Changed KeyInfo, SignedSignatureProperties and AlgorithmProviders.

emmanvg · Feb 3, 2017 · 0e7089f · 0e7089f
1 parent 29efabe
commit 0e7089f
Show file tree

Hide file tree

Showing 9 changed files with 116 additions and 3 deletions.
diff --git a/src/main/java/xades4j/production/AlgorithmsProvider_DeprecatedToEx_Adapter.java b/src/main/java/xades4j/production/AlgorithmsProvider_DeprecatedToEx_Adapter.java
@@ -76,4 +76,16 @@ public String getDigestAlgorithmForTimeStampProperties()
     {
         return this.algorithmsProvider.getDigestAlgorithmForTimeStampProperties();
     }
+
+    @Override
+    public Algorithm getCanonicalizationAlgorithmForKeyInfo()
+    {
+        return new GenericAlgorithm(this.algorithmsProvider.getCanonicalizationAlgorithmForKeyInfo());
+    }
+
+    @Override
+    public Algorithm getCanonicalizationAlgorithmForSignedProperties()
+    {
+        return new GenericAlgorithm(this.algorithmsProvider.getCanonicalizationAlgorithmForSignedProperties());
+    }
 }
diff --git a/src/main/java/xades4j/production/AlgorithmsProvider_ExToDeprecated_Adapter.java b/src/main/java/xades4j/production/AlgorithmsProvider_ExToDeprecated_Adapter.java
@@ -75,4 +75,16 @@ public String getDigestAlgorithmForTimeStampProperties()
     {
         return this.adaptee.getDigestAlgorithmForTimeStampProperties();
     }
+
+    @Override
+    public String getCanonicalizationAlgorithmForKeyInfo()
+    {
+        return this.adaptee.getCanonicalizationAlgorithmForKeyInfo().getUri();
+    }
+
+    @Override
+    public String getCanonicalizationAlgorithmForSignedProperties()
+    {
+        return this.adaptee.getCanonicalizationAlgorithmForSignedProperties().getUri();
+    }
 }
diff --git a/src/main/java/xades4j/production/KeyInfoBuilder.java b/src/main/java/xades4j/production/KeyInfoBuilder.java
@@ -18,10 +18,13 @@
 
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.transforms.Transforms;
 import xades4j.UnsupportedAlgorithmException;
+import xades4j.algorithms.Algorithm;
 import xades4j.providers.AlgorithmsProviderEx;
 import xades4j.providers.BasicSignatureOptionsProvider;
 
@@ -72,13 +75,24 @@ void buildKeyInfo(
             {
                 xmlSig.addKeyInfo(signingCertificate);
 
+                Algorithm canonAlg = this.algorithmsProvider.getCanonicalizationAlgorithmForKeyInfo();
+
+                if (null == canonAlg)
+                {
+                    throw new NullPointerException("Canonicalization algorithm not provided");
+                }
+
                 if (this.basicSignatureOptionsProvider.signSigningCertificate())
                 {
                     String keyInfoId = xmlSig.getId() + "-keyinfo";
+
+                    Transforms transforms = new Transforms(xmlSig.getDocument());
+                    transforms.addTransform(canonAlg.getUri());
+
                     xmlSig.getKeyInfo().setId(keyInfoId);
                     xmlSig.addDocument(
                             '#' + keyInfoId,
-                            null,
+                            transforms,
                             this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences());
                 }
             } catch (XMLSignatureException ex)

diff --git a/src/main/java/xades4j/production/SignerBES.java b/src/main/java/xades4j/production/SignerBES.java
@@ -16,6 +16,9 @@
  */
 package xades4j.production;
 
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.transforms.TransformationException;
+import xades4j.algorithms.GenericAlgorithm;
 import xades4j.properties.QualifyingProperties;
 import xades4j.properties.DataObjectDesc;
 import com.google.inject.Inject;
@@ -31,6 +34,7 @@
 import org.apache.xml.security.signature.Reference;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.transforms.Transforms;
 import org.apache.xml.security.utils.Constants;
 import org.apache.xml.security.utils.ElementProxy;
 import org.apache.xml.security.utils.XMLUtils;
@@ -159,7 +163,7 @@ public final XadesSignatureResult sign(
         XMLSignature signature = createSignature(
                 signatureDocument,
                 signedDataObjects.getBaseUri(),
-                signingCertificate.getPublicKey().getAlgorithm());
+                signingCertificate.getSigAlgName());
 
         signature.setId(signatureId);
 
@@ -239,9 +243,18 @@ public final XadesSignatureResult sign(
                 throw new NullPointerException("Digest algorithm URI not provided");
             }
 
+            Algorithm canonAlg = this.algorithmsProvider.getCanonicalizationAlgorithmForSignedProperties();
+
+            if (null == canonAlg)
+            {
+                throw new NullPointerException("Canonicalization algorithm not provided");
+            }
+
             try
             {
-                signature.addDocument('#' + signedPropsId, null, digestAlgUri, null, QualifyingProperty.SIGNED_PROPS_TYPE_URI);
+                Transforms transforms = new Transforms(signatureDocument);
+                transforms.addTransform(canonAlg.getUri());
+                signature.addDocument('#' + signedPropsId, transforms, digestAlgUri, null, QualifyingProperty.SIGNED_PROPS_TYPE_URI);
             } catch (XMLSignatureException ex)
             {
                 // Seems to be thrown when the digest algorithm is not supported. In
@@ -250,6 +263,11 @@ public final XadesSignatureResult sign(
                 throw new UnsupportedAlgorithmException(
                         "Digest algorithm not supported in the XML Signature provider",
                         digestAlgUri, ex);
+            } catch (TransformationException ex)
+            {
+                throw new UnsupportedAlgorithmException(
+                        "Transform algorithm not supported in the XML Signature provider",
+                        canonAlg.getUri(), ex);
             }
 
             // Apply the signature

diff --git a/src/main/java/xades4j/providers/AlgorithmsProvider.java b/src/main/java/xades4j/providers/AlgorithmsProvider.java
@@ -54,4 +54,14 @@ public interface AlgorithmsProvider
      * @deprecated the interface is deprecated
      */
     String getDigestAlgorithmForTimeStampProperties();
+
+    /**
+     * @deprecated the interface is deprecated
+     */
+    String getCanonicalizationAlgorithmForKeyInfo();
+
+    /**
+     * @deprecated the interface is deprecated
+     */
+    String getCanonicalizationAlgorithmForSignedProperties();
 }
diff --git a/src/main/java/xades4j/providers/AlgorithmsProviderEx.java b/src/main/java/xades4j/providers/AlgorithmsProviderEx.java
@@ -76,4 +76,16 @@ public interface AlgorithmsProviderEx
      * @return the algorithm
      */
     String getDigestAlgorithmForTimeStampProperties();
+
+    /**
+     * Gets the canonicalization algorithm to be used in the key info reference.
+     * @return the algorithm
+     */
+    Algorithm getCanonicalizationAlgorithmForKeyInfo();
+
+    /**
+     * Gets the canonicalization algorithm to be used in the signed signature properties reference.
+     * @return the algorithm
+     */
+    Algorithm getCanonicalizationAlgorithmForSignedProperties();
 }
diff --git a/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProvider.java b/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProvider.java
@@ -64,4 +64,16 @@ public String getDigestAlgorithmForTimeStampProperties()
     {
         return algorithmsProviderEx.getDigestAlgorithmForTimeStampProperties();
     }
+
+    @Override
+    public String getCanonicalizationAlgorithmForKeyInfo()
+    {
+        return algorithmsProviderEx.getCanonicalizationAlgorithmForKeyInfo().getUri();
+    }
+
+    @Override
+    public String getCanonicalizationAlgorithmForSignedProperties()
+    {
+        return algorithmsProviderEx.getCanonicalizationAlgorithmForSignedProperties().getUri();
+    }
 }
diff --git a/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProviderEx.java b/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProviderEx.java
@@ -88,4 +88,16 @@ public String getDigestAlgorithmForTimeStampProperties()
     {
         return MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1;
     }
+
+    @Override
+    public Algorithm getCanonicalizationAlgorithmForKeyInfo()
+    {
+        return new CanonicalXMLWithoutComments();
+    }
+
+    @Override
+    public Algorithm getCanonicalizationAlgorithmForSignedProperties()
+    {
+        return new CanonicalXMLWithoutComments();
+    }
 }
diff --git a/src/test/java/xades4j/production/TestAlgorithmsProvider.java b/src/test/java/xades4j/production/TestAlgorithmsProvider.java
@@ -64,4 +64,15 @@ public String getDigestAlgorithmForTimeStampProperties()
         throw new UnsupportedOperationException("Not supported yet.");
     }
 
+    @Override
+    public Algorithm getCanonicalizationAlgorithmForKeyInfo()
+    {
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
+
+    @Override
+    public Algorithm getCanonicalizationAlgorithmForSignedProperties()
+    {
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
 }