List of usage examples for org.bouncycastle.asn1 DERSequence DERSequence
public DERSequence()
From source file:br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCSignerLocation.java
License:Open Source License
@Override public ASN1Set getValue() { SignerLocation attribute = (SignerLocation) super.getAttribute(); String localityName = attribute.getValue(); org.bouncycastle.asn1.esf.SignerLocation signerLocation = new org.bouncycastle.asn1.esf.SignerLocation( new DERUTF8String(""), new DERUTF8String(localityName), new DERSequence()); return new DERSet(signerLocation); }
From source file:ee.ria.xroad.common.hashchain.DigestList.java
License:Open Source License
/** * Encodes hash value as SingleDigest data structure. *//* ww w . ja v a 2 s . co m*/ private static DERSequence singleDigest(String digestMethodUri, byte[] digest) throws Exception { DEROctetString digestValue = new DEROctetString(digest); DERUTF8String digestMethod = new DERUTF8String(digestMethodUri); DERSequence transforms = new DERSequence(); return new DERSequence(new ASN1Encodable[] { digestValue, digestMethod, transforms }); }
From source file:eu.europa.ec.markt.dss.signature.cades.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field certificatesHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of CertificateChoices within certificates field of the root SignedData. A hash value for * every instance of CertificateChoices, as present at the time when the corresponding archive time-stamp is * requested, shall be included in certificatesHashIndex. No other hash value shall be included in this field. * * @param cAdESSignature//from w ww . ja v a 2 s . c o m * @return * @throws eu.europa.ec.markt.dss.exception.DSSException */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedCertificatesHashIndex(CAdESSignature cAdESSignature, TimestampToken timestampToken) throws DSSException { final ASN1Sequence certHashes = getCertificatesHashIndex(timestampToken); final ArrayList<DEROctetString> certHashesList = Collections.list(certHashes.getObjects()); final List<CertificateToken> certificates = cAdESSignature.getCertificatesWithinSignatureAndTimestamps(); for (final CertificateToken certificateToken : certificates) { final byte[] encodedCertificate = certificateToken.getEncoded(); final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, encodedCertificate); final DEROctetString derOctetStringDigest = new DEROctetString(digest); if (certHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp LOG.debug("Cert {} present in timestamp", certificateToken.getAbbreviation()); } else { LOG.debug("Cert {} not present in timestamp", certificateToken.getAbbreviation()); } } if (!certHashesList.isEmpty()) { LOG.error("{} attribute hash in Cert Hashes have not been found in document attributes: {}", certHashesList.size(), certHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } return certHashes; }
From source file:eu.europa.ec.markt.dss.signature.cades.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field crlsHashIndex is a sequence of octet strings. Each one contains the hash value of one instance of * RevocationInfoChoice within crls field of the root SignedData. A hash value for every instance of * RevocationInfoChoice, as present at the time when the corresponding archive time-stamp is requested, shall be * included in crlsHashIndex. No other hash values shall be included in this field. * * @param cAdESSignature/*from w ww . j a v a 2s. c om*/ * @return * @throws eu.europa.ec.markt.dss.exception.DSSException */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedCRLsHashIndex(CAdESSignature cAdESSignature, TimestampToken timestampToken) throws DSSException { final ASN1Sequence crlHashes = getCRLHashIndex(timestampToken); final ArrayList<DEROctetString> crlHashesList = Collections.list(crlHashes.getObjects()); final SignedData signedData = SignedData .getInstance(cAdESSignature.getCmsSignedData().toASN1Structure().getContent()); final ASN1Set signedDataCRLs = signedData.getCRLs(); if (signedDataCRLs != null) { final Enumeration<ASN1Encodable> crLs = signedDataCRLs.getObjects(); if (crLs != null) { while (crLs.hasMoreElements()) { final ASN1Encodable asn1Encodable = crLs.nextElement(); handleRevocationEncoded(crlHashesList, DSSASN1Utils.getDEREncoded(asn1Encodable)); } } } if (!crlHashesList.isEmpty()) { LOG.error("{} attribute hash in CRL Hashes have not been found in document attributes: {}", crlHashesList.size(), crlHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } return crlHashes; }
From source file:eu.europa.ec.markt.dss.signature.cades.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field unsignedAttrsHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of Attribute within unsignedAttrs field of the SignerInfo. A hash value for every instance of * Attribute, as present at the time when the corresponding archive time-stamp is requested, shall be included in * unsignedAttrsHashIndex. No other hash values shall be included in this field. * <p/>/* w ww .java 2 s . c om*/ * We check that every hash attribute found in the timestamp token is found if the signerInformation. * <p/> * If there is more unsigned attributes in the signerInformation than present in the hash attributes list * (and there is at least the archiveTimestampAttributeV3), we don't report any error nor which attributes are signed by the timestamp. * If there is some attributes that are not present or altered in the signerInformation, we just return some empty sequence to make * sure that the timestamped data will not match. We do not report which attributes hash are present if any. * <p/> * If there is not attribute at all in the archive timestamp hash index, that would means we didn't check anything. * * @param signerInformation * @param timestampToken * @return */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedUnsignedAttributesHashIndex(SignerInformation signerInformation, TimestampToken timestampToken) throws DSSException { final ASN1Sequence unsignedAttributesHashes = getUnsignedAttributesHashIndex(timestampToken); final ArrayList<DEROctetString> timestampUnsignedAttributesHashesList = Collections .list(unsignedAttributesHashes.getObjects()); AttributeTable unsignedAttributes = CAdESSignature.getUnsignedAttributes(signerInformation); final ASN1EncodableVector asn1EncodableVector = unsignedAttributes.toASN1EncodableVector(); for (int i = 0; i < asn1EncodableVector.size(); i++) { final Attribute attribute = (Attribute) asn1EncodableVector.get(i); final DEROctetString derOctetStringDigest = getAttributeDerOctetStringHash(attribute); final ASN1ObjectIdentifier attrType = attribute.getAttrType(); if (timestampUnsignedAttributesHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp LOG.debug("Attribute {} present in timestamp", attrType.getId()); } else { LOG.debug("Attribute {} not present in timestamp", attrType.getId()); } } if (!timestampUnsignedAttributesHashesList.isEmpty()) { LOG.error("{} attribute hash in Timestamp have not been found in document attributes: {}", timestampUnsignedAttributesHashesList.size(), timestampUnsignedAttributesHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } // return the original DERSequence return unsignedAttributesHashes; }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field certificatesHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of CertificateChoices within certificates field of the root SignedData. A hash value for * every instance of CertificateChoices, as present at the time when the corresponding archive time-stamp is * requested, shall be included in certificatesHashIndex. No other hash value shall be included in this field. * * @return//w w w. java 2 s .c om * @throws eu.europa.esig.dss.DSSException */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedCertificatesHashIndex(TimestampToken timestampToken) throws DSSException { final ASN1Sequence certHashes = getCertificatesHashIndex(timestampToken); final List<DEROctetString> certHashesList = new ArrayList<DEROctetString>(); if (certHashes != null) { certHashesList.addAll(Collections.list(certHashes.getObjects())); } final List<CertificateToken> certificates = cadesSignature.getCertificatesWithinSignatureAndTimestamps(); for (final CertificateToken certificateToken : certificates) { final byte[] encodedCertificate = certificateToken.getEncoded(); final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, encodedCertificate); final DEROctetString derOctetStringDigest = new DEROctetString(digest); if (certHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp LOG.debug("Cert {} present in timestamp", certificateToken.getAbbreviation()); } else { LOG.debug("Cert {} not present in timestamp", certificateToken.getAbbreviation()); } } if (!certHashesList.isEmpty()) { LOG.error("{} attribute hash in Cert Hashes have not been found in document attributes: {}", certHashesList.size(), certHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } return certHashes; }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field crlsHashIndex is a sequence of octet strings. Each one contains the hash value of one instance of * RevocationInfoChoice within crls field of the root SignedData. A hash value for every instance of * RevocationInfoChoice, as present at the time when the corresponding archive time-stamp is requested, shall be * included in crlsHashIndex. No other hash values shall be included in this field. * * @return/* ww w. j ava 2 s. c o m*/ * @throws eu.europa.esig.dss.DSSException */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedCRLsHashIndex(TimestampToken timestampToken) throws DSSException { final ASN1Sequence crlHashes = getCRLHashIndex(timestampToken); final List<DEROctetString> crlHashesList = new ArrayList<DEROctetString>(); if (crlHashes != null) { crlHashesList.addAll(Collections.list(crlHashes.getObjects())); } final SignedData signedData = SignedData .getInstance(cadesSignature.getCmsSignedData().toASN1Structure().getContent()); final ASN1Set signedDataCRLs = signedData.getCRLs(); if (signedDataCRLs != null) { final Enumeration<ASN1Encodable> crLs = signedDataCRLs.getObjects(); if (crLs != null) { while (crLs.hasMoreElements()) { final ASN1Encodable asn1Encodable = crLs.nextElement(); handleRevocationEncoded(crlHashesList, DSSASN1Utils.getDEREncoded(asn1Encodable)); } } } if (!crlHashesList.isEmpty()) { LOG.error("{} attribute hash in CRL Hashes have not been found in document attributes: {}", crlHashesList.size(), crlHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } return crlHashes; }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field unsignedAttrsHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of Attribute within unsignedAttrs field of the SignerInfo. A hash value for every instance of * Attribute, as present at the time when the corresponding archive time-stamp is requested, shall be included in * unsignedAttrsHashIndex. No other hash values shall be included in this field. * * We check that every hash attribute found in the timestamp token is found if the signerInformation. * * If there is more unsigned attributes in the signerInformation than present in the hash attributes list * (and there is at least the archiveTimestampAttributeV3), we don't report any error nor which attributes are * signed by the timestamp./* w ww.ja v a 2 s . co m*/ * If there is some attributes that are not present or altered in the signerInformation, we just return some empty * sequence to make * sure that the timestamped data will not match. We do not report which attributes hash are present if any. * * If there is not attribute at all in the archive timestamp hash index, that would means we didn't check anything. * * @param signerInformation * @param timestampToken * @return */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedUnsignedAttributesHashIndex(SignerInformation signerInformation, TimestampToken timestampToken) throws DSSException { final ASN1Sequence unsignedAttributesHashes = getUnsignedAttributesHashIndex(timestampToken); final List<DEROctetString> timestampUnsignedAttributesHashesList = new ArrayList<DEROctetString>(); if (unsignedAttributesHashes != null) { timestampUnsignedAttributesHashesList.addAll(Collections.list(unsignedAttributesHashes.getObjects())); } AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation); final ASN1EncodableVector asn1EncodableVector = unsignedAttributes.toASN1EncodableVector(); for (int i = 0; i < asn1EncodableVector.size(); i++) { final Attribute attribute = (Attribute) asn1EncodableVector.get(i); final DEROctetString derOctetStringDigest = getAttributeDerOctetStringHash(attribute); final ASN1ObjectIdentifier attrType = attribute.getAttrType(); if (timestampUnsignedAttributesHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp LOG.debug("Attribute {} present in timestamp", attrType.getId()); } else { LOG.debug("Attribute {} not present in timestamp", attrType.getId()); } } if (!timestampUnsignedAttributesHashesList.isEmpty()) { LOG.error("{} attribute hash in Timestamp have not been found in document attributes: {}", timestampUnsignedAttributesHashesList.size(), timestampUnsignedAttributesHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } // return the original DERSequence return unsignedAttributesHashes; }
From source file:org.italiangrid.voms.asn1.VOMSACGenerator.java
License:Apache License
private ASN1Encodable buildACCertsExtensionContent(EnumSet<ACGenerationProperties> properties) { ASN1EncodableVector issuerCertsContainer = new ASN1EncodableVector(); if (properties.contains(ACGenerationProperties.INCLUDE_EMPTY_AC_CERTS_EXTENSION)) issuerCertsContainer.add(new DERSequence()); else/* w ww . j a va2 s . co m*/ issuerCertsContainer.add(new DERSequence(getCertAsDEREncodable(aaCredential.getCertificate()))); return new DERSequence(issuerCertsContainer); }
From source file:org.italiangrid.voms.asn1.VOMSACGenerator.java
License:Apache License
public X509AttributeCertificateHolder generateVOMSAttributeCertificate( EnumSet<ACGenerationProperties> generationProperties, List<String> fqans, List<VOMSGenericAttribute> gas, List<String> targets, X509Certificate holderCert, BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) { AttributeCertificateHolder holder = null; AttributeCertificateIssuer issuer = null; try {/* w w w .ja v a2 s . co m*/ holder = buildHolder(holderCert); issuer = buildIssuer(); } catch (CertificateEncodingException e) { throw new VOMSError(e.getMessage(), e); } X509v2AttributeCertificateBuilder builder = new X509v2AttributeCertificateBuilder(holder, issuer, serialNumber, notBefore, notAfter); GeneralName policyAuthorityInfo = buildPolicyAuthorityInfo(voName, host, port); builder.addAttribute(VOMS_FQANS_OID, buildFQANsAttributeContent(fqans, policyAuthorityInfo)); if (gas != null && !gas.isEmpty()) builder.addExtension(VOMS_GENERIC_ATTRS_OID, false, buildGAExtensionContent(generationProperties, gas, policyAuthorityInfo)); if (targets != null && !targets.isEmpty()) builder.addExtension(X509Extension.targetInformation, true, buildTargetsExtensionContent(generationProperties, targets)); if (!generationProperties.contains(ACGenerationProperties.SKIP_AC_CERTS_EXTENSION)) builder.addExtension(VOMS_CERTS_OID, false, buildACCertsExtensionContent(generationProperties)); if (generationProperties.contains(ACGenerationProperties.INCLUDE_FAKE_CRITICAL_EXTENSION)) builder.addExtension(FAKE_EXT_OID, true, new DERSequence()); boolean noRevAvailIsCritical = false; boolean akidIsCritical = false; if (generationProperties.contains(ACGenerationProperties.INCLUDE_CRITICAL_NO_REV_AVAIL_EXTENSION)) noRevAvailIsCritical = true; if (generationProperties.contains(ACGenerationProperties.INCLUDE_CRITICAL_AKID_EXTENSION)) akidIsCritical = true; builder.addExtension(X509Extension.noRevAvail, noRevAvailIsCritical, new DERNull()); AuthorityKeyIdentifier akid = buildAuthorityKeyIdentifier(); builder.addExtension(X509Extension.authorityKeyIdentifier, akidIsCritical, akid != null ? akid : new DERNull()); return builder.build(getSigner(generationProperties)); }