public AttributeCertificateHolder(X509Certificate cert) throws CertificateParsingException { X509Principal name; try { name = PrincipalUtil.getIssuerX509Principal(cert); } catch (Exception e) { throw new CertificateParsingException(e.getMessage()); } holder = new Holder(new IssuerSerial(generateGeneralNames(name), new ASN1Integer(cert.getSerialNumber()))); }
/** * constructor */ private OtherCertID(ASN1Sequence seq) { if (seq.size() < 1 || seq.size() > 2) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } if (seq.getObjectAt(0).toASN1Primitive() instanceof ASN1OctetString) { otherCertHash = ASN1OctetString.getInstance(seq.getObjectAt(0)); } else { otherCertHash = DigestInfo.getInstance(seq.getObjectAt(0)); } if (seq.size() > 1) { issuerSerial = IssuerSerial.getInstance(seq.getObjectAt(1)); } }
public ESSCertIDv2( AlgorithmIdentifier algId, byte[] certHash, IssuerSerial issuerSerial) { if (algId == null) { // Default value this.hashAlgorithm = DEFAULT_ALG_ID; } else { this.hashAlgorithm = algId; } this.certHash = certHash; this.issuerSerial = issuerSerial; }
private void checkConstruction( OtherCertID certID, AlgorithmIdentifier algId, byte[] digest, IssuerSerial issuerSerial) throws IOException { checkValues(certID, algId, digest, issuerSerial); certID = OtherCertID.getInstance(certID); checkValues(certID, algId, digest, issuerSerial); ASN1InputStream aIn = new ASN1InputStream(certID.toASN1Primitive().getEncoded()); ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); certID = OtherCertID.getInstance(seq); checkValues(certID, algId, digest, issuerSerial); }
private void checkConstruction( ProcurationSyntax procuration, String country, DirectoryString typeOfSubstitution, GeneralName thirdPerson, IssuerSerial certRef) throws IOException { checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef); procuration = ProcurationSyntax.getInstance(procuration); checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef); ASN1InputStream aIn = new ASN1InputStream(procuration.toASN1Primitive().getEncoded()); ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); procuration = ProcurationSyntax.getInstance(seq); checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef); }
@Override public Attribute getValue() { try { X509Certificate cert = (X509Certificate) certificates[0]; Digest digest = DigestFactory.getInstance().factoryDefault(); digest.setAlgorithm(DigestAlgorithmEnum.SHA_1); byte[] hash = digest.digest(cert.getEncoded()); X500Name dirName = new X500Name(cert.getSubjectDN().getName()); GeneralName name = new GeneralName(dirName); GeneralNames issuer = new GeneralNames(name); ASN1Integer serial = new ASN1Integer(cert.getSerialNumber()); IssuerSerial issuerSerial = new IssuerSerial(issuer, serial); ESSCertID essCertId = new ESSCertID(hash, issuerSerial); return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[]{new DERSequence(essCertId), new DERSequence(DERNull.INSTANCE)}))); } catch (CertificateEncodingException ex) { throw new SignerException(ex.getMessage()); } }
@Override public Attribute getValue() throws SignerException { try { X509Certificate cert = (X509Certificate) certificates[0]; X509Certificate issuerCert = (X509Certificate) certificates[1]; Digest digest = DigestFactory.getInstance().factoryDefault(); digest.setAlgorithm(DigestAlgorithmEnum.SHA_256); byte[] certHash = digest.digest(cert.getEncoded()); X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName()); GeneralName name = new GeneralName(dirName); GeneralNames issuer = new GeneralNames(name); ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber()); IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber); AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);// SHA-256 ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algId, certHash, issuerSerial); // return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(essCertIDv2))); return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence( new ASN1Encodable[] { new DERSequence(essCertIDv2) }))); } catch (CertificateEncodingException ex) { throw new SignerException(ex.getMessage()); } }
private boolean verifySignedReferencesToSigningCertificate() { final IssuerSerial signingTokenIssuerSerial = DSSASN1Utils.getIssuerSerial(signingCertificateValidity.getCertificateToken()); final BigInteger signingTokenSerialNumber = signingTokenIssuerSerial.getSerial().getValue(); final GeneralNames signingTokenIssuerName = signingTokenIssuerSerial.getIssuer(); final AttributeTable signedAttributes = CMSUtils.getSignedAttributes(signerInformation); final Attribute signingCertificateAttributeV1 = signedAttributes.get(id_aa_signingCertificate); if (signingCertificateAttributeV1 != null) { signingCertificateValidity.setAttributePresent(true); verifySigningCertificateV1(signingTokenSerialNumber, signingTokenIssuerName, signingCertificateAttributeV1); return true; } final Attribute signingCertificateAttributeV2 = signedAttributes.get(id_aa_signingCertificateV2); if (signingCertificateAttributeV2 != null) { signingCertificateValidity.setAttributePresent(true); verifySigningCertificateV2(signingTokenSerialNumber, signingTokenIssuerName, signingCertificateAttributeV2); return true; } return false; }
private boolean verifySigningCertificateReferences(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final byte[] signingTokenCertHash, final byte[] certHash, final IssuerSerial issuerSerial) { signingCertificateValidity.setDigest(Utils.toBase64(signingTokenCertHash)); final boolean hashEqual = Arrays.equals(certHash, signingTokenCertHash); signingCertificateValidity.setDigestEqual(hashEqual); if (issuerSerial != null) { final BigInteger serialNumber = issuerSerial.getSerial().getValue(); boolean serialNumberEqual = serialNumber.equals(signingTokenSerialNumber); signingCertificateValidity.setSerialNumberEqual(serialNumberEqual); final GeneralNames issuerName = issuerSerial.getIssuer(); final String canonicalizedIssuerName = DSSASN1Utils.getCanonicalizedName(issuerName); final String canonicalizedSigningTokenIssuerName = DSSASN1Utils.getCanonicalizedName(signingTokenIssuerName); // DOES NOT WORK IN ALL CASES: // issuerNameEqual = issuerName.equals(signingTokenIssuerName); boolean issuerNameEqual = canonicalizedIssuerName.equals(canonicalizedSigningTokenIssuerName); signingCertificateValidity.setDistinguishedNameEqual(issuerNameEqual); } // Validation of the hash is sufficient return hashEqual; }
public AttributeCertificateHolder(X509Certificate cert) throws CertificateParsingException { X509Principal name; try { name = PrincipalUtil.getIssuerX509Principal(cert); } catch (Exception e) { throw new CertificateParsingException(e.getMessage()); } holder = new Holder(new IssuerSerial(generateGeneralNames(name), new DERInteger(cert.getSerialNumber()))); }
private void checkConstruction( OtherCertID certID, AlgorithmIdentifier algId, byte[] digest, IssuerSerial issuerSerial) throws IOException { checkValues(certID, algId, digest, issuerSerial); certID = OtherCertID.getInstance(certID); checkValues(certID, algId, digest, issuerSerial); ASN1InputStream aIn = new ASN1InputStream(certID.toASN1Object().getEncoded()); ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); certID = OtherCertID.getInstance(seq); checkValues(certID, algId, digest, issuerSerial); }
private void checkConstruction( ProcurationSyntax procuration, String country, DirectoryString typeOfSubstitution, GeneralName thirdPerson, IssuerSerial certRef) throws IOException { checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef); procuration = ProcurationSyntax.getInstance(procuration); checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef); ASN1InputStream aIn = new ASN1InputStream(procuration.toASN1Object().getEncoded()); ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); procuration = ProcurationSyntax.getInstance(seq); checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef); }
public void setHolder( String holderDN , int holderSerialNumber ) throws Exception { try { DERSequence holder_name_sequence = DNtoDERSequence( holderDN ) ; IssuerSerial baseCertificateID = new IssuerSerial( new GeneralNames( new GeneralName( 4 , holder_name_sequence ) ) , new DERInteger( holderSerialNumber ) ) ; this.holder = new Holder( baseCertificateID ) ; } catch(Exception e) { throw e ; } }
public AttributeCertificateHolder(X509Principal issuerName, BigInteger serialNumber) { holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial( GeneralNames.getInstance(new DERSequence(new GeneralName(issuerName))), new ASN1Integer(serialNumber))); }
public AttributeCertificateHolder(X500Name issuerName, BigInteger serialNumber) { holder = new Holder(new IssuerSerial( new GeneralNames(new GeneralName(issuerName)), new ASN1Integer(serialNumber))); }
/** * Constructor from ASN1Sequence. * <p/> * The sequence is of type ProcurationSyntax: * <p/> * <pre> * ProcurationSyntax ::= SEQUENCE { * country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL, * typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL, * signingFor [3] EXPLICIT SigningFor * } * <p/> * SigningFor ::= CHOICE * { * thirdPerson GeneralName, * certRef IssuerSerial * } * </pre> * * @param seq The ASN.1 sequence. */ private ProcurationSyntax(ASN1Sequence seq) { if (seq.size() < 1 || seq.size() > 3) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement()); switch (o.getTagNo()) { case 1: country = DERPrintableString.getInstance(o, true).getString(); break; case 2: typeOfSubstitution = DirectoryString.getInstance(o, true); break; case 3: ASN1Encodable signingFor = o.getObject(); if (signingFor instanceof ASN1TaggedObject) { thirdPerson = GeneralName.getInstance(signingFor); } else { certRef = IssuerSerial.getInstance(signingFor); } break; default: throw new IllegalArgumentException("Bad tag number: " + o.getTagNo()); } } }
public OtherCertID( AlgorithmIdentifier algId, byte[] digest, IssuerSerial issuerSerial) { this.otherCertHash = new DigestInfo(algId, digest); this.issuerSerial = issuerSerial; }
private ESSCertIDv2( ASN1Sequence seq) { if (seq.size() > 3) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } int count = 0; if (seq.getObjectAt(0) instanceof ASN1OctetString) { // Default value this.hashAlgorithm = DEFAULT_ALG_ID; } else { this.hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(count++).toASN1Primitive()); } this.certHash = ASN1OctetString.getInstance(seq.getObjectAt(count++).toASN1Primitive()).getOctets(); if (seq.size() > count) { this.issuerSerial = IssuerSerial.getInstance(seq.getObjectAt(count)); } }
