eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineLT.java Source code

Java tutorial

  1. HOME
  2. Java
  3. eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineLT.java

Introduction

Here is the source code for eu.europa.ec.markt.dss.signature.cades.CAdESLevelBaselineLT.java

Source

/*
 * DSS - Digital Signature Services
 *
 * Copyright (C) 2013 European Commission, Directorate-General Internal Market and Services (DG MARKT), B-1049 Bruxelles/Brussel
 *
 * Developed by: 2013 ARHS Developments S.A. (rue Nicolas Bov 2B, L-1253 Luxembourg) http://www.arhs-developments.com
 *
 * This file is part of the "DSS - Digital Signature Services" project.
 *
 * "DSS - Digital Signature Services" is free software: you can redistribute it and/or modify it under the terms of
 * the GNU Lesser General Public License as published by the Free Software Foundation, either version 2.1 of the
 * License, or (at your option) any later version.
 *
 * DSS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License along with
 * "DSS - Digital Signature Services".  If not, see <http://www.gnu.org/licenses/>.
 */

package eu.europa.ec.markt.dss.signature.cades;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Store;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import eu.europa.ec.markt.dss.DSSASN1Utils;
import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.parameter.SignatureParameters;
import eu.europa.ec.markt.dss.signature.SignatureLevel;
import eu.europa.ec.markt.dss.validation102853.CertificateToken;
import eu.europa.ec.markt.dss.validation102853.CertificateVerifier;
import eu.europa.ec.markt.dss.validation102853.DefaultAdvancedSignature;
import eu.europa.ec.markt.dss.validation102853.OCSPToken;
import eu.europa.ec.markt.dss.validation102853.ValidationContext;
import eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature;
import eu.europa.ec.markt.dss.validation102853.crl.CRLToken;
import eu.europa.ec.markt.dss.validation102853.tsp.TSPSource;

/**
 * This class holds the CAdES-LT signature profiles
 *
 * @version $Revision: 2691 $ - $Date: 2013-10-03 22:34:47 +0200 (Thu, 03 Oct 2013) $
 */

public class CAdESLevelBaselineLT extends CAdESSignatureExtension {

    private static final Logger LOG = LoggerFactory.getLogger(CAdESLevelBaselineLT.class);

    private final CertificateVerifier certificateVerifier;
    private final CAdESLevelBaselineT cadesProfileT;

    public CAdESLevelBaselineLT(TSPSource signatureTsa, CertificateVerifier certificateVerifier,
            boolean onlyLastSigner) {
        super(signatureTsa, onlyLastSigner);
        this.certificateVerifier = certificateVerifier;
        cadesProfileT = new CAdESLevelBaselineT(signatureTsa, certificateVerifier, onlyLastSigner);
    }

    @Override
    protected SignerInformation extendCMSSignature(CMSSignedData cmsSignedData, SignerInformation signerInformation,
            SignatureParameters parameters) throws DSSException {

        // add a LT level or replace an existing LT level
        CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation);
        cadesSignature.setDetachedContents(parameters.getDetachedContent());
        assertExtendSignaturePossible(cadesSignature, parameters);
        if (!cadesSignature.isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_T)) {
            signerInformation = cadesProfileT.extendCMSSignature(cmsSignedData, signerInformation, parameters);
        }

        return signerInformation;
    }

    protected CMSSignedData postExtendCMSSignedData(CMSSignedData cmsSignedData,
            SignerInformation signerInformation, SignatureParameters parameters) {
        CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation);
        cadesSignature.setDetachedContents(parameters.getDetachedContent());
        final ValidationContext validationContext = cadesSignature
                .getSignatureValidationContext(certificateVerifier);

        Store certificatesStore = cmsSignedData.getCertificates();
        final Store attributeCertificatesStore = cmsSignedData.getAttributeCertificates();
        Store crlsStore = cmsSignedData.getCRLs();
        Store otherRevocationInfoFormatStoreBasic = cmsSignedData
                .getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
        Store otherRevocationInfoFormatStoreOcsp = cmsSignedData
                .getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response);

        final Set<CertificateToken> certificates = cadesSignature.getCertificatesForInclusion(validationContext);
        final Collection<X509CertificateHolder> newCertificateStore = new HashSet<X509CertificateHolder>(
                certificatesStore.getMatches(null));
        for (final CertificateToken certificateToken : certificates) {
            final X509CertificateHolder x509CertificateHolder = DSSUtils.getX509CertificateHolder(certificateToken);
            newCertificateStore.add(x509CertificateHolder);
        }

        certificatesStore = new CollectionStore(newCertificateStore);

        final Collection<X509CRLHolder> newCrlsStore = new HashSet<X509CRLHolder>(crlsStore.getMatches(null));
        final DefaultAdvancedSignature.RevocationDataForInclusion revocationDataForInclusion = cadesSignature
                .getRevocationDataForInclusion(validationContext);
        for (final CRLToken crlToken : revocationDataForInclusion.crlTokens) {
            final X509CRLHolder x509CRLHolder = crlToken.getX509CrlHolder();
            newCrlsStore.add(x509CRLHolder);
        }
        crlsStore = new CollectionStore(newCrlsStore);

        final Collection<ASN1Primitive> newOtherRevocationInfoFormatStore = new HashSet<ASN1Primitive>(
                otherRevocationInfoFormatStoreBasic.getMatches(null));
        for (final OCSPToken ocspToken : revocationDataForInclusion.ocspTokens) {
            final BasicOCSPResp basicOCSPResp = ocspToken.getBasicOCSPResp();
            newOtherRevocationInfoFormatStore.add(DSSASN1Utils.toASN1Primitive(DSSUtils.getEncoded(basicOCSPResp)));
        }
        otherRevocationInfoFormatStoreBasic = new CollectionStore(newOtherRevocationInfoFormatStore);

        final CMSSignedDataBuilder cmsSignedDataBuilder = new CMSSignedDataBuilder(certificateVerifier);
        cmsSignedData = cmsSignedDataBuilder.regenerateCMSSignedData(cmsSignedData, parameters, certificatesStore,
                attributeCertificatesStore, crlsStore, otherRevocationInfoFormatStoreBasic,
                otherRevocationInfoFormatStoreOcsp);
        return cmsSignedData;
    }

    /**
     * @param cadesSignature
     * @param parameters
     */
    private void assertExtendSignaturePossible(CAdESSignature cadesSignature, SignatureParameters parameters)
            throws DSSException {
        //        if (cadesSignature.isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_LTA)) {
        //            final String exceptionMessage = "Cannot extend signature. The signedData is already extended with [%s].";
        //            throw new DSSException(String.format(exceptionMessage, "CAdES LTA"));
        //        }
    }
}