List of usage examples for org.bouncycastle.asn1.esf RevocationValues getCrlVals
public CertificateList[] getCrlVals()
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESCRLSource.java
License:Open Source License
@SuppressWarnings("unchecked") @Override/*from w ww . j a va2 s.co m*/ public List<X509CRL> getCRLsFromSignature() { List<X509CRL> list = new ArrayList<X509CRL>(); try { // Add certificates contained in SignedData for (CertificateList cl : (Collection<CertificateList>) cmsSignedData.getCRLs().getMatches(null)) { X509CRLObject crl = new X509CRLObject(cl); list.add(crl); } // Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present SignerInformation si = cmsSignedData.getSignerInfos().get(signerId); if (si != null && si.getUnsignedAttributes() != null && si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationValues) != null) { RevocationValues revValues = RevocationValues.getInstance(si.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_revocationValues).getAttrValues().getObjectAt(0)); for (CertificateList crlObj : revValues.getCrlVals()) { X509CRLObject crl = new X509CRLObject(crlObj); list.add(crl); } } } catch (StoreException e) { throw new RuntimeException(e); } catch (CRLException e) { throw new RuntimeException(e); } return list; }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESCRLSource.java
License:Open Source License
private void extract() { x509CRLList = new ArrayList<X509CRL>(); // Adds CRLs contained in SignedData final Store crLs = cmsSignedData.getCRLs(); final Collection<X509CRLHolder> collection = (Collection<X509CRLHolder>) crLs.getMatches(null); for (final X509CRLHolder x509CRLHolder : collection) { final X509CRL x509CRL = DSSUtils.toX509CRL(x509CRLHolder); addCRLToken(x509CRL);//from ww w .j a va2 s .c o m } // Adds CRLs in -XL ... inside SignerInfo attribute if present if (signerInformation != null) { final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes != null) { /* ETSI TS 101 733 V2.2.1 (2013-04) page 43 6.3.4 revocation-values Attribute Definition This attribute is used to contain the revocation information required for the following forms of extended electronic signature: CAdES-X Long, ES X-Long Type 1, and CAdES-X Long Type 2, see clause B.1.1 for an illustration of this form of electronic signature. The revocation-values attribute is an unsigned attribute. Only a single instance of this attribute shall occur with an electronic signature. It holds the values of CRLs and OCSP referenced in the complete-revocation-references attribute. RevocationValues ::= SEQUENCE { crlVals [0] SEQUENCE OF CertificateList OPTIONAL, ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, otherRevVals [2] OtherRevVals OPTIONAL} */ final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationValues); if (attribute != null) { final ASN1Set attrValues = attribute.getAttrValues(); final ASN1Encodable attValue = attrValues.getObjectAt(0); final RevocationValues revValues = RevocationValues.getInstance(attValue); for (final CertificateList revValue : revValues.getCrlVals()) { addCRLToken(revValue); } } } /* TODO (pades): Read revocation data from from unsigned attribute 1.2.840.113583.1.1.8 In the PKCS #7 object of a digital signature in a PDF file, identifies a signed attribute that "can include all the revocation information that is necessary to carry out revocation checks for the signer's certificate and its issuer certificates." Defined as adbe-revocationInfoArchival { adbe(1.2.840.113583) acrobat(1) security(1) 8 } in "PDF Reference, fifth edition: Adobe Portable Document Format, Version 1.6" Adobe Systems Incorporated, 2004. http://partners.adobe.com/public/developer/en/pdf/PDFReference16.pdf page 698 RevocationInfoArchival ::= SEQUENCE { crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL } OtherRevInfo ::= SEQUENCE { Type OBJECT IDENTIFIER Value OCTET STRING } */ // TODO: (Bob: 2013 Dec 03) --> NICOLAS: Is there any other container within the CAdES signature with revocation data? (ie: timestamp) } }
From source file:eu.europa.esig.dss.cades.validation.CAdESCRLSource.java
License:Open Source License
private void extract() { x509CRLList = new ArrayList<X509CRL>(); // Adds CRLs contained in SignedData final Store<X509CRLHolder> crLs = cmsSignedData.getCRLs(); final Collection<X509CRLHolder> collection = crLs.getMatches(null); for (final X509CRLHolder x509CRLHolder : collection) { final X509CRL x509CRL = DSSUtils.toX509CRL(x509CRLHolder); addCRLToken(x509CRL);/*from w ww.j av a 2 s . c o m*/ } // Adds CRLs in -XL ... inside SignerInfo attribute if present if (signerInformation != null) { final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes != null) { /* ETSI TS 101 733 V2.2.1 (2013-04) page 43 6.3.4 revocation-values Attribute Definition This attribute is used to contain the revocation information required for the following forms of extended electronic signature: CAdES-X Long, ES X-Long Type 1, and CAdES-X Long Type 2, see clause B.1.1 for an illustration of this form of electronic signature. The revocation-values attribute is an unsigned attribute. Only a single instance of this attribute shall occur with an electronic signature. It holds the values of CRLs and OCSP referenced in the complete-revocation-references attribute. RevocationValues ::= SEQUENCE { crlVals [0] SEQUENCE OF CertificateList OPTIONAL, ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, otherRevVals [2] OtherRevVals OPTIONAL} */ final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationValues); if (attribute != null) { final ASN1Set attrValues = attribute.getAttrValues(); final ASN1Encodable attValue = attrValues.getObjectAt(0); final RevocationValues revValues = RevocationValues.getInstance(attValue); for (final CertificateList revValue : revValues.getCrlVals()) { addCRLToken(revValue); } } } /* TODO (pades): Read revocation data from from unsigned attribute 1.2.840.113583.1.1.8 In the PKCS #7 object of a digital signature in a PDF file, identifies a signed attribute that "can include all the revocation information that is necessary to carry out revocation checks for the signer's certificate and its issuer certificates." Defined as adbe-revocationInfoArchival { adbe(1.2.840.113583) acrobat(1) security(1) 8 } in "PDF Reference, fifth edition: Adobe Portable Document Format, Version 1.6" Adobe Systems Incorporated, 2004. http://partners.adobe.com/public/developer/en/pdf/PDFReference16.pdf page 698 RevocationInfoArchival ::= SEQUENCE { crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL } OtherRevInfo ::= SEQUENCE { Type OBJECT IDENTIFIER Value OCTET STRING } */ // TODO: (Bob: 2013 Dec 03) --> NICOLAS: Is there any other container within the CAdES signature with revocation data? (ie: timestamp) } }