List of usage examples for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_aa_signatureTimeStampToken
ASN1ObjectIdentifier id_aa_signatureTimeStampToken
To view the source code for org.bouncycastle.asn1.pkcs PKCSObjectIdentifiers id_aa_signatureTimeStampToken.
Click Source Link
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESSigner.java
License:Open Source License
private byte[] doSign(byte[] content, byte[] previewSignature) { try {/*from w w w . j a v a 2s . c o m*/ Security.addProvider(new BouncyCastleProvider()); // Completa os certificados ausentes da cadeia, se houver if (this.certificate == null && this.certificateChain != null && this.certificateChain.length > 0) { this.certificate = (X509Certificate) this.certificateChain[0]; } this.certificateChain = CAManager.getInstance().getCertificateChainArray(this.certificate); if (this.certificateChain.length < 3) { throw new SignerException( cadesMessagesBundle.getString("error.no.ca", this.certificate.getIssuerDN())); } Certificate[] certStore = new Certificate[] {}; CMSSignedData cmsPreviewSignedData = null; // Caso seja co-assinatura ou contra-assinatura // Importar todos os certificados da assinatura anterior if (previewSignature != null && previewSignature.length > 0) { cmsPreviewSignedData = new CMSSignedData(new CMSAbsentContent(), previewSignature); Collection<X509Certificate> previewCerts = this.getSignersCertificates(cmsPreviewSignedData); //previewCerts.add(this.certificate); certStore = previewCerts.toArray(new Certificate[] {}); } setCertificateManager(new CertificateManager(this.certificate)); // Recupera a lista de algoritmos da politica e o tamanho minimo da // chave List<AlgAndLength> listOfAlgAndLength = new ArrayList<AlgAndLength>(); for (AlgAndLength algLength : signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy() .getCommonRules().getAlgorithmConstraintSet().getSignerAlgorithmConstraints() .getAlgAndLengths()) { listOfAlgAndLength.add(algLength); } AlgAndLength algAndLength = null; // caso o algoritmo tenha sido informado como parmetro ir // verificar se o mesmo permitido pela politica if (this.pkcs1.getAlgorithm() != null) { String varSetedAlgorithmOID = AlgorithmNames.getOIDByAlgorithmName(this.pkcs1.getAlgorithm()); for (AlgAndLength algLength : listOfAlgAndLength) { if (algLength.getAlgID().getValue().equalsIgnoreCase(varSetedAlgorithmOID)) { algAndLength = algLength; SignerAlgorithmEnum varSignerAlgorithmEnum = SignerAlgorithmEnum .valueOf(this.pkcs1.getAlgorithm()); String varOIDAlgorithmHash = varSignerAlgorithmEnum.getOIDAlgorithmHash(); ObjectIdentifier varObjectIdentifier = signaturePolicy.getSignPolicyHashAlg() .getAlgorithm(); varObjectIdentifier.setValue(varOIDAlgorithmHash); AlgorithmIdentifier varAlgorithmIdentifier = signaturePolicy.getSignPolicyHashAlg(); varAlgorithmIdentifier.setAlgorithm(varObjectIdentifier); signaturePolicy.setSignPolicyHashAlg(varAlgorithmIdentifier); } } } else { algAndLength = listOfAlgAndLength.get(1); this.pkcs1.setAlgorithm(AlgorithmNames.getAlgorithmNameByOID(algAndLength.getAlgID().getValue())); SignerAlgorithmEnum varSignerAlgorithmEnum = SignerAlgorithmEnum.valueOf(this.pkcs1.getAlgorithm()); String varOIDAlgorithmHash = varSignerAlgorithmEnum.getOIDAlgorithmHash(); ObjectIdentifier varObjectIdentifier = signaturePolicy.getSignPolicyHashAlg().getAlgorithm(); varObjectIdentifier.setValue(varOIDAlgorithmHash); AlgorithmIdentifier varAlgorithmIdentifier = signaturePolicy.getSignPolicyHashAlg(); varAlgorithmIdentifier.setAlgorithm(varObjectIdentifier); signaturePolicy.setSignPolicyHashAlg(varAlgorithmIdentifier); } if (algAndLength == null) { throw new SignerException(cadesMessagesBundle.getString("error.no.algorithm.policy")); } logger.info(cadesMessagesBundle.getString("info.algorithm.id", algAndLength.getAlgID().getValue())); logger.info(cadesMessagesBundle.getString("info.algorithm.name", AlgorithmNames.getAlgorithmNameByOID(algAndLength.getAlgID().getValue()))); logger.info(cadesMessagesBundle.getString("info.min.key.length", algAndLength.getMinKeyLength())); // Recupera o tamanho minimo da chave para validacao logger.info(cadesMessagesBundle.getString("info.validating.key.length")); int keyLegth = ((RSAKey) certificate.getPublicKey()).getModulus().bitLength(); if (keyLegth < algAndLength.getMinKeyLength()) { throw new SignerException(cadesMessagesBundle.getString("error.min.key.length", algAndLength.getMinKeyLength().toString(), keyLegth)); } AttributeFactory attributeFactory = AttributeFactory.getInstance(); // Consulta e adiciona os atributos assinados ASN1EncodableVector signedAttributes = new ASN1EncodableVector(); logger.info(cadesMessagesBundle.getString("info.signed.attribute")); if (signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules() .getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr() .getObjectIdentifiers() != null) { for (ObjectIdentifier objectIdentifier : signaturePolicy.getSignPolicyInfo() .getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules() .getMandatedSignedAttr().getObjectIdentifiers()) { SignedOrUnsignedAttribute signedOrUnsignedAttribute = attributeFactory .factory(objectIdentifier.getValue()); signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), certificateChain, content, signaturePolicy, this.hash); signedAttributes.add(signedOrUnsignedAttribute.getValue()); } } // Monta a tabela de atributos assinados AttributeTable signedAttributesTable = new AttributeTable(signedAttributes); // Create the table table generator that will added to the Signer // builder CMSAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator( signedAttributesTable); // Recupera o(s) certificado(s) de confianca para validacao Collection<X509Certificate> trustedCAs = new HashSet<X509Certificate>(); Collection<CertificateTrustPoint> ctp = signaturePolicy.getSignPolicyInfo() .getSignatureValidationPolicy().getCommonRules().getSigningCertTrustCondition() .getSignerTrustTrees().getCertificateTrustPoints(); for (CertificateTrustPoint certificateTrustPoint : ctp) { logger.info(cadesMessagesBundle.getString("info.trust.point", certificateTrustPoint.getTrustpoint().getSubjectDN().toString())); trustedCAs.add(certificateTrustPoint.getTrustpoint()); } // Efetua a validacao das cadeias do certificado baseado na politica Collection<X509Certificate> certificateChainTrusted = new HashSet<X509Certificate>(); for (Certificate certCA : certificateChain) { certificateChainTrusted.add((X509Certificate) certCA); } X509Certificate rootOfCertificate = null; for (X509Certificate tcac : certificateChainTrusted) { logger.info(tcac.getIssuerDN().toString()); if (CAManager.getInstance().isRootCA(tcac)) { rootOfCertificate = tcac; } } if (trustedCAs.contains(rootOfCertificate)) { logger.info(cadesMessagesBundle.getString("info.trust.in.point", rootOfCertificate.getSubjectDN())); } else { // No encontrou na poltica, verificar nas cadeias do // componente chain-icp-brasil provavelmente certificado de // homologao. logger.warn(cadesMessagesBundle.getString("info.trust.poin.homolog")); CAManager.getInstance().validateRootCAs(certificateChainTrusted, certificate); } // validade da politica logger.info(cadesMessagesBundle.getString("info.policy.valid.period")); PolicyValidator pv = new PolicyValidator(this.signaturePolicy, this.policyName); pv.validate(); // Realiza a assinatura do conteudo CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); gen.addCertificates(this.generatedCertStore(certStore)); String algorithmOID = algAndLength.getAlgID().getValue(); logger.info(cadesMessagesBundle.getString("info.algorithm.id", algorithmOID)); SignerInfoGenerator signerInfoGenerator = new JcaSimpleSignerInfoGeneratorBuilder() .setSignedAttributeGenerator(signedAttributeGenerator).setUnsignedAttributeGenerator(null) .build(AlgorithmNames.getAlgorithmNameByOID(algorithmOID), this.pkcs1.getPrivateKey(), this.certificate); gen.addSignerInfoGenerator(signerInfoGenerator); CMSTypedData cmsTypedData; // para assinatura do hash, content nulo if (content == null) { cmsTypedData = new CMSAbsentContent(); } else { cmsTypedData = new CMSProcessableByteArray(content); } // Efetua a assinatura digital do contedo CMSSignedData cmsSignedData = gen.generate(cmsTypedData, this.attached); setAttached(false); // Consulta e adiciona os atributos no assinados// ASN1EncodableVector unsignedAttributes = new ASN1EncodableVector(); logger.info(cadesMessagesBundle.getString("info.unsigned.attribute")); Collection<SignerInformation> vNewSigners = cmsSignedData.getSignerInfos().getSigners(); Iterator<SignerInformation> it = vNewSigners.iterator(); SignerInformation oSi = it.next(); if (signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules() .getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr() .getObjectIdentifiers() != null) { for (ObjectIdentifier objectIdentifier : signaturePolicy.getSignPolicyInfo() .getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules() .getMandatedUnsignedAttr().getObjectIdentifiers()) { SignedOrUnsignedAttribute signedOrUnsignedAttribute = attributeFactory .factory(objectIdentifier.getValue()); if (signedOrUnsignedAttribute.getOID() .equalsIgnoreCase(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId())) { signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), this.certificateChainTimeStamp, oSi.getSignature(), signaturePolicy, this.hash); } if (signedOrUnsignedAttribute.getOID().equalsIgnoreCase("1.2.840.113549.1.9.16.2.25")) //EscTimeStamp { ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); outputStream.write(oSi.getSignature()); AttributeTable varUnsignedAttributes = oSi.getUnsignedAttributes(); Attribute varAttribute = varUnsignedAttributes.get(new ASN1ObjectIdentifier( PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId())); outputStream.write(varAttribute.getAttrType().getEncoded()); outputStream.write(varAttribute.getAttrValues().getEncoded()); varAttribute = varUnsignedAttributes.get( new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_certificateRefs.getId())); outputStream.write(varAttribute.getAttrType().getEncoded()); outputStream.write(varAttribute.getAttrValues().getEncoded()); varAttribute = varUnsignedAttributes.get( new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_revocationRefs.getId())); outputStream.write(varAttribute.getAttrType().getEncoded()); outputStream.write(varAttribute.getAttrValues().getEncoded()); escTimeStampContent = outputStream.toByteArray(); signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), this.certificateChainTimeStamp, escTimeStampContent, signaturePolicy, this.hash); } else { signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), certificateChain, oSi.getSignature(), signaturePolicy, this.hash); } unsignedAttributes.add(signedOrUnsignedAttribute.getValue()); AttributeTable unsignedAttributesTable = new AttributeTable(unsignedAttributes); vNewSigners.remove(oSi); oSi = SignerInformation.replaceUnsignedAttributes(oSi, unsignedAttributesTable); vNewSigners.add(oSi); } } //TODO Estudar este mtodo de contra-assinatura posteriormente if (previewSignature != null && previewSignature.length > 0) { vNewSigners.addAll(cmsPreviewSignedData.getSignerInfos().getSigners()); } SignerInformationStore oNewSignerInformationStore = new SignerInformationStore(vNewSigners); CMSSignedData oSignedData = cmsSignedData; cmsSignedData = CMSSignedData.replaceSigners(oSignedData, oNewSignerInformationStore); byte[] result = cmsSignedData.getEncoded(); logger.info(cadesMessagesBundle.getString("info.signature.ok")); return result; } catch (CMSException | IOException | OperatorCreationException | CertificateEncodingException ex) { throw new SignerException(ex); } }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESTimeStampSigner.java
License:Open Source License
@Override public byte[] doTimeStampForSignature(byte[] signature) throws SignerException { try {/*w ww . j a v a 2 s.c o m*/ Security.addProvider(new BouncyCastleProvider()); CMSSignedData cmsSignedData = new CMSSignedData(signature); SignerInformationStore signers = cmsSignedData.getSignerInfos(); Iterator<?> it = signers.getSigners().iterator(); SignerInformation signer = (SignerInformation) it.next(); AttributeFactory attributeFactory = AttributeFactory.getInstance(); ASN1EncodableVector unsignedAttributes = new ASN1EncodableVector(); SignedOrUnsignedAttribute signedOrUnsignedAttribute = attributeFactory .factory(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()); signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), this.getCertificateChain(), signer.getSignature(), signaturePolicy, null); unsignedAttributes.add(signedOrUnsignedAttribute.getValue()); AttributeTable unsignedAttributesTable = new AttributeTable(unsignedAttributes); List<SignerInformation> vNewSigners = new ArrayList<SignerInformation>(); vNewSigners.add(SignerInformation.replaceUnsignedAttributes(signer, unsignedAttributesTable)); SignerInformationStore oNewSignerInformationStore = new SignerInformationStore(vNewSigners); CMSSignedData oSignedData = cmsSignedData; cmsSignedData = CMSSignedData.replaceSigners(oSignedData, oNewSignerInformationStore); byte[] result = cmsSignedData.getEncoded(); return result; } catch (CMSException ex) { throw new SignerException(ex.getMessage()); } catch (IOException ex) { throw new SignerException(ex.getMessage()); } }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESTimeStampSigner.java
License:Open Source License
private byte[] doTimeStamp(byte[] content, byte[] hash) { try {// www.j ava2 s . c om AttributeFactory attributeFactory = AttributeFactory.getInstance(); SignedOrUnsignedAttribute signedOrUnsignedAttribute = attributeFactory .factory(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()); if (content != null) { signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), this.getCertificateChain(), content, signaturePolicy, null); } else { signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), this.getCertificateChain(), null, signaturePolicy, hash); } byte[] result = signedOrUnsignedAttribute.getValue().getEncoded(); return result; } catch (IOException ex) { throw new SignerException(ex.getMessage()); } }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESTimeStampSigner.java
License:Open Source License
@Override public List<Timestamp> checkTimeStampOnSignature(byte[] signature) { try {//from w ww . j a v a 2s. c o m Security.addProvider(new BouncyCastleProvider()); List<Timestamp> listOfTimeStamp = new ArrayList<Timestamp>(); CMSSignedData cmsSignedData = new CMSSignedData(signature); SignerInformationStore signers = cmsSignedData.getSignerInfos(); Iterator<?> it = signers.getSigners().iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); Attribute attributeTimeStamp = unsignedAttributes .get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId())); if (attributeTimeStamp != null) { TimeStampOperator timeStampOperator = new TimeStampOperator(); byte[] varTimeStamp = attributeTimeStamp.getAttrValues().getObjectAt(0).toASN1Primitive() .getEncoded(); TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(varTimeStamp)); Timestamp timeStampSigner = new Timestamp(timeStampToken); timeStampOperator.validate(signer.getSignature(), varTimeStamp, null); listOfTimeStamp.add(timeStampSigner); } } return listOfTimeStamp; } catch (CertificateCoreException | IOException | TSPException | CMSException e) { throw new SignerException(e); } }
From source file:org.icepdf.core.pobjects.acroform.signature.AbstractPkcsValidator.java
License:Apache License
/** * SignedData ::= SEQUENCE {//from w w w . j av a 2s . c o m * 0, version CMSVersion, * 1, digestAlgorithms DigestAlgorithmIdentifiers, * 2, encapContentInfo EncapsulatedContentInfo, * 3, certificateChain [0] IMPLICIT CertificateSet OPTIONAL, * 4, crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, * 5, signerInfos SignerInfos } * <p/> * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier * SignerInfos ::= SET OF SignerInfo */ protected void parseSignerData(ASN1Sequence signedData, byte[] cmsData) throws SignatureIntegrityException { // digest algorithms ID, not currently using them but useful for debug. if (logger.isLoggable(Level.FINER)) { // should always be 1. int cmsVersion = ((ASN1Integer) signedData.getObjectAt(0)).getValue().intValue(); logger.finest("CMS version: " + cmsVersion); Enumeration<ASN1Sequence> enumeration = ((ASN1Set) signedData.getObjectAt(1)).getObjects(); while (enumeration.hasMoreElements()) { String objectId = ((ASN1ObjectIdentifier) enumeration.nextElement().getObjectAt(0)).getId(); try { String digestAlgorithmName = AlgorithmIdentifier.getDigestAlgorithmName(objectId); MessageDigest tmp = AlgorithmIdentifier.getDigestInstance(objectId, null); logger.finest("DigestAlgorithmIdentifiers: " + digestAlgorithmName + " " + objectId); logger.finest(tmp.toString()); } catch (Throwable ex) { logger.log(Level.WARNING, "Error finding iod: " + objectId, ex); } } } /** * EncapsulatedContentInfo ::= SEQUENCE { * eContentType ContentType, * eContent [0] EXPLICIT OCTET STRING OPTIONAL } * * ContentType ::= OBJECT IDENTIFIER */ encapsulatedContentInfoData = null; ASN1Sequence encapsulatedContentInfo = (ASN1Sequence) signedData.getObjectAt(2); // grab just the first definitions, as we are looking for encapuslated data for PKCS7.sha1. if (encapsulatedContentInfo.size() >= 2) { // should still be iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 ... ASN1ObjectIdentifier eObjectIdentifier = (ASN1ObjectIdentifier) encapsulatedContentInfo.getObjectAt(0); String eObjectIdentifierId = eObjectIdentifier.getId(); if (logger.isLoggable(Level.FINER)) { logger.finest("EncapsulatedContentInfo: " + eObjectIdentifierId + " " + Pkcs7Validator.getObjectIdName(eObjectIdentifierId)); } // should be octets encode as pkcs#7 ASN1OctetString eContent = (ASN1OctetString) ((ASN1TaggedObject) encapsulatedContentInfo.getObjectAt(1)) .getObject(); // shows up in pkcs7.sha1 only encapsulatedContentInfoData = eContent.getOctets(); if (logger.isLoggable(Level.FINER)) { logger.finest("EncapsulatedContentInfo Data " + eContent.toString()); } } else if (encapsulatedContentInfo.size() == 1) { if (logger.isLoggable(Level.FINER)) { ASN1ObjectIdentifier eObjectIdentifier = (ASN1ObjectIdentifier) encapsulatedContentInfo .getObjectAt(0); String eObjectIdentifierId = eObjectIdentifier.getId(); logger.finest("EncapsulatedContentInfo size is 1: " + eObjectIdentifierId + " " + Pkcs7Validator.getObjectIdName(eObjectIdentifierId)); } } // grab the signer info. ASN1Sequence signerInfo = parseCertificateData(cmsData, signedData); // DigestAlgorithmIdentifier ::= AlgorithmIdentifier digestAlgorithmIdentifier = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(2)) .getObjectAt(0)).getId(); // signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, // signedAttrs is optional so we look for the occurrence // // SignedAttributes ::= SET SIZE (1..MAX) OF Attribute // // Attribute ::= SEQUENCE { // attrType OBJECT IDENTIFIER, // attrValues SET OF AttributeValue } // // AttributeValue ::= ANY // SignatureValue ::= OCTET STRING int nextEntry = 3; messageDigest = null; ASN1TaggedObject signedAttributes; signedAttributesSequence = null; if (signerInfo.getObjectAt(nextEntry) instanceof ASN1TaggedObject) { signedAttributes = (ASN1TaggedObject) signerInfo.getObjectAt(nextEntry); signedAttributesSequence = ASN1Set.getInstance(signedAttributes, false); for (int i = 0, max = signedAttributesSequence.size(); i < max; ++i) { // attribute type/value pair. ASN1Sequence attributePair = (ASN1Sequence) signedAttributesSequence.getObjectAt(i); // mainly just looking for the message digest. if (((ASN1ObjectIdentifier) attributePair.getObjectAt(0)).getId() .equals(PKCSObjectIdentifiers.pkcs_9_at_messageDigest.getId())) { ASN1Set set = (ASN1Set) attributePair.getObjectAt(1); messageDigest = ((ASN1OctetString) set.getObjectAt(0)).getOctets(); } // try and pull out the signing time. // currently not using this time. // if (((ASN1ObjectIdentifier) attributePair.getObjectAt(0)).getId().equals( // PKCSObjectIdentifiers.pkcs_9_at_signingTime.getId())) { // ASN1Set set = (ASN1Set) attributePair.getObjectAt(1); // ASN1UTCTime signerTime = ((ASN1UTCTime) set.getObjectAt(0)); // try { // // see if the signer time matches the certificate validity times. // System.out.println(" SignatureSigner Time " + signerTime.getDate()); // } catch (ParseException e) { // e.printStackTrace(); // } // } // more attributes to come. } if (messageDigest == null) { throw new SignatureIntegrityException("Message Digest can nut be null"); } ++nextEntry; } // signatureAlgorithm SignatureAlgorithmIdentifier, signatureAlgorithmIdentifier = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(nextEntry)) .getObjectAt(0)).getId(); nextEntry++; // signature SignatureValue signatureValue = ((ASN1OctetString) signerInfo.getObjectAt(nextEntry)).getOctets(); nextEntry++; // unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL // once again optional so we check to see if the entry is available. if (nextEntry < signerInfo.size() && signerInfo.getObjectAt(nextEntry) instanceof ASN1TaggedObject) { ASN1TaggedObject unsignedAttributes = (ASN1TaggedObject) signerInfo.getObjectAt(nextEntry); ASN1Set unsignedAttributeSequence = ASN1Set.getInstance(unsignedAttributes, false); AttributeTable attributeTable = new AttributeTable(unsignedAttributeSequence); Attribute timeStamp = attributeTable.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (timeStamp != null && timeStamp.getAttrValues().size() > 0) { ASN1Set attributeValues = timeStamp.getAttrValues(); ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0)); ContentInfo contentInfo = ContentInfo.getInstance(tokenSequence); // if we can parse it we call it good, so cert has a embedded time but we don't do any validation on it try { new TimeStampToken(contentInfo); isEmbeddedTimeStamp = true; } catch (Throwable e1) { throw new SignatureIntegrityException("Valid TimeStamp could now be created"); } } } }
From source file:org.votingsystem.signature.smime.SMIMEMessage.java
License:Open Source License
public void setTimeStampToken(TimeStampToken timeStampToken) throws Exception { if (timeStampToken == null) throw new Exception("timestamp token null"); DERObject derObject = new ASN1InputStream(timeStampToken.getEncoded()).readObject(); DERSet derset = new DERSet(derObject); Attribute timeStampAsAttribute = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, derset); Hashtable hashTable = new Hashtable(); hashTable.put(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, timeStampAsAttribute); AttributeTable timeStampAsAttributeTable = new AttributeTable(hashTable); byte[] timeStampTokenHash = timeStampToken.getTimeStampInfo().getMessageImprintDigest(); Iterator<SignerInformation> it = smimeSigned.getSignerInfos().getSigners().iterator(); List<SignerInformation> newSigners = new ArrayList<SignerInformation>(); while (it.hasNext()) { SignerInformation signer = it.next(); byte[] digestBytes = CMSUtils.getSignerDigest(signer); if (Arrays.equals(timeStampTokenHash, digestBytes)) { log.info("setTimeStampToken - found signer"); AttributeTable attributeTable = signer.getUnsignedAttributes(); SignerInformation updatedSigner = null; if (attributeTable != null) { log.info("setTimeStampToken - signer with UnsignedAttributes"); hashTable = attributeTable.toHashtable(); hashTable.put(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, timeStampAsAttribute); timeStampAsAttributeTable = new AttributeTable(hashTable); }//from w ww . j ava2 s.co m updatedSigner = signer.replaceUnsignedAttributes(signer, timeStampAsAttributeTable); newSigners.add(updatedSigner); } else newSigners.add(signer); } SignerInformationStore newSignersStore = new SignerInformationStore(newSigners); CMSSignedData cmsdata = smimeSigned.replaceSigners(smimeSigned, newSignersStore); replaceSigners(cmsdata); }
From source file:org.votingsystem.signature.smime.SMIMEMessage.java
License:Open Source License
private TimeStampToken checkTimeStampToken(SignerInformation signer) throws Exception { TimeStampToken timeStampToken = null; AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); if (unsignedAttributes != null) { Attribute timeStampAttribute = unsignedAttributes .get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (timeStampAttribute != null) { DEREncodable dob = timeStampAttribute.getAttrValues().getObjectAt(0); CMSSignedData signedData = new CMSSignedData(dob.getDERObject().getEncoded()); timeStampToken = new TimeStampToken(signedData); return timeStampToken; }// www . jav a 2 s.c o m } else log.info("checkTimeStampToken - without unsignedAttributes"); return timeStampToken; }