List of usage examples for org.bouncycastle.asn1.ess ESSCertIDv2 ESSCertIDv2
public ESSCertIDv2(AlgorithmIdentifier algId, byte[] certHash, IssuerSerial issuerSerial)
From source file:br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCSigningCertificateV2.java
License:Open Source License
@Override public ASN1Set getValue() { SigningCertificateV2 attribute = (SigningCertificateV2) super.getAttribute(); X509Certificate cert = attribute.getValue(); Digest digest = DigestFactory.getInstance().factoryDefault(); digest.setAlgorithm(DigestAlgorithmEnum.SHA_256); byte[] certHash = null; try {//from w w w . j av a 2 s. co m certHash = digest.digest(cert.getEncoded()); } catch (CertificateEncodingException ex) { ex.printStackTrace(); } X509Name dirName = new X509Name(cert.getSubjectDN().getName()); GeneralName name = new GeneralName(dirName); GeneralNames issuer = new GeneralNames(name); DERInteger serial = new DERInteger(cert.getSerialNumber()); IssuerSerial issuerSerial = new IssuerSerial(issuer, serial); String algorithmHashOID = SignerAlgorithmEnum.getSignerAlgorithmEnum(attribute.getAlgorithmHash()) .getOIDAlgorithmHash(); AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(algorithmHashOID); ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algorithmId, certHash, issuerSerial); return new DERSet(new DERSequence( new ASN1Encodable[] { new DERSequence(essCertIDv2), new DERSequence(new DERNull()) })); }
From source file:es.gob.afirma.envelopers.cades.CAdESUtils.java
License:Open Source License
/** Método que genera la parte que contiene la información del * Usuario. Se generan los atributos que se necesitan para generar la firma. * @param cert Certificado del firmante// w w w . j a va2 s. co m * @param datos Datos firmados * @param policy Política de firma * @param messageDigest * @return Los datos necesarios para generar la firma referente a los datos * del usuario. * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws CertificateEncodingException */ static ASN1EncodableVector generateSignerInfo(final X509Certificate cert, final String digestAlgorithmName, final byte[] datos, final AdESPolicy policy, final byte[] messageDigest) throws NoSuchAlgorithmException, IOException, CertificateEncodingException { // ALGORITMO DE HUELLA DIGITAL final AlgorithmIdentifier digestAlgorithmOID = SigUtils .makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName)); // // ATRIBUTOS // authenticatedAttributes final ASN1EncodableVector contexExpecific = initContexExpecific(digestAlgorithmName, datos, PKCSObjectIdentifiers.data.getId(), messageDigest); // Serial Number // comentar lo de abajo para version del rfc 3852 contexExpecific.add(new Attribute(RFC4519Style.serialNumber, new DERSet(new DERPrintableString(cert.getSerialNumber().toString())))); if (!"SHA1".equals(AOSignConstants.getDigestAlgorithmName(digestAlgorithmName))) { //$NON-NLS-1$ //********************************************/ //***** La Nueva operatividad esta comentada */ //********************************************/ // INICIO SINGING CERTIFICATE-V2 /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber */ final TBSCertificateStructure tbs = TBSCertificateStructure .getInstance(ASN1Primitive.fromByteArray(cert.getTBSCertificate())); /** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier * DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial * IssuerSerial OPTIONAL } * Hash ::= OCTET STRING */ final byte[] certHash = MessageDigest.getInstance(digestAlgorithmName).digest(cert.getEncoded()); final ESSCertIDv2[] essCertIDv2 = { new ESSCertIDv2(digestAlgorithmOID, certHash, new IssuerSerial(new GeneralNames(new GeneralName(tbs.getIssuer())), tbs.getSerialNumber())) }; /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ final SigningCertificateV2 scv2; if (policy.getPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ scv2 = new SigningCertificateV2(essCertIDv2, getPolicyInformation(policy)); // con // politica } else { scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica } // Secuencia con singningCertificate contexExpecific.add(new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(scv2))); // FIN SINGING CERTIFICATE-V2 } else { // INICIO SINGNING CERTIFICATE /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber } */ final TBSCertificateStructure tbs = TBSCertificateStructure .getInstance(ASN1Primitive.fromByteArray(cert.getTBSCertificate())); final IssuerSerial isuerSerial = new IssuerSerial(new GeneralNames(new GeneralName(tbs.getIssuer())), tbs.getSerialNumber()); /** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial * OPTIONAL } * Hash ::= OCTET STRING -- SHA1 hash of entire certificate */ final ESSCertID essCertID = new ESSCertID( MessageDigest.getInstance(digestAlgorithmName).digest(cert.getEncoded()), isuerSerial); /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ final SigningCertificate scv; if (policy.getPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ /* * HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY * CASTLE NO TIENE DICHO CONSTRUCTOR. */ final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERSequence(essCertID)); v.add(new DERSequence(getPolicyInformation(policy))); scv = SigningCertificate.getInstance(new DERSequence(v)); // con politica } else { scv = new SigningCertificate(essCertID); // Sin politica } /** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) * id-aa(2) 12 } */ // Secuencia con singningCertificate contexExpecific.add(new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, new DERSet(scv))); } // INICIO SIGPOLICYID ATTRIBUTE if (policy.getPolicyIdentifier() != null) { /* * SigPolicyId ::= OBJECT IDENTIFIER Politica de firma. */ final ASN1ObjectIdentifier doiSigPolicyId = new ASN1ObjectIdentifier( policy.getPolicyIdentifier().toLowerCase().replace("urn:oid:", "")); //$NON-NLS-1$ //$NON-NLS-2$ /* * OtherHashAlgAndValue ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * hashValue OCTET STRING } * */ // Algoritmo para el hash final AlgorithmIdentifier hashid; // si tenemos algoritmo de calculo de hash, lo ponemos if (policy.getPolicyIdentifierHashAlgorithm() != null) { hashid = SigUtils.makeAlgId(AOAlgorithmID .getOID(AOSignConstants.getDigestAlgorithmName(policy.getPolicyIdentifierHashAlgorithm()))); } // si no tenemos, ponemos el algoritmo de firma. else { hashid = digestAlgorithmOID; } // hash del documento, descifrado en b64 final byte[] hashed; if (policy.getPolicyIdentifierHash() != null) { hashed = Base64.decode(policy.getPolicyIdentifierHash()); } else { hashed = new byte[] { 0 }; } final DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed); /* * SigPolicyQualifierInfo ::= SEQUENCE { * SigPolicyQualifierId SigPolicyQualifierId, * SigQualifier ANY DEFINED BY policyQualifierId } */ SigPolicyQualifierInfo spqInfo = null; if (policy.getPolicyQualifier() != null) { spqInfo = new SigPolicyQualifierInfo(policy.getPolicyQualifier().toString()); } /* * SignaturePolicyId ::= SEQUENCE { * sigPolicyId SigPolicyId, * sigPolicyHash SigPolicyHash, * sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF * SigPolicyQualifierInfo OPTIONAL} * */ final ASN1EncodableVector v = new ASN1EncodableVector(); // sigPolicyId v.add(doiSigPolicyId); // sigPolicyHash v.add(otherHashAlgAndValue.toASN1Primitive()); // como sequence // sigPolicyQualifiers if (spqInfo != null) { v.add(spqInfo.toASN1Primitive()); } final DERSequence ds = new DERSequence(v); // Secuencia con singningCertificate contexExpecific.add( new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet(ds.toASN1Primitive()))); // FIN SIGPOLICYID ATTRIBUTE } return contexExpecific; }
From source file:es.gob.afirma.signers.cades.CAdESUtils.java
License:Open Source License
/** Genera una estructura <i>SigningCertificateV2</i> según RFC 5035: * * <pre>/*from w w w .j av a 2s. c o m*/ * id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) * smime(16) id-aa(2) 47 * } * * SigningCertificateV2 ::= SEQUENCE { * certs SEQUENCE OF ESSCertIDv2, * policies SEQUENCE OF PolicyInformation OPTIONAL * } * </pre> * * @param cert Certificado del firmante * @param digestAlgorithmName Nombre del algoritmo de huella digital a usar * @param policy Política de firma * @return Estructura <i>SigningCertificateV2</i> según RFC 5035 * @throws CertificateEncodingException Si el certificado proporcionado no es válido * @throws NoSuchAlgorithmException Si no se soporta el algoritmo de huella indicado * @throws IOException Si hay errores en el tratamiento de datos */ private static Attribute getSigningCertificateV2(final X509Certificate cert, final String digestAlgorithmName, final AdESPolicy policy) throws CertificateEncodingException, NoSuchAlgorithmException, IOException { // ALGORITMO DE HUELLA DIGITAL final AlgorithmIdentifier digestAlgorithmOID = SigUtils .makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName)); // INICIO SINGING CERTIFICATE-V2 /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber */ final GeneralNames gns = new GeneralNames( new GeneralName(X500Name.getInstance(cert.getIssuerX500Principal().getEncoded()))); final IssuerSerial isuerSerial = new IssuerSerial(gns, cert.getSerialNumber()); /** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier * DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial * IssuerSerial OPTIONAL } * Hash ::= OCTET STRING */ final byte[] certHash = MessageDigest.getInstance(digestAlgorithmName).digest(cert.getEncoded()); final ESSCertIDv2[] essCertIDv2 = { new ESSCertIDv2(digestAlgorithmOID, certHash, isuerSerial) }; /** PolicyInformation ::= SEQUENCE { * policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL * } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { * policyQualifierId PolicyQualifierId, * qualifier ANY DEFINED BY policyQualifierId * } */ final SigningCertificateV2 scv2; if (policy != null && policy.getPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ scv2 = new SigningCertificateV2(essCertIDv2, getPolicyInformation(policy)); // con politica } else { scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica } return new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(scv2)); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
private void addSigningCertificateAttribute(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) throws DSSException { final DigestAlgorithm digestAlgorithm = parameters.getDigestAlgorithm(); final X509Certificate signingCertificate = parameters.getSigningCertificate(); final byte[] encoded = DSSUtils.getEncoded(signingCertificate); final byte[] certHash = DSSUtils.digest(digestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(certHash), digestAlgorithm.getName()); }//from w w w .j av a2s.co m final IssuerSerial issuerSerial = DSSUtils.getIssuerSerial(signingCertificate); if (digestAlgorithm == DigestAlgorithm.SHA1) { final ESSCertID essCertId = new ESSCertID(certHash, issuerSerial); final SigningCertificate cadesSigningCertificate = new SigningCertificate(essCertId); final DERSet attrValues = new DERSet(cadesSigningCertificate); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, attrValues); signedAttributes.add(attribute); } else { final ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(digestAlgorithm.getAlgorithmIdentifier(), certHash, issuerSerial); final ESSCertIDv2[] essCertIDv2Array = new ESSCertIDv2[] { essCertIDv2 }; final SigningCertificateV2 cadesSigningCertificateV2 = new SigningCertificateV2(essCertIDv2Array); final DERSet attrValues = new DERSet(cadesSigningCertificateV2); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, attrValues); signedAttributes.add(attribute); } }
From source file:eu.europa.esig.dss.cades.signature.CAdESLevelBaselineB.java
License:Open Source License
private void addSigningCertificateAttribute(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) throws DSSException { final DigestAlgorithm digestAlgorithm = parameters.getDigestAlgorithm(); final byte[] encoded = parameters.getSigningCertificate().getEncoded(); final byte[] certHash = DSSUtils.digest(digestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding Certificate Hash {} with algorithm {}", Hex.encodeHexString(certHash), digestAlgorithm.getName()); }//from ww w .j a va 2s . c o m final IssuerSerial issuerSerial = DSSASN1Utils.getIssuerSerial(parameters.getSigningCertificate()); Attribute attribute = null; if (digestAlgorithm == DigestAlgorithm.SHA1) { final ESSCertID essCertID = new ESSCertID(certHash, issuerSerial); SigningCertificate signingCertificate = new SigningCertificate(essCertID); attribute = new Attribute(id_aa_signingCertificate, new DERSet(signingCertificate)); } else { final ESSCertIDv2 essCertIdv2 = new ESSCertIDv2(DSSASN1Utils.getAlgorithmIdentifier(digestAlgorithm), certHash, issuerSerial); SigningCertificateV2 signingCertificateV2 = new SigningCertificateV2(essCertIdv2); attribute = new Attribute(id_aa_signingCertificateV2, new DERSet(signingCertificateV2)); } signedAttributes.add(attribute); }
From source file:it.trento.comune.j4sign.cms.ExternalSignatureSignerInfoGenerator.java
License:Open Source License
/** * Builds the SignerCertificateV2 attribute according to RFC2634(Enhanced * Security Services (ESS)) + RFC5035(ESS Update: AddingCertID Algorithm * Agility).<br>/*from w ww .ja va 2 s . c o m*/ * This signed attribute is mandatory for CAdES-BES (ETSI TS 101 733) * compliancy. * * @param sigProvider * the provider to use for digest calculation. * @return the SignerCertificateV2 attribute calculated from to the current * certificate and digest algorithm. * @throws NoSuchAlgorithmException * @throws NoSuchProviderException * @throws CertificateEncodingException * @throws IOException */ private Attribute buildSigningCertificateV2Attribute(String sigProvider) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, IOException { X509Certificate cert = this.getCertificate(); MessageDigest dig = MessageDigest.getInstance(this.getDigestAlgOID(), sigProvider); byte[] certHash = dig.digest(cert.getEncoded()); // ricavo issuerandserialnumber (ID) del certificato // byte[] encodedCert = this.cert.getEncoded(); // ASN1InputStream ais = new ASN1InputStream(encodedCert); // DERObject derObj = ais.readObject(); // ASN1Sequence asn1Seq = (ASN1Sequence) derObj; // ais.close(); // X509CertificateStructure x509CStructure = new // X509CertificateStructure( // asn1Seq); // X509Name x509Name = x509CStructure.getIssuer(); // DERInteger serialNum = x509CStructure.getSerialNumber(); // GeneralName generalName = new GeneralName(x509Name); // GeneralNames generalNames = new GeneralNames(generalName); // ROB: more directly JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert); X500Name x500name = holder.getIssuer(); GeneralName generalName = new GeneralName(x500name); GeneralNames generalNames = new GeneralNames(generalName); DERInteger serialNum = new DERInteger(holder.getSerialNumber()); IssuerSerial issuerserial = new IssuerSerial(generalNames, serialNum); // --- ESSCertIDv2 essCert = new ESSCertIDv2(new AlgorithmIdentifier(getDigestAlgOID()), certHash, issuerserial); // ESSCertIDv2 essCert = new ESSCertIDv2(new AlgorithmIdentifier( // getDigestAlgOID()), certHash); SigningCertificateV2 scv2 = new SigningCertificateV2(new ESSCertIDv2[] { essCert }); return new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(scv2)); }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.impl.SigningCertificateV2.java
License:Open Source License
@Override public Attribute getValue() throws SignerException { try {/* ww w.java 2s.c o m*/ X509Certificate cert = (X509Certificate) certificates[0]; X509Certificate issuerCert = (X509Certificate) certificates[1]; Digest digest = DigestFactory.getInstance().factoryDefault(); digest.setAlgorithm(DigestAlgorithmEnum.SHA_256); byte[] certHash = digest.digest(cert.getEncoded()); X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName()); GeneralName name = new GeneralName(dirName); GeneralNames issuer = new GeneralNames(name); ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber()); IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber); AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);// SHA-256 ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algId, certHash, issuerSerial); // return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(essCertIDv2))); return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[] { new DERSequence(essCertIDv2) }))); } catch (CertificateEncodingException ex) { throw new SignerException(ex.getMessage()); } }