private TimeStampToken extractTimeStampTokenFromSignerInformation(SignerInformation signerInformation) throws CMSException, IOException, TSPException { if (signerInformation.getUnsignedAttributes() == null) { return null; } AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); // https://stackoverflow.com/questions/1647759/how-to-validate-if-a-signed-jar-contains-a-timestamp Attribute attribute = unsignedAttributes.get( PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (attribute == null) { return null; } ASN1Object obj = (ASN1Object) attribute.getAttrValues().getObjectAt(0); CMSSignedData signedTSTData = new CMSSignedData(obj.getEncoded()); return new TimeStampToken(signedTSTData); }
Attribute signingTime = signerInformation.getSignedAttributes().get(CMSAttributes.signingTime); if (signingTime != null)
.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); if (tsAttribute.getAttrValues() instanceof DERSet)
AttributeTable getSignedAttributes(Map params, CAdESLevelBaselineB cadesProfile, SignatureParameters parameters, byte[] messageDigest) { AttributeTable signedAttributes = cadesProfile.getSignedAttributes(parameters); if (signedAttributes.get(CMSAttributes.contentType) == null) { ASN1ObjectIdentifier contentType = (ASN1ObjectIdentifier) params.get(CMSAttributeTableGenerator.CONTENT_TYPE); // contentType will be null if we're trying to generate a counter signature. if (contentType != null) { signedAttributes = signedAttributes.add(CMSAttributes.contentType, contentType); } } if (signedAttributes.get(CMSAttributes.messageDigest) == null) { // byte[] messageDigest = (byte[]) params.get(CMSAttributeTableGenerator.DIGEST); signedAttributes = signedAttributes.add(CMSAttributes.messageDigest, new DEROctetString(messageDigest)); } return signedAttributes; }
protected void logDigests(SignerInformation sigInfo) { // it is assumed that the verify function has already been called, other wise the getContentDigest function // will fail if (this.m_logDigest && sigInfo != null) { try { //get the digests final Attribute digAttr = sigInfo.getSignedAttributes().get(CMSAttributes.messageDigest); final ASN1Encodable hashObj = digAttr.getAttrValues().getObjectAt(0); final byte[] signedDigest = ((ASN1OctetString)hashObj).getOctets(); final String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest); LOGGER.info("Signed Message Digest: " + signedDigestHex); // should have the computed digest now final byte[] digest = sigInfo.getContentDigest(); final String digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest); LOGGER.info("Computed Message Digest: " + digestHex); } catch (Throwable t) { /* no-op.... logging digests is a quiet operation */} } }
private void logDigests(SignerInformation sigInfo) { // it is assumed that the verify function has already been called, other wise the getContentDigest function // will fail if (this.m_logDigest && sigInfo != null) { try { //get the digests final Attribute digAttr = sigInfo.getSignedAttributes().get(CMSAttributes.messageDigest); final ASN1Encodable hashObj = digAttr.getAttrValues().getObjectAt(0); final byte[] signedDigest = ((ASN1OctetString)hashObj).getOctets(); final String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest); LOGGER.info("Signed Message Digest: " + signedDigestHex); // should have the computed digest now final byte[] digest = sigInfo.getContentDigest(); final String digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest); LOGGER.info("Computed Message Digest: " + digestHex); } catch (Throwable t) { /* no-op.... logging digests is a quiet operation */} } }
/** * Returns the recipient {@link MessageType} associated with this <code>pkiMessage</code>. * * @return the sender {@link MessageType}. */ public MessageType getMessageType() { final Attribute attr = getAttributeTable().get(SCEPObjectIdentifiers.messageType); final DERPrintableString msgType = (DERPrintableString) attr.getAttrValues().getObjectAt(0); return MessageType.valueOf(Integer.parseInt(msgType.getString())); }
/** * @param cadesSignature */ protected void assertExtendSignaturePossible(CAdESSignature cadesSignature) throws DSSException { final String exceptionMessage = "Cannot extend signature. The signedData is already extended with [%s]."; if (cadesSignature.isDataForSignatureLevelPresent(SignatureLevel.CAdES_BASELINE_LTA)) { throw new DSSException(String.format(exceptionMessage, "CAdES LTA")); } AttributeTable unsignedAttributes = CAdESSignature.getUnsignedAttributes(cadesSignature.getSignerInformation()); if (unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_ets_escTimeStamp) != null) { throw new DSSException(String.format(exceptionMessage, PKCSObjectIdentifiers.id_aa_ets_escTimeStamp.getId())); } }
@Override public byte[] getTimestampX1Data(final TimestampToken timestampToken, String canonicalizationMethod) { try { final ByteArrayOutputStream data = new ByteArrayOutputStream(); data.write(signerInformation.getSignature()); // We don't include the outer SEQUENCE, only the attrType and attrValues as stated by the TS §6.3.5, NOTE 2 final AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); if (unsignedAttributes != null) { final Attribute attribute = unsignedAttributes.get(id_aa_signatureTimeStampToken); if (attribute != null) { data.write(DSSASN1Utils.getDEREncoded(attribute.getAttrType())); data.write(DSSASN1Utils.getDEREncoded(attribute.getAttrValues())); } } // Those are common to Type 1 and Type 2 data.write(getTimestampX2Data(timestampToken, null)); return data.toByteArray(); } catch (IOException e) { throw new DSSException(e); } }
/** * Returns the {@link FailInfo} associated with this <code>pkiMessage</code> * or <code>null</code> if no {@link FailInfo} attribute was found. * * @return the {@link FailInfo} value, or <code>null</code>. */ public FailInfo getFailInfo() { final Attribute attr = getAttributeTable().get(SCEPObjectIdentifiers.failInfo); if (attr == null) { return null; } final DERPrintableString failInfo = (DERPrintableString) attr.getAttrValues().getObjectAt(0); return FailInfo.valueOf(Integer.parseInt(failInfo.getString())); }
/** * Returns the {@link PkiStatus} associated with this <code>pkiMessage</code> * or <code>null</code> if no {@link PkiStatus} attribute was found. * * @return the {@link PkiStatus} value, or <code>null</code>. */ public PkiStatus getPkiStatus() { final Attribute attr = getAttributeTable().get(SCEPObjectIdentifiers.pkiStatus); if (attr == null) { return null; } final DERPrintableString pkiStatus = (DERPrintableString) attr.getAttrValues().getObjectAt(0); return PkiStatus.valueOf(Integer.parseInt(pkiStatus.toString())); }
/** * @param timestampToken * @return the content of SignedAttribute: ATS-hash-index unsigned attribute {itu-t(0) identified-organization(4) etsi(0) electronic-signature-standard(1733) attributes(2) 5} */ private ASN1Sequence getAtsHashIndex(TimestampToken timestampToken) { final AttributeTable timestampTokenUnsignedAttributes = timestampToken.getUnsignedAttributes(); final Attribute atsHashIndexAttribute = timestampTokenUnsignedAttributes.get(id_aa_ATSHashIndex); final ASN1Set attrValues = atsHashIndexAttribute.getAttrValues(); return (ASN1Sequence) attrValues.getObjectAt(0).toASN1Primitive(); }
@Override public String getContentType() { final AttributeTable signedAttributes = signerInformation.getSignedAttributes(); if (signedAttributes == null) { return null; } final Attribute contentTypeAttribute = signedAttributes.get(PKCSObjectIdentifiers.pkcs_9_at_contentType); if (contentTypeAttribute == null) { return null; } final ASN1ObjectIdentifier asn1Encodable = (ASN1ObjectIdentifier) contentTypeAttribute.getAttrValues().getObjectAt(0); final String contentType = asn1Encodable.getId(); return contentType; }
/** * Returns the recipient {@link TransactionId} associated with this <code>pkiMessage</code>. * * @return the sender {@link TransactionId}. */ public TransactionId getTransactionId() { final Attribute attr = getAttributeTable().get(SCEPObjectIdentifiers.transId); DERPrintableString transId = (DERPrintableString) attr.getAttrValues().getObjectAt(0); return new TransactionId(transId.getOctets()); }
public static ASN1Encodable getFirstAttrValue(AttributeTable attrs, ASN1ObjectIdentifier type) { requireNonNull("attrs", attrs); requireNonNull("type", type); Attribute attr = attrs.get(type); if (attr == null) { return null; } ASN1Set set = attr.getAttrValues(); return (set.size() == 0) ? null : set.getObjectAt(0); }
private Nonce getNonce(DERObjectIdentifier oid) { final Attribute attr = getAttributeTable().get(oid); if (attr == null) { return null; } final DEROctetString nonce = (DEROctetString) attr.getAttrValues().getObjectAt(0); return new Nonce(nonce.getOctets()); }
private boolean verifySignedReferencesToSigningCertificate() { final IssuerSerial signingTokenIssuerSerial = DSSUtils.getIssuerSerial(signingCertificateValidity.getCertificateToken()); final BigInteger signingTokenSerialNumber = signingTokenIssuerSerial.getSerial().getValue(); final GeneralNames signingTokenIssuerName = signingTokenIssuerSerial.getIssuer(); final AttributeTable signedAttributes = getSignedAttributes(signerInformation); final Attribute signingCertificateAttributeV1 = signedAttributes.get(id_aa_signingCertificate); if (signingCertificateAttributeV1 != null) { signingCertificateValidity.setAttributePresent(true); verifySigningCertificateV1(signingTokenSerialNumber, signingTokenIssuerName, signingCertificateAttributeV1); return true; } final Attribute signingCertificateAttributeV2 = signedAttributes.get(id_aa_signingCertificateV2); if (signingCertificateAttributeV2 != null) { signingCertificateValidity.setAttributePresent(true); verifySigningCertificateV2(signingTokenSerialNumber, signingTokenIssuerName, signingCertificateAttributeV2); return true; } return false; }
@Override public String getContentIdentifier() { final AttributeTable signedAttributes = signerInformation.getSignedAttributes(); if (signedAttributes == null) { return null; } final Attribute contentIdentifierAttribute = signedAttributes.get(PKCSObjectIdentifiers.id_aa_contentIdentifier); if (contentIdentifierAttribute == null) { return null; } final ASN1Encodable asn1Encodable = contentIdentifierAttribute.getAttrValues().getObjectAt(0); final ContentIdentifier contentIdentifier = ContentIdentifier.getInstance(asn1Encodable); final String contentIdentifierString = DSSASN1Utils.toString(contentIdentifier.getValue()); return contentIdentifierString; }
private TimeStampToken extractTimeStampTokenFromSignerInformation(SignerInformation signerInformation) throws CMSException, IOException, TSPException { if (signerInformation.getUnsignedAttributes() == null) { return null; } AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); // https://stackoverflow.com/questions/1647759/how-to-validate-if-a-signed-jar-contains-a-timestamp Attribute attribute = unsignedAttributes.get( PKCSObjectIdentifiers.id_aa_signatureTimeStampToken); ASN1Object obj = (ASN1Object) attribute.getAttrValues().getObjectAt(0); CMSSignedData signedTSTData = new CMSSignedData(obj.getEncoded()); return new TimeStampToken(signedTSTData); }
@Override public String getContentHints() { final AttributeTable signedAttributes = signerInformation.getSignedAttributes(); if (signedAttributes == null) { return null; } final Attribute contentHintAttribute = signedAttributes.get(PKCSObjectIdentifiers.id_aa_contentHint); if (contentHintAttribute == null) { return null; } final ASN1Encodable asn1Encodable = contentHintAttribute.getAttrValues().getObjectAt(0); final ContentHints contentHints = ContentHints.getInstance(asn1Encodable); final String contentHintsContentType = contentHints.getContentType().toString(); final String contentHintsContentDescription = contentHints.getContentDescription().getString(); final String contentHint = contentHintsContentType + " [" + contentHintsContentDescription + "]"; return contentHint; }