Fixes bug on references mapping when the signing certificate is signed.

src/main/java/xades4j/production/DataObjectDescsProcessor.java → src/main/java/xades4j/production/SignedDataObjectsProcessor.java

@@ -44,29 +44,37 @@
  * 
  * @author Luís
  */
-class DataObjectDescsProcessor
+class SignedDataObjectsProcessor
 {
     private final AlgorithmsProviderEx algorithmsProvider;
     private final AlgorithmsParametersMarshallingProvider algorithmsParametersMarshaller;
 
     @Inject
-    DataObjectDescsProcessor(AlgorithmsProviderEx algorithmsProvider, AlgorithmsParametersMarshallingProvider algorithmsParametersMarshaller)
+    SignedDataObjectsProcessor(AlgorithmsProviderEx algorithmsProvider, AlgorithmsParametersMarshallingProvider algorithmsParametersMarshaller)
     {
         this.algorithmsProvider = algorithmsProvider;
         this.algorithmsParametersMarshaller = algorithmsParametersMarshaller;
     }
 
     /**
-     * Returns the reference mappings resulting from the data object descriptions.
-     * The corresponding {@code Reference}s and {@code Object}s are added to the
-     * signature.
-
+     * Processes the signed data objects and adds the corresponding {@code Reference}s
+     * and {@code Object}s to the signature. This method must be invoked before
+     * adding any other {@code Reference}s to the signature.
+     * 
+     * @return the reference mappings resulting from the data object descriptions.
+     * 
      * @throws UnsupportedAlgorithmException
+     * @throws IllegalStateException if the signature already contains {@code Reference}s
      */
     Map<DataObjectDesc, Reference> process(
             SignedDataObjects signedDataObjects,
             XMLSignature xmlSignature) throws UnsupportedAlgorithmException
     {
+        if(xmlSignature.getSignedInfo().getLength() != 0)
+        {
+            throw new IllegalStateException("XMLSignature already contais references");
+        }
+
         for (ResourceResolver resolver : signedDataObjects.getResourceResolvers())
         {
             xmlSignature.addResourceResolver(resolver);

src/main/java/xades4j/production/SignerBES.java

@@ -72,7 +72,7 @@ class SignerBES implements XadesSigner
     /**/
     private final KeyingDataProvider keyingProvider;
     private final AlgorithmsProviderEx algorithmsProvider;
-    private final DataObjectDescsProcessor dataObjectDescsProcessor;
+    private final SignedDataObjectsProcessor dataObjectDescsProcessor;
     private final PropertiesDataObjectsGenerator propsDataObjectsGenerator;
     private final SignedPropertiesMarshaller signedPropsMarshaller;
     private final UnsignedPropertiesMarshaller unsignedPropsMarshaller;
@@ -86,7 +86,7 @@ protected SignerBES(
             KeyingDataProvider keyingProvider,
             AlgorithmsProviderEx algorithmsProvider,
             BasicSignatureOptionsProvider basicSignatureOptionsProvider,
-            DataObjectDescsProcessor dataObjectDescsProcessor,
+            SignedDataObjectsProcessor dataObjectDescsProcessor,
             SignaturePropertiesProvider signaturePropsProvider,
             DataObjectPropertiesProvider dataObjPropsProvider,
             PropertiesDataObjectsGenerator propsDataObjectsGenerator,
@@ -163,16 +163,16 @@ public final XadesSignatureResult sign(
 
         signature.setId(signatureId);
 
-        /* ds:KeyInfo */
-        this.keyInfoBuilder.buildKeyInfo(signingCertificate, signature);
-
         /* References */
         // Process the data object descriptions to get the References and mappings.
         // After this call all the signed data objects References and XMLObjects
         // are added to the signature.
         Map<DataObjectDesc, Reference> referenceMappings = this.dataObjectDescsProcessor.process(
                 signedDataObjects,
                 signature);
+
+        /* ds:KeyInfo */
+        this.keyInfoBuilder.buildKeyInfo(signingCertificate, signature);
 
         /* QualifyingProperties element */
         // Create the QualifyingProperties element

src/main/java/xades4j/production/SignerC.java

@@ -49,7 +49,7 @@ protected SignerC(
             KeyingDataProvider keyingProvider,
             AlgorithmsProviderEx algorithmsProvider,
             BasicSignatureOptionsProvider basicSignatureOptionsProvider,
-            DataObjectDescsProcessor dataObjectDescsProcessor,
+            SignedDataObjectsProcessor dataObjectDescsProcessor,
             SignaturePropertiesProvider signaturePropsProvider,
             ValidationDataProvider validationDataProvider,
             DataObjectPropertiesProvider dataObjPropsProvider,

src/main/java/xades4j/production/SignerEPES.java

@@ -48,7 +48,7 @@ protected SignerEPES(
             KeyingDataProvider keyingProvider,
             AlgorithmsProviderEx algorithmsProvider,
             BasicSignatureOptionsProvider basicSignatureOptionsProvider,
-            DataObjectDescsProcessor dataObjectDescsProcessor,
+            SignedDataObjectsProcessor dataObjectDescsProcessor,
             SignaturePolicyInfoProvider policyInfoProvider,
             SignaturePropertiesProvider signaturePropsProvider,
             DataObjectPropertiesProvider dataObjPropsProvider,

src/main/java/xades4j/production/SignerT.java

@@ -49,7 +49,7 @@ protected SignerT(
             KeyingDataProvider keyingProvider,
             AlgorithmsProviderEx algorithmsProvider,
             BasicSignatureOptionsProvider basicSignatureOptionsProvider,
-            DataObjectDescsProcessor dataObjectDescsProcessor,
+            SignedDataObjectsProcessor dataObjectDescsProcessor,
             SignaturePropertiesProvider signaturePropsProvider,
             DataObjectPropertiesProvider dataObjPropsProvider,
             PropertiesDataObjectsGenerator propsDataObjectsGenerator,

src/test/java/xades4j/production/DataObjectDescsProcessorTest.java → src/test/java/xades4j/production/SignedDataObjectsProcessorTest.java

@@ -34,7 +34,7 @@
  *
  * @author Luís
  */
-public class DataObjectDescsProcessorTest extends SignatureServicesTestBase
+public class SignedDataObjectsProcessorTest extends SignatureServicesTestBase
 {
 
     @BeforeClass
@@ -60,7 +60,7 @@ public void testProcess() throws Exception
 
         AllwaysNullAlgsParamsMarshaller algsParamsMarshaller = new AllwaysNullAlgsParamsMarshaller();
 
-        DataObjectDescsProcessor processor = new DataObjectDescsProcessor(new TestAlgorithmsProvider(), algsParamsMarshaller);
+        SignedDataObjectsProcessor processor = new SignedDataObjectsProcessor(new TestAlgorithmsProvider(), algsParamsMarshaller);
         Map<DataObjectDesc, Reference> result = processor.process(dataObjsDescs, xmlSignature);
 
         assertEquals(dataObjsDescs.getDataObjectsDescs().size(), result.size());
@@ -90,7 +90,7 @@ public void testAddNullReference() throws Exception
         XMLSignature xmlSignature = new XMLSignature(doc, "", XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256);
         xmlSignature.setId("sigId");
 
-        DataObjectDescsProcessor processor = new DataObjectDescsProcessor(new TestAlgorithmsProvider(), new AllwaysNullAlgsParamsMarshaller());
+        SignedDataObjectsProcessor processor = new SignedDataObjectsProcessor(new TestAlgorithmsProvider(), new AllwaysNullAlgsParamsMarshaller());
         Map<DataObjectDesc, Reference> result = processor.process(dataObjsDescs, xmlSignature);
 
         assertEquals(1, result.size());
@@ -115,7 +115,7 @@ public void testAddMultipleNullReferencesFails() throws Exception
         XMLSignature xmlSignature = new XMLSignature(doc, "", XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256);
         xmlSignature.setId("sigId");
 
-        DataObjectDescsProcessor processor = new DataObjectDescsProcessor(new TestAlgorithmsProvider(), new AllwaysNullAlgsParamsMarshaller());
+        SignedDataObjectsProcessor processor = new SignedDataObjectsProcessor(new TestAlgorithmsProvider(), new AllwaysNullAlgsParamsMarshaller());
         processor.process(dataObjsDescs, xmlSignature);
     }
 }

src/test/java/xades4j/production/SignerBESTest.java

@@ -33,6 +33,7 @@
 import xades4j.properties.SignerRoleProperty;
 import xades4j.providers.SignaturePropertiesCollector;
 import xades4j.providers.SignaturePropertiesProvider;
+import xades4j.providers.impl.DefaultBasicSignatureOptionsProvider;
 
 /**
  *
@@ -43,7 +44,7 @@ public class SignerBESTest extends SignerTestBase
     public SignerBESTest()
     {
     }
-
+    
     @Test
     public void testSignBES() throws Exception
     {
@@ -111,28 +112,38 @@ public void provideProperties(
         outputDocument(doc, "document.signed.bes.cs.xml");
     }
 
+    public static class MyBasicSignatureOptionsProvider extends DefaultBasicSignatureOptionsProvider{
+        @Override
+        public boolean signSigningCertificate() {
+            return true;
+        }
+    }
+
     @Test
     public void testSignBESDetachedWithXPathAndNamespaces() throws Exception
     {
         System.out.println("signBESDetachedWithXPathAndNamespaces");
 
         Document doc = getNewDocument();
 
-        XadesBesSigningProfile profile = new XadesBesSigningProfile(keyingProviderMy);
-        XadesSigner signer = profile.newSigner();
+        XadesSigner signer = new XadesBesSigningProfile(keyingProviderMy)
+                .withBasicSignatureOptionsProvider(MyBasicSignatureOptionsProvider.class)
+                .newSigner();
 
         String fileUti = new File("./src/test/xml/document.xml").toURI().toString();
         DataObjectDesc obj1 = new DataObjectReference(fileUti)
                 .withTransform(
                     new XPathTransform("/collection/album/foo:tracks")
-                        .withNamespace("foo", "http://test.xades4j/tracks")
-                );
+                        .withNamespace("foo", "http://test.xades4j/tracks"))
+                .withDataObjectFormat(new DataObjectFormatProperty("text/xml"));
+
         DataObjectDesc obj2 = new DataObjectReference(fileUti)
                 .withTransform(
                     XPath2Filter.intersect("/collection/album/bar:tracks/bar:song[@tracknumber = 1]")
-                        .withNamespace("bar", "http://test.xades4j/tracks")
-                );
+                        .withNamespace("bar", "http://test.xades4j/tracks"));
 
         signer.sign(new SignedDataObjects(obj1, obj2), doc);
+
+        outputDocument(doc, "detached.bes.xml");
     }
 }

src/test/java/xades4j/verification/XadesVerifierImplTest.java

@@ -74,6 +74,14 @@ public void verify(RawSignatureVerifierContext ctx) throws InvalidSignatureExcep
         assertEquals(XAdESForm.BES, f);
     }
 
+    @Test
+    public void testVerifyDetachedBES() throws Exception
+    {
+        System.out.println("verifyDetachedBES");
+        XAdESForm f = verifySignature("detached.bes.xml");
+        assertEquals(XAdESForm.BES, f);
+    }
+
     @Test
     public void testVerifyBESCounterSig() throws Exception
     {

src/test/xml/detached.bes.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+<ds:Reference Id="xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0-ref0" URI="file:/D:/Work/Projects/XAdES4j/xades4j/./src/test/xml/document.xml">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath xmlns:foo="http://test.xades4j/tracks">/collection/album/foo:tracks</ds:XPath></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>rD/g8soqKz8EiPUBhEWfcQacS0ta4ULHX3dKMEH6ZoQ=</ds:DigestValue>
+</ds:Reference>
+<ds:Reference Id="xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0-ref1" URI="file:/D:/Work/Projects/XAdES4j/xades4j/./src/test/xml/document.xml">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><dsig-xpath:XPath xmlns:bar="http://test.xades4j/tracks" xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect">/collection/album/bar:tracks/bar:song[@tracknumber = 1]</dsig-xpath:XPath></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>N8H6u8UbT1bF40ELhV57g/PJppBg9pOXEiz/QuA6wrk=</ds:DigestValue>
+</ds:Reference>
+<ds:Reference URI="#xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0-keyinfo">
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>hJwualoHKtZQzgDrjlgEiDyAGnTl/Fisl6etd6TfY18=</ds:DigestValue>
+</ds:Reference>
+<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0-signedprops">
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>YcJnm6wFwNqCAxcb5rFbr0PLIP5iStoNUxY3AMEj8SU=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue Id="xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0-sigvalue">
+KeOEKU/LGL/eve07QExr+J8pagpRunrTSL3Mu6bLO4lB3m+WKK7IxsBj4KAypiij9480UXzi6fFe
+sqnzHh9qhAPYdcXYzcF2NApNBtkvmaQJhT3Vm8vo/UG/F8r1WVMY2LcKUWzlmgvlPJrzyEPdqey3
+sDYKLuXJLHA2toxJqWA=
+</ds:SignatureValue>
+<ds:KeyInfo Id="xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0-keyinfo">
+<ds:X509Data>
+<ds:X509Certificate>
+MIICbTCCAdqgAwIBAgIQpkK0uals+ItHxBlpJuypOTAJBgUrDgMCHQUAMD8xCzAJBgNVBAYTAlBU
+MQ0wCwYDVQQKEwRJU0VMMQswCQYDVQQLEwJDQzEUMBIGA1UEAxMLSXRlcm1lZGlhdGUwHhcNMTAw
+NjI1MTc1ODQ5WhcNMzkxMjMxMjM1OTU5WjBCMQswCQYDVQQGEwJQVDENMAsGA1UEChMESVNFTDEL
+MAkGA1UECxMCQ0MxFzAVBgNVBAMTDkx1aXMgR29uY2FsdmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCpP9acMX69Dbg9ciMLFc5dm1tlpTY9OTNZ/EaCYoGVhh/3+DFgyIbEer6SA24hpREm
+AhNG9+Ca0AurDPPgb3aKWFY9pj1WcOctis0VsR0YvzqP+2IGFqKDCd7bXFvv2tI0dEvpdc0oO6PF
+Q02xvJG0kxQf44XljOCjUBU43jkJawIDAQABo28wbTBrBgNVHQEEZDBigBBdbbL4pDKLT56PpOpA
+/56toTwwOjELMAkGA1UEBhMCUFQxDTALBgNVBAoTBElTRUwxCzAJBgNVBAsTAkNDMQ8wDQYDVQQD
+EwZUZXN0Q0GCEN00x9qe7SuWQvpLK0/oay8wCQYFKw4DAh0FAAOBgQBSma8g9dQjiQo4WUljRRuG
+yMUVRyCqW/9oRz8+0EoLNR/AhrIlGqdNbqQ1BkncgNNdqMAus5VD34v/EhgrkgWN5fZajMpYsmcR
+Ahu4PzJ6hggAlWWMy245JwIYuV0s1Oi39GVTxVNOBIX//AONZlGWO4S2Psb1mqdZ99b/MugsaA==
+</ds:X509Certificate>
+</ds:X509Data>
+</ds:KeyInfo>
+<ds:Object><xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0"><xades:SignedProperties Id="xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0-signedprops"><xades:SignedSignatureProperties><xades:SigningTime>2014-10-05T15:21:22.454+01:00</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>4btVb5gQ5cdcNhGpvDSWQZabPQrR9jf1x8e3YF9Ajss=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Itermediate,OU=CC,O=ISEL,C=PT</ds:X509IssuerName><ds:X509SerialNumber>-119284162484605703133798696662099777223</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>vm5QpbblsWV7fCYXotPhNTeCt4nk8cLFuF36L5RJ4Ok=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=TestCA,OU=CC,O=ISEL,C=PT</ds:X509IssuerName><ds:X509SerialNumber>-46248926895392336918291885380930606289</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>AUaN+IdhKQqxIVmEOrFwq+Dn22ebTkXJqD3BoOP/x8E=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=TestCA,OU=CC,O=ISEL,C=PT</ds:X509IssuerName><ds:X509SerialNumber>-99704378678639105802976522062798066869</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties><xades:SignedDataObjectProperties><xades:DataObjectFormat ObjectReference="#xmldsig-d38603a1-f822-4dc9-aaa2-b6c0e8ea52e0-ref0"><xades:MimeType>text/xml</xades:MimeType></xades:DataObjectFormat></xades:SignedDataObjectProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object>
+</ds:Signature>