List of usage examples for org.bouncycastle.asn1 ASN1EncodableVector add
public void add(ASN1Encodable element)
From source file:eu.emi.security.authn.x509.helpers.proxy.ProxyCertInfoExtension.java
License:Open Source License
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); if (pathLen != Integer.MAX_VALUE) v.add(new ASN1Integer(pathLen)); if (policy != null) { v.add(policy.toASN1Primitive()); } else {/*from w w w . j av a2s.c o m*/ throw new IllegalArgumentException( "Can't generate " + "ProxyCertInfoExtension without mandatory policy"); } return new DLSequence(v); }
From source file:eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder.java
License:Open Source License
private X509Certificate sign(TBSCertificate toSign, AlgorithmIdentifier sigAlg, String sigAlgName, PrivateKey key, String provider, SecureRandom random) throws InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, IOException, CertificateParsingException { byte[] signature = calculateSignature(sigAlgName, provider, key, random, toSign); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(toSign); v.add(sigAlg.toASN1Primitive());/*w w w .j a va 2 s .c o m*/ v.add(new DERBitString(signature)); DERSequence derCertificate = new DERSequence(v); CertificateFactory factory; try { factory = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bais = new ByteArrayInputStream(derCertificate.getEncoded(ASN1Encoding.DER)); return (X509Certificate) factory.generateCertificate(bais); } catch (CertificateException e) { throw new RuntimeException("The generated proxy " + "certificate was not parsed by the JDK", e); } }
From source file:eu.emi.security.authn.x509.proxy.ProxyPolicy.java
License:Open Source License
/** * output the ASN1 object of the proxy policy. * /*from w w w. ja v a2 s. c o m*/ * @see org.bouncycastle.asn1.ASN1Object#toASN1Object() */ @Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(oid)); if (policy != null) v.add(DEROctetString.getInstance(policy)); return new DERSequence(v); }
From source file:eu.europa.ec.markt.dss.mocca.MOCCASignatureTokenConnection.java
License:Open Source License
/** * The ECDSA_SIG structure consists of two BIGNUMs for the r and s value of a ECDSA signature (see X9.62 or FIPS * 186-2).<br>//from ww w. j a va2s . co m * This encoding is not implemented at the level of MOCCA! * * @param signedStream * @return * @throws eu.europa.ec.markt.dss.exception.DSSException */ private static byte[] encode(byte[] signedStream) throws DSSException { final int half = signedStream.length / 2; final byte[] firstPart = new byte[half]; final byte[] secondPart = new byte[half]; System.arraycopy(signedStream, 0, firstPart, 0, half); System.arraycopy(signedStream, half, secondPart, 0, half); final BigInteger r = new BigInteger(1, firstPart); final BigInteger s = new BigInteger(1, secondPart); final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERInteger(r)); v.add(new DERInteger(s)); return DSSASN1Utils.getDEREncoded(new DERSequence(v)); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
/** * 5.11.5 mime-type Attribute/*from ww w .ja v a 2 s. c om*/ * <p/> * The mime-type attribute is an attribute that lets the signature generator indicate the mime-type of the signed data. It * is similar in spirit to the contentDescription field of the content-hints attribute, but can be used without a multilayered * document. * <p/> * The mime-type attribute shall be a signed attribute. * <p/> * The following object identifier identifies the mime-type attribute: * id-aa-ets-mimeType OBJECT IDENTIFIER ::= { itu-t(0) identified-organization(4) etsi(0) electronicsignature- * standard (1733) attributes(2) 1 } * <p/> * mime-type attribute values have ASN.1 type UTF8String: * <p/> * mimeType::= UTF8String * <p/> * The mimeType is used to indicate the encoding of the signed data, in accordance with the rules defined in * RFC 2045 [6]; see annex F for an example of structured contents and MIME. * Only a single mime-type attribute shall be present. * <p/> * The mime-type attribute shall not be used within a countersignature. * * @param document * @param signedAttributes */ private void addMimeType(final DSSDocument document, final ASN1EncodableVector signedAttributes) { if (!padesUsage) { final MimeType mimeType = document.getMimeType(); if (mimeType != null && DSSUtils.isNotBlank(mimeType.getMimeTypeString())) { final org.bouncycastle.asn1.cms.Attribute attribute = new org.bouncycastle.asn1.cms.Attribute( OID.id_aa_ets_mimeType, new DERSet(new DERUTF8String(mimeType.getMimeTypeString()))); signedAttributes.add(attribute); } } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
/** * ETSI TS 101 733 V2.2.1 (2013-04)/* w w w. ja v a2 s . c om*/ * 5.11.3 signer-attributes Attribute * NOTE 1: Only a single signer-attributes can be used. * <p/> * The signer-attributes attribute specifies additional attributes of the signer (e.g. role). * It may be either: * claimed attributes of the signer; or * certified attributes of the signer. * The signer-attributes attribute shall be a signed attribute. * * @param parameters * @param signedAttributes * @return */ private void addSignerAttribute(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) { // In PAdES, the role is in the signature dictionary if (!padesUsage) { final List<String> claimedSignerRoles = parameters.bLevel().getClaimedSignerRoles(); if (claimedSignerRoles != null) { List<org.bouncycastle.asn1.x509.Attribute> claimedAttributes = new ArrayList<org.bouncycastle.asn1.x509.Attribute>( claimedSignerRoles.size()); for (final String claimedSignerRole : claimedSignerRoles) { final DERUTF8String roles = new DERUTF8String(claimedSignerRole); //TODO: role attribute key (id_at_name) should be customizable final org.bouncycastle.asn1.x509.Attribute id_aa_ets_signerAttr = new org.bouncycastle.asn1.x509.Attribute( X509ObjectIdentifiers.id_at_name, new DERSet(roles)); claimedAttributes.add(id_aa_ets_signerAttr); } final org.bouncycastle.asn1.cms.Attribute attribute = new org.bouncycastle.asn1.cms.Attribute( PKCSObjectIdentifiers.id_aa_ets_signerAttr, new DERSet(new SignerAttribute(claimedAttributes .toArray(new org.bouncycastle.asn1.x509.Attribute[claimedAttributes.size()])))); signedAttributes.add(attribute); } //TODO: handle CertifiedAttributes ::= AttributeCertificate -- as defined in RFC 3281: see clause 4.1. // final List<String> certifiedSignerRoles = parameters.bLevel().getCertifiedSignerRoles(); } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
private void addSigningTimeAttribute(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) { if (!padesUsage) { /*//from w ww . ja v a 2 s . c o m * In PAdES, we don't include the signing time : ETSI TS 102 778-3 V1.2.1 (2010-07): 4.5.3 signing-time * Attribute */ final Date signingDate = parameters.bLevel().getSigningDate(); if (signingDate != null) { final DERSet attrValues = new DERSet(new Time(signingDate)); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_signingTime, attrValues); signedAttributes.add(attribute); } } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
/** * ETSI TS 101 733 V2.2.1 (2013-04)// www . ja v a2 s. co m * 5.11.2 signer-location Attribute * The signer-location attribute specifies a mnemonic for an address associated with the signer at a particular * geographical (e.g. city) location. The mnemonic is registered in the country in which the signer is located and is used in * the provision of the Public Telegram Service (according to Recommendation ITU-T F.1 [11]). * The signer-location attribute shall be a signed attribute. * * @param parameters * @param signedAttributes * @return */ private void addSignerLocation(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) { if (!padesUsage) { /* * In PAdES, the role is in the signature dictionary */ final BLevelParameters.SignerLocation signerLocationParameter = parameters.bLevel().getSignerLocation(); if (signerLocationParameter != null) { final DERUTF8String country = signerLocationParameter.getCountry() == null ? null : new DERUTF8String(signerLocationParameter.getCountry()); final DERUTF8String locality = signerLocationParameter.getLocality() == null ? null : new DERUTF8String(signerLocationParameter.getLocality()); final ASN1EncodableVector postalAddress = new ASN1EncodableVector(); final List<String> postalAddressParameter = signerLocationParameter.getPostalAddress(); if (postalAddressParameter != null) { for (final String addressLine : postalAddressParameter) { postalAddress.add(new DERUTF8String(addressLine)); } } final DERSequence derSequencePostalAddress = new DERSequence(postalAddress); final SignerLocation signerLocation = new SignerLocation(country, locality, derSequencePostalAddress); final DERSet attrValues = new DERSet(signerLocation); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_ets_signerLocation, attrValues); signedAttributes.add(attribute); } } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
/** * ETSI TS 101 733 V2.2.1 (2013-04)//from w w w .j a va 2 s . c om * <p/> * 5.11.1 commitment-type-indication Attribute * There may be situations where a signer wants to explicitly indicate to a verifier that by signing the data, it illustrates a * type of commitment on behalf of the signer. The commitment-type-indication attribute conveys such * information. * * @param parameters * @param signedAttributes */ private void addCommitmentType(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) { // TODO (19/08/2014): commitmentTypeQualifier is not implemented final BLevelParameters bLevelParameters = parameters.bLevel(); final List<String> commitmentTypeIndications = bLevelParameters.getCommitmentTypeIndications(); if (commitmentTypeIndications != null && !commitmentTypeIndications.isEmpty()) { final int size = commitmentTypeIndications.size(); ASN1Encodable[] asn1Encodables = new ASN1Encodable[size]; for (int ii = 0; ii < size; ii++) { final String commitmentTypeId = commitmentTypeIndications.get(ii); final ASN1ObjectIdentifier objectIdentifier = new ASN1ObjectIdentifier(commitmentTypeId); // final CommitmentTypeIndication commitmentTypeIndication = new CommitmentTypeIndication(objectIdentifier); // final ASN1Primitive asn1Primitive = commitmentTypeIndication.toASN1Primitive(); asn1Encodables[ii] = new DERSequence(objectIdentifier); } final DERSet attrValues = new DERSet(asn1Encodables); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_ets_commitmentType, attrValues); signedAttributes.add(attribute); } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
/** * A content time-stamp allows a time-stamp token of the data to be signed to be incorporated into the signed information. * It provides proof of the existence of the data before the signature was created. * <p/>// w w w.j a v a2 s. c om * A content time-stamp attribute is the time-stamp token of the signed data content before it is signed. * This attribute is a signed attribute. * Its object identifier is : * id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 20} * <p/> * Content time-stamp attribute values have ASN.1 type ContentTimestamp: * ContentTimestamp ::= TimeStampToken * <p/> * The value of messageImprint of TimeStampToken (as described in RFC 3161) is the hash of the message digest as defined in * ETSI standard 101733 v.2.2.1, clause 5.6.1. * <p/> * NOTE: content-time-stamp indicates that the signed information was formed before the date included in the content-time-stamp. * NOTE (bis): There is a small difference in treatment between the content-time-stamp and the archive-timestamp (ATSv2) when the signature * is attached. In that case, the content-time-stamp is computed on the raw data (without ASN.1 tag and length) whereas the archive-timestamp * is computed on data as read. * * @param parameters * @param signedAttributes * @return */ private void addContentTimestamps(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) { if (parameters.getContentTimestamps() != null && !parameters.getContentTimestamps().isEmpty()) { final List<TimestampToken> contentTimestamps = parameters.getContentTimestamps(); for (final TimestampToken contentTimestamp : contentTimestamps) { final ASN1Object asn1Object = DSSASN1Utils.toASN1Primitive(contentTimestamp.getEncoded()); final DERSet attrValues = new DERSet(asn1Object); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_ets_contentTimestamp, attrValues); signedAttributes.add(attribute); } } }