Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Xades-X-L and a xades-A support #146

Merged
merged 87 commits into from
Feb 26, 2018

Conversation

tiarossi
Copy link

Extends xades4j adding xades-X-L and xades-A support

tomato42 and others added 30 commits July 13, 2016 12:56
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
CertificateValues and RevocationValues contain certificates, CRLs and OCSP
responses that can be useful in validation of Signature. Parse them
and add to intermediate certs and CRLs CertStore for later use

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
…form

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
XAdES-X-L form should contain all the data needed to verify
both the Attributes (TimeStamps) and Signature, the only data needed
are the CAs that validate the CRLs and leaf certificates (user and TSA)

uses minimal validity periods (certificate loose their validity as soon
as they're not needed) and minimum of verification anchors (during
validaton only one leaf certificate is valid at a time)

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Sun implementation of X509CRLSelector doesn't return CRLs published
after the date provided to it using the setDateAndTime() method
this makes it very hard to validate certificates in the past (one
needs CRL from time of verification) and impossible to enforce grace
period (which requires using CRLs published after the time of
verification). The correct behaviour is in Bouncy Castle provider, so
use it instead.

http://java.sun.com/javase/6/docs/technotes/guides/security/certpath/CertPathProgGuide.html#X509CRLSelector
http://www.bouncycastle.org/jira/browse/BJA-249

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Use new verifier implementation, for now it's mostly a copy of the old
verifier.

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
default unmarshaller doesn't remember relations between
properties and XML nodes, create one that does

To make it possible, we need property data collector that can store
relationship between property and XML node, add such one

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
default verifier doesn't know how to use the Elements that
HybridQualifyingPropertiesUnmarshaller collected, add one that knows how
to use them and pass this additional informatino to property verifiers

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
SigAndRefsTimeStamp must take properties in the order of appearence within
the signature. Previous mechanism used deterministic algorithm to put
properties in specific order.

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Sun X509CRLSelector doesn't return CRLs that were published "in future",
but to properly validate signature we have to use time from earliest
valid time stamp

implement custom CRLSelector that returns usable CRLs

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
If we're validating advanced forms of XAdES (C and above),
we can sometimes get CRLs that look as if they came from future

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
If we're validating advanced forms of XAdES, we need to provide
validator with certificates and CRLs we found in Properties,
they can be empty so we should be able handle this case gracefully

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
when dealing with XAdES-X-L form, we may have full revocation data
at hand, then the verification needs only trust anchors (CA certificates)
but we must allow for collection of those certificates and CRLs during
validation of the EncapsulatedPKIData properties: CertificateValues,
RevocationValues, AttrAuthoritiesCertValues and AttributeRevocationValues

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
change of verificato to soft-fail made the exception thrown different

Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
Signed-off-by: Tiago Rossi <tiago.rossi@almg.gov.br>
@tiarossi tiarossi changed the title Silegismg Xades-X-L and a xades-A support Jan 17, 2018
@luisgoncalves
Copy link
Owner

Hi,

Wow, this is a huge amount of work. I see it is based on previous work from Hubert Kario. I recall having some discussions with him at the time and we had different vision/ideas about the implementation of this support..

Since the commit list is very large, any chance you can do a brief summary of the approach and the major changes to get me started on the analysis? A simple bullet list would help.. Thanks

@tiarossi
Copy link
Author

Hi,

As you could see the work was really based on Hubert Kario code. We have been applying his patches and started from that point just applying small fixes and certificate updates.

So, i'm not abble to tell you an explanation about all Hubert Kario changes, but i think the main point is the replacement of XadesVerifierImpl by XadesHybridVerifierImpl and DefaultQualifyingPropertiesUnmarshaller by HybridQualifyingPropertiesUnmarshaller, classes that uses JAXB to unmarshall some parts of the signature properties.

As reference here are the posts where we got the patches:
#55
#62

@luisgoncalves luisgoncalves changed the base branch from master to feature/xades-x-l-a February 5, 2018 11:38
@luisgoncalves
Copy link
Owner

Hi @tiarossi

  • Can you remove the commits "Avoid version conflict with original" and "Changes for local repository update"?
  • Before the update to Java 1.8, everything was running OK, right? If so, can you remove this one as well?

…into feature/xades-x-l-a

# Conflicts:
#	pom.xml
#	src/main/java/xades4j/providers/impl/AuthenticatedTimeStampTokenProvider.java
#	src/main/java/xades4j/providers/impl/DefaultTimeStampTokenProvider.java
#	src/main/java/xades4j/verification/CommitmentTypeVerifier.java
#	src/main/java/xades4j/verification/QualifyingPropertiesVerifierImpl.java
#	src/main/java/xades4j/verification/SignatureUtils.java
#	src/main/java/xades4j/verification/XadesVerificationProfile.java
#	src/test/cert/csrc.nist/readme.txt
#	src/test/cert/csrc.nist/trustAnchor
#	src/test/cert/gva/readme.txt
#	src/test/cert/gva/rootgva_der.crl
#	src/test/cert/gva/rootgva_der_0?2?_05_2011 .crl
#	src/test/cert/my/myStore
#	src/test/cert/my/readme.txt
#	src/test/java/xades4j/production/SignerBESTest.java
#	src/test/java/xades4j/verification/VerifierTestBase.java
#	src/test/java/xades4j/verification/XadesVerifierImplTest.java
#	src/test/xml/detached.bes.xml
#	src/test/xml/detached.c.xml
#	src/test/xml/document.signed.bes.extres.xml
#	src/test/xml/document.signed.bes.xml
#	src/test/xml/document.signed.c.xml
#	src/test/xml/document.signed.epes.xml
#	src/test/xml/document.signed.t.bes.xml
#	src/test/xml/document.signed.t.epes.xml
@tiarossi
Copy link
Author

tiarossi commented Feb 5, 2018

OK @luisgoncalves.

I'm not sure how to do that. Do i need to submit a new pull request ?

@luisgoncalves
Copy link
Owner

luisgoncalves commented Feb 5, 2018 via email

@tiarossi
Copy link
Author

tiarossi commented Feb 6, 2018

Done

@luisgoncalves
Copy link
Owner

luisgoncalves commented Feb 18, 2018

Hello @tiarossi. I've (slowly) getting back context about extended forms and all the discussions I had with Hubert. From what I've got so far, he had some requirements very specific to his use-cases.. Can you say something about your use cases?

For instance, what are the form transitions that you are using? Which form do you start with? Are you adding multiple SignatureTimeStamp (XAdES-T). And after that, are you going straight to XAdES-A? Do you have interoperablity scenarios?

Thanks!

@leandrocosta
Copy link

Hello @luisgoncalves,

We start with XAdES-EPES, then we extend it to XAdES-C, then XAdES-XL, and finally XAdES-A.
We are not adding multiple SignatureTimeStamps.
What do you mean about interoperability scenarios?

@luisgoncalves
Copy link
Owner

@leandrocosta I meant whether the generated signatures are being validated by other XADES implementations or if you are using xades4j to validate XAdES-X-L or -A created by third parties.

Thanks.

@leandrocosta
Copy link

@luisgoncalves Our XAdES-A signed documents were successfully validated by
ETSI Signature Conformance Checker.
We didn't try to validate XAdES-A signed documents created by third parties.

@luisgoncalves
Copy link
Owner

This is a lot of code and, from a preliminary review, it includes a lot of breaking changes. I'm merging into a feature branch and I'll keep learning about the new code to decide the next steps.

Thank you very much - all of you - for compiling the patches and contributing back.

Since these changes were applied on top of a codebase that wasn't designed to support extended forms in the first place, if you have suggestions of things that could be different/improved in the current state of the implementation, feel free to leave them here or in a new issue.

@luisgoncalves luisgoncalves merged commit 27e6f30 into luisgoncalves:feature/xades-x-l-a Feb 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants