XAdESSignatureScopeFinder.java example

Explorer
sd-dss-master
- apps
  - dss
  - sscd-mocca-adapter
    - src
      - main
        java
        eu
        europa
        ec
        markt
        dss
        mocca
        MOCCAPrivateKeyEntry.java
        MOCCASignatureTokenConnection.java
        PINGUIAdapter.java
/*
 * DSS - Digital Signature Services
 *
 * Copyright (C) 2014 European Commission, Directorate-General Internal Market and Services (DG MARKT), B-1049 Bruxelles/Brussel
 *
 * Developed by: 2014 ARHS Developments S.A. (rue Nicolas Bové 2B, L-1253 Luxembourg) http://www.arhs-developments.com
 *
 * This file is part of the "DSS - Digital Signature Services" project.
 *
 * "DSS - Digital Signature Services" is free software: you can redistribute it and/or modify it under the terms of
 * the GNU Lesser General Public License as published by the Free Software Foundation, either version 2.1 of the
 * License, or (at your option) any later version.
 *
 * DSS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License along with
 * "DSS - Digital Signature Services".  If not, see <http://www.gnu.org/licenses/>.
 */

package eu.europa.ec.markt.dss.validation102853.scope;


import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.xml.crypto.dsig.XMLSignature;

import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.DSSXMLUtils;
import eu.europa.ec.markt.dss.XAdESNamespaces;
import eu.europa.ec.markt.dss.validation102853.toolbox.XPointerResourceResolver;
import eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature;
import eu.europa.ec.markt.dss.validation102853.xades.XPathQueryHolder;

/**
 *
 */
public class XAdESSignatureScopeFinder implements SignatureScopeFinder<XAdESSignature> {

	private final List<String> transformationToIgnore = new ArrayList<String>();

	private final Map<String, String> presentableTransformationNames = new HashMap<String, String>();

	public XAdESSignatureScopeFinder() {

		// @see http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg
		// those transformations don't change the content of the document
		transformationToIgnore.add("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
		transformationToIgnore.add("http://www.w3.org/2000/09/xmldsig#base64");
		transformationToIgnore.add("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
		transformationToIgnore.add("http://www.w3.org/2006/12/xml-c14n11#WithComments");
		transformationToIgnore.add("http://www.w3.org/2001/10/xml-exc-c14n#WithComments");


		// those transformations change the document and must be reported
		presentableTransformationNames.put("http://www.w3.org/2002/06/xmldsig-filter2", "XPath filtering");
		presentableTransformationNames.put("http://www.w3.org/TR/1999/REC-xpath-19991116", "XPath filtering");
		presentableTransformationNames.put("http://www.w3.org/TR/1999/REC-xslt-19991116", "XSLT Transform");

		presentableTransformationNames.put("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", "Canonical XML 1.0 (omits comments)");
		presentableTransformationNames.put("http://www.w3.org/2006/12/xml-c14n11#", "Canonical XML 1.1 (omits comments)");
		presentableTransformationNames.put("http://www.w3.org/2001/10/xml-exc-c14n#", "Exclusive Canonical XML (omits comments)");
	}

	@Override
	public List<SignatureScope> findSignatureScope(final XAdESSignature xadesSignature) {

		final List<SignatureScope> result = new ArrayList<SignatureScope>();

		final Set<Element> unsignedObjects = new HashSet<Element>();
		unsignedObjects.addAll(xadesSignature.getSignatureObjects());
		final Set<Element> signedObjects = new HashSet<Element>();

		final List<Element> signatureReferences = xadesSignature.getSignatureReferences();
		for (final Element signatureReference : signatureReferences) {

			final String type = DSSXMLUtils.getValue(signatureReference, "@Type");
			if (xadesSignature.getXPathQueryHolder().XADES_SIGNED_PROPERTIES.equals(type)) {
				continue;
			}
			final String uri = DSSXMLUtils.getValue(signatureReference, "@URI");
			final List<String> transformations = getTransformationNames(signatureReference);
			if (DSSUtils.isBlank(uri)) {
				// self contained document
				result.add(new XmlRootSignatureScope(transformations));
			} else if (uri.startsWith("#")) {
				// internal reference
				final boolean xPointerQuery = XPointerResourceResolver.isXPointerQuery(uri, true);
				if (xPointerQuery) {

					final String id = DSSXMLUtils.getIDIdentifier(signatureReference);
					final XPointerSignatureScope xPointerSignatureScope = new XPointerSignatureScope(id, uri);
					result.add(xPointerSignatureScope);
					continue;
				}
				final String xmlIdOfSignedElement = uri.substring(1);
				final String xPathString = XPathQueryHolder.XPATH_OBJECT + "[@Id='" + xmlIdOfSignedElement + "']";
				Element signedElement = DSSXMLUtils.getElement(xadesSignature.getSignatureElement(), xPathString);
				if (signedElement != null) {
					if (unsignedObjects.remove(signedElement)) {
						signedObjects.add(signedElement);
						result.add(new XmlElementSignatureScope(xmlIdOfSignedElement, transformations));
					}
				} else {
					signedElement = DSSXMLUtils
						  .getElement(xadesSignature.getSignatureElement().getOwnerDocument().getDocumentElement(), "//*" + "[@Id='" + xmlIdOfSignedElement + "']");
					if (signedElement != null) {

						final String namespaceURI = signedElement.getNamespaceURI();
						if (namespaceURI == null || (!XAdESNamespaces.exists(namespaceURI) && !namespaceURI.equals(XMLSignature.XMLNS))) {
							signedObjects.add(signedElement);
							result.add(new XmlElementSignatureScope(xmlIdOfSignedElement, transformations));
						}
					}
				}
			} else {
				// detached file
				result.add(new FullSignatureScope(uri));
			}
		}
		return result;
	}

	private List<String> getTransformationNames(final Element signatureReference) {

		final NodeList nodeList = DSSXMLUtils.getNodeList(signatureReference, "./ds:Transforms/ds:Transform");
		final List<String> algorithms = new ArrayList<String>(nodeList.getLength());
		for (int ii = 0; ii < nodeList.getLength(); ii++) {

			final Element transformation = (Element) nodeList.item(ii);
			final String algorithm = DSSXMLUtils.getValue(transformation, "@Algorithm");
			if (transformationToIgnore.contains(algorithm)) {
				continue;
			}
			if (presentableTransformationNames.containsKey(algorithm)) {
				algorithms.add(presentableTransformationNames.get(algorithm));
			} else {
				algorithms.add(algorithm);
			}
		}
		return algorithms;
	}
}