diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt index 9045ede71..4148e866e 100644 --- a/RELEASE-NOTES.txt +++ b/RELEASE-NOTES.txt @@ -1,10 +1,19 @@ DigiDoc4J Java library release notes +------------------------------------ +Release 1.0.7.1 +------------------ +Summary of the major changes since 1.0.7 +---------------------------------------- +* Fixed signing problem when encryption algorithm is ECDSA and signature profile LT_TM. +* Updated the pre-calculated policy digest value. + ------------------------------------ Release 1.0.7 ------------------ Summary of the major changes since 1.0.7 RC.2 ---------------------------------------- * Performance test fix + ------------------------------------ Release 1.0.7 RC.2 ------------------ diff --git a/src/org/digidoc4j/impl/bdoc/BDocSignatureBuilder.java b/src/org/digidoc4j/impl/bdoc/BDocSignatureBuilder.java index 0b0598f6e..6f03c5aca 100644 --- a/src/org/digidoc4j/impl/bdoc/BDocSignatureBuilder.java +++ b/src/org/digidoc4j/impl/bdoc/BDocSignatureBuilder.java @@ -14,16 +14,20 @@ import static eu.europa.esig.dss.SignatureLevel.XAdES_BASELINE_B; import static eu.europa.esig.dss.SignatureLevel.XAdES_BASELINE_LT; import static eu.europa.esig.dss.SignatureLevel.XAdES_BASELINE_LTA; +import static java.lang.Math.min; import static org.apache.commons.codec.binary.Base64.decodeBase64; import static org.apache.commons.lang3.StringUtils.isEmpty; import static org.digidoc4j.impl.bdoc.ocsp.OcspSourceBuilder.anOcspSource; +import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Collection; import java.util.Date; import java.util.List; import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.cert.ocsp.BasicOCSPResp; import org.digidoc4j.Configuration; import org.digidoc4j.DataFile; @@ -37,6 +41,7 @@ import org.digidoc4j.exceptions.InvalidSignatureException; import org.digidoc4j.exceptions.OCSPRequestFailedException; import org.digidoc4j.exceptions.SignerCertificateRequiredException; +import org.digidoc4j.exceptions.TechnicalException; import org.digidoc4j.impl.SignatureFinalizer; import org.digidoc4j.impl.bdoc.asic.DetachedContentCreator; import org.digidoc4j.impl.bdoc.ocsp.SKOnlineOCSPSource; @@ -52,20 +57,95 @@ import eu.europa.esig.dss.Policy; import eu.europa.esig.dss.SignerLocation; import eu.europa.esig.dss.client.tsp.OnlineTSPSource; +import eu.europa.esig.dss.utils.Utils; +import eu.europa.esig.dss.xades.signature.DSSSignatureUtils; +/** + * Class for building and finalizing BDOC signatures. + */ public class BDocSignatureBuilder extends SignatureBuilder implements SignatureFinalizer { - private final static Logger logger = LoggerFactory.getLogger(BDocSignatureBuilder.class); + private static final Logger logger = LoggerFactory.getLogger(BDocSignatureBuilder.class); + private static final char[] hexArray = "0123456789ABCDEF".toCharArray(); + private static final int hexMaxlen = 10; private transient XadesSigningDssFacade facade; private Date signingDate; + private static final int maxTryCount = 5; + + /** + * Prepare signature policy data for BDOC signature. + * + * @return Policy + */ + public static Policy createBDocSignaturePolicy() { + if (policyDefinedByUser != null && isDefinedAllPolicyValues()) { + return policyDefinedByUser; + } + Policy signaturePolicy = new Policy(); + signaturePolicy.setId("urn:oid:" + XadesSignatureValidator.TM_POLICY); + signaturePolicy.setDigestValue(decodeBase64("0xRLPsW1UIpxtermnTGE+5+5620UsWi5bYJY76Di3o0=")); + signaturePolicy.setQualifier("OIDAsURN"); + signaturePolicy.setDigestAlgorithm(SHA256); + signaturePolicy.setSpuri("https://www.sk.ee/repository/bdoc-spec21.pdf"); + return signaturePolicy; + } + + /** + * Checks if the signature is ASN.1 encoded. + * + * @param signatureValue signature value to check. + * @return if the signature is ASN.1 encoded. + */ + private static boolean isAsn1Encoded(byte[] signatureValue) { + ASN1InputStream is = null; + try { + is = new ASN1InputStream(signatureValue); + ASN1Primitive obj = is.readObject(); + return obj != null; + } catch (IOException e) { + return false; + } finally { + Utils.closeQuietly(is); + } + } + + private static String bytesToHex(byte[] bytes, int maxLen) { + char[] hexChars = new char[min(bytes.length, maxLen) * 2]; + for (int j = 0; j < min(bytes.length, maxLen); j++) { + int v = bytes[j] & 0xFF; + hexChars[j * 2] = hexArray[v >>> 4]; + hexChars[j * 2 + 1] = hexArray[v & 0x0F]; + } + return new String(hexChars); + } @Override protected Signature invokeSigningProcess() { logger.info("Signing BDoc container"); signatureParameters.setSigningCertificate(signatureToken.getCertificate()); byte[] dataToSign = getDataToBeSigned(); - byte[] signatureValue = signatureToken.sign(signatureParameters.getDigestAlgorithm(), dataToSign); - return finalizeSignature(signatureValue); + Signature result = null; + byte[] signatureValue = null; + int count = 0; + boolean finalized = false; + while (!finalized && count < maxTryCount) { + try { + // TODO: Investigate instability (of BouncyCastle?) + // Sometimes sign returns value what causes error in finalizeSignature + signatureValue = signatureToken.sign(signatureParameters.getDigestAlgorithm(), dataToSign); + if (signatureParameters.getEncryptionAlgorithm() == EncryptionAlgorithm.ECDSA + && isAsn1Encoded(signatureValue)) { + signatureValue = DSSSignatureUtils.convertToXmlDSig(eu.europa.esig.dss.EncryptionAlgorithm.ECDSA, signatureValue); + } + result = finalizeSignature(signatureValue); + finalized = true; + } catch (TechnicalException e) { + logger.warn("PROBLEM with signing [" + String.valueOf(count) + "]:" + + bytesToHex(dataToSign, hexMaxlen) + " -> " + bytesToHex(signatureValue, hexMaxlen)); + count++; + } + } + return result; } @Override @@ -87,7 +167,7 @@ public Signature openAdESSignature(byte[] signatureDocument) { @Override public Signature finalizeSignature(byte[] signatureValueBytes) { - logger.info("Finalizing BDoc signature"); + logger.info("Finalizing BDoc signature: " + bytesToHex(signatureValueBytes, hexMaxlen)); populateParametersForFinalizingSignature(signatureValueBytes); Collection dataFilesToSign = getDataFiles(); validateDataFilesToSign(dataFilesToSign); @@ -174,7 +254,9 @@ private void validateOcspResponse(XadesSignature xadesSignature) { } private boolean isBaselineSignatureProfile() { - return signatureParameters.getSignatureProfile() != null && (SignatureProfile.B_BES == signatureParameters.getSignatureProfile() || SignatureProfile.B_EPES == signatureParameters.getSignatureProfile()); + return signatureParameters.getSignatureProfile() != null + && (SignatureProfile.B_BES == signatureParameters.getSignatureProfile() + || SignatureProfile.B_EPES == signatureParameters.getSignatureProfile()); } private void setOcspSource(byte[] signatureValueBytes) { @@ -249,19 +331,6 @@ private void setSignaturePolicy() { } } - public static Policy createBDocSignaturePolicy() { - if (policyDefinedByUser != null && isDefinedAllPolicyValues()) { - return policyDefinedByUser; - } - Policy signaturePolicy = new Policy(); - signaturePolicy.setId("urn:oid:" + XadesSignatureValidator.TM_POLICY); - signaturePolicy.setDigestValue(decodeBase64("3Tl1oILSvOAWomdI9VeWV6IA/32eSXRUri9kPEz1IVs=")); - signaturePolicy.setQualifier("OIDAsURN"); - signaturePolicy.setDigestAlgorithm(SHA256); - signaturePolicy.setSpuri("https://www.sk.ee/repository/bdoc-spec21.pdf"); - return signaturePolicy; - } - private void setSignatureId() { if (StringUtils.isNotBlank(signatureParameters.getSignatureId())) { facade.setSignatureId(signatureParameters.getSignatureId()); diff --git a/src/org/digidoc4j/impl/bdoc/OcspNonceValidator.java b/src/org/digidoc4j/impl/bdoc/OcspNonceValidator.java index c17ee4fb0..22e3d9cd3 100644 --- a/src/org/digidoc4j/impl/bdoc/OcspNonceValidator.java +++ b/src/org/digidoc4j/impl/bdoc/OcspNonceValidator.java @@ -21,6 +21,7 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DLSequence; +import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.cert.ocsp.BasicOCSPResp; import org.slf4j.Logger; @@ -30,6 +31,9 @@ import eu.europa.esig.dss.DigestAlgorithm; import eu.europa.esig.dss.xades.validation.XAdESSignature; +/** + * Validator of OCSP response NONCE extension + */ public class OcspNonceValidator implements Serializable { private static final Logger logger = LoggerFactory.getLogger(OcspNonceValidator.class); @@ -37,11 +41,19 @@ public class OcspNonceValidator implements Serializable { private XAdESSignature signature; private BasicOCSPResp ocspResponse; + /** + * Constructor of the validator + * @param signature Xades signature object + */ public OcspNonceValidator(XAdESSignature signature) { this.signature = signature; ocspResponse = getLatestOcspResponse(signature.getOCSPSource().getContainedOCSPResponses()); } + /** + * Method for asking if OCSP response is valid or not. + * @return True if OCSP response is valid, false otherwise. + */ public boolean isValid() { if (signature.getPolicyId() == null) { return true; @@ -62,17 +74,18 @@ private BasicOCSPResp getLatestOcspResponse(List ocspResponses) { Date latestDate = basicOCSPResp.getProducedAt(); for (int i = 1; i < ocspResponses.size(); i++) { - BasicOCSPResp ocspResponse = ocspResponses.get(i); - if (ocspResponse.getProducedAt().after(latestDate)) { - latestDate = ocspResponse.getProducedAt(); - basicOCSPResp = ocspResponse; + BasicOCSPResp ocspResp = ocspResponses.get(i); + if (ocspResp.getProducedAt().after(latestDate)) { + latestDate = ocspResp.getProducedAt(); + basicOCSPResp = ocspResp; } } return basicOCSPResp; } private boolean isOcspResponseValid(BasicOCSPResp latestOcspResponse) { - Extension extension = latestOcspResponse.getExtension(new ASN1ObjectIdentifier("1.3.6.1.5.5.7.48.1.2")); + Extension extension = latestOcspResponse.getExtension( + new ASN1ObjectIdentifier(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId())); if (extension == null) { logger.error("No valid OCSP extension found in signature: " + signature.getId()); return false; diff --git a/src/org/digidoc4j/impl/bdoc/ocsp/BDocTMOcspSource.java b/src/org/digidoc4j/impl/bdoc/ocsp/BDocTMOcspSource.java index 912a34f79..3a3071058 100644 --- a/src/org/digidoc4j/impl/bdoc/ocsp/BDocTMOcspSource.java +++ b/src/org/digidoc4j/impl/bdoc/ocsp/BDocTMOcspSource.java @@ -17,11 +17,20 @@ import eu.europa.esig.dss.DSSUtils; import eu.europa.esig.dss.DigestAlgorithm; +import eu.europa.esig.dss.xades.signature.DSSSignatureUtils; +/** + * BDocTMOcspSource is class for creating BDoc TM specific NONCE. + */ public class BDocTMOcspSource extends SKOnlineOCSPSource { private static final Logger logger = LoggerFactory.getLogger(SKOnlineOCSPSource.class); private final byte[] signature; + /** + * Constructor. + * @param configuration Configuration. + * @param signature Signature value without DER prefixes. + */ public BDocTMOcspSource(Configuration configuration, byte[] signature) { super(configuration); this.signature = signature; diff --git a/src/org/digidoc4j/impl/bdoc/ocsp/SKOnlineOCSPSource.java b/src/org/digidoc4j/impl/bdoc/ocsp/SKOnlineOCSPSource.java index 838318aab..7ff3a0a63 100644 --- a/src/org/digidoc4j/impl/bdoc/ocsp/SKOnlineOCSPSource.java +++ b/src/org/digidoc4j/impl/bdoc/ocsp/SKOnlineOCSPSource.java @@ -33,6 +33,7 @@ import org.digidoc4j.Configuration; import org.digidoc4j.exceptions.ConfigurationException; import org.digidoc4j.exceptions.DigiDoc4JException; +import org.digidoc4j.impl.bdoc.OcspNonceValidator; import org.digidoc4j.impl.bdoc.SkDataLoader; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -204,6 +205,10 @@ SkDataLoader getDataLoader() { return dataLoader; } + /** + * Define data loader. + * @param dataLoader Data loader object to be used. + */ public void setDataLoader(SkDataLoader dataLoader) { this.dataLoader = dataLoader; } diff --git a/src/org/digidoc4j/impl/bdoc/xades/XadesSigningDssFacade.java b/src/org/digidoc4j/impl/bdoc/xades/XadesSigningDssFacade.java index 0dbefc74c..60b6d4b32 100644 --- a/src/org/digidoc4j/impl/bdoc/xades/XadesSigningDssFacade.java +++ b/src/org/digidoc4j/impl/bdoc/xades/XadesSigningDssFacade.java @@ -17,6 +17,7 @@ import java.util.List; import org.digidoc4j.DataFile; +import org.digidoc4j.exceptions.TechnicalException; import org.digidoc4j.impl.bdoc.SKCommonCertificateVerifier; import org.digidoc4j.impl.bdoc.asic.DetachedContentCreator; import org.slf4j.Logger; @@ -26,6 +27,7 @@ import eu.europa.esig.dss.BLevelParameters; import eu.europa.esig.dss.DSSDocument; +import eu.europa.esig.dss.DSSException; import eu.europa.esig.dss.DigestAlgorithm; import eu.europa.esig.dss.DomUtils; import eu.europa.esig.dss.EncryptionAlgorithm; @@ -36,18 +38,19 @@ import eu.europa.esig.dss.SignatureValue; import eu.europa.esig.dss.SignerLocation; import eu.europa.esig.dss.ToBeSigned; -import eu.europa.esig.dss.signature.DocumentSignatureService; +import eu.europa.esig.dss.asic.ASiCNamespace; import eu.europa.esig.dss.validation.CertificateVerifier; import eu.europa.esig.dss.x509.CertificateSource; import eu.europa.esig.dss.x509.CertificateToken; import eu.europa.esig.dss.x509.ocsp.OCSPSource; import eu.europa.esig.dss.x509.tsp.TSPSource; -import eu.europa.esig.dss.asic.ASiCNamespace; - import eu.europa.esig.dss.xades.DSSXMLUtils; import eu.europa.esig.dss.xades.XAdESSignatureParameters; import eu.europa.esig.dss.xades.signature.XAdESService; +/** + * Facade class for DSS Xades signing functionality. + */ public class XadesSigningDssFacade { private static final Logger logger = LoggerFactory.getLogger(XadesSigningDssFacade.class); @@ -74,14 +77,18 @@ public byte[] getDataToSign(Collection dataFiles) { public DSSDocument signDocument(byte[] signatureValue, Collection dataFiles) { logger.debug("Signing document with DSS"); - SignatureValue dssSignatureValue = new SignatureValue(xAdESSignatureParameters.getSignatureAlgorithm(), signatureValue); DetachedContentCreator detachedContentCreator = new DetachedContentCreator().populate(dataFiles); - DSSDocument dssDocument = detachedContentCreator.getFirstDetachedContent(); List detachedContentList = detachedContentCreator.getDetachedContentList(); logger.debug("Signature parameters: " + xAdESSignatureParameters.toString()); xAdESSignatureParameters.setDetachedContents(detachedContentCreator.getDetachedContentList()); - DSSDocument signedDocument = xAdESService.signDocument(detachedContentList, xAdESSignatureParameters, dssSignatureValue); - logger.debug("Finished signing document with DSS"); + SignatureValue dssSignatureValue = new SignatureValue(xAdESSignatureParameters.getSignatureAlgorithm(), signatureValue); + DSSDocument signedDocument = null; + try { + signedDocument = xAdESService.signDocument(detachedContentList, xAdESSignatureParameters, dssSignatureValue); + } catch (DSSException e) { + logger.warn("Signing document with DSS failed:" + e.getMessage()); + throw new TechnicalException("Got error in signing process"); + } DSSDocument correctedSignedDocument = surroundWithXadesXmlTag(signedDocument); return correctedSignedDocument; } @@ -143,25 +150,25 @@ public void setSignatureLevel(SignatureLevel signatureLevel) { xAdESSignatureParameters.setSignatureLevel(signatureLevel); } + public String getSignatureId() { + return xAdESSignatureParameters.getDeterministicId(); + } + public void setSignatureId(String signatureId) { logger.debug("Setting deterministic id: " + signatureId); //TODO find solution for method setDeterministicId(...) xAdESSignatureParameters.setDeterministicId(signatureId); } - public String getSignatureId() { - return xAdESSignatureParameters.getDeterministicId(); - } - public void setSigningDate(Date signingDate) { xAdESSignatureParameters.getBLevelParams().setSigningDate(signingDate); } - public void setEn319132(boolean isSigningCertificateV2){ + public void setEn319132(boolean isSigningCertificateV2) { xAdESSignatureParameters.setEn319132(isSigningCertificateV2); } - public void getEn319132(){ + public void getEn319132() { xAdESSignatureParameters.isEn319132(); } diff --git a/src/org/digidoc4j/impl/bdoc/xades/validation/XadesSignatureValidator.java b/src/org/digidoc4j/impl/bdoc/xades/validation/XadesSignatureValidator.java index e1a2e107c..af197aec8 100644 --- a/src/org/digidoc4j/impl/bdoc/xades/validation/XadesSignatureValidator.java +++ b/src/org/digidoc4j/impl/bdoc/xades/validation/XadesSignatureValidator.java @@ -44,10 +44,13 @@ import eu.europa.esig.dss.xades.XPathQueryHolder; import eu.europa.esig.dss.xades.validation.XAdESSignature; +/** + * Signature validator for Xades signatures. + */ public class XadesSignatureValidator implements SignatureValidator { - private final static Logger logger = LoggerFactory.getLogger(XadesSignatureValidator.class); public static final String TM_POLICY = "1.3.6.1.4.1.10015.1000.3.2.1"; + private static final Logger logger = LoggerFactory.getLogger(XadesSignatureValidator.class); private static final String OIDAS_URN = "OIDAsURN"; private static final String XADES_SIGNED_PROPERTIES = "http://uri.etsi.org/01903#SignedProperties"; private transient Reports validationReport; @@ -57,6 +60,11 @@ public class XadesSignatureValidator implements SignatureValidator { private String signatureId; private XadesSignature signature; + /** + * Constructor. + * + * @param signature Signature object for validation + */ public XadesSignatureValidator(XadesSignature signature) { this.signature = signature; signatureId = signature.getId(); @@ -86,7 +94,7 @@ protected void populateValidationErrors() { private void addPolicyValidationErrors() { logger.debug("Extracting policy validation errors"); SignaturePolicy policy = getDssSignature().getPolicyId(); - if(policy != null) { + if (policy != null) { String policyIdentifier = Helper.getIdentifier(policy.getIdentifier()); if (!StringUtils.equals(TM_POLICY, policyIdentifier)) { addValidationError(new WrongPolicyIdentifierException("Wrong policy identifier: " + policyIdentifier)); @@ -101,7 +109,8 @@ private void addPolicyUriValidationErrors() { SignaturePolicy policy = getDssSignature().getPolicyId(); if (policy != null) { if (StringUtils.isBlank(policy.getUrl())) { - addValidationError(new WrongPolicyIdentifierException("Error: The URL in signature policy is empty or not available")); + addValidationError( + new WrongPolicyIdentifierException("Error: The URL in signature policy is empty or not available")); } } } @@ -114,20 +123,21 @@ private void addPolicyIdentifierQualifierValidationErrors() { Element identifier = DomUtils.getElement(element, "./xades:SignaturePolicyId/xades:SigPolicyId/xades:Identifier"); String qualifier = identifier.getAttribute("Qualifier"); if (!StringUtils.equals(OIDAS_URN, qualifier)) { - addValidationError(new WrongPolicyIdentifierQualifierException("Wrong policy identifier qualifier: " + qualifier)); + addValidationError( + new WrongPolicyIdentifierQualifierException("Wrong policy identifier qualifier: " + qualifier)); } } private void addSignedPropertiesReferenceValidationErrors() { logger.debug("Extracting signed properties reference validation errors"); int propertiesReferencesCount = findSignedPropertiesReferencesCount(); - String signatureId = getDssSignature().getId(); - if(propertiesReferencesCount == 0) { - logger.error("Signed properties are missing for signature " + signatureId); + String sigId = getDssSignature().getId(); + if (propertiesReferencesCount == 0) { + logger.error("Signed properties are missing for signature " + sigId); addValidationError(new SignedPropertiesMissingException("Signed properties missing")); } if (propertiesReferencesCount > 1) { - logger.error("Multiple signed properties for signature " + signatureId); + logger.error("Multiple signed properties for signature " + sigId); DigiDoc4JException error = new MultipleSignedPropertiesException("Multiple signed properties"); addValidationError(error); } @@ -148,14 +158,14 @@ private void addReportedErrors() { logger.debug("Extracting reported errors"); if (simpleReport != null) { for (String errorMessage : simpleReport.getErrors(signatureId)) { - if(isRedundantErrorMessage(errorMessage)) { + if (isRedundantErrorMessage(errorMessage)) { logger.debug("Ignoring redundant error message: " + errorMessage); continue; } logger.error(errorMessage); - if(errorMessage.contains(MessageTag.BBB_XCV_ISCR_ANS.getMessage())) { + if (errorMessage.contains(MessageTag.BBB_XCV_ISCR_ANS.getMessage())) { addValidationError(new CertificateRevokedException(errorMessage)); - } else if(errorMessage.contains(MessageTag.PSV_IPSVC_ANS.getMessage())) { + } else if (errorMessage.contains(MessageTag.PSV_IPSVC_ANS.getMessage())) { addValidationError(new CertificateRevokedException(errorMessage)); } else { addValidationError(new DigiDoc4JException(errorMessage)); @@ -165,7 +175,11 @@ private void addReportedErrors() { } private boolean isRedundantErrorMessage(String errorMessage) { - return equalsIgnoreCase(errorMessage, MessageTag.ADEST_ROBVPIIC_ANS.getMessage()) || equalsIgnoreCase(errorMessage, MessageTag.LTV_ABSV_ANS.getMessage()) || equalsIgnoreCase(errorMessage, MessageTag.ARCH_LTVV_ANS.getMessage()) || equalsIgnoreCase(errorMessage, MessageTag.BBB_XCV_RFC_ANS.getMessage()) || equalsIgnoreCase(errorMessage, MessageTag.BBB_XCV_SUB_ANS.getMessage()); + return equalsIgnoreCase(errorMessage, MessageTag.ADEST_ROBVPIIC_ANS.getMessage()) + || equalsIgnoreCase(errorMessage, MessageTag.LTV_ABSV_ANS.getMessage()) + || equalsIgnoreCase(errorMessage, MessageTag.ARCH_LTVV_ANS.getMessage()) + || equalsIgnoreCase(errorMessage, MessageTag.BBB_XCV_RFC_ANS.getMessage()) + || equalsIgnoreCase(errorMessage, MessageTag.BBB_XCV_SUB_ANS.getMessage()); } private void addReportedWarnings() { @@ -178,7 +192,7 @@ private void addReportedWarnings() { } private void addTimestampErrors() { - if(!isTimestampValidForSignature()) { + if (!isTimestampValidForSignature()) { logger.error("Signature " + signatureId + " has an invalid timestamp"); addValidationError(new InvalidTimestampException()); } @@ -191,7 +205,7 @@ private boolean isTimestampValidForSignature() { return true; } List timestampIdList = diagnosticData.getTimestampIdList(signatureId); - if(timestampIdList == null || timestampIdList.isEmpty()) { + if (timestampIdList == null || timestampIdList.isEmpty()) { return true; } String timestampId = timestampIdList.get(0); @@ -201,16 +215,16 @@ private boolean isTimestampValidForSignature() { } private SimpleReport getSimpleReport(Map simpleReports) { - SimpleReport simpleReport = simpleReports.get(signatureId); - if (simpleReport != null && simpleReports.size() == 1) { + SimpleReport simpleRep = simpleReports.get(signatureId); + if (simpleRep != null && simpleReports.size() == 1) { return simpleReports.values().iterator().next(); } - return simpleReport; + return simpleRep; } private void addOcspErrors() { OcspNonceValidator ocspValidator = new OcspNonceValidator(getDssSignature()); - if(!ocspValidator.isValid()) { + if (!ocspValidator.isValid()) { logger.error("OCSP nonce is invalid"); addValidationError(new InvalidOcspNonceException()); } diff --git a/test/org/digidoc4j/SignatureBuilderTest.java b/test/org/digidoc4j/SignatureBuilderTest.java index 0d0c4b246..f6e0e5e2d 100644 --- a/test/org/digidoc4j/SignatureBuilderTest.java +++ b/test/org/digidoc4j/SignatureBuilderTest.java @@ -159,6 +159,7 @@ public void createTimeMarkSignature_shouldNotContainTimestamp() throws Exception withSignatureProfile(SignatureProfile.LT_TM). withSignatureToken(testSignatureToken). invokeSigning(); + assertTrue(signature.validateSignature().isValid()); container.addSignature(signature); List signatureTimestamps = signature.getOrigin().getDssSignature().getSignatureTimestamps(); diff --git a/test/org/digidoc4j/impl/bdoc/BDocContainerTest.java b/test/org/digidoc4j/impl/bdoc/BDocContainerTest.java index 18f4ae7aa..7e57f80aa 100644 --- a/test/org/digidoc4j/impl/bdoc/BDocContainerTest.java +++ b/test/org/digidoc4j/impl/bdoc/BDocContainerTest.java @@ -585,7 +585,7 @@ public void testLargeFileSigning() throws Exception { } @Test - public void openLargeFileFromStream() throws FileNotFoundException, IOException { + public void openLargeFileFromStream() throws IOException { BDocContainer container = (BDocContainer) ContainerBuilder. aContainer(BDOC_CONTAINER_TYPE). withConfiguration(new Configuration(Configuration.Mode.TEST)). @@ -1252,6 +1252,6 @@ public void containerWithSignaturePolicyByDefault() throws Exception { assertEquals("https://www.sk.ee/repository/bdoc-spec21.pdf", policyId.getUrl()); assertEquals("" + XadesSignatureValidator.TM_POLICY, policyId.getIdentifier()); assertEquals(eu.europa.esig.dss.DigestAlgorithm.SHA256, policyId.getDigestAlgorithm()); - assertEquals("3Tl1oILSvOAWomdI9VeWV6IA/32eSXRUri9kPEz1IVs=", policyId.getDigestValue()); + assertEquals("0xRLPsW1UIpxtermnTGE+5+5620UsWi5bYJY76Di3o0=", policyId.getDigestValue()); } }