List of usage examples for org.bouncycastle.asn1.ess SigningCertificateV2 getCerts
public ESSCertIDv2[] getCerts()
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
private void verifySigningCertificateV2(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final Attribute signingCertificateAttributeV2) { final ASN1Set attrValues = signingCertificateAttributeV2.getAttrValues(); DigestAlgorithm lastDigestAlgorithm = null; byte[] signingTokenCertHash = null; for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificateV2 signingCertificateAttribute = SigningCertificateV2 .getInstance(asn1Encodable); final ESSCertIDv2[] essCertIDv2s = signingCertificateAttribute.getCerts(); for (final ESSCertIDv2 essCertIDv2 : essCertIDv2s) { final String algorithmId = essCertIDv2.getHashAlgorithm().getAlgorithm().getId(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(algorithmId); if (digestAlgorithm != lastDigestAlgorithm) { signingTokenCertHash = DSSUtils.digest(digestAlgorithm, signingCertificateValidity.getCertificateToken().getEncoded()); if (LOG.isDebugEnabled()) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); }/*from w w w . j a va2 s . c om*/ lastDigestAlgorithm = digestAlgorithm; } final byte[] certHash = essCertIDv2.getCertHash(); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in signingCertificateAttributeV2 {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = essCertIDv2.getIssuerSerial(); final boolean match = verifySigningCertificateReferences(signingTokenSerialNumber, signingTokenIssuerName, signingTokenCertHash, certHash, issuerSerial); if (match) { break; } } } }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
private void verifySigningCertificateV2(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final Attribute signingCertificateAttributeV2) { final ASN1Set attrValues = signingCertificateAttributeV2.getAttrValues(); DigestAlgorithm lastDigestAlgorithm = null; byte[] signingTokenCertHash = null; for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificateV2 signingCertificateAttribute = SigningCertificateV2 .getInstance(asn1Encodable); if (signingCertificateAttribute == null) { LOG.warn("SigningCertificateV2 attribute is not well defined!"); continue; }// w ww . j av a 2 s . c om final ESSCertIDv2[] essCertIDv2s = signingCertificateAttribute.getCerts(); for (final ESSCertIDv2 essCertIDv2 : essCertIDv2s) { final String algorithmId = essCertIDv2.getHashAlgorithm().getAlgorithm().getId(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(algorithmId); signingCertificateValidity.setDigestAlgorithm(digestAlgorithm); if (digestAlgorithm != lastDigestAlgorithm) { signingTokenCertHash = DSSUtils.digest(digestAlgorithm, signingCertificateValidity.getCertificateToken().getEncoded()); if (LOG.isDebugEnabled()) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", Hex.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); } lastDigestAlgorithm = digestAlgorithm; } final byte[] certHash = essCertIDv2.getCertHash(); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in SigningCertificateV2 {} with algorithm {}", Hex.encodeHexString(certHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = essCertIDv2.getIssuerSerial(); final boolean match = verifySigningCertificateReferences(signingTokenSerialNumber, signingTokenIssuerName, signingTokenCertHash, certHash, issuerSerial); if (match) { return; } LOG.warn( "RFC 5035: The first certificate identified in the sequence of certificate identifiers MUST be the certificate used to verify the signature."); } } }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
public List<TimestampReference> getSigningCertificateTimestampReferences() { if (signingCertificateTimestampReferences == null) { signingCertificateTimestampReferences = new ArrayList<TimestampReference>(); final AttributeTable signedAttributes = CMSUtils.getSignedAttributes(signerInformation); final Attribute signingCertificateAttributeV1 = signedAttributes.get(id_aa_signingCertificate); if (signingCertificateAttributeV1 != null) { usedCertificatesDigestAlgorithms.add(DigestAlgorithm.SHA1); final ASN1Set attrValues = signingCertificateAttributeV1.getAttrValues(); for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificate signingCertificate = SigningCertificate.getInstance(asn1Encodable); final ESSCertID[] essCertIDs = signingCertificate.getCerts(); for (final ESSCertID essCertID : essCertIDs) { final byte[] certHash = essCertID.getCertHash(); final TimestampReference reference = createCertificateTimestampReference( DigestAlgorithm.SHA1, certHash); signingCertificateTimestampReferences.add(reference); }//from ww w.ja va2s . com } } final Attribute signingCertificateAttributeV2 = signedAttributes.get(id_aa_signingCertificateV2); if (signingCertificateAttributeV2 != null) { final ASN1Set attrValues = signingCertificateAttributeV2.getAttrValues(); for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificateV2 signingCertificateAttribute = SigningCertificateV2 .getInstance(asn1Encodable); if (signingCertificateAttribute == null) { continue; } final ESSCertIDv2[] essCertIDv2s = signingCertificateAttribute.getCerts(); for (final ESSCertIDv2 essCertIDv2 : essCertIDv2s) { final String algorithmId = essCertIDv2.getHashAlgorithm().getAlgorithm().getId(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(algorithmId); usedCertificatesDigestAlgorithms.add(digestAlgorithm); final byte[] certHash = essCertIDv2.getCertHash(); final TimestampReference reference = createCertificateTimestampReference(digestAlgorithm, certHash); signingCertificateTimestampReferences.add(reference); } } } } return signingCertificateTimestampReferences; }