List of usage examples for org.bouncycastle.asn1 ASN1EncodableVector ASN1EncodableVector
public ASN1EncodableVector()
From source file:es.gob.afirma.signers.multi.cades.CAdESTriPhaseCounterSigner.java
License:Open Source License
/** Contrafirma las hojas del árbol completo de forma * recursiva, todos los dodos creando un nuevo contraSigner.<br> * @param signerInfosRaiz/* w ww . j a va 2s.c om*/ * Nodo raí que contiene todos los signerInfos que se * deben firmar. * @param parameters * Parámetros necesarios para firmar un determinado * SignerInfo hoja. * @param key Clave privada a usar para firmar * @param contentType Tipo de contenido definido por su OID. * @param contentDescription Descripción textual del tipo de contenido firmado. * @return El SignerInfo raíz con todos sus nodos Contrafirmados. * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws java.security.cert.CertificateException * @throws es.map.es.map.afirma.exceptions.AOException */ private ASN1EncodableVector counterLeaf(final ASN1Set signerInfosRaiz, final P7ContentSignerParameters parameters, final PrivateKey key, final java.security.cert.Certificate[] certChain, final String contentType, final String contentDescription, final AdESPolicy policy, final boolean signingCertificateV2) throws NoSuchAlgorithmException, IOException, CertificateException, AOException { final ASN1EncodableVector counterSigners = new ASN1EncodableVector(); for (int i = 0; i < signerInfosRaiz.size(); i++) { final SignerInfo si = new SignerInfo((ASN1Sequence) signerInfosRaiz.getObjectAt(i)); counterSigners.add(getLeafSignerInfo(si, parameters, key, certChain, contentType, contentDescription, policy, signingCertificateV2)); } return counterSigners; }
From source file:es.gob.afirma.signers.multi.cades.CAdESTriPhaseCounterSigner.java
License:Open Source License
/** Obtiene la contrafirma de los signerInfo de forma recursiva.<br> * @param signerInfo// w ww . j a va 2 s . co m * Nodo raí que contiene todos los signerInfos que se * deben firmar. * @param parameters * Parámetros necesarios para firmar un determinado * SignerInfo hoja. * @param key Clave privada a usar para firmar. * @param contentType * Tipo de contenido definido por su OID. * @param contentDescription * Descripción textual del tipo de contenido firmado. * @return El SignerInfo raíz parcial con todos sus nodos * Contrafirmados. * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws java.security.cert.CertificateException * @throws es.map.es.map.afirma.exceptions.AOException */ private SignerInfo getCounterSignerInfo(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final PrivateKey key, final java.security.cert.Certificate[] certChain, final String contentType, final String contentDescription, final AdESPolicy policy, final boolean signingCertificateV2) throws NoSuchAlgorithmException, IOException, CertificateException, AOException { final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final SignerInfo si = new SignerInfo((ASN1Sequence) eAtributesData.nextElement()); signerInfosU.add(getCounterSignerInfo(si, parameters, key, certChain, contentType, contentDescription, policy, signingCertificateV2)); } } else { signerInfosU.add(data); } } // FIRMA DEL NODO ACTUAL counterSigner = generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2); signerInfosU.add(counterSigner); // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); contexExpecific.add(uAtrib); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.signers.multi.cades.CAdESTriPhaseCounterSigner.java
License:Open Source License
/** Obtiene la contrafirma de los signerInfo de una determinada hoja de forma * recursiva.</br>//from w w w.j a v a 2s . c o m * @param signerInfo Nodo raí que contiene todos los signerInfos que se deben firmar. * @param parameters Parámetros necesarios para firmar un determinado <i>SignerInfo</i> hoja. * @param cert Certificado de firma. * @param keyEntry Clave privada a usar para firmar * @param contentType Tipo de contenido definido por su OID. * @param contentDescription Descripción textual del tipo de contenido firmado. * @return SignerInfo raíz parcial con todos sus nodos contrafirmados. * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws java.security.cert.CertificateException * @throws es.map.es.map.afirma.exceptions.AOException */ private SignerInfo getLeafSignerInfo(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final PrivateKey key, final java.security.cert.Certificate[] certChain, final String contentType, final String contentDescription, final AdESPolicy policy, final boolean signingCertificateV2) throws NoSuchAlgorithmException, IOException, CertificateException, AOException { final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final SignerInfo si = new SignerInfo((ASN1Sequence) eAtributesData.nextElement()); signerInfosU.add(getLeafSignerInfo(si, parameters, key, certChain, contentType, contentDescription, policy, signingCertificateV2)); } } else { signerInfosU.add(data); } } // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); contexExpecific.add(uAtrib); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.signers.pades.ltv.PdfDocumentSecurityStore.java
License:Open Source License
synchronized int registerOcspBasicResp(final byte basicResp[]) throws IOException { final ASN1EncodableVector v2 = new ASN1EncodableVector(); v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic); v2.add(new DEROctetString(basicResp)); final ASN1EncodableVector v3 = new ASN1EncodableVector(); v3.add(new ASN1Enumerated(0)); v3.add(new DERTaggedObject(true, 0, new DERSequence(v2))); return registerOcspResp(new DERSequence(v3).getEncoded()); }
From source file:es.gob.afirma.signers.pkcs7.DigestedData.java
License:Open Source License
/** Produce an object suitable for an ASN1OutputStream. * * <pre>//from w ww .j a v a 2s .com * DigestedData ::= SEQUENCE { * version CMSVersion, * digestAlgorithms DigestAlgorithmIdentifiers, * encapContentInfo EncapsulatedContentInfo, * digest Digest * } * * Digest ::= OCTET STRING * </pre> */ @Override public ASN1Primitive toASN1Primitive() { final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(this.version); v.add(this.digestAlgorithm); v.add(this.contentInfo); v.add(this.digest); return new BERSequence(v); }
From source file:es.gob.afirma.signers.pkcs7.SignedAndEnvelopedData.java
License:Open Source License
/** Produce an object suitable for an ASN1OutputStream. * * <pre>/* ww w . j a va2 s. c om*/ * SignedAndEnvelopedData ::= SEQUENCE { * version Version, * recipientInfos RecipientInfos, * digestAlgorithms DigestAlgorithmIdentifiers, * encryptedContentInfo EncryptedContentInfo, * certificates * [0] IMPLICIT ExtendedCertificatesAndCertificates * OPTIONAL, * crls * [1] IMPLICIT CertificateRevocationLists OPTIONAL, * signerInfos SignerInfos } * * </pre> */ @Override public ASN1Primitive toASN1Primitive() { final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(this.version); v.add(this.recipientInfos); v.add(this.digestAlgorithms); v.add(this.encryptedContentInfo); if (this.certificates != null) { v.add(new DERTaggedObject(false, 1, this.certificates)); } if (this.crls != null) { v.add(new DERTaggedObject(false, 1, this.crls)); } v.add(this.signerInfos); return new BERSequence(v); }
From source file:es.gob.afirma.signers.pkcs7.SigUtils.java
License:Open Source License
/** Genera un estructura de tipo SET de formato ASN1. * @param derObjects Una lista con los objetos a obtener el tipo SET * @return Un SET de ASN1 con los elementos de la lista introducida. */ public static ASN1Set createBerSetFromList(final List<ASN1Encodable> derObjects) { final ASN1EncodableVector v = new ASN1EncodableVector(); for (final ASN1Encodable d : derObjects) { v.add(d);/*w w w.jav a2s.c o m*/ } return new BERSet(v); }
From source file:es.uji.security.crypto.pdf.PdfPKCS7TSA.java
License:Mozilla Public License
/** * Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes * in the signerInfo can also be set, OR a time-stamp-authority client * may be provided. * @param secondDigest the digest in the authenticatedAttributes * @param signingTime the signing time in the authenticatedAttributes * @param tsaUrl TSAClient - null or an optional time stamp authority client * @return byte[] the bytes for the PKCS7SignedData object * @since 2.1.6 *///from w w w . ja va2 s . c o m public byte[] getEncodedPKCS7(byte secondDigest[], Calendar signingTime, String tsaUrl, byte[] ocsp) { try { if (externalDigest != null) { digest = externalDigest; if (RSAdata != null) RSAdata = externalRSAdata; } else if (externalRSAdata != null && RSAdata != null) { RSAdata = externalRSAdata; sig.update(RSAdata); digest = sig.sign(); } else { if (RSAdata != null) { RSAdata = messageDigest.digest(); sig.update(RSAdata); } digest = sig.sign(); } // Create the set of Hash algorithms ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector(); for (Iterator it = digestalgos.iterator(); it.hasNext();) { ASN1EncodableVector algos = new ASN1EncodableVector(); algos.add(new DERObjectIdentifier((String) it.next())); algos.add(DERNull.INSTANCE); digestAlgorithms.add(new DERSequence(algos)); } // Create the contentInfo. ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_PKCS7_DATA)); if (RSAdata != null) v.add(new DERTaggedObject(0, new DEROctetString(RSAdata))); DERSequence contentinfo = new DERSequence(v); // Get all the certificates // v = new ASN1EncodableVector(); for (Iterator i = certs.iterator(); i.hasNext();) { ASN1InputStream tempstream = new ASN1InputStream( new ByteArrayInputStream(((X509Certificate) i.next()).getEncoded())); v.add(tempstream.readObject()); } DERSet dercertificates = new DERSet(v); // Create signerinfo structure. // ASN1EncodableVector signerinfo = new ASN1EncodableVector(); // Add the signerInfo version // signerinfo.add(new DERInteger(signerversion)); v = new ASN1EncodableVector(); v.add(getIssuer(signCert.getTBSCertificate())); v.add(new DERInteger(signCert.getSerialNumber())); signerinfo.add(new DERSequence(v)); // Add the digestAlgorithm v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(digestAlgorithm)); v.add(new DERNull()); signerinfo.add(new DERSequence(v)); // add the authenticated attribute if present if (secondDigest != null && signingTime != null) { signerinfo.add(new DERTaggedObject(false, 0, getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp))); } // Add the digestEncryptionAlgorithm v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(digestEncryptionAlgorithm)); v.add(new DERNull()); signerinfo.add(new DERSequence(v)); // Add the digest signerinfo.add(new DEROctetString(digest)); // When requested, go get and add the timestamp. May throw an exception. // Added by Martin Brunecky, 07/12/2007 folowing Aiken Sam, 2006-11-15 // Sam found Adobe expects time-stamped SHA1-1 of the encrypted digest if (tsaUrl != null) { byte[] tsImprint = MessageDigest.getInstance("SHA-1").digest(digest); TSResponse response = TimeStampFactory.getTimeStampResponse(tsaUrl, tsImprint, false); byte[] tsToken = response.getEncodedToken(); //Strip the status code out of the response, the adobe validator requieres it. //TODO: Research about this. byte[] status = { 0x30, (byte) 0x82, 0x03, (byte) 0xA7, 0x30, 0x03, 0x02, 0x01, 0x00 }; byte[] modTsToken = new byte[tsToken.length - status.length]; System.arraycopy(tsToken, status.length, modTsToken, 0, tsToken.length - status.length); if (modTsToken != null) { ASN1EncodableVector unauthAttributes = buildUnauthenticatedAttributes(modTsToken); if (unauthAttributes != null) { signerinfo.add(new DERTaggedObject(false, 1, new DERSet(unauthAttributes))); } } } // Finally build the body out of all the components above ASN1EncodableVector body = new ASN1EncodableVector(); body.add(new DERInteger(version)); body.add(new DERSet(digestAlgorithms)); body.add(contentinfo); body.add(new DERTaggedObject(false, 0, dercertificates)); if (!crls.isEmpty()) { v = new ASN1EncodableVector(); for (Iterator i = crls.iterator(); i.hasNext();) { ASN1InputStream t = new ASN1InputStream( new ByteArrayInputStream(((X509CRL) i.next()).getEncoded())); v.add(t.readObject()); } DERSet dercrls = new DERSet(v); body.add(new DERTaggedObject(false, 1, dercrls)); } // Only allow one signerInfo body.add(new DERSet(new DERSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // ASN1EncodableVector whole = new ASN1EncodableVector(); whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA)); whole.add(new DERTaggedObject(0, new DERSequence(body))); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream dout = new ASN1OutputStream(bOut); dout.writeObject(new DERSequence(whole)); dout.close(); return bOut.toByteArray(); } catch (Exception e) { throw new ExceptionConverter(e); } }
From source file:es.uji.security.crypto.pdf.PdfPKCS7TSA.java
License:Mozilla Public License
private DERSet getAuthenticatedAttributeSet(byte secondDigest[], Calendar signingTime, byte[] ocsp) { try {/* ww w . j a v a 2s.c o m*/ ASN1EncodableVector attribute = new ASN1EncodableVector(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_CONTENT_TYPE)); v.add(new DERSet(new DERObjectIdentifier(ID_PKCS7_DATA))); attribute.add(new DERSequence(v)); v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_SIGNING_TIME)); v.add(new DERSet(new DERUTCTime(signingTime.getTime()))); attribute.add(new DERSequence(v)); v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_MESSAGE_DIGEST)); v.add(new DERSet(new DEROctetString(secondDigest))); attribute.add(new DERSequence(v)); if (ocsp != null) { v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION)); DEROctetString doctet = new DEROctetString(ocsp); ASN1EncodableVector vo1 = new ASN1EncodableVector(); ASN1EncodableVector v2 = new ASN1EncodableVector(); v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic); v2.add(doctet); DEREnumerated den = new DEREnumerated(0); ASN1EncodableVector v3 = new ASN1EncodableVector(); v3.add(den); v3.add(new DERTaggedObject(true, 0, new DERSequence(v2))); vo1.add(new DERSequence(v3)); v.add(new DERSet(new DERSequence(new DERTaggedObject(true, 1, new DERSequence(vo1))))); attribute.add(new DERSequence(v)); } else if (!crls.isEmpty()) { v = new ASN1EncodableVector(); v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION)); ASN1EncodableVector v2 = new ASN1EncodableVector(); for (Iterator i = crls.iterator(); i.hasNext();) { ASN1InputStream t = new ASN1InputStream( new ByteArrayInputStream(((X509CRL) i.next()).getEncoded())); v2.add(t.readObject()); } v.add(new DERSet(new DERSequence(new DERTaggedObject(true, 0, new DERSequence(v2))))); attribute.add(new DERSequence(v)); } return new DERSet(attribute); } catch (Exception e) { throw new ExceptionConverter(e); } }
From source file:eu.emi.security.authn.x509.helpers.proxy.ProxyAddressRestrictionData.java
License:Open Source License
/** * Returns the NameConstraints structure of the restrictions. * //from w ww . ja v a 2 s. c o m * @return The DERSequence containing the NameConstraints structure. */ @Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector nameConstraintsSequenceVector = new ASN1EncodableVector(); addTaggedSequenceOfSubtrees(0, permittedGeneralSubtrees, nameConstraintsSequenceVector); addTaggedSequenceOfSubtrees(1, excludedGeneralSubtrees, nameConstraintsSequenceVector); return new DERSequence(nameConstraintsSequenceVector); }