List of usage examples for org.bouncycastle.asn1.esf RevocationValues RevocationValues
public RevocationValues(CertificateList[] crlVals, BasicOCSPResponse[] ocspVals, OtherRevVals otherRevVals)
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileXL.java
License:Open Source License
private Hashtable<ASN1ObjectIdentifier, ASN1Encodable> extendUnsignedAttributes( Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs, X509Certificate signingCertificate, Date signingDate, CertificateSource optionalCertificateSource) throws IOException { ValidationContext validationContext = certificateVerifier.validateCertificate(signingCertificate, signingDate, optionalCertificateSource, null, null); try {/*from w w w .j a v a 2s.c o m*/ List<X509CertificateStructure> certificateValues = new ArrayList<X509CertificateStructure>(); ArrayList<CertificateList> crlValues = new ArrayList<CertificateList>(); ArrayList<BasicOCSPResponse> ocspValues = new ArrayList<BasicOCSPResponse>(); /* * The ETSI TS 101 733 stipulates (6.2.1): "It references the full set of CA certificates that have been * used to validate an ES with Complete validation data up to (but not including) the signer's certificate. * [...] NOTE 1: The signer's certificate is referenced in the signing certificate attribute (see clause * 5.7.3)." (6.2.1) * * "The second and subsequent CrlOcspRef fields shall be in the same order as the OtherCertID to which they * relate." (6.2.2) * * Also, no mention of the way to order those second and subsequent fields, so we add the certificates as * provided by the context. */ /* The SignedCertificate is in validationContext.getCertificate() */ for (CertificateAndContext c : validationContext.getNeededCertificates()) { /* * Add every certificate except the signing certificate */ if (!c.equals(signingCertificate)) { certificateValues.add(new X509CertificateStructure( (ASN1Sequence) ASN1Object.fromByteArray(c.getCertificate().getEncoded()))); } } /* * Record each CRL and OCSP with a reference to the corresponding certificate */ for (CRL relatedcrl : validationContext.getNeededCRL()) { crlValues.add(new CertificateList( (ASN1Sequence) ASN1Object.fromByteArray(((X509CRL) relatedcrl).getEncoded()))); } for (BasicOCSPResp relatedocspresp : validationContext.getNeededOCSPResp()) { ocspValues.add((new BasicOCSPResponse( (ASN1Sequence) ASN1Object.fromByteArray(relatedocspresp.getEncoded())))); } CertificateList[] crlValuesArray = new CertificateList[crlValues.size()]; BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspValues.size()]; RevocationValues revocationValues = new RevocationValues(crlValues.toArray(crlValuesArray), ocspValues.toArray(ocspValuesArray), null); unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_revocationValues, new Attribute(PKCSObjectIdentifiers.id_aa_ets_revocationValues, new DERSet(revocationValues))); X509CertificateStructure[] certValuesArray = new X509CertificateStructure[certificateValues.size()]; unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_certValues, new Attribute(PKCSObjectIdentifiers.id_aa_ets_certValues, new DERSet(new DERSequence(certificateValues.toArray(certValuesArray))))); } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (CRLException e) { throw new RuntimeException(e); } return unsignedAttrs; }