List of usage examples for org.bouncycastle.cms SignerInformation getUnsignedAttributes
public AttributeTable getUnsignedAttributes()
From source file:CreateSignature.java
License:Apache License
/** * We are extending CMS Signature/* w ww .j av a 2 s . com*/ * * @param signer information about signer * @return information about SignerInformation */ private SignerInformation signTimeStamp(SignerInformation signer) throws IOException, TSPException { AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (unsignedAttributes != null) { vector = unsignedAttributes.toASN1EncodableVector(); } byte[] token = getTsaClient().getTimeStampToken(signer.getSignature()); ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken; ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token))); vector.add(signatureTimeStamp); Attributes signedAttributes = new Attributes(vector); SignerInformation newSigner = SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes)); // TODO can this actually happen? if (newSigner == null) { return signer; } return newSigner; }
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
@SuppressWarnings("unchecked") protected static String validarAssinaturaCMSeCarimboDeTempo(final byte[] digest, final String digestAlgorithm, final byte[] assinatura, Date dtAssinatura) throws InvalidKeyException, SecurityException, CRLException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, AplicacaoException, ChainValidationException, IOException, Exception { String nome = validarAssinaturaCMS(digest, digestAlgorithm, assinatura, dtAssinatura); Map<String, byte[]> map = new HashMap<String, byte[]>(); map.put(digestAlgorithm, digest);//ww w .j a v a 2s . com final CMSSignedData s = new CMSSignedData(map, assinatura); Collection ss = s.getSignerInfos().getSigners(); SignerInformation si = (SignerInformation) ss.iterator().next(); Attribute attr = si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); CMSSignedData cmsTS = new CMSSignedData(attr.getAttrValues().getObjectAt(0).toASN1Primitive().getEncoded()); TimeStampToken tok = new TimeStampToken(cmsTS); Store cs = tok.getCertificates(); SignerId signer_id = tok.getSID(); BigInteger cert_serial_number = signer_id.getSerialNumber(); Collection certs = cs.getMatches(null); Iterator iter = certs.iterator(); X509Certificate certificate = null; while (iter.hasNext()) { X509Certificate cert = (X509Certificate) iter.next(); if (cert_serial_number != null) { if (cert.getSerialNumber().equals(cert_serial_number)) { certificate = cert; } } else { if (certificate == null) { certificate = cert; } } } tok.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate)); // Nato: falta validar as CRLs do carimbo de tempo if (!Arrays.equals(tok.getTimeStampInfo().getMessageImprintDigest(), MessageDigest.getInstance("SHA1").digest(si.getSignature()))) { throw new Exception("Carimbo de tempo no confere com o resumo do documento"); } try { validarAssinaturaCMS(null, null, cmsTS.getEncoded(), tok.getTimeStampInfo().getGenTime()); } catch (Exception e) { throw new Exception("Carimbo de tempo invlido!", e); } return nome; }
From source file:com.itdhq.poc.ocrsign.CreateSignature.java
License:Apache License
/** * We are extending CMS Signature/*from w w w. ja v a 2 s . c o m*/ * * @param signer information about signer * @return information about SignerInformation */ private SignerInformation signTimeStamp(SignerInformation signer) throws IOException, TSPException { AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (unsignedAttributes != null) { vector = unsignedAttributes.toASN1EncodableVector(); } byte[] token = getTsaClient().getTimeStampToken(signer.getSignature()); // FIXME /*ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken; ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token))); vector.add(signatureTimeStamp); Attributes signedAttributes = new Attributes(vector); SignerInformation newSigner = SignerInformation.replaceUnsignedAttributes( signer, new AttributeTable(signedAttributes)); // TODO can this actually happen? if (newSigner == null) { return signer; } return newSigner;*/ return signer; }
From source file:com.modemo.javase.signature.ValidationTimeStamp.java
License:Apache License
/** * Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes. * * @param signer information about signer * @return information about SignerInformation * @throws IOException/*w w w . j a v a2 s . c om*/ */ private SignerInformation signTimeStamp(SignerInformation signer) throws IOException { AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (unsignedAttributes != null) { vector = unsignedAttributes.toASN1EncodableVector(); } byte[] token = tsaClient.getTimeStampToken(signer.getSignature()); ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken; ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token))); vector.add(signatureTimeStamp); Attributes signedAttributes = new Attributes(vector); // There is no other way changing the unsigned attributes of the signer information. // result is never null, new SignerInformation always returned, // see source code of replaceUnsignedAttributes return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes)); }
From source file:eu.europa.ec.markt.dss.signature.cades.CadesLevelBaselineLTATimestampExtractor.java
License:Open Source License
/** * The field unsignedAttrsHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of Attribute within unsignedAttrs field of the SignerInfo. A hash value for every instance of * Attribute, as present at the time when the corresponding archive time-stamp is requested, shall be included in * unsignedAttrsHashIndex. No other hash values shall be included in this field. * * @param signerInformation//from w w w . ja v a2s.c o m * @return */ @SuppressWarnings("unchecked") private ASN1Sequence getUnsignedAttributesHashIndex(SignerInformation signerInformation) throws DSSException { final ASN1EncodableVector unsignedAttributesHashIndex = new ASN1EncodableVector(); AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); final ASN1EncodableVector asn1EncodableVector = unsignedAttributes.toASN1EncodableVector(); for (int i = 0; i < asn1EncodableVector.size(); i++) { final Attribute attribute = (Attribute) asn1EncodableVector.get(i); if (!excludedAttributesFromAtsHashIndex.contains(attribute.getAttrType())) { final DEROctetString derOctetStringDigest = getAttributeDerOctetStringHash(attribute); unsignedAttributesHashIndex.add(derOctetStringDigest); } } return new DERSequence(unsignedAttributesHashIndex); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileA.java
License:Open Source License
@Override @SuppressWarnings("unchecked") protected SignerInformation extendCMSSignature(CMSSignedData cmsSignedData, SignerInformation si, SignatureParameters parameters, Document originalDocument) throws IOException { si = super.extendCMSSignature(cmsSignedData, si, parameters, originalDocument); CAdESSignature signature = new CAdESSignature(cmsSignedData, si); Hashtable<ASN1ObjectIdentifier, Attribute> unsignedAttrHash = si.getUnsignedAttributes().toHashtable(); Attribute archiveTimeStamp = getTimeStampAttribute(CAdESProfileA.id_aa_ets_archiveTimestampV2, getSignatureTsa(), digestAlgorithm, signature.getArchiveTimestampData(0, originalDocument)); unsignedAttrHash.put(CAdESProfileA.id_aa_ets_archiveTimestampV2, archiveTimeStamp); SignerInformation newsi = SignerInformation.replaceUnsignedAttributes(si, new AttributeTable(unsignedAttrHash)); return newsi; }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileC.java
License:Open Source License
@SuppressWarnings("unchecked") @Override//w w w. j a v a 2s . c o m protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) throws IOException { /* Get parent unsigned attributes */ SignerInformation newSi = super.extendCMSSignature(signedData, si, parameters, originalData); Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs = newSi.getUnsignedAttributes().toHashtable(); /* Extends unsigned attributes */ CAdESSignature signature = new CAdESSignature(signedData, si.getSID()); unsignedAttrs = extendUnsignedAttributes(unsignedAttrs, signature.getSigningCertificate(), parameters, signature.getSigningTime(), signature.getCertificateSource()); /* Return new SignerInformation */ return SignerInformation.replaceUnsignedAttributes(newSi, new AttributeTable(unsignedAttrs)); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileT.java
License:Open Source License
@SuppressWarnings("unchecked") protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) throws IOException { if (this.signatureTsa == null) { throw new ConfigurationException(MSG.CONFIGURE_TSP_SERVER); }/* ww w.j a v a 2 s . co m*/ LOG.info("Extend signature with id " + si.getSID()); AttributeTable unsigned = si.getUnsignedAttributes(); Hashtable<ASN1ObjectIdentifier, Attribute> unsignedAttrHash = null; if (unsigned == null) { unsignedAttrHash = new Hashtable<ASN1ObjectIdentifier, Attribute>(); } else { unsignedAttrHash = si.getUnsignedAttributes().toHashtable(); } Attribute signatureTimeStamp = getTimeStampAttribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, this.signatureTsa, digestAlgorithm, si.getSignature()); unsignedAttrHash.put(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, signatureTimeStamp); SignerInformation newsi = SignerInformation.replaceUnsignedAttributes(si, new AttributeTable(unsignedAttrHash)); return newsi; // Attribute signatureTimeStamp = getTimeStampAttribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, // this.signatureTsa, digestAlgorithm, si.getSignature()); // // AttributeTable table2 = si.getUnsignedAttributes().add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, // signatureTimeStamp); // /* If we add a timestamp, then we must remove every reference to timestamp -X and archive timestamp */ // table2 = table2.remove(CAdESProfileA.id_aa_ets_archiveTimestampV2); // table2 = table2.remove(PKCSObjectIdentifiers.id_aa_ets_escTimeStamp); // // SignerInformation newsi = SignerInformation.replaceUnsignedAttributes(si, table2); // return newsi; // }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileX.java
License:Open Source License
@Override protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) throws IOException { si = super.extendCMSSignature(signedData, si, parameters, originalData); ASN1ObjectIdentifier attributeId = null; ByteArrayOutputStream toTimestamp = new ByteArrayOutputStream(); switch (getExtendedValidationType()) { case 1:/* w ww . j ava 2s .c o m*/ attributeId = PKCSObjectIdentifiers.id_aa_ets_escTimeStamp; toTimestamp.write(si.getSignature()); // We don't include the outer SEQUENCE, only the attrType and attrValues as stated by the TS 6.3.5, // NOTE 2) toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken) .getAttrValues().getDEREncoded()); break; case 2: attributeId = PKCSObjectIdentifiers.id_aa_ets_certCRLTimestamp; break; default: throw new IllegalStateException( "CAdES-X Profile: Extended validation is set but no valid type (1 or 2)"); } /* Those are common to Type 1 and Type 2 */ toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs) .getAttrValues().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs) .getAttrValues().getDEREncoded()); @SuppressWarnings("unchecked") Hashtable<ASN1ObjectIdentifier, Attribute> unsignedAttrHash = si.getUnsignedAttributes().toHashtable(); Attribute extendedTimeStamp = getTimeStampAttribute(attributeId, getSignatureTsa(), digestAlgorithm, toTimestamp.toByteArray()); unsignedAttrHash.put(attributeId, extendedTimeStamp); return SignerInformation.replaceUnsignedAttributes(si, new AttributeTable(unsignedAttrHash)); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileXL.java
License:Open Source License
@SuppressWarnings("unchecked") @Override//ww w . j a v a2 s . co m protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) throws IOException { si = super.extendCMSSignature(signedData, si, parameters, originalData); Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs = si.getUnsignedAttributes().toHashtable(); /* Extends unsigned attributes */ CAdESSignature signature = new CAdESSignature(signedData, si.getSID()); Date signingTime = signature.getSigningTime(); if (signingTime == null) { signingTime = parameters.getSigningDate(); } if (signingTime == null) { signingTime = new Date(); } unsignedAttrs = extendUnsignedAttributes(unsignedAttrs, signature.getSigningCertificate(), signingTime, signature.getCertificateSource()); SignerInformation newsi = SignerInformation.replaceUnsignedAttributes(si, new AttributeTable(unsignedAttrs)); return newsi; }