List of usage examples for org.bouncycastle.asn1.ess SigningCertificateV2 SigningCertificateV2
public SigningCertificateV2(ESSCertIDv2[] certs)
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
private void addSigningCertificateAttribute(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) throws DSSException { final DigestAlgorithm digestAlgorithm = parameters.getDigestAlgorithm(); final X509Certificate signingCertificate = parameters.getSigningCertificate(); final byte[] encoded = DSSUtils.getEncoded(signingCertificate); final byte[] certHash = DSSUtils.digest(digestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(certHash), digestAlgorithm.getName()); }/* ww w . jav a 2s . c om*/ final IssuerSerial issuerSerial = DSSUtils.getIssuerSerial(signingCertificate); if (digestAlgorithm == DigestAlgorithm.SHA1) { final ESSCertID essCertId = new ESSCertID(certHash, issuerSerial); final SigningCertificate cadesSigningCertificate = new SigningCertificate(essCertId); final DERSet attrValues = new DERSet(cadesSigningCertificate); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, attrValues); signedAttributes.add(attribute); } else { final ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(digestAlgorithm.getAlgorithmIdentifier(), certHash, issuerSerial); final ESSCertIDv2[] essCertIDv2Array = new ESSCertIDv2[] { essCertIDv2 }; final SigningCertificateV2 cadesSigningCertificateV2 = new SigningCertificateV2(essCertIDv2Array); final DERSet attrValues = new DERSet(cadesSigningCertificateV2); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, attrValues); signedAttributes.add(attribute); } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileBES.java
License:Open Source License
private Attribute makeSigningCertificateAttribute(SignatureParameters parameters) { try {//from w ww. j a va 2 s . co m MessageDigest dig = MessageDigest.getInstance(parameters.getDigestAlgorithm().getName(), new BouncyCastleProvider()); byte[] certHash = dig.digest(parameters.getSigningCertificate().getEncoded()); if (parameters.getDigestAlgorithm() == DigestAlgorithm.SHA1) { SigningCertificate sc = new SigningCertificate(new ESSCertID(certHash)); return new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, new DERSet(sc)); } else { ESSCertIDv2 essCert = new ESSCertIDv2( new AlgorithmIdentifier(parameters.getDigestAlgorithm().getOid()), certHash); SigningCertificateV2 scv2 = new SigningCertificateV2(new ESSCertIDv2[] { essCert }); return new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(scv2)); } } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (CertificateException e) { throw new RuntimeException(e); } }
From source file:eu.europa.esig.dss.cades.signature.CAdESLevelBaselineB.java
License:Open Source License
private void addSigningCertificateAttribute(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) throws DSSException { final DigestAlgorithm digestAlgorithm = parameters.getDigestAlgorithm(); final byte[] encoded = parameters.getSigningCertificate().getEncoded(); final byte[] certHash = DSSUtils.digest(digestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding Certificate Hash {} with algorithm {}", Hex.encodeHexString(certHash), digestAlgorithm.getName()); }//from w ww .jav a 2s . c o m final IssuerSerial issuerSerial = DSSASN1Utils.getIssuerSerial(parameters.getSigningCertificate()); Attribute attribute = null; if (digestAlgorithm == DigestAlgorithm.SHA1) { final ESSCertID essCertID = new ESSCertID(certHash, issuerSerial); SigningCertificate signingCertificate = new SigningCertificate(essCertID); attribute = new Attribute(id_aa_signingCertificate, new DERSet(signingCertificate)); } else { final ESSCertIDv2 essCertIdv2 = new ESSCertIDv2(DSSASN1Utils.getAlgorithmIdentifier(digestAlgorithm), certHash, issuerSerial); SigningCertificateV2 signingCertificateV2 = new SigningCertificateV2(essCertIdv2); attribute = new Attribute(id_aa_signingCertificateV2, new DERSet(signingCertificateV2)); } signedAttributes.add(attribute); }
From source file:it.trento.comune.j4sign.cms.ExternalSignatureSignerInfoGenerator.java
License:Open Source License
/** * Builds the SignerCertificateV2 attribute according to RFC2634(Enhanced * Security Services (ESS)) + RFC5035(ESS Update: AddingCertID Algorithm * Agility).<br>//w ww . j a va 2 s. c o m * This signed attribute is mandatory for CAdES-BES (ETSI TS 101 733) * compliancy. * * @param sigProvider * the provider to use for digest calculation. * @return the SignerCertificateV2 attribute calculated from to the current * certificate and digest algorithm. * @throws NoSuchAlgorithmException * @throws NoSuchProviderException * @throws CertificateEncodingException * @throws IOException */ private Attribute buildSigningCertificateV2Attribute(String sigProvider) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, IOException { X509Certificate cert = this.getCertificate(); MessageDigest dig = MessageDigest.getInstance(this.getDigestAlgOID(), sigProvider); byte[] certHash = dig.digest(cert.getEncoded()); // ricavo issuerandserialnumber (ID) del certificato // byte[] encodedCert = this.cert.getEncoded(); // ASN1InputStream ais = new ASN1InputStream(encodedCert); // DERObject derObj = ais.readObject(); // ASN1Sequence asn1Seq = (ASN1Sequence) derObj; // ais.close(); // X509CertificateStructure x509CStructure = new // X509CertificateStructure( // asn1Seq); // X509Name x509Name = x509CStructure.getIssuer(); // DERInteger serialNum = x509CStructure.getSerialNumber(); // GeneralName generalName = new GeneralName(x509Name); // GeneralNames generalNames = new GeneralNames(generalName); // ROB: more directly JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert); X500Name x500name = holder.getIssuer(); GeneralName generalName = new GeneralName(x500name); GeneralNames generalNames = new GeneralNames(generalName); DERInteger serialNum = new DERInteger(holder.getSerialNumber()); IssuerSerial issuerserial = new IssuerSerial(generalNames, serialNum); // --- ESSCertIDv2 essCert = new ESSCertIDv2(new AlgorithmIdentifier(getDigestAlgOID()), certHash, issuerserial); // ESSCertIDv2 essCert = new ESSCertIDv2(new AlgorithmIdentifier( // getDigestAlgOID()), certHash); SigningCertificateV2 scv2 = new SigningCertificateV2(new ESSCertIDv2[] { essCert }); return new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(scv2)); }
From source file:org.dihedron.crypto.operations.sign.pkcs7.PKCS7AttributeTableGenerator.java
License:Open Source License
@SuppressWarnings({ "unchecked", "rawtypes" })
public AttributeTable getAttributes(Map parameters) throws CMSAttributeTableGenerationException {
AttributeTable result = super.getAttributes(parameters);
Hashtable table = result.toHashtable();
try {//w w w.jav a 2s. c o m
if (!table.containsKey(SignedData.id_aa_signingCertificate)
&& !table.containsKey(SignedData.id_aa_signingCertificateV2)) {
logger.debug("signed attributes table does not contain SigningCertificate[V2]: adding...");
IssuerSerial issuerSerial = Certificates.makeIssuerSerial(x509certificate);
Attribute attribute = null;
// create the ESSCertId[V2] objects to embed as SigningCertificate[V2]
switch (digestAlgorithm) {
case SHA1:
logger.info("adding signing certificate v1 to signed attributes");
ESSCertID essCertId = Certificates.makeESSCertIdV1(x509certificate, issuerSerial,
digestAlgorithm);
attribute = new Attribute(SignedData.id_aa_signingCertificate,
new DERSet(new SigningCertificate(essCertId)));
break;
case SHA256:
case SHA384:
case SHA512:
logger.info("adding signing certificate v2 to signed attributes");
ESSCertIDv2 essCertIdv2s[] = Certificates.makeESSCertIdV2(x509certificate, issuerSerial,
digestAlgorithm);
attribute = new Attribute(SignedData.id_aa_signingCertificateV2,
new DERSet(new SigningCertificateV2(essCertIdv2s)));
break;
default:
logger.info("unsupported digest algorithm: {}", digestAlgorithm);
}
table.put(attribute.getAttrType(), attribute);
}
return new AttributeTable(table);
} catch (CertificateEncodingException e) {
logger.error("error reading certificate encoding", e);
} catch (NoSuchAlgorithmException e) {
logger.error("unsupported digest algorithm: " + digestAlgorithm, e);
} catch (IOException e) {
logger.error("I/O error reading certificate structure", e);
}
return null;
}