Java tutorial
/* * DSS - Digital Signature Services * * Copyright (C) 2013 European Commission, Directorate-General Internal Market and Services (DG MARKT), B-1049 Bruxelles/Brussel * * Developed by: 2013 ARHS Developments S.A. (rue Nicolas Bov 2B, L-1253 Luxembourg) http://www.arhs-developments.com * * This file is part of the "DSS - Digital Signature Services" project. * * "DSS - Digital Signature Services" is free software: you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation, either version 2.1 of the * License, or (at your option) any later version. * * DSS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License along with * "DSS - Digital Signature Services". If not, see <http://www.gnu.org/licenses/>. */ package eu.europa.ec.markt.dss.signature.cades; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.cms.CMSSignedData; import org.bouncycastle.cms.SignerInformation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import eu.europa.ec.markt.dss.exception.DSSException; import eu.europa.ec.markt.dss.parameter.SignatureParameters; import eu.europa.ec.markt.dss.signature.SignatureLevel; import eu.europa.ec.markt.dss.validation102853.tsp.TSPSource; import eu.europa.ec.markt.dss.validation102853.CertificateVerifier; import eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature; /** * This class holds the CAdES-T signature profile; it supports the inclusion of the mandatory unsigned * id-aa-signatureTimeStampToken attribute as specified in ETSI TS 101 733 V1.8.1, clause 6.1.1. * * @version $Revision$ - $Date$ */ public class CAdESLevelBaselineT extends CAdESSignatureExtension { private static final Logger LOG = LoggerFactory.getLogger(CAdESLevelBaselineT.class); final CertificateVerifier certificateVerifier; public CAdESLevelBaselineT(TSPSource signatureTsa, CertificateVerifier certificateVerifier, boolean onlyLastCMSSignature) { super(signatureTsa, onlyLastCMSSignature); this.certificateVerifier = certificateVerifier; } @Override protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation signerInformation, SignatureParameters parameters) throws DSSException { final CAdESSignature cadesSignature = new CAdESSignature(signedData, signerInformation); cadesSignature.setDetachedContents(parameters.getDetachedContent()); assertExtendSignaturePossible(cadesSignature); AttributeTable unsignedAttributes = CAdESSignature.getUnsignedAttributes(signerInformation); unsignedAttributes = addSignatureTimestampAttribute(signerInformation, unsignedAttributes, parameters); return SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); } /** * @param cadesSignature */ protected void assertExtendSignaturePossible(CAdESSignature cadesSignature) throws DSSException { final String exceptionMessage = "Cannot extend signature. The signedData is already extended with [%s]."; if (cadesSignature.isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_LTA)) { throw new DSSException(String.format(exceptionMessage, "CAdES LTA")); } AttributeTable unsignedAttributes = CAdESSignature .getUnsignedAttributes(cadesSignature.getSignerInformation()); if (unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_ets_escTimeStamp) != null) { throw new DSSException( String.format(exceptionMessage, PKCSObjectIdentifiers.id_aa_ets_escTimeStamp.getId())); } } private AttributeTable addSignatureTimestampAttribute(SignerInformation signerInformation, AttributeTable unsignedAttributes, SignatureParameters parameters) { ASN1Object signatureTimeStamp = getTimeStampAttributeValue(signatureTsa, signerInformation.getSignature(), parameters); return unsignedAttributes.add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, signatureTimeStamp); } public CertificateVerifier getCertificateVerifier() { return certificateVerifier; } }