List of usage examples for org.bouncycastle.asn1.cms ContentInfo getContent
public ASN1Encodable getContent()
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
/** * Read an existing PKCS#7 object from a DER encoded byte array *//*from w ww . ja va2 s . c o m*/ protected static org.bouncycastle.asn1.pkcs.SignedData pkcs7SignedData(byte[] in) { ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // ASN1Primitive pkcs; try { pkcs = din.readObject(); } catch (IOException e) { throw new SecurityException("can't decode PKCS7SignedData object"); } finally { try { din.close(); } catch (IOException e) { e.printStackTrace(); } } if (!(pkcs instanceof ASN1Sequence)) { throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); } ContentInfo content = ContentInfo.getInstance(pkcs); org.bouncycastle.asn1.pkcs.SignedData data = org.bouncycastle.asn1.pkcs.SignedData .getInstance(content.getContent()); return data; }
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
/** * Read an existing PKCS#7 object from a DER encoded byte array *///from w w w . j av a2 s. co m protected static org.bouncycastle.asn1.cms.SignedData cmsSignedData(byte[] in) { ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // ASN1Primitive cms; try { cms = din.readObject(); } catch (IOException e) { throw new SecurityException("can't decode CMSSignedData object"); } finally { try { din.close(); } catch (IOException e) { e.printStackTrace(); } } if (!(cms instanceof ASN1Sequence)) { throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); } ContentInfo content = ContentInfo.getInstance(cms); org.bouncycastle.asn1.cms.SignedData data = org.bouncycastle.asn1.cms.SignedData .getInstance(content.getContent()); return data; }
From source file:com.guardtime.asn1.Asn1Util.java
License:Apache License
/** * Extends the given content info with data from the given certification * token.//from w w w . ja v a 2 s .c om * * @param contentInfo * the original timestamp encoded in a CMS {@code ContentInfo} * structure. * @param certToken * the {@code CertToken} from the GuardTime online verification * service. * @return updated (extended) timestamp encoded in a new CMS * {@code ContentInfo} structure. */ static org.bouncycastle.asn1.cms.ContentInfo extend(org.bouncycastle.asn1.cms.ContentInfo contentInfo, Asn1CertToken certToken) throws Asn1FormatException { ASN1EncodableVector v; // Extract signed data ASN1Encodable asn1SignedData = contentInfo.getContent(); org.bouncycastle.asn1.cms.SignedData content = org.bouncycastle.asn1.cms.SignedData .getInstance(asn1SignedData); // Extract signer info ASN1Encodable asn1SignerInfo = content.getSignerInfos().getObjectAt(0); org.bouncycastle.asn1.cms.SignerInfo signerInfo = org.bouncycastle.asn1.cms.SignerInfo .getInstance(asn1SignerInfo); // Extract time signature ASN1Primitive asn1TimeSignature = null; try { asn1TimeSignature = ASN1Primitive.fromByteArray(signerInfo.getEncryptedDigest().getOctets()); } catch (IOException e) { throw new Asn1FormatException("time signature has invalid format"); } Asn1TimeSignature timeSignature = Asn1TimeSignature.getInstance(asn1TimeSignature); // Extend TimeSignature v = new ASN1EncodableVector(); v.add(timeSignature.getLocation()); v.add(certToken.getHistory()); v.add(certToken.getPublishedData()); // Skip PK signature <- updated v.add(new DERTaggedObject(false, 1, certToken.getPubReference())); timeSignature = Asn1TimeSignature.getInstance(new DERSequence(v)); // Extend SignerInfo v = new ASN1EncodableVector(); v.add(signerInfo.getVersion()); v.add(signerInfo.getSID()); v.add(signerInfo.getDigestAlgorithm()); ASN1Set signedAttrs = signerInfo.getAuthenticatedAttributes(); if (signedAttrs != null) { v.add(new DERTaggedObject(false, 0, signedAttrs)); } v.add(signerInfo.getDigestEncryptionAlgorithm()); try { v.add(new DEROctetString(timeSignature)); // <- updated } catch (IOException e) { throw new Asn1FormatException(e); } ASN1Set unsignedAttrs = signerInfo.getUnauthenticatedAttributes(); if (unsignedAttrs != null) { v.add(new DERTaggedObject(false, 1, unsignedAttrs)); } signerInfo = org.bouncycastle.asn1.cms.SignerInfo.getInstance(new DERSequence(v)); // Extend SignedData v = new ASN1EncodableVector(); v.add(content.getVersion()); v.add(content.getDigestAlgorithms()); v.add(content.getEncapContentInfo()); // Skipping certificates <- updated // Skipping CRLs <- updated v.add(new DERSet(signerInfo)); // <- updated content = org.bouncycastle.asn1.cms.SignedData.getInstance(new DERSequence(v)); // Extend ContentInfo v = new ASN1EncodableVector(); v.add(contentInfo.getContentType()); v.add(new DERTaggedObject(true, 0, content)); // <- updated contentInfo = org.bouncycastle.asn1.cms.ContentInfo.getInstance(new DERSequence(v)); return contentInfo; }
From source file:com.guardtime.asn1.SignedData.java
License:Apache License
/** * Class constructor./*from w w w. j a v a 2 s . c om*/ * * @param obj ASN.1 representation of signed data. * * @throws Asn1FormatException if provided ASN.1 object has invalid format. */ SignedData(ASN1Encodable obj) throws Asn1FormatException { try { signedData = org.bouncycastle.asn1.cms.SignedData.getInstance(obj); // Extract and check version // // RFC 2630/3161 require version to be 0..4 // GuardTime requires version to be exactly 3 BigInteger ver = signedData.getVersion().getValue(); if (!ver.equals(BigInteger.valueOf(VERSION))) { throw new Asn1FormatException("invalid signed data version: " + ver); } version = ver.intValue(); // Extract and check digest algorithm list // // Digest algorithm list can contain duplicate entries as // RFC 2630 does not directly deny that // // RFC 2630 allows digest algorithm list to be empty digestAlgorithms = new ArrayList(); Enumeration e = signedData.getDigestAlgorithms().getObjects(); while (e.hasMoreElements()) { Object o = e.nextElement(); String algOid = AlgorithmIdentifier.getInstance(o).getAlgorithm().getId(); Asn1Util.checkDigestAlgorithm(algOid); digestAlgorithms.add(algOid); } // Extract and check encapsulated content info ContentInfo eContentInfo = signedData.getEncapContentInfo(); eContentType = eContentInfo.getContentType().toString(); // RFC3161 requires type to be id-ct-TSTInfo if (!eContentType.equals(E_CONTENT_TYPE)) { throw new Asn1FormatException("invalid encapsulated content type: " + eContentType); } DEROctetString eContentData = (DEROctetString) eContentInfo.getContent(); eContent = TstInfo.getInstance(eContentData.getOctetStream()); // Extract certificates (optional field) ASN1Set certificates = signedData.getCertificates(); if (certificates != null && certificates.size() > 0) { byte[] certBytes = certificates.getObjectAt(0).toASN1Primitive().getEncoded(ASN1Encoding.DER); InputStream in = new ByteArrayInputStream(certBytes); CertificateFactory cf = CertificateFactory.getInstance("X.509"); certificate = (X509Certificate) cf.generateCertificate(in); } // Extract CRLs (GuardTime is not currently using CRLs field) ASN1Set rawCrls = signedData.getCRLs(); crls = ((rawCrls == null) ? null : rawCrls.getEncoded(ASN1Encoding.DER)); // Extract and check signer info ASN1Set signerInfos = signedData.getSignerInfos(); // RFC 3161 requires signer info list to contain exactly one entry if (signerInfos.size() != 1) { throw new Asn1FormatException("wrong number of signer infos found: " + signerInfos.size()); } signerInfo = new SignerInfo(signerInfos.getObjectAt(0).toASN1Primitive()); // Make sure digest algorithm is contained in digest algorithm list // TODO: check disabled as this problem is not critical. //String digestAlgorithmOid = signerInfo.getDigestAlgorithm(); //if (!digestAlgorithms.contains(digestAlgorithmOid)) { // throw new Asn1FormatException("digest algorithm not found in list: " + digestAlgorithmOid); //} } catch (Asn1FormatException e) { throw e; } catch (Exception e) { // Also catches IllegalArgumentException, NullPointerException, etc. throw new Asn1FormatException("signed data has invalid format", e); } }
From source file:de.tsenger.animamea.Operator.java
License:Open Source License
private static SecurityInfos decodeEFCardSecurity(byte[] data) throws IOException, CertificateException, NoSuchProviderException, CMSException, OperatorCreationException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); ASN1Sequence asnSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(data); ContentInfo contentInfo = ContentInfo.getInstance(asnSeq); DERSequence derSeq = (DERSequence) contentInfo.getContent(); System.out.println("ContentType: " + contentInfo.getContentType().toString()); SignedData cardSecurity = SignedData.getInstance(derSeq); //Get SecurityInfos ContentInfo encapContentInfo = cardSecurity.getEncapContentInfo(); DEROctetString octString = (DEROctetString) encapContentInfo.getContent(); SecurityInfos si = new SecurityInfos(); si.decode(octString.getOctets());// ww w.jav a 2 s.c o m return si; }
From source file:de.tsenger.sandbox.CardSecurityParser.java
License:Open Source License
/** * @param args/*w ww . ja v a 2s. c o m*/ * @throws Exception */ public static void main(String[] args) throws Exception { byte[] efcsBytes = readBinaryFile("/home/tsenger/Desktop/EFCardSecurity.bin"); ASN1Sequence asnSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(efcsBytes); ContentInfo contentInfo = ContentInfo.getInstance(asnSeq); System.out.println(contentInfo.getContentType()); DERSequence derSeq = (DERSequence) contentInfo.getContent(); System.out.println(HexString.bufferToHex(derSeq.getEncoded(null))); SignedData signedData = SignedData.getInstance(derSeq); System.out.println("CMSVersion: " + signedData.getVersion().getValue().intValue()); ContentInfo contentInfo2 = signedData.getEncapContentInfo(); System.out.println(contentInfo2.getContentType()); DEROctetString octString = (DEROctetString) contentInfo2.getContent(); System.out.println("OctetString:\n" + HexString.bufferToHex(octString.getEncoded(null))); System.out.println("OctetString:\n" + HexString.bufferToHex(octString.getOctets())); SecurityInfos si = new SecurityInfos(); si.decode(octString.getOctets()); System.out.println(si); byte[] parameter = si.getChipAuthenticationPublicKeyInfoList().get(0).getPublicKey().getPublicKey(); System.out.println(HexString.bufferToHex(parameter)); System.out.println("Key Referenz: " + si.getChipAuthenticationPublicKeyInfoList().get(0).getKeyId()); System.out.println("CA OID: " + si.getChipAuthenticationPublicKeyInfoList().get(0).getPublicKey().getAlgorithm().getAlgorithm()); }
From source file:dorkbox.build.util.jar.JarSignatureUtil.java
License:Apache License
/** * Verify that the two certificates MATCH from within a signature block (ie, * XXXXX.DSA in the META-INF directory). * * @return true if the two certificates are the same. false otherwise. *//*from w ww. j av a2 s . co m*/ public static final boolean compareCertificates(byte[] newSignatureContainerBytes, byte[] oldSignatureContainerBytes) { ASN1InputStream newSigStream = null; ASN1InputStream oldSigStream = null; try { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); InputStream newSignatureIn = new ByteArrayInputStream(newSignatureContainerBytes); newSigStream = new ASN1InputStream(newSignatureIn); ASN1Primitive newSigASNPrim = newSigStream.readObject(); ContentInfo newSigContent = ContentInfo.getInstance(newSigASNPrim); InputStream oldSignatureIn = new ByteArrayInputStream(oldSignatureContainerBytes); oldSigStream = new ASN1InputStream(oldSignatureIn); ASN1Primitive oldSigASNPrim = oldSigStream.readObject(); ContentInfo oldSigContent = ContentInfo.getInstance(oldSigASNPrim); // Extract certificates SignedData newSignedData = SignedData.getInstance(newSigContent.getContent()); @SuppressWarnings("rawtypes") Enumeration newSigOjects = newSignedData.getCertificates().getObjects(); SignedData oldSignedData = SignedData.getInstance(oldSigContent.getContent()); @SuppressWarnings("rawtypes") Enumeration oldSigOjects = oldSignedData.getCertificates().getObjects(); Object newSigElement = newSigOjects.nextElement(); Object oldSigElement = oldSigOjects.nextElement(); if (newSigElement instanceof DERSequence && oldSigElement instanceof DERSequence) { DERSequence newSigDERElement = (DERSequence) newSigElement; InputStream newSigIn = new ByteArrayInputStream(newSigDERElement.getEncoded()); Certificate newSigCertificate = certFactory.generateCertificate(newSigIn); DERSequence oldSigDERElement = (DERSequence) oldSigElement; InputStream oldSigIn = new ByteArrayInputStream(oldSigDERElement.getEncoded()); Certificate oldSigCertificate = certFactory.generateCertificate(oldSigIn); // certificate bytes byte[] newSigCertificateBytes = newSigCertificate.getEncoded(); byte[] oldSigCertificateBytes = oldSigCertificate.getEncoded(); return Arrays.equals(newSigCertificateBytes, oldSigCertificateBytes); } } catch (IOException e) { } catch (CertificateException e) { } finally { Sys.close(newSigStream); Sys.close(oldSigStream); } return false; }
From source file:es.gob.afirma.signers.cms.CoSigner.java
License:Open Source License
/** Constructor de la clase. Se crea una cofirma a partir de los datos del * firmante y el archivo que se firma./* w w w . ja v a 2 s . c om*/ * @param signatureAlgorithm Algoritmo para la firma * @param signerCertificateChain Cadena de certificados para la construccion de los parametros * de firma. * @param sign Archivo que contiene las firmas. * @param dataType Identifica el tipo del contenido a firmar. * @param key Clave privada del firmante. * @param atrib Atributos firmados adicionales. * @param uatrib Atributos no firmados adicionales. * @param digest Hash a aplicar en la firma. * @return El archivo de firmas con la nueva firma. * @throws java.io.IOException Si ocurre algún problema leyendo o escribiendo los datos * @throws java.security.NoSuchAlgorithmException Si no se soporta alguno de los algoritmos de * firma o huella digital * @throws java.security.cert.CertificateException Si se produce alguna excepción con * los certificados de firma. * @throws ContainsNoDataException Cuando la firma no contiene los datos * ni fue generada con el mismo algoritmo de firma. */ byte[] coSigner(final String signatureAlgorithm, final X509Certificate[] signerCertificateChain, final byte[] sign, final String dataType, final PrivateKey key, final Map<String, byte[]> atrib, final Map<String, byte[]> uatrib, final byte[] digest) throws IOException, NoSuchAlgorithmException, CertificateException, ContainsNoDataException { byte[] messageDigest = digest != null ? digest.clone() : null; // LEEMOS EL FICHERO QUE NOS INTRODUCEN final ASN1InputStream is = new ASN1InputStream(sign); final ASN1Sequence dsq = (ASN1Sequence) is.readObject(); is.close(); final Enumeration<?> e = dsq.getObjects(); // Elementos que contienen los elementos OID SignedData e.nextElement(); // Contenido de SignedData final ASN1TaggedObject doj = (ASN1TaggedObject) e.nextElement(); final ASN1Sequence contentSignedData = (ASN1Sequence) doj.getObject(); // Contenido del SignedData final SignedData sd = SignedData.getInstance(contentSignedData); // 3. CONTENTINFO // si se introduce el contenido o no final ContentInfo encInfo = sd.getEncapContentInfo(); final DEROctetString contenido = (DEROctetString) encInfo.getContent(); byte[] contenidoDatos = null; if (contenido != null) { contenidoDatos = AOUtil.getDataFromInputStream(contenido.getOctetStream()); } // 4. CERTIFICADOS // obtenemos la lista de certificados ASN1Set certificates = null; final ASN1Set certificatesSigned = sd.getCertificates(); final ASN1EncodableVector vCertsSig = new ASN1EncodableVector(); final Enumeration<?> certs = certificatesSigned.getObjects(); // COGEMOS LOS CERTIFICADOS EXISTENTES EN EL FICHERO while (certs.hasMoreElements()) { vCertsSig.add((ASN1Encodable) certs.nextElement()); } if (signerCertificateChain.length != 0) { final List<ASN1Encodable> ce = new ArrayList<ASN1Encodable>(); for (final X509Certificate element : signerCertificateChain) { ce.add(Certificate.getInstance(ASN1Primitive.fromByteArray(element.getEncoded()))); } certificates = SigUtils.fillRestCerts(ce, vCertsSig); } // buscamos que tipo de algoritmo es y lo codificamos con su OID final String digestAlgorithm = AOSignConstants.getDigestAlgorithmName(signatureAlgorithm); final AlgorithmIdentifier digAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithm)); // Identificador del firmante ISSUER AND SERIAL-NUMBER final TBSCertificateStructure tbs = TBSCertificateStructure .getInstance(ASN1Primitive.fromByteArray(signerCertificateChain[0].getTBSCertificate())); final IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(X500Name.getInstance(tbs.getIssuer()), tbs.getSerialNumber().getValue()); final SignerIdentifier identifier = new SignerIdentifier(encSid); // // ATRIBUTOS // atributos firmados ASN1Set signedAttr = null; // atributos no firmados. final ASN1Set unSignedAttr = generateUnsignerInfo(uatrib); // // FIN ATRIBUTOS // digEncryptionAlgorithm final AlgorithmIdentifier encAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID("RSA")); //$NON-NLS-1$ // 5. SIGNERINFO // raiz de la secuencia de SignerInfo // Obtenemos los signerInfos del SignedData final ASN1Set signerInfosSd = sd.getSignerInfos(); // introducimos los SignerInfos Existentes final ASN1EncodableVector signerInfos = new ASN1EncodableVector(); // introducimos el nuevo SignerInfo del firmante actual. // Secuencia: // 1.- Si cofirmamos sin datos en el mismo algoritmo de hash que la // firma // original sacamos el messagedigest de la firma previa. // 2.- Si no es el mismo algoritmo, miramos si nos ha llegado un // messagedigest // como parametro del metodo, que quiere decir que se ha calculado // externamente // (en el fondo sera que no se ha sobreescrito el parametro, con lo que // si llego // != null, seguira siendo != null) // 3.- Si no es ninguno de los dos casos, no podemos firmar for (int i = 0; i < signerInfosSd.size(); i++) { final SignerInfo si = SignerInfo.getInstance(signerInfosSd.getObjectAt(i)); final AlgorithmIdentifier algHash = si.getDigestAlgorithm(); // Solo si coninciden los algos puedo sacar el hash de dentro if (algHash.getAlgorithm().toString().equals(AOAlgorithmID.getOID(digestAlgorithm))) { final ASN1Set signedAttrib = si.getAuthenticatedAttributes(); for (int s = 0; s < signedAttrib.size(); s++) { final ASN1Sequence elemento = (ASN1Sequence) signedAttrib.getObjectAt(s); final ASN1ObjectIdentifier oids = (ASN1ObjectIdentifier) elemento.getObjectAt(0); if (CMSAttributes.messageDigest.getId().toString().equals(oids.toString())) { final DERSet derSetHash = (DERSet) elemento.getObjectAt(1); final DEROctetString derHash = (DEROctetString) derSetHash.getObjectAt(0); messageDigest = derHash.getOctets(); } } } signerInfos.add(si); } // atributos firmados if (contenidoDatos != null) { signedAttr = generateSignerInfo(digestAlgorithm, contenidoDatos, dataType, atrib); } else if (messageDigest != null) { signedAttr = generateSignerInfoFromHash(signerCertificateChain[0], messageDigest, dataType, atrib); } else { // En este caso no puedo usar un hash de fuera, ya que no me han // pasado datos ni // huellas digitales, solo un fichero de firma throw new ContainsNoDataException( "No se puede crear la cofirma ya que no se han encontrado ni los datos firmados ni una huella digital compatible con el algoritmo de firma"); //$NON-NLS-1$ } final ASN1OctetString sign2; try { sign2 = firma(signatureAlgorithm, key); } catch (final Exception ex) { throw new IOException("Error al generar la firma: " + ex, ex); //$NON-NLS-1$ } // Creamos los signerInfos del SignedData signerInfos.add(new SignerInfo(identifier, digAlgId, signedAttr, encAlgId, sign2, unSignedAttr// null //unsignedAttr )); // construimos el Signed Data y lo devolvemos return new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(sd.getDigestAlgorithms(), encInfo, certificates, null, new DERSet(signerInfos)// unsignedAttr )).getEncoded(ASN1Encoding.DER); }
From source file:es.gob.afirma.signers.multi.cades.CAdESCoSigner.java
License:Open Source License
/** Constructor de la clase. Se crea una cofirma a partir de los datos del * firmante y del archivo que contiene las firmas. * @param signatureAlgorithm Algoritmo para la firma * @param signerCertificateChain Cadena de certificados para la construccion de los parametros de firma. * @param signature Archivo que contiene las firmas. * @param policy Política de firma * @param signingCertificateV2// w ww .java 2s . co m * <code>true</code> si se desea usar la versión 2 del * atributo <i>Signing Certificate</i> <code>false</code> para * usar la versión 1 * @param key Clave privada usada para firmar. * @param certChain Cadena de certificados del firmante. * @param md Huella digital específica para una firma. * @param contentType Tipo de contenido definido por su OID. * @param contentDescription Descripción textual del tipo de contenido firmado. * @param ctis Indicaciones sobre los tipos de compromisos adquiridos con la firma. * @param csm Metadatos sobre el firmante * @return El archivo de firmas con la nueva firma. * @throws java.io.IOException Si ocurre algún problema leyendo o escribiendo los datos * @throws NoSuchAlgorithmException Si no se soporta alguno de los algoritmos de firma o huella digital * @throws CertificateException Si se produce alguna excepción con los certificados de firma. * @throws ContainsNoDataException Cuando la firma no contiene los datos ni fue generada con el mismo * algoritmo de firma. */ byte[] coSigner(final String signatureAlgorithm, final X509Certificate[] signerCertificateChain, final InputStream signature, final AdESPolicy policy, final boolean signingCertificateV2, final PrivateKey key, final java.security.cert.Certificate[] certChain, final byte[] md, final String contentType, final String contentDescription, final List<CommitmentTypeIndicationBean> ctis, final CAdESSignerMetadata csm) throws IOException, NoSuchAlgorithmException, CertificateException, ContainsNoDataException { // LEEMOS EL FICHERO QUE NOS INTRODUCEN final ASN1InputStream is = new ASN1InputStream(signature); final ASN1Sequence dsq = (ASN1Sequence) is.readObject(); is.close(); final Enumeration<?> e = dsq.getObjects(); // Elementos que contienen los elementos OID SignedData e.nextElement(); // Contenido de SignedData final ASN1TaggedObject doj = (ASN1TaggedObject) e.nextElement(); final ASN1Sequence contentSignedData = (ASN1Sequence) doj.getObject();// contenido // del // SignedData final SignedData sd = SignedData.getInstance(contentSignedData); // 3. CONTENTINFO // si se introduce el contenido o no final ContentInfo encInfo = sd.getEncapContentInfo(); final DEROctetString contenido = (DEROctetString) encInfo.getContent(); byte[] contenidoDatos = null; if (contenido != null) { contenidoDatos = AOUtil.getDataFromInputStream(contenido.getOctetStream()); } // 4. CERTIFICADOS // obtenemos la lista de certificados ASN1Set certificates = null; final ASN1Set certificatesSigned = sd.getCertificates(); final ASN1EncodableVector vCertsSig = new ASN1EncodableVector(); final Enumeration<?> certs = certificatesSigned.getObjects(); // COGEMOS LOS CERTIFICADOS EXISTENTES EN EL FICHERO while (certs.hasMoreElements()) { vCertsSig.add((ASN1Encodable) certs.nextElement()); } if (signerCertificateChain.length != 0) { final List<ASN1Encodable> ce = new ArrayList<ASN1Encodable>(); for (final X509Certificate element : signerCertificateChain) { ce.add(Certificate.getInstance(ASN1Primitive.fromByteArray(element.getEncoded()))); } certificates = SigUtils.fillRestCerts(ce, vCertsSig); } // buscamos que timo de algoritmo es y lo codificamos con su OID final String digestAlgorithm = AOSignConstants.getDigestAlgorithmName(signatureAlgorithm); final AlgorithmIdentifier digAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithm)); // Identificador del firmante ISSUER AND SERIAL-NUMBER final TBSCertificateStructure tbs = TBSCertificateStructure .getInstance(ASN1Primitive.fromByteArray(signerCertificateChain[0].getTBSCertificate())); final IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(X500Name.getInstance(tbs.getIssuer()), tbs.getSerialNumber().getValue()); final SignerIdentifier identifier = new SignerIdentifier(encSid); // digEncryptionAlgorithm final AlgorithmIdentifier encAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID("RSA")); //$NON-NLS-1$ // 5. SIGNERINFO // raiz de la secuencia de SignerInfo // Obtenemos los signerInfos del SignedData final ASN1Set signerInfosSd = sd.getSignerInfos(); // introducimos los SignerInfos Existentes final ASN1EncodableVector signerInfos = new ASN1EncodableVector(); // introducimos el nuevo SignerInfo del firmante actual. byte[] messageDigest = md != null ? md.clone() : null; for (int i = 0; i < signerInfosSd.size(); i++) { final SignerInfo si = SignerInfo.getInstance(signerInfosSd.getObjectAt(i)); final AlgorithmIdentifier algHash = si.getDigestAlgorithm(); if (algHash.getAlgorithm().toString().equals(AOAlgorithmID.getOID(digestAlgorithm))) { final ASN1Set signedAttrib = si.getAuthenticatedAttributes(); for (int s = 0; s < signedAttrib.size(); s++) { final ASN1Sequence elemento = (ASN1Sequence) signedAttrib.getObjectAt(s); final ASN1ObjectIdentifier oids = (ASN1ObjectIdentifier) elemento.getObjectAt(0); if (CMSAttributes.messageDigest.getId().equals(oids.toString())) { final DERSet derSetHash = (DERSet) elemento.getObjectAt(1); final DEROctetString derHash = (DEROctetString) derSetHash.getObjectAt(0); messageDigest = derHash.getOctets(); } } } signerInfos.add(si); } // // ATRIBUTOS ASN1Set signedAttr; // atributos firmados if (contenidoDatos != null) { final ASN1EncodableVector contextExpecific = CAdESUtils.generateSignerInfo(signerCertificateChain[0], digestAlgorithm, contenidoDatos, policy, signingCertificateV2, null, // MessageDigest new Date(), false, contentType, contentDescription, ctis, csm); this.signedAttr2 = SigUtils.getAttributeSet(new AttributeTable(contextExpecific)); signedAttr = SigUtils.getAttributeSet(new AttributeTable(contextExpecific)); } else if (messageDigest != null) { final ASN1EncodableVector contextExpecific = CAdESUtils.generateSignerInfo(signerCertificateChain[0], digestAlgorithm, null, policy, signingCertificateV2, messageDigest, new Date(), false, contentType, contentDescription, ctis, csm); this.signedAttr2 = SigUtils.getAttributeSet(new AttributeTable(contextExpecific)); signedAttr = SigUtils.getAttributeSet(new AttributeTable(contextExpecific)); } else { throw new ContainsNoDataException( "No se puede crear la cofirma ya que no se han encontrado ni los datos firmados ni una huella digital compatible con el algoritmo de firma"); //$NON-NLS-1$ } final ASN1OctetString sign2; try { sign2 = firma(signatureAlgorithm, key, certChain); } catch (final AOException ex) { throw new IOException("Error al realizar la firma: " + ex, ex); //$NON-NLS-1$ } // Creamos los signerInfos del SignedData signerInfos.add(new SignerInfo(identifier, digAlgId, signedAttr, encAlgId, sign2, null // unsignedAttr )); // construimos el Signed Data y lo devolvemos return new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(sd.getDigestAlgorithms(), encInfo, certificates, null, // CRLS no usado new DERSet(signerInfos)// unsignedAttr )).getEncoded(ASN1Encoding.DER); }
From source file:es.gob.afirma.signers.pkcs7.ObtainContentSignedData.java
License:Open Source License
/** Método que obtiene el contenido firmado de un tipo Signed Data * tanto en CADES como en CMS. Si la firma no contiene los datos, devuelve <code>null</code>. * @param data//from w w w .j a v a2 s .c o m * datos que contienen la firma. * @return el contenido firmado. * @throws IOException Si no se pueden leer los datos */ public static byte[] obtainData(final byte[] data) throws IOException { byte[] contenido = null; // LEEMOS EL FICHERO QUE NOS INTRODUCEN final ASN1InputStream is = new ASN1InputStream(data); final ASN1Sequence dsq = (ASN1Sequence) is.readObject(); is.close(); final Enumeration<?> e = dsq.getObjects(); // Elementos que contienen los elementos OID Data final ASN1ObjectIdentifier doi = (ASN1ObjectIdentifier) e.nextElement(); // Contenido a obtener informacion final ASN1TaggedObject doj = (ASN1TaggedObject) e.nextElement(); // buscamos si es signedData if (doi.equals(PKCSObjectIdentifiers.signedData)) { // obtenemos el signed Data final SignedData sd = SignedData.getInstance(doj.getObject()); final ContentInfo ci = sd.getEncapContentInfo(); // obtenemos el contenido si lo tiene. if (ci.getContent() != null) { contenido = ((DEROctetString) ci.getContent()).getOctets(); } else { LOGGER.warning("No existe contenido en esta firma."); //$NON-NLS-1$ } } else { LOGGER.warning("No se puede obtener el contenido de esta firma."); //$NON-NLS-1$ } return contenido; }