List of usage examples for org.bouncycastle.asn1.cms SignerInfo getEncryptedDigest
public ASN1OctetString getEncryptedDigest()
From source file:es.gob.afirma.signers.multi.cades.CAdESCounterSignerEnveloped.java
License:Open Source License
/** Método que genera un signerInfo específico utilizando los * datos necesarios para crearlo. Se utiliza siempre que no se sabe cual es * el signerInfo que se debe firmar./* w w w . j a v a 2 s. c o m*/ * @param parameters Parámetros necesarios para firmar un determinado * <i>SignerInfo</i> hoja. * @param si SignerInfo del que se debe recoger la información para * realizar la contrafirma específica. * @param key Clave privada a usar para firmar. * @param certChain Cadena de certificados del firmante. * @param contentDescription Descripción textual del tipo de contenido firmado. * @param ctis Indicaciones sobre los tipos de compromisos adquiridos con la firma. * @param csm Metadatos sobre el firmante. * @return El signerInfo contrafirmado. * @throws NoSuchAlgorithmException Si no se soporta alguno de los algoritmos necesarios. * @throws IOException Cuando hay errores en el tratamiento de los datos. * @throws CertificateException Cuando hay problemas con los certificados proporcionados. */ private SignerInfo generateSignerInfo(final P7ContentSignerParameters parameters, final SignerInfo si, final PrivateKey key, final java.security.cert.Certificate[] certChain, final String contentDescription, final List<CommitmentTypeIndicationBean> ctis, final CAdESSignerMetadata csm) throws NoSuchAlgorithmException, IOException, CertificateException { // // UNAUTHENTICATEDATTRIBUTES // buscamos que timo de algoritmo es y lo codificamos con su OID final String signatureAlgorithm = parameters.getSignatureAlgorithm(); final String digestAlgorithm = AOSignConstants.getDigestAlgorithmName(signatureAlgorithm); final ASN1EncodableVector contextExcepcific = CAdESUtils.generateSignerInfo(certChain[0], digestAlgorithm, si.getEncryptedDigest().getOctets(), getGlobalPolicy(), isGlobalSigningCertificateV2(), null, new Date(), false, null, // En contrafirmas no se pone el ContentType contentDescription, ctis, csm); this.signedAttr2 = SigUtils.getAttributeSet(new AttributeTable(contextExcepcific)); final ASN1Set unsignedAttr = SigUtils.getAttributeSet(new AttributeTable(contextExcepcific)); // 5. SIGNERINFO // raiz de la secuencia de SignerInfo final TBSCertificateStructure tbs = TBSCertificateStructure .getInstance(ASN1Primitive.fromByteArray(((X509Certificate) certChain[0]).getTBSCertificate())); final IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(X500Name.getInstance(tbs.getIssuer()), tbs.getSerialNumber().getValue()); final SignerIdentifier identifier = new SignerIdentifier(encSid); // AlgorithmIdentifier final AlgorithmIdentifier digAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithm)); // // FIN ATRIBUTOS // digEncryptionAlgorithm final AlgorithmIdentifier encAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID("RSA")); //$NON-NLS-1$ final ASN1OctetString sign2; try { sign2 = firma(signatureAlgorithm, key, certChain); } catch (final AOException ex) { throw new IOException("Error al realizar la firma electronica: " + ex, ex); //$NON-NLS-1$ } return new SignerInfo(identifier, digAlgId, unsignedAttr, encAlgId, sign2, null); }
From source file:es.gob.afirma.signers.multi.cades.CAdESTriPhaseCounterSigner.java
License:Open Source License
/** Obtiene la contrafirma de los signerInfo de forma recursiva.<br> * @param signerInfo/*from w w w . j ava 2 s . c o m*/ * Nodo raí que contiene todos los signerInfos que se * deben firmar. * @param parameters * Parámetros necesarios para firmar un determinado * SignerInfo hoja. * @param key Clave privada a usar para firmar. * @param contentType * Tipo de contenido definido por su OID. * @param contentDescription * Descripción textual del tipo de contenido firmado. * @return El SignerInfo raíz parcial con todos sus nodos * Contrafirmados. * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws java.security.cert.CertificateException * @throws es.map.es.map.afirma.exceptions.AOException */ private SignerInfo getCounterSignerInfo(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final PrivateKey key, final java.security.cert.Certificate[] certChain, final String contentType, final String contentDescription, final AdESPolicy policy, final boolean signingCertificateV2) throws NoSuchAlgorithmException, IOException, CertificateException, AOException { final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final SignerInfo si = new SignerInfo((ASN1Sequence) eAtributesData.nextElement()); signerInfosU.add(getCounterSignerInfo(si, parameters, key, certChain, contentType, contentDescription, policy, signingCertificateV2)); } } else { signerInfosU.add(data); } } // FIRMA DEL NODO ACTUAL counterSigner = generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2); signerInfosU.add(counterSigner); // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); contexExpecific.add(uAtrib); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.signers.multi.cades.CAdESTriPhaseCounterSigner.java
License:Open Source License
/** Obtiene la contrafirma de los signerInfo de una determinada hoja de forma * recursiva.</br>//from w w w . j av a2s . co m * @param signerInfo Nodo raí que contiene todos los signerInfos que se deben firmar. * @param parameters Parámetros necesarios para firmar un determinado <i>SignerInfo</i> hoja. * @param cert Certificado de firma. * @param keyEntry Clave privada a usar para firmar * @param contentType Tipo de contenido definido por su OID. * @param contentDescription Descripción textual del tipo de contenido firmado. * @return SignerInfo raíz parcial con todos sus nodos contrafirmados. * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws java.security.cert.CertificateException * @throws es.map.es.map.afirma.exceptions.AOException */ private SignerInfo getLeafSignerInfo(final SignerInfo signerInfo, final P7ContentSignerParameters parameters, final PrivateKey key, final java.security.cert.Certificate[] certChain, final String contentType, final String contentDescription, final AdESPolicy policy, final boolean signingCertificateV2) throws NoSuchAlgorithmException, IOException, CertificateException, AOException { final ASN1EncodableVector signerInfosU = new ASN1EncodableVector(); final ASN1EncodableVector signerInfosU2 = new ASN1EncodableVector(); SignerInfo counterSigner = null; if (signerInfo.getUnauthenticatedAttributes() != null) { final Enumeration<?> eAtributes = signerInfo.getUnauthenticatedAttributes().getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final SignerInfo si = new SignerInfo((ASN1Sequence) eAtributesData.nextElement()); signerInfosU.add(getLeafSignerInfo(si, parameters, key, certChain, contentType, contentDescription, policy, signingCertificateV2)); } } else { signerInfosU.add(data); } } // FIRMA DE CADA UNO DE LOS HIJOS ASN1Set a1; final ASN1EncodableVector contexExpecific = new ASN1EncodableVector(); if (signerInfosU.size() > 1) { for (int i = 0; i < signerInfosU.size(); i++) { if (signerInfosU.get(i) instanceof Attribute) { contexExpecific.add(signerInfosU.get(i)); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(i)))); } } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { if (signerInfosU.size() == 1) { if (signerInfosU.get(0) instanceof Attribute) { // anadimos el que hay contexExpecific.add(signerInfosU.get(0)); // creamos el de la contrafirma. signerInfosU2.add(generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); contexExpecific.add(uAtrib); } else { contexExpecific.add( new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU.get(0)))); } a1 = SigUtils.getAttributeSet(new AttributeTable(contexExpecific)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), a1 // unsignedAttr ); } else { final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } } } else { signerInfosU2.add(generateSignerInfo(parameters.getSignatureAlgorithm(), signerInfo, certChain, contentType, contentDescription, policy, signingCertificateV2)); final Attribute uAtrib = new Attribute(CMSAttributes.counterSignature, new DERSet(signerInfosU2)); counterSigner = new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(uAtrib) // unsignedAttr ); } return counterSigner; }
From source file:es.gob.afirma.signers.multi.cades.CAdESTriPhaseCounterSigner.java
License:Open Source License
/** Genera un signerInfo específico utilizando los * datos necesarios para crearlo. Se utiliza siempre que no se sabe cual es * el signerInfo que se debe firmar.</br> * @param parameters Parámetros necesarios para firmar un determinado SignerInfo hoja. * @param si SignerInfo del que se debe recoger la información para * realizar la contrafirma específica. * @param key Clave privada a usar para firmar * @param contentType Tipo de contenido definido por su OID. * @param contentDescription Descripción textual del tipo de contenido firmado. * @return SignerInfo contrafirmado./*from www . j av a 2s. co m*/ * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws java.security.cert.CertificateException */ private SignerInfo generateSignerInfo(final String signatureAlgorithm, final SignerInfo si, final java.security.cert.Certificate[] certChain, final String contentType, final String contentDescription, final AdESPolicy policy, final boolean signingCertificateV2) throws NoSuchAlgorithmException, IOException, CertificateException { // buscamos que timo de algoritmo es y lo codificamos con su OID final String digestAlgorithm = AOSignConstants.getDigestAlgorithmName(signatureAlgorithm); // authenticatedAttributes final ASN1EncodableVector contextExcepcific = CAdESUtils.generateSignerInfo((X509Certificate) certChain[0], digestAlgorithm, si.getEncryptedDigest().getOctets(), policy, signingCertificateV2, null, new Date(), false, contentType, contentDescription); final ASN1Set signedAttr = SigUtils.getAttributeSet(new AttributeTable(contextExcepcific)); // Anadimos los SignedAttributes a la lista en la posicion adecuada this.signedDatas.add(this.counterIndex, signedAttr.getEncoded(ASN1Encoding.DER)); // Obtenemos el sustituto del PKCS#1, relleno con el numero de contrafirma final ASN1OctetString sign2 = new DEROctetString(firma()); // Incrementamos el indice de contrafirmas this.counterIndex = this.counterIndex + 1; if (this.counterIndex > 9) { throw new UnsupportedOperationException("No se soportan mas de 10 contrafirmas en una misma firma"); //$NON-NLS-1$ } // AlgorithmIdentifier final AlgorithmIdentifier digAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithm)); // digEncryptionAlgorithm final AlgorithmIdentifier encAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID("RSA")); //$NON-NLS-1$ // 5. SIGNERINFO // raiz de la secuencia de SignerInfo final TBSCertificateStructure tbs = TBSCertificateStructure .getInstance(ASN1Primitive.fromByteArray(((X509Certificate) certChain[0]).getTBSCertificate())); final IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(X500Name.getInstance(tbs.getIssuer()), tbs.getSerialNumber().getValue()); final SignerIdentifier identifier = new SignerIdentifier(encSid); // UNAUTHENTICATEDATTRIBUTES final ASN1Set unsignedAttr = SigUtils.getAttributeSet(new AttributeTable(contextExcepcific)); return new SignerInfo(identifier, digAlgId, unsignedAttr, encAlgId, sign2, null); }
From source file:es.gob.afirma.signers.pkcs7.ReadNodesTree.java
License:Open Source License
/** Genera el árbol que representa las firmas. * @param data//ww w .jav a 2 s. c om * Archivo que contiene la firma. * @param asSimpleSignInfo * Indica si deben extraerse informacion básica de la * firma o solo los nombres. * @return Un modelo de árbol. * @throws java.io.IOException * Si ocurre algún problema leyendo o escribiendo los * datos */ public AOTreeModel readNodesTree(final byte[] data, final boolean asSimpleSignInfo) throws IOException { // LEEMOS EL FICHERO QUE NOS INTRODUCEN final ASN1InputStream is = new ASN1InputStream(data); final ASN1Sequence dsq = (ASN1Sequence) is.readObject(); is.close(); final Enumeration<?> contentsData = dsq.getObjects(); // Elementos que contienen los elementos OID SignedData contentsData.nextElement(); // Contenido de SignedData final ASN1TaggedObject doj = (ASN1TaggedObject) contentsData.nextElement(); final ASN1Sequence contentSignedData = (ASN1Sequence) doj.getObject(); // Raiz de la secuencia de SignerInfo // Obtenemos los signerInfos del SignedData ASN1Set signerInfosSd = null; ASN1Set certificates = null; try { final SignedData sd = SignedData.getInstance(contentSignedData); signerInfosSd = sd.getSignerInfos(); certificates = sd.getCertificates(); } catch (final Exception e) { LOGGER.severe("Error obteniendo los SignerInfos del SignedData: " + e); //$NON-NLS-1$ } // Para la creacion del arbol final AOTreeNode raiz = new AOTreeNode("Datos"); //$NON-NLS-1$ // introducimos el nuevo SignerInfo del firmante actual. if (asSimpleSignInfo && signerInfosSd != null) { for (int i = 0; i < signerInfosSd.size(); i++) { final ASN1Sequence atribute = (ASN1Sequence) signerInfosSd.getObjectAt(i); final IssuerAndSerialNumber issuerSerial = IssuerAndSerialNumber .getInstance(atribute.getObjectAt(1)); final X509Certificate[] nameSigner = searchCert(certificates, issuerSerial.getSerialNumber()); final SignerInfo si = SignerInfo.getInstance(atribute); final Date signingTime = getSigningTime(si); final AOSimpleSignInfo aossi = new AOSimpleSignInfo(nameSigner, signingTime); aossi.setPkcs1(si.getEncryptedDigest().getOctets()); this.rama = new AOTreeNode(aossi); this.listaCert.add(nameSigner); getUnsignedAtributesWithCertificates(si.getUnauthenticatedAttributes(), this.rama, certificates); raiz.add(this.rama); } } else if (signerInfosSd != null) { for (int i = 0; i < signerInfosSd.size(); i++) { final ASN1Sequence atribute = (ASN1Sequence) signerInfosSd.getObjectAt(i); final IssuerAndSerialNumber issuerSerial = IssuerAndSerialNumber .getInstance(atribute.getObjectAt(1)); final String nameSigner = searchName(certificates, issuerSerial.getSerialNumber()); final SignerInfo si = SignerInfo.getInstance(atribute); this.rama = new AOTreeNode(nameSigner); this.lista.add(nameSigner); getUnsignedAtributes(si.getUnauthenticatedAttributes(), this.rama, certificates); raiz.add(this.rama); } } return new AOTreeModel(raiz); }
From source file:es.gob.afirma.signers.pkcs7.ReadNodesTree.java
License:Open Source License
/** Método para obtener las contrafirmas. * @param signerInfouAtrib//from www. ja v a 2 s .c o m * Atributos en los que puede estar la contrafirma. * @param ramahija * Rama hija donde buscar los siguientes nodos. * @param certificates * Certificados. */ private void getUnsignedAtributesWithCertificates(final ASN1Set signerInfouAtrib, final AOTreeNode ramahija, final ASN1Set certificates) { if (signerInfouAtrib != null) { final Enumeration<?> eAtributes = signerInfouAtrib.getObjects(); while (eAtributes.hasMoreElements()) { final Attribute data = Attribute.getInstance(eAtributes.nextElement()); if (!data.getAttrType().equals(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) { final ASN1Set setInto = data.getAttrValues(); final Enumeration<?> eAtributesData = setInto.getObjects(); while (eAtributesData.hasMoreElements()) { final Object obj = eAtributesData.nextElement(); if (obj instanceof ASN1Sequence) { final ASN1Sequence atrib = (ASN1Sequence) obj; final IssuerAndSerialNumber issuerSerial = IssuerAndSerialNumber .getInstance(atrib.getObjectAt(1)); final SignerInfo si = SignerInfo.getInstance(atrib); final X509Certificate[] nameSigner = searchCert(certificates, issuerSerial.getSerialNumber()); final Date signingTime = getSigningTime(si); final AOSimpleSignInfo aossi = new AOSimpleSignInfo(nameSigner, signingTime); aossi.setPkcs1(si.getEncryptedDigest().getOctets()); this.rama2 = new AOTreeNode(aossi); this.listaCert.add(nameSigner); ramahija.add(this.rama2); getUnsignedAtributesWithCertificates(si.getUnauthenticatedAttributes(), this.rama2, certificates); } } } } } }
From source file:eu.europa.ec.markt.dss.signature.cades.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * 3) Fields version, sid, digestAlgorithm, signedAttrs, signatureAlgorithm, and * signature within the SignedData.signerInfoss item corresponding to the signature being archive * time-stamped, in their order of appearance. * * @param signerInformation//from w w w. j a va2 s .c o m * @return */ private byte[] geSignedFields(SignerInformation signerInformation) { final SignerInfo signerInfo = signerInformation.toASN1Structure(); final ASN1Integer version = signerInfo.getVersion(); final SignerIdentifier sid = signerInfo.getSID(); final AlgorithmIdentifier digestAlgorithm = signerInfo.getDigestAlgorithm(); final ASN1TaggedObject signedAttributes = new DERTaggedObject(false, 0, new DERSequence(signerInfo.getAuthenticatedAttributes().toArray())); final AlgorithmIdentifier digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm(); final ASN1OctetString encryptedDigest = signerInfo.getEncryptedDigest(); final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); try { final byte[] derEncodedVersion = DSSASN1Utils.getDEREncoded(version); final byte[] derEncodedSid = DSSASN1Utils.getDEREncoded(sid); final byte[] derEncodedDigestAlgo = DSSASN1Utils.getDEREncoded(digestAlgorithm); final byte[] derEncodedSignedAttributes = DSSASN1Utils.getDEREncoded(signedAttributes); final byte[] derEncodedDigestEncryptionAlgo = DSSASN1Utils.getDEREncoded(digestEncryptionAlgorithm); final byte[] derEncodedEncryptedDigest = DSSASN1Utils.getDEREncoded(encryptedDigest); if (LOG.isDebugEnabled()) { LOG.debug("getSignedFields Version={}", DSSUtils.encodeHexString(derEncodedVersion)); LOG.debug("getSignedFields Sid={}", DSSUtils.encodeHexString(derEncodedSid)); LOG.debug("getSignedFields DigestAlgo={}", DSSUtils.encodeHexString(derEncodedDigestAlgo)); LOG.debug("getSignedFields SignedAttributes={}", DSSUtils.encodeHexString(derEncodedSignedAttributes)); // bad LOG.debug("getSignedFields DigestEncryptionAlgo={}", DSSUtils.encodeHexString(derEncodedDigestEncryptionAlgo)); LOG.debug("getSignedFields EncryptedDigest={}", DSSUtils.encodeHexString(derEncodedEncryptedDigest)); } byteArrayOutputStream.write(derEncodedVersion); byteArrayOutputStream.write(derEncodedSid); byteArrayOutputStream.write(derEncodedDigestAlgo); byteArrayOutputStream.write(derEncodedSignedAttributes); byteArrayOutputStream.write(derEncodedDigestEncryptionAlgo); byteArrayOutputStream.write(derEncodedEncryptedDigest); return byteArrayOutputStream.toByteArray(); } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
/** * Copied from org.bouncycastle.asn1.cms.SignerInfo#toASN1Object() and adapted to be able to use the custom unauthenticatedAttributes * * @param signerInfo//from w w w. ja va2s. c om * @param unauthenticatedAttributes * @return */ private ASN1Sequence getSignerInfoEncoded(SignerInfo signerInfo, ASN1Encodable unauthenticatedAttributes) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(signerInfo.getVersion()); v.add(signerInfo.getSID()); v.add(signerInfo.getDigestAlgorithm()); if (signerInfo.getAuthenticatedAttributes() != null) { v.add(new DERTaggedObject(false, 0, signerInfo.getAuthenticatedAttributes())); } v.add(signerInfo.getDigestEncryptionAlgorithm()); v.add(signerInfo.getEncryptedDigest()); if (unauthenticatedAttributes != null) { v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes)); } return new DERSequence(v); }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * 3) Fields version, sid, digestAlgorithm, signedAttrs, signatureAlgorithm, and * signature within the SignedData.signerInfoss item corresponding to the signature being archive * time-stamped, in their order of appearance. * * @param signerInformation//from www. ja va 2 s . co m * @return */ private byte[] getSignedFields(final SignerInformation signerInformation) { final SignerInfo signerInfo = signerInformation.toASN1Structure(); final ASN1Integer version = signerInfo.getVersion(); final SignerIdentifier sid = signerInfo.getSID(); final AlgorithmIdentifier digestAlgorithm = signerInfo.getDigestAlgorithm(); final DERTaggedObject signedAttributes = CMSUtils.getDERSignedAttributes(signerInformation); final AlgorithmIdentifier digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm(); final ASN1OctetString encryptedDigest = signerInfo.getEncryptedDigest(); final byte[] derEncodedVersion = DSSASN1Utils.getDEREncoded(version); final byte[] derEncodedSid = DSSASN1Utils.getDEREncoded(sid); final byte[] derEncodedDigestAlgorithm = DSSASN1Utils.getDEREncoded(digestAlgorithm); final byte[] derEncodedSignedAttributes = DSSASN1Utils.getDEREncoded(signedAttributes); final byte[] derEncodedDigestEncryptionAlgorithm = DSSASN1Utils.getDEREncoded(digestEncryptionAlgorithm); final byte[] derEncodedEncryptedDigest = DSSASN1Utils.getDEREncoded(encryptedDigest); if (LOG.isDebugEnabled()) { LOG.debug("getSignedFields Version={}", Base64.decodeBase64(derEncodedVersion)); LOG.debug("getSignedFields Sid={}", Base64.decodeBase64(derEncodedSid)); LOG.debug("getSignedFields DigestAlgorithm={}", Base64.decodeBase64(derEncodedDigestAlgorithm)); LOG.debug("getSignedFields SignedAttributes={}", Hex.encodeHexString(derEncodedSignedAttributes)); LOG.debug("getSignedFields DigestEncryptionAlgorithm={}", Base64.decodeBase64(derEncodedDigestEncryptionAlgorithm)); LOG.debug("getSignedFields EncryptedDigest={}", Base64.decodeBase64(derEncodedEncryptedDigest)); } final byte[] concatenatedArrays = DSSUtils.concatenate(derEncodedVersion, derEncodedSid, derEncodedDigestAlgorithm, derEncodedSignedAttributes, derEncodedDigestEncryptionAlgorithm, derEncodedEncryptedDigest); return concatenatedArrays; }
From source file:eu.europa.esig.dss.cades.signature.CAdESLevelBETSITS101733Test.java
License:Open Source License
@Override protected void onDocumentSigned(byte[] byteArray) { try {/* ww w . ja va 2 s . c om*/ CAdESSignature signature = new CAdESSignature(byteArray); assertNotNull(signature.getCmsSignedData()); ASN1InputStream asn1sInput = new ASN1InputStream(byteArray); ASN1Sequence asn1Seq = (ASN1Sequence) asn1sInput.readObject(); logger.info("SEQ : " + asn1Seq.toString()); assertEquals(2, asn1Seq.size()); ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(asn1Seq.getObjectAt(0)); assertEquals(PKCSObjectIdentifiers.signedData, oid); logger.info("OID : " + oid.toString()); ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(asn1Seq.getObjectAt(1)); logger.info("TAGGED OBJ : " + taggedObj.toString()); ASN1Primitive object = taggedObj.getObject(); logger.info("OBJ : " + object.toString()); SignedData signedData = SignedData.getInstance(object); logger.info("SIGNED DATA : " + signedData.toString()); ASN1Set digestAlgorithms = signedData.getDigestAlgorithms(); logger.info("DIGEST ALGOS : " + digestAlgorithms.toString()); ContentInfo encapContentInfo = signedData.getEncapContentInfo(); logger.info("ENCAPSULATED CONTENT INFO : " + encapContentInfo.getContentType() + " " + encapContentInfo.getContent()); ASN1Set certificates = signedData.getCertificates(); logger.info("CERTIFICATES (" + certificates.size() + ") : " + certificates); List<X509Certificate> foundCertificates = new ArrayList<X509Certificate>(); for (int i = 0; i < certificates.size(); i++) { ASN1Sequence seqCertif = ASN1Sequence.getInstance(certificates.getObjectAt(i)); logger.info("SEQ cert " + i + " : " + seqCertif); X509CertificateHolder certificateHolder = new X509CertificateHolder(seqCertif.getEncoded()); CertificateToken certificate = DSSASN1Utils.getCertificate(certificateHolder); X509Certificate x509Certificate = certificate.getCertificate(); x509Certificate.checkValidity(); logger.info("Cert " + i + " : " + certificate); foundCertificates.add(x509Certificate); } ASN1Set crLs = signedData.getCRLs(); logger.info("CRLs : " + crLs); ASN1Set signerInfosAsn1 = signedData.getSignerInfos(); logger.info("SIGNER INFO ASN1 : " + signerInfosAsn1.toString()); assertEquals(1, signerInfosAsn1.size()); ASN1Sequence seqSignedInfo = ASN1Sequence.getInstance(signerInfosAsn1.getObjectAt(0)); SignerInfo signedInfo = SignerInfo.getInstance(seqSignedInfo); logger.info("SIGNER INFO : " + signedInfo.toString()); SignerIdentifier sid = signedInfo.getSID(); logger.info("SIGNER IDENTIFIER : " + sid.getId()); IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(signedInfo.getSID()); logger.info("ISSUER AND SN : " + issuerAndSerialNumber.toString()); BigInteger serial = issuerAndSerialNumber.getSerialNumber().getValue(); X509Certificate signerCertificate = null; for (X509Certificate x509Certificate : foundCertificates) { // TODO check issuer name if (serial.equals(x509Certificate.getSerialNumber())) { signerCertificate = x509Certificate; } } assertNotNull(signerCertificate); ASN1OctetString encryptedDigest = signedInfo.getEncryptedDigest(); logger.info("ENCRYPT DIGEST : " + encryptedDigest.toString()); ASN1Sequence seq = ASN1Sequence.getInstance(object); ASN1Integer version = ASN1Integer.getInstance(seq.getObjectAt(0)); logger.info("VERSION : " + version.toString()); ASN1Set digestManualSet = ASN1Set.getInstance(seq.getObjectAt(1)); logger.info("DIGEST SET : " + digestManualSet.toString()); assertEquals(digestAlgorithms, digestManualSet); ASN1Sequence seqDigest = ASN1Sequence.getInstance(digestManualSet.getObjectAt(0)); // assertEquals(1, seqDigest.size()); ASN1ObjectIdentifier oidDigestAlgo = ASN1ObjectIdentifier.getInstance(seqDigest.getObjectAt(0)); assertEquals(new ASN1ObjectIdentifier(DigestAlgorithm.SHA256.getOid()), oidDigestAlgo); ASN1Sequence seqEncapsulatedInfo = ASN1Sequence.getInstance(seq.getObjectAt(2)); logger.info("ENCAPSULATED INFO : " + seqEncapsulatedInfo.toString()); ASN1ObjectIdentifier oidContentType = ASN1ObjectIdentifier .getInstance(seqEncapsulatedInfo.getObjectAt(0)); logger.info("OID CONTENT TYPE : " + oidContentType.toString()); ASN1TaggedObject taggedContent = DERTaggedObject.getInstance(seqEncapsulatedInfo.getObjectAt(1)); ASN1OctetString contentOctetString = ASN1OctetString.getInstance(taggedContent.getObject()); String content = new String(contentOctetString.getOctets()); assertEquals(HELLO_WORLD, content); logger.info("CONTENT : " + content); byte[] digest = DSSUtils.digest(DigestAlgorithm.SHA256, HELLO_WORLD.getBytes()); String encodeHexDigest = Hex.toHexString(digest); logger.info("CONTENT DIGEST COMPUTED : " + encodeHexDigest); ASN1Set authenticatedAttributes = signedInfo.getAuthenticatedAttributes(); logger.info("AUTHENTICATED ATTRIBUTES : " + authenticatedAttributes.toString()); // ASN1Sequence seqAuthAttrib = ASN1Sequence.getInstance(authenticatedAttributes.getObjectAt(0)); logger.info("Nb Auth Attributes : " + authenticatedAttributes.size()); String embeddedDigest = ""; for (int i = 0; i < authenticatedAttributes.size(); i++) { ASN1Sequence authAttrSeq = ASN1Sequence.getInstance(authenticatedAttributes.getObjectAt(i)); logger.info(authAttrSeq.toString()); ASN1ObjectIdentifier attrOid = ASN1ObjectIdentifier.getInstance(authAttrSeq.getObjectAt(0)); if (PKCSObjectIdentifiers.pkcs_9_at_messageDigest.equals(attrOid)) { ASN1Set setMessageDigest = ASN1Set.getInstance(authAttrSeq.getObjectAt(1)); ASN1OctetString asn1ObjString = ASN1OctetString.getInstance(setMessageDigest.getObjectAt(0)); embeddedDigest = Hex.toHexString(asn1ObjString.getOctets()); } } assertEquals(encodeHexDigest, embeddedDigest); ASN1OctetString encryptedInfoOctedString = signedInfo.getEncryptedDigest(); String signatureValue = Hex.toHexString(encryptedInfoOctedString.getOctets()); logger.info("SIGNATURE VALUE : " + signatureValue); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, signerCertificate); byte[] decrypted = cipher.doFinal(encryptedInfoOctedString.getOctets()); ASN1InputStream inputDecrypted = new ASN1InputStream(decrypted); ASN1Sequence seqDecrypt = (ASN1Sequence) inputDecrypted.readObject(); logger.info("Decrypted : " + seqDecrypt); DigestInfo digestInfo = new DigestInfo(seqDecrypt); assertEquals(oidDigestAlgo, digestInfo.getAlgorithmId().getAlgorithm()); String decryptedDigestEncodeBase64 = Utils.toBase64(digestInfo.getDigest()); logger.info("Decrypted Base64 : " + decryptedDigestEncodeBase64); byte[] encoded = signedInfo.getAuthenticatedAttributes().getEncoded(); MessageDigest messageDigest = MessageDigest.getInstance(DigestAlgorithm.SHA256.getName()); byte[] digestOfAuthenticatedAttributes = messageDigest.digest(encoded); String computedDigestEncodeBase64 = Utils.toBase64(digestOfAuthenticatedAttributes); logger.info("Computed Base64 : " + computedDigestEncodeBase64); assertEquals(decryptedDigestEncodeBase64, computedDigestEncodeBase64); Utils.closeQuietly(asn1sInput); Utils.closeQuietly(inputDecrypted); } catch (Exception e) { logger.error(e.getMessage(), e); fail(e.getMessage()); } }