private void validatePolicy(Reports reports) {
DiagnosticData diagnosticData = reports.getDiagnosticData();
List<SignatureWrapper> signatures = diagnosticData.getSignatures();
SignatureWrapper signatureWrapper = signatures.get(0);
String policyId = diagnosticData.getPolicyId();
assertEquals("2.16.724.1.3.1.1.2.1.9", policyId);
assertEquals(
"https://sede.060.gob.es/politica_de_firma_anexo_1.pdf", signatureWrapper.getPolicyUrl());
assertFalse(signatureWrapper.isPolicyAsn1Processable());
assertTrue(signatureWrapper.isPolicyIdentified());
assertTrue(signatureWrapper.isPolicyStatus());
}
/**
* This method returns the type of the qualification of the signature (signing certificate).
*
* @param signCert
* @return
*/
private SignatureType getSignatureType(final String certificateId) {
CertificateWrapper certificate = diagnosticData.getUsedCertificateByIdNullSafe(certificateId);
final CertificateQualification certQualification = new CertificateQualification();
certQualification.setQcp(CertificatePolicyIdentifiers.isQCP(certificate));
certQualification.setQcpp(CertificatePolicyIdentifiers.isQCPPlus(certificate));
certQualification.setQcc(QCStatementPolicyIdentifiers.isQCCompliant(certificate));
certQualification.setQcsscd(QCStatementPolicyIdentifiers.isSupportedByQSCD(certificate));
final TLQualification trustedListQualification = new TLQualification();
final String serviceType = certificate.getCertificateTSPServiceType();
final List<String> qualifiers = certificate.getCertificateTSPServiceQualifiers();
trustedListQualification.setCaqc(ServiceQualification.isCaQc(serviceType));
trustedListQualification.setQcCNoSSCD(ServiceQualification.isQcNoSSCD(qualifiers));
trustedListQualification.setQcForLegalPerson(
ServiceQualification.isQcForLegalPerson(qualifiers));
trustedListQualification.setQcSSCDAsInCert(
ServiceQualification.isQcSscdStatusAsInCert(qualifiers));
trustedListQualification.setQcWithSSCD(ServiceQualification.isQcWithSSCD(qualifiers));
trustedListQualification.setQcStatement(ServiceQualification.isQcStatement(qualifiers));
final SignatureType signatureType =
SignatureQualification.getSignatureType(certQualification, trustedListQualification);
return signatureType;
}
private void addSignatures(SimpleReport simpleReport) throws DSSException {
validSignatureCount = 0;
totalSignatureCount = 0;
List<SignatureWrapper> signatures = diagnosticData.getSignatures();
for (SignatureWrapper signature : signatures) {
addSignature(simpleReport, signature);
}
}
@Test
public void test() throws Exception {
DSSDocument documentToSign = new InMemoryDocument("Hello World".getBytes());
CertificateService certificateService = new CertificateService();
MockPrivateKeyEntry privateKeyEntry =
certificateService.generateCertificateChain(SignatureAlgorithm.RSA_SHA256);
CAdESSignatureParameters signatureParameters = new CAdESSignatureParameters();
signatureParameters.bLevel().setSigningDate(new Date());
signatureParameters.setSigningCertificate(privateKeyEntry.getCertificate());
signatureParameters.setCertificateChain(privateKeyEntry.getCertificateChain());
signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING);
signatureParameters.setSignatureLevel(SignatureLevel.CAdES_BASELINE_LTA);
CertificateVerifier certificateVerifier = new CommonCertificateVerifier();
CAdESService service = new CAdESService(certificateVerifier);
service.setTspSource(
new MockTSPSource(certificateService.generateTspCertificate(SignatureAlgorithm.RSA_SHA1)));
ToBeSigned toBeSigned = service.getDataToSign(documentToSign, signatureParameters);
SignatureValue signatureValue =
TestUtils.sign(signatureParameters.getSignatureAlgorithm(), privateKeyEntry, toBeSigned);
final DSSDocument signedDocument =
service.signDocument(documentToSign, signatureParameters, signatureValue);
SignedDocumentValidator validator = SignedDocumentValidator.fromDocument(signedDocument);
validator.setCertificateVerifier(new CommonCertificateVerifier());
Reports report = validator.validateDocument();
// report.print();
DiagnosticData diagnostic = report.getDiagnosticData();
String timestampId = diagnostic.getSignatures().get(0).getTimestampList().get(0).getId();
for (TimestampWrapper wrapper : diagnostic.getTimestampList(diagnostic.getFirstSignatureId())) {
if (wrapper.getType().equals(TimestampType.ARCHIVE_TIMESTAMP.toString())) {
Assert.assertEquals(
timestampId, wrapper.getSignedObjects().getTimestampedTimestamp().get(0).getId());
}
}
}
public void init(DiagnosticData diagnosticData, Date currentTime) {
Set<SignatureWrapper> signatures = diagnosticData.getAllSignatures();
for (SignatureWrapper signature : signatures) {
addPOE(signature.getId(), currentTime);
}
Set<TimestampWrapper> timestamps = diagnosticData.getAllTimestamps();
for (TimestampWrapper timestamp : timestamps) {
addPOE(timestamp.getId(), currentTime);
}
List<CertificateWrapper> usedCertificates = diagnosticData.getUsedCertificates();
for (CertificateWrapper certificate : usedCertificates) {
addPOE(certificate.getId(), currentTime);
Set<RevocationWrapper> revocations = certificate.getRevocationData();
if (CollectionUtils.isNotEmpty(revocations)) {
for (RevocationWrapper revocation : revocations) {
if (RevocationOrigin.SIGNATURE.name().equals(revocation.getOrigin())) {
addPOE(revocation.getId(), currentTime);
}
}
}
}
}
private void addSignedBy(
final SignatureWrapper diagnosticSignature, final XmlSignature xmlSignature) {
String unknown = "?";
String signedBy = unknown;
String certificateId = diagnosticSignature.getSigningCertificateId();
if (StringUtils.isNotEmpty(certificateId)) {
signedBy = diagnosticData.getUsedCertificateById(certificateId).getCommonName();
if (signedBy.equals(StringUtils.EMPTY)) {
signedBy = diagnosticData.getUsedCertificateById(certificateId).getGivenName();
if (signedBy.equals(StringUtils.EMPTY)) {
signedBy = diagnosticData.getUsedCertificateById(certificateId).getSurname();
if (signedBy.equals(StringUtils.EMPTY)) {
signedBy = diagnosticData.getUsedCertificateById(certificateId).getPseudo();
if (signedBy.equals(StringUtils.EMPTY)) {
signedBy = unknown;
}
}
}
}
}
xmlSignature.setSignedBy(signedBy);
}
private String getCertificateIdByDigest(
XmlDigestAlgAndValueType digestAlgoValue, DiagnosticData diagnosticData) {
List<CertificateWrapper> certificates = diagnosticData.getUsedCertificates();
if (CollectionUtils.isNotEmpty(certificates)) {
for (CertificateWrapper certificate : certificates) {
List<XmlDigestAlgAndValueType> digestAlgAndValues = certificate.getDigestAlgAndValue();
if (CollectionUtils.isNotEmpty(digestAlgAndValues)) {
for (XmlDigestAlgAndValueType certificateDigestAndValue : digestAlgAndValues) {
if (StringUtils.equals(
certificateDigestAndValue.getDigestMethod(), digestAlgoValue.getDigestMethod())
&& StringUtils.equals(
certificateDigestAndValue.getDigestValue(), digestAlgoValue.getDigestValue())) {
return certificate.getId();
}
}
}
}
}
return null;
}
private String getRevocationIdByDigest(
XmlDigestAlgAndValueType digestAlgoValue, DiagnosticData diagnosticData) {
List<CertificateWrapper> certificates = diagnosticData.getUsedCertificates();
if (CollectionUtils.isNotEmpty(certificates)) {
for (CertificateWrapper certificate : certificates) {
Set<RevocationWrapper> revocations = certificate.getRevocationData();
if (CollectionUtils.isNotEmpty(revocations)) {
for (RevocationWrapper revocationData : revocations) {
List<XmlDigestAlgAndValueType> digestAlgAndValues =
revocationData.getDigestAlgAndValue();
for (XmlDigestAlgAndValueType revocDigestAndValue : digestAlgAndValues) {
if (StringUtils.equals(
revocDigestAndValue.getDigestMethod(), digestAlgoValue.getDigestMethod())
&& StringUtils.equals(
revocDigestAndValue.getDigestValue(), digestAlgoValue.getDigestValue())) {
return revocationData.getId();
}
}
}
}
}
}
return null;
}
private void addDocumentName(SimpleReport report) {
report.setDocumentName(diagnosticData.getDocumentName());
}