List of usage examples for org.bouncycastle.asn1.esf CrlOcspRef CrlOcspRef
public CrlOcspRef(CrlListID crlids, OcspListID ocspids, OtherRevRefs otherRev)
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileC.java
License:Open Source License
private Hashtable<ASN1ObjectIdentifier, ASN1Encodable> extendUnsignedAttributes( Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs, X509Certificate signingCertificate, SignatureParameters parameters, Date signingTime, CertificateSource optionalCertificateSource) throws IOException { ValidationContext validationContext = certificateVerifier.validateCertificate(signingCertificate, signingTime,//from w w w. j a v a 2 s .c o m new CompositeCertificateSource(new ListCertificateSource(parameters.getCertificateChain()), optionalCertificateSource), null, null); try { ArrayList<OtherCertID> completeCertificateRefs = new ArrayList<OtherCertID>(); ArrayList<CrlOcspRef> completeRevocationRefs = new ArrayList<CrlOcspRef>(); /* * The ETSI TS 101 733 stipulates (6.2.1): "It references the full set of CA certificates that have been * used to validate an ES with Complete validation data up to (but not including) the signer's certificate. * [...] NOTE 1: The signer's certificate is referenced in the signing certificate attribute (see clause * 5.7.3)." (6.2.1) * * "The second and subsequent CrlOcspRef fields shall be in the same order as the OtherCertID to which they * relate." (6.2.2) * * Also, no mention of the way to order those second and subsequent fields, so we add the certificates as * provided by the context. */ /* The SignedCertificate is in validationContext.getCertificate() */ for (CertificateAndContext c : validationContext.getNeededCertificates()) { /* * Add every certificate except the signing certificate */ if (!c.equals(signingCertificate)) { completeCertificateRefs.add(makeOtherCertID(c.getCertificate())); // certificateValues.add(new X509CertificateStructure((ASN1Sequence) ASN1Object.fromByteArray(c // .getCertificate().getEncoded()))); } ArrayList<CrlValidatedID> crlListIdValues = new ArrayList<CrlValidatedID>(); ArrayList<OcspResponsesID> ocspListIDValues = new ArrayList<OcspResponsesID>(); /* * Record each CRL and OCSP with a reference to the corresponding certificate */ for (CRL relatedcrl : validationContext.getRelatedCRLs(c)) { crlListIdValues.add(makeCrlValidatedID((X509CRL) relatedcrl)); } for (BasicOCSPResp relatedocspresp : validationContext.getRelatedOCSPResp(c)) { ocspListIDValues.add(makeOcspResponsesID(relatedocspresp)); } CrlValidatedID[] crlListIdArray = new CrlValidatedID[crlListIdValues.size()]; OcspResponsesID[] ocspListIDArray = new OcspResponsesID[ocspListIDValues.size()]; completeRevocationRefs.add(new CrlOcspRef(new CrlListID(crlListIdValues.toArray(crlListIdArray)), new OcspListID(ocspListIDValues.toArray(ocspListIDArray)), null)); } OtherCertID[] otherCertIDArray = new OtherCertID[completeCertificateRefs.size()]; CrlOcspRef[] crlOcspRefArray = new CrlOcspRef[completeRevocationRefs.size()]; unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_certificateRefs, new Attribute(PKCSObjectIdentifiers.id_aa_ets_certificateRefs, new DERSet(new DERSequence(completeCertificateRefs.toArray(otherCertIDArray))))); unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_revocationRefs, new Attribute(PKCSObjectIdentifiers.id_aa_ets_revocationRefs, new DERSet(new DERSequence(completeRevocationRefs.toArray(crlOcspRefArray))))); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (OCSPException e) { throw new RuntimeException(e); } catch (IOException e) { throw new RuntimeException(e); } catch (CRLException e) { throw new RuntimeException(e); } return unsignedAttrs; }