List of usage examples for org.bouncycastle.cms SignerInformation replaceUnsignedAttributes
public static SignerInformation replaceUnsignedAttributes(SignerInformation signerInformation, AttributeTable unsignedAttributes)
From source file:CreateSignature.java
License:Apache License
/** * We are extending CMS Signature//from www . ja v a2 s . c o m * * @param signer information about signer * @return information about SignerInformation */ private SignerInformation signTimeStamp(SignerInformation signer) throws IOException, TSPException { AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (unsignedAttributes != null) { vector = unsignedAttributes.toASN1EncodableVector(); } byte[] token = getTsaClient().getTimeStampToken(signer.getSignature()); ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken; ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token))); vector.add(signatureTimeStamp); Attributes signedAttributes = new Attributes(vector); SignerInformation newSigner = SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes)); // TODO can this actually happen? if (newSigner == null) { return signer; } return newSigner; }
From source file:br.gov.jfrj.siga.cd.TimeStamper.java
License:Open Source License
/** * Modyfy PKCS#7 data by adding timestamp * /* w ww.j a v a2 s .c o m*/ * (at) param signedData (at) throws Exception */ public static CMSSignedData addTimestamp(CMSSignedData signedData) throws Exception { Collection ss = signedData.getSignerInfos().getSigners(); SignerInformation si = (SignerInformation) ss.iterator().next(); TimeStampToken tok = getTimeStampToken(si.getSignature()); // CertStore certs = tok.getCertificatesAndCRLs("Collection", "BC"); Store certs = tok.getCertificates(); Store certsAndCrls = AssinaturaDigital.buscarCrlParaCadaCertificado(certs); CMSSignedData cmssdcrl = CMSSignedData.replaceCertificatesAndCRLs(tok.toCMSSignedData(), certsAndCrls, certsAndCrls, certsAndCrls); tok = new TimeStampToken(cmssdcrl); ASN1InputStream asn1InputStream = new ASN1InputStream(tok.getEncoded()); ASN1Primitive tstDER = asn1InputStream.readObject(); DERSet ds = new DERSet(tstDER); Attribute a = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, ds); ASN1EncodableVector dv = new ASN1EncodableVector(); dv.add(a); AttributeTable at = new AttributeTable(dv); si = SignerInformation.replaceUnsignedAttributes(si, at); ss.clear(); ss.add(si); SignerInformationStore sis = new SignerInformationStore(ss); signedData = CMSSignedData.replaceSigners(signedData, sis); return signedData; }
From source file:com.modemo.javase.signature.ValidationTimeStamp.java
License:Apache License
/** * Extend CMS Signer Information with the TimeStampToken into the unsigned Attributes. * * @param signer information about signer * @return information about SignerInformation * @throws IOException/*from w w w . ja v a2s . c om*/ */ private SignerInformation signTimeStamp(SignerInformation signer) throws IOException { AttributeTable unsignedAttributes = signer.getUnsignedAttributes(); ASN1EncodableVector vector = new ASN1EncodableVector(); if (unsignedAttributes != null) { vector = unsignedAttributes.toASN1EncodableVector(); } byte[] token = tsaClient.getTimeStampToken(signer.getSignature()); ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.id_aa_signatureTimeStampToken; ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(ASN1Primitive.fromByteArray(token))); vector.add(signatureTimeStamp); Attributes signedAttributes = new Attributes(vector); // There is no other way changing the unsigned attributes of the signer information. // result is never null, new SignerInformation always returned, // see source code of replaceUnsignedAttributes return SignerInformation.replaceUnsignedAttributes(signer, new AttributeTable(signedAttributes)); }
From source file:es.gob.afirma.signers.tsp.pkcs7.CMSTimestamper.java
License:Open Source License
/** Añade un sello de tiempo a las firmas encontradas dentro de una estructura PKCS#7. * @param pkcs7 Estructura que contiene las firmas a estampar un sello de tiempo * @param hashAlgorithm Algoritmo de huella digital a usar en los sellos de tiempo (si se indica <code>null</code> se usa SHA-1) * @param time Tiempo del sello//from w w w. j a v a 2s.c om * @return Nueva estructura PKCS#7 con los sellos de tiempo añadidos * @throws NoSuchAlgorithmException Si no se soporta el algoritmo de huella digital del sello de tiempo * @throws AOException Cuando ocurren errores genéricos * @throws IOException Si hay errores de entrada / salida */ public byte[] addTimestamp(final byte[] pkcs7, final String hashAlgorithm, final Calendar time) throws NoSuchAlgorithmException, AOException, IOException { final String digestAlgorithm = AOSignConstants.getDigestAlgorithmName(hashAlgorithm); final CMSSignedData signedData; try { signedData = new CMSSignedData(pkcs7); } catch (final Exception e) { throw new IllegalArgumentException("Los datos de entrada no son un SignedData de CMS: " + e); //$NON-NLS-1$ } final SignerInformationStore origSignerInfoStore = signedData.getSignerInfos(); // Insertamos un sello de tiempo en cada una de las firmas encontradas en el PKCS#7 final List<SignerInformation> vNewSigners = new ArrayList<SignerInformation>(); final Collection<?> ovSigners = origSignerInfoStore.getSigners(); for (final Object name : ovSigners) { final SignerInformation si = (SignerInformation) name; final byte[] tsToken = getTimeStampToken( MessageDigest.getInstance(digestAlgorithm).digest(si.getSignature()), digestAlgorithm, time); final ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(tsToken)); final ASN1Primitive derObj = is.readObject(); is.close(); final DERSet derSet = new DERSet(derObj); final Attribute unsignAtt = new Attribute(new ASN1ObjectIdentifier(SIGNATURE_TIMESTAMP_TOKEN_OID), derSet); final Hashtable<ASN1ObjectIdentifier, Attribute> ht = new Hashtable<ASN1ObjectIdentifier, Attribute>(); ht.put(new ASN1ObjectIdentifier(SIGNATURE_TIMESTAMP_TOKEN_OID), unsignAtt); final AttributeTable unsignedAtts = new AttributeTable(ht); vNewSigners.add(SignerInformation.replaceUnsignedAttributes(si, unsignedAtts)); } return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(vNewSigners)).getEncoded(); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineLTA.java
License:Open Source License
@Override protected SignerInformation extendCMSSignature(final CMSSignedData cmsSignedData, SignerInformation signerInformation, final SignatureParameters parameters) throws DSSException { CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation); cadesSignature.setDetachedContents(parameters.getDetachedContent()); AttributeTable unsignedAttributes = CAdESSignature.getUnsignedAttributes(signerInformation); unsignedAttributes = addArchiveTimestampV3Attribute(cadesSignature, cmsSignedData, signerInformation, parameters, unsignedAttributes); SignerInformation newSignerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes);/*from w w w . j ava 2 s.co m*/ return newSignerInformation; }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineT.java
License:Open Source License
@Override protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation signerInformation, SignatureParameters parameters) throws DSSException { final CAdESSignature cadesSignature = new CAdESSignature(signedData, signerInformation); cadesSignature.setDetachedContents(parameters.getDetachedContent()); assertExtendSignaturePossible(cadesSignature); AttributeTable unsignedAttributes = CAdESSignature.getUnsignedAttributes(signerInformation); unsignedAttributes = addSignatureTimestampAttribute(signerInformation, unsignedAttributes, parameters); return SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileA.java
License:Open Source License
@Override @SuppressWarnings("unchecked") protected SignerInformation extendCMSSignature(CMSSignedData cmsSignedData, SignerInformation si, SignatureParameters parameters, Document originalDocument) throws IOException { si = super.extendCMSSignature(cmsSignedData, si, parameters, originalDocument); CAdESSignature signature = new CAdESSignature(cmsSignedData, si); Hashtable<ASN1ObjectIdentifier, Attribute> unsignedAttrHash = si.getUnsignedAttributes().toHashtable(); Attribute archiveTimeStamp = getTimeStampAttribute(CAdESProfileA.id_aa_ets_archiveTimestampV2, getSignatureTsa(), digestAlgorithm, signature.getArchiveTimestampData(0, originalDocument)); unsignedAttrHash.put(CAdESProfileA.id_aa_ets_archiveTimestampV2, archiveTimeStamp); SignerInformation newsi = SignerInformation.replaceUnsignedAttributes(si, new AttributeTable(unsignedAttrHash)); return newsi; }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileC.java
License:Open Source License
@SuppressWarnings("unchecked") @Override//from www . j a va 2s. co m protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) throws IOException { /* Get parent unsigned attributes */ SignerInformation newSi = super.extendCMSSignature(signedData, si, parameters, originalData); Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs = newSi.getUnsignedAttributes().toHashtable(); /* Extends unsigned attributes */ CAdESSignature signature = new CAdESSignature(signedData, si.getSID()); unsignedAttrs = extendUnsignedAttributes(unsignedAttrs, signature.getSigningCertificate(), parameters, signature.getSigningTime(), signature.getCertificateSource()); /* Return new SignerInformation */ return SignerInformation.replaceUnsignedAttributes(newSi, new AttributeTable(unsignedAttrs)); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileT.java
License:Open Source License
@SuppressWarnings("unchecked") protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) throws IOException { if (this.signatureTsa == null) { throw new ConfigurationException(MSG.CONFIGURE_TSP_SERVER); }/*from w w w. j a v a 2 s . c om*/ LOG.info("Extend signature with id " + si.getSID()); AttributeTable unsigned = si.getUnsignedAttributes(); Hashtable<ASN1ObjectIdentifier, Attribute> unsignedAttrHash = null; if (unsigned == null) { unsignedAttrHash = new Hashtable<ASN1ObjectIdentifier, Attribute>(); } else { unsignedAttrHash = si.getUnsignedAttributes().toHashtable(); } Attribute signatureTimeStamp = getTimeStampAttribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, this.signatureTsa, digestAlgorithm, si.getSignature()); unsignedAttrHash.put(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, signatureTimeStamp); SignerInformation newsi = SignerInformation.replaceUnsignedAttributes(si, new AttributeTable(unsignedAttrHash)); return newsi; // Attribute signatureTimeStamp = getTimeStampAttribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, // this.signatureTsa, digestAlgorithm, si.getSignature()); // // AttributeTable table2 = si.getUnsignedAttributes().add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, // signatureTimeStamp); // /* If we add a timestamp, then we must remove every reference to timestamp -X and archive timestamp */ // table2 = table2.remove(CAdESProfileA.id_aa_ets_archiveTimestampV2); // table2 = table2.remove(PKCSObjectIdentifiers.id_aa_ets_escTimeStamp); // // SignerInformation newsi = SignerInformation.replaceUnsignedAttributes(si, table2); // return newsi; // }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileX.java
License:Open Source License
@Override protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData) throws IOException { si = super.extendCMSSignature(signedData, si, parameters, originalData); ASN1ObjectIdentifier attributeId = null; ByteArrayOutputStream toTimestamp = new ByteArrayOutputStream(); switch (getExtendedValidationType()) { case 1:/*w ww. jav a 2 s . c o m*/ attributeId = PKCSObjectIdentifiers.id_aa_ets_escTimeStamp; toTimestamp.write(si.getSignature()); // We don't include the outer SEQUENCE, only the attrType and attrValues as stated by the TS 6.3.5, // NOTE 2) toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken) .getAttrValues().getDEREncoded()); break; case 2: attributeId = PKCSObjectIdentifiers.id_aa_ets_certCRLTimestamp; break; default: throw new IllegalStateException( "CAdES-X Profile: Extended validation is set but no valid type (1 or 2)"); } /* Those are common to Type 1 and Type 2 */ toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certificateRefs) .getAttrValues().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs) .getAttrType().getDEREncoded()); toTimestamp.write(si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_revocationRefs) .getAttrValues().getDEREncoded()); @SuppressWarnings("unchecked") Hashtable<ASN1ObjectIdentifier, Attribute> unsignedAttrHash = si.getUnsignedAttributes().toHashtable(); Attribute extendedTimeStamp = getTimeStampAttribute(attributeId, getSignatureTsa(), digestAlgorithm, toTimestamp.toByteArray()); unsignedAttrHash.put(attributeId, extendedTimeStamp); return SignerInformation.replaceUnsignedAttributes(si, new AttributeTable(unsignedAttrHash)); }