Skip to content

Commit

Permalink
Merge branch 'DD4J-191' into 'master'
Browse files Browse the repository at this point in the history 
Pivotal#130098445

See merge request !53
  • Loading branch information
smirnova committed Jan 24, 2018
2 parents 15dc72f + a060b6c commit 03a3bbb
Show file tree
Hide file tree
Showing 7 changed files with 35 additions and 23 deletions.
3 changes: 2 additions & 1 deletion ...ain/java/org/digidoc4j/exceptions/TimestampAndOcspResponseTimeDeltaTooLargeException.java
View file
Expand Up @@ -12,9 +12,10 @@

public class TimestampAndOcspResponseTimeDeltaTooLargeException extends DigiDoc4JException {

public static final String MESSAGE = "The difference between the OCSP response time and the signature time stamp is too large";
public static final String MESSAGE = "The difference between the OCSP response time and the signature timestamp is too large";

public TimestampAndOcspResponseTimeDeltaTooLargeException() {
super(MESSAGE);
}

}
1 change: 0 additions & 1 deletion src/main/java/org/digidoc4j/impl/asic/xades/validation/TimemarkSignatureValidator.java
View file
Expand Up @@ -23,7 +23,6 @@
import org.w3c.dom.Element;

import eu.europa.esig.dss.DomUtils;
import eu.europa.esig.dss.validation.reports.Reports;
import eu.europa.esig.dss.validation.reports.wrapper.DiagnosticData;
import eu.europa.esig.dss.xades.XPathQueryHolder;

Expand Down
29 changes: 16 additions & 13 deletions src/main/java/org/digidoc4j/impl/asic/xades/validation/TimestampSignatureValidator.java
View file
Expand Up @@ -15,6 +15,7 @@

import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.digidoc4j.Configuration;
import org.digidoc4j.exceptions.DigiDoc4JException;
import org.digidoc4j.exceptions.TimestampAndOcspResponseTimeDeltaTooLargeException;
import org.digidoc4j.impl.asic.xades.XadesSignature;
import org.digidoc4j.utils.DateUtils;
Expand All @@ -26,46 +27,48 @@

public class TimestampSignatureValidator extends TimemarkSignatureValidator {

private final static Logger logger = LoggerFactory.getLogger(TimestampSignatureValidator.class);
private XadesSignature signature;
private final Logger log = LoggerFactory.getLogger(TimestampSignatureValidator.class);
private Configuration configuration;

public TimestampSignatureValidator(XadesSignature signature, Configuration configuration) {
super(signature);
this.signature = signature;
this.configuration = configuration;
}

@Override
protected void populateValidationErrors() {
super.populateValidationErrors();
addSigningTimeErrors();
this.addSigningTimeErrors();
}

private void addSigningTimeErrors() {
XAdESSignature xAdESSignature = signature.getDssSignature();
List<TimestampToken> signatureTimestamps = xAdESSignature.getSignatureTimestamps();
XAdESSignature signature = this.getDssSignature();
List<TimestampToken> signatureTimestamps = signature.getSignatureTimestamps();
if (signatureTimestamps == null || signatureTimestamps.isEmpty()) {
return;
}
Date timestamp = signatureTimestamps.get(0).getGenerationTime();
if (timestamp == null) {
return;
}
List<BasicOCSPResp> ocspResponses = xAdESSignature.getOCSPSource().getContainedOCSPResponses();
List<BasicOCSPResp> ocspResponses = signature.getOCSPSource().getContainedOCSPResponses();
if (ocspResponses == null || ocspResponses.isEmpty()) {
return;
}
Date ocspTime = ocspResponses.get(0).getProducedAt();
if (ocspTime == null) {
return;
}
int TSandOCSPDelta = configuration.getAllowedTimestampAndOCSPResponseDeltaInMinutes();
int TSandRevocDelta = configuration.getRevocationAndTimestampDeltaInMinutes();

if (!DateUtils.isInRangeMinutes(timestamp, ocspTime, (TSandOCSPDelta > TSandRevocDelta? TSandOCSPDelta : TSandRevocDelta))) {
logger.error("The difference between the OCSP response production time and the signature time stamp is too large - " + String.valueOf(timestamp.getTime()-ocspTime.getTime()));
addValidationError(new TimestampAndOcspResponseTimeDeltaTooLargeException());
int deltaLimit = this.configuration.getRevocationAndTimestampDeltaInMinutes();
long differenceInMinutes = DateUtils.differenceInMinutes(timestamp, ocspTime);
this.log.debug("Difference in minutes: <{}>", differenceInMinutes);
if (!DateUtils.isInRangeMinutes(timestamp, ocspTime, deltaLimit)) {
this.log.error("The difference between the OCSP response production time and the signature timestamp is too large <{} minutes>", differenceInMinutes);
this.addValidationError(new TimestampAndOcspResponseTimeDeltaTooLargeException());
} else if (this.configuration.getAllowedTimestampAndOCSPResponseDeltaInMinutes() < differenceInMinutes && differenceInMinutes < deltaLimit) {
this.log.warn("The difference (in minutes) between the OCSP response production time and the signature timestamp is in allowable range (<{}>, allowed maximum <{}>)", differenceInMinutes, deltaLimit);
this.addValidationWarning(new DigiDoc4JException("The difference between the OCSP response time and the signature timestamp is in allowable range"));
}
}

}
10 changes: 7 additions & 3 deletions src/main/java/org/digidoc4j/impl/asic/xades/validation/XadesSignatureValidator.java
View file
Expand Up @@ -97,9 +97,13 @@ protected void populateValidationErrors() {
}

protected void addValidationError(DigiDoc4JException error) {
String sigId = getDssSignature().getId();
error.setSignatureId(sigId);
validationErrors.add(error);
error.setSignatureId(this.getDssSignature().getId());
this.validationErrors.add(error);
}

protected void addValidationWarning(DigiDoc4JException warning) {
warning.setSignatureId(this.getDssSignature().getId());
this.validationWarnings.add(warning);
}

protected void addPolicyErrors() {
Expand Down
6 changes: 5 additions & 1 deletion src/main/java/org/digidoc4j/utils/DateUtils.java
View file
Expand Up @@ -15,6 +15,7 @@
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import java.util.concurrent.TimeUnit;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -42,7 +43,6 @@ public static boolean isAlmostNow(Date date) {
}

private static boolean isInRangeOneMinute(Date date1, Date date2) {
logger.debug("");
final int oneMinuteInSeconds = 60;
return isInRangeSeconds(date1, date2, oneMinuteInSeconds);
}
Expand All @@ -52,6 +52,10 @@ public static boolean isInRangeMinutes(Date date1, Date date2, int rangeInMinute
return isInRangeSeconds(date1, date2, rangeInSeconds);
}

public static long differenceInMinutes(Date date1, Date date2) {
return TimeUnit.MILLISECONDS.toMinutes(Math.abs(date1.getTime() - date2.getTime()));
}

private static boolean isInRangeSeconds(Date date1, Date date2, int rangeInSeconds) {
Date latestTime = addSeconds(date2, rangeInSeconds);
Date earliestTime = addSeconds(date2, -rangeInSeconds);
Expand Down
9 changes: 5 additions & 4 deletions src/test/java/org/digidoc4j/impl/bdoc/ValidationTests.java
View file
Expand Up @@ -49,6 +49,7 @@
import org.digidoc4j.signers.PKCS12SignatureToken;
import org.digidoc4j.testutils.TSLHelper;
import org.digidoc4j.testutils.TestSigningHelper;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
Expand Down Expand Up @@ -196,7 +197,7 @@ public void revocationAndTimeStampDifferenceTooLarge() {
Container container = ContainerOpener.open("src/test/resources/testFiles/invalid-containers/revocation_timestamp_delta_26h.asice", PROD_CONFIGURATION);
ValidationResult validate = container.validate();
assertEquals(1, validate.getErrors().size());
assertEquals("(Signature ID: S0) The difference between the OCSP response time and the signature time stamp is too large",
assertEquals("(Signature ID: S0) The difference between the OCSP response time and the signature timestamp is too large",
validate.getErrors().get(0).toString());
}

Expand All @@ -205,9 +206,9 @@ public void revocationAndTimeStampDifferenceNotTooLarge() {
Configuration configuration = new Configuration(Configuration.Mode.PROD);
int delta27Hours = 27 * 60;
configuration.setRevocationAndTimestampDeltaInMinutes(delta27Hours);
Container container = ContainerOpener.open("src/test/resources/testFiles/invalid-containers/revocation_timestamp_delta_26h.asice", configuration);
ValidationResult validate = container.validate();
assertEquals(0, validate.getErrors().size());
ValidationResult result = ContainerOpener.open("src/test/resources/testFiles/invalid-containers/revocation_timestamp_delta_26h.asice", configuration).validate();
Assert.assertEquals(0, result.getErrors().size());
Assert.assertEquals(2, result.getWarnings().size());
}

@Test
Expand Down
Binary file added src/test/resources/testFiles/tmp/newTestTimestamp.asics
View file
Binary file not shown.

0 comments on commit 03a3bbb

Please sign in to comment.