org.bouncycastle.asn1.DERSet Java Examples

The following examples show how to use org.bouncycastle.asn1.DERSet. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PdfPKCS7.java    From itext2 with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Added by Aiken Sam, 2006-11-15, modifed by Martin Brunecky 07/12/2007
 * to start with the timeStampToken (signedData 1.2.840.113549.1.7.2).
 * Token is the TSA response without response status, which is usually
 * handled by the (vendor supplied) TSA request/response interface).
 * @param timeStampToken byte[] - time stamp token, DER encoded signedData
 * @return ASN1EncodableVector
 * @throws IOException
 */
private ASN1EncodableVector buildUnauthenticatedAttributes(byte[] timeStampToken)  throws IOException {
    if (timeStampToken == null)
        return null;

    // @todo: move this together with the rest of the defintions
    String ID_TIME_STAMP_TOKEN = "1.2.840.113549.1.9.16.2.14"; // RFC 3161 id-aa-timeStampToken

    ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(timeStampToken));
    ASN1EncodableVector unauthAttributes = new ASN1EncodableVector();

    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1ObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken
    ASN1Sequence seq = (ASN1Sequence) tempstream.readObject();
    v.add(new DERSet(seq));

    unauthAttributes.add(new DERSequence(v));
    return unauthAttributes;
 }
 
Example #2
Source File: CAdESLevelBaselineB.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * ETSI TS 101 733 V2.2.1 (2013-04)
 *
 * 5.10.2 content-identifier Attribute
 * The content-identifier attribute provides an identifier for the signed content, for use when a reference may be
 * later required to that content; for example, in the content-reference attribute in other signed data sent later.
 * The
 * content-identifier shall be a signed attribute. content-identifier attribute type values for the ES have an ASN.1
 * type ContentIdentifier, as defined in
 * ESS (RFC 2634 [5]).
 *
 * The minimal content-identifier attribute should contain a concatenation of user-specific identification
 * information (such as a user name or public keying material identification information), a GeneralizedTime string,
 * and a random number.
 *
 * @param parameters
 * @param signedAttributes
 */
private void addContentIdentifier(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) {
	/* this attribute is prohibited in PAdES B */
	if (padesUsage) {
		return;
	}

	final String contentIdentifierPrefix = parameters.getContentIdentifierPrefix();
	if (Utils.isStringNotBlank(contentIdentifierPrefix)) {
		if (Utils.isStringBlank(parameters.getContentIdentifierSuffix())) {
			StringBuilder suffixBuilder = new StringBuilder();
			suffixBuilder.append(new ASN1GeneralizedTime(new Date()).getTimeString());
			suffixBuilder.append(new SecureRandom().nextLong());
			parameters.setContentIdentifierSuffix(suffixBuilder.toString());
		}
		final String contentIdentifierString = contentIdentifierPrefix + parameters.getContentIdentifierSuffix();
		final ContentIdentifier contentIdentifier = new ContentIdentifier(contentIdentifierString.getBytes());
		final DERSet attrValues = new DERSet(contentIdentifier);
		final Attribute attribute = new Attribute(id_aa_contentIdentifier, attrValues);
		signedAttributes.add(attribute);
	}
}
 
Example #3
Source File: CAdESLevelBaselineB.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * ETSI TS 101 733 V2.2.1 (2013-04)
 *
 * 5.11.1 commitment-type-indication Attribute
 * There may be situations where a signer wants to explicitly indicate to a verifier that by signing the data, it
 * illustrates a
 * type of commitment on behalf of the signer. The commitment-type-indication attribute conveys such
 * information.
 *
 * @param parameters
 * @param signedAttributes
 */
private void addCommitmentType(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) {

	// TODO (19/08/2014): commitmentTypeQualifier is not implemented
	final List<CommitmentType> commitmentTypeIndications = parameters.bLevel().getCommitmentTypeIndications();
	if (Utils.isCollectionNotEmpty(commitmentTypeIndications)) {

		final int size = commitmentTypeIndications.size();
		ASN1Encodable[] asn1Encodables = new ASN1Encodable[size];
		for (int ii = 0; ii < size; ii++) {
			
			final CommitmentType commitmentType = commitmentTypeIndications.get(ii);
			if (commitmentType.getOid() == null) {
				throw new DSSException("The commitmentTypeIndication OID must be defined for CAdES creation!");
			}

			final ASN1ObjectIdentifier objectIdentifier = new ASN1ObjectIdentifier(commitmentType.getOid());
			final CommitmentTypeIndication commitmentTypeIndication = new CommitmentTypeIndication(objectIdentifier);
			asn1Encodables[ii] = commitmentTypeIndication.toASN1Primitive(); // DER encoded
		}
		final DERSet attrValues = new DERSet(asn1Encodables);
		final Attribute attribute = new Attribute(id_aa_ets_commitmentType, attrValues);
		signedAttributes.add(attribute);
	}
}
 
Example #4
Source File: CAdESLevelBaselineB.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
private void addSigningTimeAttribute(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) {
	/*
	 * In PAdES, we don't include the signing time : ETSI TS 102 778-3 V1.2.1
	 * (2010-07): 4.5.3 signing-time Attribute
	 */
	if (padesUsage) {
		return;
	}

	final Date signingDate = parameters.bLevel().getSigningDate();
	if (signingDate != null) {
		final DERSet attrValues = new DERSet(new Time(signingDate));
		final Attribute attribute = new Attribute(pkcs_9_at_signingTime, attrValues);
		signedAttributes.add(attribute);
	}
}
 
Example #5
Source File: CadesLevelBaselineLTATimestampExtractor.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
private Attribute getComposedAtsHashIndex(AlgorithmIdentifier algorithmIdentifiers, ASN1Sequence certificatesHashIndex, ASN1Sequence crLsHashIndex,
		ASN1Sequence unsignedAttributesHashIndex, ASN1ObjectIdentifier atsHashIndexVersionIdentifier) {
	final ASN1EncodableVector vector = new ASN1EncodableVector();
	if (algorithmIdentifiers != null) {
		vector.add(algorithmIdentifiers);
	} else if (id_aa_ATSHashIndexV2.equals(atsHashIndexVersionIdentifier) || id_aa_ATSHashIndexV3.equals(atsHashIndexVersionIdentifier)) {
		// for id_aa_ATSHashIndexV2 and id_aa_ATSHashIndexV3, the algorithmIdentifier is required
		AlgorithmIdentifier sha256AlgorithmIdentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(DigestAlgorithm.SHA256.getOid()));
		vector.add(sha256AlgorithmIdentifier);
	}
	if (certificatesHashIndex != null) {
		vector.add(certificatesHashIndex);
	}
	if (crLsHashIndex != null) {
		vector.add(crLsHashIndex);
	}
	if (unsignedAttributesHashIndex != null) {
		vector.add(unsignedAttributesHashIndex);
	}
	final ASN1Sequence derSequence = new DERSequence(vector);
	return new Attribute(atsHashIndexVersionIdentifier, new DERSet(derSequence));
}
 
Example #6
Source File: EndPointKeyStoreManager.java    From DeviceConnect-Android with MIT License 6 votes vote down vote up
/**
 * 証明書署名要求のオブジェクトを作成する.
 *
 * @param keyPair キーペア
 * @param commonName コモンネーム
 * @param generalNames SANs
 * @return 証明書署名要求のオブジェクト
 * @throws GeneralSecurityException 作成に失敗した場合
 */
private static PKCS10CertificationRequest createCSR(final KeyPair keyPair,
                                                    final String commonName,
                                                    final GeneralNames generalNames) throws GeneralSecurityException {
    final String signatureAlgorithm = "SHA256WithRSAEncryption";
    final X500Principal principal = new X500Principal("CN=" + commonName + ", O=Device Connect Project, L=N/A, ST=N/A, C=JP");
    DERSequence sanExtension= new DERSequence(new ASN1Encodable[] {
            X509Extensions.SubjectAlternativeName,
            new DEROctetString(generalNames)
    });
    DERSet extensions = new DERSet(new DERSequence(sanExtension));
    DERSequence extensionRequest = new DERSequence(new ASN1Encodable[] {
            PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
            extensions
    });
    DERSet attributes = new DERSet(extensionRequest);
    return new PKCS10CertificationRequest(
            signatureAlgorithm,
            principal,
            keyPair.getPublic(),
            attributes,
            keyPair.getPrivate(),
            SecurityUtil.getSecurityProvider());
}
 
Example #7
Source File: JarSigner.java    From keystore-explorer with GNU General Public License v3.0 6 votes vote down vote up
private static CMSSignedData addTimestamp(String tsaUrl, CMSSignedData signedData) throws IOException {

		Collection<SignerInformation> signerInfos = signedData.getSignerInfos().getSigners();

		// get signature of first signer (should be the only one)
		SignerInformation si = signerInfos.iterator().next();
		byte[] signature = si.getSignature();

		// send request to TSA
		byte[] token = TimeStampingClient.getTimeStampToken(tsaUrl, signature, DigestType.SHA1);

		// create new SignerInformation with TS attribute
		Attribute tokenAttr = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken,
				new DERSet(ASN1Primitive.fromByteArray(token)));
		ASN1EncodableVector timestampVector = new ASN1EncodableVector();
		timestampVector.add(tokenAttr);
		AttributeTable at = new AttributeTable(timestampVector);
		si = SignerInformation.replaceUnsignedAttributes(si, at);
		signerInfos.clear();
		signerInfos.add(si);
		SignerInformationStore newSignerStore = new SignerInformationStore(signerInfos);

		// create new signed data
		CMSSignedData newSignedData = CMSSignedData.replaceSigners(signedData, newSignerStore);
		return newSignedData;
	}
 
Example #8
Source File: DSSASN1UtilsTest.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
@Test
public void isArchiveTimeStampTokenTest() {
	String atstV2 = "MIIIhwYLKoZIhvcNAQkQAjAxggh2MIIIcgYJKoZIhvcNAQcCoIIIYzCCCF8CAQMxDzANBglghkgBZQMEAgEFADCCARMGCyqGSIb3DQEJEAEEoIIBAgSB/zCB/AIBAQYKKwYBBAH7SwUCAjAxMA0GCWCGSAFlAwQCAQUABCAm67S7cA/ArzsncKnDKJk7AQVkbbH2LmjhxjNFGKEKeAIVAKQr5q6pobk+BGS1xZJBa0LrWjgtGBMyMDE4MDUwNzE0MTMxNy41OTNaMAOAAQECCQDdRKjMw1Tj/aB8pHoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjExHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUqCCBGAwggRcMIIDRKADAgECAhBaH/CXaf7oPTjm1eRV0Qf/MA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTAeFw0xODA0MjYxNjE5MjZaFw0yNDA0MjYxNjE5MjZaMHgxKTAnBgNVBAMTIFVuaXZlcnNpZ24gVGltZXN0YW1waW5nIFVuaXQgMDIxMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDELMAkGA1UEBhMCRlIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQMcsEWLDspCSdwPsmLqo/JwAbZG/dKvJmZEDhMFQti8RSm1GYqyh+tqrLFxEbLZod7o61Qp5j6DivuhnBrqwztlUYih7hJfMcYbwPeU6tDk1MOvXFtU/H5swTnZOU87ub/NItmxqm51jPmFhJZJG6UAuPskZbZaSJWmeKGTnj9xTy4trxz2f7dd1d/WWx8vhqcJ8WqQOc8mUGdRrkLZ5gPBVvRrZzb6PzgQuPB4UBS2ijufG6kPtPXM4yMHYYUmA9rujiJ2f/FKyA4ZNV411uFjTrPRFIuIrwUXNiV6f9EUAW2UqPYl4moxx1/jj7hS3ErxjmDh3/uwiqulaytosFAgMBAAGjgeIwgd8wCQYDVR0TBAIwADBBBgNVHSAEOjA4MDYGCisGAQQB+0sFAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC51bml2ZXJzaWduLmV1L3VuaXZlcnNpZ25fdHNhX3Jvb3RfMjAxNS5jcmwwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMB8GA1UdIwQYMBaAFPpN7Vc7vT/zkTOaCzmkf10S3QdGMA0GCSqGSIb3DQEBCwUAA4IBAQBWR3oSNvA0PY+MArWaEHJYSYCLZQlviCVnpbH7Oc9HEFU6CdzWnYsC/fnM5z7i/1OqSn/BId7n2e86M9aZ5ADfi0frJxys2OxxvitopvTzS5+He63IDCrkUNbGcqJ8w/nm3egoSALfC1jcCOODp3mdYjG8u2m8izdvnL6PSIQH204eDUNG2mfdq+4/3dP5frtLetRth0GIGyfCfbAk9JQuLYccnmCxM61MUGb3lKAwcOdkXYO/cb41eEvcqc0XZAzFOJynZX++CKz59vxu7yGUdvJ/B3r8wT5h7nYy69cVdD2dciMPZ6q4CL7OFbHekML0zMzGGq9RCueM3g96+wgcMYICzDCCAsgCAQEwgYswdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhBaH/CXaf7oPTjm1eRV0Qf/MA0GCWCGSAFlAwQCAQUAoIIBETAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEINTyZn1Qwk+ObcyBn8lOomMd1ONT4hIgFTENpywHUxbEMIHBBgsqhkiG9w0BCRACDDGBsTCBrjCBqzCBqAQUCPAR2aMafE51hsHQENTQcKe6lWAwgY8we6R5MHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNQIQWh/wl2n+6D045tXkVdEH/zANBgkqhkiG9w0BAQsFAASCAQA4NsVVHBUrIs+zoonsl2eFUVwBehoTZJJvLSp41Q3jdAci2ppTzL/8rsvlv3RwDc6lMcOFDZhSuKOIT8rLXPg050xAglxUzkN0r9WpscQ6/cfJZmvVTf01gERTYuqrLhs5lF2qdEOty+42VeJB4hW/gAunEQxJuOyO1xGRBkgyIQq2t63FcwR/+Qw9IWRByNp15Bdt30HpvmyvhR3y/T4hK/9NatRAxoBIRhHXlwUT15Bphf22bDuOyEJyOYnviAvpcUq0g5v7KQcIJdmk93elzo+n8yIwCS7lm3XhZYLsyocLbQBP6oNCZlrNZ4YL4SuMcP0JWW7jfj/+OzWGax8H";
	ASN1Primitive asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(atstV2));
	Attribute atstV2Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV2, new DERSet(asn1Primitive));
	assertTrue(DSSASN1Utils.isArchiveTimeStampToken(atstV2Attibute));
	
	String atstV3 = "MIIJWwYJKoZIhvcNAQcCoIIJTDCCCUgCAQMxDzANBglghkgBZQMEAgMFADCB/gYLKoZIhvcNAQkQAQSgge4EgeswgegCAQEGBgQAj2cBATAxMA0GCWCGSAFlAwQCAQUABCCn0cRUUvQwpjtFZ8VAx0nzxzu3gZ2Ymqcp87qgiY/4OQIIXuTHubzkaM4YDzIwMjAwNDExMTIzNDQwWjADAgEBAgiO+SBfQ41ZO6B+pHwwejEnMCUGA1UEAwweU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWSAyMDIwMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEMMAoGA1UECwwDVFNBMRswGQYDVQQKDBJTSyBJRCBTb2x1dGlvbnMgQVMxCzAJBgNVBAYTAkVFoIIEGjCCBBYwggL+oAMCAQICEGI2fXRa2UOrXaRQuV4/+m4wDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxKDAmBgNVBAMMH0VFIENlcnRpZmljYXRpb24gQ2VudHJlIFJvb3QgQ0ExGDAWBgkqhkiG9w0BCQEWCXBraUBzay5lZTAeFw0xOTEyMzEyMjAwMDBaFw0yNDEyMzEyMjAwMDBaMHoxJzAlBgNVBAMMHlNLIFRJTUVTVEFNUElORyBBVVRIT1JJVFkgMjAyMDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxDDAKBgNVBAsMA1RTQTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMQswCQYDVQQGEwJFRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXTh6Dv8RAF1WHepuuEISh6DWYU+S/sBJDufQx+CvJVta//5BCbrH2OtMw2PKPbPeh2AAnEDkfWJbYN0953qkWSeRhD7ebhcwls7kncsSFjGnMbv7EmGpZ+G6mwnfezC+KlXb8DxizRkbvFLbstCcocrqASAh1HIMsNTtgE5XPvec3YRryqteYGsxl06VVGIC6SJ5AoadaI2Qr/1hXSjd3TRgebap98bHX1Hxg1sXuICxRS3l48aNKU9mPuYSRdfq/j5ZWUZ7tSylxHKx8Xssmfii+sEi1Mr38WfvuYXdMEdaQp1YGfoX2GhmfmBkSV7YiAPAxanimeqgIQPGur/fUCAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKg+Cij+kSqhnWH1zZU9+aXNRpIxMB8GA1UdIwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL2FpYS5zay5lZS9DQTANBgkqhkiG9w0BAQsFAAOCAQEACdOkKf5IjoXDWxLA1FRny7lcnCoxG6xhjFpwI9fEtPGlse4o17Qw/ZmOQsbUVJfSG4wf3spf0bfEQ1VEbSIqIjXJJMQv2zh8Ygo9ljQr0caPBk/6p+DNb1f0svL8Mf2ZWLGa5UZ7qO/3aj7EMsSIERm1Kddm1SjuCkG+AzTnAOig8HD3ds7+JwU/+F1u6g9O7KVvSz1ShL7DlNTFdbc54w9JQuWS+uxXQfJChCQm2zX6lS1QTmIwaKXLeas0yyzweS05lfCNvNV80xKnhcWxcvsKO1Tk+it+jmEnfvQpz59jP5elX60gotzr2lnKvpYIBkdZEMw7EuJTdSaMmand/TGCBBEwggQNAgEBMIGJMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUCEGI2fXRa2UOrXaRQuV4/+m4wDQYJYIZIAWUDBAIDBQCgggFNMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjAwNDExMTIzNDQwWjBPBgkqhkiG9w0BCQQxQgRAH9gYJ4dHC7QWYpAOC+dYActRLeKsE0lMir0l78LMHQaKYrby5Kkz0wJXGSgKqhkrNK+gzv/uFGBIdudAa6PilDCBvwYLKoZIhvcNAQkQAgwxga8wgawwgakwgaYEFByzCZkAs/MvzNPr/6e11uQdAcXVMIGNMHmkdzB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlAhBiNn10WtlDq12kULleP/puMA0GCSqGSIb3DQEBAQUABIIBALxEsyppFT3s3s0LFdo+xDC65viHa8yIi94z6WPczKq1Prf56SYrUmF72sDTHVnfRshFtOd+0trRXxHOB124UPsgTOpTzt2SKotduV3lHvKVPN1IFuHHSB9jJZXtnFQ4O1ePmjWWTFZ3kU0Uk6SWdPKEergwbL08AFVcucnBa/UdDN30xrit7YaW16UNQyvFSt9TTx8LL2mJvl1tjDrKn9V9ua4+B31nsYF6XT2ypfEaXZV1pEWqA20+RRcCctdMXSQl7UTx0L0BCfTBRsd86Me/Dk9J1yJkEeOKXfsTEtnKAQThjWtw4qGtswyqeCKh+EMCe62B5ZC+1bZTlohfD1GhggEHMIIBAwYGBACNRQIFMYH4MIH1MGYEIK3f+m/QgJpUqfCzH9JfdL9/LXrhHID9mdqg+2A6Zc0OBCCkXt47u/CciuFccu/AcmjWk6IcmW/VHmfKB5Rg/W2IcwQgYMHF0qMQHKR1OJ2F1UQbg+HTVL+OJeft+dR5H4CzDtowADCBiAQgvqmBrWZOoI5LCE6ZgL6B1pSwGikyP/Gpw87i+EyQp0cEIHmnEgy9yobW4GAfAad4eiVXn6pdMKNizXvUwzqd/eyKBCBu1yd6G1zNfHMHbTc/VvEe5Q85N/6gpJekpgWhLuBQxQQg3WcimJCwZgUxiFzPw7zMX8F4+FTiNC/lXpKaOmvbSQE=";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(atstV3));
	Attribute atstV3Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV3, new DERSet(asn1Primitive));
	assertTrue(DSSASN1Utils.isArchiveTimeStampToken(atstV3Attibute));
	
	String sigTst = "MIIVJQYJKoZIhvcNAQcCoIIVFjCCFRICAQMxDzANBglghkgBZQMEAgEFADCCARMGCyqGSIb3DQEJEAEEoIIBAgSB/zCB/AIBAQYKKwYBBAH7SwUCAjAxMA0GCWCGSAFlAwQCAQUABCBT2S93XuvGV5XB9P74rlXpEBNQw7v+LkhVqlWcwyGgDwIVAKzJneGO+8crMY8T0qaCcD2284U4GBMyMDE4MDUwNzE0MTMxMS4xMDRaMAOAAQECCQDAIEqncxQduqB8pHoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjAxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUqCCBGEwggRdMIIDRaADAgECAhEArBfUtF0gHC6S0qdGjvl/XDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJGUjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxKDAmBgNVBAMTH1VuaXZlcnNpZ24gVGltZXN0YW1waW5nIENBIDIwMTUwHhcNMTgwNDI2MTYxMDIxWhcNMjQwNDI2MTYxMDIxWjB4MSkwJwYDVQQDEyBVbml2ZXJzaWduIFRpbWVzdGFtcGluZyBVbml0IDAyMDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxCzAJBgNVBAYTAkZSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6X5QfrFNO3B94xi9xV9dJ7jrV62qDK8MZ6x+3tKmXYBb0TIdXwki3ODlgBVxx2AK5mJ7QuJow3Sbd233utmKG14LNeeWGA1/X8XDD4N+iUTaCeZr5HUv4lRn8sTBtAeaDTEk1tThkNiG8+mxlSGaMEWFA4gzWGatmy5XzjstA0InCzQ0NhH4H4i3RCWO3VJeV/2pMrmbDhu08tufmkaazCo5yW+Wd/3uJYNoVLOKRGNlg8M94obfpEtbdIW/cN4uN9Q2kjA1mo8RZYIcZj401ENRpy5HTD4iXRABKAD+3PARE9y92mgB2PRc4552dR2N1VMC46u5I1nW9vpiLHQXwIDAQABo4HiMIHfMAkGA1UdEwQCMAAwQQYDVR0gBDowODA2BgorBgEEAftLBQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9kb2NzLnVuaXZlcnNpZ24uZXUvMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwudW5pdmVyc2lnbi5ldS91bml2ZXJzaWduX3RzYV9yb290XzIwMTUuY3JsMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAfBgNVHSMEGDAWgBT6Te1XO70/85Ezmgs5pH9dEt0HRjANBgkqhkiG9w0BAQsFAAOCAQEAM1pmbLsBnQ6wIo+eZA7Gm9sgVPFkV6sT/jKzI+VV31/XluCt4FZ6QrQxpNnfYLcKW/aTlLfXv3tZxfPoSaSRo0UdwQB62wKHKK1Ht2rrDLNg/GXJFUgGbyVHd8JohphxSgahdqKZwjKw6Bz5Guq+BxeJnseLbI2a2mDQNXNWdgBLkSNIlwayNxOUW1w2oSXsvUWo/QOqwbBb+yN5/UFHNMMHQgysi2ICRXfO9VcTrtTALyXwO0lq95v4oEK+EvbBwGKN+KVfMh3AEGDvD+u0tpMMVQWqfha9aThu6hARJtvtYrQo0z0xxI8Xw6XI2CCSDJKCii5fvS3085kQYxnJnTGCD34wgg96AgEBMIGMMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNQIRAKwX1LRdIBwuktKnRo75f1wwDQYJYIZIAWUDBAIBBQCgggESMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgmaKGszakb6yDvyWo9JyI97mmtwpCk3ymtFDpZCtGjNYwgcIGCyqGSIb3DQEJEAIMMYGyMIGvMIGsMIGpBBQeNoFgPxJGsxWx1FHS7k2Xb23nMTCBkDB7pHkwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhEArBfUtF0gHC6S0qdGjvl/XDANBgkqhkiG9w0BAQsFAASCAQB0l5gdcsr2if0E2vC+4HjED6vcmjX3jB6sz9pFeXad5RQaF/9KcnUPFfpBRldkl8WQmmpcNLo0c8xnG+YluDM3rxIju6IIkEMnkdAq5qW964r7mWnlHszekWPF85bNNoGNUBfTaAz0JYlMmtl//WtTjg/mXms1XKmOd/+Ec62BWlm8PrVjwSqZbMi8L20tLxM616pXWhbw5Zy4BIUhLZavQlynM/NYUwM1uxB+J40JJ59JbeZtMidXZkBp+M9Md3cOInDcARNysoeNewaJaMgLxdksHSDIuABeksKDCXUe80xXllZt1gTkQNSuThBr8qq+pA4R4hE0Un7hsSp4TaF4oYIMrDCB+wYLKoZIhvcNAQkQAhUxgeswgegwgeUwUTANBglghkgBZQMEAgMFAARA2T0WGDDbckV+bHZCcJ2LZcuu0P9BNqb+N6LA8zedQ5noDNOFgvL7lj8rZZELHM3BovZvY/Fqmx02Vfy4ij96nTCBjzB7pHkwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhA/y6YTRhSkT/KEuIyBp6ikMIIBDgYLKoZIhvcNAQkQAhYxgf4wgfswgfigge8wgewwgekwgeYwUTANBglghkgBZQMEAgMFAARAYKPiFQeLbxNNz+1FB7Cqtl1qxS7Sq3hKf7s1SGXWO2HPf/LRo6murVuOMWS8aEGKSqRXoowRig8aNN6vDTMWyTCBkDB3MQswCQYDVQQGEwJGUjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxKDAmBgNVBAMTH1VuaXZlcnNpZ24gVGltZXN0YW1waW5nIENBIDIwMTUXDTE4MDUwNTA2MzAzMFoCBgFLxlnQ86EEMAIwADCCAhsGCyqGSIb3DQEJEAIYMYICCjCCAgagggH+MIIB+jCCAfYwgd8CAQEwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1Fw0xODA1MDUwNjMwMzBaFw0xODA1MTIwNTMwMzBaoDQwMjAfBgNVHSMEGDAWgBT6Te1XO70/85Ezmgs5pH9dEt0HRjAPBgNVHRQECAIGAUvGWdDzMA0GCSqGSIb3DQEBCwUAA4IBAQAvn4IvU5VVPw2iCZs2C3EvEftqz2o9ex4Esu8Xpk+mvGU/eDH/1Z4sZQZIObiBZ+eestigPy0+qCEHHCnqMHKJVvzMekDhzggnuieXk+FWJZL52mCyXcPXybfFWKC8tVi41RBGThBQw7dpnVY6lPx7e1J00Vtn9vFbaSQrZ1HPSV3iyjO9dvM1Um+ekg6EmJTrsEyfJm1msdtdJQ9Jl1KyZdrxXDBS3pOcJ3NjsrdLT+7mTOj+LB3DuouvO2wiB3VeI6ZgR5FSMNiPAAo7NniH7axSoukWHMgt5bxKQx2oINmvImwzTh8pS+eN84e9gT3G68UOppoRFdY6LuAo4yxroQIwADCCCHkGCyqGSIb3DQEJEAIXMYIIaDCCCGQwggP/MIIC56ADAgECAhA/y6YTRhSkT/KEuIyBp6ikMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTAeFw0xNTAxMjkxNDAzMTVaFw0yNTAxMjkxNDAzMTVaMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhzVUnr1bvSiN7C0psItn4/xsMBUnWq6POAhkS+bXkZhfsmn4eX2vDEF2zBJnxLkD/H7SPpgw4cfRn6IaXrj37QYZfWB0C6i9ApKGy8tLMP/Bog3GRddNVekBbdXh2cKBxveppX+k701OT+x1EnEzyVS1a4PtMQB8vPPtRyXqAGMNMDQbP4C1SQ1Y9yh8Ja4N+JIM46nIrBLGi917pJHAd1NdciILYOmF9+Ouvvgy8tvQtrkkBTCYksgfjaP9+uBl5aTXjzAszAFb6W+sgm0/Pt4c21OU19AuuaYkdbiX7K9Ox0kkOztBi1/MFM2DXOpXx6j+EfEVMUnz9P3BOYQ0kCAwEAAaOBhjCBgzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBBBgNVHSAEOjA4MDYGCisGAQQB+0sFAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wHQYDVR0OBBYEFPpN7Vc7vT/zkTOaCzmkf10S3QdGMA0GCSqGSIb3DQEBCwUAA4IBAQBzu53rv3fCB2NHxdzUvju591VNqYjlId85OG1E5+fwkvQe40cp1GC/oI6l2O23pHBARRRf+SbtD4+f4DaAD9eg9+oPSIx8/reQwzKqBqUQ9G/6VdsXDcZIL0FD2zYUvtJy9K4+btUNmGlg3nE3ofvbLjPsGCwNU2GQy7kCJbBtpYX4EfNl6K69gdfTP86BjagfSGW6i+5EBqdB3h05rvdttmFMk8VTOSB4jM6K5hLjbUiICqyOQXC7f6Th0wOph8MpRIhNszKaREOzNHRYY3MgjLY2xMFwpgIeZshX1L7XrmLxiN6StoGNNNJul9u3LzsDVLncLMDYQ3WqeZA/CoV+MIIEXTCCA0WgAwIBAgIRAKwX1LRdIBwuktKnRo75f1wwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1MB4XDTE4MDQyNjE2MTAyMVoXDTI0MDQyNjE2MTAyMVoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjAxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJel+UH6xTTtwfeMYvcVfXSe461etqgyvDGesft7Spl2AW9EyHV8JItzg5YAVccdgCuZie0LiaMN0m3dt97rZihteCzXnlhgNf1/Fww+DfolE2gnma+R1L+JUZ/LEwbQHmg0xJNbU4ZDYhvPpsZUhmjBFhQOIM1hmrZsuV847LQNCJws0NDYR+B+It0Qljt1SXlf9qTK5mw4btPLbn5pGmswqOclvlnf97iWDaFSzikRjZYPDPeKG36RLW3SFv3DeLjfUNpIwNZqPEWWCHGY+NNRDUacuR0w+Il0QASgA/tzwERPcvdpoAdj0XOOednUdjdVTAuOruSNZ1vb6Yix0F8CAwEAAaOB4jCB3zAJBgNVHRMEAjAAMEEGA1UdIAQ6MDgwNgYKKwYBBAH7SwUBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vZG9jcy51bml2ZXJzaWduLmV1LzBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLnVuaXZlcnNpZ24uZXUvdW5pdmVyc2lnbl90c2Ffcm9vdF8yMDE1LmNybDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHwYDVR0jBBgwFoAU+k3tVzu9P/ORM5oLOaR/XRLdB0YwDQYJKoZIhvcNAQELBQADggEBADNaZmy7AZ0OsCKPnmQOxpvbIFTxZFerE/4ysyPlVd9f15bgreBWekK0MaTZ32C3Clv2k5S31797WcXz6EmkkaNFHcEAetsChyitR7dq6wyzYPxlyRVIBm8lR3fCaIaYcUoGoXaimcIysOgc+RrqvgcXiZ7Hi2yNmtpg0DVzVnYAS5EjSJcGsjcTlFtcNqEl7L1FqP0DqsGwW/sjef1BRzTDB0IMrItiAkV3zvVXE67UwC8l8DtJaveb+KBCvhL2wcBijfilXzIdwBBg7w/rtLaTDFUFqn4WvWk4buoQESbb7WK0KNM9McSPF8OlyNggkgySgoouX70t9POZEGMZyZ0=";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(sigTst));
	Attribute sigTstsAttibute = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(asn1Primitive));
	assertFalse(DSSASN1Utils.isArchiveTimeStampToken(sigTstsAttibute));
	
	String certValues = "MIIL6wYLKoZIhvcNAQkQAhcxggvaMIIL1jCCBZ8wggSHoAMCAQICFDdbittYXdJlQ+xDC4cAUwx+EP2eMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDUzMDE4MTU0OVoXDTIxMDMxNzE4MzMzM1owaDELMAkGA1UEBhMCTkwxIDAeBgNVBAoTF1F1b1ZhZGlzIFRydXN0bGluayBCLlYuMTcwNQYDVQQDEy5RdW9WYWRpcyBFVSBJc3N1aW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlBRBbnMy0pZB34/kk8jnEovgphznCp1JvoZ1DDG/OaCusN1fgkglNJp/Evw+h59cobd/md2BBc3d95yvERP9LEgWYIFxzkm4eqU7TARr926V06gX8T5+4EAusMApvT4rbcbQYaEpcC1HgKmEJd96N3WHtXZdYmkW7y4bd1tJanTMdyudKmUwZKzlkCSNKzU0mV+AP1+DJzCtKiTzM4nBTPFjMrl73/AUf1m9hw7rblA226EEtyjMtfeEfN7zkuXqtXcVbWiQUjEdan8mBLz9miHPTjL0FvggDk/Oa94d6yEX9pbVyjfjrRFbWzIOgeFo5yHUf0qA0TXdgHHGMjHt6aEX2fuAEWkvaEQ4Qi7l/2GvtH+S74ziOtEq2JUtamrF434yYVXzYJLgmYtBXqg/WSazpyExXhNEsGsq6jAbqb4rQbNK7Vg4xux+JvaLPx/qPqpTQCHB3PAw9N1TSJ9XKLP8kyN5IME9A5ss9/8UIlLIHS76nZWQZ3GMcAKFr3C4ixaVrRVg55Vuqs3W1GIxyGgyfjMgD1nclYXG831DZAMOdwE0zV4k8c0HrE4yGdOlN6nrEtCrtpguuyLYIs6JbHVcGkby8NhOatTor2O5dP32FxeW3fVyjxeXmcBejHys/O+TMNY0EK7AfqALC6uKfpNaVd6OlKso3UiK+runT3UCAwEAAaOCASgwggEkMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAowCDAGBgRVHSAAMHEGCCsGAQUFBwEBBGUwYzAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AucXVvdmFkaXNnbG9iYWwuY29tMDUGCCsGAQUFBzAChilodHRwOi8vdHJ1c3QucXVvdmFkaXNnbG9iYWwuY29tL3F2cmNhLmNydDAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUi0tt7dMpuQYZ7Dk5qfCXhGrL798wOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5xdW92YWRpc2dsb2JhbC5jb20vcXZyY2EuY3JsMB0GA1UdDgQWBBRCqOm7Hqee0exyCLFux9EparVQwDANBgkqhkiG9w0BAQsFAAOCAQEAZajTI1M89DmOH/tGsTZE3Naw+CVX2B0j8LvFG9jEUkTYz6Dsw8LfEb+Uid5ifBhC8zjXLH5UhYDBbjExzL3tDoFoXru1SgbS7fwO0ZpdrbP04ej28itV8NZQ1ubk5yuX5hbacGZxaN9/yD05YOMmWsgpcZNwfx+vJRdb27d/uiSmCZEroXUV5P51/M3OTFzUcgLAwWTuerzTAZKHxaIyqRtBr+g6P2GkMKh4A8rh/8nDQ5OpnSnwbclu/8FAXA3T6cMBfOR5WSoOFjjFcTsRl0gfUH1RdkPZBmMcBwWghbbxAXAVVV7TVPSNvL4lOcHu+vrEVA8o5Nx+AjMoGd81njCCBi8wggQXoAMCAQICFHYTs6Bw9lAsrH0sHTtXloeZH/jjMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAk5MMSAwHgYDVQQKExdRdW9WYWRpcyBUcnVzdGxpbmsgQi5WLjE3MDUGA1UEAxMuUXVvVmFkaXMgRVUgSXNzdWluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMzAeFw0xNjA3MDQxODQyMzhaFw0xOTA3MDQxODQyMzRaMIGuMQswCQYDVQQGEwJCRTEQMA4GA1UECBMHQnJ1c3NlbDESMBAGA1UEBxMJRXR0ZXJiZWVrMRwwGgYDVQQKExNFdXJvcGVhbiBDb21taXNzaW9uMRgwFgYDVQQLEw9ESUdJVCBFU1NJIFRFU1QxGTAXBgNVBCoTEEdlcnRydWQgTWFyaWFubmUxETAPBgNVBAQTCEluZ2VzdGFkMRMwEQYDVQQDDApFQ19MT19URVNUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eTl8wQyRbTTmyikE9q9MXQuF9NR46cZJ/TD43dw7gNqsISg4u5ltOaFDj5WSfMy3yoe4vL315hVd3R6f7asYSXLqWBsJ4n9mbs32yi6cIcbjFsGLwCCRAZQQmLny7GlwGcSzPBYt9KW/89wd58uzfZvqP2Ty4YY4TFmdUvoVXpdoGzL5BLqIqO3IogjFfjLaX0QjEFYKQpCTq+9Py68bJGrS0syFzhCl3KoyEnA5I4aT79kZ1w3oKCTr/6eHxig0+mn4wl3Ku09WcCmK5GfZ3ZyWUa1CmVVdAQ8xp3MInCMSmuI0XIK3nvueGxBgCFYAcrrUGXTo3b3wjckgxfo1wIDAQABo4IBiDCCAYQwWQYDVR0gBFIwUDAIBgYEAIswAQIwRAYKKwYBBAG+WAGDQjA2MDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9yZXBvc2l0b3J5MCQGCCsGAQUFBwEDBBgwFjAKBggrBgEFBQcLAjAIBgYEAI5GAQEwdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92YWRpc2dsb2JhbC5jb20vcXZldWNhZzMuY3J0MA4GA1UdDwEB/wQEAwIGQDAfBgNVHSMEGDAWgBRCqOm7Hqee0exyCLFux9EparVQwDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmV1Y2FnMy5jcmwwHQYDVR0OBBYEFM6QS1LBuAXuLgEbcD7uwVxRNZX4MA0GCSqGSIb3DQEBCwUAA4ICAQBvQC0lq+CzKXkkfYWVlfJBDWFZBf0eY0fGk6leTUMEm5S0m5ACDxKxDRg1h/pL6x6PmjuWS030TjsKUJp4NGMeqbESDd5aXkm2WyVegzKwRaXgDVih/V+cUTAIv7k0xQOMegiFZ4rDD+0HiykmIIFXhOCOo9TbBn7X0je2vHop7YiAXpwjmoZI3tUNlHBSfMmoalXjVc1TTYHFi+5ntUzpLySFnhv7/h16nQQhUXvP37Ob+Ia6EPyOlwz4QeOoBBdUTqhCA3sQjpqvTIRuWp46yoMAZGPEnzB8sB8ddJM/bC0aHcu3viaYZ+tH3UwLOEVs0ebmVouYOhTg543n0u3uXS/ZlgKXSDG7NnUsfg7n717MG94RUQj9FLux7PPENPAaxP9VN8MaX4QQw4ybrVxGlSbZZlcMHL3++U26Nga+Oekasr261b6SAI4ro6amxMIo8pAR38LSwnAbI15mUDv+Ow712yGdf7ezMJkLZp1u/A6WYAsuPU2YbZ7iFofX1ApvGJyDWVv3nVjipjQ/xgcdcKvPwHhaQd4kJ8+LYsiFPehm/7xXSG3dUWkVUgNcAmOzZH10Z9OfPYDJlQgNxJJ+aloYiFtQKuc2+6cT0PwHcMDRICnGKZ+rweMUkI0v9b6fqnZ8OohiSKOVeWwrWqVIKEYZULZryJqdJfZ88LXUoA==";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(certValues));
	Attribute certValuesAttibute = new Attribute(PKCSObjectIdentifiers.id_aa_ets_certValues, new DERSet(asn1Primitive));
	assertFalse(DSSASN1Utils.isArchiveTimeStampToken(certValuesAttibute));
}
 
Example #9
Source File: SigningCertificateV2.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
	public Attribute getValue() throws SignerException {
		try {
			X509Certificate cert = (X509Certificate) certificates[0];
			X509Certificate issuerCert = (X509Certificate) certificates[1];
			Digest digest = DigestFactory.getInstance().factoryDefault();
			digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
			byte[] certHash = digest.digest(cert.getEncoded());
			X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
			GeneralName name = new GeneralName(dirName);
			GeneralNames issuer = new GeneralNames(name);
			ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
			IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
			AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);// SHA-256
			ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algId, certHash, issuerSerial);
//			return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(essCertIDv2)));
			return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(
					new ASN1Encodable[] { new DERSequence(essCertIDv2) })));
		} catch (CertificateEncodingException ex) {
			throw new SignerException(ex.getMessage());
		}
	}
 
Example #10
Source File: TimeStampToken.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public Attribute getValue() throws SignerException {
    try {
        logger.info(cadesMessagesBundle.getString("info.tsa.connecting"));

        if (timeStampGenerator != null) {
              //Inicializa os valores para o timestmap
        	timeStampGenerator.initialize(content, privateKey, certificates, hash);

            //Obtem o carimbo de tempo atraves do servidor TSA
            byte[] response = timeStampGenerator.generateTimeStamp();

            //Valida o carimbo de tempo gerado
            timeStampGenerator.validateTimeStamp(content, response, hash);

            return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(ASN1Primitive.fromByteArray(response)));
        } else {
            throw new SignerException(cadesMessagesBundle.getString("error.tsa.not.found"));
        }
    } catch (SecurityException | IOException ex) {
        throw new SignerException(ex.getMessage());
    }
}
 
Example #11
Source File: SigningCertificate.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public Attribute getValue() {
    try {
        X509Certificate cert = (X509Certificate) certificates[0];
        Digest digest = DigestFactory.getInstance().factoryDefault();
        digest.setAlgorithm(DigestAlgorithmEnum.SHA_1);
        byte[] hash = digest.digest(cert.getEncoded());
        X500Name dirName = new X500Name(cert.getSubjectDN().getName());
        GeneralName name = new GeneralName(dirName);
        GeneralNames issuer = new GeneralNames(name);
        ASN1Integer serial = new ASN1Integer(cert.getSerialNumber());
        IssuerSerial issuerSerial = new IssuerSerial(issuer, serial);
        ESSCertID essCertId = new ESSCertID(hash, issuerSerial);
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(new ASN1Encodable[]{new DERSequence(essCertId), new DERSequence(DERNull.INSTANCE)})));

    } catch (CertificateEncodingException ex) {
        throw new SignerException(ex.getMessage());
    }
}
 
Example #12
Source File: EscTimeStamp.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public Attribute getValue() throws SignerException {
	try {
        logger.info(cadesMessagesBundle.getString("info.tsa.connecting"));

        if (timeStampGenerator != null) {
              //Inicializa os valores para o timestmap
        	timeStampGenerator.initialize(content, privateKey, certificates, hash);

            //Obtem o carimbo de tempo atraves do servidor TSA
            byte[] response = timeStampGenerator.generateTimeStamp();

            //Valida o carimbo de tempo gerado
            timeStampGenerator.validateTimeStamp(content, response, hash);

            return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(ASN1Primitive.fromByteArray(response)));
        } else {
            throw new SignerException(cadesMessagesBundle.getString("error.tsa.not.found"));
        }
    } catch (SecurityException | IOException ex) {
    }
    throw new UnsupportedOperationException(cadesMessagesBundle.getString("error.not.supported",getClass().getName()));
}
 
Example #13
Source File: CertValues.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
  public Attribute getValue() throws SignerException {

  	List<org.bouncycastle.asn1.x509.Certificate> certificateValues = new ArrayList<org.bouncycastle.asn1.x509.Certificate>();
  	try {
  		
  		int chainSize = certificates.length -1;
   		  for (int i = 0; i < chainSize; i++ ){
  		  	    X509Certificate cert = (X509Certificate) certificates[i];
  		  	  byte data[] = cert.getEncoded();
  		  	  certificateValues.add(org.bouncycastle.asn1.x509.Certificate.getInstance(data));    		  	  
  		 }	 
  		  org.bouncycastle.asn1.x509.Certificate[] certValuesArray = new org.bouncycastle.asn1.x509.Certificate[certificateValues.size()];
	return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(certificateValues.toArray(certValuesArray))));
  	} catch (CertificateEncodingException e) {
  		throw new SignerException(e.getMessage());
}
  }
 
Example #14
Source File: CMSSignedDataWrapper.java    From Websocket-Smart-Card-Signer with GNU Affero General Public License v3.0 6 votes vote down vote up
private static ASN1Set buildSignedAttributes(byte[] hash, Date dateTime, X509Certificate cert) throws Exception {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new Attribute(CMSAttributes.contentType, new DERSet(PKCSObjectIdentifiers.data)));
    if (dateTime != null)
        v.add(new Attribute(CMSAttributes.signingTime, new DERSet(new Time(dateTime))));
    v.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(hash))));

    // CADES support section
    ASN1EncodableVector aaV2 = new ASN1EncodableVector();
    AlgorithmIdentifier algoId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(CMSSignedDataGenerator.DIGEST_SHA256), null);
    aaV2.add(algoId);
    byte[] dig = SignUtils.calculateHASH(CMSSignedDataGenerator.DIGEST_SHA256, cert.getEncoded());
    aaV2.add(new DEROctetString(dig));
    Attribute cades = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(new DERSequence(new DERSequence(new DERSequence(aaV2)))));
    v.add(cades);

    ASN1Set signedAttributes = new DERSet(v);
    return signedAttributes;
}
 
Example #15
Source File: RevocationValues.java    From signer with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
  public Attribute getValue() throws SignerException {
  	List<X509CRL> crlList = new ArrayList<X509CRL>();
  	ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>();
  	List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>();
  	try {
  	
  		int chainSize = certificates.length -1;
  		for (int ix = 0; ix < chainSize; ix++ ){
  			X509Certificate cert = (X509Certificate) certificates[ix];
  			Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
  			for (ICPBR_CRL icpCrl : icpCrls) {
  				crlList.add(icpCrl.getCRL());
  			}				
  		}
  		if (crlList.isEmpty()){
  			throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty"));
  		}else{
  			for(X509CRL varCrl : crlList){
  				crlVals.add(CertificateList.getInstance(varCrl.getEncoded()));
  				
  				
  			}
  		}
  		CertificateList[] crlValuesArray = new CertificateList[crlVals.size()];
  		BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()];
  		//	OtherRevVals otherRevVals = new OtherRevVals(null);
  		//return new Attribute(new ASN1ObjectIdentifier(identifier),	new DERSet(null));
  		//org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), ocspVals.toArray(ocspValuesArray), null);
  		//org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null);
  		return new Attribute(new ASN1ObjectIdentifier(identifier),new DERSet(new DERSequence(crlVals.toArray(crlValuesArray))));
  	} catch (Exception e) {
  		throw new SignerException(e.getMessage());
}
  }
 
Example #16
Source File: DSSASN1UtilsTest.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Test
public void findArchiveTimeStampTokensTest() {
	ASN1EncodableVector asn1EncodableVector = new ASN1EncodableVector();
	
	String atstV2 = "MIIIcgYJKoZIhvcNAQcCoIIIYzCCCF8CAQMxDzANBglghkgBZQMEAgEFADCCARMGCyqGSIb3DQEJEAEEoIIBAgSB/zCB/AIBAQYKKwYBBAH7SwUCAjAxMA0GCWCGSAFlAwQCAQUABCAm67S7cA/ArzsncKnDKJk7AQVkbbH2LmjhxjNFGKEKeAIVAKQr5q6pobk+BGS1xZJBa0LrWjgtGBMyMDE4MDUwNzE0MTMxNy41OTNaMAOAAQECCQDdRKjMw1Tj/aB8pHoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjExHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUqCCBGAwggRcMIIDRKADAgECAhBaH/CXaf7oPTjm1eRV0Qf/MA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTAeFw0xODA0MjYxNjE5MjZaFw0yNDA0MjYxNjE5MjZaMHgxKTAnBgNVBAMTIFVuaXZlcnNpZ24gVGltZXN0YW1waW5nIFVuaXQgMDIxMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDELMAkGA1UEBhMCRlIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQMcsEWLDspCSdwPsmLqo/JwAbZG/dKvJmZEDhMFQti8RSm1GYqyh+tqrLFxEbLZod7o61Qp5j6DivuhnBrqwztlUYih7hJfMcYbwPeU6tDk1MOvXFtU/H5swTnZOU87ub/NItmxqm51jPmFhJZJG6UAuPskZbZaSJWmeKGTnj9xTy4trxz2f7dd1d/WWx8vhqcJ8WqQOc8mUGdRrkLZ5gPBVvRrZzb6PzgQuPB4UBS2ijufG6kPtPXM4yMHYYUmA9rujiJ2f/FKyA4ZNV411uFjTrPRFIuIrwUXNiV6f9EUAW2UqPYl4moxx1/jj7hS3ErxjmDh3/uwiqulaytosFAgMBAAGjgeIwgd8wCQYDVR0TBAIwADBBBgNVHSAEOjA4MDYGCisGAQQB+0sFAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC51bml2ZXJzaWduLmV1L3VuaXZlcnNpZ25fdHNhX3Jvb3RfMjAxNS5jcmwwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMB8GA1UdIwQYMBaAFPpN7Vc7vT/zkTOaCzmkf10S3QdGMA0GCSqGSIb3DQEBCwUAA4IBAQBWR3oSNvA0PY+MArWaEHJYSYCLZQlviCVnpbH7Oc9HEFU6CdzWnYsC/fnM5z7i/1OqSn/BId7n2e86M9aZ5ADfi0frJxys2OxxvitopvTzS5+He63IDCrkUNbGcqJ8w/nm3egoSALfC1jcCOODp3mdYjG8u2m8izdvnL6PSIQH204eDUNG2mfdq+4/3dP5frtLetRth0GIGyfCfbAk9JQuLYccnmCxM61MUGb3lKAwcOdkXYO/cb41eEvcqc0XZAzFOJynZX++CKz59vxu7yGUdvJ/B3r8wT5h7nYy69cVdD2dciMPZ6q4CL7OFbHekML0zMzGGq9RCueM3g96+wgcMYICzDCCAsgCAQEwgYswdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhBaH/CXaf7oPTjm1eRV0Qf/MA0GCWCGSAFlAwQCAQUAoIIBETAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEINTyZn1Qwk+ObcyBn8lOomMd1ONT4hIgFTENpywHUxbEMIHBBgsqhkiG9w0BCRACDDGBsTCBrjCBqzCBqAQUCPAR2aMafE51hsHQENTQcKe6lWAwgY8we6R5MHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNQIQWh/wl2n+6D045tXkVdEH/zANBgkqhkiG9w0BAQsFAASCAQA4NsVVHBUrIs+zoonsl2eFUVwBehoTZJJvLSp41Q3jdAci2ppTzL/8rsvlv3RwDc6lMcOFDZhSuKOIT8rLXPg050xAglxUzkN0r9WpscQ6/cfJZmvVTf01gERTYuqrLhs5lF2qdEOty+42VeJB4hW/gAunEQxJuOyO1xGRBkgyIQq2t63FcwR/+Qw9IWRByNp15Bdt30HpvmyvhR3y/T4hK/9NatRAxoBIRhHXlwUT15Bphf22bDuOyEJyOYnviAvpcUq0g5v7KQcIJdmk93elzo+n8yIwCS7lm3XhZYLsyocLbQBP6oNCZlrNZ4YL4SuMcP0JWW7jfj/+OzWGax8H";
	ASN1Primitive asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(atstV2));
	Attribute atstV2Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV2, new DERSet(asn1Primitive));
	asn1EncodableVector.add(atstV2Attibute);
	
	String malformedAtstV2 = "MIIIhwYLKoZIhvcNAQkQAjAxggh2MIIIcgYJKoZIhvcNAQcCoIIIYzCCCF8CAQMxDzANBglghkgBZQMEAgEFADCCARMGCyqGSIb3DQEJEAEEoIIBAgSB/zCB/AIBAQYKKwYBBAH7SwUCAjAxMA0GCWCGSAFlAwQCAQUABCAm67S7cA/ArzsncKnDKJk7AQVkbbH2LmjhxjNFGKEKeAIVAKQr5q6pobk+BGS1xZJBa0LrWjgtGBMyMDE4MDUwNzE0MTMxNy41OTNaMAOAAQECCQDdRKjMw1Tj/aB8pHoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjExHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUqCCBGAwggRcMIIDRKADAgECAhBaH/CXaf7oPTjm1eRV0Qf/MA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTAeFw0xODA0MjYxNjE5MjZaFw0yNDA0MjYxNjE5MjZaMHgxKTAnBgNVBAMTIFVuaXZlcnNpZ24gVGltZXN0YW1waW5nIFVuaXQgMDIxMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDELMAkGA1UEBhMCRlIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQMcsEWLDspCSdwPsmLqo/JwAbZG/dKvJmZEDhMFQti8RSm1GYqyh+tqrLFxEbLZod7o61Qp5j6DivuhnBrqwztlUYih7hJfMcYbwPeU6tDk1MOvXFtU/H5swTnZOU87ub/NItmxqm51jPmFhJZJG6UAuPskZbZaSJWmeKGTnj9xTy4trxz2f7dd1d/WWx8vhqcJ8WqQOc8mUGdRrkLZ5gPBVvRrZzb6PzgQuPB4UBS2ijufG6kPtPXM4yMHYYUmA9rujiJ2f/FKyA4ZNV411uFjTrPRFIuIrwUXNiV6f9EUAW2UqPYl4moxx1/jj7hS3ErxjmDh3/uwiqulaytosFAgMBAAGjgeIwgd8wCQYDVR0TBAIwADBBBgNVHSAEOjA4MDYGCisGAQQB+0sFAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC51bml2ZXJzaWduLmV1L3VuaXZlcnNpZ25fdHNhX3Jvb3RfMjAxNS5jcmwwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMB8GA1UdIwQYMBaAFPpN7Vc7vT/zkTOaCzmkf10S3QdGMA0GCSqGSIb3DQEBCwUAA4IBAQBWR3oSNvA0PY+MArWaEHJYSYCLZQlviCVnpbH7Oc9HEFU6CdzWnYsC/fnM5z7i/1OqSn/BId7n2e86M9aZ5ADfi0frJxys2OxxvitopvTzS5+He63IDCrkUNbGcqJ8w/nm3egoSALfC1jcCOODp3mdYjG8u2m8izdvnL6PSIQH204eDUNG2mfdq+4/3dP5frtLetRth0GIGyfCfbAk9JQuLYccnmCxM61MUGb3lKAwcOdkXYO/cb41eEvcqc0XZAzFOJynZX++CKz59vxu7yGUdvJ/B3r8wT5h7nYy69cVdD2dciMPZ6q4CL7OFbHekML0zMzGGq9RCueM3g96+wgcMYICzDCCAsgCAQEwgYswdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhBaH/CXaf7oPTjm1eRV0Qf/MA0GCWCGSAFlAwQCAQUAoIIBETAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEINTyZn1Qwk+ObcyBn8lOomMd1ONT4hIgFTENpywHUxbEMIHBBgsqhkiG9w0BCRACDDGBsTCBrjCBqzCBqAQUCPAR2aMafE51hsHQENTQcKe6lWAwgY8we6R5MHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNQIQWh/wl2n+6D045tXkVdEH/zANBgkqhkiG9w0BAQsFAASCAQA4NsVVHBUrIs+zoonsl2eFUVwBehoTZJJvLSp41Q3jdAci2ppTzL/8rsvlv3RwDc6lMcOFDZhSuKOIT8rLXPg050xAglxUzkN0r9WpscQ6/cfJZmvVTf01gERTYuqrLhs5lF2qdEOty+42VeJB4hW/gAunEQxJuOyO1xGRBkgyIQq2t63FcwR/+Qw9IWRByNp15Bdt30HpvmyvhR3y/T4hK/9NatRAxoBIRhHXlwUT15Bphf22bDuOyEJyOYnviAvpcUq0g5v7KQcIJdmk93elzo+n8yIwCS7lm3XhZYLsyocLbQBP6oNCZlrNZ4YL4SuMcP0JWW7jfj/+OzWGax8H";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(malformedAtstV2));
	Attribute malformedAtstV2Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV2, new DERSet(asn1Primitive));
	asn1EncodableVector.add(malformedAtstV2Attibute);
	
	String atstV3 = "MIIJWwYJKoZIhvcNAQcCoIIJTDCCCUgCAQMxDzANBglghkgBZQMEAgMFADCB/gYLKoZIhvcNAQkQAQSgge4EgeswgegCAQEGBgQAj2cBATAxMA0GCWCGSAFlAwQCAQUABCCn0cRUUvQwpjtFZ8VAx0nzxzu3gZ2Ymqcp87qgiY/4OQIIXuTHubzkaM4YDzIwMjAwNDExMTIzNDQwWjADAgEBAgiO+SBfQ41ZO6B+pHwwejEnMCUGA1UEAwweU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWSAyMDIwMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEMMAoGA1UECwwDVFNBMRswGQYDVQQKDBJTSyBJRCBTb2x1dGlvbnMgQVMxCzAJBgNVBAYTAkVFoIIEGjCCBBYwggL+oAMCAQICEGI2fXRa2UOrXaRQuV4/+m4wDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxKDAmBgNVBAMMH0VFIENlcnRpZmljYXRpb24gQ2VudHJlIFJvb3QgQ0ExGDAWBgkqhkiG9w0BCQEWCXBraUBzay5lZTAeFw0xOTEyMzEyMjAwMDBaFw0yNDEyMzEyMjAwMDBaMHoxJzAlBgNVBAMMHlNLIFRJTUVTVEFNUElORyBBVVRIT1JJVFkgMjAyMDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxDDAKBgNVBAsMA1RTQTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMQswCQYDVQQGEwJFRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXTh6Dv8RAF1WHepuuEISh6DWYU+S/sBJDufQx+CvJVta//5BCbrH2OtMw2PKPbPeh2AAnEDkfWJbYN0953qkWSeRhD7ebhcwls7kncsSFjGnMbv7EmGpZ+G6mwnfezC+KlXb8DxizRkbvFLbstCcocrqASAh1HIMsNTtgE5XPvec3YRryqteYGsxl06VVGIC6SJ5AoadaI2Qr/1hXSjd3TRgebap98bHX1Hxg1sXuICxRS3l48aNKU9mPuYSRdfq/j5ZWUZ7tSylxHKx8Xssmfii+sEi1Mr38WfvuYXdMEdaQp1YGfoX2GhmfmBkSV7YiAPAxanimeqgIQPGur/fUCAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKg+Cij+kSqhnWH1zZU9+aXNRpIxMB8GA1UdIwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL2FpYS5zay5lZS9DQTANBgkqhkiG9w0BAQsFAAOCAQEACdOkKf5IjoXDWxLA1FRny7lcnCoxG6xhjFpwI9fEtPGlse4o17Qw/ZmOQsbUVJfSG4wf3spf0bfEQ1VEbSIqIjXJJMQv2zh8Ygo9ljQr0caPBk/6p+DNb1f0svL8Mf2ZWLGa5UZ7qO/3aj7EMsSIERm1Kddm1SjuCkG+AzTnAOig8HD3ds7+JwU/+F1u6g9O7KVvSz1ShL7DlNTFdbc54w9JQuWS+uxXQfJChCQm2zX6lS1QTmIwaKXLeas0yyzweS05lfCNvNV80xKnhcWxcvsKO1Tk+it+jmEnfvQpz59jP5elX60gotzr2lnKvpYIBkdZEMw7EuJTdSaMmand/TGCBBEwggQNAgEBMIGJMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUCEGI2fXRa2UOrXaRQuV4/+m4wDQYJYIZIAWUDBAIDBQCgggFNMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjAwNDExMTIzNDQwWjBPBgkqhkiG9w0BCQQxQgRAH9gYJ4dHC7QWYpAOC+dYActRLeKsE0lMir0l78LMHQaKYrby5Kkz0wJXGSgKqhkrNK+gzv/uFGBIdudAa6PilDCBvwYLKoZIhvcNAQkQAgwxga8wgawwgakwgaYEFByzCZkAs/MvzNPr/6e11uQdAcXVMIGNMHmkdzB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlAhBiNn10WtlDq12kULleP/puMA0GCSqGSIb3DQEBAQUABIIBALxEsyppFT3s3s0LFdo+xDC65viHa8yIi94z6WPczKq1Prf56SYrUmF72sDTHVnfRshFtOd+0trRXxHOB124UPsgTOpTzt2SKotduV3lHvKVPN1IFuHHSB9jJZXtnFQ4O1ePmjWWTFZ3kU0Uk6SWdPKEergwbL08AFVcucnBa/UdDN30xrit7YaW16UNQyvFSt9TTx8LL2mJvl1tjDrKn9V9ua4+B31nsYF6XT2ypfEaXZV1pEWqA20+RRcCctdMXSQl7UTx0L0BCfTBRsd86Me/Dk9J1yJkEeOKXfsTEtnKAQThjWtw4qGtswyqeCKh+EMCe62B5ZC+1bZTlohfD1GhggEHMIIBAwYGBACNRQIFMYH4MIH1MGYEIK3f+m/QgJpUqfCzH9JfdL9/LXrhHID9mdqg+2A6Zc0OBCCkXt47u/CciuFccu/AcmjWk6IcmW/VHmfKB5Rg/W2IcwQgYMHF0qMQHKR1OJ2F1UQbg+HTVL+OJeft+dR5H4CzDtowADCBiAQgvqmBrWZOoI5LCE6ZgL6B1pSwGikyP/Gpw87i+EyQp0cEIHmnEgy9yobW4GAfAad4eiVXn6pdMKNizXvUwzqd/eyKBCBu1yd6G1zNfHMHbTc/VvEe5Q85N/6gpJekpgWhLuBQxQQg3WcimJCwZgUxiFzPw7zMX8F4+FTiNC/lXpKaOmvbSQE=";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(atstV3));
	Attribute atstV3Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV3, new DERSet(asn1Primitive));
	asn1EncodableVector.add(atstV3Attibute);
	
	String sigTst = "MIIVJQYJKoZIhvcNAQcCoIIVFjCCFRICAQMxDzANBglghkgBZQMEAgEFADCCARMGCyqGSIb3DQEJEAEEoIIBAgSB/zCB/AIBAQYKKwYBBAH7SwUCAjAxMA0GCWCGSAFlAwQCAQUABCBT2S93XuvGV5XB9P74rlXpEBNQw7v+LkhVqlWcwyGgDwIVAKzJneGO+8crMY8T0qaCcD2284U4GBMyMDE4MDUwNzE0MTMxMS4xMDRaMAOAAQECCQDAIEqncxQduqB8pHoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjAxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUqCCBGEwggRdMIIDRaADAgECAhEArBfUtF0gHC6S0qdGjvl/XDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJGUjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxKDAmBgNVBAMTH1VuaXZlcnNpZ24gVGltZXN0YW1waW5nIENBIDIwMTUwHhcNMTgwNDI2MTYxMDIxWhcNMjQwNDI2MTYxMDIxWjB4MSkwJwYDVQQDEyBVbml2ZXJzaWduIFRpbWVzdGFtcGluZyBVbml0IDAyMDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxCzAJBgNVBAYTAkZSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6X5QfrFNO3B94xi9xV9dJ7jrV62qDK8MZ6x+3tKmXYBb0TIdXwki3ODlgBVxx2AK5mJ7QuJow3Sbd233utmKG14LNeeWGA1/X8XDD4N+iUTaCeZr5HUv4lRn8sTBtAeaDTEk1tThkNiG8+mxlSGaMEWFA4gzWGatmy5XzjstA0InCzQ0NhH4H4i3RCWO3VJeV/2pMrmbDhu08tufmkaazCo5yW+Wd/3uJYNoVLOKRGNlg8M94obfpEtbdIW/cN4uN9Q2kjA1mo8RZYIcZj401ENRpy5HTD4iXRABKAD+3PARE9y92mgB2PRc4552dR2N1VMC46u5I1nW9vpiLHQXwIDAQABo4HiMIHfMAkGA1UdEwQCMAAwQQYDVR0gBDowODA2BgorBgEEAftLBQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9kb2NzLnVuaXZlcnNpZ24uZXUvMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwudW5pdmVyc2lnbi5ldS91bml2ZXJzaWduX3RzYV9yb290XzIwMTUuY3JsMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAfBgNVHSMEGDAWgBT6Te1XO70/85Ezmgs5pH9dEt0HRjANBgkqhkiG9w0BAQsFAAOCAQEAM1pmbLsBnQ6wIo+eZA7Gm9sgVPFkV6sT/jKzI+VV31/XluCt4FZ6QrQxpNnfYLcKW/aTlLfXv3tZxfPoSaSRo0UdwQB62wKHKK1Ht2rrDLNg/GXJFUgGbyVHd8JohphxSgahdqKZwjKw6Bz5Guq+BxeJnseLbI2a2mDQNXNWdgBLkSNIlwayNxOUW1w2oSXsvUWo/QOqwbBb+yN5/UFHNMMHQgysi2ICRXfO9VcTrtTALyXwO0lq95v4oEK+EvbBwGKN+KVfMh3AEGDvD+u0tpMMVQWqfha9aThu6hARJtvtYrQo0z0xxI8Xw6XI2CCSDJKCii5fvS3085kQYxnJnTGCD34wgg96AgEBMIGMMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNQIRAKwX1LRdIBwuktKnRo75f1wwDQYJYIZIAWUDBAIBBQCgggESMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgmaKGszakb6yDvyWo9JyI97mmtwpCk3ymtFDpZCtGjNYwgcIGCyqGSIb3DQEJEAIMMYGyMIGvMIGsMIGpBBQeNoFgPxJGsxWx1FHS7k2Xb23nMTCBkDB7pHkwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhEArBfUtF0gHC6S0qdGjvl/XDANBgkqhkiG9w0BAQsFAASCAQB0l5gdcsr2if0E2vC+4HjED6vcmjX3jB6sz9pFeXad5RQaF/9KcnUPFfpBRldkl8WQmmpcNLo0c8xnG+YluDM3rxIju6IIkEMnkdAq5qW964r7mWnlHszekWPF85bNNoGNUBfTaAz0JYlMmtl//WtTjg/mXms1XKmOd/+Ec62BWlm8PrVjwSqZbMi8L20tLxM616pXWhbw5Zy4BIUhLZavQlynM/NYUwM1uxB+J40JJ59JbeZtMidXZkBp+M9Md3cOInDcARNysoeNewaJaMgLxdksHSDIuABeksKDCXUe80xXllZt1gTkQNSuThBr8qq+pA4R4hE0Un7hsSp4TaF4oYIMrDCB+wYLKoZIhvcNAQkQAhUxgeswgegwgeUwUTANBglghkgBZQMEAgMFAARA2T0WGDDbckV+bHZCcJ2LZcuu0P9BNqb+N6LA8zedQ5noDNOFgvL7lj8rZZELHM3BovZvY/Fqmx02Vfy4ij96nTCBjzB7pHkwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhA/y6YTRhSkT/KEuIyBp6ikMIIBDgYLKoZIhvcNAQkQAhYxgf4wgfswgfigge8wgewwgekwgeYwUTANBglghkgBZQMEAgMFAARAYKPiFQeLbxNNz+1FB7Cqtl1qxS7Sq3hKf7s1SGXWO2HPf/LRo6murVuOMWS8aEGKSqRXoowRig8aNN6vDTMWyTCBkDB3MQswCQYDVQQGEwJGUjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxKDAmBgNVBAMTH1VuaXZlcnNpZ24gVGltZXN0YW1waW5nIENBIDIwMTUXDTE4MDUwNTA2MzAzMFoCBgFLxlnQ86EEMAIwADCCAhsGCyqGSIb3DQEJEAIYMYICCjCCAgagggH+MIIB+jCCAfYwgd8CAQEwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1Fw0xODA1MDUwNjMwMzBaFw0xODA1MTIwNTMwMzBaoDQwMjAfBgNVHSMEGDAWgBT6Te1XO70/85Ezmgs5pH9dEt0HRjAPBgNVHRQECAIGAUvGWdDzMA0GCSqGSIb3DQEBCwUAA4IBAQAvn4IvU5VVPw2iCZs2C3EvEftqz2o9ex4Esu8Xpk+mvGU/eDH/1Z4sZQZIObiBZ+eestigPy0+qCEHHCnqMHKJVvzMekDhzggnuieXk+FWJZL52mCyXcPXybfFWKC8tVi41RBGThBQw7dpnVY6lPx7e1J00Vtn9vFbaSQrZ1HPSV3iyjO9dvM1Um+ekg6EmJTrsEyfJm1msdtdJQ9Jl1KyZdrxXDBS3pOcJ3NjsrdLT+7mTOj+LB3DuouvO2wiB3VeI6ZgR5FSMNiPAAo7NniH7axSoukWHMgt5bxKQx2oINmvImwzTh8pS+eN84e9gT3G68UOppoRFdY6LuAo4yxroQIwADCCCHkGCyqGSIb3DQEJEAIXMYIIaDCCCGQwggP/MIIC56ADAgECAhA/y6YTRhSkT/KEuIyBp6ikMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTAeFw0xNTAxMjkxNDAzMTVaFw0yNTAxMjkxNDAzMTVaMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhzVUnr1bvSiN7C0psItn4/xsMBUnWq6POAhkS+bXkZhfsmn4eX2vDEF2zBJnxLkD/H7SPpgw4cfRn6IaXrj37QYZfWB0C6i9ApKGy8tLMP/Bog3GRddNVekBbdXh2cKBxveppX+k701OT+x1EnEzyVS1a4PtMQB8vPPtRyXqAGMNMDQbP4C1SQ1Y9yh8Ja4N+JIM46nIrBLGi917pJHAd1NdciILYOmF9+Ouvvgy8tvQtrkkBTCYksgfjaP9+uBl5aTXjzAszAFb6W+sgm0/Pt4c21OU19AuuaYkdbiX7K9Ox0kkOztBi1/MFM2DXOpXx6j+EfEVMUnz9P3BOYQ0kCAwEAAaOBhjCBgzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBBBgNVHSAEOjA4MDYGCisGAQQB+0sFAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wHQYDVR0OBBYEFPpN7Vc7vT/zkTOaCzmkf10S3QdGMA0GCSqGSIb3DQEBCwUAA4IBAQBzu53rv3fCB2NHxdzUvju591VNqYjlId85OG1E5+fwkvQe40cp1GC/oI6l2O23pHBARRRf+SbtD4+f4DaAD9eg9+oPSIx8/reQwzKqBqUQ9G/6VdsXDcZIL0FD2zYUvtJy9K4+btUNmGlg3nE3ofvbLjPsGCwNU2GQy7kCJbBtpYX4EfNl6K69gdfTP86BjagfSGW6i+5EBqdB3h05rvdttmFMk8VTOSB4jM6K5hLjbUiICqyOQXC7f6Th0wOph8MpRIhNszKaREOzNHRYY3MgjLY2xMFwpgIeZshX1L7XrmLxiN6StoGNNNJul9u3LzsDVLncLMDYQ3WqeZA/CoV+MIIEXTCCA0WgAwIBAgIRAKwX1LRdIBwuktKnRo75f1wwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1MB4XDTE4MDQyNjE2MTAyMVoXDTI0MDQyNjE2MTAyMVoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjAxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJel+UH6xTTtwfeMYvcVfXSe461etqgyvDGesft7Spl2AW9EyHV8JItzg5YAVccdgCuZie0LiaMN0m3dt97rZihteCzXnlhgNf1/Fww+DfolE2gnma+R1L+JUZ/LEwbQHmg0xJNbU4ZDYhvPpsZUhmjBFhQOIM1hmrZsuV847LQNCJws0NDYR+B+It0Qljt1SXlf9qTK5mw4btPLbn5pGmswqOclvlnf97iWDaFSzikRjZYPDPeKG36RLW3SFv3DeLjfUNpIwNZqPEWWCHGY+NNRDUacuR0w+Il0QASgA/tzwERPcvdpoAdj0XOOednUdjdVTAuOruSNZ1vb6Yix0F8CAwEAAaOB4jCB3zAJBgNVHRMEAjAAMEEGA1UdIAQ6MDgwNgYKKwYBBAH7SwUBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vZG9jcy51bml2ZXJzaWduLmV1LzBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLnVuaXZlcnNpZ24uZXUvdW5pdmVyc2lnbl90c2Ffcm9vdF8yMDE1LmNybDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHwYDVR0jBBgwFoAU+k3tVzu9P/ORM5oLOaR/XRLdB0YwDQYJKoZIhvcNAQELBQADggEBADNaZmy7AZ0OsCKPnmQOxpvbIFTxZFerE/4ysyPlVd9f15bgreBWekK0MaTZ32C3Clv2k5S31797WcXz6EmkkaNFHcEAetsChyitR7dq6wyzYPxlyRVIBm8lR3fCaIaYcUoGoXaimcIysOgc+RrqvgcXiZ7Hi2yNmtpg0DVzVnYAS5EjSJcGsjcTlFtcNqEl7L1FqP0DqsGwW/sjef1BRzTDB0IMrItiAkV3zvVXE67UwC8l8DtJaveb+KBCvhL2wcBijfilXzIdwBBg7w/rtLaTDFUFqn4WvWk4buoQESbb7WK0KNM9McSPF8OlyNggkgySgoouX70t9POZEGMZyZ0=";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(sigTst));
	Attribute sigTstsAttibute = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(asn1Primitive));
	asn1EncodableVector.add(sigTstsAttibute);
	
	String certValues = "MIIL6wYLKoZIhvcNAQkQAhcxggvaMIIL1jCCBZ8wggSHoAMCAQICFDdbittYXdJlQ+xDC4cAUwx+EP2eMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDUzMDE4MTU0OVoXDTIxMDMxNzE4MzMzM1owaDELMAkGA1UEBhMCTkwxIDAeBgNVBAoTF1F1b1ZhZGlzIFRydXN0bGluayBCLlYuMTcwNQYDVQQDEy5RdW9WYWRpcyBFVSBJc3N1aW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlBRBbnMy0pZB34/kk8jnEovgphznCp1JvoZ1DDG/OaCusN1fgkglNJp/Evw+h59cobd/md2BBc3d95yvERP9LEgWYIFxzkm4eqU7TARr926V06gX8T5+4EAusMApvT4rbcbQYaEpcC1HgKmEJd96N3WHtXZdYmkW7y4bd1tJanTMdyudKmUwZKzlkCSNKzU0mV+AP1+DJzCtKiTzM4nBTPFjMrl73/AUf1m9hw7rblA226EEtyjMtfeEfN7zkuXqtXcVbWiQUjEdan8mBLz9miHPTjL0FvggDk/Oa94d6yEX9pbVyjfjrRFbWzIOgeFo5yHUf0qA0TXdgHHGMjHt6aEX2fuAEWkvaEQ4Qi7l/2GvtH+S74ziOtEq2JUtamrF434yYVXzYJLgmYtBXqg/WSazpyExXhNEsGsq6jAbqb4rQbNK7Vg4xux+JvaLPx/qPqpTQCHB3PAw9N1TSJ9XKLP8kyN5IME9A5ss9/8UIlLIHS76nZWQZ3GMcAKFr3C4ixaVrRVg55Vuqs3W1GIxyGgyfjMgD1nclYXG831DZAMOdwE0zV4k8c0HrE4yGdOlN6nrEtCrtpguuyLYIs6JbHVcGkby8NhOatTor2O5dP32FxeW3fVyjxeXmcBejHys/O+TMNY0EK7AfqALC6uKfpNaVd6OlKso3UiK+runT3UCAwEAAaOCASgwggEkMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAowCDAGBgRVHSAAMHEGCCsGAQUFBwEBBGUwYzAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AucXVvdmFkaXNnbG9iYWwuY29tMDUGCCsGAQUFBzAChilodHRwOi8vdHJ1c3QucXVvdmFkaXNnbG9iYWwuY29tL3F2cmNhLmNydDAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUi0tt7dMpuQYZ7Dk5qfCXhGrL798wOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5xdW92YWRpc2dsb2JhbC5jb20vcXZyY2EuY3JsMB0GA1UdDgQWBBRCqOm7Hqee0exyCLFux9EparVQwDANBgkqhkiG9w0BAQsFAAOCAQEAZajTI1M89DmOH/tGsTZE3Naw+CVX2B0j8LvFG9jEUkTYz6Dsw8LfEb+Uid5ifBhC8zjXLH5UhYDBbjExzL3tDoFoXru1SgbS7fwO0ZpdrbP04ej28itV8NZQ1ubk5yuX5hbacGZxaN9/yD05YOMmWsgpcZNwfx+vJRdb27d/uiSmCZEroXUV5P51/M3OTFzUcgLAwWTuerzTAZKHxaIyqRtBr+g6P2GkMKh4A8rh/8nDQ5OpnSnwbclu/8FAXA3T6cMBfOR5WSoOFjjFcTsRl0gfUH1RdkPZBmMcBwWghbbxAXAVVV7TVPSNvL4lOcHu+vrEVA8o5Nx+AjMoGd81njCCBi8wggQXoAMCAQICFHYTs6Bw9lAsrH0sHTtXloeZH/jjMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAk5MMSAwHgYDVQQKExdRdW9WYWRpcyBUcnVzdGxpbmsgQi5WLjE3MDUGA1UEAxMuUXVvVmFkaXMgRVUgSXNzdWluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMzAeFw0xNjA3MDQxODQyMzhaFw0xOTA3MDQxODQyMzRaMIGuMQswCQYDVQQGEwJCRTEQMA4GA1UECBMHQnJ1c3NlbDESMBAGA1UEBxMJRXR0ZXJiZWVrMRwwGgYDVQQKExNFdXJvcGVhbiBDb21taXNzaW9uMRgwFgYDVQQLEw9ESUdJVCBFU1NJIFRFU1QxGTAXBgNVBCoTEEdlcnRydWQgTWFyaWFubmUxETAPBgNVBAQTCEluZ2VzdGFkMRMwEQYDVQQDDApFQ19MT19URVNUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eTl8wQyRbTTmyikE9q9MXQuF9NR46cZJ/TD43dw7gNqsISg4u5ltOaFDj5WSfMy3yoe4vL315hVd3R6f7asYSXLqWBsJ4n9mbs32yi6cIcbjFsGLwCCRAZQQmLny7GlwGcSzPBYt9KW/89wd58uzfZvqP2Ty4YY4TFmdUvoVXpdoGzL5BLqIqO3IogjFfjLaX0QjEFYKQpCTq+9Py68bJGrS0syFzhCl3KoyEnA5I4aT79kZ1w3oKCTr/6eHxig0+mn4wl3Ku09WcCmK5GfZ3ZyWUa1CmVVdAQ8xp3MInCMSmuI0XIK3nvueGxBgCFYAcrrUGXTo3b3wjckgxfo1wIDAQABo4IBiDCCAYQwWQYDVR0gBFIwUDAIBgYEAIswAQIwRAYKKwYBBAG+WAGDQjA2MDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9yZXBvc2l0b3J5MCQGCCsGAQUFBwEDBBgwFjAKBggrBgEFBQcLAjAIBgYEAI5GAQEwdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92YWRpc2dsb2JhbC5jb20vcXZldWNhZzMuY3J0MA4GA1UdDwEB/wQEAwIGQDAfBgNVHSMEGDAWgBRCqOm7Hqee0exyCLFux9EparVQwDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmV1Y2FnMy5jcmwwHQYDVR0OBBYEFM6QS1LBuAXuLgEbcD7uwVxRNZX4MA0GCSqGSIb3DQEBCwUAA4ICAQBvQC0lq+CzKXkkfYWVlfJBDWFZBf0eY0fGk6leTUMEm5S0m5ACDxKxDRg1h/pL6x6PmjuWS030TjsKUJp4NGMeqbESDd5aXkm2WyVegzKwRaXgDVih/V+cUTAIv7k0xQOMegiFZ4rDD+0HiykmIIFXhOCOo9TbBn7X0je2vHop7YiAXpwjmoZI3tUNlHBSfMmoalXjVc1TTYHFi+5ntUzpLySFnhv7/h16nQQhUXvP37Ob+Ia6EPyOlwz4QeOoBBdUTqhCA3sQjpqvTIRuWp46yoMAZGPEnzB8sB8ddJM/bC0aHcu3viaYZ+tH3UwLOEVs0ebmVouYOhTg543n0u3uXS/ZlgKXSDG7NnUsfg7n717MG94RUQj9FLux7PPENPAaxP9VN8MaX4QQw4ybrVxGlSbZZlcMHL3++U26Nga+Oekasr261b6SAI4ro6amxMIo8pAR38LSwnAbI15mUDv+Ow712yGdf7ezMJkLZp1u/A6WYAsuPU2YbZ7iFofX1ApvGJyDWVv3nVjipjQ/xgcdcKvPwHhaQd4kJ8+LYsiFPehm/7xXSG3dUWkVUgNcAmOzZH10Z9OfPYDJlQgNxJJ+aloYiFtQKuc2+6cT0PwHcMDRICnGKZ+rweMUkI0v9b6fqnZ8OohiSKOVeWwrWqVIKEYZULZryJqdJfZ88LXUoA==";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(certValues));
	Attribute certValuesAttibute = new Attribute(PKCSObjectIdentifiers.id_aa_ets_certValues, new DERSet(asn1Primitive));
	asn1EncodableVector.add(certValuesAttibute);
	
	AttributeTable attributeTable = new AttributeTable(asn1EncodableVector);
	List<TimeStampToken> timeStampTokens = DSSASN1Utils.findArchiveTimeStampTokens(attributeTable);
	
	assertEquals(2, timeStampTokens.size());
}
 
Example #17
Source File: PAdESLevelBExternalSignatureTest.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
private ExternalSignatureResult simulateExternalSignature(ToBeSigned toBeSigned) {
	ExternalSignatureResult externalSignatureResult = new ExternalSignatureResult();

	// Get hold of signature certificate.
	CertificateToken signingCertificate = getSigningCert();
	externalSignatureResult.setSigningCertificate(signingCertificate);

	DigestAlgorithm digestAlgo = signatureParameters.getDigestAlgorithm();

	// Add the signing-certificate/signing-certificate-v2 attribute to DER encoded SignedAttributes.
	try (ASN1InputStream asn1InputStream = new ASN1InputStream(toBeSigned.getBytes())) {
		DLSet dlSet = (DLSet) asn1InputStream.readObject();
		AttributeTable signedAttribute = new AttributeTable(dlSet);
		ASN1EncodableVector signedAttributeEncodableVector = signedAttribute.toASN1EncodableVector();

		CMSUtils.addSigningCertificateAttribute(signedAttributeEncodableVector, digestAlgo, signingCertificate);

		DERSet signedAttributesData = new DERSet(signedAttributeEncodableVector);

		// Update toBeSigned
		toBeSigned.setBytes(signedAttributesData.getEncoded());
		externalSignatureResult.setSignedData(toBeSigned.getBytes());
	} catch (Exception e) {
		LOG.error("Error while simulating external PAdES signature", e);
	}

	SignatureValue signatureValue = getToken().sign(toBeSigned, digestAlgo, getSignatureParameters().getMaskGenerationFunction(), getPrivateKeyEntry());
	externalSignatureResult.setSignatureValue(signatureValue);

	return externalSignatureResult;
}
 
Example #18
Source File: CAdESLevelBExternalSignatureTest.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
private ExternalSignatureResult simulateExternalSignature(ToBeSigned toBeSigned) {
	ExternalSignatureResult externalSignatureResult = new ExternalSignatureResult();

	// Get hold of signature certificate.
	CertificateToken signingCertificate = getSigningCert();
	externalSignatureResult.setSigningCertificate(signingCertificate);

	DigestAlgorithm digestAlgo = signatureParameters.getDigestAlgorithm();

	// Add the signing-certificate/signing-certificate-v2 attribute to DER encoded SignedAttributes.
	try (ASN1InputStream asn1InputStream = new ASN1InputStream(toBeSigned.getBytes())) {
		DLSet dlSet = (DLSet) asn1InputStream.readObject();
		AttributeTable signedAttribute = new AttributeTable(dlSet);
		ASN1EncodableVector signedAttributeEncodableVector = signedAttribute.toASN1EncodableVector();

		CMSUtils.addSigningCertificateAttribute(signedAttributeEncodableVector, digestAlgo, signingCertificate);

		DERSet signedAttributesData = new DERSet(signedAttributeEncodableVector);

		// Update toBeSigned
		toBeSigned.setBytes(signedAttributesData.getEncoded());
		externalSignatureResult.setSignedData(toBeSigned.getBytes());
	} catch (Exception e) {
		LOG.error("Error while simulating external CAdES signature", e);
	}

	SignatureValue signatureValue = getToken().sign(toBeSigned, getSignatureParameters().getDigestAlgorithm(),
			getSignatureParameters().getMaskGenerationFunction(), getPrivateKeyEntry());
	externalSignatureResult.setSignatureValue(signatureValue);

	return externalSignatureResult;
}
 
Example #19
Source File: MessageDigest.java    From signer with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public Attribute getValue() {
    try {
    	if (this.hash == null){
    		java.security.MessageDigest md = java.security.MessageDigest.getInstance(signaturePolicy.getSignPolicyHashAlg().getAlgorithm().getValue());
    		this.hash = md.digest(content);
    	}
         return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DEROctetString(this.hash)));            
    } catch (NoSuchAlgorithmException ex) {
        logger.info(ex.getMessage());
        return null;
    }
    
}
 
Example #20
Source File: IdSigningPolicy.java    From signer with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * org.bouncycastle.asn1.ASN1ObjectIdentifier sigPolicyId
 * org.bouncycastle.asn1.esf.OtherHashAlgAndValue sigPolicyHash
 * List&lt;org.bouncycastle.asn1.esf.SigPolicyQualifierInfo&gt; sigPolicyQualifierInfos
 */
@Override
public Attribute getValue() {

  //Atributo 1
    ASN1ObjectIdentifier sigPolicyId = new ASN1ObjectIdentifier(signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue());

    //Atributo 2
    OtherHashAlgAndValue sigPolicyHash = new OtherHashAlgAndValue(new AlgorithmIdentifier(
    		new ASN1ObjectIdentifier(signaturePolicy.getSignPolicyHashAlg().getAlgorithm().getValue())), 
    		signaturePolicy.getSignPolicyHash().getDerOctetString());

    //Atributo 3
    List<SigPolicyQualifierInfo> sigPolicyQualifierInfos = new ArrayList<SigPolicyQualifierInfo>();

    ASN1ObjectIdentifier sigPolicyQualifierId = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.5.1");
    DERIA5String sigQualifier = new DERIA5String(signaturePolicy.getSignPolicyURI());
    SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(sigPolicyQualifierId, sigQualifier);
    sigPolicyQualifierInfos.add(bcSigPolicyQualifierInfo);

    SigPolicyQualifiers sigPolicyQualifiers = new SigPolicyQualifiers(sigPolicyQualifierInfos.toArray(new SigPolicyQualifierInfo[]{}));

    SignaturePolicyId signaturePolicyId = new SignaturePolicyId(sigPolicyId, sigPolicyHash, sigPolicyQualifiers);
    return new Attribute(new ASN1ObjectIdentifier(oid), new DERSet(signaturePolicyId));
    
    
}
 
Example #21
Source File: CAdESLevelBaselineB.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * ETSI TS 101 733 V2.2.1 (2013-04)
 * 5.11.2 signer-location Attribute
 * The signer-location attribute specifies a mnemonic for an address associated with the signer at a particular
 * geographical (e.g. city) location. The mnemonic is registered in the country in which the signer is located and
 * is used in
 * the provision of the Public Telegram Service (according to Recommendation ITU-T F.1 [11]).
 * The signer-location attribute shall be a signed attribute.
 *
 * @param parameters
 * @param signedAttributes
 * @return
 */
private void addSignerLocation(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) {
	/*
	 * In PAdES, the role is in the signature dictionary
	 */
	if (padesUsage) {
		return;
	}

	final eu.europa.esig.dss.model.SignerLocation signerLocationParameter = parameters.bLevel().getSignerLocation();
	if (signerLocationParameter != null && !signerLocationParameter.isEmpty()) {

		final DERUTF8String country = signerLocationParameter.getCountry() == null ? null : new DERUTF8String(signerLocationParameter.getCountry());
		final DERUTF8String locality = signerLocationParameter.getLocality() == null ? null : new DERUTF8String(signerLocationParameter.getLocality());
		final ASN1EncodableVector postalAddress = new ASN1EncodableVector();
		final List<String> postalAddressParameter = signerLocationParameter.getPostalAddress();
		if (postalAddressParameter != null) {
			for (final String addressLine : postalAddressParameter) {
				postalAddress.add(new DERUTF8String(addressLine));
			}
		}
		final DERSequence derSequencePostalAddress = new DERSequence(postalAddress);
		final SignerLocation signerLocation = new SignerLocation(country, locality, derSequencePostalAddress);
		final DERSet attrValues = new DERSet(signerLocation);
		final Attribute attribute = new Attribute(id_aa_ets_signerLocation, attrValues);
		signedAttributes.add(attribute);
	}
}
 
Example #22
Source File: PdfPublicKeySecurityHandler.java    From itext2 with GNU Lesser General Public License v3.0 5 votes vote down vote up
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) 
    throws IOException,  
           GeneralSecurityException 
{
    
    String s = "1.2.840.113549.3.2";
    
    AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s);
    AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
    ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
    ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
    ASN1Primitive derobject = asn1inputstream.readObject();
    KeyGenerator keygenerator = KeyGenerator.getInstance(s);
    keygenerator.init(128);
    SecretKey secretkey = keygenerator.generateKey();
    Cipher cipher = Cipher.getInstance(s);
    cipher.init(1, secretkey, algorithmparameters);
    byte[] abyte1 = cipher.doFinal(in);
    DEROctetString deroctetstring = new DEROctetString(abyte1);
    KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
    DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
    AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
    EncryptedContentInfo encryptedcontentinfo = 
        new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
    EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (org.bouncycastle.asn1.ASN1Set) null);
    ContentInfo contentinfo = 
        new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
    return contentinfo.toASN1Primitive();        
}
 
Example #23
Source File: CMSUtilsTest.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Test
public void cmsSignedDataEqualTest() throws Exception {
	String tstBase64 = "MIIJWwYJKoZIhvcNAQcCoIIJTDCCCUgCAQMxDzANBglghkgBZQMEAgMFADCB/gYLKoZIhvcNAQkQAQSgge4EgeswgegCAQEGBgQAj2cBATAxMA0GCWCGSAFlAwQCAQUABCCn0cRUUvQwpjtFZ8VAx0nzxzu3gZ2Ymqcp87qgiY/4OQIIXuTHubzkaM4YDzIwMjAwNDExMTIzNDQwWjADAgEBAgiO+SBfQ41ZO6B+pHwwejEnMCUGA1UEAwweU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWSAyMDIwMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEMMAoGA1UECwwDVFNBMRswGQYDVQQKDBJTSyBJRCBTb2x1dGlvbnMgQVMxCzAJBgNVBAYTAkVFoIIEGjCCBBYwggL+oAMCAQICEGI2fXRa2UOrXaRQuV4/+m4wDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxKDAmBgNVBAMMH0VFIENlcnRpZmljYXRpb24gQ2VudHJlIFJvb3QgQ0ExGDAWBgkqhkiG9w0BCQEWCXBraUBzay5lZTAeFw0xOTEyMzEyMjAwMDBaFw0yNDEyMzEyMjAwMDBaMHoxJzAlBgNVBAMMHlNLIFRJTUVTVEFNUElORyBBVVRIT1JJVFkgMjAyMDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxDDAKBgNVBAsMA1RTQTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMQswCQYDVQQGEwJFRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXTh6Dv8RAF1WHepuuEISh6DWYU+S/sBJDufQx+CvJVta//5BCbrH2OtMw2PKPbPeh2AAnEDkfWJbYN0953qkWSeRhD7ebhcwls7kncsSFjGnMbv7EmGpZ+G6mwnfezC+KlXb8DxizRkbvFLbstCcocrqASAh1HIMsNTtgE5XPvec3YRryqteYGsxl06VVGIC6SJ5AoadaI2Qr/1hXSjd3TRgebap98bHX1Hxg1sXuICxRS3l48aNKU9mPuYSRdfq/j5ZWUZ7tSylxHKx8Xssmfii+sEi1Mr38WfvuYXdMEdaQp1YGfoX2GhmfmBkSV7YiAPAxanimeqgIQPGur/fUCAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKg+Cij+kSqhnWH1zZU9+aXNRpIxMB8GA1UdIwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL2FpYS5zay5lZS9DQTANBgkqhkiG9w0BAQsFAAOCAQEACdOkKf5IjoXDWxLA1FRny7lcnCoxG6xhjFpwI9fEtPGlse4o17Qw/ZmOQsbUVJfSG4wf3spf0bfEQ1VEbSIqIjXJJMQv2zh8Ygo9ljQr0caPBk/6p+DNb1f0svL8Mf2ZWLGa5UZ7qO/3aj7EMsSIERm1Kddm1SjuCkG+AzTnAOig8HD3ds7+JwU/+F1u6g9O7KVvSz1ShL7DlNTFdbc54w9JQuWS+uxXQfJChCQm2zX6lS1QTmIwaKXLeas0yyzweS05lfCNvNV80xKnhcWxcvsKO1Tk+it+jmEnfvQpz59jP5elX60gotzr2lnKvpYIBkdZEMw7EuJTdSaMmand/TGCBBEwggQNAgEBMIGJMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUCEGI2fXRa2UOrXaRQuV4/+m4wDQYJYIZIAWUDBAIDBQCgggFNMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjAwNDExMTIzNDQwWjBPBgkqhkiG9w0BCQQxQgRAH9gYJ4dHC7QWYpAOC+dYActRLeKsE0lMir0l78LMHQaKYrby5Kkz0wJXGSgKqhkrNK+gzv/uFGBIdudAa6PilDCBvwYLKoZIhvcNAQkQAgwxga8wgawwgakwgaYEFByzCZkAs/MvzNPr/6e11uQdAcXVMIGNMHmkdzB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlAhBiNn10WtlDq12kULleP/puMA0GCSqGSIb3DQEBAQUABIIBALxEsyppFT3s3s0LFdo+xDC65viHa8yIi94z6WPczKq1Prf56SYrUmF72sDTHVnfRshFtOd+0trRXxHOB124UPsgTOpTzt2SKotduV3lHvKVPN1IFuHHSB9jJZXtnFQ4O1ePmjWWTFZ3kU0Uk6SWdPKEergwbL08AFVcucnBa/UdDN30xrit7YaW16UNQyvFSt9TTx8LL2mJvl1tjDrKn9V9ua4+B31nsYF6XT2ypfEaXZV1pEWqA20+RRcCctdMXSQl7UTx0L0BCfTBRsd86Me/Dk9J1yJkEeOKXfsTEtnKAQThjWtw4qGtswyqeCKh+EMCe62B5ZC+1bZTlohfD1GhggEHMIIBAwYGBACNRQIFMYH4MIH1MGYEIK3f+m/QgJpUqfCzH9JfdL9/LXrhHID9mdqg+2A6Zc0OBCCkXt47u/CciuFccu/AcmjWk6IcmW/VHmfKB5Rg/W2IcwQgYMHF0qMQHKR1OJ2F1UQbg+HTVL+OJeft+dR5H4CzDtowADCBiAQgvqmBrWZOoI5LCE6ZgL6B1pSwGikyP/Gpw87i+EyQp0cEIHmnEgy9yobW4GAfAad4eiVXn6pdMKNizXvUwzqd/eyKBCBu1yd6G1zNfHMHbTc/VvEe5Q85N/6gpJekpgWhLuBQxQQg3WcimJCwZgUxiFzPw7zMX8F4+FTiNC/lXpKaOmvbSQE=";
	byte[] tstBinaries = Utils.fromBase64(tstBase64);
	ASN1Primitive asn1Primitive = DSSASN1Utils.toASN1Primitive(tstBinaries);
	Attribute atstV3Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV3, new DERSet(asn1Primitive));
	
	CMSSignedData cmsSignedData = DSSASN1Utils.getCMSSignedData(atstV3Attibute);
	assertFalse(Arrays.equals(atstV3Attibute.getEncoded(), cmsSignedData.getEncoded()));
	assertTrue(CMSUtils.isCMSSignedDataEqual(cmsSignedData, DSSASN1Utils.getCMSSignedData(atstV3Attibute)));
	
	String berEncodedTST = "MIAGCSqGSIb3DQEHAqCAMIIIEwIBAzEPMA0GCWCGSAFlAwQCAwUAMIHdBgsqhkiG9w0BCRABBKCBzQSByjCBxwIBAQYGBACPZwEBMDEwDQYJYIZIAWUDBAIBBQAEIEx1HyJIzqt0xr8QBSNv5cRNSOac6X22MCn43LTUSuGQAgh47MXImQeQxBgPMjAxOTAyMTgxNDEyMjlaMAMCAQGgZ6RlMGMxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMQwwCgYDVQQLDANUU0ExIjAgBgNVBAMMGVNLIFRJTUVTVEFNUElORyBBVVRIT1JJVFmgggQRMIIEDTCCAvWgAwIBAgIQJK/s6xJo0AJUF/eG7W8BWTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMB4XDTE0MDkxNjA4NDAzOFoXDTE5MDkxNjA4NDAzOFowYzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDDAKBgNVBAsMA1RTQTEiMCAGA1UEAwwZU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJPa/dQKemSKCNSwlMUp9YKQY6zQOfs9vgUnbzTRHCRBRdsabZYknxTI4DqQ5+JPqw8MTkDvb6nfDZGd15t4oY4tHXXoCfRrbMjJ9+DV+M7bd+vrBI8vi7DBCM59/VAjxBAuZ9P7Tsg8o8BrVqqB9c0ezlSCtFg8X0x2ET3ZBtZ49UARh/XP07I7eRk/DtSLYauxJDPzXVEZmSJCIybclox93u8F5/o8GySbD5GYMhffOJgXmul/Vz7eR0d5SxCMvJIRrP7WfiJYaUjLYqL2wjFQe/nUltcGCn2KtqGCyH7vl+Xzefea6Xjc8ebTgan2FJ0UH0mHv98lWADKuTI2fXcCAwEAAaOBqjCBpzAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFLGwvffmoGkWbCDlUftc9DBic1cnMB8GA1UdIwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly93d3cuc2suZWUvcmVwb3NpdG9yeS9jcmxzL2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCopcU932wVPD6eed+sDBht4zt+kMPPFXv1pIX0RgbizaKvHWU4oHpRH8zcgo/gpotRLlLhZbHtu94pLFN6enpiyHNwevkmUyvrBWylONR1Yhwb4dLS8pBGGFR6eRdhGzoKAUF4B4dIoXOj4p26q1yYULF5ZkZHxhQFNi5uxak9tgCFlGtzXumjL5jBmtWeDTGE4YSa34pzDXjz8VAjPJ9sVuOmK2E0gyWxUTLXF9YevrWzRLzVFqw+qewBV2I4of/6miZOOT2wlA/meL7zr3hnfo7KSJQmMNUjZ6lh6RBIVvYI0t+A/fpTKiZfviz/Xn2e4PC6i57wmH5EgOOav0UKMYIDBjCCAwICAQEwgYkwdTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxKDAmBgNVBAMMH0VFIENlcnRpZmljYXRpb24gQ2VudHJlIFJvb3QgQ0ExGDAWBgkqhkiG9w0BCQEWCXBraUBzay5lZQIQJK/s6xJo0AJUF/eG7W8BWTANBglghkgBZQMEAgMFAKCCAU0wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0xOTAyMTgxNDEyMjlaME8GCSqGSIb3DQEJBDFCBEAQowCFbttXzzmOv1nPKZ5V5Ju/vVB8fXGBlGofbvyAFZ0XMpuLOQVvtjCnrQ8VPtraSf87xHAk+DmAQhRCsO/rMIG/BgsqhkiG9w0BCRACDDGBrzCBrDCBqTCBpgQUstAhgvC5biocaH7OMjQII5gZMLYwgY0weaR3MHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUCECSv7OsSaNACVBf3hu1vAVkwDQYJKoZIhvcNAQEBBQAEggEAZIeCPyWt1WsuHwUJjL//uRr889nCpyOLK/byRqtwpnJ2NFTh+6skARusWPBqJ1USylQNSmVmTuXzJxxCsv43L6W4+wgp2LzlhVFnfxbuI9aLExTtY+326cZcXTyJgKptmZNYghhfiNwT5a1GBLRBRVq1PJhEKFaU3FNqhstbyYDm4rsHMkZTZgi8NERUmZxY+fqb7nkLw1HMeWrQGwnTHu0wdoVLYa1uy4FmDybQHNu4V7NrPOytXl2+zmupoyuQfJqpkdtlQaGIv7aglajnwS1nhO3CdTh1I7+dURQzQT65Zx0bJ/DEOrqbaCn6LW79vXzMU296WeADsogqraTl1QAAAAA=";
	assertFalse(CMSUtils.isCMSSignedDataEqual(cmsSignedData, new CMSSignedData(Utils.fromBase64(berEncodedTST))));
}
 
Example #24
Source File: CAdESLevelBaselineB.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
private void addSignaturePolicyId(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) {

		Policy policy = parameters.bLevel().getSignaturePolicy();
		if (policy != null) {

			final String policyId = policy.getId();
			SignaturePolicyIdentifier sigPolicy = null;

			if (Utils.isStringEmpty(policyId)) {// implicit
				sigPolicy = new SignaturePolicyIdentifier();
			} else { // explicit
				final ASN1ObjectIdentifier derOIPolicyId = new ASN1ObjectIdentifier(policyId);
				final ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(policy.getDigestAlgorithm().getOid());
				final AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(oid);
				OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, new DEROctetString(policy.getDigestValue()));

				if (Utils.isStringNotEmpty(policy.getSpuri())) {
					SigPolicyQualifierInfo policyQualifierInfo = new SigPolicyQualifierInfo(PKCSObjectIdentifiers.id_spq_ets_uri,
							new DERIA5String(policy.getSpuri()));
					SigPolicyQualifierInfo[] qualifierInfos = new SigPolicyQualifierInfo[] { policyQualifierInfo };
					SigPolicyQualifiers qualifiers = new SigPolicyQualifiers(qualifierInfos);

					sigPolicy = new SignaturePolicyIdentifier(new SignaturePolicyId(derOIPolicyId, otherHashAlgAndValue, qualifiers));
				} else {
					sigPolicy = new SignaturePolicyIdentifier(new SignaturePolicyId(derOIPolicyId, otherHashAlgAndValue));
				}
			}

			final DERSet attrValues = new DERSet(sigPolicy);
			final Attribute attribute = new Attribute(id_aa_ets_sigPolicyId, attrValues);
			signedAttributes.add(attribute);
		}
	}
 
Example #25
Source File: DER.java    From InflatableDonkey with MIT License 4 votes vote down vote up
static DERSet toSet(Collection<? extends ASN1Encodable> collection) {
    return new DERSet(vector(collection));
}
 
Example #26
Source File: PkiMessage.java    From xipki with Apache License 2.0 4 votes vote down vote up
private static void addAttribute(ASN1EncodableVector vector,
    ASN1ObjectIdentifier attrType, ASN1Encodable attrValue) {
  vector.add(new Attribute(attrType, new DERSet(attrValue)));
}
 
Example #27
Source File: CAdESLevelBaselineB.java    From dss with GNU Lesser General Public License v2.1 4 votes vote down vote up
/**
 * ETSI TS 101 733 V2.2.1 (2013-04)
 *
 * 5.10.3 content-hints Attribute
 * The content-hints attribute provides information on the innermost signed content of a multi-layer message where
 * one content is encapsulated in another.
 * The syntax of the content-hints attribute type of the ES is as defined in ESS (RFC 2634 [5]).
 * When used to indicate the precise format of the data to be presented to the user, the following rules apply:
 * • the contentType indicates the type of the associated content. It is an object identifier (i.e. a unique string
 * of
 * integers) assigned by an authority that defines the content type; and
 * • when the contentType is id-data the contentDescription shall define the presentation format; the
 * format may be defined by MIME types.
 * When the format of the content is defined by MIME types, the following rules apply:
 * • the contentType shall be id-data as defined in CMS (RFC 3852 [4]);
 * • the contentDescription shall be used to indicate the encoding of the data, in accordance with the rules
 * defined RFC 2045 [6]; see annex F for an example of structured contents and MIME.
 * NOTE 1: id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }.
 * NOTE 2: contentDescription is optional in ESS (RFC 2634 [5]). It may be used to complement
 * contentTypes defined elsewhere; such definitions are outside the scope of the present document.
 *
 * @param parameters
 * @param signedAttributes
 * @return
 */
private void addContentHints(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) {
	if (Utils.isStringNotBlank(parameters.getContentHintsType())) {

		final ASN1ObjectIdentifier contentHintsType = new ASN1ObjectIdentifier(parameters.getContentHintsType());
		final String contentHintsDescriptionString = parameters.getContentHintsDescription();
		final DERUTF8String contentHintsDescription = Utils.isStringBlank(contentHintsDescriptionString) ? null
				: new DERUTF8String(contentHintsDescriptionString);
		// "text/plain";
		// "1.2.840.113549.1.7.1";

		final ContentHints contentHints = new ContentHints(contentHintsType, contentHintsDescription);
		final DERSet attrValues = new DERSet(contentHints);
		final Attribute attribute = new Attribute(id_aa_contentHint, attrValues);
		signedAttributes.add(attribute);
	}
}
 
Example #28
Source File: CertificateAuthority.java    From DeviceConnect-Android with MIT License 4 votes vote down vote up
/**
 * 証明書署名要求から Subject Alternative Names (SANs) を取得する.
 *
 * @param request 証明書署名要求
 * @return SubjectAlternativeNamesを示す {@link GeneralNames} オブジェクト
 * @throws IOException 解析に失敗した場合
 */
private GeneralNames parseSANs(final PKCS10CertificationRequest request) throws IOException {
    List<ASN1Encodable> generalNames = new ArrayList<>();

    CertificationRequestInfo info = request.getCertificationRequestInfo();
    ASN1Set attributes = info.getAttributes();
    for (int i = 0; i < attributes.size(); i++) {
        DEREncodable extensionRequestObj = attributes.getObjectAt(i);
        if (!(extensionRequestObj instanceof DERSequence)) {
            continue;
        }
        DERSequence extensionRequest = (DERSequence) extensionRequestObj;
        if (extensionRequest.size() != 2) {
            continue;
        }
        DEREncodable idObj = extensionRequest.getObjectAt(0);
        DEREncodable contentObj = extensionRequest.getObjectAt(1);
        if (!(idObj instanceof ASN1ObjectIdentifier && contentObj instanceof DERSet)) {
            continue;
        }
        ASN1ObjectIdentifier id = (ASN1ObjectIdentifier) idObj;
        DERSet content = (DERSet) contentObj;
        if (!id.getId().equals("1.2.840.113549.1.9.14")) {
            continue;
        }
        if (content.size() < 1) {
            continue;
        }
        DEREncodable extensionsObj = content.getObjectAt(0);
        if (!(extensionsObj instanceof DERSequence)) {
            continue;
        }
        DERSequence extensions = (DERSequence) extensionsObj;

        for (int k = 0; k < extensions.size(); k++) {
            DEREncodable extensionObj = extensions.getObjectAt(k);
            if (!(extensionObj instanceof DERSequence)) {
                continue;
            }
            DERSequence extension = (DERSequence) extensionObj;
            if (extension.size() != 2) {
                continue;
            }
            DEREncodable extensionIdObj = extension.getObjectAt(0);
            DEREncodable extensionContentObj = extension.getObjectAt(1);
            if (!(extensionIdObj instanceof ASN1ObjectIdentifier)) {
                continue;
            }
            ASN1ObjectIdentifier extensionId = (ASN1ObjectIdentifier) extensionIdObj;
            if (extensionId.getId().equals("2.5.29.17")) {
                DEROctetString san = (DEROctetString) extensionContentObj;

                ASN1StreamParser sanParser = new ASN1StreamParser(san.parser().getOctetStream());
                DEREncodable namesObj = sanParser.readObject().getDERObject();
                if (namesObj instanceof DERSequence) {
                    DERSequence names = (DERSequence) namesObj;
                    for (int m = 0; m < names.size(); m++) {
                        DEREncodable nameObj = names.getObjectAt(m);
                        if (nameObj instanceof DERTaggedObject) {
                            DERTaggedObject name = (DERTaggedObject) nameObj;
                            switch (name.getTagNo()) {
                                case GeneralName.dNSName:
                                    generalNames.add(new GeneralName(GeneralName.dNSName, DERIA5String.getInstance(name, false)));
                                    break;
                                case GeneralName.iPAddress:
                                    generalNames.add(new GeneralName(GeneralName.iPAddress, DEROctetString.getInstance(name, true)));
                                    break;
                            }
                        }
                    }
                }
            }
        }
    }
    if (generalNames.size() > 0) {
        return new GeneralNames(new DERSequence(generalNames.toArray(new ASN1Encodable[0])));
    }
    return null;
}
 
Example #29
Source File: CreateSignature.java    From testarea-pdfbox2 with Apache License 2.0 4 votes vote down vote up
/**
 * <a href="http://stackoverflow.com/questions/41767351/create-pkcs7-signature-from-file-digest">
 * Create pkcs7 signature from file digest
 * </a>
 * <p>
 * The OP's <code>sign</code> method after fixing some errors. The
 * OP's original method is {@link #signBySnox(InputStream)}. The
 * errors were
 * </p>
 * <ul>
 * <li>multiple attempts at reading the {@link InputStream} parameter;
 * <li>convoluted creation of final CMS container.
 * </ul>
 * <p>
 * Additionally this method uses SHA256 instead of SHA-1.
 * </p>
 */
public byte[] signWithSeparatedHashing(InputStream content) throws IOException
{
    try
    {
        // Digest generation step
        MessageDigest md = MessageDigest.getInstance("SHA256", "BC");
        byte[] digest = md.digest(IOUtils.toByteArray(content));

        // Separate signature container creation step
        List<Certificate> certList = Arrays.asList(chain);
        JcaCertStore certs = new JcaCertStore(certList);

        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

        Attribute attr = new Attribute(CMSAttributes.messageDigest,
                new DERSet(new DEROctetString(digest)));

        ASN1EncodableVector v = new ASN1EncodableVector();

        v.add(attr);

        SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
                .setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));

        AlgorithmIdentifier sha256withRSA = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");

        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        InputStream in = new ByteArrayInputStream(chain[0].getEncoded());
        X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);

        gen.addSignerInfoGenerator(builder.build(
                new BcRSAContentSignerBuilder(sha256withRSA,
                        new DefaultDigestAlgorithmIdentifierFinder().find(sha256withRSA))
                                .build(PrivateKeyFactory.createKey(pk.getEncoded())),
                new JcaX509CertificateHolder(cert)));

        gen.addCertificates(certs);

        CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
        return s.getEncoded();
    }
    catch (Exception e)
    {
        e.printStackTrace();
        throw new IOException(e);
    }
}
 
Example #30
Source File: CreateSignature.java    From testarea-pdfbox2 with Apache License 2.0 4 votes vote down vote up
/**
 * <a href="http://stackoverflow.com/questions/41767351/create-pkcs7-signature-from-file-digest">
 * Create pkcs7 signature from file digest
 * </a>
 * <p>
 * The OP's own <code>sign</code> method which has some errors. These
 * errors are fixed in {@link #signWithSeparatedHashing(InputStream)}.
 * </p>
 */
public byte[] signBySnox(InputStream content) throws IOException {
    // testSHA1WithRSAAndAttributeTable
    try {
        MessageDigest md = MessageDigest.getInstance("SHA1", "BC");
        List<Certificate> certList = new ArrayList<Certificate>();
        CMSTypedData msg = new CMSProcessableByteArray(IOUtils.toByteArray(content));

        certList.addAll(Arrays.asList(chain));

        Store<?> certs = new JcaCertStore(certList);

        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

        Attribute attr = new Attribute(CMSAttributes.messageDigest,
                new DERSet(new DEROctetString(md.digest(IOUtils.toByteArray(content)))));

        ASN1EncodableVector v = new ASN1EncodableVector();

        v.add(attr);

        SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
                .setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));

        AlgorithmIdentifier sha1withRSA = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");

        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        InputStream in = new ByteArrayInputStream(chain[0].getEncoded());
        X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);

        gen.addSignerInfoGenerator(builder.build(
                new BcRSAContentSignerBuilder(sha1withRSA,
                        new DefaultDigestAlgorithmIdentifierFinder().find(sha1withRSA))
                                .build(PrivateKeyFactory.createKey(pk.getEncoded())),
                new JcaX509CertificateHolder(cert)));

        gen.addCertificates(certs);

        CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
        return new CMSSignedData(msg, s.getEncoded()).getEncoded();

    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException(e);
    }
}