GoogleCodeExporter
commented
9 years ago [deleted comment]Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago [deleted comment]I didn't understand the problem. Can you explain again?
Is this an issue with xades4j?Original comment by luis.fgoncalv on 7 Apr 2014 at 6:54
GoogleCodeExporter
commented
9 years ago Hi,
Actually, first i signed my xml file attached here. After that our step to do
is timestamping this signed xml from TSA (http://tzd.kamusm.gov.tr),which is a
Kamu server for timestamping the xml file.
So how i can timestamping the signed xml file by using xades4j library?
As i have seen on http://code.google.com/p/xades4j/wiki/Timestamping link and
found a way of timestamping the xml document but here there is no any option to
provide document to timstamp.
So if you got my question then kindly tell me how can we timstamp my document
using xades4j api.
Thanks & Regards
Jay
Original comment by jay...@gmail.com on 8 Apr 2014 at 6:13
Attachments:
GoogleCodeExporter
commented
9 years ago The timestamps on XAdES are calculated over specific sets of data from the
signed document.
The signature you attached is a XAdES-BES. If you wan't to add a signature
timestamp, you're extending it to XAdES-T. My suggestion is that you do that
upon verification, as described here:
https://code.google.com/p/xades4j/wiki/SignatureEnrichment.
This will extend the signature form to the one specified if it isn't already on
that form. On your case, it will add the timestamp property if you specify
XAdES-T as the minimum form.
Original comment by luis.fgoncalv on 8 Apr 2014 at 8:31
GoogleCodeExporter
commented
9 years ago Hi,
Please look into below mentioned scenario.........
1. Actually we want to attach a timestamp certificate from TSA to our signed
file. I want to know whether it is possible in xades4j to sign and getting
timestamp certificate from TSA and attaching it to this signed file in one GO.
In our case our file is rejected by software as we are manually inserting the
received certificate from TSA to our signed file.
2. I also used XAdES-T so that timestamp certificate can be add in my signed
xml file but when i am getting some problem like below-------
xades4j.production.PropertyDataGenerationException: Property data generation
failed for SignatureTimeStamp: cannot get a time-stamp
at xades4j.production.DataGenBaseTimeStamp.generatePropertyData(DataGenBaseTimeStamp.java:75)
at xades4j.production.PropertiesDataObjectsGeneratorImpl.doGenPropsData(PropertiesDataObjectsGeneratorImpl.java:86)
at xades4j.production.PropertiesDataObjectsGeneratorImpl.genPropsData(PropertiesDataObjectsGeneratorImpl.java:72)
at xades4j.production.PropertiesDataObjectsGeneratorImpl.generateUnsignedPropertiesData(PropertiesDataObjectsGeneratorImpl.java:64)
at xades4j.production.SignerBES.sign(SignerBES.java:275)
at xades4j.production.SignerBES.sign(SignerBES.java:122)
at xades4j.production.Enveloped.sign(Enveloped.java:68)
at com.techi.xades4j.signing.Xades4jSignAndVerifyTest.main(Xades4jSignAndVerifyTest.java:180)
Caused by: xades4j.providers.TimeStampTokenGenerationException: Error when
connecting to the TSA
at xades4j.providers.impl.DefaultTimeStampTokenProvider.getResponse(DefaultTimeStampTokenProvider.java:153)
at xades4j.providers.impl.DefaultTimeStampTokenProvider.getTimeStampToken(DefaultTimeStampTokenProvider.java:103)
at xades4j.production.DataGenBaseTimeStamp.generatePropertyData(DataGenBaseTimeStamp.java:60)
... 7 more
Caused by: java.net.SocketException: Unexpected end of file from server
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:772)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:769)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1323)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at xades4j.providers.impl.DefaultTimeStampTokenProvider.getResponse(DefaultTimeStampTokenProvider.java:143)
... 9 more
I used XAdES-T based profile as below......
XadesTSigningProfile signingProfile= (XadesTSigningProfile)new XadesTSigningProfile(kp)
.withBasicSignatureOptionsProvider(new CustomBasicSigOptionsProvider())
.withSignaturePropertiesProvider(new SignaturePropertiesProvider(){
@Override
public void provideProperties(SignaturePropertiesCollector arg0) {
arg0.setSignerRole(new SignerRoleProperty().withClaimedRole("Tedarikci"));
arg0.setSigningTime(new SigningTimeProperty());
}
})
.withTimeStampTokenProvider(AuthenticatedTimeStampTokenProvider.class)
.withBinding(TSAHttpAuthenticationData.class, new TSAHttpAuthenticationData("http://tzd.kamusm.gov.tr", "xxxx", "xxxxx"));
but i am getting error that i mentioned above.
Summary is that i my signed file should be timstamped by using
TSA(http://tzd.kamusm.gov.tr) provided certificate.
Please go through above detailed scenario and tell me what can i do to achieve
the same.
Original comment by jay...@gmail.com on 8 Apr 2014 at 11:21
GoogleCodeExporter
commented
9 years ago If you want a XAdES-T then you should use the XadesTSigningProfile to create
the signature. It seems that you're already trying that.
Now, the stack trace shows an error on the HTTP connection: "Unexpected end of
file from server". What have you tried?
Maybe the TSA server is closing the connection for some reason. Should the URL
be HTTPS? Is the request compatible with the TSA? It should be, but I don't
know TSA details.
Check the implementation of "getResponse" on DefaultTimeStampTokenProvider to
see the request details.
https://code.google.com/p/xades4j/source/browse/tags/version-1.3.0/src/main/java
/xades4j/providers/impl/DefaultTimeStampTokenProvider.java
Original comment by luis.fgoncalv on 8 Apr 2014 at 10:25
GoogleCodeExporter
commented
9 years ago Hi,
Actually, when i am sending request to TSA using command line then it get
connected to TSA and i received timestamp(.ZD file containing timestam
certificate) file from there.
See below command....
C:\java -jar tss-client-console-2.0.2.jar -z [File to be stamped] [TSS Address]
[TSS Port] [Customer No] [Customer Password]
Our TSA addres is--http://tzd.kamusm.gov.tr
TSA Port is--80
TSA username=xxxx [sorry, its confidential]
TSA password=xxxxxxx [sorry, its confidential]
So when we execute above command, which also take our signed xml as an input,
it run successfully and revert us a .ZD file which contains timestamp
certificate in encoded format then we decode it and append it into our signed
file. But appendinf timestamp into signed xml is not valid.
Our need is that when we are signing our xml file then timestamp should be also
added into file but using TSA provided only not default one.
Since in the above scenario, we get connected with TSA, then why the connection
is not establish in case of scenario...
XadesTSigningProfile signingProfile= (XadesTSigningProfile)new
XadesTSigningProfile(kp)
.withBasicSignatureOptionsProvider(new CustomBasicSigOptionsProvider())
.withSignaturePropertiesProvider(new SignaturePropertiesProvider(){
@Override
public void provideProperties(SignaturePropertiesCollector arg0) {
arg0.setSignerRole(new SignerRoleProperty().withClaimedRole("Tedarikci"));
arg0.setSigningTime(new SigningTimeProperty());
}
})
.withTimeStampTokenProvider(MyTimeStampTokenProvider.class)
.withBinding(TSAHttpAuthenticationData.class, new TSAHttpAuthenticationData("http://tzd.kamusm.gov.tr", "xxxx", "xxxxx"));
I also override tsa URl like below........
class MyTimeStampTokenProvider extends DefaultTimeStampTokenProvider
{
@Inject
public MyTimeStampTokenProvider(MessageDigestEngineProvider messageDigestProvider)
{
super(messageDigestProvider);
}
@Override
protected String getTSAUrl()
{
return "http://tzd.kamusm.gov.tr";
}
}
So please look into my this problem and tell me what is the reason of not
connected with TSA.
Regards
Jay
and then i read that certficate from that file and by using java code i append that timestamp into my signed xml file at appropriate place.Original comment by jay...@gmail.com on 9 Apr 2014 at 7:13
GoogleCodeExporter
commented
9 years ago As far as xades4j is concerned I think you're doing everything ok. I'm not sure
I can help you much more.
Xades4j is expecting a timestamp token response which is ASN.1 data object,
accordingly to RFC 3161. You say that the TSA returns a "timestamp
certificatr". What does that mean?
Note that the SignatureTimestamp property defined in XAdES has its own rules to
define the signature input. I recommend that you read about timestamp
properties on the XAdES spec.
When using timestamps properties - whch happens on the XAdES-T form - XAdES4j
handles calculating the timestamp input, sending the appropriate request to the
TSA and inserting the token on the signature. You don't just send some signed
file to the TSA and insert it in the signature. You shouldn't be handling the
signature structure yourself.
To sum up: are you sure that the TSA endpoint is appropriate for the RFC 3161?
Original comment by luis.fgoncalv on 9 Apr 2014 at 3:51
GoogleCodeExporter
commented
9 years ago Original comment by luis.fgoncalv on 11 May 2014 at 7:17
Original issue reported on code.google.com by
jay...@gmail.comon 5 Apr 2014 at 12:10