javaxml-signaturexades4j

Verify Signature XADES throw java.lang.ArrayIndexOutOfBoundsException: 0


I need to verify signature XADES in signed xml file. I use xades4j v. 1.4.0 but when call method verify throw java.lang.ArrayIndexOutOfBoundsException: 0. With some file work , with other one no.

I have tried in debug mode and the exception throw in method checkForm -XAdESFormChecker class.

My code:

                DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
                dbf.setNamespaceAware(true);
                DocumentBuilder db = dbf.newDocumentBuilder();
                Document doc = db.parse(inputStream);
                DOMHelper.useIdAsXmlId(doc.getDocumentElement());                    
                NodeList nList = doc.getElementsByTagName("ds:Signature");
                Element elem = null;                      
                for (int temp = 0; temp < nList.getLength(); temp++) {
                    Node nNode = nList.item(temp);
                    if (nNode.getNodeType() == Node.ELEMENT_NODE) {
                        elem = (Element) nNode;
                        elem.setIdAttributeNS(null, "Id", true);
                    }
                }
                data = item.getData();               
                CertificateValidationProvider certValidator = new CertificateValidationProviderImpl();
                XadesVerificationProfile p = new XadesVerificationProfile(certValidator);
                XadesVerifier v = p.newVerifier();
                SignatureSpecificVerificationOptions opts = new SignatureSpecificVerificationOptions().useDataForAnonymousReference(data);   
                XAdESVerificationResult result = v.verify(elem, opts);

The signature :Xml signature

Can you help me? What is the error?


EDIT - STACK TRACE

*java.lang.ArrayIndexOutOfBoundsException: 0 at xades4j.verification.XAdESFormChecker$XAdESFormDesc.getPrevious(XAdESFormChecker.java:109) at xades4j.verification.XAdESFormChecker.checkForm(XAdESFormChecker.java:55) at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:213) at it.yyy.kkkFramework.albo.InserimentoRichiestaController.listenerUploadDoc(InserimentoRichiestaController.java:1811) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:187) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297) at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) at org.richfaces.event.MethodExpressionEventListener.processEvent(MethodExpressionEventListener.java:125) at org.richfaces.view.facelets.FileUploadHandler$FileUploadListenerImpl.processFileUpload(FileUploadHandler.java:55) ...


Solution

  • xades4j is based in ETSI TS 101 903 (XAdES 1.4.1). You signature, however, contains SigningCertificateV2, which is a property defined in more recent XAdES specs, not yet supported by xades4j. This is causing the error, as the SigningCertificate property is not present.

    The library shouldn't be throwing the "array out of bounds" exception (this will be fixed, as it is a bug), but it wouldn't be able to verify the signature. If it wasn't for the bug you'd see the much more obvious exception thrown in this line: https://github.com/luisgoncalves/xades4j/blob/master/src/main/java/xades4j/verification/XAdESFormChecker.java#L64