONDER_CA, caId, sig);
}
// add notary to list
// sig.getUnsignedProperties().addNotary(not);
// add ocsp ref for this notary
OcspRef orf =
new OcspRef(
"#" + not.getId(),
not.getResponderId(),
not.getProducedAt(),
(sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC)
? SignedDoc.SHA256_DIGEST_ALGORITHM_1
: SignedDoc.SHA1_DIGEST_ALGORITHM),
SignedDoc.digestOfType(
not.getOcspResponseData(),
(sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC)
? SignedDoc.SHA256_DIGEST_TYPE
: SignedDoc.SHA1_DIGEST_TYPE)));
sig.getUnsignedProperties().getCompleteRevocationRefs().addOcspRef(orf);
// mark status
sig.setProfile(SignedDoc.BDOC_PROFILE_TM);
// change profile
if (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && sig.getPath() != null) {
if (m_logger.isDebugEnabled()) m_logger.debug("Find signature: " + sig.getPath());
ManifestFileEntry mfe = sdoc.findManifestEntryByPath(sig.getPath());
if (mfe != null) {
mfe.setMediaType(
SignedDoc.MIME_SIGNATURE_BDOC_ + sdoc.getVersion() + "/" + sig.getProfile());
if (m_logger.isDebugEnabled())
m_logger.debug("Change signature: " + sig.getPath() + " type: " + mfe.getMediaType());
}
}
// TODO: update certs and refs
return sig;
}
public static Signature finalizeXadesT(SignedDoc sdoc, Signature sig) throws DigiDocException {
if (m_logger.isDebugEnabled())
m_logger.debug("Finalize XAdES-T: " + sig.getId() + " profile: " + sig.getProfile());
UnsignedProperties usp = new UnsignedProperties(sig);
sig.setUnsignedProperties(usp);
if (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
DigiDocXmlGenFactory genFac = new DigiDocXmlGenFactory(sdoc);
TimestampFactory tsFac = ConfigManager.instance().getTimestampFactory();
// get <SignatureValueTimeStamp>
StringBuffer sb = new StringBuffer();
String tsaUrl = ConfigManager.instance().getProperty("DIGIDOC_TSA_URL");
genFac.signatureValue2xml(sb, sig.getSignatureValue(), true);
String sSigValXml = sb.toString().trim();
byte[] hash =
SignedDoc.digestOfType(
sSigValXml.getBytes(),
(sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC)
? SignedDoc.SHA256_DIGEST_TYPE
: SignedDoc.SHA1_DIGEST_TYPE));
if (m_logger.isDebugEnabled())
m_logger.debug(
"Get sig-val-ts for: "
+ Base64Util.encode(hash)
+ " uri: "
+ tsaUrl
+ " DATA:\n---\n"
+ sSigValXml
+ "\n---\n");
TimeStampResponse tresp = tsFac.requestTimestamp(TSPAlgorithms.SHA1.getId(), hash, tsaUrl);
if (tresp != null) {
TimestampInfo ti =
new TimestampInfo(
sig.getId() + "-T0", sig, TimestampInfo.TIMESTAMP_TYPE_SIGNATURE, hash, tresp);
ti.addIncludeInfo(new IncludeInfo("#" + sig.getId() + "-SIG"));
sig.addTimestampInfo(ti);
try {
if (m_logger.isDebugEnabled())
m_logger.debug("Timestamp: " + Base64Util.encode(tresp.getEncoded()));
} catch (Exception ex) {
}
// sb = new StringBuffer();
// genFac.timestampInfo2xml(sb, ti, true);
// String sToXml = sb.toString();
// TODO: add TSA refs and certs ? Not in TSL yet!
sig.setProfile(SignedDoc.BDOC_PROFILE_T);
try {
X509Certificate cert =
SignedDoc.readCertificate(
new java.io.File("/Users/veiko/workspace/jdigidoc/trunk/iaik-tsa.crt"));
/*Store st = tresp.getTimeStampToken().getCertificates();
if(st != null) {
SignerInformationStore signers = st.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certStore.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
}
}*/
} catch (Exception ex) {
m_logger.error("Error ts: " + ex);
}
}
}
return sig;
}