Xades4j - XML Signature Verification error - SignaturePolicyNotAvailableException

StackOverflow https://stackoverflow.com//questions/25031633

  •  21-12-2019
  •  | 
  •  

Question

I receive XML Invoice with Xades EPES signature and I have to control it. So I try to do that with Xades4j. I have fixed lot of error But I stuck on the error:

errxades4j.verification.SignaturePolicyNotAvailableException: Verification failed for property 'SignaturePolicyIdentifier': signature policy document is not available
    at xades4j.verification.SignaturePolicyVerifier.verify(SignaturePolicyVerifier.java:67)
    at xades4j.verification.SignaturePolicyVerifier.verify(SignaturePolicyVerifier.java:38)
    at xades4j.verification.QualifyingPropertiesVerifierImpl.verifyProperties(QualifyingPropertiesVerifierImpl.java:58)
    at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:202)

Java code use to verify signature :

FileInputStream fis = new FileInputStream("keystore.jks");
KeyStore trustAnchors = KeyStore.getInstance("jks");
trustAnchors.load(fis,"password".toCharArray());
fis.close();

CertificateValidationProvider certValidator = new PKIXCertificateValidationProvider(trustAnchors, false);
XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
XadesVerifier v = p.newVerifier();

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db =  dbf.newDocumentBuilder();
FileInputStream is = new FileInputStream(filename);
Document doc = db.parse(is);

Element sigElem = (Element)doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE).item(0);
XAdESVerificationResult r = null;
r = v.verify(sigElem,null);

If necessary I can post an extract of kind of XML file I try to verify after anonymization.

Thanks. I have looked and tried all i have found (on the net, xades4j example, xades4j junit class...) but nothing seems to resolve my error.

Was it helpful?

Solution

You need to specify your own policy document provider like this: p.withPolicyDocumentProvider(). And you have to implement your own policy provider which implements the interfaces SignaturePolicyInfoProvider and SignaturePolicyDocumentProvider. (at least I did it that way)

Edit to your comment:

You need to implement SignaturePolicyInfoProvider.getSignaturePolicyDocumentStream(), which returns an InputStream. This can be a FileInputStream

Example:

public class FilebasedSignaturePolicyProvider implements  SignaturePolicyDocumentProvider {

    @Override
    public InputStream getSignaturePolicyDocumentStream(ObjectIdentifier sigPolicyId) {
        String oid = sigPolicyId.getIdentifier();

        try {
            return new FileInputStream("directory-to-my-policy-files/" + oid);
        } catch (FileNotFoundException e) {
            // handle error
        }
    }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top