Java Code Examples for org.bouncycastle.asn1.cms.Attribute#getAttrType()
The following examples show how to use
org.bouncycastle.asn1.cms.Attribute#getAttrType() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CAdESTimestampDataBuilder.java From dss with GNU Lesser General Public License v2.1 | 6 votes |
/** * Remove any archive-timestamp-v2/3 attribute added after the * timestampToken */ private ASN1Sequence filterUnauthenticatedAttributes(ASN1Set unauthenticatedAttributes, TimestampToken timestampToken) { ASN1EncodableVector result = new ASN1EncodableVector(); for (int ii = 0; ii < unauthenticatedAttributes.size(); ii++) { final Attribute attribute = Attribute.getInstance(unauthenticatedAttributes.getObjectAt(ii)); final ASN1ObjectIdentifier attrType = attribute.getAttrType(); if (id_aa_ets_archiveTimestampV2.equals(attrType) || id_aa_ets_archiveTimestampV3.equals(attrType)) { try { TimeStampToken token = DSSASN1Utils.getTimeStampToken(attribute); if (!token.getTimeStampInfo().getGenTime().before(timestampToken.getGenerationTime())) { continue; } } catch (Exception e) { throw new DSSException(e); } } result.add(unauthenticatedAttributes.getObjectAt(ii)); } return new DERSequence(result); }
Example 2
Source File: CadesLevelBaselineLTATimestampExtractor.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
/** * The field unsignedAttrsHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of Attribute within unsignedAttrs field of the SignerInfo. A hash value for every instance of * Attribute, as present at the time when the corresponding archive time-stamp is requested, shall be included in * unsignedAttrsHashIndex. No other hash values shall be included in this field. * * We check that every hash attribute found in the timestamp token is found if the signerInformation. * * If there is more unsigned attributes in the signerInformation than present in the hash attributes list * (and there is at least the archiveTimestampAttributeV3), we don't report any error nor which attributes are * signed by the timestamp. * If there is some attributes that are not present or altered in the signerInformation, we just return some empty * sequence to make * sure that the timestamped data will not match. We do not report which attributes hash are present if any. * * If there is not attribute at all in the archive timestamp hash index, that would means we didn't check anything. * * @param signerInformation * @param timestampHashIndex * @return */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedUnsignedAttributesHashIndex(SignerInformation signerInformation, final ASN1Sequence timestampHashIndex, ASN1ObjectIdentifier atsHashIndexVersionIdentifier) { final ASN1Sequence unsignedAttributesHashes = DSSASN1Utils.getUnsignedAttributesHashIndex(timestampHashIndex); final List<DEROctetString> timestampUnsignedAttributesHashesList = new ArrayList<>(); if (unsignedAttributesHashes != null) { timestampUnsignedAttributesHashesList.addAll(Collections.list(unsignedAttributesHashes.getObjects())); } AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation); final ASN1EncodableVector asn1EncodableVector = unsignedAttributes.toASN1EncodableVector(); for (int i = 0; i < asn1EncodableVector.size(); i++) { final Attribute attribute = (Attribute) asn1EncodableVector.get(i); List<DEROctetString> attributeDerOctetStringHashes = getAttributeDerOctetStringHashes(attribute, atsHashIndexVersionIdentifier); for (DEROctetString derOctetStringDigest : attributeDerOctetStringHashes) { final ASN1ObjectIdentifier attrType = attribute.getAttrType(); if (timestampUnsignedAttributesHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp LOG.debug("Attribute {} present in timestamp", attrType.getId()); } else { LOG.debug("Attribute {} not present in timestamp", attrType.getId()); } } } if (!timestampUnsignedAttributesHashesList.isEmpty()) { LOG.error("{} attribute(s) hash in Timestamp has not been found in document attributes: {}", timestampUnsignedAttributesHashesList.size(), timestampUnsignedAttributesHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } // return the original DERSequence return unsignedAttributesHashes; }
Example 3
Source File: DSSASN1Utils.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
/** * Returns {@code ASN1ObjectIdentifier} of the found AtsHashIndex * @param timestampUnsignedAttributes {@link AttributeTable} of the timestamp's unsignedAttributes * @return {@link ASN1ObjectIdentifier} of the AtsHashIndex element version */ public static ASN1ObjectIdentifier getAtsHashIndexVersionIdentifier(AttributeTable timestampUnsignedAttributes) { if (timestampUnsignedAttributes != null) { Attributes attributes = timestampUnsignedAttributes.toASN1Structure(); for (Attribute attribute : attributes.getAttributes()) { ASN1ObjectIdentifier attrType = attribute.getAttrType(); if (id_aa_ATSHashIndex.equals(attrType) || id_aa_ATSHashIndexV2.equals(attrType) || id_aa_ATSHashIndexV3.equals(attrType)) { LOG.debug("Unsigned attribute of type [{}] found in the timestamp.", attrType); return attrType; } } LOG.warn("The timestamp unsignedAttributes does not contain ATSHashIndex!"); } return null; }
Example 4
Source File: DSSASN1Utils.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
/** * Checks if the attribute is of an allowed archive timestamp type * * @param attribute {@link Attribute} to check * @return true if the attribute represents an archive timestamp element, false otherwise */ public static boolean isArchiveTimeStampToken(Attribute attribute) { if (attribute == null) { return false; } ASN1ObjectIdentifier objectIdentifier = attribute.getAttrType(); return OID.id_aa_ets_archiveTimestampV2.equals(objectIdentifier) || OID.id_aa_ets_archiveTimestampV3.equals(objectIdentifier); }
Example 5
Source File: CAdESSignatureExtension.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
public ASN1Object getTimeStampAttributeValue(final byte[] messageToTimestamp, final DigestAlgorithm timestampDigestAlgorithm, final Attribute... attributesForTimestampToken) { try { if (LOG.isDebugEnabled()) { LOG.debug("Message to timestamp is: {}", Utils.toHex(messageToTimestamp)); } byte[] timestampDigest = DSSUtils.digest(timestampDigestAlgorithm, messageToTimestamp); if (LOG.isDebugEnabled()) { LOG.debug("Digested ({}) message to timestamp is {}", timestampDigestAlgorithm, Utils.toHex(timestampDigest)); } final TimestampBinary timeStampToken = tspSource.getTimeStampResponse(timestampDigestAlgorithm, timestampDigest); CMSSignedData cmsSignedDataTimeStampToken = new CMSSignedData(timeStampToken.getBytes()); // TODO (27/08/2014): attributesForTimestampToken cannot be null: to be modified if (attributesForTimestampToken != null) { // timeStampToken contains one and only one signer final SignerInformation signerInformation = cmsSignedDataTimeStampToken.getSignerInfos().getSigners().iterator().next(); AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation); for (final Attribute attributeToAdd : attributesForTimestampToken) { final ASN1ObjectIdentifier attrType = attributeToAdd.getAttrType(); final ASN1Encodable objectAt = attributeToAdd.getAttrValues().getObjectAt(0); unsignedAttributes = unsignedAttributes.add(attrType, objectAt); } // Unsigned attributes cannot be empty (RFC 5652 5.3) if (unsignedAttributes.size() == 0) { unsignedAttributes = null; } final SignerInformation newSignerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); final List<SignerInformation> signerInformationList = new ArrayList<>(); signerInformationList.add(newSignerInformation); final SignerInformationStore newSignerStore = new SignerInformationStore(signerInformationList); cmsSignedDataTimeStampToken = CMSSignedData.replaceSigners(cmsSignedDataTimeStampToken, newSignerStore); } final byte[] newTimeStampTokenBytes = cmsSignedDataTimeStampToken.getEncoded(); return DSSASN1Utils.toASN1Primitive(newTimeStampTokenBytes); } catch (IOException | CMSException e) { throw new DSSException("Cannot obtain timestamp attribute value.", e); } }