Ahmet-Kaplan / xades4j

Automatically exported from code.google.com/p/xades4j
GNU Lesser General Public License v3.0
0 stars 0 forks source link

There is no option to give signed xml as a input when want to timestamp signed xml file #86

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi,

XadesSigningProfile p = new XadesBesSigningProfile(...)
  .withTimeStampTokenProvider(AuthenticatedTimeStampTokenProvider.class)
  .withBinding(TSAHttpAuthenticationData.class, new TSAHttpAuthenticationData("url", "user", "password"));

When i uses above profile to timestamping my signed xml ,then where to pass 
this signed xml because my TSA(http://tzd.kamusm.gov.tr) need signed xml file 
as an input.

Tell me what is other option for resolved above mention problem.

Thanks & Regards
Jay

Original issue reported on code.google.com by jay...@gmail.com on 5 Apr 2014 at 12:10

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I didn't understand the problem. Can you explain again?
Is this an issue with xades4j?

Original comment by luis.fgoncalv on 7 Apr 2014 at 6:54

GoogleCodeExporter commented 9 years ago
Hi,
Actually, first i signed my xml file attached here. After that our step to do 
is timestamping this signed xml from TSA (http://tzd.kamusm.gov.tr),which is a 
Kamu server for timestamping the xml file.
So how i can timestamping the signed xml file by using xades4j library?

As i have seen on http://code.google.com/p/xades4j/wiki/Timestamping link and 
found a way of timestamping the xml document but here there is no any option to 
provide document to timstamp.

So if you got my question then kindly tell me how can we timstamp my document 
using xades4j api.

Thanks & Regards
Jay

Original comment by jay...@gmail.com on 8 Apr 2014 at 6:13

Attachments:

GoogleCodeExporter commented 9 years ago
The timestamps on XAdES are calculated over specific sets of data from the 
signed document.

The signature you attached is a XAdES-BES. If you wan't to add a signature 
timestamp, you're extending it to XAdES-T. My suggestion is that you do that 
upon verification, as described here: 
https://code.google.com/p/xades4j/wiki/SignatureEnrichment.

This will extend the signature form to the one specified if it isn't already on 
that form. On your case, it will add the timestamp property if you specify 
XAdES-T as the minimum form.

Original comment by luis.fgoncalv on 8 Apr 2014 at 8:31

GoogleCodeExporter commented 9 years ago
Hi,
Please look into below mentioned scenario.........

1. Actually we want to attach a timestamp certificate from TSA to our signed 
file. I want to know whether it is possible in xades4j to sign and getting 
timestamp certificate from TSA and attaching it to this signed file in one GO.
In our case our file is rejected by software as we are manually inserting the 
received certificate from TSA to our signed file.

2.  I also used XAdES-T so that timestamp certificate can be add in my signed 
xml file but when i am getting some problem like below-------
xades4j.production.PropertyDataGenerationException: Property data generation 
failed for SignatureTimeStamp: cannot get a time-stamp
    at xades4j.production.DataGenBaseTimeStamp.generatePropertyData(DataGenBaseTimeStamp.java:75)
    at xades4j.production.PropertiesDataObjectsGeneratorImpl.doGenPropsData(PropertiesDataObjectsGeneratorImpl.java:86)
    at xades4j.production.PropertiesDataObjectsGeneratorImpl.genPropsData(PropertiesDataObjectsGeneratorImpl.java:72)
    at xades4j.production.PropertiesDataObjectsGeneratorImpl.generateUnsignedPropertiesData(PropertiesDataObjectsGeneratorImpl.java:64)
    at xades4j.production.SignerBES.sign(SignerBES.java:275)
    at xades4j.production.SignerBES.sign(SignerBES.java:122)
    at xades4j.production.Enveloped.sign(Enveloped.java:68)
    at com.techi.xades4j.signing.Xades4jSignAndVerifyTest.main(Xades4jSignAndVerifyTest.java:180)
Caused by: xades4j.providers.TimeStampTokenGenerationException: Error when 
connecting to the TSA
    at xades4j.providers.impl.DefaultTimeStampTokenProvider.getResponse(DefaultTimeStampTokenProvider.java:153)
    at xades4j.providers.impl.DefaultTimeStampTokenProvider.getTimeStampToken(DefaultTimeStampTokenProvider.java:103)
    at xades4j.production.DataGenBaseTimeStamp.generatePropertyData(DataGenBaseTimeStamp.java:60)
    ... 7 more
Caused by: java.net.SocketException: Unexpected end of file from server
    at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:772)
    at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
    at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:769)
    at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1323)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
    at xades4j.providers.impl.DefaultTimeStampTokenProvider.getResponse(DefaultTimeStampTokenProvider.java:143)
    ... 9 more

I used XAdES-T based profile as below......

 XadesTSigningProfile signingProfile= (XadesTSigningProfile)new XadesTSigningProfile(kp)
                            .withBasicSignatureOptionsProvider(new CustomBasicSigOptionsProvider())
                            .withSignaturePropertiesProvider(new SignaturePropertiesProvider(){
                                 @Override
                                 public void provideProperties(SignaturePropertiesCollector arg0) {
                                     arg0.setSignerRole(new SignerRoleProperty().withClaimedRole("Tedarikci"));
                                     arg0.setSigningTime(new SigningTimeProperty());
                                  }
                             })
                       .withTimeStampTokenProvider(AuthenticatedTimeStampTokenProvider.class)
                       .withBinding(TSAHttpAuthenticationData.class, new TSAHttpAuthenticationData("http://tzd.kamusm.gov.tr", "xxxx", "xxxxx"));

but i am getting error that i mentioned above.

Summary is that i my signed file should be timstamped by using 
TSA(http://tzd.kamusm.gov.tr) provided certificate.

Please go through above detailed scenario and tell me what can i do to achieve 
the same.

Original comment by jay...@gmail.com on 8 Apr 2014 at 11:21

GoogleCodeExporter commented 9 years ago
If you want a XAdES-T then you should use the XadesTSigningProfile to create 
the signature. It seems that you're already trying that.

Now, the stack trace shows an error on the HTTP connection: "Unexpected end of 
file from server". What have you tried?

Maybe the TSA server is closing the connection for some reason. Should the URL 
be HTTPS? Is the request compatible with the TSA? It should be, but I don't 
know TSA details.

Check the implementation of "getResponse" on DefaultTimeStampTokenProvider to 
see the request details.
https://code.google.com/p/xades4j/source/browse/tags/version-1.3.0/src/main/java
/xades4j/providers/impl/DefaultTimeStampTokenProvider.java

Original comment by luis.fgoncalv on 8 Apr 2014 at 10:25

GoogleCodeExporter commented 9 years ago
Hi,

Actually, when i am sending request to TSA using command line then it get 
connected to TSA and i received timestamp(.ZD file containing timestam 
certificate) file from there.
See below command....
C:\java -jar tss-client-console-2.0.2.jar -z [File to be stamped] [TSS Address] 
[TSS Port] [Customer No] [Customer Password]

Our TSA addres is--http://tzd.kamusm.gov.tr
TSA Port is--80
TSA username=xxxx  [sorry, its confidential]
TSA password=xxxxxxx [sorry, its confidential]

So when we execute above command, which also take our signed xml as an input, 
it run successfully and revert us a .ZD file which contains timestamp 
certificate in encoded format then we decode it and append it into our signed 
file. But appendinf timestamp into signed xml is not valid.
Our need is that when we are signing our xml file then timestamp should be also 
added into file but using TSA provided only not default one.

Since in the above scenario, we get connected with TSA, then why the connection 
is not establish in case of scenario...

XadesTSigningProfile signingProfile= (XadesTSigningProfile)new 
XadesTSigningProfile(kp)
                            .withBasicSignatureOptionsProvider(new CustomBasicSigOptionsProvider())
                            .withSignaturePropertiesProvider(new SignaturePropertiesProvider(){
                                 @Override
                                 public void provideProperties(SignaturePropertiesCollector arg0) {
                                     arg0.setSignerRole(new SignerRoleProperty().withClaimedRole("Tedarikci"));
                                     arg0.setSigningTime(new SigningTimeProperty());
                                  }
                             })
                       .withTimeStampTokenProvider(MyTimeStampTokenProvider.class)
                       .withBinding(TSAHttpAuthenticationData.class, new TSAHttpAuthenticationData("http://tzd.kamusm.gov.tr", "xxxx", "xxxxx"));

I also override tsa URl like below........

class MyTimeStampTokenProvider extends DefaultTimeStampTokenProvider
{
   @Inject
   public MyTimeStampTokenProvider(MessageDigestEngineProvider messageDigestProvider)
   {
      super(messageDigestProvider);
   }

   @Override
   protected String getTSAUrl()
   {
      return "http://tzd.kamusm.gov.tr";
   }
}

So please look into my this problem and tell me what is the reason of not 
connected with TSA. 

Regards
Jay

 and then i read that certficate from that file and by using java code i append that timestamp into my signed xml file at appropriate place.

Original comment by jay...@gmail.com on 9 Apr 2014 at 7:13

GoogleCodeExporter commented 9 years ago
As far as xades4j is concerned I think you're doing everything ok. I'm not sure 
I can help you much more.

Xades4j is expecting a timestamp token response which is ASN.1 data object, 
accordingly to RFC 3161. You say that the TSA returns a "timestamp 
certificatr". What does that mean? 

Note that the SignatureTimestamp property defined in XAdES has its own rules to 
define the signature input. I recommend that you read about timestamp 
properties on the XAdES spec.

When using timestamps properties - whch happens on the XAdES-T form - XAdES4j 
handles calculating the timestamp input, sending the appropriate request to the 
TSA and inserting the token on the signature. You don't just send some signed 
file to the TSA and insert it in the signature. You shouldn't be handling the 
signature structure yourself.

To sum up: are you sure that the TSA endpoint is appropriate for the RFC 3161?

Original comment by luis.fgoncalv on 9 Apr 2014 at 3:51

GoogleCodeExporter commented 9 years ago

Original comment by luis.fgoncalv on 11 May 2014 at 7:17