List of usage examples for org.bouncycastle.asn1.ess ESSCertID getIssuerSerial
public IssuerSerial getIssuerSerial()
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
private void verifySigningCertificateV1(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final Attribute signingCertificateAttributeV1) { final DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA1; final byte[] signingTokenCertHash = DSSUtils.digest(digestAlgorithm, signingCertificateValidity.getCertificateToken().getEncoded()); if (LOG.isDebugEnabled()) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); }/*from ww w . ja v a 2s . co m*/ final ASN1Set attrValues = signingCertificateAttributeV1.getAttrValues(); for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificate signingCertificate = SigningCertificate.getInstance(asn1Encodable); final ESSCertID[] essCertIDs = signingCertificate.getCerts(); for (final ESSCertID essCertID : essCertIDs) { final byte[] certHash = essCertID.getCertHash(); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in signingCertificateAttributeV1 {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = essCertID.getIssuerSerial(); final boolean match = verifySigningCertificateReferences(signingTokenSerialNumber, signingTokenIssuerName, signingTokenCertHash, certHash, issuerSerial); if (match) { break; } } } }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
private void verifySigningCertificateV1(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final Attribute signingCertificateAttributeV1) { final DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA1; final byte[] signingTokenCertHash = DSSUtils.digest(digestAlgorithm, signingCertificateValidity.getCertificateToken().getEncoded()); if (LOG.isDebugEnabled()) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", Hex.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); }//from w ww . jav a 2 s. c o m final ASN1Set attrValues = signingCertificateAttributeV1.getAttrValues(); for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificate signingCertificate = SigningCertificate.getInstance(asn1Encodable); final ESSCertID[] essCertIDs = signingCertificate.getCerts(); for (final ESSCertID essCertID : essCertIDs) { final byte[] certHash = essCertID.getCertHash(); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in signingCertificateAttributeV1 {} with algorithm {}", Hex.encodeHexString(certHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = essCertID.getIssuerSerial(); final boolean match = verifySigningCertificateReferences(signingTokenSerialNumber, signingTokenIssuerName, signingTokenCertHash, certHash, issuerSerial); if (match) { return; } LOG.warn( "RFC 2634: The first certificate identified in the sequence of certificate identifiers MUST be the certificate used to verify the signature."); } } }