/*
* XAdES4j - A Java library for generation and verification of XAdES signatures.
* Copyright (C) 2010 Luis Goncalves.
*
* XAdES4j is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or any later version.
*
* XAdES4j is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*
* You should have received a copy of the GNU Lesser General Public License along
* with XAdES4j. If not, see <http://www.gnu.org/licenses/>.
*/
package xades4j.verification;
import com.google.inject.Inject;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.util.Arrays;
import xades4j.properties.ObjectIdentifier;
import xades4j.properties.QualifyingProperty;
import xades4j.properties.SignaturePolicyIdentifierProperty;
import xades4j.properties.SignaturePolicyImpliedProperty;
import xades4j.UnsupportedAlgorithmException;
import xades4j.properties.data.SignaturePolicyData;
import xades4j.providers.MessageDigestEngineProvider;
import xades4j.providers.SignaturePolicyDocumentProvider;
import xades4j.utils.MessageDigestUtils;
/**
*
* @author Luís
*/
class SignaturePolicyVerifier implements QualifyingPropertyVerifier<SignaturePolicyData>
{
private final SignaturePolicyDocumentProvider policyDocumentProvider;
private final MessageDigestEngineProvider messageDigestProvider;
@Inject
public SignaturePolicyVerifier(
SignaturePolicyDocumentProvider policyDocumentProvider,
MessageDigestEngineProvider messageDigestProvider)
{
this.policyDocumentProvider = policyDocumentProvider;
this.messageDigestProvider = messageDigestProvider;
}
@Override
public QualifyingProperty verify(
SignaturePolicyData propData,
QualifyingPropertyVerificationContext ctx) throws SignaturePolicyVerificationException
{
ObjectIdentifier policyId = propData.getIdentifier();
if (null == policyId)
{
return new SignaturePolicyImpliedProperty();
}
// Get the policy document
InputStream sigDocStream = this.policyDocumentProvider.getSignaturePolicyDocumentStream(policyId);
if (null == sigDocStream)
{
throw new SignaturePolicyNotAvailableException(policyId, null);
}
try
{
MessageDigest md = this.messageDigestProvider.getEngine(propData.getDigestAlgorithm());
byte[] sigDocDigest = MessageDigestUtils.digestStream(md, sigDocStream);
// Check the document digest.
if (!Arrays.equals(sigDocDigest, propData.getDigestValue()))
{
throw new SignaturePolicyDigestMismatchException(policyId);
}
return new SignaturePolicyIdentifierProperty(policyId, sigDocStream)
.withLocationUrl(propData.getLocationUrl());
} catch (IOException ex)
{
throw new SignaturePolicyNotAvailableException(policyId, ex);
} catch (UnsupportedAlgorithmException ex)
{
throw new SignaturePolicyCannotDigestException(policyId, ex);
} finally
{
try
{
sigDocStream.close();
} catch (IOException ex)
{
throw new SignaturePolicyNotAvailableException(policyId, ex);
}
}
}
}