@Override public Attribute getValue() { try { X509Certificate cert = (X509Certificate) certificates[0]; Digest digest = DigestFactory.getInstance().factoryDefault(); digest.setAlgorithm(DigestAlgorithmEnum.SHA_1); byte[] hash = digest.digest(cert.getEncoded()); X500Name dirName = new X500Name(cert.getSubjectDN().getName()); GeneralName name = new GeneralName(dirName); GeneralNames issuer = new GeneralNames(name); ASN1Integer serial = new ASN1Integer(cert.getSerialNumber()); IssuerSerial issuerSerial = new IssuerSerial(issuer, serial); ESSCertID essCertId = new ESSCertID(hash, issuerSerial); return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[]{new DERSequence(essCertId), new DERSequence(DERNull.INSTANCE)}))); } catch (CertificateEncodingException ex) { throw new SignerException(ex.getMessage()); } }
private CertEtcToken(ASN1TaggedObject choice) { this.tagNo = choice.getTagNo(); switch (tagNo) { case TAG_CERTIFICATE: value = Certificate.getInstance(choice, false); break; case TAG_ESSCERTID: value = ESSCertID.getInstance(choice.getObject()); break; case TAG_PKISTATUS: value = PKIStatusInfo.getInstance(choice, false); break; case TAG_ASSERTION: value = ContentInfo.getInstance(choice.getObject()); break; case TAG_CRL: value = CertificateList.getInstance(choice, false); break; case TAG_OCSPCERTSTATUS: value = CertStatus.getInstance(choice.getObject()); break; case TAG_OCSPCERTID: value = CertID.getInstance(choice, false); break; case TAG_OCSPRESPONSE: value = OCSPResponse.getInstance(choice, false); break; case TAG_CAPABILITIES: value = SMIMECapabilities.getInstance(choice.getObject()); break; default: throw new IllegalArgumentException("Unknown tag: " + tagNo); } }
private void verifySigningCertificateV1(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final Attribute signingCertificateAttributeV1) { final DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA1; final byte[] signingTokenCertHash = signingCertificateValidity.getCertificateToken().getDigest(digestAlgorithm); if (LOG.isDebugEnabled()) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", Utils.toHex(signingTokenCertHash), digestAlgorithm.getName()); } final ASN1Set attrValues = signingCertificateAttributeV1.getAttrValues(); for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificate signingCertificate = SigningCertificate.getInstance(asn1Encodable); final ESSCertID[] essCertIDs = signingCertificate.getCerts(); for (final ESSCertID essCertID : essCertIDs) { final byte[] certHash = essCertID.getCertHash(); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in signingCertificateAttributeV1 {} with algorithm {}", Utils.toHex(certHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = essCertID.getIssuerSerial(); final boolean match = verifySigningCertificateReferences(signingTokenSerialNumber, signingTokenIssuerName, signingTokenCertHash, certHash, issuerSerial); if (match) { return; } LOG.warn( "RFC 2634: The first certificate identified in the sequence of certificate identifiers MUST be the certificate used to verify the signature."); } } }
public TimeStampToken(CMSSignedData signedData) throws TSPException, IOException { this.tsToken = signedData; if (!this.tsToken.getSignedContentTypeOID().equals(PKCSObjectIdentifiers.id_ct_TSTInfo.getId())) { throw new TSPValidationException("ContentInfo object not for a time stamp."); } Collection signers = tsToken.getSignerInfos().getSigners(); if (signers.size() != 1) { throw new IllegalArgumentException("Time-stamp token signed by " + signers.size() + " signers, but it must contain just the TSA signature."); } tsaSignerInfo = (SignerInformation)signers.iterator().next(); try { CMSProcessable content = tsToken.getSignedContent(); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); content.write(bOut); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bOut.toByteArray())); this.tstInfo = new TimeStampTokenInfo(TSTInfo.getInstance(aIn.readObject())); Attribute attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate); if (attr != null) { SigningCertificate signCert = SigningCertificate.getInstance(attr.getAttrValues().getObjectAt(0)); this.certID = new CertID(ESSCertID.getInstance(signCert.getCerts()[0])); } else { attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2); if (attr == null) { throw new TSPValidationException("no signing certificate attribute found, time stamp invalid."); } SigningCertificateV2 signCertV2 = SigningCertificateV2.getInstance(attr.getAttrValues().getObjectAt(0)); this.certID = new CertID(ESSCertIDv2.getInstance(signCertV2.getCerts()[0])); } } catch (CMSException e) { throw new TSPException(e.getMessage(), e.getUnderlyingException()); } }
CertID(ESSCertID certID) { this.certID = certID; this.certIDv2 = null; }
public TimeStampToken(CMSSignedData signedData) throws TSPException, IOException { this.tsToken = signedData; if (!this.tsToken.getSignedContentTypeOID().equals( PKCSObjectIdentifiers.id_ct_TSTInfo.getId())) { throw new TSPValidationException( "ContentInfo object not for a time stamp."); } Collection signers = tsToken.getSignerInfos().getSigners(); if (signers.size() != 1) { throw new IllegalArgumentException( "Time-stamp token signed by " + signers.size() + " signers, but it must contain just the TSA signature."); } tsaSignerInfo = (SignerInformation) signers.iterator().next(); try { CMSProcessable content = tsToken.getSignedContent(); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); content.write(bOut); ASN1InputStream aIn = new ASN1InputStream( new ByteArrayInputStream(bOut.toByteArray())); this.tstInfo = new TimeStampTokenInfo(TSTInfo.getInstance(aIn.readObject())); Attribute attr = tsaSignerInfo.getSignedAttributes().get( PKCSObjectIdentifiers.id_aa_signingCertificate); if (attr == null) { throw new TSPValidationException( "no signing certificate attribute found, time stamp invalid."); } SigningCertificate signCert = SigningCertificate.getInstance(attr.getAttrValues().getObjectAt(0)); this.certID = ESSCertID.getInstance(signCert.getCerts()[0]); } catch (CMSException e) { throw new TSPException(e.getMessage(), e.getUnderlyingException()); } }
