List of usage examples for org.bouncycastle.asn1.ess ESSCertIDv2 getIssuerSerial
public IssuerSerial getIssuerSerial()
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
private void verifySigningCertificateV2(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final Attribute signingCertificateAttributeV2) { final ASN1Set attrValues = signingCertificateAttributeV2.getAttrValues(); DigestAlgorithm lastDigestAlgorithm = null; byte[] signingTokenCertHash = null; for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificateV2 signingCertificateAttribute = SigningCertificateV2 .getInstance(asn1Encodable); final ESSCertIDv2[] essCertIDv2s = signingCertificateAttribute.getCerts(); for (final ESSCertIDv2 essCertIDv2 : essCertIDv2s) { final String algorithmId = essCertIDv2.getHashAlgorithm().getAlgorithm().getId(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(algorithmId); if (digestAlgorithm != lastDigestAlgorithm) { signingTokenCertHash = DSSUtils.digest(digestAlgorithm, signingCertificateValidity.getCertificateToken().getEncoded()); if (LOG.isDebugEnabled()) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); }// w ww . ja v a 2 s. c o m lastDigestAlgorithm = digestAlgorithm; } final byte[] certHash = essCertIDv2.getCertHash(); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in signingCertificateAttributeV2 {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = essCertIDv2.getIssuerSerial(); final boolean match = verifySigningCertificateReferences(signingTokenSerialNumber, signingTokenIssuerName, signingTokenCertHash, certHash, issuerSerial); if (match) { break; } } } }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
private void verifySigningCertificateV2(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final Attribute signingCertificateAttributeV2) { final ASN1Set attrValues = signingCertificateAttributeV2.getAttrValues(); DigestAlgorithm lastDigestAlgorithm = null; byte[] signingTokenCertHash = null; for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificateV2 signingCertificateAttribute = SigningCertificateV2 .getInstance(asn1Encodable); if (signingCertificateAttribute == null) { LOG.warn("SigningCertificateV2 attribute is not well defined!"); continue; }//from ww w .ja va2 s . c o m final ESSCertIDv2[] essCertIDv2s = signingCertificateAttribute.getCerts(); for (final ESSCertIDv2 essCertIDv2 : essCertIDv2s) { final String algorithmId = essCertIDv2.getHashAlgorithm().getAlgorithm().getId(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(algorithmId); signingCertificateValidity.setDigestAlgorithm(digestAlgorithm); if (digestAlgorithm != lastDigestAlgorithm) { signingTokenCertHash = DSSUtils.digest(digestAlgorithm, signingCertificateValidity.getCertificateToken().getEncoded()); if (LOG.isDebugEnabled()) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", Hex.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); } lastDigestAlgorithm = digestAlgorithm; } final byte[] certHash = essCertIDv2.getCertHash(); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in SigningCertificateV2 {} with algorithm {}", Hex.encodeHexString(certHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = essCertIDv2.getIssuerSerial(); final boolean match = verifySigningCertificateReferences(signingTokenSerialNumber, signingTokenIssuerName, signingTokenCertHash, certHash, issuerSerial); if (match) { return; } LOG.warn( "RFC 5035: The first certificate identified in the sequence of certificate identifiers MUST be the certificate used to verify the signature."); } } }