List of usage examples for org.bouncycastle.cms CMSSignedData getSignerInfos
public SignerInformationStore getSignerInfos()
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESCRLSource.java
License:Open Source License
/** * //from w ww. ja v a 2 s . c om * The default constructor for CAdESCRLSource. * * @param encodedCMS * @throws CMSException */ public CAdESCRLSource(CMSSignedData cms) { this(cms, ((SignerInformation) cms.getSignerInfos().getSigners().iterator().next()).getSID()); }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESOCSPSource.java
License:Open Source License
/** * //from w ww. j ava 2s .c o m * The default constructor for CAdESOCSPSource. * * @param encodedCMS * @throws CMSException */ public CAdESOCSPSource(CMSSignedData cms) { this(cms, ((SignerInformation) cms.getSignerInfos().getSigners().iterator().next()).getSID()); }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESSignature.java
License:Open Source License
/** * /*w w w . j a v a 2s . co m*/ * The default constructor for CAdESSignature. * * @param data * @throws CMSException */ public CAdESSignature(CMSSignedData cms) { this(cms, (SignerInformation) cms.getSignerInfos().getSigners().iterator().next()); }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESSignature.java
License:Open Source License
/** * //from w w w.j a v a 2 s . c om * The default constructor for CAdESSignature. * * @param data * @throws CMSException */ public CAdESSignature(CMSSignedData cms, SignerId id) { this(cms, cms.getSignerInfos().get(id)); }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
/** * Returns the first {@code SignerInformation} extracted from {@code CMSSignedData}. * * @param cms CMSSignedData// w w w. ja v a 2 s .co m * @return returns {@code SignerInformation} */ private static SignerInformation getFirstSignerInformation(final CMSSignedData cms) { final SignerInformation signerInformation = (SignerInformation) cms.getSignerInfos().getSigners().iterator() .next(); return signerInformation; }
From source file:eu.europa.esig.dss.cades.signature.CAdESSignatureExtension.java
License:Open Source License
/** * Loops on each signerInformation of the cmsSignedData and extends the signature * * @param cmsSignedData/* w w w .ja v a 2s .c o m*/ * @return */ private CMSSignedData extendAllCMSSignatures(CMSSignedData cmsSignedData, CAdESSignatureParameters parameters) { LOG.info("EXTEND ALL CMS SIGNATURES."); cmsSignedData = preExtendCMSSignedData(cmsSignedData, parameters); Collection<SignerInformation> signerInformationCollection = cmsSignedData.getSignerInfos().getSigners(); final List<SignerInformation> newSignerInformationList = new ArrayList<SignerInformation>(); for (SignerInformation signerInformation : signerInformationCollection) { final CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation); cadesSignature.setDetachedContents(parameters.getDetachedContent()); assertSignatureValid(cadesSignature, parameters); final SignerInformation newSignerInformation = extendCMSSignature(cmsSignedData, signerInformation, parameters); newSignerInformationList.add(newSignerInformation); } final SignerInformationStore newSignerStore = new SignerInformationStore(newSignerInformationList); cmsSignedData = CMSSignedData.replaceSigners(cmsSignedData, newSignerStore); signerInformationCollection = cmsSignedData.getSignerInfos().getSigners(); for (SignerInformation signerInformation : signerInformationCollection) { cmsSignedData = postExtendCMSSignedData(cmsSignedData, signerInformation, parameters); } return cmsSignedData; }
From source file:eu.europa.esig.dss.cades.signature.CAdESSignatureExtension.java
License:Open Source License
/** * Take the last signerInformation of the cmsSignedData and extends the signature * * @param cmsSignedData/*from w w w. j a v a2 s . c om*/ * @return */ private CMSSignedData extendLastCMSSignature(CMSSignedData cmsSignedData, CAdESSignatureParameters parameters) { LOG.info("EXTEND LAST CMS SIGNATURES."); cmsSignedData = preExtendCMSSignedData(cmsSignedData, parameters); Collection<SignerInformation> signerInformationCollection = cmsSignedData.getSignerInfos().getSigners(); SignerInformation lastSignerInformation = getFirstSigner(cmsSignedData); final List<SignerInformation> newSignerInformationList = new ArrayList<SignerInformation>(); for (SignerInformation signerInformation : signerInformationCollection) { if (lastSignerInformation == signerInformation) { final CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation); cadesSignature.setDetachedContents(parameters.getDetachedContent()); assertSignatureValid(cadesSignature, parameters); final SignerInformation newSignerInformation = extendCMSSignature(cmsSignedData, signerInformation, parameters); newSignerInformationList.add(newSignerInformation); } else { newSignerInformationList.add(signerInformation); } } final SignerInformationStore newSignerStore = new SignerInformationStore(newSignerInformationList); cmsSignedData = CMSSignedData.replaceSigners(cmsSignedData, newSignerStore); lastSignerInformation = getFirstSigner(cmsSignedData); cmsSignedData = postExtendCMSSignedData(cmsSignedData, lastSignerInformation, parameters); return cmsSignedData; }
From source file:eu.europa.esig.dss.cades.signature.CAdESSignatureExtension.java
License:Open Source License
public static ASN1Object getTimeStampAttributeValue(final TSPSource tspSource, final byte[] messageToTimestamp, final DigestAlgorithm timestampDigestAlgorithm, final Attribute... attributesForTimestampToken) { try {/* w w w. ja va 2 s . co m*/ if (LOG.isDebugEnabled()) { LOG.debug("Message to timestamp is: " + Hex.encodeHexString(messageToTimestamp)); } byte[] timestampDigest = DSSUtils.digest(timestampDigestAlgorithm, messageToTimestamp); if (LOG.isDebugEnabled()) { LOG.debug("Digested ({}) message to timestamp is {}", new Object[] { timestampDigestAlgorithm, Hex.encodeHexString(timestampDigest) }); } final TimeStampToken timeStampToken = tspSource.getTimeStampResponse(timestampDigestAlgorithm, timestampDigest); if (timeStampToken == null) { throw new NullPointerException(); } if (LOG.isDebugEnabled()) { final byte[] messageImprintDigest = timeStampToken.getTimeStampInfo().getMessageImprintDigest(); LOG.debug("Digested ({}) message in timestamp is {}", new Object[] { timestampDigestAlgorithm, Hex.encodeHexString(messageImprintDigest) }); } CMSSignedData cmsSignedDataTimeStampToken = new CMSSignedData(timeStampToken.getEncoded()); // TODO (27/08/2014): attributesForTimestampToken cannot be null: to be modified if (attributesForTimestampToken != null) { // timeStampToken contains one and only one signer final SignerInformation signerInformation = cmsSignedDataTimeStampToken.getSignerInfos() .getSigners().iterator().next(); AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation); for (final Attribute attributeToAdd : attributesForTimestampToken) { final ASN1ObjectIdentifier attrType = attributeToAdd.getAttrType(); final ASN1Encodable objectAt = attributeToAdd.getAttrValues().getObjectAt(0); unsignedAttributes = unsignedAttributes.add(attrType, objectAt); } final SignerInformation newSignerInformation = SignerInformation .replaceUnsignedAttributes(signerInformation, unsignedAttributes); final List<SignerInformation> signerInformationList = new ArrayList<SignerInformation>(); signerInformationList.add(newSignerInformation); final SignerInformationStore newSignerStore = new SignerInformationStore(signerInformationList); cmsSignedDataTimeStampToken = CMSSignedData.replaceSigners(cmsSignedDataTimeStampToken, newSignerStore); } final byte[] newTimeStampTokenBytes = cmsSignedDataTimeStampToken.getEncoded(); return DSSASN1Utils.toASN1Primitive(newTimeStampTokenBytes); } catch (IOException e) { throw new DSSException(e); } catch (CMSException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.cades.signature.CMSSignedDataBuilder.java
License:Open Source License
/** * Note:/*from ww w.ja v a 2 s.c o m*/ * Section 5.1 of RFC 3852 [4] requires that, the CMS SignedData version be set to 3 if certificates from * SignedData is present AND (any version 1 attribute certificates are present OR any SignerInfo structures * are version 3 OR eContentType from encapContentInfo is other than id-data). Otherwise, the CMS * SignedData version is required to be set to 1. * ---> CMS SignedData Version is handled automatically by BouncyCastle. * * @param parameters set of the driving signing parameters * @param contentSigner the contentSigned to get the hash of the data to be signed * @param signerInfoGeneratorBuilder true if the unsigned attributes must be included * @param originalSignedData the original signed data if extending an existing signature. null otherwise. * @return the bouncycastle signed data generator which signs the document and adds the required signed and unsigned CMS attributes * @throws eu.europa.esig.dss.DSSException */ protected CMSSignedDataGenerator createCMSSignedDataGenerator(final CAdESSignatureParameters parameters, final ContentSigner contentSigner, final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder, final CMSSignedData originalSignedData) throws DSSException { try { final CertificateToken signingCertificate = parameters.getSigningCertificate(); final CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); final X509CertificateHolder certHolder = DSSASN1Utils.getX509CertificateHolder(signingCertificate); final SignerInfoGenerator signerInfoGenerator = signerInfoGeneratorBuilder.build(contentSigner, certHolder); generator.addSignerInfoGenerator(signerInfoGenerator); final Set<CertificateToken> certificateChain = new HashSet<CertificateToken>(); if (originalSignedData != null) { generator.addSigners(originalSignedData.getSignerInfos()); generator.addAttributeCertificates(originalSignedData.getAttributeCertificates()); generator.addCRLs(originalSignedData.getCRLs()); generator.addOtherRevocationInfo(id_pkix_ocsp_basic, originalSignedData.getOtherRevocationInfo(id_pkix_ocsp_basic)); generator.addOtherRevocationInfo(id_ri_ocsp_response, originalSignedData.getOtherRevocationInfo(id_ri_ocsp_response)); final Store certificates = originalSignedData.getCertificates(); final Collection<X509CertificateHolder> certificatesMatches = certificates.getMatches(null); for (final X509CertificateHolder certificatesMatch : certificatesMatches) { final CertificateToken x509Certificate = DSSASN1Utils.getCertificate(certificatesMatch); certificateChain.add(x509Certificate); } } certificateChain.add(parameters.getSigningCertificate()); certificateChain.addAll(parameters.getCertificateChain()); final boolean trustAnchorBPPolicy = parameters.bLevel().isTrustAnchorBPPolicy(); final Store jcaCertStore = getJcaCertStore(certificateChain, trustAnchorBPPolicy); generator.addCertificates(jcaCertStore); return generator; } catch (CMSException e) { throw new DSSException(e); } catch (OperatorCreationException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.cades.signature.CMSSignedDataBuilder.java
License:Open Source License
protected CMSSignedData regenerateCMSSignedData(CMSSignedData cmsSignedData, CAdESSignatureParameters parameters, Store certificatesStore, Store attributeCertificatesStore, Store crlsStore, Store otherRevocationInfoFormatStoreBasic, Store otherRevocationInfoFormatStoreOcsp) { try {/*from w w w .j a va 2s .c om*/ final CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator(); cmsSignedDataGenerator.addSigners(cmsSignedData.getSignerInfos()); cmsSignedDataGenerator.addAttributeCertificates(attributeCertificatesStore); cmsSignedDataGenerator.addCertificates(certificatesStore); cmsSignedDataGenerator.addCRLs(crlsStore); cmsSignedDataGenerator.addOtherRevocationInfo(id_pkix_ocsp_basic, otherRevocationInfoFormatStoreBasic); cmsSignedDataGenerator.addOtherRevocationInfo(id_ri_ocsp_response, otherRevocationInfoFormatStoreOcsp); final boolean encapsulate = cmsSignedData.getSignedContent() != null; if (!encapsulate) { final InputStream inputStream = parameters.getDetachedContent().openStream(); final CMSProcessableByteArray content = new CMSProcessableByteArray( DSSUtils.toByteArray(inputStream)); IOUtils.closeQuietly(inputStream); cmsSignedData = cmsSignedDataGenerator.generate(content, encapsulate); } else { cmsSignedData = cmsSignedDataGenerator.generate(cmsSignedData.getSignedContent(), encapsulate); } return cmsSignedData; } catch (CMSException e) { throw new DSSException(e); } }