diff --git a/src/main/java/xades4j/production/AlgorithmsProvider_DeprecatedToEx_Adapter.java b/src/main/java/xades4j/production/AlgorithmsProvider_DeprecatedToEx_Adapter.java index ec2292cf..14e63f1c 100644 --- a/src/main/java/xades4j/production/AlgorithmsProvider_DeprecatedToEx_Adapter.java +++ b/src/main/java/xades4j/production/AlgorithmsProvider_DeprecatedToEx_Adapter.java @@ -76,4 +76,16 @@ public String getDigestAlgorithmForTimeStampProperties() { return this.algorithmsProvider.getDigestAlgorithmForTimeStampProperties(); } + + @Override + public Algorithm getCanonicalizationAlgorithmForKeyInfo() + { + return new GenericAlgorithm(this.algorithmsProvider.getCanonicalizationAlgorithmForKeyInfo()); + } + + @Override + public Algorithm getCanonicalizationAlgorithmForSignedProperties() + { + return new GenericAlgorithm(this.algorithmsProvider.getCanonicalizationAlgorithmForSignedProperties()); + } } diff --git a/src/main/java/xades4j/production/AlgorithmsProvider_ExToDeprecated_Adapter.java b/src/main/java/xades4j/production/AlgorithmsProvider_ExToDeprecated_Adapter.java index 79e4494e..28df1556 100644 --- a/src/main/java/xades4j/production/AlgorithmsProvider_ExToDeprecated_Adapter.java +++ b/src/main/java/xades4j/production/AlgorithmsProvider_ExToDeprecated_Adapter.java @@ -75,4 +75,16 @@ public String getDigestAlgorithmForTimeStampProperties() { return this.adaptee.getDigestAlgorithmForTimeStampProperties(); } + + @Override + public String getCanonicalizationAlgorithmForKeyInfo() + { + return this.adaptee.getCanonicalizationAlgorithmForKeyInfo().getUri(); + } + + @Override + public String getCanonicalizationAlgorithmForSignedProperties() + { + return this.adaptee.getCanonicalizationAlgorithmForSignedProperties().getUri(); + } } diff --git a/src/main/java/xades4j/production/KeyInfoBuilder.java b/src/main/java/xades4j/production/KeyInfoBuilder.java index 1f2a1e59..6b469a73 100644 --- a/src/main/java/xades4j/production/KeyInfoBuilder.java +++ b/src/main/java/xades4j/production/KeyInfoBuilder.java @@ -18,10 +18,13 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; + import org.apache.xml.security.exceptions.XMLSecurityException; import org.apache.xml.security.signature.XMLSignature; import org.apache.xml.security.signature.XMLSignatureException; +import org.apache.xml.security.transforms.Transforms; import xades4j.UnsupportedAlgorithmException; +import xades4j.algorithms.Algorithm; import xades4j.providers.AlgorithmsProviderEx; import xades4j.providers.BasicSignatureOptionsProvider; @@ -72,13 +75,24 @@ void buildKeyInfo( { xmlSig.addKeyInfo(signingCertificate); + Algorithm canonAlg = this.algorithmsProvider.getCanonicalizationAlgorithmForKeyInfo(); + + if (null == canonAlg) + { + throw new NullPointerException("Canonicalization algorithm not provided"); + } + if (this.basicSignatureOptionsProvider.signSigningCertificate()) { String keyInfoId = xmlSig.getId() + "-keyinfo"; + + Transforms transforms = new Transforms(xmlSig.getDocument()); + transforms.addTransform(canonAlg.getUri()); + xmlSig.getKeyInfo().setId(keyInfoId); xmlSig.addDocument( '#' + keyInfoId, - null, + transforms, this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences()); } } catch (XMLSignatureException ex) diff --git a/src/main/java/xades4j/production/SignerBES.java b/src/main/java/xades4j/production/SignerBES.java index 389c9128..9b61a3bd 100644 --- a/src/main/java/xades4j/production/SignerBES.java +++ b/src/main/java/xades4j/production/SignerBES.java @@ -16,6 +16,9 @@ */ package xades4j.production; +import org.apache.xml.security.c14n.Canonicalizer; +import org.apache.xml.security.transforms.TransformationException; +import xades4j.algorithms.GenericAlgorithm; import xades4j.properties.QualifyingProperties; import xades4j.properties.DataObjectDesc; import com.google.inject.Inject; @@ -31,6 +34,7 @@ import org.apache.xml.security.signature.Reference; import org.apache.xml.security.signature.XMLSignature; import org.apache.xml.security.signature.XMLSignatureException; +import org.apache.xml.security.transforms.Transforms; import org.apache.xml.security.utils.Constants; import org.apache.xml.security.utils.ElementProxy; import org.apache.xml.security.utils.XMLUtils; @@ -159,7 +163,7 @@ public final XadesSignatureResult sign( XMLSignature signature = createSignature( signatureDocument, signedDataObjects.getBaseUri(), - signingCertificate.getPublicKey().getAlgorithm()); + signingCertificate.getSigAlgName()); signature.setId(signatureId); @@ -239,9 +243,18 @@ public final XadesSignatureResult sign( throw new NullPointerException("Digest algorithm URI not provided"); } + Algorithm canonAlg = this.algorithmsProvider.getCanonicalizationAlgorithmForSignedProperties(); + + if (null == canonAlg) + { + throw new NullPointerException("Canonicalization algorithm not provided"); + } + try { - signature.addDocument('#' + signedPropsId, null, digestAlgUri, null, QualifyingProperty.SIGNED_PROPS_TYPE_URI); + Transforms transforms = new Transforms(signatureDocument); + transforms.addTransform(canonAlg.getUri()); + signature.addDocument('#' + signedPropsId, transforms, digestAlgUri, null, QualifyingProperty.SIGNED_PROPS_TYPE_URI); } catch (XMLSignatureException ex) { // Seems to be thrown when the digest algorithm is not supported. In @@ -250,6 +263,11 @@ public final XadesSignatureResult sign( throw new UnsupportedAlgorithmException( "Digest algorithm not supported in the XML Signature provider", digestAlgUri, ex); + } catch (TransformationException ex) + { + throw new UnsupportedAlgorithmException( + "Transform algorithm not supported in the XML Signature provider", + canonAlg.getUri(), ex); } // Apply the signature diff --git a/src/main/java/xades4j/providers/AlgorithmsProvider.java b/src/main/java/xades4j/providers/AlgorithmsProvider.java index f33b27cd..75777194 100644 --- a/src/main/java/xades4j/providers/AlgorithmsProvider.java +++ b/src/main/java/xades4j/providers/AlgorithmsProvider.java @@ -54,4 +54,14 @@ public interface AlgorithmsProvider * @deprecated the interface is deprecated */ String getDigestAlgorithmForTimeStampProperties(); + + /** + * @deprecated the interface is deprecated + */ + String getCanonicalizationAlgorithmForKeyInfo(); + + /** + * @deprecated the interface is deprecated + */ + String getCanonicalizationAlgorithmForSignedProperties(); } diff --git a/src/main/java/xades4j/providers/AlgorithmsProviderEx.java b/src/main/java/xades4j/providers/AlgorithmsProviderEx.java index 9e8b88e4..2d7891ef 100644 --- a/src/main/java/xades4j/providers/AlgorithmsProviderEx.java +++ b/src/main/java/xades4j/providers/AlgorithmsProviderEx.java @@ -76,4 +76,16 @@ public interface AlgorithmsProviderEx * @return the algorithm */ String getDigestAlgorithmForTimeStampProperties(); + + /** + * Gets the canonicalization algorithm to be used in the key info reference. + * @return the algorithm + */ + Algorithm getCanonicalizationAlgorithmForKeyInfo(); + + /** + * Gets the canonicalization algorithm to be used in the signed signature properties reference. + * @return the algorithm + */ + Algorithm getCanonicalizationAlgorithmForSignedProperties(); } diff --git a/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProvider.java b/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProvider.java index 5ffe0c7b..a510a9c2 100644 --- a/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProvider.java +++ b/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProvider.java @@ -64,4 +64,16 @@ public String getDigestAlgorithmForTimeStampProperties() { return algorithmsProviderEx.getDigestAlgorithmForTimeStampProperties(); } + + @Override + public String getCanonicalizationAlgorithmForKeyInfo() + { + return algorithmsProviderEx.getCanonicalizationAlgorithmForKeyInfo().getUri(); + } + + @Override + public String getCanonicalizationAlgorithmForSignedProperties() + { + return algorithmsProviderEx.getCanonicalizationAlgorithmForSignedProperties().getUri(); + } } diff --git a/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProviderEx.java b/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProviderEx.java index d97023ff..f6516438 100644 --- a/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProviderEx.java +++ b/src/main/java/xades4j/providers/impl/DefaultAlgorithmsProviderEx.java @@ -88,4 +88,16 @@ public String getDigestAlgorithmForTimeStampProperties() { return MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1; } + + @Override + public Algorithm getCanonicalizationAlgorithmForKeyInfo() + { + return new CanonicalXMLWithoutComments(); + } + + @Override + public Algorithm getCanonicalizationAlgorithmForSignedProperties() + { + return new CanonicalXMLWithoutComments(); + } } diff --git a/src/test/java/xades4j/production/TestAlgorithmsProvider.java b/src/test/java/xades4j/production/TestAlgorithmsProvider.java index 866f35e3..0a458723 100644 --- a/src/test/java/xades4j/production/TestAlgorithmsProvider.java +++ b/src/test/java/xades4j/production/TestAlgorithmsProvider.java @@ -64,4 +64,15 @@ public String getDigestAlgorithmForTimeStampProperties() throw new UnsupportedOperationException("Not supported yet."); } + @Override + public Algorithm getCanonicalizationAlgorithmForKeyInfo() + { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public Algorithm getCanonicalizationAlgorithmForSignedProperties() + { + throw new UnsupportedOperationException("Not supported yet."); + } }