List of usage examples for org.bouncycastle.asn1 DEROctetString DEROctetString
public DEROctetString(ASN1Encodable obj) throws IOException
From source file:eu.europa.ec.markt.dss.validation102853.ocsp.OnlineOCSPSource.java
License:Open Source License
private byte[] buildOCSPRequest(final X509Certificate x509Certificate, final X509Certificate issuerX509Certificate) throws DSSException { try {/* ww w. j a v a 2 s .com*/ final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(x509Certificate, issuerX509Certificate); final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); ocspReqBuilder.addRequest(certId); /* * The nonce extension is used to bind a request to a response to prevent replay attacks. */ if (ADD_NONCE) { final long currentTimeNonce = System.currentTimeMillis(); nonce = new DEROctetString(DSSUtils.toByteArray(currentTimeNonce)); final Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonce); final Extensions extensions = new Extensions(extension); ocspReqBuilder.setRequestExtensions(extensions); } final OCSPReq ocspReq = ocspReqBuilder.build(); final byte[] ocspReqData = ocspReq.getEncoded(); return ocspReqData; } catch (OCSPException e) { throw new DSSException(e); } catch (IOException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.cades.signature.CAdESLevelBaselineB.java
License:Open Source License
private void addSignaturePolicyId(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) { Policy policy = parameters.bLevel().getSignaturePolicy(); if (policy != null) { final String policyId = policy.getId(); SignaturePolicyIdentifier sigPolicy = null; if (StringUtils.isEmpty(policyId)) {// implicit sigPolicy = new SignaturePolicyIdentifier(); } else { // explicit final ASN1ObjectIdentifier derOIPolicyId = new ASN1ObjectIdentifier(policyId); final ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(policy.getDigestAlgorithm().getOid()); final AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(oid); OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, new DEROctetString(policy.getDigestValue())); if (StringUtils.isNotEmpty(policy.getSpuri())) { SigPolicyQualifierInfo policyQualifierInfo = new SigPolicyQualifierInfo( PKCSObjectIdentifiers.id_spq_ets_uri, new DERUTF8String(policy.getSpuri())); SigPolicyQualifierInfo[] qualifierInfos = new SigPolicyQualifierInfo[] { policyQualifierInfo }; SigPolicyQualifiers qualifiers = new SigPolicyQualifiers(qualifierInfos); sigPolicy = new SignaturePolicyIdentifier( new SignaturePolicyId(derOIPolicyId, otherHashAlgAndValue, qualifiers)); } else { sigPolicy = new SignaturePolicyIdentifier( new SignaturePolicyId(derOIPolicyId, otherHashAlgAndValue)); }//from ww w .j a v a 2 s .c om } final DERSet attrValues = new DERSet(sigPolicy); final Attribute attribute = new Attribute(id_aa_ets_sigPolicyId, attrValues); signedAttributes.add(attribute); } }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field certificatesHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of CertificateChoices within certificates field of the root SignedData. A hash value for * every instance of CertificateChoices, as present at the time when the corresponding archive time-stamp is * requested, shall be included in certificatesHashIndex. No other hash value shall be included in this field. * * @return/* w w w .j a va 2 s. c om*/ * @throws eu.europa.esig.dss.DSSException */ private ASN1Sequence getCertificatesHashIndex() throws DSSException { final ASN1EncodableVector certificatesHashIndexVector = new ASN1EncodableVector(); final List<CertificateToken> certificateTokens = cadesSignature.getCertificates(); for (final CertificateToken certificateToken : certificateTokens) { final byte[] encodedCertificate = certificateToken.getEncoded(); final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, encodedCertificate); if (LOG.isDebugEnabled()) { LOG.debug("Adding to CertificatesHashIndex DSS-Identifier: {} with hash {}", certificateToken.getDSSId(), Hex.encodeHexString(digest)); } final DEROctetString derOctetStringDigest = new DEROctetString(digest); certificatesHashIndexVector.add(derOctetStringDigest); } return new DERSequence(certificatesHashIndexVector); }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field certificatesHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of CertificateChoices within certificates field of the root SignedData. A hash value for * every instance of CertificateChoices, as present at the time when the corresponding archive time-stamp is * requested, shall be included in certificatesHashIndex. No other hash value shall be included in this field. * * @return//from ww w . j a va2s . com * @throws eu.europa.esig.dss.DSSException */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedCertificatesHashIndex(TimestampToken timestampToken) throws DSSException { final ASN1Sequence certHashes = getCertificatesHashIndex(timestampToken); final List<DEROctetString> certHashesList = new ArrayList<DEROctetString>(); if (certHashes != null) { certHashesList.addAll(Collections.list(certHashes.getObjects())); } final List<CertificateToken> certificates = cadesSignature.getCertificatesWithinSignatureAndTimestamps(); for (final CertificateToken certificateToken : certificates) { final byte[] encodedCertificate = certificateToken.getEncoded(); final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, encodedCertificate); final DEROctetString derOctetStringDigest = new DEROctetString(digest); if (certHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp LOG.debug("Cert {} present in timestamp", certificateToken.getAbbreviation()); } else { LOG.debug("Cert {} not present in timestamp", certificateToken.getAbbreviation()); } } if (!certHashesList.isEmpty()) { LOG.error("{} attribute hash in Cert Hashes have not been found in document attributes: {}", certHashesList.size(), certHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } return certHashes; }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
private void digestAndAddToList(ASN1EncodableVector crlsHashIndex, byte[] encoded) { final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding to crlsHashIndex with hash {}", Hex.encodeHexString(digest)); }/*w ww. j a v a 2 s. co m*/ final DEROctetString derOctetStringDigest = new DEROctetString(digest); crlsHashIndex.add(derOctetStringDigest); }
From source file:eu.europa.esig.dss.cades.signature.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
private void handleRevocationEncoded(List<DEROctetString> crlHashesList, byte[] ocspHolderEncoded) { final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, ocspHolderEncoded); final DEROctetString derOctetStringDigest = new DEROctetString(digest); if (crlHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp if (LOG.isDebugEnabled()) { LOG.debug("CRL/OCSP present in timestamp {}", DSSUtils.toHex(derOctetStringDigest.getOctets())); }//from w w w . ja v a 2s .co m } else { if (LOG.isDebugEnabled()) { LOG.debug("CRL/OCSP not present in timestamp {}", DSSUtils.toHex(derOctetStringDigest.getOctets())); } } }
From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java
License:Open Source License
private byte[] buildOCSPRequest(final CertificateID certId) throws DSSException { try {// ww w . ja v a 2s.co m final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); ocspReqBuilder.addRequest(certId); /* * The nonce extension is used to bind a request to a response to prevent replay attacks. * RFC 6960 (OCSP) section 4.1.2 such extensions SHOULD NOT be flagged as critical */ if (nonceSource != null) { Extension extension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonceSource.getNonce().toByteArray())); Extensions extensions = new Extensions(extension); ocspReqBuilder.setRequestExtensions(extensions); } final OCSPReq ocspReq = ocspReqBuilder.build(); final byte[] ocspReqData = ocspReq.getEncoded(); return ocspReqData; } catch (OCSPException e) { throw new DSSException("Cannot build OCSP Request", e); } catch (IOException e) { throw new DSSException("Cannot build OCSP Request", e); } }
From source file:eu.europa.esig.dss.cookbook.sources.AlwaysValidOCSPSource.java
License:Open Source License
public OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws DSSException { try {//from w w w .j a v a 2 s . c om final DigestCalculator digestCalculator = DSSRevocationUtils.getSHA1DigestCalculator(); // Generate the id for the certificate we are looking for CertificateID id = new CertificateID(digestCalculator, new X509CertificateHolder(issuerCert.getEncoded()), serialNumber); // basic request generation with nonce OCSPReqBuilder ocspGen = new OCSPReqBuilder(); ocspGen.addRequest(id); // create details for nonce extension BigInteger nonce = BigInteger.valueOf(ocspDate.getTime()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); ocspGen.setRequestExtensions(new Extensions(new Extension[] { ext })); return ocspGen.build(); } catch (OCSPException e) { throw new DSSException(e); } catch (IOException e) { throw new DSSException(e); } catch (CertificateEncodingException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.DSSRevocationUtils.java
License:Open Source License
/** * Convert a BasicOCSPResp in OCSPResp (connection status is set to * SUCCESSFUL).//from w ww . java 2 s. com * * @param basicOCSPResp * @return */ public static final OCSPResp fromBasicToResp(final byte[] basicOCSPResp) { final OCSPResponseStatus responseStatus = new OCSPResponseStatus(OCSPResponseStatus.SUCCESSFUL); final DEROctetString derBasicOCSPResp = new DEROctetString(basicOCSPResp); final ResponseBytes responseBytes = new ResponseBytes(OCSPObjectIdentifiers.id_pkix_ocsp_basic, derBasicOCSPResp); final OCSPResponse ocspResponse = new OCSPResponse(responseStatus, responseBytes); final OCSPResp ocspResp = new OCSPResp(ocspResponse); // !!! todo to be checked: System.out.println("===> RECREATED: " + // ocspResp.hashCode()); return ocspResp; }
From source file:eu.europa.esig.dss.pades.signature.PAdESLevelBaselineB.java
License:Open Source License
AttributeTable getSignedAttributes(Map params, CAdESLevelBaselineB cadesProfile,
PAdESSignatureParameters parameters, byte[] messageDigest) {
AttributeTable signedAttributes = cadesProfile.getSignedAttributes(parameters);
if (signedAttributes.get(CMSAttributes.contentType) == null) {
ASN1ObjectIdentifier contentType = (ASN1ObjectIdentifier) params
.get(CMSAttributeTableGenerator.CONTENT_TYPE);
// contentType will be null if we're trying to generate a counter signature.
if (contentType != null) {
signedAttributes = signedAttributes.add(CMSAttributes.contentType, contentType);
}//from w ww .ja v a 2s . co m
}
if (signedAttributes.get(CMSAttributes.messageDigest) == null) {
signedAttributes = signedAttributes.add(CMSAttributes.messageDigest, new DEROctetString(messageDigest));
}
return signedAttributes;
}