xades4j.verification.CertRefUtils Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of xades4j Show documentation

The XAdES4j library is an high-level, configurable and extensible Java implementation of XML Advanced Electronic Signatures (XAdES 1.3.2 and 1.4.1). It enables producing, verifying and extending signatures in the main XAdES forms: XAdES-BES, XAdES-EPES, XAdES-T and XAdES-C. Also, extended forms are supported through the enrichment of an existing signature.

There is a newer version: 2.2.2

Show newest version

/*
 * XAdES4j - A Java library for generation and verification of XAdES signatures.
 * Copyright (C) 2010 Luis Goncalves.
 *
 * XAdES4j is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 3 of the License, or any later version.
 *
 * XAdES4j is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Lesser General Public License along
 * with XAdES4j. If not, see .
 */
package xades4j.verification;

import java.security.MessageDigest;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import javax.security.auth.x500.X500Principal;
import xades4j.UnsupportedAlgorithmException;
import xades4j.XAdES4jException;
import xades4j.properties.data.CertRef;
import xades4j.providers.MessageDigestEngineProvider;

/**
 *
 * @author Luís
 */
class CertRefUtils
{
    static CertRef findCertRef(
            X509Certificate cert,
            Collection certRefs) throws SigningCertificateVerificationException
    {
        for (final CertRef certRef : certRefs)
        {
            // Need to use a X500Principal because the DN strings can have different
            // spaces and so on.
            X500Principal certRefIssuerPrincipal;
            try
            {
                certRefIssuerPrincipal = new X500Principal(certRef.issuerDN);
            } catch (IllegalArgumentException ex)
            {
                throw new SigningCertificateVerificationException(ex)
                {
                    @Override
                    protected String getVerificationMessage()
                    {
                        return String.format("Invalid issue name: %s", certRef.issuerDN);
                    }
                };
            }
            if (cert.getIssuerX500Principal().equals(certRefIssuerPrincipal) &&
                    certRef.serialNumber.equals(cert.getSerialNumber()))
                return certRef;
        }
        return null;
    }

    static class InvalidCertRefException extends XAdES4jException
    {
        public InvalidCertRefException(String msg)
        {
            super(msg);
        }
    }

    static void checkCertRef(
            CertRef certRef,
            X509Certificate cert,
            MessageDigestEngineProvider messageDigestProvider) throws InvalidCertRefException
    {
        MessageDigest messageDigest;
        Throwable t = null;
        try
        {
            messageDigest = messageDigestProvider.getEngine(certRef.digestAlgUri);
            byte[] actualDigest = messageDigest.digest(cert.getEncoded());
            if (!Arrays.equals(certRef.digestValue, actualDigest))
                throw new InvalidCertRefException("digests mismatch");
            return;
        } catch (UnsupportedAlgorithmException ex)
        {
            t = ex;
        } catch (CertificateEncodingException ex)
        {
            t = ex;
        }
        throw new InvalidCertRefException(t.getMessage());
    }
}