List of usage examples for org.bouncycastle.asn1.x509 IssuerSerial getIssuer
public GeneralNames getIssuer()
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
/** * ETSI TS 101 733 V2.2.1 (2013-04)<p/> * 5.6.3 Signature Verification Process<p/> * TODO (Bob 28.05.2014) The position of the signing certificate must be clarified * ...the public key from the first certificate identified in the sequence of certificate identifiers from SigningCertificate shall be the key used to verify the digital * signature.//from ww w .ja va 2 s . c o m * * @return */ @Override public CandidatesForSigningCertificate getCandidatesForSigningCertificate() { if (candidatesForSigningCertificate != null) { return candidatesForSigningCertificate; } LOG.debug("--> Searching the signing certificate..."); candidatesForSigningCertificate = new CandidatesForSigningCertificate(); final Collection<CertificateToken> keyInfoCertificates = getCertificateSource().getKeyInfoCertificates(); final SignerId sid = signerInformation.getSID(); for (final CertificateToken certificateToken : keyInfoCertificates) { final SigningCertificateValidity signingCertificateValidity = new SigningCertificateValidity( certificateToken); candidatesForSigningCertificate.add(signingCertificateValidity); final X509CertificateHolder x509CertificateHolder = DSSUtils.getX509CertificateHolder(certificateToken); final boolean match = sid.match(x509CertificateHolder); if (match) { this.signingCertificateValidity = signingCertificateValidity; break; } } if (signingCertificateValidity == null) { LOG.debug("--> Signing certificate not found: " + sid); return candidatesForSigningCertificate; } final IssuerSerial signingTokenIssuerSerial = DSSUtils .getIssuerSerial(signingCertificateValidity.getCertificateToken()); final BigInteger signingTokenSerialNumber = signingTokenIssuerSerial.getSerial().getValue(); final GeneralNames signingTokenIssuerName = signingTokenIssuerSerial.getIssuer(); final AttributeTable signedAttributes = getSignedAttributes(signerInformation); final Attribute signingCertificateAttributeV1 = signedAttributes .get(PKCSObjectIdentifiers.id_aa_signingCertificate); if (signingCertificateAttributeV1 != null) { signingCertificateValidity.setAttributePresent(true); verifySigningCertificateV1(signingTokenSerialNumber, signingTokenIssuerName, signingCertificateAttributeV1); return candidatesForSigningCertificate; } final Attribute signingCertificateAttributeV2 = signedAttributes .get(PKCSObjectIdentifiers.id_aa_signingCertificateV2); if (signingCertificateAttributeV2 != null) { signingCertificateValidity.setAttributePresent(true); verifySigningCertificateV2(signingTokenSerialNumber, signingTokenIssuerName, signingCertificateAttributeV2); return candidatesForSigningCertificate; } LOG.debug("--> There is no signed reference to the signing certificate: " + signingCertificateValidity.getCertificateToken().getAbbreviation()); return candidatesForSigningCertificate; }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
private boolean verifySigningCertificateReferences(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final byte[] signingTokenCertHash, final byte[] certHash, final IssuerSerial issuerSerial) { final boolean hashEqual = Arrays.equals(certHash, signingTokenCertHash); signingCertificateValidity.setDigestEqual(hashEqual); boolean serialNumberEqual = false; if (issuerSerial != null) { final BigInteger serialNumber = issuerSerial.getSerial().getValue(); serialNumberEqual = serialNumber.equals(signingTokenSerialNumber); signingCertificateValidity.setSerialNumberEqual(serialNumberEqual); }/*from w w w . j a va2 s .c o m*/ boolean issuerNameEqual = false; if (issuerSerial != null) { final GeneralNames issuerName = issuerSerial.getIssuer(); final String canonicalizedIssuerName = getCanonicalizedName(issuerName); final String canonicalizedSigningTokenIssuerName = getCanonicalizedName(signingTokenIssuerName); issuerNameEqual = canonicalizedIssuerName.equals(canonicalizedSigningTokenIssuerName); // DOES NOT WORK: // issuerNameEqual = issuerName.equals(signingTokenIssuerName); signingCertificateValidity.setDistinguishedNameEqual(issuerNameEqual); } // candidatesForSigningCertificate.setSerialNumberEqual(true); // candidatesForSigningCertificate.setDistinguishedNameEqual(true); // return true; return hashEqual && serialNumberEqual && issuerNameEqual; }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
@Override public List<CertificateRef> getCertificateRefs() { final List<CertificateRef> list = new ArrayList<CertificateRef>(); final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes == null) { return list; }//from w ww . java 2 s . c o m final Attribute attribute = attributes.get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs); if (attribute == null) { return list; } final ASN1Set attrValues = attribute.getAttrValues(); if (attrValues.size() <= 0) { return list; } final ASN1Encodable attrValue = attrValues.getObjectAt(0); final ASN1Sequence completeCertificateRefs = (ASN1Sequence) attrValue; for (int i = 0; i < completeCertificateRefs.size(); i++) { final OtherCertID otherCertId = OtherCertID.getInstance(completeCertificateRefs.getObjectAt(i)); final CertificateRef certId = new CertificateRef(); certId.setDigestAlgorithm(otherCertId.getAlgorithmHash().getAlgorithm().getId()); certId.setDigestValue(otherCertId.getCertHash()); final IssuerSerial issuer = otherCertId.getIssuerSerial(); if (issuer != null) { final GeneralNames issuerName = issuer.getIssuer(); if (issuerName != null) { certId.setIssuerName(issuerName.toString()); } final ASN1Integer issuerSerial = issuer.getSerial(); if (issuerSerial != null) { certId.setIssuerSerial(issuerSerial.toString()); } } list.add(certId); } return list; }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
private boolean verifySignedReferencesToSigningCertificate() { final IssuerSerial signingTokenIssuerSerial = DSSASN1Utils .getIssuerSerial(signingCertificateValidity.getCertificateToken()); final BigInteger signingTokenSerialNumber = signingTokenIssuerSerial.getSerial().getValue(); final GeneralNames signingTokenIssuerName = signingTokenIssuerSerial.getIssuer(); final AttributeTable signedAttributes = CMSUtils.getSignedAttributes(signerInformation); final Attribute signingCertificateAttributeV1 = signedAttributes.get(id_aa_signingCertificate); if (signingCertificateAttributeV1 != null) { signingCertificateValidity.setAttributePresent(true); verifySigningCertificateV1(signingTokenSerialNumber, signingTokenIssuerName, signingCertificateAttributeV1); return true; }/*from w w w. j a v a 2 s. c om*/ final Attribute signingCertificateAttributeV2 = signedAttributes.get(id_aa_signingCertificateV2); if (signingCertificateAttributeV2 != null) { signingCertificateValidity.setAttributePresent(true); verifySigningCertificateV2(signingTokenSerialNumber, signingTokenIssuerName, signingCertificateAttributeV2); return true; } return false; }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
private boolean verifySigningCertificateReferences(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final byte[] signingTokenCertHash, final byte[] certHash, final IssuerSerial issuerSerial) { signingCertificateValidity.setDigest(Base64.encodeBase64String(signingTokenCertHash)); final boolean hashEqual = Arrays.equals(certHash, signingTokenCertHash); signingCertificateValidity.setDigestEqual(hashEqual); if (issuerSerial != null) { final BigInteger serialNumber = issuerSerial.getSerial().getValue(); boolean serialNumberEqual = serialNumber.equals(signingTokenSerialNumber); signingCertificateValidity.setSerialNumberEqual(serialNumberEqual); final GeneralNames issuerName = issuerSerial.getIssuer(); final String canonicalizedIssuerName = DSSASN1Utils.getCanonicalizedName(issuerName); final String canonicalizedSigningTokenIssuerName = DSSASN1Utils .getCanonicalizedName(signingTokenIssuerName); // DOES NOT WORK IN ALL CASES: // issuerNameEqual = issuerName.equals(signingTokenIssuerName); boolean issuerNameEqual = canonicalizedIssuerName.equals(canonicalizedSigningTokenIssuerName); signingCertificateValidity.setDistinguishedNameEqual(issuerNameEqual); }/*ww w .ja va 2s . c o m*/ // Validation of the hash is sufficient return hashEqual; }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
@Override public List<CertificateRef> getCertificateRefs() { final List<CertificateRef> list = new ArrayList<CertificateRef>(); final AttributeTable attributes = signerInformation.getUnsignedAttributes(); if (attributes == null) { return list; }/* www .j ava 2s . co m*/ final Attribute attribute = attributes.get(id_aa_ets_certificateRefs); if (attribute == null) { return list; } final ASN1Set attrValues = attribute.getAttrValues(); if (attrValues.size() <= 0) { return list; } final ASN1Encodable attrValue = attrValues.getObjectAt(0); final ASN1Sequence completeCertificateRefs = (ASN1Sequence) attrValue; for (int i = 0; i < completeCertificateRefs.size(); i++) { final OtherCertID otherCertId = OtherCertID.getInstance(completeCertificateRefs.getObjectAt(i)); final CertificateRef certId = new CertificateRef(); certId.setDigestAlgorithm( DigestAlgorithm.forOID(otherCertId.getAlgorithmHash().getAlgorithm().getId())); certId.setDigestValue(otherCertId.getCertHash()); final IssuerSerial issuer = otherCertId.getIssuerSerial(); if (issuer != null) { final GeneralNames issuerName = issuer.getIssuer(); if (issuerName != null) { certId.setIssuerName(issuerName.toString()); } final ASN1Integer issuerSerial = issuer.getSerial(); if (issuerSerial != null) { certId.setIssuerSerial(issuerSerial.toString()); } } list.add(certId); } return list; }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getProcurationStringValue(byte[] octets) throws IOException { // @formatter:off /*/*ww w . j a va 2s .co m*/ ProcurationSyntax ::= SEQUENCE { country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL, typeOfSubstitution [2] EXPLICIT DirectoryString(SIZE(1..128)) OPTIONAL, signingFor [3] EXPLICIT SigningFor } SigningFor ::= CHOICE { thirdPerson GeneralName, certRef IssuerSerial } */ // @formatter:on StringBuilder sb = new StringBuilder(); ProcurationSyntax procurationSyntax = ProcurationSyntax.getInstance(octets); String country = procurationSyntax.getCountry(); DirectoryString typeOfSubstitution = procurationSyntax.getTypeOfSubstitution(); GeneralName thirdPerson = procurationSyntax.getThirdPerson(); IssuerSerial certRef = procurationSyntax.getCertRef(); if (country != null) { sb.append(MessageFormat.format(res.getString("Procuration.Country"), country)); sb.append(NEWLINE); } if (typeOfSubstitution != null) { sb.append(MessageFormat.format(res.getString("Procuration.TypeOfSubstitution"), typeOfSubstitution.toString())); sb.append(NEWLINE); } if (thirdPerson != null) { sb.append(MessageFormat.format(res.getString("Procuration.ThirdPerson"), GeneralNameUtil.toString(thirdPerson))); sb.append(NEWLINE); } if (certRef != null) { sb.append(res.getString("Procuration.CertRef")); sb.append(NEWLINE); sb.append(INDENT); sb.append(res.getString("Procuration.CertRef.Issuer")); for (GeneralName generalName : certRef.getIssuer().getNames()) { sb.append(INDENT); sb.append(INDENT); sb.append(GeneralNameUtil.toString(generalName)); sb.append(NEWLINE); } sb.append(NEWLINE); sb.append(INDENT); sb.append(MessageFormat.format(res.getString("Procuration.CertRef.SN"), HexUtil.getHexString(certRef.getSerial().getValue()))); sb.append(NEWLINE); } return sb.toString(); }
From source file:nl.uva.vlet.grid.voms.VOMSAttributeCertificate.java
License:Apache License
public String getHolder() throws Exception { //---------------------------------------------------------------------------- // return the holder's DN as a String String holderDN = ""; try {//from w w w .j av a 2s. com IssuerSerial baseCertificateID = this.holder.getBaseCertificateID(); if (baseCertificateID != null) { GeneralName[] holder_name_array = baseCertificateID.getIssuer().getNames(); DERSequence holder_name_sequence = (DERSequence) holder_name_array[0].getName(); holderDN = this.DERSequencetoDN(holder_name_sequence); } } catch (Exception e) { throw e; } return holderDN; }