public static Signature finalizeXadesC(SignedDoc sdoc, Signature sig) throws DigiDocException { if (m_logger.isDebugEnabled()) m_logger.debug("Finalize XAdES-C: " + sig.getId() + " profile: " + sig.getProfile()); CompleteRevocationRefs rrefs = new CompleteRevocationRefs(); CompleteCertificateRefs crefs = new CompleteCertificateRefs(); UnsignedProperties usp = sig.getUnsignedProperties(); if (usp == null) { usp = new UnsignedProperties(sig); sig.setUnsignedProperties(usp); } usp.setCompleteCertificateRefs(crefs); usp.setCompleteRevocationRefs(rrefs); rrefs.setUnsignedProperties(usp); crefs.setUnsignedProperties(usp); sig.setUnsignedProperties(usp); sig.setProfile(SignedDoc.BDOC_PROFILE_CL); // TODO: update certs and refs return sig; }
public static Signature finalizeXadesXL_TM(SignedDoc sdoc, Signature sig) throws DigiDocException { if (m_logger.isDebugEnabled()) m_logger.debug("Finalize XAdES-TM: " + sig.getId() + " profile: " + sig.getProfile()); NotaryFactory notFac = ConfigManager.instance().getNotaryFactory(); X509Certificate cert = sig.getKeyInfo().getSignersCertificate(); boolean bUseLocal = ConfigManager.instance().getBooleanProperty("DIGIDOC_USE_LOCAL_TSL", false); TrustServiceFactory tslFac = ConfigManager.instance().getTslFactory(); String ocspUrl = tslFac.findOcspUrlForCert(cert, 0, bUseLocal); if (ocspUrl == null) ocspUrl = ConfigManager.instance().getProperty("DIGIDOC_OCSP_RESPONDER_URL"); X509Certificate caCert = tslFac.findCaForCert(cert, bUseLocal, null); if (m_logger.isDebugEnabled()) m_logger.debug( "Get confirmation for cert: " + ((cert != null) ? ConvertUtils.getCommonName(cert.getSubjectDN().getName()) : "NULL") + " CA: " + ((caCert != null) ? ConvertUtils.getCommonName(caCert.getSubjectDN().getName()) : "NULL") + " URL: " + ((ocspUrl != null) ? ocspUrl : "NONE")); System.out.println("Get conf: " + sig.getId()); Notary not = notFac.getConfirmation(sig, cert, caCert, null, ocspUrl); if (m_logger.isDebugEnabled()) m_logger.debug("Resp-id: " + not.getResponderId()); String sRespId = ConvertUtils.getCommonName(not.getResponderId()); // if(sRespId != null && sRespId.startsWith("byName: ")) sRespId = sRespId.substring("byName: // ".length()); // if(sRespId != null && sRespId.startsWith("byKey: ")) sRespId = sRespId.substring("byKey: // ".length()); X509Certificate rcert = notFac.getNotaryCert(sRespId, not.getCertNr()); if (m_logger.isDebugEnabled()) m_logger.debug( "Find responder cert by: " + sRespId + " and nr: " + not.getCertNr() + " found: " + ((rcert != null) ? "OK" : "NO") + " format: " + sdoc.getFormat()); // if the request was successful then // create new data memebers if (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && (rcert != null)) { X509Certificate rcacert = tslFac.findCaForCert(rcert, bUseLocal, null); if (m_logger.isDebugEnabled()) m_logger.debug( "Register responders CA: " + ((rcacert != null) ? rcacert.getSubjectDN().getName() : "NULL")); String caId = not.getId() + "-" + ConvertUtils.getCommonName(rcacert.getSubjectDN().getName()); registerCert(rcacert, CertID.CERTID_TYPE_RESPONDER_CA, caId, sig); } // add notary to list // sig.getUnsignedProperties().addNotary(not); // add ocsp ref for this notary OcspRef orf = new OcspRef( "#" + not.getId(), not.getResponderId(), not.getProducedAt(), (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC) ? SignedDoc.SHA256_DIGEST_ALGORITHM_1 : SignedDoc.SHA1_DIGEST_ALGORITHM), SignedDoc.digestOfType( not.getOcspResponseData(), (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC) ? SignedDoc.SHA256_DIGEST_TYPE : SignedDoc.SHA1_DIGEST_TYPE))); sig.getUnsignedProperties().getCompleteRevocationRefs().addOcspRef(orf); // mark status sig.setProfile(SignedDoc.BDOC_PROFILE_TM); // change profile if (sdoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && sig.getPath() != null) { if (m_logger.isDebugEnabled()) m_logger.debug("Find signature: " + sig.getPath()); ManifestFileEntry mfe = sdoc.findManifestEntryByPath(sig.getPath()); if (mfe != null) { mfe.setMediaType( SignedDoc.MIME_SIGNATURE_BDOC_ + sdoc.getVersion() + "/" + sig.getProfile()); if (m_logger.isDebugEnabled()) m_logger.debug("Change signature: " + sig.getPath() + " type: " + mfe.getMediaType()); } } // TODO: update certs and refs return sig; }