List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_aa_ets_sigPolicyId
ASN1ObjectIdentifier id_aa_ets_sigPolicyId
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_aa_ets_sigPolicyId.
Click Source Link
From source file:com.itextpdf.signatures.PdfPKCS7.java
License:Open Source License
/** * This method provides that encoding and the parameters must be * exactly the same as in {@link #getEncodedPKCS7(byte[])}. * * @param secondDigest the content digest * @return the byte array representation of the authenticatedAttributes ready to be signed *//*from w w w. j a va 2 s.c o m*/ private DERSet getAuthenticatedAttributeSet(byte[] secondDigest, byte[] ocsp, Collection<byte[]> crlBytes, PdfSigner.CryptoStandard sigtype) { try { ASN1EncodableVector attribute = new ASN1EncodableVector(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_CONTENT_TYPE)); v.add(new DERSet(new ASN1ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA))); attribute.add(new DERSequence(v)); v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_MESSAGE_DIGEST)); v.add(new DERSet(new DEROctetString(secondDigest))); attribute.add(new DERSequence(v)); boolean haveCrl = false; if (crlBytes != null) { for (byte[] bCrl : crlBytes) { if (bCrl != null) { haveCrl = true; break; } } } if (ocsp != null || haveCrl) { v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_ADBE_REVOCATION)); ASN1EncodableVector revocationV = new ASN1EncodableVector(); if (haveCrl) { ASN1EncodableVector v2 = new ASN1EncodableVector(); for (byte[] bCrl : crlBytes) { if (bCrl == null) continue; ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(bCrl)); v2.add(t.readObject()); } revocationV.add(new DERTaggedObject(true, 0, new DERSequence(v2))); } if (ocsp != null) { DEROctetString doctet = new DEROctetString(ocsp); ASN1EncodableVector vo1 = new ASN1EncodableVector(); ASN1EncodableVector v2 = new ASN1EncodableVector(); v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic); v2.add(doctet); ASN1Enumerated den = new ASN1Enumerated(0); ASN1EncodableVector v3 = new ASN1EncodableVector(); v3.add(den); v3.add(new DERTaggedObject(true, 0, new DERSequence(v2))); vo1.add(new DERSequence(v3)); revocationV.add(new DERTaggedObject(true, 1, new DERSequence(vo1))); } v.add(new DERSet(new DERSequence(revocationV))); attribute.add(new DERSequence(v)); } if (sigtype == PdfSigner.CryptoStandard.CADES) { v = new ASN1EncodableVector(); v.add(new ASN1ObjectIdentifier(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2)); ASN1EncodableVector aaV2 = new ASN1EncodableVector(); AlgorithmIdentifier algoId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestAlgorithmOid), null); aaV2.add(algoId); MessageDigest md = SignUtils.getMessageDigest(getHashAlgorithm(), interfaceDigest); byte[] dig = md.digest(signCert.getEncoded()); aaV2.add(new DEROctetString(dig)); v.add(new DERSet(new DERSequence(new DERSequence(new DERSequence(aaV2))))); attribute.add(new DERSequence(v)); } if (signaturePolicyIdentifier != null) { attribute.add(new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet(signaturePolicyIdentifier))); } return new DERSet(attribute); } catch (Exception e) { throw new PdfException(e); } }
From source file:es.gob.afirma.applet.CMSInformation.java
License:Open Source License
/** * Obtiene los atributos obligatorios de una firma. * * @param attributes Grupo de atributos opcionales * @param binarySignType Identifica el tipo de firma binaria (CMS o CADES) * @return lista de atributos concatenados. *//* w w w .ja v a 2 s.c om*/ private static String getsignedAttributes(final ASN1Set attributes, final int binarySignType) { String attributos = ""; //$NON-NLS-1$ final Enumeration<?> e = attributes.getObjects(); while (e.hasMoreElements()) { final ASN1Sequence a = (ASN1Sequence) e.nextElement(); final ASN1ObjectIdentifier derIden = (ASN1ObjectIdentifier) a.getObjectAt(0); // tipo de contenido de la firma. if (derIden.equals(CMSAttributes.contentType)) { attributos = attributos + TB + TB + AppletMessages.getString("CMSInformation.22") + SP //$NON-NLS-1$ + a.getObjectAt(1) + CR; } //Message digest de la firma if (derIden.equals(CMSAttributes.messageDigest)) { attributos = attributos + TB + TB + AppletMessages.getString("CMSInformation.43") + CR; //$NON-NLS-1$ } //la fecha de firma. obtenemos y casteamos a algo legible. if (derIden.equals(CMSAttributes.signingTime)) { final ASN1Set time = (ASN1Set) a.getObjectAt(1); final DERUTCTime d = (DERUTCTime) time.getObjectAt(0); Date date = null; try { date = d.getDate(); } catch (final ParseException ex) { Logger.getLogger("es.gob.afirma").warning("No es posible convertir la fecha"); //$NON-NLS-1$ //$NON-NLS-2$ } final SimpleDateFormat formatter = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss"); //$NON-NLS-1$ final String ds = formatter.format(date); attributos = attributos + TB + TB + AppletMessages.getString("CMSInformation.39") + SP + ds + CR; //$NON-NLS-1$ } if (binarySignType == BINARY_SIGN_CADES) { //atributo signing certificate v2 if (derIden.equals(PKCSObjectIdentifiers.id_aa_signingCertificateV2)) { attributos = attributos + TB + TB + AppletMessages.getString("CMSInformation.40") + CR; //$NON-NLS-1$ } //Politica de firma. if (derIden.equals(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId)) { attributos = attributos + TB + TB + AppletMessages.getString("CMSInformation.41") + CR; //$NON-NLS-1$ } } } return attributos; }
From source file:es.gob.afirma.envelopers.cades.CAdESUtils.java
License:Open Source License
/** Método que genera la parte que contiene la información del * Usuario. Se generan los atributos que se necesitan para generar la firma. * @param cert Certificado del firmante//from ww w . ja v a 2s.c om * @param datos Datos firmados * @param policy Política de firma * @param messageDigest * @return Los datos necesarios para generar la firma referente a los datos * del usuario. * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws CertificateEncodingException */ static ASN1EncodableVector generateSignerInfo(final X509Certificate cert, final String digestAlgorithmName, final byte[] datos, final AdESPolicy policy, final byte[] messageDigest) throws NoSuchAlgorithmException, IOException, CertificateEncodingException { // ALGORITMO DE HUELLA DIGITAL final AlgorithmIdentifier digestAlgorithmOID = SigUtils .makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName)); // // ATRIBUTOS // authenticatedAttributes final ASN1EncodableVector contexExpecific = initContexExpecific(digestAlgorithmName, datos, PKCSObjectIdentifiers.data.getId(), messageDigest); // Serial Number // comentar lo de abajo para version del rfc 3852 contexExpecific.add(new Attribute(RFC4519Style.serialNumber, new DERSet(new DERPrintableString(cert.getSerialNumber().toString())))); if (!"SHA1".equals(AOSignConstants.getDigestAlgorithmName(digestAlgorithmName))) { //$NON-NLS-1$ //********************************************/ //***** La Nueva operatividad esta comentada */ //********************************************/ // INICIO SINGING CERTIFICATE-V2 /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber */ final TBSCertificateStructure tbs = TBSCertificateStructure .getInstance(ASN1Primitive.fromByteArray(cert.getTBSCertificate())); /** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier * DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial * IssuerSerial OPTIONAL } * Hash ::= OCTET STRING */ final byte[] certHash = MessageDigest.getInstance(digestAlgorithmName).digest(cert.getEncoded()); final ESSCertIDv2[] essCertIDv2 = { new ESSCertIDv2(digestAlgorithmOID, certHash, new IssuerSerial(new GeneralNames(new GeneralName(tbs.getIssuer())), tbs.getSerialNumber())) }; /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ final SigningCertificateV2 scv2; if (policy.getPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ scv2 = new SigningCertificateV2(essCertIDv2, getPolicyInformation(policy)); // con // politica } else { scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica } // Secuencia con singningCertificate contexExpecific.add(new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(scv2))); // FIN SINGING CERTIFICATE-V2 } else { // INICIO SINGNING CERTIFICATE /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber } */ final TBSCertificateStructure tbs = TBSCertificateStructure .getInstance(ASN1Primitive.fromByteArray(cert.getTBSCertificate())); final IssuerSerial isuerSerial = new IssuerSerial(new GeneralNames(new GeneralName(tbs.getIssuer())), tbs.getSerialNumber()); /** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial * OPTIONAL } * Hash ::= OCTET STRING -- SHA1 hash of entire certificate */ final ESSCertID essCertID = new ESSCertID( MessageDigest.getInstance(digestAlgorithmName).digest(cert.getEncoded()), isuerSerial); /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ final SigningCertificate scv; if (policy.getPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ /* * HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY * CASTLE NO TIENE DICHO CONSTRUCTOR. */ final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERSequence(essCertID)); v.add(new DERSequence(getPolicyInformation(policy))); scv = SigningCertificate.getInstance(new DERSequence(v)); // con politica } else { scv = new SigningCertificate(essCertID); // Sin politica } /** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) * id-aa(2) 12 } */ // Secuencia con singningCertificate contexExpecific.add(new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, new DERSet(scv))); } // INICIO SIGPOLICYID ATTRIBUTE if (policy.getPolicyIdentifier() != null) { /* * SigPolicyId ::= OBJECT IDENTIFIER Politica de firma. */ final ASN1ObjectIdentifier doiSigPolicyId = new ASN1ObjectIdentifier( policy.getPolicyIdentifier().toLowerCase().replace("urn:oid:", "")); //$NON-NLS-1$ //$NON-NLS-2$ /* * OtherHashAlgAndValue ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * hashValue OCTET STRING } * */ // Algoritmo para el hash final AlgorithmIdentifier hashid; // si tenemos algoritmo de calculo de hash, lo ponemos if (policy.getPolicyIdentifierHashAlgorithm() != null) { hashid = SigUtils.makeAlgId(AOAlgorithmID .getOID(AOSignConstants.getDigestAlgorithmName(policy.getPolicyIdentifierHashAlgorithm()))); } // si no tenemos, ponemos el algoritmo de firma. else { hashid = digestAlgorithmOID; } // hash del documento, descifrado en b64 final byte[] hashed; if (policy.getPolicyIdentifierHash() != null) { hashed = Base64.decode(policy.getPolicyIdentifierHash()); } else { hashed = new byte[] { 0 }; } final DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed); /* * SigPolicyQualifierInfo ::= SEQUENCE { * SigPolicyQualifierId SigPolicyQualifierId, * SigQualifier ANY DEFINED BY policyQualifierId } */ SigPolicyQualifierInfo spqInfo = null; if (policy.getPolicyQualifier() != null) { spqInfo = new SigPolicyQualifierInfo(policy.getPolicyQualifier().toString()); } /* * SignaturePolicyId ::= SEQUENCE { * sigPolicyId SigPolicyId, * sigPolicyHash SigPolicyHash, * sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF * SigPolicyQualifierInfo OPTIONAL} * */ final ASN1EncodableVector v = new ASN1EncodableVector(); // sigPolicyId v.add(doiSigPolicyId); // sigPolicyHash v.add(otherHashAlgAndValue.toASN1Primitive()); // como sequence // sigPolicyQualifiers if (spqInfo != null) { v.add(spqInfo.toASN1Primitive()); } final DERSequence ds = new DERSequence(v); // Secuencia con singningCertificate contexExpecific.add( new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet(ds.toASN1Primitive()))); // FIN SIGPOLICYID ATTRIBUTE } return contexExpecific; }
From source file:es.gob.afirma.envelopers.cms.ValidateCMS.java
License:Open Source License
/** Método que verifica que los SignerInfos tenga el parámetro * que identifica que es de tipo cades./* w w w . j a va 2s . c om*/ * @param si * SignerInfo para la verificación del párametro * adecuado. * @return si contiene el parámetro. */ private static boolean verifySignerInfo(final SignerInfo si) { boolean isSignerValid = true; final ASN1Set attrib = si.getAuthenticatedAttributes(); final Enumeration<?> e = attrib.getObjects(); Attribute atribute; while (isSignerValid && e.hasMoreElements()) { atribute = Attribute.getInstance(e.nextElement()); // si tiene la politica es CADES. if (atribute.getAttrType().equals(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId)) { isSignerValid = false; Logger.getLogger("es.gob.afirma").warning("El signerInfo no es del tipo CMS, es del tipo CADES"); //$NON-NLS-1$ //$NON-NLS-2$ } } return isSignerValid; }
From source file:es.gob.afirma.signers.cades.CAdESUtils.java
License:Open Source License
private static Attribute getSigPolicyId(final String digestAlgorithmName, final AdESPolicy policy) throws IOException { /** SigPolicyId ::= OBJECT IDENTIFIER Politica de firma. */ final ASN1ObjectIdentifier doiSigPolicyId = new ASN1ObjectIdentifier( policy.getPolicyIdentifier().toLowerCase(Locale.US).replace("urn:oid:", "") //$NON-NLS-1$ //$NON-NLS-2$ );//from w w w . j a v a2s .c om /** OtherHashAlgAndValue ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * hashValue OCTET STRING * } */ // Algoritmo para el hash final AlgorithmIdentifier hashid; // Si tenemos algoritmo de calculo de hash, lo ponemos if (policy.getPolicyIdentifierHashAlgorithm() != null) { hashid = SigUtils.makeAlgId(AOAlgorithmID .getOID(AOSignConstants.getDigestAlgorithmName(policy.getPolicyIdentifierHashAlgorithm()))); } // Si no tenemos, ponemos el algoritmo de firma. else { hashid = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName)); } // Huella del documento final byte[] hashed; if (policy.getPolicyIdentifierHash() != null) { hashed = Base64.decode(policy.getPolicyIdentifierHash()); } else { hashed = new byte[] { 0 }; } final DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed); /** AOSigPolicyQualifierInfo ::= SEQUENCE { * SigPolicyQualifierId SigPolicyQualifierId, * SigQualifier ANY DEFINED BY policyQualifierId * } */ AOSigPolicyQualifierInfo spqInfo = null; if (policy.getPolicyQualifier() != null) { spqInfo = new AOSigPolicyQualifierInfo(policy.getPolicyQualifier().toString()); } /** SignaturePolicyId ::= SEQUENCE { * sigPolicyId SigPolicyId, * sigPolicyHash SigPolicyHash, * sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF AOSigPolicyQualifierInfo OPTIONAL * } */ final ASN1EncodableVector v = new ASN1EncodableVector(); // sigPolicyId v.add(doiSigPolicyId); // sigPolicyHash v.add(otherHashAlgAndValue.toASN1Primitive()); // como sequence // sigPolicyQualifiers if (spqInfo != null) { v.add(new DERSequence(spqInfo.toASN1Primitive())); } final DERSequence ds = new DERSequence(v); return new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet(ds.toASN1Primitive())); }
From source file:es.gob.afirma.signers.cms.ValidateCMSSignedData.java
License:Open Source License
/** Método que verifica que los SignerInfos tenga el parámetro * que identifica que es de tipo cades./*from w w w . j a v a2s . c om*/ * @param si * SignerInfo para la verificación del párametro * adecuado. * @return si contiene el parámetro. */ private static boolean verifySignerInfo(final SignerInfo si) { boolean isSignerValid = true; final ASN1Set attrib = si.getAuthenticatedAttributes(); final Enumeration<?> e = attrib.getObjects(); Attribute atribute; while (isSignerValid && e.hasMoreElements()) { atribute = Attribute.getInstance(e.nextElement()); // si tiene la política es CADES. if (atribute.getAttrType().equals(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId)) { isSignerValid = false; Logger.getLogger("es.gob.afirma").warning("El signerInfo no es del tipo CMS, es del tipo CADES"); //$NON-NLS-1$ //$NON-NLS-2$ } } return isSignerValid; }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineB.java
License:Open Source License
private void addSignaturePolicyId(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) { Policy policy = parameters.bLevel().getSignaturePolicy(); if (policy != null && policy.getId() != null) { final String policyId = policy.getId(); SignaturePolicyIdentifier sigPolicy = null; if (!"".equals(policyId)) { // explicit final ASN1ObjectIdentifier derOIPolicyId = new ASN1ObjectIdentifier(policyId); final ASN1ObjectIdentifier oid = policy.getDigestAlgorithm().getOid(); final AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(oid); OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, new DEROctetString(policy.getDigestValue())); sigPolicy = new SignaturePolicyIdentifier( new SignaturePolicyId(derOIPolicyId, otherHashAlgAndValue)); } else {// implicit sigPolicy = new SignaturePolicyIdentifier(); }// ww w . j a va2s. com final DERSet attrValues = new DERSet(sigPolicy); final Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, attrValues); signedAttributes.add(attribute); } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileEPES.java
License:Open Source License
@Override public Hashtable<ASN1ObjectIdentifier, ASN1Encodable> getSignedAttributes(SignatureParameters parameters) { try {/*w ww. ja va 2s . c o m*/ Hashtable<ASN1ObjectIdentifier, ASN1Encodable> signedAttrs = super.getSignedAttributes(parameters); Attribute policy = null; SignaturePolicyIdentifier sigPolicy = null; switch (parameters.getSignaturePolicy()) { case EXPLICIT: sigPolicy = new SignaturePolicyIdentifier( new SignaturePolicyId(new DERObjectIdentifier(parameters.getSignaturePolicyId()), new OtherHashAlgAndValue( new AlgorithmIdentifier(DigestAlgorithm .getByName(parameters.getSignaturePolicyHashAlgo()).getOid()), new DEROctetString(parameters.getSignaturePolicyHashValue())))); policy = new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet(sigPolicy)); signedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, policy); break; case IMPLICIT: sigPolicy = new SignaturePolicyIdentifier(); sigPolicy.isSignaturePolicyImplied(); policy = new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet(sigPolicy)); signedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, policy); break; case NO_POLICY: break; } return signedAttrs; } catch (NoSuchAlgorithmException ex) { throw new ProfileException(ex.getMessage()); } }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESSignature.java
License:Open Source License
@Override public PolicyValue getPolicyId() { if (signerInformation.getSignedAttributes() == null) { return null; }//from w w w. ja va 2 s . c o m Attribute sigPolicytAttr = signerInformation.getSignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId); if (sigPolicytAttr == null) { return null; } if (sigPolicytAttr.getAttrValues().getObjectAt(0) instanceof DERNull) { return new PolicyValue(); } SignaturePolicyId sigPolicy = null; sigPolicy = SignaturePolicyId.getInstance(sigPolicytAttr.getAttrValues().getObjectAt(0)); if (sigPolicy == null) { return new PolicyValue(); } return new PolicyValue(sigPolicy.getSigPolicyId().getId()); }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
/** * 31 ETSI TS 101 733 V2.2.1 (2013-04)/*w ww . j a va 2 s. c om*/ * <p/> * 5.8.1 signature-policy-identifier * The present document mandates that for CAdES-EPES, a reference to the signature policy is included in the * signedData. This reference is explicitly identified. A signature policy defines the rules for creation and validation of * an electronic signature, and is included as a signed attribute with every Explicit Policy-based Electronic Signature. The * signature-policy-identifier shall be a signed attribute. * <p/> * The following object identifier identifies the signature-policy-identifier attribute: * ... id-aa-ets-sigPolicyId OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 15 } * signature-policy-identifier attribute values have ASN.1 type SignaturePolicyIdentifier: * ... SignaturePolicyIdentifier ::=CHOICE{ * ...... signaturePolicyId ......... SignaturePolicyId, * ...... signaturePolicyImplied .... SignaturePolicyImplied -- not used in this version} * <p/> * ... SignaturePolicyId ::= SEQUENCE { * ...... sigPolicyId ......... SigPolicyId, * ...... sigPolicyHash ....... SigPolicyHash, * ...... sigPolicyQualifiers . SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo OPTIONAL} * <p/> * ... SignaturePolicyImplied ::= NULL * <p/> * NOTE: {@code SignaturePolicyImplied} -- not used in this version * * @return */ @Override public SignaturePolicy getPolicyId() { final AttributeTable attributes = signerInformation.getSignedAttributes(); if (attributes == null) { return null; } final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId); if (attribute == null) { return null; } final ASN1Encodable attrValue = attribute.getAttrValues().getObjectAt(0); if (attrValue instanceof DERNull) { return null; } final SignaturePolicyId sigPolicy = SignaturePolicyId.getInstance(attrValue); if (sigPolicy == null) { return null; } final String policyId = sigPolicy.getSigPolicyId().getId(); final SignaturePolicy signaturePolicy = new SignaturePolicy(policyId); final OtherHashAlgAndValue hashAlgAndValue = sigPolicy.getSigPolicyHash(); final AlgorithmIdentifier digestAlgorithmIdentifier = hashAlgAndValue.getHashAlgorithm(); final String digestAlgorithmOID = digestAlgorithmIdentifier.getAlgorithm().getId(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(digestAlgorithmOID); signaturePolicy.setDigestAlgorithm(digestAlgorithm); final ASN1OctetString digestValue = hashAlgAndValue.getHashValue(); final byte[] digestValueBytes = digestValue.getOctets(); final String policyDigestHexValue = DSSUtils.toHex(digestValueBytes); signaturePolicy.setDigestValue(policyDigestHexValue); final SigPolicyQualifiers sigPolicyQualifiers = sigPolicy.getSigPolicyQualifiers(); if (sigPolicyQualifiers == null) { return signaturePolicy; } for (int ii = 0; ii < sigPolicyQualifiers.size(); ii++) { final SigPolicyQualifierInfo policyQualifierInfo = sigPolicyQualifiers.getInfoAt(ii); final ASN1ObjectIdentifier policyQualifierInfoId = policyQualifierInfo.getSigPolicyQualifierId(); final String policyQualifierInfoValue = policyQualifierInfo.getSigQualifier().toString(); if (PKCSObjectIdentifiers.id_spq_ets_unotice.equals(policyQualifierInfoId)) { signaturePolicy.setNotice(policyQualifierInfoValue); } else if (PKCSObjectIdentifiers.id_spq_ets_uri.equals(policyQualifierInfoId)) { signaturePolicy.setUrl(policyQualifierInfoValue); } else { LOG.error("Unknown signature policy qualifier id: " + policyQualifierInfoId + " with value: " + policyQualifierInfoValue); } } return signaturePolicy; }