/**
   * Load a trusted list for the specified URL
   *
   * @param url
   * @param signingCertList
   * @return
   * @throws java.io.IOException
   */
  private TrustStatusList getTrustStatusList(
      final String url, final List<X509Certificate> signingCertList) {

    byte[] bytes = dataLoader.get(url);
    if (bytes == null) {

      throw new DSSNullReturnedException(url);
    }
    final Document doc = DSSXMLUtils.buildDOM(bytes);

    boolean coreValidity = true;
    if (checkSignature) {

      coreValidity = false;
      if (signingCertList != null) {

        final CommonTrustedCertificateSource commonTrustedCertificateSource =
            new CommonTrustedCertificateSource();
        for (final X509Certificate x509Certificate : signingCertList) {

          commonTrustedCertificateSource.addCertificate(x509Certificate);
        }
        final CertificateVerifier certificateVerifier = new CommonCertificateVerifier(true);
        certificateVerifier.setTrustedCertSource(commonTrustedCertificateSource);

        final DSSDocument dssDocument = new InMemoryDocument(bytes);
        final XMLDocumentValidator xmlDocumentValidator = new XMLDocumentValidator(dssDocument);
        xmlDocumentValidator.setCertificateVerifier(certificateVerifier);
        // To increase the security: the default {@code XPathQueryHolder} is used.
        final List<XPathQueryHolder> xPathQueryHolders = xmlDocumentValidator.getXPathQueryHolder();
        xPathQueryHolders.clear();
        final XPathQueryHolder xPathQueryHolder = new XPathQueryHolder();
        xPathQueryHolders.add(xPathQueryHolder);

        final List<AdvancedSignature> signatures = xmlDocumentValidator.getSignatures();
        if (signatures.size() == 0) {

          throw new DSSException("Not ETSI compliant signature. The Xml is not signed.");
        }

        xmlDocumentValidator.validateDocument();
        final SimpleReport simpleReport = xmlDocumentValidator.getSimpleReport();
        final List<String> signatureIdList = simpleReport.getSignatureIds();
        final String signatureId = signatureIdList.get(0);
        final String indication = simpleReport.getIndication(signatureId);
        coreValidity = Indication.VALID.equals(indication);
        LOG.info("The TSL signature validity: " + coreValidity);
        if (!coreValidity) {

          LOG.info("The TSL signature validity details:\n" + simpleReport);
          System.out.println(xmlDocumentValidator.getDiagnosticData());
          throw new DSSException("Not ETSI compliant signature. The signature is not valid.");
        }
      }
    }
    final TrustStatusList tsl = TrustServiceListFactory.newInstance(doc);
    tsl.setWellSigned(coreValidity);
    return tsl;
  }
Exemplo n.º 2
0
 private void mockDataLoader() {
   byte[] emptyOcspResponse = {48, 3, 10, 1, 6};
   when(dataLoader.post(anyString(), any(byte[].class))).thenReturn(emptyOcspResponse);
 }