List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_aa_ets_revocationRefs
ASN1ObjectIdentifier id_aa_ets_revocationRefs
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_aa_ets_revocationRefs.
Click Source Link
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileC.java
License:Open Source License
private Hashtable<ASN1ObjectIdentifier, ASN1Encodable> extendUnsignedAttributes( Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs, X509Certificate signingCertificate, SignatureParameters parameters, Date signingTime, CertificateSource optionalCertificateSource) throws IOException { ValidationContext validationContext = certificateVerifier.validateCertificate(signingCertificate, signingTime,//from w ww. j a v a2 s .c om new CompositeCertificateSource(new ListCertificateSource(parameters.getCertificateChain()), optionalCertificateSource), null, null); try { ArrayList<OtherCertID> completeCertificateRefs = new ArrayList<OtherCertID>(); ArrayList<CrlOcspRef> completeRevocationRefs = new ArrayList<CrlOcspRef>(); /* * The ETSI TS 101 733 stipulates (6.2.1): "It references the full set of CA certificates that have been * used to validate an ES with Complete validation data up to (but not including) the signer's certificate. * [...] NOTE 1: The signer's certificate is referenced in the signing certificate attribute (see clause * 5.7.3)." (6.2.1) * * "The second and subsequent CrlOcspRef fields shall be in the same order as the OtherCertID to which they * relate." (6.2.2) * * Also, no mention of the way to order those second and subsequent fields, so we add the certificates as * provided by the context. */ /* The SignedCertificate is in validationContext.getCertificate() */ for (CertificateAndContext c : validationContext.getNeededCertificates()) { /* * Add every certificate except the signing certificate */ if (!c.equals(signingCertificate)) { completeCertificateRefs.add(makeOtherCertID(c.getCertificate())); // certificateValues.add(new X509CertificateStructure((ASN1Sequence) ASN1Object.fromByteArray(c // .getCertificate().getEncoded()))); } ArrayList<CrlValidatedID> crlListIdValues = new ArrayList<CrlValidatedID>(); ArrayList<OcspResponsesID> ocspListIDValues = new ArrayList<OcspResponsesID>(); /* * Record each CRL and OCSP with a reference to the corresponding certificate */ for (CRL relatedcrl : validationContext.getRelatedCRLs(c)) { crlListIdValues.add(makeCrlValidatedID((X509CRL) relatedcrl)); } for (BasicOCSPResp relatedocspresp : validationContext.getRelatedOCSPResp(c)) { ocspListIDValues.add(makeOcspResponsesID(relatedocspresp)); } CrlValidatedID[] crlListIdArray = new CrlValidatedID[crlListIdValues.size()]; OcspResponsesID[] ocspListIDArray = new OcspResponsesID[ocspListIDValues.size()]; completeRevocationRefs.add(new CrlOcspRef(new CrlListID(crlListIdValues.toArray(crlListIdArray)), new OcspListID(ocspListIDValues.toArray(ocspListIDArray)), null)); } OtherCertID[] otherCertIDArray = new OtherCertID[completeCertificateRefs.size()]; CrlOcspRef[] crlOcspRefArray = new CrlOcspRef[completeRevocationRefs.size()]; unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_certificateRefs, new Attribute(PKCSObjectIdentifiers.id_aa_ets_certificateRefs, new DERSet(new DERSequence(completeCertificateRefs.toArray(otherCertIDArray))))); unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_revocationRefs, new Attribute(PKCSObjectIdentifiers.id_aa_ets_revocationRefs, new DERSet(new DERSequence(completeRevocationRefs.toArray(crlOcspRefArray))))); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (OCSPException e) { throw new RuntimeException(e); } catch (IOException e) { throw new RuntimeException(e); } catch (CRLException e) { throw new RuntimeException(e); } return unsignedAttrs; }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileX.java
License:Open Source License
@Override protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) throws IOException { si = super.extendCMSSignature(signedData, si, parameters, originalData); ASN1ObjectIdentifier attributeId = null; ByteArrayOutputStream toTimestamp = new ByteArrayOutputStream(); switch (getExtendedValidationType()) { case 1://from ww w. j a va 2 s . co m attributeId = PKCSObjectIdentifiers.id_aa_ets_escTimeStamp; toTimestamp.write(si.getSignature()); // We don't include the outer SEQUENCE, only the attrType and attrValues as stated by the TS 6.3.5, // NOTE 2) toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken) .getAttrValues().getDEREncoded()); break; case 2: attributeId = PKCSObjectIdentifiers.id_aa_ets_certCRLTimestamp; break; default: throw new IllegalStateException( "CAdES-X Profile: Extended validation is set but no valid type (1 or 2)"); } /* Those are common to Type 1 and Type 2 */ toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs) .getAttrValues().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs) .getAttrValues().getDEREncoded()); @SuppressWarnings("unchecked") Hashtable<ASN1ObjectIdentifier, Attribute> unsignedAttrHash = si.getUnsignedAttributes().toHashtable(); Attribute extendedTimeStamp = getTimeStampAttribute(attributeId, getSignatureTsa(), digestAlgorithm, toTimestamp.toByteArray()); unsignedAttrHash.put(attributeId, extendedTimeStamp); return SignerInformation.replaceUnsignedAttributes(si, new AttributeTable(unsignedAttrHash)); }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESSignature.java
License:Open Source License
@Override public List<CRLRef> getCRLRefs() { List<CRLRef> list = new ArrayList<CRLRef>(); if (signerInformation.getUnsignedAttributes() != null) { Attribute completeRevocationRefsAttr = signerInformation.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs); if (completeRevocationRefsAttr != null && completeRevocationRefsAttr.getAttrValues().size() > 0) { DERSequence completeCertificateRefs = (DERSequence) completeRevocationRefsAttr.getAttrValues() .getObjectAt(0);/*from w w w . j a v a 2s. c om*/ for (int i1 = 0; i1 < completeCertificateRefs.size(); i1++) { CrlOcspRef otherCertId = CrlOcspRef.getInstance(completeCertificateRefs.getObjectAt(i1)); for (CrlValidatedID id : otherCertId.getCrlids().getCrls()) { list.add(new CRLRef(id)); } } } } return list; }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESSignature.java
License:Open Source License
@Override public List<OCSPRef> getOCSPRefs() { List<OCSPRef> list = new ArrayList<OCSPRef>(); if (signerInformation.getUnsignedAttributes() != null) { Attribute completeRevocationRefsAttr = signerInformation.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs); if (completeRevocationRefsAttr != null && completeRevocationRefsAttr.getAttrValues().size() > 0) { DERSequence completeRevocationRefs = (DERSequence) completeRevocationRefsAttr.getAttrValues() .getObjectAt(0);//from w w w.ja v a2 s.c o m for (int i1 = 0; i1 < completeRevocationRefs.size(); i1++) { CrlOcspRef otherCertId = CrlOcspRef.getInstance(completeRevocationRefs.getObjectAt(i1)); for (OcspResponsesID id : otherCertId.getOcspids().getOcspResponses()) { list.add(new OCSPRef(id, true)); } } } } return list; }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESSignature.java
License:Open Source License
@Override public byte[] getTimestampX2Data() { try {/*w w w . j a v a 2 s .c o m*/ ByteArrayOutputStream toTimestamp = new ByteArrayOutputStream(); /* Those are common to Type 1 and Type 2 */ if (signerInformation.getUnsignedAttributes() != null) { toTimestamp.write(signerInformation.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs).getAttrType().getDEREncoded()); toTimestamp.write(signerInformation.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs).getAttrValues().getDEREncoded()); toTimestamp.write(signerInformation.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs).getAttrType().getDEREncoded()); toTimestamp.write(signerInformation.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs).getAttrValues().getDEREncoded()); } return toTimestamp.toByteArray(); } catch (IOException ex) { throw new RuntimeException(ex); } }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
@Override public List<CRLRef> getCRLRefs() { final List<CRLRef> list = new ArrayList<CRLRef>(); try {/* w ww. j a va 2 s.co m*/ final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes == null) { return list; } final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs); if (attribute == null) { return list; } final ASN1Set attrValues = attribute.getAttrValues(); if (attrValues.size() <= 0) { return list; } final ASN1Encodable attrValue = attrValues.getObjectAt(0); final ASN1Sequence completeCertificateRefs = (ASN1Sequence) attrValue; for (int ii = 0; ii < completeCertificateRefs.size(); ii++) { final ASN1Encodable completeCertificateRef = completeCertificateRefs.getObjectAt(ii); final CrlOcspRef otherCertId = CrlOcspRef.getInstance(completeCertificateRef); final CrlListID otherCertIds = otherCertId.getCrlids(); if (otherCertIds != null) { for (final CrlValidatedID id : otherCertIds.getCrls()) { final CRLRef crlRef = new CRLRef(id); list.add(crlRef); } } } } catch (Exception e) { // When error in computing or in format, the algorithm just continues. LOG.warn("When error in computing or in format the algorithm just continue...", e); } return list; }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
@Override public List<OCSPRef> getOCSPRefs() { final List<OCSPRef> list = new ArrayList<OCSPRef>(); final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes == null) { return list; }// www . j a va 2s . c o m final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs); if (attribute == null) { return list; } final ASN1Set attrValues = attribute.getAttrValues(); if (attrValues.size() <= 0) { return list; } final ASN1Encodable attrValue = attrValues.getObjectAt(0); final ASN1Sequence completeRevocationRefs = (ASN1Sequence) attrValue; for (int i = 0; i < completeRevocationRefs.size(); i++) { final CrlOcspRef otherCertId = CrlOcspRef.getInstance(completeRevocationRefs.getObjectAt(i)); final OcspListID ocspids = otherCertId.getOcspids(); if (ocspids != null) { for (final OcspResponsesID id : ocspids.getOcspResponses()) { list.add(new OCSPRef(id, true)); } } } return list; }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
@Override public byte[] getTimestampX2Data(final TimestampToken timestampToken) { try {// w w w .ja v a 2 s .c o m @SuppressWarnings("resource") final ByteArrayOutputStream data = new ByteArrayOutputStream(); /* Those are common to Type 1 and Type 2 */ final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes != null) { final Attribute certAttribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs); if (certAttribute != null) { data.write(DSSASN1Utils.getDEREncoded(certAttribute.getAttrType())); data.write(DSSASN1Utils.getDEREncoded(certAttribute.getAttrValues())); } final Attribute revAttribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs); if (revAttribute != null) { data.write(DSSASN1Utils.getDEREncoded(revAttribute.getAttrType())); data.write(DSSASN1Utils.getDEREncoded(revAttribute.getAttrValues())); } } return data.toByteArray(); } catch (IOException ex) { throw new RuntimeException(ex); } }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
@Override public List<CRLRef> getCRLRefs() { final List<CRLRef> list = new ArrayList<CRLRef>(); try {//from w w w . j a v a 2 s.co m final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes == null) { return list; } final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs); if (attribute == null) { return list; } final ASN1Set attrValues = attribute.getAttrValues(); if (attrValues.size() <= 0) { return list; } final ASN1Encodable attrValue = attrValues.getObjectAt(0); final ASN1Sequence completeCertificateRefs = (ASN1Sequence) attrValue; for (int ii = 0; ii < completeCertificateRefs.size(); ii++) { final ASN1Encodable completeCertificateRef = completeCertificateRefs.getObjectAt(ii); final CrlOcspRef otherCertId = CrlOcspRef.getInstance(completeCertificateRef); final CrlListID otherCertIds = otherCertId.getCrlids(); if (otherCertIds != null) { for (final CrlValidatedID id : otherCertIds.getCrls()) { final CRLRef crlRef = new CRLRef(id); list.add(crlRef); } } } } catch (Exception e) { // When error in computing or in format, the algorithm just // continues. LOG.warn("When error in computing or in format the algorithm just continue...", e); } return list; }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
@Override public List<OCSPRef> getOCSPRefs() { final List<OCSPRef> list = new ArrayList<OCSPRef>(); final AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); if (unsignedAttributes == null) { return list; }/*from w ww . j a v a 2 s .com*/ final Attribute attribute = unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs); if (attribute == null) { return list; } final ASN1Set attrValues = attribute.getAttrValues(); if (attrValues.size() <= 0) { return list; } final ASN1Encodable attrValue = attrValues.getObjectAt(0); final ASN1Sequence completeRevocationRefs = (ASN1Sequence) attrValue; for (int i = 0; i < completeRevocationRefs.size(); i++) { final CrlOcspRef otherCertId = CrlOcspRef.getInstance(completeRevocationRefs.getObjectAt(i)); final OcspListID ocspListID = otherCertId.getOcspids(); if (ocspListID != null) { for (final OcspResponsesID ocspResponsesID : ocspListID.getOcspResponses()) { final OtherHash otherHash = ocspResponsesID.getOcspRepHash(); final OCSPRef ocspRef = new OCSPRef(otherHash, true); list.add(ocspRef); } } } return list; }