Merge pull request #304 from luisgoncalves/iss259-add-ids-ondemand

Add element IDs on demand instead of upfront
luisgoncalves · Sep 14, 2024 · a8c3c1f · a8c3c1f
2 parents 5278408 + 1e390f8
commit a8c3c1f
Show file tree

Hide file tree

Showing 11 changed files with 381 additions and 364 deletions.
diff --git a/src/main/java/xades4j/production/DataGenCommitmentType.java b/src/main/java/xades4j/production/DataGenCommitmentType.java
@@ -48,7 +48,7 @@ public PropertyDataObject generatePropertyData(
         {
             // The ObjectReference refers the Reference element. This assumes
             // that the QualifyingProperties are in the signature's document.
-            commTypeData.addObjReferences('#' + ctx.getReference(obj).getId());
+            commTypeData.addObjReferences('#' + ctx.ensureElementId(ctx.getReference(obj)));
         }
 
         commTypeData.setQualifiers(prop.getQualifiers());

diff --git a/src/main/java/xades4j/production/DataGenCounterSig.java b/src/main/java/xades4j/production/DataGenCounterSig.java
@@ -66,12 +66,11 @@ public PropertyDataObject generatePropertyData(
         try
         {
             // Rerence to the ds:SignatureValue element. This assumes that the
-            // QualifyingProperties are in the signature's document and that the
-            // SignatureValue element has an Id.
+            // QualifyingProperties are in the signature's document.
             Element sigValueElem = DOMHelper.getFirstDescendant(
                     ctx.getTargetXmlSignature().getElement(),
                     Constants.SignatureSpecNS, Constants._TAG_SIGNATUREVALUE);
-            String sigValueId = sigValueElem.getAttribute(Constants._ATT_ID);
+            String sigValueId = ctx.ensureElementId(sigValueElem);
             DataObjectReference sigValueRef = new DataObjectReference('#' + sigValueId)
                     .withType(CounterSignatureProperty.COUNTER_SIGNATURE_TYPE_URI);
 

diff --git a/src/main/java/xades4j/production/DataGenDataObjFormat.java b/src/main/java/xades4j/production/DataGenDataObjFormat.java
@@ -37,7 +37,7 @@ public PropertyDataObject generatePropertyData(
         // corresponding with the data object qualified by this property.
         // This assumes that the QualifyingProperties are in the signature's document.
         DataObjectDesc targetDataObjInfo = prop.getTargetDataObjects().iterator().next();
-        String objRef = '#' + ctx.getReference(targetDataObjInfo).getId();
+        String objRef = '#' + ctx.ensureElementId(ctx.getReference(targetDataObjInfo));
 
         DataObjectFormatData dataObjFormatData = new DataObjectFormatData(objRef);
         dataObjFormatData.setMimeType(prop.getMimeType());

diff --git a/src/main/java/xades4j/production/DataGenIndivDataObjsTimeStamp.java b/src/main/java/xades4j/production/DataGenIndivDataObjsTimeStamp.java
@@ -74,7 +74,7 @@ protected BaseXAdESTimeStampData createPropDataObj(
         for (DataObjectDesc dataObj : targetDataObjs)
         {
             Reference r = ctx.getReference(dataObj);
-            includes.add('#' + r.getId());
+            includes.add('#' + ctx.ensureElementId(r));
         }
 
         prop.setTime(tsTknRes.timeStampTime);

diff --git a/src/main/java/xades4j/production/PropertiesDataGenerationContext.java b/src/main/java/xades4j/production/PropertiesDataGenerationContext.java
@@ -20,6 +20,7 @@
 import org.apache.xml.security.signature.Reference;
 import org.apache.xml.security.signature.SignedInfo;
 import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.Constants;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import xades4j.XAdES4jXMLSigException;
@@ -32,6 +33,9 @@
 import java.util.List;
 import java.util.Map;
 
+import static xades4j.production.SignerBES.idFor;
+import static xades4j.utils.StringUtils.isNullOrEmptyString;
+
 /**
  * Context used during the generation of the properties low-level data (property
  * data objects). Contains informations about the algorithms in use and the resources
@@ -45,19 +49,22 @@ public final class PropertiesDataGenerationContext
     private final List<Reference> references;
     private final Map<DataObjectDesc, Reference> referencesMappings;
     private final Document sigDocument;
+    private final ElementIdGenerator idGenerator;
     private XMLSignature targetXmlSignature;
 
     /**
      * A simple constructor to be used when only unsigned signature properties
      * will be processed.
      *
      * @param targetXmlSignature the target signature
+     * @param idGenerator        ID generator
      */
-    PropertiesDataGenerationContext(XMLSignature targetXmlSignature) throws XAdES4jXMLSigException
+    PropertiesDataGenerationContext(XMLSignature targetXmlSignature, ElementIdGenerator idGenerator) throws XAdES4jXMLSigException
     {
         this.targetXmlSignature = targetXmlSignature;
         this.sigDocument = targetXmlSignature.getDocument();
         this.referencesMappings = null;
+        this.idGenerator = idGenerator;
 
         SignedInfo signedInfo = targetXmlSignature.getSignedInfo();
         List<Reference> refs = new ArrayList<>(signedInfo.getLength());
@@ -83,10 +90,12 @@ public final class PropertiesDataGenerationContext
     PropertiesDataGenerationContext(
             Collection<DataObjectDesc> orderedDataObjs,
             Map<DataObjectDesc, Reference> referencesMappings,
-            Document sigDocument)
+            Document sigDocument,
+            ElementIdGenerator idGenerator)
     {
         this.referencesMappings = referencesMappings;
         this.sigDocument = sigDocument;
+        this.idGenerator = idGenerator;
 
         List<Reference> orderedRefs = new ArrayList<>(orderedDataObjs.size());
         for (DataObjectDesc dataObjDesc : orderedDataObjs)
@@ -120,6 +129,29 @@ public Reference getReference(DataObjectDesc dataObject)
         return referencesMappings.get(dataObject);
     }
 
+    public String ensureElementId(Reference element)
+    {
+        String id = element.getId();
+        if (isNullOrEmptyString(id))
+        {
+            id = idFor(element, idGenerator);
+            element.setId(id);
+        }
+
+        return id;
+    }
+
+    public String ensureElementId(Element element)
+    {
+        String id = element.getAttribute(Constants._ATT_ID);
+        if (isNullOrEmptyString(id))
+        {
+            id = idFor(element, idGenerator);
+            DOMHelper.setIdAsXmlId(element, id);
+        }
+        return id;
+    }
+
     XMLSignature getTargetXmlSignature()
     {
         if (this.targetXmlSignature == null)

diff --git a/src/main/java/xades4j/production/SignedDataObjectsProcessor.java b/src/main/java/xades4j/production/SignedDataObjectsProcessor.java
@@ -197,7 +197,7 @@ else if (dataObjDesc instanceof EnvelopedManifest)
 
                 Transforms transforms = processTransforms(dataObjDesc, container.getDocument());
 
-                // Add the Reference. References need an ID because data object properties may refer them.
+                // Add the Reference
                 container.addDocument(
                         xmlSignature.getBaseURI(),
                         refUri,
@@ -209,7 +209,6 @@ else if (dataObjDesc instanceof EnvelopedManifest)
                 // SignedDataObjects and EnvelopedManifest don't allow repeated instances, so there's no
                 // need to check for duplicate entries on the map.
                 Reference ref = container.item(index);
-                ref.setId(idFor(ref, idGenerator));
                 referenceMappings.put(dataObjDesc, ref);
             }
 

diff --git a/src/main/java/xades4j/production/SignerBES.java b/src/main/java/xades4j/production/SignerBES.java
@@ -16,17 +16,7 @@
  */
 package xades4j.production;
 
-import static xades4j.utils.CanonicalizerUtils.checkC14NAlgorithm;
-
 import jakarta.inject.Inject;
-
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-import java.util.UUID;
-
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.signature.Manifest;
 import org.apache.xml.security.signature.ObjectContainer;
@@ -63,6 +53,14 @@
 import xades4j.xml.marshalling.UnsignedPropertiesMarshaller;
 import xades4j.xml.marshalling.algorithms.AlgorithmsParametersMarshallingProvider;
 
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import static xades4j.utils.CanonicalizerUtils.checkC14NAlgorithm;
+
 /**
  * Base logic for producing XAdES signatures (XAdES-BES).
  *
@@ -233,7 +231,8 @@ public final XadesSignatureResult sign(
             PropertiesDataGenerationContext propsDataGenCtx = new PropertiesDataGenerationContext(
                     signedDataObjects.getDataObjectsDescs(),
                     signedDataObjectsResult.referenceMappings,
-                    signatureDocument);
+                    signatureDocument,
+                    idGenerator);
             // Generate the signed properties data objects. The data objects structure
             // is verifier in the process.
             SigAndDataObjsPropertiesData signedPropsData = this.propsDataObjectsGenerator.generateSignedPropertiesData(
@@ -285,11 +284,6 @@ public final XadesSignatureResult sign(
             {
                 throw new XAdES4jXMLSigException(ex.getMessage(), ex);
             }
-            // Set the ds:SignatureValue id.
-            Element sigValueElem = DOMHelper.getFirstDescendant(
-                    signature.getElement(),
-                    Constants.SignatureSpecNS, Constants._TAG_SIGNATUREVALUE);
-            DOMHelper.setIdAsXmlId(sigValueElem, idFor(sigValueElem, idGenerator));
 
             /* Marshal unsigned properties */
             // Generate the unsigned properties data objects. The data objects structure

diff --git a/src/main/java/xades4j/production/XadesSignatureFormatExtenderImpl.java b/src/main/java/xades4j/production/XadesSignatureFormatExtenderImpl.java
@@ -37,14 +37,18 @@ class XadesSignatureFormatExtenderImpl implements XadesSignatureFormatExtender
     {
         Init.initXMLSec();
     }
+
+    private final ElementIdGeneratorFactory idGeneratorFactory;
     private final PropertiesDataObjectsGenerator propsDataObjectsGenerator;
     private final UnsignedPropertiesMarshaller unsignedPropsMarshaller;
 
     @Inject
     XadesSignatureFormatExtenderImpl(
+            ElementIdGeneratorFactory idGeneratorFactory,
             PropertiesDataObjectsGenerator propsDataObjectsGenerator,
             UnsignedPropertiesMarshaller unsignedPropsMarshaller)
     {
+        this.idGeneratorFactory = idGeneratorFactory;
         this.propsDataObjectsGenerator = propsDataObjectsGenerator;
         this.unsignedPropsMarshaller = unsignedPropsMarshaller;
     }
@@ -76,10 +80,12 @@ public void enrichSignature(
             DOMHelper.useIdAsXmlId(signedProps);
         }
 
+        ElementIdGenerator idGenerator = idGeneratorFactory.create();
+
         SigAndDataObjsPropertiesData propsData = propsDataObjectsGenerator.generateUnsignedPropertiesData(
                 props,
-                new PropertiesDataGenerationContext(sig));
-        
+                new PropertiesDataGenerationContext(sig, idGenerator));
+
         // A little style trick to have nice prefixes.
         if(null == sig.getDocument().lookupPrefix(QualifyingProperty.XADESV141_XMLNS))
             qualifProps.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:xades141", QualifyingProperty.XADESV141_XMLNS);