Java Code Examples for org.bouncycastle.asn1.cms.AttributeTable#toASN1EncodableVector()

/**
 * The field unsignedAttrsHashIndex is a sequence of octet strings. Each one contains the hash value of one
 * instance of Attribute within unsignedAttrs field of the SignerInfo. A hash value for every instance of
 * Attribute, as present at the time when the corresponding archive time-stamp is requested, shall be included in
 * unsignedAttrsHashIndex. No other hash values shall be included in this field.
 *
 * @param signerInformation {@link SignerInformation}
 * @param atsHashIndexVersionIdentifier {@link ASN1ObjectIdentifier} of the ats-hash-index table version to create
 * @return
 */
private ASN1Sequence getUnsignedAttributesHashIndex(SignerInformation signerInformation, ASN1ObjectIdentifier atsHashIndexVersionIdentifier) {

	final ASN1EncodableVector unsignedAttributesHashIndex = new ASN1EncodableVector();
	AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
	final ASN1EncodableVector asn1EncodableVector = unsignedAttributes.toASN1EncodableVector();
	for (int i = 0; i < asn1EncodableVector.size(); i++) {
		final Attribute attribute = (Attribute) asn1EncodableVector.get(i);
		if (!excludedAttributesFromAtsHashIndex.contains(attribute.getAttrType())) {
			List<DEROctetString> attributeDerOctetStringHashes = getAttributeDerOctetStringHashes(attribute, atsHashIndexVersionIdentifier);
			for (DEROctetString derOctetStringDigest : attributeDerOctetStringHashes) {
				unsignedAttributesHashIndex.add(derOctetStringDigest);
			}
		}
	}
	return new DERSequence(unsignedAttributesHashIndex);
}
 

/**
 * The field unsignedAttrsHashIndex is a sequence of octet strings. Each one contains the hash value of one
 * instance of Attribute within unsignedAttrs field of the SignerInfo. A hash value for every instance of
 * Attribute, as present at the time when the corresponding archive time-stamp is requested, shall be included in
 * unsignedAttrsHashIndex. No other hash values shall be included in this field.
 *
 * We check that every hash attribute found in the timestamp token is found if the signerInformation.
 *
 * If there is more unsigned attributes in the signerInformation than present in the hash attributes list
 * (and there is at least the archiveTimestampAttributeV3), we don't report any error nor which attributes are
 * signed by the timestamp.
 * If there is some attributes that are not present or altered in the signerInformation, we just return some empty
 * sequence to make
 * sure that the timestamped data will not match. We do not report which attributes hash are present if any.
 *
 * If there is not attribute at all in the archive timestamp hash index, that would means we didn't check anything.
 *
 * @param signerInformation
 * @param timestampHashIndex
 * @return
 */
@SuppressWarnings("unchecked")
private ASN1Sequence getVerifiedUnsignedAttributesHashIndex(SignerInformation signerInformation, final ASN1Sequence timestampHashIndex, 
		ASN1ObjectIdentifier atsHashIndexVersionIdentifier) {
	
	final ASN1Sequence unsignedAttributesHashes = DSSASN1Utils.getUnsignedAttributesHashIndex(timestampHashIndex);
	
	final List<DEROctetString> timestampUnsignedAttributesHashesList = new ArrayList<>();
	if (unsignedAttributesHashes != null) {
		timestampUnsignedAttributesHashesList.addAll(Collections.list(unsignedAttributesHashes.getObjects()));
	}
	AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation);
	final ASN1EncodableVector asn1EncodableVector = unsignedAttributes.toASN1EncodableVector();
	for (int i = 0; i < asn1EncodableVector.size(); i++) {
		final Attribute attribute = (Attribute) asn1EncodableVector.get(i);
		List<DEROctetString> attributeDerOctetStringHashes = getAttributeDerOctetStringHashes(attribute, atsHashIndexVersionIdentifier);
		for (DEROctetString derOctetStringDigest : attributeDerOctetStringHashes) {
			final ASN1ObjectIdentifier attrType = attribute.getAttrType();
			if (timestampUnsignedAttributesHashesList.remove(derOctetStringDigest)) {
				// attribute present in signature and in timestamp
				LOG.debug("Attribute {} present in timestamp", attrType.getId());
			} else {
				LOG.debug("Attribute {} not present in timestamp", attrType.getId());
			}
		}
	}
	if (!timestampUnsignedAttributesHashesList.isEmpty()) {
		LOG.error("{} attribute(s) hash in Timestamp has not been found in document attributes: {}", timestampUnsignedAttributesHashesList.size(),
				timestampUnsignedAttributesHashesList);
		// return a empty DERSequence to screw up the hash
		return new DERSequence();
	}
	// return the original DERSequence
	return unsignedAttributesHashes;
}
 

private ExternalSignatureResult simulateExternalSignature(ToBeSigned toBeSigned) {
	ExternalSignatureResult externalSignatureResult = new ExternalSignatureResult();

	// Get hold of signature certificate.
	CertificateToken signingCertificate = getSigningCert();
	externalSignatureResult.setSigningCertificate(signingCertificate);

	DigestAlgorithm digestAlgo = signatureParameters.getDigestAlgorithm();

	// Add the signing-certificate/signing-certificate-v2 attribute to DER encoded SignedAttributes.
	try (ASN1InputStream asn1InputStream = new ASN1InputStream(toBeSigned.getBytes())) {
		DLSet dlSet = (DLSet) asn1InputStream.readObject();
		AttributeTable signedAttribute = new AttributeTable(dlSet);
		ASN1EncodableVector signedAttributeEncodableVector = signedAttribute.toASN1EncodableVector();

		CMSUtils.addSigningCertificateAttribute(signedAttributeEncodableVector, digestAlgo, signingCertificate);

		DERSet signedAttributesData = new DERSet(signedAttributeEncodableVector);

		// Update toBeSigned
		toBeSigned.setBytes(signedAttributesData.getEncoded());
		externalSignatureResult.setSignedData(toBeSigned.getBytes());
	} catch (Exception e) {
		LOG.error("Error while simulating external CAdES signature", e);
	}

	SignatureValue signatureValue = getToken().sign(toBeSigned, getSignatureParameters().getDigestAlgorithm(),
			getSignatureParameters().getMaskGenerationFunction(), getPrivateKeyEntry());
	externalSignatureResult.setSignatureValue(signatureValue);

	return externalSignatureResult;
}
 

private ExternalSignatureResult simulateExternalSignature(ToBeSigned toBeSigned) {
	ExternalSignatureResult externalSignatureResult = new ExternalSignatureResult();

	// Get hold of signature certificate.
	CertificateToken signingCertificate = getSigningCert();
	externalSignatureResult.setSigningCertificate(signingCertificate);

	DigestAlgorithm digestAlgo = signatureParameters.getDigestAlgorithm();

	// Add the signing-certificate/signing-certificate-v2 attribute to DER encoded SignedAttributes.
	try (ASN1InputStream asn1InputStream = new ASN1InputStream(toBeSigned.getBytes())) {
		DLSet dlSet = (DLSet) asn1InputStream.readObject();
		AttributeTable signedAttribute = new AttributeTable(dlSet);
		ASN1EncodableVector signedAttributeEncodableVector = signedAttribute.toASN1EncodableVector();

		CMSUtils.addSigningCertificateAttribute(signedAttributeEncodableVector, digestAlgo, signingCertificate);

		DERSet signedAttributesData = new DERSet(signedAttributeEncodableVector);

		// Update toBeSigned
		toBeSigned.setBytes(signedAttributesData.getEncoded());
		externalSignatureResult.setSignedData(toBeSigned.getBytes());
	} catch (Exception e) {
		LOG.error("Error while simulating external PAdES signature", e);
	}

	SignatureValue signatureValue = getToken().sign(toBeSigned, digestAlgo, getSignatureParameters().getMaskGenerationFunction(), getPrivateKeyEntry());
	externalSignatureResult.setSignatureValue(signatureValue);

	return externalSignatureResult;
}