* Gives back the X509 certificate used during the last signature\r
* verification operation.\r
* \r
- * @return\r
+ * @return the certificate which was used to sign the xml content\r
*/\r
public X509Certificate getSigner() {\r
// The first certificate is presumably the signer.\r
private boolean includeIssuerSerial = false;\r
private boolean includeKeyValue = false;\r
\r
+ /**\r
+ * the time-stamp service used for XAdES-T and XAdES-X.\r
+ */\r
private TimeStampService tspService = new TSPTimeStampService();\r
- // timestamp service provider URL\r
+ /**\r
+ * timestamp service provider URL\r
+ */\r
private String tspUrl;\r
private boolean tspOldProtocol = false;\r
/**\r
signatureFacets.add(sf);\r
}\r
\r
- /**\r
- * Gives back the used XAdES signature facet.\r
- * \r
- * @return\r
- */\r
- public XAdESSignatureFacet getXAdESSignatureFacet() {\r
- for (SignatureFacet sf : getSignatureFacets()) {\r
- if (sf instanceof XAdESSignatureFacet) {\r
- return (XAdESSignatureFacet)sf;\r
- }\r
- }\r
- return null;\r
- }\r
- \r
- \r
public List<SignatureFacet> getSignatureFacets() {\r
return signatureFacets;\r
}\r
* Allow signature facets to inject their own stuff.\r
*/\r
for (SignatureFacet signatureFacet : signatureConfig.getSignatureFacets()) {\r
- signatureFacet.postSign(document, signatureConfig.getSigningCertificateChain());\r
+ signatureFacet.postSign(document);\r
}\r
\r
writeDocument(document);\r
\r
import java.security.InvalidAlgorithmParameterException;\r
import java.security.NoSuchAlgorithmException;\r
-import java.security.cert.X509Certificate;\r
import java.util.ArrayList;\r
import java.util.List;\r
\r
}\r
\r
@Override\r
- public void postSign(Document document, List<X509Certificate> signingCertificateChain) {\r
+ public void postSign(Document document) {\r
// empty\r
}\r
\r
}\r
\r
@Override\r
- public void postSign(Document document, List<X509Certificate> signingCertificateChain) \r
+ public void postSign(Document document) \r
throws MarshalException {\r
LOG.log(POILogger.DEBUG, "postSign");\r
\r
*/\r
KeyInfoFactory keyInfoFactory = SignatureInfo.getKeyInfoFactory();\r
List<Object> x509DataObjects = new ArrayList<Object>();\r
- X509Certificate signingCertificate = signingCertificateChain.get(0);\r
+ X509Certificate signingCertificate = signatureConfig.getSigningCertificateChain().get(0);\r
\r
List<Object> keyInfoContent = new ArrayList<Object>();\r
\r
}\r
\r
if (signatureConfig.isIncludeEntireCertificateChain()) {\r
- x509DataObjects.addAll(signingCertificateChain);\r
+ x509DataObjects.addAll(signatureConfig.getSigningCertificateChain());\r
} else {\r
x509DataObjects.add(signingCertificate);\r
}\r
import java.net.URISyntaxException;\r
import java.security.InvalidAlgorithmParameterException;\r
import java.security.NoSuchAlgorithmException;\r
-import java.security.cert.X509Certificate;\r
import java.text.DateFormat;\r
import java.text.SimpleDateFormat;\r
import java.util.ArrayList;\r
* Office OpenXML Signature Facet implementation.\r
* \r
* @author fcorneli\r
- * @see http://msdn.microsoft.com/en-us/library/cc313071.aspx\r
+ * @see <a href="http://msdn.microsoft.com/en-us/library/cc313071.aspx">[MS-OFFCRYPTO]: Office Document Cryptography Structure</a>\r
*/\r
public class OOXMLSignatureFacet implements SignatureFacet {\r
\r
}\r
\r
@Override\r
- public void postSign(Document document, List<X509Certificate> signingCertificateChain) {\r
+ public void postSign(Document document) {\r
// empty\r
}\r
\r
\r
import java.security.InvalidAlgorithmParameterException;\r
import java.security.NoSuchAlgorithmException;\r
-import java.security.cert.X509Certificate;\r
import java.util.List;\r
\r
import javax.xml.crypto.dsig.Reference;\r
}\r
\r
@Override\r
- public void postSign(Document document, List<X509Certificate> signingCertificateChain)\r
+ public void postSign(Document document)\r
throws XmlException {\r
// check for XAdES-BES\r
NodeList nl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties");\r
import java.net.URISyntaxException;\r
import java.security.InvalidAlgorithmParameterException;\r
import java.security.NoSuchAlgorithmException;\r
-import java.security.cert.X509Certificate;\r
import java.util.List;\r
\r
import javax.xml.XMLConstants;\r
* pre-sign phase. Via this method a signature facet implementation can add\r
* signature facets to an XML signature.\r
* \r
- * @param signatureFactory\r
- * @param document\r
- * @param signatureId\r
- * @param signingCertificateChain\r
- * the optional signing certificate chain\r
- * @param references\r
- * @param objects\r
- * @throws InvalidAlgorithmParameterException\r
+ * @param document the signature document to be used for imports\r
+ * @param signatureFactory the signature factory\r
+ * @param references list of reference definitions\r
+ * @param objects objects to be signed/included in the signature document\r
* @throws NoSuchAlgorithmException\r
+ * @throws InvalidAlgorithmParameterException\r
+ * @throws IOException\r
+ * @throws URISyntaxException\r
+ * @throws XmlException\r
*/\r
void preSign(\r
Document document\r
* This method is being invoked by the XML signature service engine during\r
* the post-sign phase. Via this method a signature facet can extend the XML\r
* signatures with for example key information.\r
- * \r
- * @param signatureElement\r
- * @param signingCertificateChain\r
+ *\r
+ * @param document the signature document to be modified\r
+ * @throws MarshalException\r
+ * @throws XmlException\r
*/\r
void postSign(\r
Document document\r
- , List<X509Certificate> signingCertificateChain\r
) throws MarshalException, XmlException;\r
}
\ No newline at end of file
* participated multiple ETSI XAdES plugtests.\r
* \r
* @author Frank Cornelis\r
- * @see http://en.wikipedia.org/wiki/XAdES\r
+ * @see <a href="http://en.wikipedia.org/wiki/XAdES">XAdES</a>\r
* \r
*/\r
public class XAdESSignatureFacet implements SignatureFacet {\r
}\r
\r
@Override\r
- public void postSign(Document document, List<X509Certificate> signingCertificateChain) {\r
+ public void postSign(Document document) {\r
LOG.log(POILogger.DEBUG, "postSign");\r
}\r
\r
\r
/**\r
* Gives back the JAXB DigestAlgAndValue data structure.\r
- * \r
- * @param data\r
- * @param xadesObjectFactory\r
- * @param xmldsigObjectFactory\r
- * @param hashAlgo\r
- * @return\r
+ *\r
+ * @param digestAlgAndValue the parent for the new digest element \r
+ * @param data the data to be digested\r
+ * @param digestAlgo the digest algorithm\r
*/\r
protected static void setDigestAlgAndValue(\r
DigestAlgAndValueType digestAlgAndValue,\r
this.signatureConfig = signatureConfig;\r
}\r
\r
-\r
- \r
- /**\r
- * Convenience constructor.\r
- * \r
- * @param timeStampService\r
- * the time-stamp service used for XAdES-T and XAdES-X.\r
- * @param revocationDataService\r
- */\r
public XAdESXLSignatureFacet() {\r
try {\r
this.certificateFactory = CertificateFactory.getInstance("X.509");\r
}\r
\r
@Override\r
- public void postSign(Document document,\r
- List<X509Certificate> signingCertificateChain\r
- ) throws XmlException {\r
+ public void postSign(Document document) throws XmlException {\r
LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");\r
\r
QualifyingPropertiesDocument qualDoc = null;\r
* We skip the signing certificate itself according to section\r
* 4.4.3.2 of the XAdES 1.4.1 specification.\r
*/\r
- int chainSize = signingCertificateChain.size();\r
+ List<X509Certificate> certChain = signatureConfig.getSigningCertificateChain();\r
+ int chainSize = certChain.size();\r
if (chainSize > 1) {\r
- for (X509Certificate cert : signingCertificateChain.subList(1, chainSize)) {\r
+ for (X509Certificate cert : certChain.subList(1, chainSize)) {\r
CertIDType certId = certIdList.addNewCert();\r
XAdESSignatureFacet.setCertID(certId, signatureConfig, false, cert);\r
}\r
CompleteRevocationRefsType completeRevocationRefs = \r
unsignedSigProps.addNewCompleteRevocationRefs();\r
RevocationData revocationData = signatureConfig.getRevocationDataService()\r
- .getRevocationData(signingCertificateChain);\r
+ .getRevocationData(certChain);\r
if (revocationData.hasCRLs()) {\r
CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs();\r
completeRevocationRefs.setCRLRefs(crlRefs);\r
\r
// XAdES-X-L\r
CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues();\r
- for (X509Certificate certificate : signingCertificateChain) {\r
+ for (X509Certificate certificate : certChain) {\r
EncapsulatedPKIDataType encapsulatedPKIDataType = certificateValues.addNewEncapsulatedX509Certificate();\r
try {\r
encapsulatedPKIDataType.setByteArrayValue(certificate.getEncoded());\r
/**\r
* Gives back a list of all CRLs.\r
* \r
- * @return\r
+ * @return a list of all CRLs\r
*/\r
public List<byte[]> getCRLs() {\r
return this.crls;\r
/**\r
* Gives back a list of all OCSP responses.\r
* \r
- * @return\r
+ * @return a list of all OCSP response\r
*/\r
public List<byte[]> getOCSPs() {\r
return this.ocsps;\r
* Returns <code>true</code> if this revocation data set holds OCSP\r
* responses.\r
* \r
- * @return\r
+ * @return <code>true</code> if this revocation data set holds OCSP\r
+ * responses.\r
*/\r
public boolean hasOCSPs() {\r
return false == this.ocsps.isEmpty();\r
/**\r
* Returns <code>true</code> if this revocation data set holds CRLs.\r
* \r
- * @return\r
+ * @return <code>true</code> if this revocation data set holds CRLs.\r
*/\r
public boolean hasCRLs() {\r
return false == this.crls.isEmpty();\r
/**\r
* Returns <code>true</code> if this revocation data is not empty.\r
* \r
- * @return\r
+ * @return <code>true</code> if this revocation data is not empty.\r
*/\r
public boolean hasRevocationDataEntries() {\r
return hasOCSPs() || hasCRLs();\r
* Gives back the revocation data corresponding with the given certificate\r
* chain.\r
* \r
- * @param certificateChain\r
- * @return\r
+ * @param certificateChain the certificate chain\r
+ * @return the revocation data corresponding with the given certificate chain.\r
*/\r
RevocationData getRevocationData(List<X509Certificate> certificateChain);\r
}\r
/**\r
* Gives back the signature policy identifier URI.\r
* \r
- * @return\r
+ * @return the signature policy identifier URI.\r
*/\r
String getSignaturePolicyIdentifier();\r
\r
* attributes are not touched. When elements are reordered, all the text, comments and PIs\r
* follow the element that they come immediately after.\r
* @param comp a comparator that is to be used when comparing the <code>QName</code>s of two\r
- * elements. See {@link org.apache.xmlbeans.samples.cursor.XmlSort.QNameComparator} for a simple\r
+ * elements. See {@link QNameComparator} for a simple\r
* implementation that compares two elements based on the value of their QName, but more\r
* complicated implementations are possible, for instance, ones that compare two elements based\r
* on the value of a specifc attribute etc.\r