CompleteCertRefsVerifier.java example

/*
 * XAdES4j - A Java library for generation and verification of XAdES signatures.
 * Copyright (C) 2010 Luis Goncalves.
 *
 * XAdES4j is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 3 of the License, or any later version.
 *
 * XAdES4j is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Lesser General Public License along
 * with XAdES4j. If not, see <http://www.gnu.org/licenses/>.
 */
package xades4j.verification;

import com.google.inject.Inject;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import xades4j.properties.CompleteCertificateRefsProperty;
import xades4j.properties.QualifyingProperty;
import xades4j.properties.data.CertRef;
import xades4j.properties.data.CompleteCertificateRefsData;
import xades4j.providers.MessageDigestEngineProvider;

/**
 * XAdES G.2.2.12
 * @author Luís
 */
class CompleteCertRefsVerifier implements QualifyingPropertyVerifier<CompleteCertificateRefsData>
{
    private final MessageDigestEngineProvider messageDigestProvider;

    @Inject
    public CompleteCertRefsVerifier(
            MessageDigestEngineProvider messageDigestProvider)
    {
        this.messageDigestProvider = messageDigestProvider;
    }

    @Override
    public QualifyingProperty verify(
            CompleteCertificateRefsData propData,
            QualifyingPropertyVerificationContext ctx) throws InvalidPropertyException
    {
        List<X509Certificate> caCerts = ctx.getCertChainData().getCertificateChain();
        caCerts = caCerts.subList(1, caCerts.size());
        Collection<CertRef> caCertRefs = propData.getCertRefs();

        // "Check that there are no references to certificates out of those that
        // are part of the certification path."

        for (X509Certificate caCert : caCerts)
        {
            CertRef caRef = CertRefUtils.findCertRef(caCert, caCertRefs);
            if (null == caRef)
                throw new CompleteCertRefsCertNotFoundException(caCert);
            try
            {
                CertRefUtils.checkCertRef(caRef, caCert, messageDigestProvider);
            } catch (CertRefUtils.InvalidCertRefException ex)
            {
                throw new CompleteCertRefsReferenceException(caCert, caRef, ex.getMessage());
            }
        }

        return new CompleteCertificateRefsProperty(Collections.unmodifiableList(caCerts));
    }
}