Merge branch 'release-4.3.0-RC'

Author: bielecro

apps/dss/core/dss-common/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>eu.europa.ec.joinup.sd-dss</groupId>
         <artifactId>sd-dss-app</artifactId>
-        <version>4.2.0</version>
+        <version>4.3.0-RC</version>
         <relativePath>../..</relativePath>
     </parent>
 

apps/dss/core/dss-document/https_keystore.jks

@@ -8,7 +8,7 @@
 	<parent>
 		<groupId>eu.europa.ec.joinup.sd-dss</groupId>
 		<artifactId>sd-dss-app</artifactId>
-		<version>4.2.0</version>
+		<version>4.3.0-RC</version>
 		<relativePath>../..</relativePath>
 	</parent>
 
@@ -84,10 +84,6 @@
 			<groupId>org.bouncycastle</groupId>
 			<artifactId>bcmail-jdk15on</artifactId>
 		</dependency>
-		<!--<dependency>-->
-		<!--<groupId>org.bouncycastle</groupId>-->
-		<!--<artifactId>bcpkix-jdk15on</artifactId>-->
-		<!--</dependency>-->
 		<dependency>
 			<groupId>org.apache.santuario</groupId>
 			<artifactId>xmlsec</artifactId>
@@ -105,6 +101,10 @@
 			<groupId>org.apache.pdfbox</groupId>
 			<artifactId>pdfbox</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>commons-lang</groupId>
+			<artifactId>commons-lang</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
 			<artifactId>logback-classic</artifactId>

apps/dss/core/dss-document/pom.xml

@@ -32,6 +32,18 @@
 
 public class BLevelParameters {
 
+	/**
+	 * This variable indicates if the Baseline profile's trust anchor policy shall be followed:
+	 * ETSI TS 103 171 V2.1.1 (2012-03)
+	 * 6.2.1 Placement of the signing certificate
+	 * ../..
+	 * it is advised to include at least the unavailable intermediary certificates up to but not including the CAs present in the TSLs,
+	 * ../..
+	 * This rule applies as follows: when -B level is constructed the trust anchor is not included, when -LT level is constructed the trust anchor is included.
+	 * NOTE: when trust anchor baseline profile policy is defined only the certificates previous to the trust anchor are included when -B level is constructed.
+	 */
+	private boolean trustAnchorBPPolicy = true;
+
 	private Date signingDate = new Date();
 
 	/**
@@ -53,28 +65,32 @@ public class BLevelParameters {
 	private String contentHintsType;
 	private String contentHintsDescription;
 
-	public BLevelParameters() {
-
+	/**
+	 * Default constructor
+	 */
+	BLevelParameters() {
 	}
 
+	/**
+	 * Copy constructor.
+	 *
+	 * @param source {@code BLevelParameters} source parameters
+	 */
 	BLevelParameters(final BLevelParameters source) {
 
 		if (source == null) {
-
 			throw new DSSNullException(BLevelParameters.class);
 		}
-		if (source.signaturePolicy != null) {
 
+		this.trustAnchorBPPolicy = source.trustAnchorBPPolicy;
+		if (source.signaturePolicy != null) {
 			this.signaturePolicy = new Policy(source.signaturePolicy);
 		}
 		this.signingDate = source.signingDate;
-
 		if (source.claimedSignerRoles != null) {
-
 			this.claimedSignerRoles = new ArrayList<String>(source.claimedSignerRoles);
 		}
 		if (source.certifiedSignerRoles != null) {
-
 			this.certifiedSignerRoles = new ArrayList<String>(source.certifiedSignerRoles);
 		}
 
@@ -85,15 +101,43 @@ public BLevelParameters() {
 		this.contentIdentifierSuffix = source.contentIdentifierSuffix;
 
 		if (source.commitmentTypeIndication != null) {
-
 			this.commitmentTypeIndication = new ArrayList<String>(source.commitmentTypeIndication);
 		}
 		if (source.signerLocation != null) {
-
 			this.signerLocation = new SignerLocation(source.signerLocation);
 		}
 	}
 
+	/**
+	 * @return indicates the trust anchor policy shall be used when creating -B and -LT levels
+	 */
+	public boolean isTrustAnchorBPPolicy() {
+		return trustAnchorBPPolicy;
+	}
+
+	/**
+	 * Allows to set the trust anchor policy to use when creating -B and -LT levels.
+	 * NOTE: when trust anchor baseline profile policy is defined only the certificates previous to the trust anchor are included when building -B level.
+	 *
+	 * @param trustAnchorBPPolicy {@code boolean}
+	 */
+	public void setTrustAnchorBPPolicy(boolean trustAnchorBPPolicy) {
+		this.trustAnchorBPPolicy = trustAnchorBPPolicy;
+	}
+
+	/**
+	 * @return the signature policy to use during the signature creation process
+	 */
+	public Policy getSignaturePolicy() {
+
+		return signaturePolicy;
+	}
+
+	/**
+	 * This setter allows to indicate the signature policy to use.
+	 *
+	 * @param signaturePolicy signature policy to use
+	 */
 	public void setSignaturePolicy(final Policy signaturePolicy) {
 
 		this.signaturePolicy = signaturePolicy;
@@ -249,6 +293,9 @@ public void addPostalAddress(final String addressItem) {
 		}
 	}
 
+	/**
+	 * This inner class allows to define the signature policy.
+	 */
 	public static class Policy {
 
 		private String id;
@@ -323,11 +370,6 @@ public void setDigestValue(final byte[] digestValue) {
 
 	}
 
-	public Policy getSignaturePolicy() {
-
-		return signaturePolicy;
-	}
-
 	/**
 	 * Set the signing date
 	 *

apps/dss/core/dss-document/src/main/java/eu/europa/ec/markt/dss/parameter/BLevelParameters.java

@@ -0,0 +1,103 @@
+/*
+ * DSS - Digital Signature Services
+ *
+ * Copyright (C) 2013 European Commission, Directorate-General Internal Market and Services (DG MARKT), B-1049 Bruxelles/Brussel
+ *
+ * Developed by: 2013 ARHS Developments S.A. (rue Nicolas Bové 2B, L-1253 Luxembourg) http://www.arhs-developments.com
+ *
+ * This file is part of the "DSS - Digital Signature Services" project.
+ *
+ * "DSS - Digital Signature Services" is free software: you can redistribute it and/or modify it under the terms of
+ * the GNU Lesser General Public License as published by the Free Software Foundation, either version 2.1 of the
+ * License, or (at your option) any later version.
+ *
+ * DSS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+ * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with
+ * "DSS - Digital Signature Services".  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package eu.europa.ec.markt.dss.parameter;
+
+import java.security.cert.X509Certificate;
+
+import eu.europa.ec.markt.dss.exception.DSSNullException;
+
+/**
+ * This class represent an element of the certificate chain. Each element is composed of a {@code X509Certificate} and a {@code boolean} value idicating if the certificate must be
+ * part of the signing certificate signed attribute.
+ * <p/>
+ * DISCLAIMER: Project owner DG-MARKT.
+ *
+ * @author <a href="mailto:[email protected]">ARHS Developments</a>
+ * @version $Revision: 1016 $ - $Date: 2011-06-17 15:30:45 +0200 (Fri, 17 Jun 2011) $
+ */
+public class ChainCertificate {
+
+	private X509Certificate x509Certificate;
+	private boolean signedAttribute;
+
+	/**
+	 * This is the default constructor.
+	 *
+	 * @param x509Certificate encapsulated {@code X509Certificate}
+	 */
+	public ChainCertificate(final X509Certificate x509Certificate) {
+
+		if (x509Certificate == null) {
+			throw new DSSNullException(X509Certificate.class);
+		}
+		this.x509Certificate = x509Certificate;
+	}
+
+	/**
+	 * This is the full constructor associating the {@code X509Certificate} and the information indicating if the certificate must be added to the signing certificate signed
+	 * attribute.
+	 *
+	 * @param x509Certificate encapsulated {@code X509Certificate}
+	 * @param signedAttribute indicated if the certificate must be part of the signing certificate signed attribute
+	 */
+	public ChainCertificate(final X509Certificate x509Certificate, final boolean signedAttribute) {
+
+		this(x509Certificate);
+		this.signedAttribute = signedAttribute;
+	}
+
+	public X509Certificate getX509Certificate() {
+		return x509Certificate;
+	}
+
+	public void setX509Certificate(final X509Certificate x509Certificate) {
+		this.x509Certificate = x509Certificate;
+	}
+
+	public boolean isSignedAttribute() {
+		return signedAttribute;
+	}
+
+	public void setSignedAttribute(final boolean signedAttribute) {
+		this.signedAttribute = signedAttribute;
+	}
+
+	@Override
+	public boolean equals(final Object o) {
+
+		if (this == o) {
+			return true;
+		}
+		if (o == null || getClass() != o.getClass()) {
+			return false;
+		}
+		final ChainCertificate that = (ChainCertificate) o;
+		if (!x509Certificate.equals(that.x509Certificate)) {
+			return false;
+		}
+		return true;
+	}
+
+	@Override
+	public int hashCode() {
+		return x509Certificate.hashCode();
+	}
+}

apps/dss/core/dss-document/src/main/java/eu/europa/ec/markt/dss/parameter/ChainCertificate.java

@@ -35,6 +35,7 @@ public class DSSTransform {
 	String elementName;
 	String namespace;
 	String textContent;
+	private boolean perform = false;
 
 	public DSSTransform() {
 	}
@@ -47,6 +48,7 @@ public DSSTransform() {
 	public DSSTransform(final DSSTransform transform) {
 
 		algorithm = transform.algorithm;
+		perform = transform.perform;
 		elementName = transform.elementName;
 		namespace = transform.namespace;
 		textContent = transform.textContent;
@@ -60,6 +62,21 @@ public void setAlgorithm(String algorithm) {
 		this.algorithm = algorithm;
 	}
 
+	/**
+	 * The framework (4.3.0-RC) is able to cope in automated manner only with some transformations: canonicalization & {@code Transforms.TRANSFORM_XPATH}. You need to set this
+	 * property to tell to the framework to perform the transformation. It applies only for {@code SignaturePackaging.ENVELOPED}.
+	 * The default value is {@code false}.
+	 *
+	 * @param perform indicates if the transformation should be performed
+	 */
+	public void setPerform(boolean perform) {
+		this.perform = perform;
+	}
+
+	public boolean isPerform() {
+		return perform;
+	}
+
 	public String getElementName() {
 		return elementName;
 	}
@@ -91,6 +108,7 @@ public String toString() {
 			  ", elementName='" + elementName + '\'' +
 			  ", namespace='" + namespace + '\'' +
 			  ", textContent='" + textContent + '\'' +
+			  ", perform=" + perform +
 			  '}';
 	}
 }