List of usage examples for org.bouncycastle.asn1.cms Attribute getAttrType
public ASN1ObjectIdentifier getAttrType()
From source file:com.guardtime.asn1.Asn1Util.java
License:Apache License
/** * Extracts the value of the specified attribute from the given attribute * set.// www.j a va2 s .c o m * * @param attrs * the attribute set to search; this must not be {@code null}. * @param oid * the OID of the attribute to look for. * @return the value of the attribute. * @throw Asn1FormatException if the attribute does not have exactly one * single value in the set. */ static ASN1Encodable getAttributeValue(ASN1Set attrs, String oid) throws Asn1FormatException { ASN1ObjectIdentifier asnOid = new ASN1ObjectIdentifier(oid); ASN1Encodable val = null; int count = 0; for (int i = 0; i < attrs.size(); ++i) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (attr.getAttrType().equals(asnOid)) { ASN1Set set = attr.getAttrValues(); if (set.size() < 1) { throw new Asn1FormatException("empty attribute " + oid); } if (set.size() > 1) { throw new Asn1FormatException("multi-valued attribute " + oid); } val = set.getObjectAt(0); ++count; } } if (count < 1) { throw new Asn1FormatException("no attribute " + oid); } if (count > 1) { throw new Asn1FormatException("multiple instances of attribute " + oid); } return val; }
From source file:es.gob.afirma.envelopers.cms.CounterSignerEnveloped.java
License:Open Source License
/** Método utilizado por la firma del érbol para obtener la * contrafirma de los signerInfo de forma recursiva.<br> * @param signerInfo Nodo raí que contiene todos los signerInfos que se * deben firmar./*from w w w. j ava 2 s. co m*/ * @param parameters Parámetros necesarios para firmar un determinado * <code>SignerInfo</code> hoja. * @param cert Certificado de firma. * @param keyEntry Clave privada a usar para firmar. * @return El <code>SignerInfo</code> raíz parcial con todos sus nodos * Contrafirmados. * @throws java.security.NoSuchAlgorithmException Si el JRE no soporta algún algoritmo necesario * @throws java.io.IOException Cuando hay problemas de entrada / salida. * @throws CertificateException Caundo hay problemas relacionados con los certificados X.509. * @throws InvalidKeyException Cuando la clave proporcionada no es válida. * @throws SignatureException Cuando ocurren problando hay problemas de adecuación de la clave. */ private SignerInfo getCounterUnsignedAtributes(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final X509Certificate cert, final PrivateKeyEntry keyEntry) throws NoSuchAlgorithmException, IOException, CertificateException, InvalidKeyException, SignatureException { final List<Object> attributes = new ArrayList<Object>(); final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final Object obj = eAtributesData.nextElement(); if (obj instanceof ASN1Sequence) { final ASN1Sequence atrib = (ASN1Sequence) obj; final SignerInfo si = SignerInfo.getInstance(atrib); final SignerInfo obtained = getCounterUnsignedAtributes(si, parameters, cert, keyEntry); signerInfosU.add(obtained); } else { attributes.add(obj); } } } else { signerInfosU.add(data); } } // FIRMA DEL NODO ACTUAL counterSigner = unsignedAtributte(parameters, cert, signerInfo, keyEntry); signerInfosU.add(counterSigner); // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); // introducido este else pero es sospechoso que no estuviera // antes de este ultimo cambio. } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(unsignedAtributte(parameters, cert, signerInfo, keyEntry)); contexExpecific .add(new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2))); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), generateUnsignerInfoFromCounter(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(unsignedAtributte(parameters, cert, signerInfo, keyEntry)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), generateUnsignerInfoFromCounter(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.envelopers.cms.CounterSignerEnveloped.java
License:Open Source License
/** Método utilizado por la firma de una hoja del érbol para * obtener la contrafirma de los signerInfo de una determinada hoja de forma * recursiva.//from w w w. j a v a 2s .c o m * @param signerInfo * Nodo raí que contiene todos los signerInfos que se * deben firmar. * @param parameters * Parámetros necesarios para firmar un determinado * SignerInfo hoja. * @param cert * Certificado de firma. * @param keyEntry * Clave privada a usar para firmar * @return El SignerInfo raíz parcial con todos sus nodos * Contrafirmados. * @throws java.security.NoSuchAlgorithmException Si el JRE no soporta algún algoritmo necesario * @throws java.io.IOException Cuando hay problemas de entrada / salida. * @throws java.security.cert.CertificateException Cuando hay problemas relacionados con los certificados X.509. * @throws SignatureException Cuando ocurren problemas en la firma PKCS#1. * @throws InvalidKeyException Cuando hay problemas de adecuación de la clave. */ private SignerInfo getCounterLeafUnsignedAtributes(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final X509Certificate cert, final PrivateKeyEntry keyEntry) throws NoSuchAlgorithmException, IOException, CertificateException, InvalidKeyException, SignatureException { final List<Object> attributes = new ArrayList<Object>(); final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final Object obj = eAtributesData.nextElement(); if (obj instanceof ASN1Sequence) { signerInfosU.add(getCounterLeafUnsignedAtributes(SignerInfo.getInstance(obj), parameters, cert, keyEntry)); } else { attributes.add(obj); } } } else { signerInfosU.add(data); } } // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(unsignedAtributte(parameters, cert, signerInfo, keyEntry)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); contexExpecific.add(uAtrib); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), generateUnsignerInfoFromCounter(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(unsignedAtributte(parameters, cert, signerInfo, keyEntry)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.envelopers.cms.CounterSignerEnveloped.java
License:Open Source License
/** Método utilizado por la firma de un nodo del érbol para * obtener la contrafirma de los signerInfo Sin ser recursivo. Esto es por * el caso especial de que puede ser el nodo raiz el nodo a firmar, por lo * que no sería necesario usar la recursividad. * @param signerInfo//from w ww . j av a2 s.c o m * Nodo raí que contiene todos los signerInfos que se * deben firmar. * @param parameters * Parámetros necesarios para firmar un determinado * SignerInfo hoja. * @param cert * Certificado de firma. * @param keyEntry * Clave privada a usar para firmar * @return El SignerInfo raíz parcial con todos sus nodos * Contrafirmados. * @throws java.security.NoSuchAlgorithmException Si el JRE no soporta algún algoritmo necesario * @throws java.io.IOException Cuando hay problemas de entrada / salida. * @throws java.security.cert.CertificateException Cuando hay problemas relacionados con los certificados X.509. * @throws SignatureException Cuando ocurren problemas en la firma PKCS#1. * @throws InvalidKeyException Cuando hay problemas de adecuación de la clave. */ private SignerInfo getCounterNodeUnsignedAtributes(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final X509Certificate cert, final PrivateKeyEntry keyEntry) throws NoSuchAlgorithmException, IOException, CertificateException, InvalidKeyException, SignatureException { final List<Object> attributes = new ArrayList<Object>(); final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final Object obj = eAtributesData.nextElement(); if (obj instanceof ASN1Sequence) { signerInfosU.add(SignerInfo.getInstance(obj)); } else { attributes.add(obj); } } } else { signerInfosU.add(data); } } // FIRMA DEL NODO ACTUAL signerInfosU.add(unsignedAtributte(parameters, cert, signerInfo, keyEntry)); // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(unsignedAtributte(parameters, cert, signerInfo, keyEntry)); contexExpecific .add(new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2))); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), generateUnsignerInfoFromCounter(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(unsignedAtributte(parameters, cert, signerInfo, keyEntry)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.envelopers.cms.CounterSignerEnveloped.java
License:Open Source License
/** Método utilizado por la firma de un nodo del érbol para * obtener la contrafirma de los signerInfo buscando el nodo de forma * recursiva.//from w w w. j a v a 2 s .c o m * @param signerInfo * Nodo raí que contiene todos los signerInfos que se * deben firmar. * @param parameters * Parámetros necesarios para firmar un determinado * SignerInfo hoja. * @param cert * Certificado de firma. * @param keyEntry * Clave privada a usar para firmar * @param node * Nodo específico a firmar. * @return El SignerInfo raíz parcial con todos sus nodos * Contrafirmados. * @throws java.security.NoSuchAlgorithmException Cuando el JRE no soporta algún algoritmo necesario. * @throws java.io.IOException Cuando hay problemas de entrada / salida. * @throws java.security.cert.CertificateException Cuando hay problemas relacionados con los certificados X.509. * @throws SignatureException Cuando ocurren problemas en la firma PKCS#1. * @throws InvalidKeyException Cuando hay problemas de adecuación de la clave. */ private SignerInfo getCounterNodeUnsignedAtributes(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final X509Certificate cert, final PrivateKeyEntry keyEntry, final int node) throws NoSuchAlgorithmException, IOException, CertificateException, InvalidKeyException, SignatureException { final List<Object> attributes = new ArrayList<Object>(); final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); SignerInfo counterSigner = null; SignerInfo counterSigner2 = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final Object obj = eAtributesData.nextElement(); if (obj instanceof ASN1Sequence) { final ASN1Sequence atrib = (ASN1Sequence) obj; final SignerInfo si = SignerInfo.getInstance(atrib); this.actualIndex++; if (this.actualIndex != node) { if (this.actualIndex < node) { counterSigner2 = getCounterNodeUnsignedAtributes(si, parameters, cert, keyEntry, node); signerInfosU.add(counterSigner2); } else { signerInfosU.add(si); } } else { final SignerInfo obtained = getCounterNodeUnsignedAtributes(si, parameters, cert, keyEntry); signerInfosU.add(obtained); } } else { attributes.add(obj); } } } else { signerInfosU.add(data); } } // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } } } else { counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), null // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.envelopers.cms.ValidateCMS.java
License:Open Source License
/** Método que verifica que los SignerInfos tenga el parámetro * que identifica que es de tipo cades./*from w ww . ja v a 2 s . com*/ * @param si * SignerInfo para la verificación del párametro * adecuado. * @return si contiene el parámetro. */ private static boolean verifySignerInfo(final SignerInfo si) { boolean isSignerValid = true; final ASN1Set attrib = si.getAuthenticatedAttributes(); final Enumeration<?> e = attrib.getObjects(); Attribute atribute; while (isSignerValid && e.hasMoreElements()) { atribute = Attribute.getInstance(e.nextElement()); // si tiene la politica es CADES. if (atribute.getAttrType().equals(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId)) { isSignerValid = false; Logger.getLogger("es.gob.afirma").warning("El signerInfo no es del tipo CMS, es del tipo CADES"); //$NON-NLS-1$ //$NON-NLS-2$ } } return isSignerValid; }
From source file:es.gob.afirma.signers.cades.CAdESValidator.java
License:Open Source License
/** Verifica que los <code>SignerInfos</code> tengan el parámetro * que identifica que los datos son de tipo CAdES. * @param si <code>SignerInfo</code> para la verificación del parámetro * adecuado./*from w w w. java 2 s . c o m*/ * @return si contiene el parámetro. */ private static boolean verifySignerInfo(final SignerInfo si) { boolean isSignerValid = false; final ASN1Set attrib = si.getAuthenticatedAttributes(); final Enumeration<?> e = attrib.getObjects(); Attribute atribute; while (e.hasMoreElements()) { final ASN1Sequence seq = (ASN1Sequence) e.nextElement(); atribute = new Attribute((ASN1ObjectIdentifier) seq.getObjectAt(0), (ASN1Set) seq.getObjectAt(1)); // Si tiene la politica es CADES. if (atribute.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signingCertificate) || atribute.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signingCertificateV2)) { isSignerValid = true; } } return isSignerValid; }
From source file:es.gob.afirma.signers.cms.CounterSigner.java
License:Open Source License
/** Método utilizado por la firma del érbol para obtener la * contrafirma de los signerInfo de forma recursiva.<br> * @param signerInfo Nodo raí que contiene todos los signerInfos que se * deben firmar.//from ww w . j a va2 s .co m * @param parameters Parámetros necesarios para firmar un determinado * <code>SignerInfo</code> hoja. * @param key Clave privada a usar para firmar. * @param certChain Cadena de certificados del firmante. * @return El SignerInfo raíz parcial con todos sus nodos contrafirmados. * @throws java.security.NoSuchAlgorithmException Si el JRE no soporta algún algoritmo necesario * @throws java.io.IOException SI hay problemas en la lectura de datos * @throws java.security.cert.CertificateException Si hay problemas en el tratamiento de los certificados * @throws AOException EN caso de cualquier otro error */ private SignerInfo getCounterUnsignedAtributes(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final PrivateKey key, final java.security.cert.Certificate[] certChain) throws NoSuchAlgorithmException, IOException, CertificateException, AOException { final List<Object> attributes = new ArrayList<Object>(); final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final Object obj = eAtributesData.nextElement(); if (obj instanceof ASN1Sequence) { final ASN1Sequence atrib = (ASN1Sequence) obj; final SignerInfo si = SignerInfo.getInstance(atrib); final SignerInfo obtained = getCounterUnsignedAtributes(si, parameters, key, certChain); signerInfosU.add(obtained); } else { attributes.add(obj); } } } else { signerInfosU.add(data); } } // FIRMA DEL NODO ACTUAL counterSigner = unsignedAtributte(parameters, signerInfo, key, certChain); signerInfosU.add(counterSigner); // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); // introducido este else pero es sospechoso que no estuviera // antes de este ultimo cambio. } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(unsignedAtributte(parameters, signerInfo, key, certChain)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); contexExpecific.add(uAtrib); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), generateUnsignerInfoFromCounter(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(unsignedAtributte(parameters, signerInfo, key, certChain)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), generateUnsignerInfoFromCounter(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.signers.cms.CounterSigner.java
License:Open Source License
/** Método utilizado por la firma de una hoja del érbol para * obtener la contrafirma de los signerInfo de una determinada hoja de forma * recursiva.//from w ww. java 2 s. c om * @param signerInfo Nodo raí que contiene todos los signerInfos que se * deben firmar. * @param parameters Parámetros necesarios para firmar un determinado * <code>SignerInfo</code> hoja. * @param key Clave privada a usar para firmar. * @param certChain Cadena de certificados del firmante. * @return El SignerInfo raíz parcial con todos sus nodos * Contrafirmados. * @throws java.security.NoSuchAlgorithmException Cuando el JRE no soporta algún algoritmo necesario. * @throws java.io.IOException Si hay errores en la lectura de datos. * @throws java.security.cert.CertificateException Si hay problemas en el tratamiento de los certificados. * @throws AOException Si ocurre cualquier otro problema durante el proceso. */ private SignerInfo getCounterLeafUnsignedAtributes(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final PrivateKey key, final java.security.cert.Certificate[] certChain) throws NoSuchAlgorithmException, IOException, CertificateException, AOException { final List<Object> attributes = new ArrayList<Object>(); final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final Object obj = eAtributesData.nextElement(); if (obj instanceof ASN1Sequence) { final SignerInfo si = SignerInfo.getInstance(obj); final SignerInfo obtained = getCounterLeafUnsignedAtributes(si, parameters, key, certChain); signerInfosU.add(obtained); } else { attributes.add(obj); } } } else { signerInfosU.add(data); } } // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(unsignedAtributte(parameters, signerInfo, key, certChain)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); contexExpecific.add(uAtrib); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), generateUnsignerInfoFromCounter(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(unsignedAtributte(parameters, signerInfo, key, certChain)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.signers.cms.CounterSigner.java
License:Open Source License
/** Método utilizado por la firma de un nodo del érbol para * obtener la contrafirma de los signerInfo Sin ser recursivo. Esto es por * el caso especial de que puede ser el nodo raiz el nodo a firmar, por lo * que no sería necesario usar la recursividad. * @param signerInfo Nodo raí que contiene todos los signerInfos que se * deben firmar.//from w w w . j a v a 2s.c o m * @param parameters Parámetros necesarios para firmar un determinado * <code>SignerInfo</code> hoja. * @param key Clave privada a usar para firmar. * @param certChain Cadena de certificados del firmante. * @return El SignerInfo raíz parcial con todos sus nodos * Contrafirmados. * @throws java.security.NoSuchAlgorithmException Cuando el JRE no soporta algún algoritmo necesario. * @throws java.io.IOException Si hay errores en la lectura de datos. * @throws java.security.cert.CertificateException Si hay problemas en el tratamiento de los certificados. */ private SignerInfo getCounterNodeUnsignedAtributes(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final PrivateKey key, final java.security.cert.Certificate[] certChain) throws NoSuchAlgorithmException, IOException, CertificateException { final List<Object> attributes = new ArrayList<Object>(); final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final Object obj = eAtributesData.nextElement(); if (obj instanceof ASN1Sequence) { signerInfosU.add(SignerInfo.getInstance(obj)); } else { attributes.add(obj); } } } else { signerInfosU.add(data); } } // FIRMA DEL NODO ACTUAL signerInfosU.add(unsignedAtributte(parameters, signerInfo, key, certChain)); // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(unsignedAtributte(parameters, signerInfo, key, certChain)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); contexExpecific.add(uAtrib); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), generateUnsignerInfoFromCounter(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(unsignedAtributte(parameters, signerInfo, key, certChain)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } return counterSigner; }