/** * org.bouncycastle.asn1.ASN1ObjectIdentifier sigPolicyId * org.bouncycastle.asn1.esf.OtherHashAlgAndValue sigPolicyHash * List<org.bouncycastle.asn1.esf.SigPolicyQualifierInfo> sigPolicyQualifierInfos */ @Override public Attribute getValue() { //Atributo 1 ASN1ObjectIdentifier sigPolicyId = new ASN1ObjectIdentifier(signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()); //Atributo 2 OtherHashAlgAndValue sigPolicyHash = new OtherHashAlgAndValue(new AlgorithmIdentifier( new ASN1ObjectIdentifier(signaturePolicy.getSignPolicyHashAlg().getAlgorithm().getValue())), signaturePolicy.getSignPolicyHash().getDerOctetString()); //Atributo 3 List<SigPolicyQualifierInfo> sigPolicyQualifierInfos = new ArrayList<SigPolicyQualifierInfo>(); ASN1ObjectIdentifier sigPolicyQualifierId = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.5.1"); DERIA5String sigQualifier = new DERIA5String(signaturePolicy.getSignPolicyURI()); SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(sigPolicyQualifierId, sigQualifier); sigPolicyQualifierInfos.add(bcSigPolicyQualifierInfo); SigPolicyQualifiers sigPolicyQualifiers = new SigPolicyQualifiers(sigPolicyQualifierInfos.toArray(new SigPolicyQualifierInfo[]{})); SignaturePolicyId signaturePolicyId = new SignaturePolicyId(sigPolicyId, sigPolicyHash, sigPolicyQualifiers); return new Attribute(new ASN1ObjectIdentifier(oid), new DERSet(signaturePolicyId)); }
@Override public void parse(ASN1Primitive primitive) { ASN1Sequence sequence1 = ASN1Object.getDERSequence(primitive); this.signingPeriod = new SigningPeriod(); this.signingPeriod.parse(sequence1.getObjectAt(0).toASN1Primitive()); int indice = 2; ASN1Primitive secondObject = sequence1.getObjectAt(1).toASN1Primitive(); if (secondObject instanceof ASN1ObjectIdentifier) { indice = 1; } if (indice == 2) { this.revocationDate = new GeneralizedTime(); this.revocationDate.parse(secondObject); } this.policyOID = new ObjectIdentifier(); this.policyOID.parse(sequence1.getObjectAt(indice).toASN1Primitive()); DERIA5String policyURI = (DERIA5String) sequence1.getObjectAt(indice + 1); this.policyURI = policyURI.getString(); ASN1Primitive policyDigest = sequence1.getObjectAt(indice + 2).toASN1Primitive(); ASN1Sequence sequence2 = ASN1Sequence.getInstance(policyDigest); DEROctetString derOctetString = (DEROctetString) sequence2.getObjectAt(1).toASN1Primitive(); ASN1Sequence sequence3 = ASN1Object.getDERSequence(sequence2.getObjectAt(0).toASN1Primitive()); ASN1ObjectIdentifier objectIdentifier = (ASN1ObjectIdentifier) sequence3.getObjectAt(0).toASN1Primitive(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(objectIdentifier); this.policyDigest = new OtherHashAlgAndValue(algorithmIdentifier, derOctetString); }
public OtherHashAlgAndValue getPolicyDigest() { return policyDigest; }
public void setPolicyDigest(OtherHashAlgAndValue policyDigest) { this.policyDigest = policyDigest; }
@Override public void checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider) { final Attribute attribute = getSignedAttribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId); if (attribute == null) { return; } final ASN1Encodable attrValue = attribute.getAttrValues().getObjectAt(0); if (attrValue instanceof DERNull) { return; } final SignaturePolicyId sigPolicy = SignaturePolicyId.getInstance(attrValue); if (sigPolicy == null) { return; } final String policyId = sigPolicy.getSigPolicyId().getId(); signaturePolicy = new SignaturePolicy(policyId); final OtherHashAlgAndValue hashAlgAndValue = sigPolicy.getSigPolicyHash(); final AlgorithmIdentifier digestAlgorithmIdentifier = hashAlgAndValue.getHashAlgorithm(); final String digestAlgorithmOID = digestAlgorithmIdentifier.getAlgorithm().getId(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(digestAlgorithmOID); signaturePolicy.setDigestAlgorithm(digestAlgorithm); final ASN1OctetString digestValue = hashAlgAndValue.getHashValue(); final byte[] digestValueBytes = digestValue.getOctets(); signaturePolicy.setDigestValue(Utils.toBase64(digestValueBytes)); final SigPolicyQualifiers sigPolicyQualifiers = sigPolicy.getSigPolicyQualifiers(); if (sigPolicyQualifiers == null) { signaturePolicy.setPolicyContent(signaturePolicyProvider.getSignaturePolicyById(policyId)); } else { for (int ii = 0; ii < sigPolicyQualifiers.size(); ii++) { try { final SigPolicyQualifierInfo policyQualifierInfo = sigPolicyQualifiers.getInfoAt(ii); final ASN1ObjectIdentifier policyQualifierInfoId = policyQualifierInfo.getSigPolicyQualifierId(); final String policyQualifierInfoValue = policyQualifierInfo.getSigQualifier().toString(); if (PKCSObjectIdentifiers.id_spq_ets_unotice.equals(policyQualifierInfoId)) { signaturePolicy.setNotice(policyQualifierInfoValue); } else if (PKCSObjectIdentifiers.id_spq_ets_uri.equals(policyQualifierInfoId)) { signaturePolicy.setUrl(policyQualifierInfoValue); signaturePolicy.setPolicyContent(signaturePolicyProvider.getSignaturePolicyByUrl(policyQualifierInfoValue)); } else { LOG.error("Unknown signature policy qualifier id: " + policyQualifierInfoId + " with value: " + policyQualifierInfoValue); } } catch (Exception e) { LOG.error("Unable to read SigPolicyQualifierInfo " + ii, e.getMessage()); } } if (signaturePolicy.getPolicyContent() != null) { // Updates the OID based cached values signaturePolicyProvider.getSignaturePoliciesById().put(policyId, signaturePolicy.getPolicyContent()); } } }
