From 3bbb09f4eec70de068bfe2236287eb8a5b163418 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Gon=C3=A7alves?= Date: Sat, 27 Oct 2018 20:25:20 +0100 Subject: [PATCH 1/9] Add tests to investigate DN comparison (#166) --- src/test/cert/issue166/EMPUBqscdA.cer | Bin 0 -> 2594 bytes src/test/java/xades4j/utils/Issue166Test.java | 119 ++++++++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 src/test/cert/issue166/EMPUBqscdA.cer create mode 100644 src/test/java/xades4j/utils/Issue166Test.java diff --git a/src/test/cert/issue166/EMPUBqscdA.cer b/src/test/cert/issue166/EMPUBqscdA.cer new file mode 100644 index 0000000000000000000000000000000000000000..852000fb071d094df7198acbaa5e6251e67e827b GIT binary patch literal 2594 zcmb_deN#`758B(8y}!DG>3T1FP0n{Um}QA(sWHR!j(-d7Mm`=f+m3 zF*%55E>6hGc%0M_dZPhH{mle{YKlmbFj!Drt0f7u8O1HA)oKkX!VS0u*We)BAkq;G#2KP#B@GfHkBE%IqCfz0ybOiKB7-|^jYBTSHdShb8=BawDJY&XTY20M9p@;YnI9B*D$rj>73r7CL=n8I^6 zR-}s`=Q_*nnHTs&_*lz*=yKfku$c6aMb6#VcIEBt_Umk4-1CRM%9ZzaS6`~kZ~WvW zcYD6~ChOLTx)ao%t9N+tu=~89?aUE2thzNb)s9w#UX}iT3#q{!5bh@ zye!{hF_~i|l2^*#RFtdNX(SqxSwi=clCJd^c09VloF+r?AVBpw!b33i6`(GG%xMW= zS0ypt|ATX_(Q42eajnE+Hsxpt(xS`LX>bc+mY9ojjigpbw5mC-<9str(fAmH(T zy*&fs(4+zCC=a0tgdy952nc4=f;s@Eb7e#S8$n=$!-5S|h%#aNE44WQ3J z0#8m;M?gN}JTrZnz2QKdW)N(0+c*&3?CI?ph-DuZtqB}2>-#_PX<(@WA{gg#yfYl-5Jad zdscg^?TTsQe)H19$t|02-uvYekN!Ek-ap*7>L0p4E85E~Uw=7RH?ZpImIG?>qrvCT zCAO%#l=g@0zx>Wek=&SPUz#Fqe3GC1-GEHet?vuK#{OjTF3O$=7}9s|+#PGNiv5Mr z@6PpF)4t@r%+sMYBiACbs$_+U2eP+E)F1L}jod%HFs6WWrmqBxuH5G5l2i5-zt8qy z?b_JyfBfL!@lO6*9lg+ktPLk)?~M#Su-3lm4n&nQCqiqpq9d~{Hqoc>817&xNLY^?Trym(zoTwmwR@6{_!pS+CG0X0?wZ{c+dNBNkhkVZpqwRcq-ipSNnr(xvq^tw#r4J*Aorr_RaSR`oOciW%Y@y@IY&EUqNo~ LnNqi`^xOXi{5oIa literal 0 HcmV?d00001 diff --git a/src/test/java/xades4j/utils/Issue166Test.java b/src/test/java/xades4j/utils/Issue166Test.java new file mode 100644 index 00000000..8dd98ce8 --- /dev/null +++ b/src/test/java/xades4j/utils/Issue166Test.java @@ -0,0 +1,119 @@ +package xades4j.utils; + +import java.io.FileInputStream; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import javax.security.auth.x500.X500Principal; +import org.bouncycastle.asn1.x500.X500Name; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +/** + * Investigation for https://github.com/luisgoncalves/xades4j/issues/166. + * @author luis + */ +public class Issue166Test extends SignatureServicesTestBase +{ + String dnUtf8 = "2.5.4.97=#0c0f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; + String dnPrintable = "2.5.4.97=#130f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; + String dnPlain = "OID.2.5.4.97=VATES-A66721499, CN=UANATACA CA1 2016, OU=TSP-UANATACA, O=UANATACA S.A., L=Barcelona (see current address at www.uanataca.com/address), C=ES"; + + X509Certificate cert; + + @Before + public void setUp() throws Exception + { + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + // Certificate includes the value of OID.2.5.4.97 as UTF8String + FileInputStream fis = new FileInputStream(toPlatformSpecificCertDirFilePath("issue166/EMPUBqscdA.cer")); + cert = (X509Certificate) certFactory.generateCertificate(fis); + fis.close(); + } + + @Test + public void javaCannotCompareStrings() throws Exception + { + X500Principal principal1 = new X500Principal(dnUtf8); + X500Principal principal2 = new X500Principal(dnPrintable); + X500Principal principal3 = new X500Principal(dnPlain); + + Assert.assertFalse(principal1.equals(principal2)); + Assert.assertFalse(principal1.equals(principal3)); + } + + @Test + public void javaCanComparePrintableAndPlainStrings() throws Exception + { + X500Principal principal1 = new X500Principal(dnPrintable); + X500Principal principal2 = new X500Principal(dnPlain); + + Assert.assertTrue(principal1.equals(principal2)); + } + + @Test + public void javaCannotCompareCertAndPrintableString() throws Exception + { + X500Principal principal1 = cert.getIssuerX500Principal(); + X500Principal principal2 = new X500Principal(dnPrintable); + + Assert.assertFalse(principal1.equals(principal2)); + } + + @Test + public void javaCanCompareCertAndUtf8String() throws Exception + { + X500Principal principal1 = cert.getIssuerX500Principal(); + X500Principal principal2 = new X500Principal(dnUtf8); + + Assert.assertTrue(principal1.equals(principal2)); + } + + @Test + public void javaCannotCompareCertAndPlainString() throws Exception + { + X500Principal principal1 = cert.getIssuerX500Principal(); + X500Principal principal2 = new X500Principal(dnPlain); + + Assert.assertFalse(principal1.equals(principal2)); + } + + @Test + public void bcCanCompareStrings() throws Exception + { + X500Name principal1 = new X500Name(dnUtf8); + X500Name principal2 = new X500Name(dnPrintable); + X500Name principal3 = new X500Name(dnPlain); + + Assert.assertTrue(principal1.equals(principal2)); + Assert.assertTrue(principal1.equals(principal3)); + Assert.assertTrue(principal2.equals(principal3)); + } + + @Test + public void bcCanCompareCertAndPrintableString() throws Exception + { + X500Name principal1 = X500Name.getInstance(cert.getIssuerX500Principal().getEncoded()); + X500Name principal2 = new X500Name(dnPrintable); + + Assert.assertTrue(principal1.equals(principal2)); + } + + @Test + public void bcCanCompareCertAndUtf8String() throws Exception + { + X500Name principal1 = X500Name.getInstance(cert.getIssuerX500Principal().getEncoded()); + X500Name principal2 = new X500Name(dnUtf8); + + Assert.assertTrue(principal1.equals(principal2)); + } + + @Test + public void bcCanCompareCertAndPlainString() throws Exception + { + X500Name principal1 = X500Name.getInstance(cert.getIssuerX500Principal().getEncoded()); + X500Name principal2 = new X500Name(dnPlain); + + Assert.assertTrue(principal1.equals(principal2)); + } +} From 5f8c6f10a1fe390f762d9b1ce0751028abf39e61 Mon Sep 17 00:00:00 2001 From: nekkiy Date: Sun, 28 Oct 2018 00:38:54 +0300 Subject: [PATCH 2/9] [Issue-166] - trial solution for compare DN --- .../java/xades4j/providers/X500NameStyleProvider.java | 4 ++++ .../providers/impl/DefaultX500NameStyleProvider.java | 10 +++++++++- src/main/java/xades4j/verification/CertRefUtils.java | 2 +- .../verification/CompleteRevocRefsVerifier.java | 4 +++- .../verification/SigningCertificateVerifier.java | 2 +- 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/main/java/xades4j/providers/X500NameStyleProvider.java b/src/main/java/xades4j/providers/X500NameStyleProvider.java index a16045a2..70ff80ff 100644 --- a/src/main/java/xades4j/providers/X500NameStyleProvider.java +++ b/src/main/java/xades4j/providers/X500NameStyleProvider.java @@ -3,6 +3,7 @@ import javax.security.auth.x500.X500Principal; + /** * @author Artem R. Romanenko * @version 06.08.18 @@ -10,5 +11,8 @@ public interface X500NameStyleProvider { X500Principal fromString(String dn); + String toString(X500Principal dn); + + boolean areEqual(X500Principal dn1, X500Principal dn2); } diff --git a/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java b/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java index 6873e87d..5ef8f924 100644 --- a/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java +++ b/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java @@ -31,10 +31,18 @@ public X500Principal fromString(String dn) { return new X500Principal(dn, x500ExtensibleNameStyle.getKeywordMap()); } - @Override public String toString(X500Principal x500Principal) { return X500Name.getInstance(x500ExtensibleNameStyle, x500Principal.getEncoded()).toString(); } + + @Override + public boolean areEqual(X500Principal dn1, X500Principal dn2) + { + X500Name bcDn1 = X500Name.getInstance(x500ExtensibleNameStyle, dn1.getEncoded()); + X500Name bcDn2 = X500Name.getInstance(x500ExtensibleNameStyle, dn2.getEncoded()); + return bcDn1.equals(bcDn2); + } + } diff --git a/src/main/java/xades4j/verification/CertRefUtils.java b/src/main/java/xades4j/verification/CertRefUtils.java index f125e815..52c6af30 100644 --- a/src/main/java/xades4j/verification/CertRefUtils.java +++ b/src/main/java/xades4j/verification/CertRefUtils.java @@ -58,7 +58,7 @@ protected String getVerificationMessage() } }; } - if (cert.getIssuerX500Principal().equals(certRefIssuerPrincipal) && + if (x500NameStyleProvider.areEqual(cert.getIssuerX500Principal(), certRefIssuerPrincipal) && certRef.serialNumber.equals(cert.getSerialNumber())) return certRef; } diff --git a/src/main/java/xades4j/verification/CompleteRevocRefsVerifier.java b/src/main/java/xades4j/verification/CompleteRevocRefsVerifier.java index cce1effb..64951c35 100644 --- a/src/main/java/xades4j/verification/CompleteRevocRefsVerifier.java +++ b/src/main/java/xades4j/verification/CompleteRevocRefsVerifier.java @@ -75,7 +75,9 @@ public QualifyingProperty verify( // should treat the signature as invalid." // Check issuer and issue time. - if (!crl.getIssuerX500Principal().equals(this.x500NameStyleProvider.fromString(crlRef.issuerDN)) || + + + if (!x500NameStyleProvider.areEqual(crl.getIssuerX500Principal(), this.x500NameStyleProvider.fromString(crlRef.issuerDN)) || !crl.getThisUpdate().equals(crlRef.issueTime.getTime())) continue; diff --git a/src/main/java/xades4j/verification/SigningCertificateVerifier.java b/src/main/java/xades4j/verification/SigningCertificateVerifier.java index 5834bbed..a12a7130 100644 --- a/src/main/java/xades4j/verification/SigningCertificateVerifier.java +++ b/src/main/java/xades4j/verification/SigningCertificateVerifier.java @@ -71,7 +71,7 @@ public QualifyingProperty verify( // from SigningCertificate, are the same." X500Principal keyInfoIssuer = certChainData.getValidationCertIssuer(); if (keyInfoIssuer != null && - (!this.x500NameStyleProvider.fromString(signingCertRef.issuerDN).equals(keyInfoIssuer) || + (!this.x500NameStyleProvider.areEqual(this.x500NameStyleProvider.fromString(signingCertRef.issuerDN), keyInfoIssuer) || !signingCertRef.serialNumber.equals(certChainData.getValidationCertSerialNumber()))) throw new SigningCertificateIssuerSerialMismatchException( signingCertRef.issuerDN, From 67ecebd02cece15fa915cf039f72d4eebea945ee Mon Sep 17 00:00:00 2001 From: nekkiy Date: Sun, 28 Oct 2018 01:46:48 +0300 Subject: [PATCH 3/9] [Issue-166] - added test for compare DN using X500NameStyleProvider set java test sources version to 1.7 improved test resources structure --- pom.xml | 2 ++ src/test/java/xades4j/utils/Issue166Test.java | 33 +++++++++++++----- .../xades4j/utils}/issue166/EMPUBqscdA.cer | Bin 3 files changed, 27 insertions(+), 8 deletions(-) rename src/test/{cert => resources/xades4j/utils}/issue166/EMPUBqscdA.cer (100%) diff --git a/pom.xml b/pom.xml index 0b3add2f..ba37128b 100644 --- a/pom.xml +++ b/pom.xml @@ -12,6 +12,8 @@ UTF-8 1.6 1.6 + 1.7 + 1.7 diff --git a/src/test/java/xades4j/utils/Issue166Test.java b/src/test/java/xades4j/utils/Issue166Test.java index 8dd98ce8..8bdafbf0 100644 --- a/src/test/java/xades4j/utils/Issue166Test.java +++ b/src/test/java/xades4j/utils/Issue166Test.java @@ -1,6 +1,6 @@ package xades4j.utils; -import java.io.FileInputStream; +import java.io.InputStream; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import javax.security.auth.x500.X500Principal; @@ -8,6 +8,8 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; +import xades4j.providers.X500NameStyleProvider; +import xades4j.providers.impl.DefaultX500NameStyleProvider; /** * Investigation for https://github.com/luisgoncalves/xades4j/issues/166. @@ -15,20 +17,23 @@ */ public class Issue166Test extends SignatureServicesTestBase { - String dnUtf8 = "2.5.4.97=#0c0f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; - String dnPrintable = "2.5.4.97=#130f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; - String dnPlain = "OID.2.5.4.97=VATES-A66721499, CN=UANATACA CA1 2016, OU=TSP-UANATACA, O=UANATACA S.A., L=Barcelona (see current address at www.uanataca.com/address), C=ES"; + private String dnUtf8 = "2.5.4.97=#0c0f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; + private String dnPrintable = "2.5.4.97=#130f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; + private String dnPlain = "OID.2.5.4.97=VATES-A66721499, CN=UANATACA CA1 2016, OU=TSP-UANATACA, O=UANATACA S.A., L=Barcelona (see current address at www.uanataca.com/address), C=ES"; - X509Certificate cert; + private X509Certificate cert; + private X500NameStyleProvider nameStyleProvider; @Before public void setUp() throws Exception { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); // Certificate includes the value of OID.2.5.4.97 as UTF8String - FileInputStream fis = new FileInputStream(toPlatformSpecificCertDirFilePath("issue166/EMPUBqscdA.cer")); - cert = (X509Certificate) certFactory.generateCertificate(fis); - fis.close(); + try(InputStream is = getClass().getResourceAsStream("issue166/EMPUBqscdA.cer")) + { + cert = (X509Certificate) certFactory.generateCertificate(is); + } + nameStyleProvider= new DefaultX500NameStyleProvider(); } @Test @@ -116,4 +121,16 @@ public void bcCanCompareCertAndPlainString() throws Exception Assert.assertTrue(principal1.equals(principal2)); } + + @Test + public void compareWithNameStyleProvider() + { + X500Principal principal1 = new X500Principal(dnUtf8); + X500Principal principal2 = new X500Principal(dnPrintable); + X500Principal principal3 = new X500Principal(dnPlain); + + Assert.assertTrue(nameStyleProvider.areEqual(principal1,principal2)); + Assert.assertTrue(nameStyleProvider.areEqual(principal1,principal3)); + } + } diff --git a/src/test/cert/issue166/EMPUBqscdA.cer b/src/test/resources/xades4j/utils/issue166/EMPUBqscdA.cer similarity index 100% rename from src/test/cert/issue166/EMPUBqscdA.cer rename to src/test/resources/xades4j/utils/issue166/EMPUBqscdA.cer From ba1c1791c86482369289c0027006721155e814df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Gon=C3=A7alves?= Date: Sun, 28 Oct 2018 12:05:48 +0000 Subject: [PATCH 4/9] Move Issue166Test to "verification" package --- .../{utils => verification}/Issue166Test.java | 15 ++++++++------- .../issue166/EMPUBqscdA.cer | Bin 2 files changed, 8 insertions(+), 7 deletions(-) rename src/test/java/xades4j/{utils => verification}/Issue166Test.java (82%) rename src/test/resources/xades4j/{utils => verification}/issue166/EMPUBqscdA.cer (100%) diff --git a/src/test/java/xades4j/utils/Issue166Test.java b/src/test/java/xades4j/verification/Issue166Test.java similarity index 82% rename from src/test/java/xades4j/utils/Issue166Test.java rename to src/test/java/xades4j/verification/Issue166Test.java index 8bdafbf0..01dfbd8d 100644 --- a/src/test/java/xades4j/utils/Issue166Test.java +++ b/src/test/java/xades4j/verification/Issue166Test.java @@ -1,4 +1,4 @@ -package xades4j.utils; +package xades4j.verification; import java.io.InputStream; import java.security.cert.CertificateFactory; @@ -8,8 +8,8 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; -import xades4j.providers.X500NameStyleProvider; import xades4j.providers.impl.DefaultX500NameStyleProvider; +import xades4j.utils.SignatureServicesTestBase; /** * Investigation for https://github.com/luisgoncalves/xades4j/issues/166. @@ -17,12 +17,12 @@ */ public class Issue166Test extends SignatureServicesTestBase { - private String dnUtf8 = "2.5.4.97=#0c0f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; - private String dnPrintable = "2.5.4.97=#130f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; - private String dnPlain = "OID.2.5.4.97=VATES-A66721499, CN=UANATACA CA1 2016, OU=TSP-UANATACA, O=UANATACA S.A., L=Barcelona (see current address at www.uanataca.com/address), C=ES"; + private final String dnUtf8 = "2.5.4.97=#0c0f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; + private final String dnPrintable = "2.5.4.97=#130f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES"; + private final String dnPlain = "OID.2.5.4.97=VATES-A66721499, CN=UANATACA CA1 2016, OU=TSP-UANATACA, O=UANATACA S.A., L=Barcelona (see current address at www.uanataca.com/address), C=ES"; private X509Certificate cert; - private X500NameStyleProvider nameStyleProvider; + private DefaultX500NameStyleProvider nameStyleProvider; @Before public void setUp() throws Exception @@ -33,7 +33,7 @@ public void setUp() throws Exception { cert = (X509Certificate) certFactory.generateCertificate(is); } - nameStyleProvider= new DefaultX500NameStyleProvider(); + nameStyleProvider = new DefaultX500NameStyleProvider(); } @Test @@ -131,6 +131,7 @@ public void compareWithNameStyleProvider() Assert.assertTrue(nameStyleProvider.areEqual(principal1,principal2)); Assert.assertTrue(nameStyleProvider.areEqual(principal1,principal3)); + Assert.assertTrue(nameStyleProvider.areEqual(principal2,principal3)); } } diff --git a/src/test/resources/xades4j/utils/issue166/EMPUBqscdA.cer b/src/test/resources/xades4j/verification/issue166/EMPUBqscdA.cer similarity index 100% rename from src/test/resources/xades4j/utils/issue166/EMPUBqscdA.cer rename to src/test/resources/xades4j/verification/issue166/EMPUBqscdA.cer From b5fda1de93c5c9e6f75805158867d309be4b0280 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Gon=C3=A7alves?= Date: Sun, 28 Oct 2018 16:16:50 +0000 Subject: [PATCH 5/9] Move DN comparison to dedicated internal class --- .../providers/X500NameStyleProvider.java | 15 ++- .../impl/DefaultX500NameStyleProvider.java | 9 -- .../xades4j/verification/CertRefUtils.java | 19 ++-- .../CompleteCertRefsVerifier.java | 10 +- .../CompleteRevocRefsVerifier.java | 10 +- .../DistinguishedNameComparer.java | 38 ++++++++ .../SigningCertificateVerifier.java | 13 ++- .../DistinguishedNameComparerTest.java | 93 +++++++++++++++++++ .../xades4j/verification/Issue166Test.java | 16 ---- 9 files changed, 164 insertions(+), 59 deletions(-) create mode 100644 src/main/java/xades4j/verification/DistinguishedNameComparer.java create mode 100644 src/test/java/xades4j/verification/DistinguishedNameComparerTest.java diff --git a/src/main/java/xades4j/providers/X500NameStyleProvider.java b/src/main/java/xades4j/providers/X500NameStyleProvider.java index 70ff80ff..2304ea0d 100644 --- a/src/main/java/xades4j/providers/X500NameStyleProvider.java +++ b/src/main/java/xades4j/providers/X500NameStyleProvider.java @@ -2,17 +2,24 @@ import javax.security.auth.x500.X500Principal; - - /** * @author Artem R. Romanenko * @version 06.08.18 */ public interface X500NameStyleProvider { + /** + * Parse a DN string. + * @param dn + * @return the parsed DN + * @exception IllegalArgumentException if the name is invalid + */ X500Principal fromString(String dn); + /** + * Get a DN string. + * @param dn + * @return the DN string + */ String toString(X500Principal dn); - - boolean areEqual(X500Principal dn1, X500Principal dn2); } diff --git a/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java b/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java index 5ef8f924..a71e80b7 100644 --- a/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java +++ b/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java @@ -36,13 +36,4 @@ public String toString(X500Principal x500Principal) { return X500Name.getInstance(x500ExtensibleNameStyle, x500Principal.getEncoded()).toString(); } - - @Override - public boolean areEqual(X500Principal dn1, X500Principal dn2) - { - X500Name bcDn1 = X500Name.getInstance(x500ExtensibleNameStyle, dn1.getEncoded()); - X500Name bcDn2 = X500Name.getInstance(x500ExtensibleNameStyle, dn2.getEncoded()); - return bcDn1.equals(bcDn2); - } - } diff --git a/src/main/java/xades4j/verification/CertRefUtils.java b/src/main/java/xades4j/verification/CertRefUtils.java index 52c6af30..f2f9e5a9 100644 --- a/src/main/java/xades4j/verification/CertRefUtils.java +++ b/src/main/java/xades4j/verification/CertRefUtils.java @@ -21,12 +21,10 @@ import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collection; -import javax.security.auth.x500.X500Principal; import xades4j.UnsupportedAlgorithmException; import xades4j.XAdES4jException; import xades4j.properties.data.CertRef; import xades4j.providers.MessageDigestEngineProvider; -import xades4j.providers.X500NameStyleProvider; /** * @@ -37,17 +35,19 @@ class CertRefUtils static CertRef findCertRef( X509Certificate cert, Collection certRefs, - X500NameStyleProvider x500NameStyleProvider) throws SigningCertificateVerificationException + DistinguishedNameComparer dnComparer) throws SigningCertificateVerificationException { for (final CertRef certRef : certRefs) { - // Need to use a X500Principal because the DN strings can have different - // spaces and so on. - X500Principal certRefIssuerPrincipal; try { - certRefIssuerPrincipal = x500NameStyleProvider.fromString(certRef.issuerDN); - } catch (IllegalArgumentException ex) + if (dnComparer.areEqual(cert.getIssuerX500Principal(), certRef.issuerDN) && + certRef.serialNumber.equals(cert.getSerialNumber())) + { + return certRef; + } + } + catch (IllegalArgumentException ex) { throw new SigningCertificateVerificationException(ex) { @@ -58,9 +58,6 @@ protected String getVerificationMessage() } }; } - if (x500NameStyleProvider.areEqual(cert.getIssuerX500Principal(), certRefIssuerPrincipal) && - certRef.serialNumber.equals(cert.getSerialNumber())) - return certRef; } return null; } diff --git a/src/main/java/xades4j/verification/CompleteCertRefsVerifier.java b/src/main/java/xades4j/verification/CompleteCertRefsVerifier.java index 1acb68bf..966ed476 100644 --- a/src/main/java/xades4j/verification/CompleteCertRefsVerifier.java +++ b/src/main/java/xades4j/verification/CompleteCertRefsVerifier.java @@ -26,7 +26,6 @@ import xades4j.properties.data.CertRef; import xades4j.properties.data.CompleteCertificateRefsData; import xades4j.providers.MessageDigestEngineProvider; -import xades4j.providers.X500NameStyleProvider; /** * XAdES G.2.2.12 @@ -35,16 +34,15 @@ class CompleteCertRefsVerifier implements QualifyingPropertyVerifier { private final MessageDigestEngineProvider messageDigestProvider; - private final X500NameStyleProvider x500NameStyleProvider; - + private final DistinguishedNameComparer dnComparer; @Inject public CompleteCertRefsVerifier( MessageDigestEngineProvider messageDigestProvider, - X500NameStyleProvider x500NameStyleProvider) + DistinguishedNameComparer dnComparer) { this.messageDigestProvider = messageDigestProvider; - this.x500NameStyleProvider = x500NameStyleProvider; + this.dnComparer = dnComparer; } @Override @@ -61,7 +59,7 @@ public QualifyingProperty verify( for (X509Certificate caCert : caCerts) { - CertRef caRef = CertRefUtils.findCertRef(caCert, caCertRefs, this.x500NameStyleProvider); + CertRef caRef = CertRefUtils.findCertRef(caCert, caCertRefs, this.dnComparer); if (null == caRef) throw new CompleteCertRefsCertNotFoundException(caCert); try diff --git a/src/main/java/xades4j/verification/CompleteRevocRefsVerifier.java b/src/main/java/xades4j/verification/CompleteRevocRefsVerifier.java index 64951c35..b6cedece 100644 --- a/src/main/java/xades4j/verification/CompleteRevocRefsVerifier.java +++ b/src/main/java/xades4j/verification/CompleteRevocRefsVerifier.java @@ -32,7 +32,6 @@ import xades4j.properties.data.CRLRef; import xades4j.properties.data.CompleteRevocationRefsData; import xades4j.providers.MessageDigestEngineProvider; -import xades4j.providers.X500NameStyleProvider; import xades4j.utils.CrlExtensionsUtils; /** @@ -42,15 +41,15 @@ class CompleteRevocRefsVerifier implements QualifyingPropertyVerifier { private final MessageDigestEngineProvider digestEngineProvider; - private final X500NameStyleProvider x500NameStyleProvider; + private final DistinguishedNameComparer dnComparer; @Inject public CompleteRevocRefsVerifier( MessageDigestEngineProvider digestEngineProvider, - X500NameStyleProvider x500NameStyleProvider) + DistinguishedNameComparer dnComparer) { this.digestEngineProvider = digestEngineProvider; - this.x500NameStyleProvider = x500NameStyleProvider; + this.dnComparer = dnComparer; } @Override @@ -76,8 +75,7 @@ public QualifyingProperty verify( // Check issuer and issue time. - - if (!x500NameStyleProvider.areEqual(crl.getIssuerX500Principal(), this.x500NameStyleProvider.fromString(crlRef.issuerDN)) || + if (!this.dnComparer.areEqual(crl.getIssuerX500Principal(), crlRef.issuerDN) || !crl.getThisUpdate().equals(crlRef.issueTime.getTime())) continue; diff --git a/src/main/java/xades4j/verification/DistinguishedNameComparer.java b/src/main/java/xades4j/verification/DistinguishedNameComparer.java new file mode 100644 index 00000000..a8062ce9 --- /dev/null +++ b/src/main/java/xades4j/verification/DistinguishedNameComparer.java @@ -0,0 +1,38 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package xades4j.verification; + +import com.google.inject.Inject; +import javax.security.auth.x500.X500Principal; +import org.bouncycastle.asn1.x500.X500Name; +import xades4j.providers.X500NameStyleProvider; + +/** + * Experimental API. It may be changed or removed in future releases. + * + * @author luis + */ +class DistinguishedNameComparer +{ + private final X500NameStyleProvider x500NameStyleProvider; + + @Inject + DistinguishedNameComparer(X500NameStyleProvider x500NameStyleProvider) + { + this.x500NameStyleProvider = x500NameStyleProvider; + } + + /** + * @exception IllegalArgumentException if the DN string is invalid + */ + boolean areEqual(X500Principal parsedDn, String stringDn) + { + X500Name first = X500Name.getInstance(parsedDn.getEncoded()); + // TODO consider simplifying this by constructing from string and using the configured keyword map + X500Name second = X500Name.getInstance(this.x500NameStyleProvider.fromString(stringDn).getEncoded()); + return first.equals(second); + } +} diff --git a/src/main/java/xades4j/verification/SigningCertificateVerifier.java b/src/main/java/xades4j/verification/SigningCertificateVerifier.java index a12a7130..7fd473f7 100644 --- a/src/main/java/xades4j/verification/SigningCertificateVerifier.java +++ b/src/main/java/xades4j/verification/SigningCertificateVerifier.java @@ -26,7 +26,6 @@ import xades4j.properties.data.CertRef; import xades4j.providers.MessageDigestEngineProvider; import xades4j.properties.data.SigningCertificateData; -import xades4j.providers.X500NameStyleProvider; import xades4j.verification.QualifyingPropertyVerificationContext.CertificationChainData; /** @@ -36,15 +35,15 @@ class SigningCertificateVerifier implements QualifyingPropertyVerifier { private final MessageDigestEngineProvider messageDigestProvider; - private final X500NameStyleProvider x500NameStyleProvider; + private final DistinguishedNameComparer dnComparer; @Inject public SigningCertificateVerifier( MessageDigestEngineProvider messageDigestProvider, - X500NameStyleProvider x500NameStyleProvider) + DistinguishedNameComparer dnComparer) { this.messageDigestProvider = messageDigestProvider; - this.x500NameStyleProvider = x500NameStyleProvider; + this.dnComparer = dnComparer; } @Override @@ -62,7 +61,7 @@ public QualifyingProperty verify( // "If the verifier does not find any reference matching the signing certificate, // the validation of this property should be taken as failed." X509Certificate signingCert = certPathIter.next(); - CertRef signingCertRef = CertRefUtils.findCertRef(signingCert, certRefs, this.x500NameStyleProvider); + CertRef signingCertRef = CertRefUtils.findCertRef(signingCert, certRefs, this.dnComparer); if (null == signingCertRef) throw new SigningCertificateReferenceNotFoundException(signingCert); @@ -71,7 +70,7 @@ public QualifyingProperty verify( // from SigningCertificate, are the same." X500Principal keyInfoIssuer = certChainData.getValidationCertIssuer(); if (keyInfoIssuer != null && - (!this.x500NameStyleProvider.areEqual(this.x500NameStyleProvider.fromString(signingCertRef.issuerDN), keyInfoIssuer) || + (!this.dnComparer.areEqual(keyInfoIssuer, signingCertRef.issuerDN) || !signingCertRef.serialNumber.equals(certChainData.getValidationCertSerialNumber()))) throw new SigningCertificateIssuerSerialMismatchException( signingCertRef.issuerDN, @@ -94,7 +93,7 @@ public QualifyingProperty verify( while (certPathIter.hasNext()) { X509Certificate cert = certPathIter.next(); - CertRef certRef = CertRefUtils.findCertRef(cert, certRefs, this.x500NameStyleProvider); + CertRef certRef = CertRefUtils.findCertRef(cert, certRefs, this.dnComparer); // "Should one or more certificates in the certification path not be // referenced by this property, the verifier should assume that the // verification is successful (...)" diff --git a/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java b/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java new file mode 100644 index 00000000..74fc2f69 --- /dev/null +++ b/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java @@ -0,0 +1,93 @@ +package xades4j.verification; + +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collection; +import javax.security.auth.x500.X500Principal; +import static org.junit.Assert.*; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; +import xades4j.providers.impl.DefaultX500NameStyleProvider; +import xades4j.utils.SignatureServicesTestBase; + +/** + * @author luis + */ +@RunWith(Parameterized.class) +public class DistinguishedNameComparerTest extends SignatureServicesTestBase +{ + @Parameters + public static Collection data() throws Exception + { + return Arrays.asList(new Object[][] + { + // #1 + // Certificate includes the value of OID.2.5.4.97 as UTF8String + { + "2.5.4.97=#0c0f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES", + certFromResource("issue166/EMPUBqscdA.cer") + }, + { + "2.5.4.97=#130f56415445532d413636373231343939,CN=UANATACA CA1 2016,OU=TSP-UANATACA,O=UANATACA S.A.,L=Barcelona (see current address at www.uanataca.com/address),C=ES", + certFromResource("issue166/EMPUBqscdA.cer") + }, + { + "OID.2.5.4.97=VATES-A66721499, CN=UANATACA CA1 2016, OU=TSP-UANATACA, O=UANATACA S.A., L=Barcelona (see current address at www.uanataca.com/address), C=ES", + certFromResource("issue166/EMPUBqscdA.cer") + }, + // #2 + { + "CN = Itermediate, OU = CC, O = ISEL, C = PT", + certFromFile("my/LG.cer") + }, + // #3 + { + "C = PT, O = SCEE - Sistema de Certificação Electrónica do Estado, OU = ECEstado, CN = Cartão de Cidadão 001", + certFromFile("pt/ECQualifSigCC0001.cer") + } + }); + } + + private static X509Certificate certFromResource(String resourcePath) throws Exception + { + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + try (InputStream is = DistinguishedNameComparerTest.class.getResourceAsStream(resourcePath)) + { + return (X509Certificate) certFactory.generateCertificate(is); + } + } + + private static X509Certificate certFromFile(String filePath) throws Exception + { + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + try (InputStream is = new FileInputStream(toPlatformSpecificCertDirFilePath(filePath))) + { + return (X509Certificate) certFactory.generateCertificate(is); + } + } + private final String issuerDn; + private final X509Certificate cert; + private final DefaultX500NameStyleProvider nameStyleProvider; + + public DistinguishedNameComparerTest(String issuerDn, X509Certificate cert) throws IOException + { + this.issuerDn = issuerDn; + this.cert = cert; + this.nameStyleProvider = new DefaultX500NameStyleProvider(); + } + + @Test + public void canCompare() + { + X500Principal principal = cert.getIssuerX500Principal(); + DistinguishedNameComparer comparer = new DistinguishedNameComparer(nameStyleProvider); + + assertTrue(comparer.areEqual(principal, issuerDn)); + } +} diff --git a/src/test/java/xades4j/verification/Issue166Test.java b/src/test/java/xades4j/verification/Issue166Test.java index 01dfbd8d..11a8121e 100644 --- a/src/test/java/xades4j/verification/Issue166Test.java +++ b/src/test/java/xades4j/verification/Issue166Test.java @@ -8,7 +8,6 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; -import xades4j.providers.impl.DefaultX500NameStyleProvider; import xades4j.utils.SignatureServicesTestBase; /** @@ -22,7 +21,6 @@ public class Issue166Test extends SignatureServicesTestBase private final String dnPlain = "OID.2.5.4.97=VATES-A66721499, CN=UANATACA CA1 2016, OU=TSP-UANATACA, O=UANATACA S.A., L=Barcelona (see current address at www.uanataca.com/address), C=ES"; private X509Certificate cert; - private DefaultX500NameStyleProvider nameStyleProvider; @Before public void setUp() throws Exception @@ -33,7 +31,6 @@ public void setUp() throws Exception { cert = (X509Certificate) certFactory.generateCertificate(is); } - nameStyleProvider = new DefaultX500NameStyleProvider(); } @Test @@ -121,17 +118,4 @@ public void bcCanCompareCertAndPlainString() throws Exception Assert.assertTrue(principal1.equals(principal2)); } - - @Test - public void compareWithNameStyleProvider() - { - X500Principal principal1 = new X500Principal(dnUtf8); - X500Principal principal2 = new X500Principal(dnPrintable); - X500Principal principal3 = new X500Principal(dnPlain); - - Assert.assertTrue(nameStyleProvider.areEqual(principal1,principal2)); - Assert.assertTrue(nameStyleProvider.areEqual(principal1,principal3)); - Assert.assertTrue(nameStyleProvider.areEqual(principal2,principal3)); - } - } From 6d68595b74d0e6209983f0929a844fe0feaa06c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Gon=C3=A7alves?= Date: Sun, 28 Oct 2018 18:03:44 +0000 Subject: [PATCH 6/9] Mark X500NameStyleProvider APIs as experimental --- .../xades4j/production/XadesSigningProfile.java | 6 ++++++ .../providers/X500NameStyleProvider.java | 2 ++ .../impl/DefaultX500NameStyleProvider.java | 2 ++ .../xades4j/utils/RFC4519ExtensibleStyle.java | 3 ++- .../xades4j/utils/X500ExtensibleNameStyle.java | 2 ++ .../verification/DistinguishedNameComparer.java | 17 ++++++++++++++--- 6 files changed, 28 insertions(+), 4 deletions(-) diff --git a/src/main/java/xades4j/production/XadesSigningProfile.java b/src/main/java/xades4j/production/XadesSigningProfile.java index 0d29e264..e0a1461d 100644 --- a/src/main/java/xades4j/production/XadesSigningProfile.java +++ b/src/main/java/xades4j/production/XadesSigningProfile.java @@ -210,12 +210,18 @@ public XadesSigningProfile withDigestEngineProvider( return withBinding(MessageDigestEngineProvider.class, digestProviderClass); } + /** + * Experimental API. It may be changed or removed in future releases. + */ public XadesSigningProfile withX500NameStyleProvider( X500NameStyleProvider x500NameStyleProvider) { return withBinding(X500NameStyleProvider.class, x500NameStyleProvider); } + /** + * Experimental API. It may be changed or removed in future releases. + */ public XadesSigningProfile withX500NameStyleProvider( Class x500NameStyleProviderClass) { diff --git a/src/main/java/xades4j/providers/X500NameStyleProvider.java b/src/main/java/xades4j/providers/X500NameStyleProvider.java index 2304ea0d..1bdb9945 100644 --- a/src/main/java/xades4j/providers/X500NameStyleProvider.java +++ b/src/main/java/xades4j/providers/X500NameStyleProvider.java @@ -3,6 +3,8 @@ import javax.security.auth.x500.X500Principal; /** + * Experimental API. It may be changed or removed in future releases. + * * @author Artem R. Romanenko * @version 06.08.18 */ diff --git a/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java b/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java index a71e80b7..b7f442fe 100644 --- a/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java +++ b/src/main/java/xades4j/providers/impl/DefaultX500NameStyleProvider.java @@ -9,6 +9,8 @@ import javax.security.auth.x500.X500Principal; /** + * Experimental API. It may be changed or removed in future releases. + * * @author Artem R. Romanenko * @version 06.08.18 */ diff --git a/src/main/java/xades4j/utils/RFC4519ExtensibleStyle.java b/src/main/java/xades4j/utils/RFC4519ExtensibleStyle.java index 969b54d9..d1afb82d 100644 --- a/src/main/java/xades4j/utils/RFC4519ExtensibleStyle.java +++ b/src/main/java/xades4j/utils/RFC4519ExtensibleStyle.java @@ -11,8 +11,9 @@ import java.util.Map; import java.util.Set; - /** + * Experimental API. It may be changed or removed in future releases. + * * @author Artem R. Romanenko * @version 30.07.18 */ diff --git a/src/main/java/xades4j/utils/X500ExtensibleNameStyle.java b/src/main/java/xades4j/utils/X500ExtensibleNameStyle.java index d0ebf9c8..667f2ecb 100644 --- a/src/main/java/xades4j/utils/X500ExtensibleNameStyle.java +++ b/src/main/java/xades4j/utils/X500ExtensibleNameStyle.java @@ -5,6 +5,8 @@ import java.util.Map; /** + * Experimental API. It may be changed or removed in future releases. + * * @author Artem R. Romanenko * @version 06.08.18 */ diff --git a/src/main/java/xades4j/verification/DistinguishedNameComparer.java b/src/main/java/xades4j/verification/DistinguishedNameComparer.java index a8062ce9..c00eaae0 100644 --- a/src/main/java/xades4j/verification/DistinguishedNameComparer.java +++ b/src/main/java/xades4j/verification/DistinguishedNameComparer.java @@ -1,7 +1,18 @@ /* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. + * XAdES4j - A Java library for generation and verification of XAdES signatures. + * Copyright (C) 2018 Luis Goncalves. + * + * XAdES4j is free software; you can redistribute it and/or modify it under + * the terms of the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or any later version. + * + * XAdES4j is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along + * with XAdES4j. If not, see . */ package xades4j.verification; From 6322263b8acb72103599ad5f784c4b4f26934c96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Gon=C3=A7alves?= Date: Sat, 3 Nov 2018 20:34:48 +0000 Subject: [PATCH 7/9] Create X500Name directly from DN string --- .../DefaultVerificationBindingsModule.java | 3 +++ .../verification/DistinguishedNameComparer.java | 10 +++++----- .../verification/DistinguishedNameComparerTest.java | 7 ++++--- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/main/java/xades4j/verification/DefaultVerificationBindingsModule.java b/src/main/java/xades4j/verification/DefaultVerificationBindingsModule.java index 5e92c0d8..0f8cfeb8 100644 --- a/src/main/java/xades4j/verification/DefaultVerificationBindingsModule.java +++ b/src/main/java/xades4j/verification/DefaultVerificationBindingsModule.java @@ -50,6 +50,8 @@ import xades4j.providers.TimeStampVerificationProvider; import xades4j.providers.impl.DefaultX500NameStyleProvider; import xades4j.utils.BuiltIn; +import xades4j.utils.RFC4519ExtensibleStyle; +import xades4j.utils.X500ExtensibleNameStyle; /** * Contains the Guice bindings for the default components and the bindings for the @@ -90,6 +92,7 @@ public InputStream getSignaturePolicyDocumentStream( bind(QualifyingPropertiesVerifier.class).to(QualifyingPropertiesVerifierImpl.class); bind(QualifyingPropertyVerifiersMapper.class).to(QualifyingPropertyVerifiersMapperImpl.class); bind(X500NameStyleProvider.class).to(DefaultX500NameStyleProvider.class); + bind(X500ExtensibleNameStyle.class).to(RFC4519ExtensibleStyle.class); // customGlobalStructureVerifiers.add(new CustomPropertiesDataObjsStructureVerifier() // { // @Override diff --git a/src/main/java/xades4j/verification/DistinguishedNameComparer.java b/src/main/java/xades4j/verification/DistinguishedNameComparer.java index c00eaae0..a6c84a27 100644 --- a/src/main/java/xades4j/verification/DistinguishedNameComparer.java +++ b/src/main/java/xades4j/verification/DistinguishedNameComparer.java @@ -20,6 +20,7 @@ import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.x500.X500Name; import xades4j.providers.X500NameStyleProvider; +import xades4j.utils.X500ExtensibleNameStyle; /** * Experimental API. It may be changed or removed in future releases. @@ -28,12 +29,12 @@ */ class DistinguishedNameComparer { - private final X500NameStyleProvider x500NameStyleProvider; + private final X500ExtensibleNameStyle x500NameStyle; @Inject - DistinguishedNameComparer(X500NameStyleProvider x500NameStyleProvider) + DistinguishedNameComparer(X500ExtensibleNameStyle x500NameStyle) { - this.x500NameStyleProvider = x500NameStyleProvider; + this.x500NameStyle = x500NameStyle; } /** @@ -42,8 +43,7 @@ class DistinguishedNameComparer boolean areEqual(X500Principal parsedDn, String stringDn) { X500Name first = X500Name.getInstance(parsedDn.getEncoded()); - // TODO consider simplifying this by constructing from string and using the configured keyword map - X500Name second = X500Name.getInstance(this.x500NameStyleProvider.fromString(stringDn).getEncoded()); + X500Name second = new X500Name(this.x500NameStyle, stringDn); return first.equals(second); } } diff --git a/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java b/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java index 74fc2f69..013ee631 100644 --- a/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java +++ b/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java @@ -14,6 +14,7 @@ import org.junit.runners.Parameterized; import org.junit.runners.Parameterized.Parameters; import xades4j.providers.impl.DefaultX500NameStyleProvider; +import xades4j.utils.RFC4519ExtensibleStyle; import xades4j.utils.SignatureServicesTestBase; /** @@ -73,20 +74,20 @@ private static X509Certificate certFromFile(String filePath) throws Exception } private final String issuerDn; private final X509Certificate cert; - private final DefaultX500NameStyleProvider nameStyleProvider; + private final RFC4519ExtensibleStyle nameStyle; public DistinguishedNameComparerTest(String issuerDn, X509Certificate cert) throws IOException { this.issuerDn = issuerDn; this.cert = cert; - this.nameStyleProvider = new DefaultX500NameStyleProvider(); + this.nameStyle = new RFC4519ExtensibleStyle(); } @Test public void canCompare() { X500Principal principal = cert.getIssuerX500Principal(); - DistinguishedNameComparer comparer = new DistinguishedNameComparer(nameStyleProvider); + DistinguishedNameComparer comparer = new DistinguishedNameComparer(nameStyle); assertTrue(comparer.areEqual(principal, issuerDn)); } From 40f96d6c20ff48661758826a83c854b9dbc2e5bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Gon=C3=A7alves?= Date: Sat, 3 Nov 2018 20:35:03 +0000 Subject: [PATCH 8/9] Add latest TSA CRL (for tests) --- src/test/cert/gva/raizaccv1_der_5.crl | Bin 0 -> 705 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 src/test/cert/gva/raizaccv1_der_5.crl diff --git a/src/test/cert/gva/raizaccv1_der_5.crl b/src/test/cert/gva/raizaccv1_der_5.crl new file mode 100644 index 0000000000000000000000000000000000000000..5b9475df9702c7aa80ef0fa70cbb7925ee04375a GIT binary patch literal 705 zcmXqLV%lraxQvOB(SVnYQ>)FR?K>|cBR4C9fs>(-fdCtGC<`+Wr=zoTSdgP=LH>(5!m?lzJ&*q87eU$icQGwsH(>md0N3l^JOxJ1UDvYq`C#po;bNDyj0`vgF1N?ox4xDLcT2cFV6VV@863@dlHTb z%wBWdp~f#)>ntjU5M9WX*iVy!*;!{V8+b z8#wWH_45V>>^2TAVfI)gn4&)CpcMQ3#%;KU{Wlnomv)M;{ zuWFp(yLj>c`;W$3)iy6SeZKG6gb3xo>WZ9?-YpDk>2Z9#%w(C(rta(RYvTWDH@F9A fNDd&J8+J7c(;$uElO&u*#@Gz2PGO Date: Sun, 4 Nov 2018 23:05:29 +0000 Subject: [PATCH 9/9] Go back to creating X500Name from encoded X500Principal --- .../xades4j/verification/DistinguishedNameComparer.java | 6 ++++-- .../xades4j/verification/DistinguishedNameComparerTest.java | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/main/java/xades4j/verification/DistinguishedNameComparer.java b/src/main/java/xades4j/verification/DistinguishedNameComparer.java index a6c84a27..3e3f4fab 100644 --- a/src/main/java/xades4j/verification/DistinguishedNameComparer.java +++ b/src/main/java/xades4j/verification/DistinguishedNameComparer.java @@ -30,11 +30,13 @@ class DistinguishedNameComparer { private final X500ExtensibleNameStyle x500NameStyle; + private final X500NameStyleProvider x500NameStyleProvider; @Inject - DistinguishedNameComparer(X500ExtensibleNameStyle x500NameStyle) + DistinguishedNameComparer(X500ExtensibleNameStyle x500NameStyle, X500NameStyleProvider x500NameStyleProvider) { this.x500NameStyle = x500NameStyle; + this.x500NameStyleProvider = x500NameStyleProvider; } /** @@ -43,7 +45,7 @@ class DistinguishedNameComparer boolean areEqual(X500Principal parsedDn, String stringDn) { X500Name first = X500Name.getInstance(parsedDn.getEncoded()); - X500Name second = new X500Name(this.x500NameStyle, stringDn); + X500Name second = X500Name.getInstance(this.x500NameStyle, this.x500NameStyleProvider.fromString(stringDn).getEncoded()); return first.equals(second); } } diff --git a/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java b/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java index 013ee631..329c5d64 100644 --- a/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java +++ b/src/test/java/xades4j/verification/DistinguishedNameComparerTest.java @@ -13,6 +13,7 @@ import org.junit.runner.RunWith; import org.junit.runners.Parameterized; import org.junit.runners.Parameterized.Parameters; +import xades4j.providers.X500NameStyleProvider; import xades4j.providers.impl.DefaultX500NameStyleProvider; import xades4j.utils.RFC4519ExtensibleStyle; import xades4j.utils.SignatureServicesTestBase; @@ -75,19 +76,21 @@ private static X509Certificate certFromFile(String filePath) throws Exception private final String issuerDn; private final X509Certificate cert; private final RFC4519ExtensibleStyle nameStyle; + private final X500NameStyleProvider x500NameStyleProvider; public DistinguishedNameComparerTest(String issuerDn, X509Certificate cert) throws IOException { this.issuerDn = issuerDn; this.cert = cert; this.nameStyle = new RFC4519ExtensibleStyle(); + this.x500NameStyleProvider = new DefaultX500NameStyleProvider(this.nameStyle); } @Test public void canCompare() { X500Principal principal = cert.getIssuerX500Principal(); - DistinguishedNameComparer comparer = new DistinguishedNameComparer(nameStyle); + DistinguishedNameComparer comparer = new DistinguishedNameComparer(this.nameStyle, this.x500NameStyleProvider); assertTrue(comparer.areEqual(principal, issuerDn)); }