/** * * @return */ public boolean hasSignaturePolicyAlgo() { return !DSSUtils.isEmpty(signaturePolicyAlgo); }
/** * Returns the encoded base 64 digest value of the certificate for a given algorithm. Can return null if the * algorithm is unknown. * * @param digestAlgorithm * @return */ public String getDigestValue(final DigestAlgorithm digestAlgorithm) { if (digests == null) { digests = new HashMap<DigestAlgorithm, String>(); } String encodedDigest = digests.get(digestAlgorithm); if (encodedDigest == null) { final byte[] digest = DSSUtils.digest(digestAlgorithm, DSSUtils.getEncoded(x509Certificate)); encodedDigest = DSSUtils.base64Encode(digest); digests.put(digestAlgorithm, encodedDigest); } return encodedDigest; }
public String toString() { final String text = getText(); final String nodeName = element.getNodeName(); if (DSSUtils.isNotBlank(text)) { return nodeName + ": " + text; } else { return nodeName; } }
/** * This method loads a certificate from a base 64 encoded String * * @param base64Encoded * @return */ public static X509Certificate loadCertificateFromBase64EncodedString(final String base64Encoded) { final byte[] bytes = DSSUtils.base64Decode(base64Encoded); return loadCertificate(bytes); }
/** * This method saves the given {@code InputStream} to a file representing by the provided path. The {@code InputStream} is not closed. * * @param inputStream {@code InputStream} to save * @param path the path to the file to be created */ public static void saveToFile(final InputStream inputStream, final String path) { final FileOutputStream fileOutputStream = toFileOutputStream(path); try { copy(inputStream, fileOutputStream); } finally { closeQuietly(fileOutputStream); } }
/** * This method loads a certificate from the given location. The certificate must be DER-encoded and may be supplied in binary or printable * (Base64) encoding. If the certificate is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN CERTIFICATE-----, and * must be bounded at the end by -----END CERTIFICATE-----. It throws an {@code DSSException} or return {@code null} when the * certificate cannot be loaded. * * @param file * @return */ public static X509Certificate loadCertificate(final File file) throws DSSException { final InputStream inputStream = DSSUtils.toByteArrayInputStream(file); final X509Certificate x509Certificate = loadCertificate(inputStream); return x509Certificate; }
private void addSignedBy(final XmlNode signatureNode, final XmlDom signCert) { String signedBy = "?"; if (signCert != null) { final String dn = signCert.getValue("./SubjectDistinguishedName[@Format='RFC2253']/text()"); final X509Principal principal = new X509Principal(dn); final Vector<?> values = principal.getValues(new ASN1ObjectIdentifier("2.5.4.3")); if (values != null && values.size() > 0) { final String string = (String) values.get(0); if (DSSUtils.isNotBlank(string)) { signedBy = DSSUtils.replaceStrStr(string, "&", "&"); } if (DSSUtils.isEmpty(signedBy)) { signedBy = DSSUtils.replaceStrStr(dn, "&", "&"); } } } signatureNode.addChild(NodeName.SIGNED_BY, signedBy); }
private void addSigningCertificateAttribute(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) throws DSSException { final DigestAlgorithm digestAlgorithm = parameters.getDigestAlgorithm(); final List<ChainCertificate> chainCertificateList = parameters.getCertificateChain(); final List<ASN1Encodable> signingCertificates = new ArrayList<ASN1Encodable>(); for (final ChainCertificate chainCertificate : chainCertificateList) { if (!chainCertificate.isSignedAttribute()) { continue; } final X509Certificate signingCertificate = chainCertificate.getX509Certificate(); final byte[] encoded = DSSUtils.getEncoded(signingCertificate); final byte[] certHash = DSSUtils.digest(digestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(certHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = DSSUtils.getIssuerSerial(signingCertificate); ASN1Encodable asn1Encodable; if (digestAlgorithm == SHA1) { final ESSCertID essCertID = new ESSCertID(certHash, issuerSerial); asn1Encodable = new SigningCertificate(essCertID); } else { asn1Encodable = new ESSCertIDv2(digestAlgorithm.getAlgorithmIdentifier(), certHash, issuerSerial); } signingCertificates.add(asn1Encodable); } final Attribute attribute = createSigningCertificateAttributes(digestAlgorithm, signingCertificates); signedAttributes.add(attribute); }
/** * @return the pkcs12File */ public File getPkcs12File() { if (pkcs12File == null) { final String path = userPreferencesDAO.getPKCS12FilePath(); if (DSSUtils.isNotEmpty(path)) { pkcs12File = new File(path); } } return pkcs12File; }
/** * Creates dss document that retains the data in memory * * @param inputStream input stream representing the document * @param name the file name if the data originates from a file * @param mimeType the mime type of the file if the data originates from a file * @throws IOException */ public InMemoryDocument(final InputStream inputStream, final String name, final MimeType mimeType) throws DSSException { this(DSSUtils.toByteArray(inputStream), name, mimeType); }
@Override public String getDigest(final DigestAlgorithm digestAlgorithm) { final InputStream inputStream = openStream(); final byte[] digestBytes = DSSUtils.digest(digestAlgorithm, inputStream); DSSUtils.closeQuietly(inputStream); final String base64Encode = DSSUtils.base64Encode(digestBytes); return base64Encode; } }
@Override public String getDigest(final DigestAlgorithm digestAlgorithm) { final byte[] digestBytes = DSSUtils.digest(digestAlgorithm, getBytes()); final String base64Encode = DSSUtils.base64Encode(digestBytes); return base64Encode; }
/** * This method saves the given array of {@code byte} to the provided {@code File}. * * @param bytes to save * @param file * @throws DSSException */ public static void saveToFile(final byte[] bytes, final File file) throws DSSException { file.getParentFile().mkdirs(); FileOutputStream fileOutputStream = null; try { final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes); fileOutputStream = new FileOutputStream(file); copy(byteArrayInputStream, fileOutputStream); } catch (IOException e) { throw new DSSException(e); } finally { closeQuietly(fileOutputStream); } }
private void setSigningCertificateAndChain(final WSParameters wsParameters, final SignatureParameters params) { final byte[] signingCertBytes = wsParameters.getSigningCertificateBytes(); if (signingCertBytes == null) { return; } final X509Certificate x509SigningCertificate = DSSUtils.loadCertificate(signingCertBytes); params.setSigningCertificate(x509SigningCertificate); final List<ChainCertificate> chainCertificates = new ArrayList<ChainCertificate>(); chainCertificates.add(new ChainCertificate(x509SigningCertificate, true)); final List<WSChainCertificate> wsChainCertificateList = wsParameters.getChainCertificateList(); if (!DSSUtils.isEmpty(wsChainCertificateList)) { for (final WSChainCertificate wsChainCertificate : wsChainCertificateList) { final X509Certificate x509Certificate = DSSUtils.loadCertificate(wsChainCertificate.getX509Certificate()); final ChainCertificate chainCertificate = new ChainCertificate(x509Certificate, wsChainCertificate.isSignedAttribute()); if (!chainCertificates.contains(chainCertificate)) { chainCertificates.add(chainCertificate); } } } params.setCertificateChain(chainCertificates); }
private static void prepareCertificateChain(SignatureParameters parameters, WsParameters wsParameters) { final List<ChainCertificate> certificateChain = parameters.getCertificateChain(); if (!DSSUtils.isEmpty(certificateChain)) { final List<WsChainCertificate> wsChainCertificateList = wsParameters.getChainCertificateList(); for (final ChainCertificate chainCertificate : certificateChain) { final WsChainCertificate wsChainCertificate = new WsChainCertificate(); final X509Certificate x509Certificate = chainCertificate.getX509Certificate(); wsChainCertificate.setX509Certificate(DSSUtils.getEncoded(x509Certificate)); wsChainCertificate.setSignedAttribute(chainCertificate.isSignedAttribute()); wsChainCertificateList.add(wsChainCertificate); } } }
/** * This method digests the given {@code InputStream} with SHA1 algorithm and encode returned array of bytes as hex string. * * @param inputStream * @return */ public static String getSHA1Digest(final InputStream inputStream) { final byte[] bytes = DSSUtils.toByteArray(inputStream); final byte[] digest = sha1Digester.digest(bytes); return encodeHexString(digest); }
private boolean extractSigningCertificateFromResponse(final CertificatePool certificatePool) { for (final X509CertificateHolder x509CertificateHolder : basicOCSPResp.getCerts()) { final byte[] encoded = DSSUtils.getEncoded(x509CertificateHolder); final X509Certificate x509Certificate = DSSUtils.loadCertificate(encoded); final CertificateToken certToken = certificatePool.getInstance(x509Certificate, CertificateSourceType.OCSP_RESPONSE); if (isSignedBy(certToken)) { return true; } } return false; }
private void addCertificate(final Element x509DataDom, final X509Certificate x509Certificate) { final byte[] encoded = DSSUtils.getEncoded(x509Certificate); final String base64Encoded = DSSUtils.base64Encode(encoded); // <ds:X509Certificate>...</ds:X509Certificate> DSSXMLUtils.addTextElement(documentDom, x509DataDom, XMLNS, DS_X509_CERTIFICATE, base64Encoded); }
@Override protected void init() { final Parameters parameters = getController().getParameter(); final SignatureModel model = getModel(); if (parameters.hasSignaturePolicyAlgo() && DSSUtils.isEmpty(model.getSignaturePolicyAlgo())) { model.setSignaturePolicyAlgo(parameters.getSignaturePolicyAlgo()); } if (parameters.hasSignaturePolicyValue() && DSSUtils.isEmpty(model.getSignaturePolicyValue())) { model.setSignaturePolicyValue(DSSUtils.base64Encode(parameters.getSignaturePolicyValue())); } // TODO: (Bob: 2014 Jan 19) To be adapted to baseline profile final boolean levelBES = model.getLevel().toUpperCase().endsWith("-BES"); model.setSignaturePolicyVisible(!levelBES); }
private X509Certificate readLOTLCertificate() throws DSSException { X509Certificate lotlCert; if (lotlCertificate == null) { final String msg = "The LOTL signing certificate property must contain a reference to a certificate."; diagnosticInfo.put(lotlUrl, msg); throw new DSSException(msg); } InputStream inputStream = null; try { inputStream = getLotlCertificateInputStream(); lotlCert = DSSUtils.loadCertificate(inputStream); } catch (DSSException e) { final String msg = "Cannot read LOTL signing certificate."; diagnosticInfo.put(lotlUrl, msg); throw e; } finally { DSSUtils.closeQuietly(inputStream); } return lotlCert; }