List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_aa_ets_certValues
ASN1ObjectIdentifier id_aa_ets_certValues
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_aa_ets_certValues.
Click Source Link
From source file:eu.europa.ec.markt.dss.signature.cades.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
public CadesLevelBaselineLTATimestampExtractor() { /* these attribute are validated elsewhere */ excludedAttributesFromAtsHashIndex.add(PKCSObjectIdentifiers.id_aa_ets_certValues); excludedAttributesFromAtsHashIndex.add(PKCSObjectIdentifiers.id_aa_ets_revocationValues); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileXL.java
License:Open Source License
private Hashtable<ASN1ObjectIdentifier, ASN1Encodable> extendUnsignedAttributes( Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs, X509Certificate signingCertificate, Date signingDate, CertificateSource optionalCertificateSource) throws IOException { ValidationContext validationContext = certificateVerifier.validateCertificate(signingCertificate, signingDate, optionalCertificateSource, null, null); try {//from w w w . j av a 2 s. com List<X509CertificateStructure> certificateValues = new ArrayList<X509CertificateStructure>(); ArrayList<CertificateList> crlValues = new ArrayList<CertificateList>(); ArrayList<BasicOCSPResponse> ocspValues = new ArrayList<BasicOCSPResponse>(); /* * The ETSI TS 101 733 stipulates (6.2.1): "It references the full set of CA certificates that have been * used to validate an ES with Complete validation data up to (but not including) the signer's certificate. * [...] NOTE 1: The signer's certificate is referenced in the signing certificate attribute (see clause * 5.7.3)." (6.2.1) * * "The second and subsequent CrlOcspRef fields shall be in the same order as the OtherCertID to which they * relate." (6.2.2) * * Also, no mention of the way to order those second and subsequent fields, so we add the certificates as * provided by the context. */ /* The SignedCertificate is in validationContext.getCertificate() */ for (CertificateAndContext c : validationContext.getNeededCertificates()) { /* * Add every certificate except the signing certificate */ if (!c.equals(signingCertificate)) { certificateValues.add(new X509CertificateStructure( (ASN1Sequence) ASN1Object.fromByteArray(c.getCertificate().getEncoded()))); } } /* * Record each CRL and OCSP with a reference to the corresponding certificate */ for (CRL relatedcrl : validationContext.getNeededCRL()) { crlValues.add(new CertificateList( (ASN1Sequence) ASN1Object.fromByteArray(((X509CRL) relatedcrl).getEncoded()))); } for (BasicOCSPResp relatedocspresp : validationContext.getNeededOCSPResp()) { ocspValues.add((new BasicOCSPResponse( (ASN1Sequence) ASN1Object.fromByteArray(relatedocspresp.getEncoded())))); } CertificateList[] crlValuesArray = new CertificateList[crlValues.size()]; BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspValues.size()]; RevocationValues revocationValues = new RevocationValues(crlValues.toArray(crlValuesArray), ocspValues.toArray(ocspValuesArray), null); unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_revocationValues, new Attribute(PKCSObjectIdentifiers.id_aa_ets_revocationValues, new DERSet(revocationValues))); X509CertificateStructure[] certValuesArray = new X509CertificateStructure[certificateValues.size()]; unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_certValues, new Attribute(PKCSObjectIdentifiers.id_aa_ets_certValues, new DERSet(new DERSequence(certificateValues.toArray(certValuesArray))))); } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (CRLException e) { throw new RuntimeException(e); } return unsignedAttrs; }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESCertificateSource.java
License:Open Source License
@Override @SuppressWarnings("unchecked") public List<X509Certificate> getCertificates() { List<X509Certificate> list = new ArrayList<X509Certificate>(); try {//from w w w . ja va 2s . c o m if (!onlyExtended) { LOG.fine(cmsSignedData.getCertificates().getMatches(null).size() + " certificate in collection"); for (X509CertificateHolder ch : (Collection<X509CertificateHolder>) cmsSignedData.getCertificates() .getMatches(null)) { X509Certificate c = new X509CertificateObject(ch.toASN1Structure()); LOG.fine("Certificate for subject " + c.getSubjectX500Principal()); if (!list.contains(c)) { list.add(c); } } } // Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present SignerInformation si = cmsSignedData.getSignerInfos().get(signerId); if (si != null && si.getUnsignedAttributes() != null && si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certValues) != null) { DERSequence seq = (DERSequence) si.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_certValues).getAttrValues().getObjectAt(0); for (int i = 0; i < seq.size(); i++) { X509CertificateStructure cs = X509CertificateStructure.getInstance(seq.getObjectAt(i)); X509Certificate c = new X509CertificateObject(cs); if (!list.contains(c)) { list.add(c); } } } } catch (CertificateParsingException e) { throw new RuntimeException(e); } catch (StoreException e) { throw new RuntimeException(e); } return list; }
From source file:eu.europa.ec.markt.dss.validation102853.CAdESCertificateSource.java
License:Open Source License
/** * @throws eu.europa.ec.markt.dss.exception.DSSException * *//*w w w. j a va 2s. c o m*/ private ArrayList<CertificateToken> extractEncapsulatedCertificates() throws DSSException { final ArrayList<CertificateToken> encapsulatedCerts = new ArrayList<CertificateToken>(); try { // Gets certificates from CAdES-XL certificate-values inside SignerInfo attribute if present if (signerInformation != null && signerInformation.getUnsignedAttributes() != null) { final Attribute attr = signerInformation.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_certValues); if (attr != null) { final ASN1Sequence seq = (ASN1Sequence) attr.getAttrValues().getObjectAt(0); for (int ii = 0; ii < seq.size(); ii++) { final Certificate cs = Certificate.getInstance(seq.getObjectAt(ii)); final X509Certificate cert = new X509CertificateObject(cs); final CertificateToken certToken = addCertificate(cert); if (!encapsulatedCerts.contains(certToken)) { encapsulatedCerts.add(certToken); } } } } //TODO (cades): Read UnsignedAttribute: S/MIME Authenticated Attributes {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) aa(2) id-aa-ets-CertificateRefs(21)} //TODO (cades): Read certificates from inner timestamps (signature timestamps and archive timestamps) ? } catch (CertificateParsingException e) { throw new DSSException(e); } return encapsulatedCerts; }
From source file:eu.europa.esig.dss.validation.CAdESCertificateSource.java
License:Open Source License
private List<CertificateToken> extractEncapsulatedCertificates() { final List<CertificateToken> encapsulatedCerts = new ArrayList<CertificateToken>(); // Gets certificates from CAdES-XL certificate-values inside SignerInfo attribute if present if ((signerInformation != null) && (signerInformation.getUnsignedAttributes() != null)) { extractCertificateFromUnsignedAttribute(encapsulatedCerts, PKCSObjectIdentifiers.id_aa_ets_certValues); extractCertificateFromUnsignedAttribute(encapsulatedCerts, PKCSObjectIdentifiers.id_aa_ets_certificateRefs); }/* w ww.j ava 2s . c o m*/ return encapsulatedCerts; }