/** * org.bouncycastle.asn1.ASN1ObjectIdentifier sigPolicyId * org.bouncycastle.asn1.esf.OtherHashAlgAndValue sigPolicyHash * List<org.bouncycastle.asn1.esf.SigPolicyQualifierInfo> sigPolicyQualifierInfos */ @Override public Attribute getValue() { //Atributo 1 ASN1ObjectIdentifier sigPolicyId = new ASN1ObjectIdentifier(signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()); //Atributo 2 OtherHashAlgAndValue sigPolicyHash = new OtherHashAlgAndValue(new AlgorithmIdentifier( new ASN1ObjectIdentifier(signaturePolicy.getSignPolicyHashAlg().getAlgorithm().getValue())), signaturePolicy.getSignPolicyHash().getDerOctetString()); //Atributo 3 List<SigPolicyQualifierInfo> sigPolicyQualifierInfos = new ArrayList<SigPolicyQualifierInfo>(); ASN1ObjectIdentifier sigPolicyQualifierId = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.5.1"); DERIA5String sigQualifier = new DERIA5String(signaturePolicy.getSignPolicyURI()); SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(sigPolicyQualifierId, sigQualifier); sigPolicyQualifierInfos.add(bcSigPolicyQualifierInfo); SigPolicyQualifiers sigPolicyQualifiers = new SigPolicyQualifiers(sigPolicyQualifierInfos.toArray(new SigPolicyQualifierInfo[]{})); SignaturePolicyId signaturePolicyId = new SignaturePolicyId(sigPolicyId, sigPolicyHash, sigPolicyQualifiers); return new Attribute(new ASN1ObjectIdentifier(oid), new DERSet(signaturePolicyId)); }
@Override public void checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider) { final Attribute attribute = getSignedAttribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId); if (attribute == null) { return; } final ASN1Encodable attrValue = attribute.getAttrValues().getObjectAt(0); if (attrValue instanceof DERNull) { return; } final SignaturePolicyId sigPolicy = SignaturePolicyId.getInstance(attrValue); if (sigPolicy == null) { return; } final String policyId = sigPolicy.getSigPolicyId().getId(); signaturePolicy = new SignaturePolicy(policyId); final OtherHashAlgAndValue hashAlgAndValue = sigPolicy.getSigPolicyHash(); final AlgorithmIdentifier digestAlgorithmIdentifier = hashAlgAndValue.getHashAlgorithm(); final String digestAlgorithmOID = digestAlgorithmIdentifier.getAlgorithm().getId(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(digestAlgorithmOID); signaturePolicy.setDigestAlgorithm(digestAlgorithm); final ASN1OctetString digestValue = hashAlgAndValue.getHashValue(); final byte[] digestValueBytes = digestValue.getOctets(); signaturePolicy.setDigestValue(Utils.toBase64(digestValueBytes)); final SigPolicyQualifiers sigPolicyQualifiers = sigPolicy.getSigPolicyQualifiers(); if (sigPolicyQualifiers == null) { signaturePolicy.setPolicyContent(signaturePolicyProvider.getSignaturePolicyById(policyId)); } else { for (int ii = 0; ii < sigPolicyQualifiers.size(); ii++) { try { final SigPolicyQualifierInfo policyQualifierInfo = sigPolicyQualifiers.getInfoAt(ii); final ASN1ObjectIdentifier policyQualifierInfoId = policyQualifierInfo.getSigPolicyQualifierId(); final String policyQualifierInfoValue = policyQualifierInfo.getSigQualifier().toString(); if (PKCSObjectIdentifiers.id_spq_ets_unotice.equals(policyQualifierInfoId)) { signaturePolicy.setNotice(policyQualifierInfoValue); } else if (PKCSObjectIdentifiers.id_spq_ets_uri.equals(policyQualifierInfoId)) { signaturePolicy.setUrl(policyQualifierInfoValue); signaturePolicy.setPolicyContent(signaturePolicyProvider.getSignaturePolicyByUrl(policyQualifierInfoValue)); } else { LOG.error("Unknown signature policy qualifier id: " + policyQualifierInfoId + " with value: " + policyQualifierInfoValue); } } catch (Exception e) { LOG.error("Unable to read SigPolicyQualifierInfo " + ii, e.getMessage()); } } if (signaturePolicy.getPolicyContent() != null) { // Updates the OID based cached values signaturePolicyProvider.getSignaturePoliciesById().put(policyId, signaturePolicy.getPolicyContent()); } } }
