List of usage examples for org.bouncycastle.asn1.cms AttributeTable add
public AttributeTable add(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue)
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineLTA.java
License:Open Source License
/** * The input for the archive-time-stamp-v3s message imprint computation shall be the concatenation (in the * order shown by the list below) of the signed data hash (see bullet 2 below) and certain fields in their binary encoded * form without any modification and including the tag, length and value octets: * <ol>//from w w w . j av a 2s. co m * <li>The SignedData.encapContentInfo.eContentType. * <li>The octets representing the hash of the signed data. The hash is computed on the same content that was used * for computing the hash value that is encapsulated within the message-digest signed attribute of the * CAdES signature being archive-time-stamped. The hash algorithm applied shall be the same as the hash * algorithm used for computing the archive time-stamps message imprint. The inclusion of the hash algorithm * in the SignedData.digestAlgorithms set is recommended. * <li>Fields version, sid, digestAlgorithm, signedAttrs, signatureAlgorithm, and * signature within the SignedData.signerInfoss item corresponding to the signature being archive * time-stamped, in their order of appearance. * <li>A single instance of ATSHashIndex type (created as specified in clause 6.4.2). * </ol> * * @param cadesSignature * @param cmsSignedData * @param signerInformation * @param parameters * @param unsignedAttributes * @throws eu.europa.ec.markt.dss.exception.DSSException */ private AttributeTable addArchiveTimestampV3Attribute(CAdESSignature cadesSignature, CMSSignedData cmsSignedData, SignerInformation signerInformation, SignatureParameters parameters, AttributeTable unsignedAttributes) throws DSSException { final CadesLevelBaselineLTATimestampExtractor cadesLevelBaselineLTATimestampExtractor = new CadesLevelBaselineLTATimestampExtractor(); final DigestAlgorithm timestampDigestAlgorithm = parameters.getSignatureTimestampParameters() .getDigestAlgorithm(); final Attribute atsHashIndexAttribute = cadesLevelBaselineLTATimestampExtractor .getAtsHashIndex(signerInformation, timestampDigestAlgorithm, cadesSignature); final byte[] originalDocumentBytes = getOriginalDocumentBytes(cmsSignedData, parameters); final byte[] encodedToTimestamp = cadesLevelBaselineLTATimestampExtractor.getArchiveTimestampDataV3( cadesSignature, signerInformation, atsHashIndexAttribute, originalDocumentBytes, parameters.getSignatureTimestampParameters().getDigestAlgorithm()); final ASN1Object timeStampAttributeValue = getTimeStampAttributeValue(signatureTsa, encodedToTimestamp, timestampDigestAlgorithm, atsHashIndexAttribute); final AttributeTable newUnsignedAttributes = unsignedAttributes.add(OID.id_aa_ets_archiveTimestampV3, timeStampAttributeValue); return newUnsignedAttributes; }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineT.java
License:Open Source License
private AttributeTable addSignatureTimestampAttribute(SignerInformation signerInformation, AttributeTable unsignedAttributes, SignatureParameters parameters) { ASN1Object signatureTimeStamp = getTimeStampAttributeValue(signatureTsa, signerInformation.getSignature(), parameters);/*from w w w. j a v a2s. c om*/ return unsignedAttributes.add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, signatureTimeStamp); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESSignatureExtension.java
License:Open Source License
public static ASN1Object getTimeStampAttributeValue(final TSPSource tspSource, final byte[] messageToTimestamp, final DigestAlgorithm timestampDigestAlgorithm, final Attribute... attributesForTimestampToken) { try {//from w w w. j ava 2 s .c o m if (LOG.isDebugEnabled()) { LOG.debug("Message to timestamp is: " + DSSUtils.encodeHexString(messageToTimestamp)); } byte[] timestampDigest = DSSUtils.digest(timestampDigestAlgorithm, messageToTimestamp); if (LOG.isDebugEnabled()) { LOG.debug("Digested ({}) message to timestamp is {}", new Object[] { timestampDigestAlgorithm, DSSUtils.encodeHexString(timestampDigest) }); } final TimeStampToken timeStampToken = tspSource.getTimeStampResponse(timestampDigestAlgorithm, timestampDigest); if (timeStampToken == null) { throw new DSSNullReturnedException(TimeStampToken.class); } if (LOG.isDebugEnabled()) { final byte[] messageImprintDigest = timeStampToken.getTimeStampInfo().getMessageImprintDigest(); LOG.debug("Digested ({}) message in timestamp is {}", new Object[] { timestampDigestAlgorithm, DSSUtils.encodeHexString(messageImprintDigest) }); } CMSSignedData cmsSignedDataTimeStampToken = new CMSSignedData(timeStampToken.getEncoded()); // TODO (27/08/2014): attributesForTimestampToken cannot be null: to be modified if (attributesForTimestampToken != null) { // timeStampToken contains one and only one signer final SignerInformation signerInformation = (SignerInformation) cmsSignedDataTimeStampToken .getSignerInfos().getSigners().iterator().next(); AttributeTable unsignedAttributes = CAdESSignature.getUnsignedAttributes(signerInformation); for (final Attribute attributeToAdd : attributesForTimestampToken) { final ASN1ObjectIdentifier attrType = attributeToAdd.getAttrType(); final ASN1Encodable objectAt = attributeToAdd.getAttrValues().getObjectAt(0); unsignedAttributes = unsignedAttributes.add(attrType, objectAt); } final SignerInformation newSignerInformation = SignerInformation .replaceUnsignedAttributes(signerInformation, unsignedAttributes); final List<SignerInformation> signerInformationList = new ArrayList<SignerInformation>(); signerInformationList.add(newSignerInformation); final SignerInformationStore newSignerStore = new SignerInformationStore(signerInformationList); cmsSignedDataTimeStampToken = CMSSignedData.replaceSigners(cmsSignedDataTimeStampToken, newSignerStore); } final byte[] newTimeStampTokenBytes = cmsSignedDataTimeStampToken.getEncoded(); return DSSASN1Utils.toASN1Primitive(newTimeStampTokenBytes); } catch (IOException e) { throw new DSSException(e); } catch (CMSException e) { throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.signature.pades.PAdESLevelBaselineB.java
License:Open Source License
AttributeTable getSignedAttributes(Map params, CAdESLevelBaselineB cadesProfile, SignatureParameters parameters,
byte[] messageDigest) {
AttributeTable signedAttributes = cadesProfile.getSignedAttributes(parameters);
if (signedAttributes.get(CMSAttributes.contentType) == null) {
ASN1ObjectIdentifier contentType = (ASN1ObjectIdentifier) params
.get(CMSAttributeTableGenerator.CONTENT_TYPE);
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
signedAttributes = signedAttributes.add(CMSAttributes.contentType, contentType);
}//from w w w . j av a2 s . co m
}
if (signedAttributes.get(CMSAttributes.messageDigest) == null) {
// byte[] messageDigest = (byte[]) params.get(CMSAttributeTableGenerator.DIGEST);
signedAttributes = signedAttributes.add(CMSAttributes.messageDigest, new DEROctetString(messageDigest));
}
return signedAttributes;
}
From source file:eu.europa.esig.dss.cades.signature.CAdESLevelBaselineLTA.java
License:Open Source License
/** * The input for the archive-time-stamp-v3s message imprint computation shall be the concatenation (in the * order shown by the list below) of the signed data hash (see bullet 2 below) and certain fields in their binary encoded * form without any modification and including the tag, length and value octets: * <ol>//from www . j a va 2s . c o m * <li>The SignedData.encapContentInfo.eContentType. * <li>The octets representing the hash of the signed data. The hash is computed on the same content that was used * for computing the hash value that is encapsulated within the message-digest signed attribute of the * CAdES signature being archive-time-stamped. The hash algorithm applied shall be the same as the hash * algorithm used for computing the archive time-stamps message imprint. The inclusion of the hash algorithm * in the SignedData.digestAlgorithms set is recommended. * <li>Fields version, sid, digestAlgorithm, signedAttrs, signatureAlgorithm, and * signature within the SignedData.signerInfoss item corresponding to the signature being archive * time-stamped, in their order of appearance. * <li>A single instance of ATSHashIndex type (created as specified in clause 6.4.2). * </ol> * * @param cadesSignature * @param cmsSignedData * @param signerInformation * @param parameters * @param unsignedAttributes * @throws eu.europa.esig.dss.DSSException */ private AttributeTable addArchiveTimestampV3Attribute(CAdESSignature cadesSignature, CMSSignedData cmsSignedData, SignerInformation signerInformation, CAdESSignatureParameters parameters, AttributeTable unsignedAttributes) throws DSSException { final CadesLevelBaselineLTATimestampExtractor timestampExtractor = new CadesLevelBaselineLTATimestampExtractor( cadesSignature); final DigestAlgorithm timestampDigestAlgorithm = parameters.getSignatureTimestampParameters() .getDigestAlgorithm(); final Attribute atsHashIndexAttribute = timestampExtractor.getAtsHashIndex(signerInformation, timestampDigestAlgorithm); final InputStream originalDocumentBytes = getOriginalDocumentBytes(cmsSignedData, parameters); final byte[] encodedToTimestamp = timestampExtractor.getArchiveTimestampDataV3(signerInformation, atsHashIndexAttribute, originalDocumentBytes, timestampDigestAlgorithm); final ASN1Object timeStampAttributeValue = getTimeStampAttributeValue(signatureTsa, encodedToTimestamp, timestampDigestAlgorithm, atsHashIndexAttribute); final AttributeTable newUnsignedAttributes = unsignedAttributes.add(OID.id_aa_ets_archiveTimestampV3, timeStampAttributeValue); return newUnsignedAttributes; }
From source file:eu.europa.esig.dss.cades.signature.CAdESLevelBaselineT.java
License:Open Source License
private AttributeTable addSignatureTimestampAttribute(SignerInformation signerInformation, AttributeTable unsignedAttributes, CAdESSignatureParameters parameters) { ASN1Object signatureTimeStamp = getTimeStampAttributeValue(signatureTsa, signerInformation.getSignature(), parameters);/*w w w .ja v a2s . co m*/ return unsignedAttributes.add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, signatureTimeStamp); }
From source file:eu.europa.esig.dss.cades.signature.CAdESSignatureExtension.java
License:Open Source License
public static ASN1Object getTimeStampAttributeValue(final TSPSource tspSource, final byte[] messageToTimestamp, final DigestAlgorithm timestampDigestAlgorithm, final Attribute... attributesForTimestampToken) { try {//from w ww . ja va2 s . co m if (LOG.isDebugEnabled()) { LOG.debug("Message to timestamp is: " + Hex.encodeHexString(messageToTimestamp)); } byte[] timestampDigest = DSSUtils.digest(timestampDigestAlgorithm, messageToTimestamp); if (LOG.isDebugEnabled()) { LOG.debug("Digested ({}) message to timestamp is {}", new Object[] { timestampDigestAlgorithm, Hex.encodeHexString(timestampDigest) }); } final TimeStampToken timeStampToken = tspSource.getTimeStampResponse(timestampDigestAlgorithm, timestampDigest); if (timeStampToken == null) { throw new NullPointerException(); } if (LOG.isDebugEnabled()) { final byte[] messageImprintDigest = timeStampToken.getTimeStampInfo().getMessageImprintDigest(); LOG.debug("Digested ({}) message in timestamp is {}", new Object[] { timestampDigestAlgorithm, Hex.encodeHexString(messageImprintDigest) }); } CMSSignedData cmsSignedDataTimeStampToken = new CMSSignedData(timeStampToken.getEncoded()); // TODO (27/08/2014): attributesForTimestampToken cannot be null: to be modified if (attributesForTimestampToken != null) { // timeStampToken contains one and only one signer final SignerInformation signerInformation = cmsSignedDataTimeStampToken.getSignerInfos() .getSigners().iterator().next(); AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation); for (final Attribute attributeToAdd : attributesForTimestampToken) { final ASN1ObjectIdentifier attrType = attributeToAdd.getAttrType(); final ASN1Encodable objectAt = attributeToAdd.getAttrValues().getObjectAt(0); unsignedAttributes = unsignedAttributes.add(attrType, objectAt); } final SignerInformation newSignerInformation = SignerInformation .replaceUnsignedAttributes(signerInformation, unsignedAttributes); final List<SignerInformation> signerInformationList = new ArrayList<SignerInformation>(); signerInformationList.add(newSignerInformation); final SignerInformationStore newSignerStore = new SignerInformationStore(signerInformationList); cmsSignedDataTimeStampToken = CMSSignedData.replaceSigners(cmsSignedDataTimeStampToken, newSignerStore); } final byte[] newTimeStampTokenBytes = cmsSignedDataTimeStampToken.getEncoded(); return DSSASN1Utils.toASN1Primitive(newTimeStampTokenBytes); } catch (IOException e) { throw new DSSException(e); } catch (CMSException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.cookbook.mock.MockTSPSource.java
License:Open Source License
@Override public TimeStampToken getTimeStampResponse(final DigestAlgorithm digestAlgorithm, final byte[] digest) throws DSSException { final String signatureAlgorithm = getSignatureAlgorithm(digestAlgorithm, digest); final TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); tsqGenerator.setCertReq(true);// www . ja v a 2 s. co m /** * The code below guarantee that the dates of the two successive * timestamps are different. This is activated only if timestampDate is provided at * construction time */ Date timestampDate_ = new Date(); if (policyOid != null) { tsqGenerator.setReqPolicy(policyOid); } TimeStampRequest tsRequest = null; if (useNonce) { final BigInteger nonce = BigInteger.valueOf(random.nextLong()); tsRequest = tsqGenerator.generate(new ASN1ObjectIdentifier(digestAlgorithm.getOid()), digest, nonce); } else { tsRequest = tsqGenerator.generate(new ASN1ObjectIdentifier(digestAlgorithm.getOid()), digest); } try { final ContentSigner sigGen = new JcaContentSignerBuilder(signatureAlgorithm).build(key); final JcaX509CertificateHolder certHolder = new JcaX509CertificateHolder(cert.getCertificate()); // that to make sure we generate the same timestamp data for the // same timestamp date AttributeTable signedAttributes = new AttributeTable(new Hashtable<ASN1ObjectIdentifier, Object>()); signedAttributes = signedAttributes.add(PKCSObjectIdentifiers.pkcs_9_at_signingTime, new Time(timestampDate_)); final DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator( signedAttributes); AttributeTable unsignedAttributes = new AttributeTable(new Hashtable<ASN1ObjectIdentifier, Object>()); final SimpleAttributeTableGenerator unsignedAttributeGenerator = new SimpleAttributeTableGenerator( unsignedAttributes); final DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider(); SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder( digestCalculatorProvider); sigInfoGeneratorBuilder.setSignedAttributeGenerator(signedAttributeGenerator); sigInfoGeneratorBuilder.setUnsignedAttributeGenerator(unsignedAttributeGenerator); final SignerInfoGenerator sig = sigInfoGeneratorBuilder.build(sigGen, certHolder); final DigestCalculator sha1DigestCalculator = DSSRevocationUtils.getSHA1DigestCalculator(); final TimeStampTokenGenerator tokenGenerator = new TimeStampTokenGenerator(sig, sha1DigestCalculator, policyOid); final Set<X509Certificate> singleton = new HashSet<X509Certificate>(); singleton.add(cert.getCertificate()); tokenGenerator.addCertificates(new JcaCertStore(singleton)); final TimeStampResponseGenerator generator = new TimeStampResponseGenerator(tokenGenerator, TSPAlgorithms.ALLOWED); Date responseDate = new Date(); TimeStampResponse tsResponse = generator.generate(tsRequest, BigInteger.ONE, responseDate); final TimeStampToken timeStampToken = tsResponse.getTimeStampToken(); return timeStampToken; } catch (OperatorCreationException e) { throw new DSSException(e); } catch (CertificateEncodingException e) { throw new DSSException(e); } catch (TSPException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.pades.signature.PAdESLevelBaselineB.java
License:Open Source License
AttributeTable getSignedAttributes(Map params, CAdESLevelBaselineB cadesProfile,
PAdESSignatureParameters parameters, byte[] messageDigest) {
AttributeTable signedAttributes = cadesProfile.getSignedAttributes(parameters);
if (signedAttributes.get(CMSAttributes.contentType) == null) {
ASN1ObjectIdentifier contentType = (ASN1ObjectIdentifier) params
.get(CMSAttributeTableGenerator.CONTENT_TYPE);
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
signedAttributes = signedAttributes.add(CMSAttributes.contentType, contentType);
}/*from ww w . ja v a2 s . c o m*/
}
if (signedAttributes.get(CMSAttributes.messageDigest) == null) {
signedAttributes = signedAttributes.add(CMSAttributes.messageDigest, new DEROctetString(messageDigest));
}
return signedAttributes;
}