Java tutorial
/** * DSS - Digital Signature Services * Copyright (C) 2015 European Commission, provided under the CEF programme * * This file is part of the "DSS - Digital Signature Services" project. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ package eu.europa.esig.dss.xades.countersignature; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import java.io.File; import java.security.GeneralSecurityException; import java.util.List; import org.apache.commons.io.IOUtils; import org.junit.Test; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; import eu.europa.esig.dss.DSSDocument; import eu.europa.esig.dss.DSSXMLUtils; import eu.europa.esig.dss.FileDocument; import eu.europa.esig.dss.SignatureAlgorithm; import eu.europa.esig.dss.SignatureLevel; import eu.europa.esig.dss.SignatureValue; import eu.europa.esig.dss.ToBeSigned; import eu.europa.esig.dss.XPathQueryHolder; import eu.europa.esig.dss.XmlDom; import eu.europa.esig.dss.signature.SignaturePackaging; import eu.europa.esig.dss.test.TestUtils; import eu.europa.esig.dss.test.gen.CertificateService; import eu.europa.esig.dss.test.mock.MockPrivateKeyEntry; import eu.europa.esig.dss.test.mock.MockSignatureTokenConnection; import eu.europa.esig.dss.validation.CertificateVerifier; import eu.europa.esig.dss.validation.CommonCertificateVerifier; import eu.europa.esig.dss.validation.SignedDocumentValidator; import eu.europa.esig.dss.validation.policy.rules.AttributeValue; import eu.europa.esig.dss.validation.report.DiagnosticData; import eu.europa.esig.dss.validation.report.Reports; import eu.europa.esig.dss.xades.XAdESSignatureParameters; import eu.europa.esig.dss.xades.signature.XAdESService; public class XAdESCounterSignatureTest { private static final Logger LOGGER = LoggerFactory.getLogger(XAdESCounterSignatureTest.class); @Test public void test() throws Exception { CertificateService certificateService = new CertificateService(); MockPrivateKeyEntry entryUserA = certificateService.generateCertificateChain(SignatureAlgorithm.RSA_SHA256); MockPrivateKeyEntry entryUserB = certificateService.generateCertificateChain(SignatureAlgorithm.RSA_SHA256); DSSDocument document = new FileDocument(new File("src/test/resources/sample.xml")); // Sign XAdESSignatureParameters signatureParameters = new XAdESSignatureParameters(); signatureParameters.setSigningCertificate(entryUserA.getCertificate()); signatureParameters.setCertificateChain(entryUserA.getCertificateChain()); signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING); signatureParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B); CertificateVerifier certificateVerifier = new CommonCertificateVerifier(); XAdESService service = new XAdESService(certificateVerifier); ToBeSigned dataToSign = service.getDataToSign(document, signatureParameters); ; SignatureValue signatureValue = sign(signatureParameters.getSignatureAlgorithm(), entryUserA, dataToSign); DSSDocument signedDocument = service.signDocument(document, signatureParameters, signatureValue); // Countersign Document documentDom = DSSXMLUtils.buildDOM(signedDocument); XPathQueryHolder xPathQueryHolder = new XPathQueryHolder(); Node node = DSSXMLUtils.getNode(documentDom, xPathQueryHolder.XPATH__SIGNATURE); assertNotNull(node); NamedNodeMap attributes = node.getAttributes(); Node attributeId = attributes.getNamedItem("Id"); assertNotNull(attributeId); XAdESSignatureParameters countersigningParameters = new XAdESSignatureParameters(); countersigningParameters.setSignatureLevel(SignatureLevel.XAdES_BASELINE_B); countersigningParameters.setSignaturePackaging(SignaturePackaging.ENVELOPED); countersigningParameters.setToCounterSignSignatureId(attributeId.getNodeValue()); countersigningParameters.setSigningCertificate(entryUserB.getCertificate()); countersigningParameters.setCertificateChain(entryUserB.getCertificateChain()); DSSDocument counterSignDocument = service.counterSignDocument(signedDocument, countersigningParameters, new MockSignatureTokenConnection(), entryUserB); assertNotNull(counterSignDocument); try { byte[] byteArray = IOUtils.toByteArray(counterSignDocument.openStream()); LOGGER.info(new String(byteArray)); } catch (Exception e) { LOGGER.error("Cannot display file content", e); } // Validate SignedDocumentValidator validator = SignedDocumentValidator.fromDocument(counterSignDocument); validator.setCertificateVerifier(new CommonCertificateVerifier()); Reports reports = validator.validateDocument(); reports.print(); DiagnosticData diagnosticData = reports.getDiagnosticData(); List<XmlDom> signatures = diagnosticData.getElements("/DiagnosticData/Signature"); assertEquals(2, signatures.size()); boolean foundCounterSignature = false; for (XmlDom xmlDom : signatures) { String type = xmlDom.getAttribute("Type"); if (AttributeValue.COUNTERSIGNATURE.equals(type)) { foundCounterSignature = true; } assertTrue(diagnosticData.isBLevelTechnicallyValid(xmlDom.getAttribute("Id"))); } assertTrue(foundCounterSignature); } private SignatureValue sign(SignatureAlgorithm algo, MockPrivateKeyEntry privateKey, ToBeSigned bytesToSign) throws GeneralSecurityException { return TestUtils.sign(algo, privateKey, bytesToSign); } }