Package eu.europa.esig.dss.xades

Class DSSXMLUtils

java.lang.Object
eu.europa.esig.dss.xades.DSSXMLUtils
public final class DSSXMLUtils extends Object
Utility class that contains some XML related method.

  • Field Details

    • DEFAULT_DSS_C14N_METHOD

      public static final String DEFAULT_DSS_C14N_METHOD
      This is the default canonicalization method used for production of signatures within DSS framework. Another complication arises because of the way that the default canonicalization algorithm handles namespace declarations; frequently a signed XML document needs to be embedded in another document; in this case the original canonicalization algorithm will not yield the same result as if the document is treated alone. For this reason, the so-called Exclusive Canonicalization, which serializes XML namespace declarations independently of the surrounding XML, was created.
      See Also:

    • DEFAULT_XMLDSIG_C14N_METHOD

      public static final String DEFAULT_XMLDSIG_C14N_METHOD
      This is the default canonicalization method for XMLDSIG used for signatures and timestamps (see XMLDSIG 4.4.3.2) when one is not defined.
      See Also:

    • SP_DOC_DIGEST_AS_IN_SPECIFICATION_ALGORITHM_URI

      public static final String SP_DOC_DIGEST_AS_IN_SPECIFICATION_ALGORITHM_URI
      The SPDocDigestAsInSpecification transform algorithm URI for a custom SignaturePolicy processing
      See Also:

  • Method Details

    • registerTransform

      public static boolean registerTransform(String transformURI)
      This method allows to register a transformation.
      Parameters:
      transformURI - the URI of transform
      Returns:
      true if this set did not already contain the specified element

    • registerCanonicalizer

      public static boolean registerCanonicalizer(String c14nAlgorithmURI)
      This method allows to register a canonicalizer.
      Parameters:
      c14nAlgorithmURI - the URI of canonicalization algorithm
      Returns:
      true if this set did not already contain the specified element

    • registerTransformWithNodeSetOutput

      public static boolean registerTransformWithNodeSetOutput(String transformURI)
      This method allows to register a transformation resulting to a node-set output. See XMLDSIG for more information
      Parameters:
      transformURI - the URI of transform
      Returns:
      true if this set did not already contain the specified element

    • indentAndReplace

      public static Node indentAndReplace(Document document, Node node)
      Indents the given node and replaces it with a new one on the document
      Parameters:
      document - Document to indent the node in
      node - Node to be indented
      Returns:
      the indented Node

    • indentAndExtend

      public static Node indentAndExtend(Document document, Node newNode, Node oldNode)
      Extends the given oldNode by appending new indented childs from the given newNode
      Parameters:
      document - owner Document of the node
      newNode - new Node to indent
      oldNode - old Node to extend with new indented elements
      Returns:
      the extended Node

    • getDocWithIndentedSignature

      public static Document getDocWithIndentedSignature(Document documentDom, String signatureId, List<String> noIndentObjectIds)
      Pretty prints a signature in the given document
      Parameters:
      documentDom - Document to pretty print
      signatureId - String id of a ds:Signature element to be pretty-printed
      noIndentObjectIds - String id of elements to not pretty-print
      Returns:
      Document with a pretty-printed signature

    • getIndentedNode

      public static Node getIndentedNode(Node documentDom, Node xmlNode)
      Returns an indented xmlNode
      Parameters:
      documentDom - is an owner Document of the xmlNode
      xmlNode - Node to indent
      Returns:
      an indented Node xmlNode

    • alignChildrenIndents

      public static Node alignChildrenIndents(Node parentNode)
      Aligns indents for all children of the given node
      Parameters:
      parentNode - Node to align children into
      Returns:
      the given Node with aligned children

    • serializeNode

      public static byte[] serializeNode(Node xmlNode)
      This method performs the serialization of the given node
      Parameters:
      xmlNode - The node to be serialized.
      Returns:
      the serialized bytes

    • canCanonicalize

      public static boolean canCanonicalize(String canonicalizationMethod)
      This method says if the framework can canonicalize an XML data with the provided method.
      Parameters:
      canonicalizationMethod - the canonicalization method to be checked
      Returns:
      true if it is possible to canonicalize false otherwise

    • canonicalize

      public static byte[] canonicalize(String canonicalizationMethod, byte[] toCanonicalizeBytes) throws DSSException
      This method canonicalizes the given array of bytes using the canonicalizationMethod parameter.
      Parameters:
      canonicalizationMethod - canonicalization method
      toCanonicalizeBytes - array of bytes to canonicalize
      Returns:
      array of canonicalized bytes
      Throws:
      DSSException - if any error is encountered

    • canonicalizeSubtree

      public static byte[] canonicalizeSubtree(String canonicalizationMethod, Node node)
      This method canonicalizes the given Node. If canonicalization method is not provided, the DEFAULT_CANONICALIZATION_METHOD is being used
      Parameters:
      canonicalizationMethod - canonicalization method (can be null)
      node - Node to canonicalize
      Returns:
      array of canonicalized bytes

    • getCanonicalizationMethod

      public static String getCanonicalizationMethod(String canonicalizationMethod)
      Returns the canonicalizationMethod if provided, otherwise returns the DEFAULT_CANONICALIZATION_METHOD
      Parameters:
      canonicalizationMethod - String canonicalization method (can be null)
      Returns:
      canonicalizationMethod to be used

    • recursiveIdBrowse

      public static void recursiveIdBrowse(Element element)
      An ID attribute can only be dereferenced if it is declared in the validation context. This behaviour is caused by the fact that the attribute does not have attached type of information. Another solution is to parse the XML against some DTD or XML schema. This process adds the necessary type of information to each ID attribute.
      Parameters:
      element - Element

    • getIDIdentifier

      public static String getIDIdentifier(Node node)
      If this method finds an attribute with the name ID (case-insensitive) then it is returned. If there is more than one ID attributes then the first one is returned.
      Parameters:
      node - the node to be checked
      Returns:
      the ID attribute value or null

    • getAttribute

      public static String getAttribute(Node node, String attributeName)
      Returns attribute value for the given attribute name if exist, otherwise returns NULL
      Parameters:
      node - Node to get attribute value from
      attributeName - String name of the attribute to get value for
      Returns:
      String value of the attribute

    • setIDIdentifier

      public static void setIDIdentifier(Element childElement)
      If this method finds an attribute with names ID (case-insensitive) then declares it to be a user-determined ID attribute.
      Parameters:
      childElement - Element

    • validateAgainstXSD

      public static List<String> validateAgainstXSD(XSDAbstractUtils xsdUtils, Source source)
      This method allows to validate an XML against the XAdES XSD schema.
      Parameters:
      xsdUtils - the XSD Utils class to be used
      source - Source XML to validate
      Returns:
      an empty list if the XSD validates the XML, error messages otherwise

    • isDuplicateIdsDetected

      public static boolean isDuplicateIdsDetected(DSSDocument doc)
      This method is used to detect duplicate id values
      Parameters:
      doc - the document to be analyzed
      Returns:
      TRUE if a duplicate id is detected

    • getNodeBytes

      public static byte[] getNodeBytes(Node node)
      Returns bytes of the given node
      Parameters:
      node - Node to get bytes for
      Returns:
      byte array

    • getReferenceOriginalContentBytes

      public static byte[] getReferenceOriginalContentBytes(org.apache.xml.security.signature.Reference reference)
      Returns bytes of the original referenced data
      Parameters:
      reference - Reference to get bytes from
      Returns:
      byte array containing original data

    • getDigestAndValue

      public static Digest getDigestAndValue(Element element)
      This method extracts the Digest algorithm and value from an element of type DigestAlgAndValueType
      Parameters:
      element - an Element of type DigestAlgAndValueType
      Returns:
      an instance of Digest

    • isSignedProperties

      public static boolean isSignedProperties(org.apache.xml.security.signature.Reference reference, XAdESPaths xadesPaths)
      Determines if the given reference refers to SignedProperties element
      Parameters:
      reference - Reference to check
      xadesPaths - XAdESPaths
      Returns:
      TRUE if the reference refers to the SignedProperties, FALSE otherwise

    • isCounterSignature

      public static boolean isCounterSignature(org.apache.xml.security.signature.Reference reference, XAdESPaths xadesPaths)
      Determines if the given reference refers to CounterSignature element
      Parameters:
      reference - Reference to check
      xadesPaths - XAdESPaths
      Returns:
      TRUE if the reference refers to the CounterSignature, FALSE otherwise

    • isKeyInfoReference

      public static boolean isKeyInfoReference(org.apache.xml.security.signature.Reference reference, Element signature)
      Checks if the given reference is linked to a KeyInfo element
      Parameters:
      reference - the Reference to check
      signature - the Element signature the given reference belongs to
      Returns:
      TRUE if the reference is a KeyInfo reference, FALSE otherwise

    • isSignaturePropertiesReference

      public static boolean isSignaturePropertiesReference(org.apache.xml.security.signature.Reference reference, Element signature)
      Checks if the given reference is linked to a SignatureProperties element or one of its SignatureProperty children
      Parameters:
      reference - the Reference to check
      signature - the Element signature the given reference belongs to
      Returns:
      TRUE if the reference is a SignatureProperties reference, FALSE otherwise

    • isObjectReferenceType

      public static boolean isObjectReferenceType(String referenceType)
      Checks if the given referenceType is an xmldsig Object type
      Parameters:
      referenceType - String to check the type for
      Returns:
      TRUE if the provided referenceType is an Object type, FALSE otherwise

    • isManifestReferenceType

      public static boolean isManifestReferenceType(String referenceType)
      Checks if the given referenceType is an xmldsig Manifest type
      Parameters:
      referenceType - String to check the type for
      Returns:
      TRUE if the provided referenceType is a Manifest type, FALSE otherwise

    • isCounterSignatureReferenceType

      public static boolean isCounterSignatureReferenceType(String referenceType)
      Checks if the given referenceType is an etsi Countersignature type
      Parameters:
      referenceType - String to check the type for
      Returns:
      TRUE if the provided referenceType is a Countersignature type, FALSE otherwise

    • isSameDocumentReference

      public static boolean isSameDocumentReference(String referenceUri)
      XMLDSIG 4.4.3.2 The Reference Processing Model A 'same-document' reference is defined as a URI-Reference that consists of a hash sign ('#') followed by a fragment or alternatively consists of an empty URI
      Parameters:
      referenceUri - String uri of a reference to check
      Returns:
      TRUE is the URI points to a same-document, FALSE otherwise

    • getKeyInfoSigningCertificatePublicKey

      public static PublicKey getKeyInfoSigningCertificatePublicKey(Element signatureElement)
      Extracts signing certificate's public key from KeyInfo element of a given signature if present NOTE: can return null (the value is optional)
      Parameters:
      signatureElement - Element representing a signature to get KeyInfo signing certificate for
      Returns:
      PublicKey of the signature extracted from KeyInfo element if present

    • createCounterSignature

      public static XAdESSignature createCounterSignature(Element counterSignatureElement, XAdESSignature masterSignature)
      Creates and returns a counter signature found in the counterSignatureElement
      Parameters:
      counterSignatureElement - Element <ds:CounterSignature> element
      masterSignature - XAdESSignature master signature containing the counter signature
      Returns:
      XAdESSignature

    • getAllSignaturesExceptCounterSignatures

      public static NodeList getAllSignaturesExceptCounterSignatures(Node documentNode)
      Returns a NodeList of all "ds:Signature" elements found in the documentNode
      Parameters:
      documentNode - Node the XML document or its part
      Returns:
      NodeList

    • getReferenceNodeList

      public static NodeList getReferenceNodeList(Node signatureElement)
      Returns a NodeList of "ds:Reference" elements
      Parameters:
      signatureElement - Node representing a ds:Signature node
      Returns:
      NodeList

    • getReferenceOutputType

      public static ReferenceOutputType getReferenceOutputType(DSSReference reference)
      Returns the expected dereferencing output for the provided DSSReference
      Parameters:
      reference - DSSReference to get OutputType for
      Returns:
      ReferenceOutputType

    • getReferenceOutputType

      public static ReferenceOutputType getReferenceOutputType(org.apache.xml.security.signature.Reference reference) throws org.apache.xml.security.exceptions.XMLSecurityException
      Returns the expected dereferencing output for the provided Reference
      Parameters:
      reference - Reference to get OutputType for
      Returns:
      ReferenceOutputType
      Throws:
      org.apache.xml.security.exceptions.XMLSecurityException - if an exception occurs

    • applyTransforms

      public static byte[] applyTransforms(Node node, List<DSSTransform> transforms)
      Applies transforms on the node and returns the byte array to be used for a digest computation NOTE: returns the original node binaries, if the list of transforms is empty
      Parameters:
      node - Node to apply transforms on
      transforms - a list of DSSTransforms to execute on the node
      Returns:
      a byte array, representing a content obtained after transformations

    • applyTransforms

      public static byte[] applyTransforms(DSSDocument document, List<DSSTransform> transforms)
      Applies transforms on document content and returns the byte array to be used for a digest computation NOTE: returns the original document binaries, if the list of transforms is empty. The document shall represent an XML content.
      Parameters:
      document - DSSDocument representing an XML to apply transforms on
      transforms - a list of DSSTransforms to execute on the node
      Returns:
      a byte array, representing a content obtained after transformations

    • getReferenceDigestAlgos

      public static List<DigestAlgorithm> getReferenceDigestAlgos(Element referenceContainer)
      Returns a list of DigestAlgorithm for all references containing inside the provided referenceContainer
      Parameters:
      referenceContainer - Element containing the ds:Reference elements
      Returns:
      a list of DigestAlgorithms

    • getReferenceTypes

      public static List<String> getReferenceTypes(Element referenceContainer)
      Returns a list of reference types
      Parameters:
      referenceContainer - Element containing the ds:Reference elements
      Returns:
      a list of String reference types

    • extractReferences

      public static List<org.apache.xml.security.signature.Reference> extractReferences(org.apache.xml.security.signature.Manifest manifest)
      Extracts a list of References from the given Manifest object NOTE: can be used also for a SignedInfo element
      Parameters:
      manifest - Manifest
      Returns:
      a list of References

    • getReferenceDigest

      public static Digest getReferenceDigest(org.apache.xml.security.signature.Reference reference)
      Returns the Digest extracted from the provided reference
      Parameters:
      reference - Reference
      Returns:
      Digest

    • getReferenceURI

      public static String getReferenceURI(org.apache.xml.security.signature.Reference reference)
      This method retrieves a URI attribute value of the given reference, when applicable NOTE: Method is used due to Apache Santuario Signature returning an empty string instead of null result.
      Parameters:
      reference - Reference to get value of URI attribute
      Returns:
      String URI attribute value if available, NULL otherwise

    • isAbleToDeReferenceContent

      public static boolean isAbleToDeReferenceContent(org.apache.xml.security.signature.Reference reference)
      Checks if the original reference document content can be obtained (de-referenced)
      Parameters:
      reference - Reference to check
      Returns:
      TRUE if the de-referencing is succeeds, FALSE otherwise

    • isReferencedContentAmbiguous

      public static boolean isReferencedContentAmbiguous(Document document, String uri)
      Checks if the reference with the uri occurs multiple times in the document
      Parameters:
      document - Document to be checked for a wrapping attack
      uri - String the referenced uri to be verified
      Returns:
      TRUE if the reference is ambiguous (duplicated), FALSE otherwise

    • incorporateTransforms

      public static void incorporateTransforms(Element parentElement, List<DSSTransform> transforms, DSSNamespace namespace)
      Incorporates a ds:Transforms element into the given parent element
      Parameters:
      parentElement - Element to incorporate ds:Transforms into
      transforms - a list of DSSTransforms to be incorporated
      namespace - DSSNamespace to use

    • incorporateDigestMethod

      public static void incorporateDigestMethod(Element parentElement, DigestAlgorithm digestAlgorithm, DSSNamespace namespace)
      This method creates the ds:DigestMethod DOM object 
       
 		<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
      Parameters:
      parentElement - Elementthe parent element
      digestAlgorithm - DigestAlgorithm the digest algorithm
      namespace - DSSNamespace to use

    • incorporateDigestValue

      public static void incorporateDigestValue(Element parentDom, String base64EncodedDigestBytes, DSSNamespace namespace)
      This method creates the ds:DigestValue DOM object. 
       
 		<ds:DigestValue>fj8SJujSXU4fi342bdtiKVbglA0=</ds:DigestValue>
      Parameters:
      parentDom - Element the parent element
      base64EncodedDigestBytes - String representing a base64-encoded Digest value
      namespace - DSSNamespace