Package eu.europa.esig.dss.xades

Class DSSXMLUtils

java.lang.Object
eu.europa.esig.dss.xades.DSSXMLUtils
public final class DSSXMLUtils extends Object
Utility class that contains some XML related method.

  • Field Details

    • TRANSFORMER_INDENT_NUMBER

      public static final int TRANSFORMER_INDENT_NUMBER
      Value used to pretty print xades signature
      See Also:

    • SP_DOC_DIGEST_AS_IN_SPECIFICATION_ALGORITHM_URI

      public static final String SP_DOC_DIGEST_AS_IN_SPECIFICATION_ALGORITHM_URI
      The SPDocDigestAsInSpecification transform algorithm URI for a custom SignaturePolicy processing
      See Also:

    • SAML_NAMESPACE

      public static final DSSNamespace SAML_NAMESPACE
      SAML namespace definition

  • Method Details

    • registerXAdESNamespaces

      public static void registerXAdESNamespaces()
      Registers the XAdES namespaces

    • registerTransform

      public static boolean registerTransform(String transformURI)
      This method allows to register a transformation.
      Parameters:
      transformURI - the URI of transform
      Returns:
      true if this set did not already contain the specified element

    • registerTransformWithNodeSetOutput

      public static boolean registerTransformWithNodeSetOutput(String transformURI)
      This method allows to register a transformation resulting to a node-set output. See XMLDSIG for more information
      Parameters:
      transformURI - the URI of transform
      Returns:
      true if this set did not already contain the specified element

    • indentAndReplace

      public static Node indentAndReplace(Document document, Node node)
      Indents the given node and replaces it with a new one on the document
      Parameters:
      document - Document to indent the node in
      node - Node to be indented
      Returns:
      the indented Node

    • indentAndExtend

      public static Node indentAndExtend(Document document, Node newNode, Node oldNode)
      Extends the given oldNode by appending new indented childs from the given newNode
      Parameters:
      document - owner Document of the node
      newNode - new Node to indent
      oldNode - old Node to extend with new indented elements
      Returns:
      the extended Node

    • getDocWithIndentedSignature

      public static Document getDocWithIndentedSignature(Document documentDom, String signatureId, List<String> noIndentObjectIds)
      Pretty prints a signature in the given document
      Parameters:
      documentDom - Document to pretty print
      signatureId - String id of a ds:Signature element to be pretty-printed
      noIndentObjectIds - String id of elements to not pretty-print
      Returns:
      Document with a pretty-printed signature

    • getIndentedNode

      public static Node getIndentedNode(Node documentDom, Node xmlNode)
      Returns an indented xmlNode
      Parameters:
      documentDom - is an owner Document of the xmlNode
      xmlNode - Node to indent
      Returns:
      an indented Node xmlNode

    • alignChildrenIndents

      public static Node alignChildrenIndents(Node parentNode)
      Aligns indents for all children of the given node
      Parameters:
      parentNode - Node to align children into
      Returns:
      the given Node with aligned children

    • recursiveIdBrowse

      public static void recursiveIdBrowse(Element element)
      An ID attribute can only be dereferenced if it is declared in the validation context. This behaviour is caused by the fact that the attribute does not have attached type of information. Another solution is to parse the XML against some DTD or XML schema. This process adds the necessary type of information to each ID attribute.
      Parameters:
      element - Element

    • getIDIdentifier

      public static String getIDIdentifier(Node node)
      If this method finds an attribute with the name ID (case-insensitive) then it is returned. If there is more than one ID attributes then the first one is returned.
      Parameters:
      node - the node to be checked
      Returns:
      the ID attribute value or null

    • getAttribute

      public static String getAttribute(Node node, String attributeName)
      Returns attribute value for the given attribute name if exist, otherwise returns NULL
      Parameters:
      node - Node to get attribute value from
      attributeName - String name of the attribute to get value for
      Returns:
      String value of the attribute

    • setIDIdentifier

      public static void setIDIdentifier(Element childElement)
      If this method finds an attribute with names ID (case-insensitive) then declares it to be a user-determined ID attribute.
      Parameters:
      childElement - Element

    • validateAgainstXSD

      public static List<String> validateAgainstXSD(XSDAbstractUtils xsdUtils, Source source)
      This method allows to validate an XML against the XAdES XSD schema.
      Parameters:
      xsdUtils - the XSD Utils class to be used
      source - Source XML to validate
      Returns:
      an empty list if the XSD validates the XML, error messages otherwise

    • isDuplicateIdsDetected

      public static boolean isDuplicateIdsDetected(DSSDocument doc)
      This method is used to detect duplicate id values
      Parameters:
      doc - the document to be analyzed
      Returns:
      TRUE if a duplicate id is detected

    • getReferenceOriginalContentBytes

      public static byte[] getReferenceOriginalContentBytes(org.apache.xml.security.signature.Reference reference)
      Returns bytes of the original referenced data
      Parameters:
      reference - Reference to get bytes from
      Returns:
      byte array containing original data

    • getDigestAndValue

      public static Digest getDigestAndValue(Element element)
      This method extracts the Digest algorithm and value from an element of type DigestAlgAndValueType
      Parameters:
      element - an Element of type DigestAlgAndValueType
      Returns:
      an instance of Digest

    • containsTransforms

      public static boolean containsTransforms(Element referenceElement)
      This method checks if the reference element contain any transformation
      Parameters:
      referenceElement - the DOM element with the reference
      Returns:
      true if the reference contain any transform

    • isSignedProperties

      public static boolean isSignedProperties(org.apache.xml.security.signature.Reference reference, XAdESPath xadesPaths)
      Determines if the given reference refers to SignedProperties element
      Parameters:
      reference - Reference to check
      xadesPaths - XAdESPath
      Returns:
      TRUE if the reference refers to the SignedProperties, FALSE otherwise

    • isCounterSignature

      public static boolean isCounterSignature(org.apache.xml.security.signature.Reference reference, XAdESPath xadesPaths)
      Determines if the given reference refers to CounterSignature element
      Parameters:
      reference - Reference to check
      xadesPaths - XAdESPath
      Returns:
      TRUE if the reference refers to the CounterSignature, FALSE otherwise

    • isKeyInfoReference

      public static boolean isKeyInfoReference(org.apache.xml.security.signature.Reference reference, Element signature)
      Checks if the given reference is linked to a KeyInfo element
      Parameters:
      reference - the Reference to check
      signature - the Element signature the given reference belongs to
      Returns:
      TRUE if the reference is a KeyInfo reference, FALSE otherwise

    • isSignaturePropertiesReference

      public static boolean isSignaturePropertiesReference(org.apache.xml.security.signature.Reference reference, Element signature)
      Checks if the given reference is linked to a SignatureProperties element or one of its SignatureProperty children
      Parameters:
      reference - the Reference to check
      signature - the Element signature the given reference belongs to
      Returns:
      TRUE if the reference is a SignatureProperties reference, FALSE otherwise

    • isObjectReferenceType

      public static boolean isObjectReferenceType(String referenceType)
      Checks if the given referenceType is an xmldsig Object type
      Parameters:
      referenceType - String to check the type for
      Returns:
      TRUE if the provided referenceType is an Object type, FALSE otherwise

    • isManifestReferenceType

      public static boolean isManifestReferenceType(String referenceType)
      Checks if the given referenceType is an xmldsig Manifest type
      Parameters:
      referenceType - String to check the type for
      Returns:
      TRUE if the provided referenceType is a Manifest type, FALSE otherwise

    • isCounterSignatureReferenceType

      public static boolean isCounterSignatureReferenceType(String referenceType)
      Checks if the given referenceType is an etsi Countersignature type
      Parameters:
      referenceType - String to check the type for
      Returns:
      TRUE if the provided referenceType is a Countersignature type, FALSE otherwise

    • isSameDocumentReference

      public static boolean isSameDocumentReference(String referenceUri)
      XMLDSIG 4.4.3.2 The Reference Processing Model A 'same-document' reference is defined as a URI-Reference that consists of a hash sign ('#') followed by a fragment or alternatively consists of an empty URI
      Parameters:
      referenceUri - String uri of a reference to check
      Returns:
      TRUE is the URI points to a same-document, FALSE otherwise

    • getObjectById

      public static Element getObjectById(Element signatureElement, String id)
      Gets ds:Object by its Id from the ds:Signature element
      Parameters:
      signatureElement - Element the signature element to extract the signed ds:Object from
      id - String object Id
      Returns:
      Element Object element

    • getManifestById

      public static Element getManifestById(Element signatureElement, String id)
      Gets ds:Manifest by its Id from the ds:Signature element
      Parameters:
      signatureElement - Element the signature element to extract the signed ds:Manifest from
      id - String manifest Id
      Returns:
      Element Manifest element

    • initManifest

      public static org.apache.xml.security.signature.Manifest initManifest(Element manifestElement) throws org.apache.xml.security.exceptions.XMLSecurityException
      Initializes a Manifest object from the provided ds:Manifest element
      Parameters:
      manifestElement - Element ds:Manifest element
      Returns:
      Manifest object
      Throws:
      org.apache.xml.security.exceptions.XMLSecurityException - if en error occurs in an attempt to initialize the Manifest object

    • initManifestWithDetachedContent

      public static org.apache.xml.security.signature.Manifest initManifestWithDetachedContent(Element manifestElement, List<DSSDocument> detachedContents) throws org.apache.xml.security.exceptions.XMLSecurityException
      Initializes a Manifest object from the provided ds:Manifest element with a provided detachedContents
      Parameters:
      manifestElement - Element ds:Manifest element
      detachedContents - a list of DSSDocuments representing a detached content
      Returns:
      Manifest object
      Throws:
      org.apache.xml.security.exceptions.XMLSecurityException - if en error occurs in an attempt to initialize the Manifest object

    • initManifestDetachedContent

      public static void initManifestDetachedContent(org.apache.xml.security.signature.Manifest manifest, List<DSSDocument> detachedContents)
      Initializes detached content within the given manifest
      Parameters:
      manifest - Manifest to initialize detached content in
      detachedContents - a list of DSSDocuments

    • getKeyInfoSigningCertificatePublicKey

      public static PublicKey getKeyInfoSigningCertificatePublicKey(Element signatureElement)
      Extracts signing certificate's public key from KeyInfo element of a given signature if present NOTE: can return null (the value is optional)
      Parameters:
      signatureElement - Element representing a signature to get KeyInfo signing certificate for
      Returns:
      PublicKey of the signature extracted from KeyInfo element if present

    • createCounterSignature

      public static XAdESSignature createCounterSignature(Element counterSignatureElement, XAdESSignature masterSignature)
      Creates and returns a counter signature found in the counterSignatureElement
      Parameters:
      counterSignatureElement - Element <ds:CounterSignature> element
      masterSignature - XAdESSignature master signature containing the counter signature
      Returns:
      XAdESSignature

    • getAllSignaturesExceptCounterSignatures

      public static NodeList getAllSignaturesExceptCounterSignatures(Node documentNode)
      Returns a NodeList of all "ds:Signature" elements found in the documentNode
      Parameters:
      documentNode - Node the XML document or its part
      Returns:
      NodeList

    • getAllEncapsulatedTimestamps

      public static NodeList getAllEncapsulatedTimestamps(Node documentNode)
      Returns a NodeList of all "xades:EncapsulatedTimeStamp" elements found in the documentNode
      Parameters:
      documentNode - Node the XML document or its part
      Returns:
      NodeList

    • getReferenceNodeList

      public static NodeList getReferenceNodeList(Node signatureElement)
      Returns a NodeList of "ds:Reference" elements
      Parameters:
      signatureElement - Node representing a ds:Signature node
      Returns:
      NodeList

    • getReferenceOutputType

      public static ReferenceOutputType getReferenceOutputType(DSSReference reference)
      Returns the expected dereferencing output for the provided DSSReference
      Parameters:
      reference - DSSReference to get OutputType for
      Returns:
      ReferenceOutputType

    • getReferenceOutputType

      public static ReferenceOutputType getReferenceOutputType(org.apache.xml.security.signature.Reference reference) throws org.apache.xml.security.exceptions.XMLSecurityException
      Returns the expected dereferencing output for the provided Reference
      Parameters:
      reference - Reference to get OutputType for
      Returns:
      ReferenceOutputType
      Throws:
      org.apache.xml.security.exceptions.XMLSecurityException - if an exception occurs

    • applyTransforms

      public static byte[] applyTransforms(Node node, List<DSSTransform> transforms)
      Applies transforms on the node and returns the byte array to be used for a digest computation NOTE: returns the original node binaries, if the list of transforms is empty
      Parameters:
      node - Node to apply transforms on
      transforms - a list of DSSTransforms to execute on the node
      Returns:
      a byte array, representing a content obtained after transformations

    • applyTransforms

      public static byte[] applyTransforms(DSSDocument document, List<DSSTransform> transforms)
      Applies transforms on document content and returns the byte array to be used for a digest computation NOTE: returns the original document binaries, if the list of transforms is empty. The document shall represent an XML content.
      Parameters:
      document - DSSDocument representing an XML to apply transforms on
      transforms - a list of DSSTransforms to execute on the node
      Returns:
      a byte array, representing a content obtained after transformations

    • getReferenceDigestAlgos

      public static Set<DigestAlgorithm> getReferenceDigestAlgos(Element referenceContainer)
      Returns a list of DigestAlgorithm for all references containing inside the provided referenceContainer
      Parameters:
      referenceContainer - Element containing the ds:Reference elements
      Returns:
      a set of DigestAlgorithms

    • getReferenceTypes

      public static List<String> getReferenceTypes(Element referenceContainer)
      Returns a list of reference types
      Parameters:
      referenceContainer - Element containing the ds:Reference elements
      Returns:
      a list of String reference types

    • extractReferences

      public static List<org.apache.xml.security.signature.Reference> extractReferences(org.apache.xml.security.signature.Manifest manifest)
      Extracts a list of References from the given Manifest object NOTE: can be used also for a SignedInfo element
      Parameters:
      manifest - Manifest
      Returns:
      a list of References

    • getReferenceDigest

      public static Digest getReferenceDigest(org.apache.xml.security.signature.Reference reference)
      Returns the Digest extracted from the provided reference
      Parameters:
      reference - Reference
      Returns:
      Digest

    • getReferenceId

      public static String getReferenceId(org.apache.xml.security.signature.Reference reference)
      This method retrieves an Id attribute value of the given reference, when applicable NOTE: Method is used due to Apache Santuario Signature returning an empty string instead of null result.
      Parameters:
      reference - Reference to get value of Id attribute
      Returns:
      String Id attribute value if available, NULL otherwise

    • getReferenceURI

      public static String getReferenceURI(org.apache.xml.security.signature.Reference reference)
      This method retrieves a URI attribute value of the given reference, when applicable NOTE: Method is used due to Apache Santuario Signature returning an empty string instead of null result.
      Parameters:
      reference - Reference to get value of URI attribute
      Returns:
      String URI attribute value if available, NULL otherwise

    • isAbleToDeReferenceContent

      public static boolean isAbleToDeReferenceContent(org.apache.xml.security.signature.Reference reference)
      Checks if the original reference document content can be obtained (de-referenced)
      Parameters:
      reference - Reference to check
      Returns:
      TRUE if the de-referencing is succeeding, FALSE otherwise

    • isReferencedContentAmbiguous

      public static boolean isReferencedContentAmbiguous(Document document, String uri)
      Checks if the reference with the uri occurs multiple times in the document
      Parameters:
      document - Document to be checked for a wrapping attack
      uri - String the referenced uri to be verified
      Returns:
      TRUE if the reference is ambiguous (duplicated), FALSE otherwise

    • incorporateTransforms

      public static void incorporateTransforms(Element parentElement, List<DSSTransform> transforms, DSSNamespace namespace)
      Incorporates a ds:Transforms element into the given parent element
      Parameters:
      parentElement - Element to incorporate ds:Transforms into
      transforms - a list of DSSTransforms to be incorporated
      namespace - DSSNamespace to use

    • incorporateDigestMethod

      public static void incorporateDigestMethod(Element parentElement, DigestAlgorithm digestAlgorithm, DSSNamespace namespace)
      This method creates the ds:DigestMethod DOM object 
       
 		<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
      Parameters:
      parentElement - Elementthe parent element
      digestAlgorithm - DigestAlgorithm the digest algorithm
      namespace - DSSNamespace to use

    • incorporateDigestValue

      public static void incorporateDigestValue(Element parentDom, String base64EncodedDigestBytes, DSSNamespace namespace)
      This method creates the ds:DigestValue DOM object. 
       
 		<ds:DigestValue>fj8SJujSXU4fi342bdtiKVbglA0=</ds:DigestValue>
      Parameters:
      parentDom - Element the parent element
      base64EncodedDigestBytes - String representing a base64-encoded Digest value
      namespace - DSSNamespace

    • getReferenceDigestAlgorithmOrDefault

      public static DigestAlgorithm getReferenceDigestAlgorithmOrDefault(XAdESSignatureParameters params)
      Returns params.referenceDigestAlgorithm if exists, params.digestAlgorithm otherwise
      Parameters:
      params - XAdESSignatureParameters
      Returns:
      DigestAlgorithm

    • ensureNamespacesDefined

      public static Element ensureNamespacesDefined(Document document, String elementId, String xpathString)
      This method produces a copy of the document and returns an element by the defined xpathString. This method can be used as a workaround for canonicalization, as namespaces are not added to canonicalizer for new created elements. The issue was reported on: SANTUARIO-139
      Parameters:
      document - Document
      elementId - String optional element Id to start XPath expression from
      xpathString - String corresponding to an XPath of element to be returned
      Returns:
      Element

    • getDocumentName

      public static String getDocumentName(org.apache.xml.security.signature.Reference reference)
      This method returns a name of the linked document to the reference (when applicable)
      Parameters:
      reference - Reference to get a name of the linked document for
      Returns:
      String document name

    • getDigestOnCanonicalizedBytes

      public static DSSMessageDigest getDigestOnCanonicalizedBytes(byte[] binaries, DigestAlgorithm digestAlgorithm, String canonicalizationAlgorithm)
      This method computes digest on a canonicalized value of the binaries using the digestAlgorithm and canonicalizationAlgorithm. The digest is computed "on the fly" using stream functionality.
      Parameters:
      binaries - byte array to canonicalize and get digest for
      digestAlgorithm - DigestAlgorithm
      canonicalizationAlgorithm - String
      Returns:
      DSSMessageDigest

    • getDigestOnCanonicalizedNode

      public static DSSMessageDigest getDigestOnCanonicalizedNode(Node node, DigestAlgorithm digestAlgorithm, String canonicalizationAlgorithm)
      This method computes digest on a canonicalized value of the Node using the digestAlgorithm and canonicalizationAlgorithm. The digest is computed "on the fly" using stream functionality.
      Parameters:
      node - Node to canonicalize and get digest for
      digestAlgorithm - DigestAlgorithm
      canonicalizationAlgorithm - String
      Returns:
      DSSMessageDigest

    • getDigestOnCanonicalizedInputStream

      public static DSSMessageDigest getDigestOnCanonicalizedInputStream(InputStream inputStream, DigestAlgorithm digestAlgorithm, String canonicalizationAlgorithm)
      This method computes digest on a canonicalized value of the InputStream using the digestAlgorithm and canonicalizationAlgorithm. The digest is computed "on the fly" using stream functionality. This method closes the inputStream after.
      Parameters:
      inputStream - InputStream to canonicalize and get digest for
      digestAlgorithm - DigestAlgorithm
      canonicalizationAlgorithm - String
      Returns:
      DSSMessageDigest