org.bouncycastle.asn1.cms.AttributeTable Java Examples

/**
 * This method creates a builder of SignerInfoGenerator
 *
 * @param digestCalculatorProvider
 *            the digest calculator (can be pre-computed)
 * @param signedAttributes
 *            the signedAttributes
 * @param unsignedAttributes
 *            the unsignedAttributes
 * @return a SignerInfoGeneratorBuilder that generate the signed and unsigned attributes according to the parameters
 */
private SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DigestCalculatorProvider digestCalculatorProvider, AttributeTable signedAttributes,
		AttributeTable unsignedAttributes) {

	if (DSSASN1Utils.isEmpty(signedAttributes)) {
		signedAttributes = null;
	}
	final DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributes);
	if (DSSASN1Utils.isEmpty(unsignedAttributes)) {
		unsignedAttributes = null;
	}
	final SimpleAttributeTableGenerator unsignedAttributeGenerator = new SimpleAttributeTableGenerator(unsignedAttributes);

	SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(digestCalculatorProvider);
	sigInfoGeneratorBuilder.setSignedAttributeGenerator(signedAttributeGenerator);
	sigInfoGeneratorBuilder.setUnsignedAttributeGenerator(unsignedAttributeGenerator);
	return sigInfoGeneratorBuilder;
}
 

private void collectOCSPArchivalValues(AttributeTable attributes) {
	final ASN1Encodable attValue = DSSASN1Utils.getAsn1Encodable(attributes, OID.adbe_revocationInfoArchival);
	if (attValue !=null) {	
		RevocationInfoArchival revocationArchival = PAdESUtils.getRevocationInfoArchivals(attValue);
		if (revocationArchival != null) {
			for (final OCSPResponse ocspResponse : revocationArchival.getOcspVals()) {
				final OCSPResp ocspResp = new OCSPResp(ocspResponse);
				try {
					BasicOCSPResp basicOCSPResponse = (BasicOCSPResp) ocspResp.getResponseObject();
					addBinary(OCSPResponseBinary.build(basicOCSPResponse), RevocationOrigin.ADBE_REVOCATION_INFO_ARCHIVAL);
				} catch (OCSPException e) {
					LOG.warn("Error while extracting OCSPResponse from Revocation Info Archivals (ADBE) : {}", e.getMessage());
				}					
			}
		}
	}
}
 

private void extractCertificateRefsFromUnsignedAttribute(ASN1ObjectIdentifier attributeOid, CertificateRefOrigin origin) {
	AttributeTable unsignedAttributes = currentSignerInformation.getUnsignedAttributes();
	if (unsignedAttributes != null) {
		Attribute attribute = unsignedAttributes.get(attributeOid);
		if (attribute != null) {
			final ASN1Sequence seq = (ASN1Sequence) attribute.getAttrValues().getObjectAt(0);
			for (int ii = 0; ii < seq.size(); ii++) {
				try {
					OtherCertID otherCertId = OtherCertID.getInstance(seq.getObjectAt(ii));
					CertificateRef certRef = DSSASN1Utils.getCertificateRef(otherCertId);
					certRef.setOrigin(origin);
					addCertificateRef(certRef, origin);
				} catch (Exception e) {
					LOG.warn("Unable to parse encapsulated OtherCertID : {}", e.getMessage());
				}
			}
		}
	}
}
 

private void extractCertificateValues() {
	AttributeTable unsignedAttributes = currentSignerInformation.getUnsignedAttributes();
	if (unsignedAttributes != null) {
		Attribute attribute = unsignedAttributes.get(id_aa_ets_certValues);
		if (attribute != null) {
			final ASN1Sequence seq = (ASN1Sequence) attribute.getAttrValues().getObjectAt(0);
			for (int ii = 0; ii < seq.size(); ii++) {
				try {
					final Certificate cs = Certificate.getInstance(seq.getObjectAt(ii));
					addCertificate(DSSUtils.loadCertificate(cs.getEncoded()), CertificateOrigin.CERTIFICATE_VALUES);
				} catch (Exception e) {
					LOG.warn("Unable to parse encapsulated certificate : {}", e.getMessage());
				}
			}
		}
	}
}
 

private static CMSSignedData addTimestamp(String tsaUrl, CMSSignedData signedData) throws IOException {

		Collection<SignerInformation> signerInfos = signedData.getSignerInfos().getSigners();

		// get signature of first signer (should be the only one)
		SignerInformation si = signerInfos.iterator().next();
		byte[] signature = si.getSignature();

		// send request to TSA
		byte[] token = TimeStampingClient.getTimeStampToken(tsaUrl, signature, DigestType.SHA1);

		// create new SignerInformation with TS attribute
		Attribute tokenAttr = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken,
				new DERSet(ASN1Primitive.fromByteArray(token)));
		ASN1EncodableVector timestampVector = new ASN1EncodableVector();
		timestampVector.add(tokenAttr);
		AttributeTable at = new AttributeTable(timestampVector);
		si = SignerInformation.replaceUnsignedAttributes(si, at);
		signerInfos.clear();
		signerInfos.add(si);
		SignerInformationStore newSignerStore = new SignerInformationStore(signerInfos);

		// create new signed data
		CMSSignedData newSignedData = CMSSignedData.replaceSigners(signedData, newSignerStore);
		return newSignedData;
	}
 

private void collectRevocationRefs(AttributeTable unsignedAttributes, ASN1ObjectIdentifier revocationReferencesAttribute, RevocationRefOrigin origin) {
	final Attribute attribute = unsignedAttributes.get(revocationReferencesAttribute);
	if (attribute == null) {
		return;
	}
	final ASN1Set attrValues = attribute.getAttrValues();
	if (attrValues.size() <= 0) {
		return;
	}

	final ASN1Encodable attrValue = attrValues.getObjectAt(0);
	final ASN1Sequence completeRevocationRefs = (ASN1Sequence) attrValue;
	for (int i = 0; i < completeRevocationRefs.size(); i++) {

		final CrlOcspRef otherCertId = CrlOcspRef.getInstance(completeRevocationRefs.getObjectAt(i));
		final OcspListID ocspListID = otherCertId.getOcspids();
		if (ocspListID != null) {
			for (final OcspResponsesID ocspResponsesID : ocspListID.getOcspResponses()) {
				final OCSPRef ocspRef = new OCSPRef(ocspResponsesID);
				addRevocationReference(ocspRef, origin);
			}
		}
	}
}
 

private void collectRevocationValues(AttributeTable attributes, ASN1ObjectIdentifier revocationValueAttributes,
		RevocationOrigin origin) {

	final ASN1Encodable attValue = DSSASN1Utils.getAsn1Encodable(attributes, revocationValueAttributes);
	if (attValue !=null) {

		RevocationValues revocationValues = DSSASN1Utils.getRevocationValues(attValue);
		if (revocationValues != null) {
			for (final BasicOCSPResponse basicOCSPResponse : revocationValues.getOcspVals()) {
				final BasicOCSPResp basicOCSPResp = new BasicOCSPResp(basicOCSPResponse);
				OCSPResponseBinary ocspResponseIdentifier = OCSPResponseBinary.build(basicOCSPResp);
				addBinary(ocspResponseIdentifier, origin);
			}
		}
		/*
		 * TODO: should add also OtherRevVals, but: "The syntax and semantics of the
		 * other revocation values (OtherRevVals) are outside the scope of the present
		 * document. The definition of the syntax of the other form of revocation
		 * information is as identified by OtherRevRefType."
		 */
	}
}
 

/**
 * get the atsHash index for verification of the provided token.
 *
 * @param signerInformation
 * @param timestampToken
 * @return a re-built ats-hash-index
 */
public Attribute getVerifiedAtsHashIndex(SignerInformation signerInformation, TimestampToken timestampToken) {
	final AttributeTable unsignedAttributes = timestampToken.getUnsignedAttributes();
	ASN1ObjectIdentifier atsHashIndexVersionIdentifier = DSSASN1Utils.getAtsHashIndexVersionIdentifier(unsignedAttributes);
	ASN1Sequence atsHashIndex = DSSASN1Utils.getAtsHashIndexByVersion(unsignedAttributes, atsHashIndexVersionIdentifier);
	if (atsHashIndex == null) {
		LOG.warn("A valid atsHashIndex [oid: {}] has not been found for a timestamp with id {}",
				atsHashIndexVersionIdentifier, timestampToken.getDSSIdAsString());
	}
	
	final AlgorithmIdentifier derObjectAlgorithmIdentifier = getAlgorithmIdentifier(atsHashIndex);
	final ASN1Sequence certificatesHashIndex = getVerifiedCertificatesHashIndex(atsHashIndex);
	final ASN1Sequence crLsHashIndex = getVerifiedCRLsHashIndex(atsHashIndex);
	final ASN1Sequence verifiedAttributesHashIndex = getVerifiedUnsignedAttributesHashIndex(signerInformation, atsHashIndex, 
			atsHashIndexVersionIdentifier);
	return getComposedAtsHashIndex(derObjectAlgorithmIdentifier, certificatesHashIndex, crLsHashIndex, 
			verifiedAttributesHashIndex, atsHashIndexVersionIdentifier);
}
 

/**
 * The field unsignedAttrsHashIndex is a sequence of octet strings. Each one contains the hash value of one
 * instance of Attribute within unsignedAttrs field of the SignerInfo. A hash value for every instance of
 * Attribute, as present at the time when the corresponding archive time-stamp is requested, shall be included in
 * unsignedAttrsHashIndex. No other hash values shall be included in this field.
 *
 * @param signerInformation {@link SignerInformation}
 * @param atsHashIndexVersionIdentifier {@link ASN1ObjectIdentifier} of the ats-hash-index table version to create
 * @return
 */
private ASN1Sequence getUnsignedAttributesHashIndex(SignerInformation signerInformation, ASN1ObjectIdentifier atsHashIndexVersionIdentifier) {

	final ASN1EncodableVector unsignedAttributesHashIndex = new ASN1EncodableVector();
	AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
	final ASN1EncodableVector asn1EncodableVector = unsignedAttributes.toASN1EncodableVector();
	for (int i = 0; i < asn1EncodableVector.size(); i++) {
		final Attribute attribute = (Attribute) asn1EncodableVector.get(i);
		if (!excludedAttributesFromAtsHashIndex.contains(attribute.getAttrType())) {
			List<DEROctetString> attributeDerOctetStringHashes = getAttributeDerOctetStringHashes(attribute, atsHashIndexVersionIdentifier);
			for (DEROctetString derOctetStringDigest : attributeDerOctetStringHashes) {
				unsignedAttributesHashIndex.add(derOctetStringDigest);
			}
		}
	}
	return new DERSequence(unsignedAttributesHashIndex);
}
 

public AttributeTable getSignedAttributes(final CAdESSignatureParameters parameters) {
	if (Utils.isArrayNotEmpty(parameters.getSignedData())) {
		LOG.debug("Using explict SignedAttributes from parameter");
		return CMSUtils.getAttributesFromByteArray(parameters.getSignedData());
	}

	ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
	addSigningCertificateAttribute(parameters, signedAttributes);
	addSigningTimeAttribute(parameters, signedAttributes);
	addSignerAttribute(parameters, signedAttributes);
	addSignaturePolicyId(parameters, signedAttributes);
	addContentHints(parameters, signedAttributes);
	addContentIdentifier(parameters, signedAttributes);
	addCommitmentType(parameters, signedAttributes);
	addSignerLocation(parameters, signedAttributes);
	addContentTimestamps(parameters, signedAttributes);

	// mime-type attribute breaks parallel signatures by adding PKCS7 as a mime-type for subsequent signers.
	// This attribute is not mandatory, so it has been disabled.

	return new AttributeTable(signedAttributes);
}
 

@Override
public List<Timestamp> checkTimeStampOnSignature(byte[] signature) {
	try {
		Security.addProvider(new BouncyCastleProvider());
		List<Timestamp> listOfTimeStamp = new ArrayList<Timestamp>();
		CMSSignedData cmsSignedData = new CMSSignedData(signature);
		SignerInformationStore signers = cmsSignedData.getSignerInfos();
		Iterator<?> it = signers.getSigners().iterator();
		while (it.hasNext()) {
			SignerInformation signer = (SignerInformation) it.next();
			AttributeTable unsignedAttributes = signer
					.getUnsignedAttributes();
			Attribute attributeTimeStamp = unsignedAttributes
					.get(new ASN1ObjectIdentifier(
							PKCSObjectIdentifiers.id_aa_signatureTimeStampToken
									.getId()));
			if (attributeTimeStamp != null) {
				TimeStampOperator timeStampOperator = new TimeStampOperator();
				byte[] varTimeStamp = attributeTimeStamp.getAttrValues()
						.getObjectAt(0).toASN1Primitive().getEncoded();
				TimeStampToken timeStampToken = new TimeStampToken(
						new CMSSignedData(varTimeStamp));
				Timestamp timeStampSigner = new Timestamp(timeStampToken);
				timeStampOperator.validate(signer.getSignature(),
						varTimeStamp, null);
				listOfTimeStamp.add(timeStampSigner);
			}
		}
		return listOfTimeStamp;
	} catch (CertificateCoreException | IOException | TSPException
			| CMSException e) {
		throw new SignerException(e);
	}		
}
 

private static String getPrintableStringAttrValue(AttributeTable attrs,
    ASN1ObjectIdentifier type) throws MessageDecodingException {
  ASN1Encodable value = ScepUtil.getFirstAttrValue(attrs, type);
  if (value instanceof DERPrintableString) {
    return ((DERPrintableString) value).getString();
  } else if (value != null) {
    throw new MessageDecodingException("the value of attribute " + type.getId()
      + " is not PrintableString");
  } else {
    return null;
  }
}
 

@Test
public void isEmpty() {
	assertTrue(DSSASN1Utils.isEmpty(null));
	assertTrue(DSSASN1Utils.isEmpty(new AttributeTable(new Hashtable<>())));
	Hashtable<ASN1ObjectIdentifier, Object> nonEmpty = new Hashtable<>();
	nonEmpty.put(new ASN1ObjectIdentifier("1.2.3.4.5"), 4);
	assertFalse(DSSASN1Utils.isEmpty(new AttributeTable(nonEmpty)));
}
 

/**
 * This method creates a builder of SignerInfoGenerator
 *
 * @param digestCalculatorProvider
 *            the digest calculator (can be pre-computed)
 * @param parameters
 *            the parameters of the signature containing values for the attributes
 * @param includeUnsignedAttributes
 *            true if the unsigned attributes must be included
 * @return a SignerInfoGeneratorBuilder that generate the signed and unsigned attributes according to the
 *         CAdESLevelBaselineB
 */
SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DigestCalculatorProvider digestCalculatorProvider, final CAdESSignatureParameters parameters,
		final boolean includeUnsignedAttributes) {

	final CAdESLevelBaselineB cadesProfile = new CAdESLevelBaselineB();
	final AttributeTable signedAttributes = cadesProfile.getSignedAttributes(parameters);

	AttributeTable unsignedAttributes = null;
	if (includeUnsignedAttributes) {
		unsignedAttributes = cadesProfile.getUnsignedAttributes();
	}
	return getSignerInfoGeneratorBuilder(digestCalculatorProvider, signedAttributes, unsignedAttributes);
}
 

@Test
public void findArchiveTimeStampTokensTest() {
	ASN1EncodableVector asn1EncodableVector = new ASN1EncodableVector();
	
	String atstV2 = "MIIIcgYJKoZIhvcNAQcCoIIIYzCCCF8CAQMxDzANBglghkgBZQMEAgEFADCCARMGCyqGSIb3DQEJEAEEoIIBAgSB/zCB/AIBAQYKKwYBBAH7SwUCAjAxMA0GCWCGSAFlAwQCAQUABCAm67S7cA/ArzsncKnDKJk7AQVkbbH2LmjhxjNFGKEKeAIVAKQr5q6pobk+BGS1xZJBa0LrWjgtGBMyMDE4MDUwNzE0MTMxNy41OTNaMAOAAQECCQDdRKjMw1Tj/aB8pHoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjExHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUqCCBGAwggRcMIIDRKADAgECAhBaH/CXaf7oPTjm1eRV0Qf/MA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTAeFw0xODA0MjYxNjE5MjZaFw0yNDA0MjYxNjE5MjZaMHgxKTAnBgNVBAMTIFVuaXZlcnNpZ24gVGltZXN0YW1waW5nIFVuaXQgMDIxMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDELMAkGA1UEBhMCRlIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQMcsEWLDspCSdwPsmLqo/JwAbZG/dKvJmZEDhMFQti8RSm1GYqyh+tqrLFxEbLZod7o61Qp5j6DivuhnBrqwztlUYih7hJfMcYbwPeU6tDk1MOvXFtU/H5swTnZOU87ub/NItmxqm51jPmFhJZJG6UAuPskZbZaSJWmeKGTnj9xTy4trxz2f7dd1d/WWx8vhqcJ8WqQOc8mUGdRrkLZ5gPBVvRrZzb6PzgQuPB4UBS2ijufG6kPtPXM4yMHYYUmA9rujiJ2f/FKyA4ZNV411uFjTrPRFIuIrwUXNiV6f9EUAW2UqPYl4moxx1/jj7hS3ErxjmDh3/uwiqulaytosFAgMBAAGjgeIwgd8wCQYDVR0TBAIwADBBBgNVHSAEOjA4MDYGCisGAQQB+0sFAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC51bml2ZXJzaWduLmV1L3VuaXZlcnNpZ25fdHNhX3Jvb3RfMjAxNS5jcmwwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMB8GA1UdIwQYMBaAFPpN7Vc7vT/zkTOaCzmkf10S3QdGMA0GCSqGSIb3DQEBCwUAA4IBAQBWR3oSNvA0PY+MArWaEHJYSYCLZQlviCVnpbH7Oc9HEFU6CdzWnYsC/fnM5z7i/1OqSn/BId7n2e86M9aZ5ADfi0frJxys2OxxvitopvTzS5+He63IDCrkUNbGcqJ8w/nm3egoSALfC1jcCOODp3mdYjG8u2m8izdvnL6PSIQH204eDUNG2mfdq+4/3dP5frtLetRth0GIGyfCfbAk9JQuLYccnmCxM61MUGb3lKAwcOdkXYO/cb41eEvcqc0XZAzFOJynZX++CKz59vxu7yGUdvJ/B3r8wT5h7nYy69cVdD2dciMPZ6q4CL7OFbHekML0zMzGGq9RCueM3g96+wgcMYICzDCCAsgCAQEwgYswdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhBaH/CXaf7oPTjm1eRV0Qf/MA0GCWCGSAFlAwQCAQUAoIIBETAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEINTyZn1Qwk+ObcyBn8lOomMd1ONT4hIgFTENpywHUxbEMIHBBgsqhkiG9w0BCRACDDGBsTCBrjCBqzCBqAQUCPAR2aMafE51hsHQENTQcKe6lWAwgY8we6R5MHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNQIQWh/wl2n+6D045tXkVdEH/zANBgkqhkiG9w0BAQsFAASCAQA4NsVVHBUrIs+zoonsl2eFUVwBehoTZJJvLSp41Q3jdAci2ppTzL/8rsvlv3RwDc6lMcOFDZhSuKOIT8rLXPg050xAglxUzkN0r9WpscQ6/cfJZmvVTf01gERTYuqrLhs5lF2qdEOty+42VeJB4hW/gAunEQxJuOyO1xGRBkgyIQq2t63FcwR/+Qw9IWRByNp15Bdt30HpvmyvhR3y/T4hK/9NatRAxoBIRhHXlwUT15Bphf22bDuOyEJyOYnviAvpcUq0g5v7KQcIJdmk93elzo+n8yIwCS7lm3XhZYLsyocLbQBP6oNCZlrNZ4YL4SuMcP0JWW7jfj/+OzWGax8H";
	ASN1Primitive asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(atstV2));
	Attribute atstV2Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV2, new DERSet(asn1Primitive));
	asn1EncodableVector.add(atstV2Attibute);
	
	String malformedAtstV2 = "MIIIhwYLKoZIhvcNAQkQAjAxggh2MIIIcgYJKoZIhvcNAQcCoIIIYzCCCF8CAQMxDzANBglghkgBZQMEAgEFADCCARMGCyqGSIb3DQEJEAEEoIIBAgSB/zCB/AIBAQYKKwYBBAH7SwUCAjAxMA0GCWCGSAFlAwQCAQUABCAm67S7cA/ArzsncKnDKJk7AQVkbbH2LmjhxjNFGKEKeAIVAKQr5q6pobk+BGS1xZJBa0LrWjgtGBMyMDE4MDUwNzE0MTMxNy41OTNaMAOAAQECCQDdRKjMw1Tj/aB8pHoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjExHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUqCCBGAwggRcMIIDRKADAgECAhBaH/CXaf7oPTjm1eRV0Qf/MA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTAeFw0xODA0MjYxNjE5MjZaFw0yNDA0MjYxNjE5MjZaMHgxKTAnBgNVBAMTIFVuaXZlcnNpZ24gVGltZXN0YW1waW5nIFVuaXQgMDIxMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDELMAkGA1UEBhMCRlIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQMcsEWLDspCSdwPsmLqo/JwAbZG/dKvJmZEDhMFQti8RSm1GYqyh+tqrLFxEbLZod7o61Qp5j6DivuhnBrqwztlUYih7hJfMcYbwPeU6tDk1MOvXFtU/H5swTnZOU87ub/NItmxqm51jPmFhJZJG6UAuPskZbZaSJWmeKGTnj9xTy4trxz2f7dd1d/WWx8vhqcJ8WqQOc8mUGdRrkLZ5gPBVvRrZzb6PzgQuPB4UBS2ijufG6kPtPXM4yMHYYUmA9rujiJ2f/FKyA4ZNV411uFjTrPRFIuIrwUXNiV6f9EUAW2UqPYl4moxx1/jj7hS3ErxjmDh3/uwiqulaytosFAgMBAAGjgeIwgd8wCQYDVR0TBAIwADBBBgNVHSAEOjA4MDYGCisGAQQB+0sFAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC51bml2ZXJzaWduLmV1L3VuaXZlcnNpZ25fdHNhX3Jvb3RfMjAxNS5jcmwwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMB8GA1UdIwQYMBaAFPpN7Vc7vT/zkTOaCzmkf10S3QdGMA0GCSqGSIb3DQEBCwUAA4IBAQBWR3oSNvA0PY+MArWaEHJYSYCLZQlviCVnpbH7Oc9HEFU6CdzWnYsC/fnM5z7i/1OqSn/BId7n2e86M9aZ5ADfi0frJxys2OxxvitopvTzS5+He63IDCrkUNbGcqJ8w/nm3egoSALfC1jcCOODp3mdYjG8u2m8izdvnL6PSIQH204eDUNG2mfdq+4/3dP5frtLetRth0GIGyfCfbAk9JQuLYccnmCxM61MUGb3lKAwcOdkXYO/cb41eEvcqc0XZAzFOJynZX++CKz59vxu7yGUdvJ/B3r8wT5h7nYy69cVdD2dciMPZ6q4CL7OFbHekML0zMzGGq9RCueM3g96+wgcMYICzDCCAsgCAQEwgYswdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhBaH/CXaf7oPTjm1eRV0Qf/MA0GCWCGSAFlAwQCAQUAoIIBETAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEINTyZn1Qwk+ObcyBn8lOomMd1ONT4hIgFTENpywHUxbEMIHBBgsqhkiG9w0BCRACDDGBsTCBrjCBqzCBqAQUCPAR2aMafE51hsHQENTQcKe6lWAwgY8we6R5MHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNQIQWh/wl2n+6D045tXkVdEH/zANBgkqhkiG9w0BAQsFAASCAQA4NsVVHBUrIs+zoonsl2eFUVwBehoTZJJvLSp41Q3jdAci2ppTzL/8rsvlv3RwDc6lMcOFDZhSuKOIT8rLXPg050xAglxUzkN0r9WpscQ6/cfJZmvVTf01gERTYuqrLhs5lF2qdEOty+42VeJB4hW/gAunEQxJuOyO1xGRBkgyIQq2t63FcwR/+Qw9IWRByNp15Bdt30HpvmyvhR3y/T4hK/9NatRAxoBIRhHXlwUT15Bphf22bDuOyEJyOYnviAvpcUq0g5v7KQcIJdmk93elzo+n8yIwCS7lm3XhZYLsyocLbQBP6oNCZlrNZ4YL4SuMcP0JWW7jfj/+OzWGax8H";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(malformedAtstV2));
	Attribute malformedAtstV2Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV2, new DERSet(asn1Primitive));
	asn1EncodableVector.add(malformedAtstV2Attibute);
	
	String atstV3 = "MIIJWwYJKoZIhvcNAQcCoIIJTDCCCUgCAQMxDzANBglghkgBZQMEAgMFADCB/gYLKoZIhvcNAQkQAQSgge4EgeswgegCAQEGBgQAj2cBATAxMA0GCWCGSAFlAwQCAQUABCCn0cRUUvQwpjtFZ8VAx0nzxzu3gZ2Ymqcp87qgiY/4OQIIXuTHubzkaM4YDzIwMjAwNDExMTIzNDQwWjADAgEBAgiO+SBfQ41ZO6B+pHwwejEnMCUGA1UEAwweU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWSAyMDIwMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEMMAoGA1UECwwDVFNBMRswGQYDVQQKDBJTSyBJRCBTb2x1dGlvbnMgQVMxCzAJBgNVBAYTAkVFoIIEGjCCBBYwggL+oAMCAQICEGI2fXRa2UOrXaRQuV4/+m4wDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxKDAmBgNVBAMMH0VFIENlcnRpZmljYXRpb24gQ2VudHJlIFJvb3QgQ0ExGDAWBgkqhkiG9w0BCQEWCXBraUBzay5lZTAeFw0xOTEyMzEyMjAwMDBaFw0yNDEyMzEyMjAwMDBaMHoxJzAlBgNVBAMMHlNLIFRJTUVTVEFNUElORyBBVVRIT1JJVFkgMjAyMDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxDDAKBgNVBAsMA1RTQTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMQswCQYDVQQGEwJFRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXTh6Dv8RAF1WHepuuEISh6DWYU+S/sBJDufQx+CvJVta//5BCbrH2OtMw2PKPbPeh2AAnEDkfWJbYN0953qkWSeRhD7ebhcwls7kncsSFjGnMbv7EmGpZ+G6mwnfezC+KlXb8DxizRkbvFLbstCcocrqASAh1HIMsNTtgE5XPvec3YRryqteYGsxl06VVGIC6SJ5AoadaI2Qr/1hXSjd3TRgebap98bHX1Hxg1sXuICxRS3l48aNKU9mPuYSRdfq/j5ZWUZ7tSylxHKx8Xssmfii+sEi1Mr38WfvuYXdMEdaQp1YGfoX2GhmfmBkSV7YiAPAxanimeqgIQPGur/fUCAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKg+Cij+kSqhnWH1zZU9+aXNRpIxMB8GA1UdIwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL2FpYS5zay5lZS9DQTANBgkqhkiG9w0BAQsFAAOCAQEACdOkKf5IjoXDWxLA1FRny7lcnCoxG6xhjFpwI9fEtPGlse4o17Qw/ZmOQsbUVJfSG4wf3spf0bfEQ1VEbSIqIjXJJMQv2zh8Ygo9ljQr0caPBk/6p+DNb1f0svL8Mf2ZWLGa5UZ7qO/3aj7EMsSIERm1Kddm1SjuCkG+AzTnAOig8HD3ds7+JwU/+F1u6g9O7KVvSz1ShL7DlNTFdbc54w9JQuWS+uxXQfJChCQm2zX6lS1QTmIwaKXLeas0yyzweS05lfCNvNV80xKnhcWxcvsKO1Tk+it+jmEnfvQpz59jP5elX60gotzr2lnKvpYIBkdZEMw7EuJTdSaMmand/TGCBBEwggQNAgEBMIGJMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUCEGI2fXRa2UOrXaRQuV4/+m4wDQYJYIZIAWUDBAIDBQCgggFNMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjAwNDExMTIzNDQwWjBPBgkqhkiG9w0BCQQxQgRAH9gYJ4dHC7QWYpAOC+dYActRLeKsE0lMir0l78LMHQaKYrby5Kkz0wJXGSgKqhkrNK+gzv/uFGBIdudAa6PilDCBvwYLKoZIhvcNAQkQAgwxga8wgawwgakwgaYEFByzCZkAs/MvzNPr/6e11uQdAcXVMIGNMHmkdzB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlAhBiNn10WtlDq12kULleP/puMA0GCSqGSIb3DQEBAQUABIIBALxEsyppFT3s3s0LFdo+xDC65viHa8yIi94z6WPczKq1Prf56SYrUmF72sDTHVnfRshFtOd+0trRXxHOB124UPsgTOpTzt2SKotduV3lHvKVPN1IFuHHSB9jJZXtnFQ4O1ePmjWWTFZ3kU0Uk6SWdPKEergwbL08AFVcucnBa/UdDN30xrit7YaW16UNQyvFSt9TTx8LL2mJvl1tjDrKn9V9ua4+B31nsYF6XT2ypfEaXZV1pEWqA20+RRcCctdMXSQl7UTx0L0BCfTBRsd86Me/Dk9J1yJkEeOKXfsTEtnKAQThjWtw4qGtswyqeCKh+EMCe62B5ZC+1bZTlohfD1GhggEHMIIBAwYGBACNRQIFMYH4MIH1MGYEIK3f+m/QgJpUqfCzH9JfdL9/LXrhHID9mdqg+2A6Zc0OBCCkXt47u/CciuFccu/AcmjWk6IcmW/VHmfKB5Rg/W2IcwQgYMHF0qMQHKR1OJ2F1UQbg+HTVL+OJeft+dR5H4CzDtowADCBiAQgvqmBrWZOoI5LCE6ZgL6B1pSwGikyP/Gpw87i+EyQp0cEIHmnEgy9yobW4GAfAad4eiVXn6pdMKNizXvUwzqd/eyKBCBu1yd6G1zNfHMHbTc/VvEe5Q85N/6gpJekpgWhLuBQxQQg3WcimJCwZgUxiFzPw7zMX8F4+FTiNC/lXpKaOmvbSQE=";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(atstV3));
	Attribute atstV3Attibute = new Attribute(OID.id_aa_ets_archiveTimestampV3, new DERSet(asn1Primitive));
	asn1EncodableVector.add(atstV3Attibute);
	
	String sigTst = "MIIVJQYJKoZIhvcNAQcCoIIVFjCCFRICAQMxDzANBglghkgBZQMEAgEFADCCARMGCyqGSIb3DQEJEAEEoIIBAgSB/zCB/AIBAQYKKwYBBAH7SwUCAjAxMA0GCWCGSAFlAwQCAQUABCBT2S93XuvGV5XB9P74rlXpEBNQw7v+LkhVqlWcwyGgDwIVAKzJneGO+8crMY8T0qaCcD2284U4GBMyMDE4MDUwNzE0MTMxMS4xMDRaMAOAAQECCQDAIEqncxQduqB8pHoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjAxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUqCCBGEwggRdMIIDRaADAgECAhEArBfUtF0gHC6S0qdGjvl/XDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJGUjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxKDAmBgNVBAMTH1VuaXZlcnNpZ24gVGltZXN0YW1waW5nIENBIDIwMTUwHhcNMTgwNDI2MTYxMDIxWhcNMjQwNDI2MTYxMDIxWjB4MSkwJwYDVQQDEyBVbml2ZXJzaWduIFRpbWVzdGFtcGluZyBVbml0IDAyMDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxCzAJBgNVBAYTAkZSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6X5QfrFNO3B94xi9xV9dJ7jrV62qDK8MZ6x+3tKmXYBb0TIdXwki3ODlgBVxx2AK5mJ7QuJow3Sbd233utmKG14LNeeWGA1/X8XDD4N+iUTaCeZr5HUv4lRn8sTBtAeaDTEk1tThkNiG8+mxlSGaMEWFA4gzWGatmy5XzjstA0InCzQ0NhH4H4i3RCWO3VJeV/2pMrmbDhu08tufmkaazCo5yW+Wd/3uJYNoVLOKRGNlg8M94obfpEtbdIW/cN4uN9Q2kjA1mo8RZYIcZj401ENRpy5HTD4iXRABKAD+3PARE9y92mgB2PRc4552dR2N1VMC46u5I1nW9vpiLHQXwIDAQABo4HiMIHfMAkGA1UdEwQCMAAwQQYDVR0gBDowODA2BgorBgEEAftLBQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9kb2NzLnVuaXZlcnNpZ24uZXUvMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwudW5pdmVyc2lnbi5ldS91bml2ZXJzaWduX3RzYV9yb290XzIwMTUuY3JsMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAfBgNVHSMEGDAWgBT6Te1XO70/85Ezmgs5pH9dEt0HRjANBgkqhkiG9w0BAQsFAAOCAQEAM1pmbLsBnQ6wIo+eZA7Gm9sgVPFkV6sT/jKzI+VV31/XluCt4FZ6QrQxpNnfYLcKW/aTlLfXv3tZxfPoSaSRo0UdwQB62wKHKK1Ht2rrDLNg/GXJFUgGbyVHd8JohphxSgahdqKZwjKw6Bz5Guq+BxeJnseLbI2a2mDQNXNWdgBLkSNIlwayNxOUW1w2oSXsvUWo/QOqwbBb+yN5/UFHNMMHQgysi2ICRXfO9VcTrtTALyXwO0lq95v4oEK+EvbBwGKN+KVfMh3AEGDvD+u0tpMMVQWqfha9aThu6hARJtvtYrQo0z0xxI8Xw6XI2CCSDJKCii5fvS3085kQYxnJnTGCD34wgg96AgEBMIGMMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNQIRAKwX1LRdIBwuktKnRo75f1wwDQYJYIZIAWUDBAIBBQCgggESMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgmaKGszakb6yDvyWo9JyI97mmtwpCk3ymtFDpZCtGjNYwgcIGCyqGSIb3DQEJEAIMMYGyMIGvMIGsMIGpBBQeNoFgPxJGsxWx1FHS7k2Xb23nMTCBkDB7pHkwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhEArBfUtF0gHC6S0qdGjvl/XDANBgkqhkiG9w0BAQsFAASCAQB0l5gdcsr2if0E2vC+4HjED6vcmjX3jB6sz9pFeXad5RQaF/9KcnUPFfpBRldkl8WQmmpcNLo0c8xnG+YluDM3rxIju6IIkEMnkdAq5qW964r7mWnlHszekWPF85bNNoGNUBfTaAz0JYlMmtl//WtTjg/mXms1XKmOd/+Ec62BWlm8PrVjwSqZbMi8L20tLxM616pXWhbw5Zy4BIUhLZavQlynM/NYUwM1uxB+J40JJ59JbeZtMidXZkBp+M9Md3cOInDcARNysoeNewaJaMgLxdksHSDIuABeksKDCXUe80xXllZt1gTkQNSuThBr8qq+pA4R4hE0Un7hsSp4TaF4oYIMrDCB+wYLKoZIhvcNAQkQAhUxgeswgegwgeUwUTANBglghkgBZQMEAgMFAARA2T0WGDDbckV+bHZCcJ2LZcuu0P9BNqb+N6LA8zedQ5noDNOFgvL7lj8rZZELHM3BovZvY/Fqmx02Vfy4ij96nTCBjzB7pHkwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1AhA/y6YTRhSkT/KEuIyBp6ikMIIBDgYLKoZIhvcNAQkQAhYxgf4wgfswgfigge8wgewwgekwgeYwUTANBglghkgBZQMEAgMFAARAYKPiFQeLbxNNz+1FB7Cqtl1qxS7Sq3hKf7s1SGXWO2HPf/LRo6murVuOMWS8aEGKSqRXoowRig8aNN6vDTMWyTCBkDB3MQswCQYDVQQGEwJGUjEgMB4GA1UEChMXQ3J5cHRvbG9nIEludGVybmF0aW9uYWwxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxKDAmBgNVBAMTH1VuaXZlcnNpZ24gVGltZXN0YW1waW5nIENBIDIwMTUXDTE4MDUwNTA2MzAzMFoCBgFLxlnQ86EEMAIwADCCAhsGCyqGSIb3DQEJEAIYMYICCjCCAgagggH+MIIB+jCCAfYwgd8CAQEwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1Fw0xODA1MDUwNjMwMzBaFw0xODA1MTIwNTMwMzBaoDQwMjAfBgNVHSMEGDAWgBT6Te1XO70/85Ezmgs5pH9dEt0HRjAPBgNVHRQECAIGAUvGWdDzMA0GCSqGSIb3DQEBCwUAA4IBAQAvn4IvU5VVPw2iCZs2C3EvEftqz2o9ex4Esu8Xpk+mvGU/eDH/1Z4sZQZIObiBZ+eestigPy0+qCEHHCnqMHKJVvzMekDhzggnuieXk+FWJZL52mCyXcPXybfFWKC8tVi41RBGThBQw7dpnVY6lPx7e1J00Vtn9vFbaSQrZ1HPSV3iyjO9dvM1Um+ekg6EmJTrsEyfJm1msdtdJQ9Jl1KyZdrxXDBS3pOcJ3NjsrdLT+7mTOj+LB3DuouvO2wiB3VeI6ZgR5FSMNiPAAo7NniH7axSoukWHMgt5bxKQx2oINmvImwzTh8pS+eN84e9gT3G68UOppoRFdY6LuAo4yxroQIwADCCCHkGCyqGSIb3DQEJEAIXMYIIaDCCCGQwggP/MIIC56ADAgECAhA/y6YTRhSkT/KEuIyBp6ikMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTAeFw0xNTAxMjkxNDAzMTVaFw0yNTAxMjkxNDAzMTVaMHcxCzAJBgNVBAYTAkZSMSAwHgYDVQQKExdDcnlwdG9sb2cgSW50ZXJuYXRpb25hbDEcMBoGA1UECxMTMDAwMiA0MzkxMjkxNjQwMDAyNjEoMCYGA1UEAxMfVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgQ0EgMjAxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhzVUnr1bvSiN7C0psItn4/xsMBUnWq6POAhkS+bXkZhfsmn4eX2vDEF2zBJnxLkD/H7SPpgw4cfRn6IaXrj37QYZfWB0C6i9ApKGy8tLMP/Bog3GRddNVekBbdXh2cKBxveppX+k701OT+x1EnEzyVS1a4PtMQB8vPPtRyXqAGMNMDQbP4C1SQ1Y9yh8Ja4N+JIM46nIrBLGi917pJHAd1NdciILYOmF9+Ouvvgy8tvQtrkkBTCYksgfjaP9+uBl5aTXjzAszAFb6W+sgm0/Pt4c21OU19AuuaYkdbiX7K9Ox0kkOztBi1/MFM2DXOpXx6j+EfEVMUnz9P3BOYQ0kCAwEAAaOBhjCBgzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBBBgNVHSAEOjA4MDYGCisGAQQB+0sFAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2RvY3MudW5pdmVyc2lnbi5ldS8wHQYDVR0OBBYEFPpN7Vc7vT/zkTOaCzmkf10S3QdGMA0GCSqGSIb3DQEBCwUAA4IBAQBzu53rv3fCB2NHxdzUvju591VNqYjlId85OG1E5+fwkvQe40cp1GC/oI6l2O23pHBARRRf+SbtD4+f4DaAD9eg9+oPSIx8/reQwzKqBqUQ9G/6VdsXDcZIL0FD2zYUvtJy9K4+btUNmGlg3nE3ofvbLjPsGCwNU2GQy7kCJbBtpYX4EfNl6K69gdfTP86BjagfSGW6i+5EBqdB3h05rvdttmFMk8VTOSB4jM6K5hLjbUiICqyOQXC7f6Th0wOph8MpRIhNszKaREOzNHRYY3MgjLY2xMFwpgIeZshX1L7XrmLxiN6StoGNNNJul9u3LzsDVLncLMDYQ3WqeZA/CoV+MIIEXTCCA0WgAwIBAgIRAKwX1LRdIBwuktKnRo75f1wwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCRlIxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMRwwGgYDVQQLExMwMDAyIDQzOTEyOTE2NDAwMDI2MSgwJgYDVQQDEx9Vbml2ZXJzaWduIFRpbWVzdGFtcGluZyBDQSAyMDE1MB4XDTE4MDQyNjE2MTAyMVoXDTI0MDQyNjE2MTAyMVoweDEpMCcGA1UEAxMgVW5pdmVyc2lnbiBUaW1lc3RhbXBpbmcgVW5pdCAwMjAxHDAaBgNVBAsTEzAwMDIgNDM5MTI5MTY0MDAwMjYxIDAeBgNVBAoTF0NyeXB0b2xvZyBJbnRlcm5hdGlvbmFsMQswCQYDVQQGEwJGUjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJel+UH6xTTtwfeMYvcVfXSe461etqgyvDGesft7Spl2AW9EyHV8JItzg5YAVccdgCuZie0LiaMN0m3dt97rZihteCzXnlhgNf1/Fww+DfolE2gnma+R1L+JUZ/LEwbQHmg0xJNbU4ZDYhvPpsZUhmjBFhQOIM1hmrZsuV847LQNCJws0NDYR+B+It0Qljt1SXlf9qTK5mw4btPLbn5pGmswqOclvlnf97iWDaFSzikRjZYPDPeKG36RLW3SFv3DeLjfUNpIwNZqPEWWCHGY+NNRDUacuR0w+Il0QASgA/tzwERPcvdpoAdj0XOOednUdjdVTAuOruSNZ1vb6Yix0F8CAwEAAaOB4jCB3zAJBgNVHRMEAjAAMEEGA1UdIAQ6MDgwNgYKKwYBBAH7SwUBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vZG9jcy51bml2ZXJzaWduLmV1LzBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLnVuaXZlcnNpZ24uZXUvdW5pdmVyc2lnbl90c2Ffcm9vdF8yMDE1LmNybDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHwYDVR0jBBgwFoAU+k3tVzu9P/ORM5oLOaR/XRLdB0YwDQYJKoZIhvcNAQELBQADggEBADNaZmy7AZ0OsCKPnmQOxpvbIFTxZFerE/4ysyPlVd9f15bgreBWekK0MaTZ32C3Clv2k5S31797WcXz6EmkkaNFHcEAetsChyitR7dq6wyzYPxlyRVIBm8lR3fCaIaYcUoGoXaimcIysOgc+RrqvgcXiZ7Hi2yNmtpg0DVzVnYAS5EjSJcGsjcTlFtcNqEl7L1FqP0DqsGwW/sjef1BRzTDB0IMrItiAkV3zvVXE67UwC8l8DtJaveb+KBCvhL2wcBijfilXzIdwBBg7w/rtLaTDFUFqn4WvWk4buoQESbb7WK0KNM9McSPF8OlyNggkgySgoouX70t9POZEGMZyZ0=";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(sigTst));
	Attribute sigTstsAttibute = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(asn1Primitive));
	asn1EncodableVector.add(sigTstsAttibute);
	
	String certValues = "MIIL6wYLKoZIhvcNAQkQAhcxggvaMIIL1jCCBZ8wggSHoAMCAQICFDdbittYXdJlQ+xDC4cAUwx+EP2eMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDUzMDE4MTU0OVoXDTIxMDMxNzE4MzMzM1owaDELMAkGA1UEBhMCTkwxIDAeBgNVBAoTF1F1b1ZhZGlzIFRydXN0bGluayBCLlYuMTcwNQYDVQQDEy5RdW9WYWRpcyBFVSBJc3N1aW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlBRBbnMy0pZB34/kk8jnEovgphznCp1JvoZ1DDG/OaCusN1fgkglNJp/Evw+h59cobd/md2BBc3d95yvERP9LEgWYIFxzkm4eqU7TARr926V06gX8T5+4EAusMApvT4rbcbQYaEpcC1HgKmEJd96N3WHtXZdYmkW7y4bd1tJanTMdyudKmUwZKzlkCSNKzU0mV+AP1+DJzCtKiTzM4nBTPFjMrl73/AUf1m9hw7rblA226EEtyjMtfeEfN7zkuXqtXcVbWiQUjEdan8mBLz9miHPTjL0FvggDk/Oa94d6yEX9pbVyjfjrRFbWzIOgeFo5yHUf0qA0TXdgHHGMjHt6aEX2fuAEWkvaEQ4Qi7l/2GvtH+S74ziOtEq2JUtamrF434yYVXzYJLgmYtBXqg/WSazpyExXhNEsGsq6jAbqb4rQbNK7Vg4xux+JvaLPx/qPqpTQCHB3PAw9N1TSJ9XKLP8kyN5IME9A5ss9/8UIlLIHS76nZWQZ3GMcAKFr3C4ixaVrRVg55Vuqs3W1GIxyGgyfjMgD1nclYXG831DZAMOdwE0zV4k8c0HrE4yGdOlN6nrEtCrtpguuyLYIs6JbHVcGkby8NhOatTor2O5dP32FxeW3fVyjxeXmcBejHys/O+TMNY0EK7AfqALC6uKfpNaVd6OlKso3UiK+runT3UCAwEAAaOCASgwggEkMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAowCDAGBgRVHSAAMHEGCCsGAQUFBwEBBGUwYzAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AucXVvdmFkaXNnbG9iYWwuY29tMDUGCCsGAQUFBzAChilodHRwOi8vdHJ1c3QucXVvdmFkaXNnbG9iYWwuY29tL3F2cmNhLmNydDAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUi0tt7dMpuQYZ7Dk5qfCXhGrL798wOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5xdW92YWRpc2dsb2JhbC5jb20vcXZyY2EuY3JsMB0GA1UdDgQWBBRCqOm7Hqee0exyCLFux9EparVQwDANBgkqhkiG9w0BAQsFAAOCAQEAZajTI1M89DmOH/tGsTZE3Naw+CVX2B0j8LvFG9jEUkTYz6Dsw8LfEb+Uid5ifBhC8zjXLH5UhYDBbjExzL3tDoFoXru1SgbS7fwO0ZpdrbP04ej28itV8NZQ1ubk5yuX5hbacGZxaN9/yD05YOMmWsgpcZNwfx+vJRdb27d/uiSmCZEroXUV5P51/M3OTFzUcgLAwWTuerzTAZKHxaIyqRtBr+g6P2GkMKh4A8rh/8nDQ5OpnSnwbclu/8FAXA3T6cMBfOR5WSoOFjjFcTsRl0gfUH1RdkPZBmMcBwWghbbxAXAVVV7TVPSNvL4lOcHu+vrEVA8o5Nx+AjMoGd81njCCBi8wggQXoAMCAQICFHYTs6Bw9lAsrH0sHTtXloeZH/jjMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAk5MMSAwHgYDVQQKExdRdW9WYWRpcyBUcnVzdGxpbmsgQi5WLjE3MDUGA1UEAxMuUXVvVmFkaXMgRVUgSXNzdWluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMzAeFw0xNjA3MDQxODQyMzhaFw0xOTA3MDQxODQyMzRaMIGuMQswCQYDVQQGEwJCRTEQMA4GA1UECBMHQnJ1c3NlbDESMBAGA1UEBxMJRXR0ZXJiZWVrMRwwGgYDVQQKExNFdXJvcGVhbiBDb21taXNzaW9uMRgwFgYDVQQLEw9ESUdJVCBFU1NJIFRFU1QxGTAXBgNVBCoTEEdlcnRydWQgTWFyaWFubmUxETAPBgNVBAQTCEluZ2VzdGFkMRMwEQYDVQQDDApFQ19MT19URVNUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eTl8wQyRbTTmyikE9q9MXQuF9NR46cZJ/TD43dw7gNqsISg4u5ltOaFDj5WSfMy3yoe4vL315hVd3R6f7asYSXLqWBsJ4n9mbs32yi6cIcbjFsGLwCCRAZQQmLny7GlwGcSzPBYt9KW/89wd58uzfZvqP2Ty4YY4TFmdUvoVXpdoGzL5BLqIqO3IogjFfjLaX0QjEFYKQpCTq+9Py68bJGrS0syFzhCl3KoyEnA5I4aT79kZ1w3oKCTr/6eHxig0+mn4wl3Ku09WcCmK5GfZ3ZyWUa1CmVVdAQ8xp3MInCMSmuI0XIK3nvueGxBgCFYAcrrUGXTo3b3wjckgxfo1wIDAQABo4IBiDCCAYQwWQYDVR0gBFIwUDAIBgYEAIswAQIwRAYKKwYBBAG+WAGDQjA2MDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9yZXBvc2l0b3J5MCQGCCsGAQUFBwEDBBgwFjAKBggrBgEFBQcLAjAIBgYEAI5GAQEwdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92YWRpc2dsb2JhbC5jb20vcXZldWNhZzMuY3J0MA4GA1UdDwEB/wQEAwIGQDAfBgNVHSMEGDAWgBRCqOm7Hqee0exyCLFux9EparVQwDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmV1Y2FnMy5jcmwwHQYDVR0OBBYEFM6QS1LBuAXuLgEbcD7uwVxRNZX4MA0GCSqGSIb3DQEBCwUAA4ICAQBvQC0lq+CzKXkkfYWVlfJBDWFZBf0eY0fGk6leTUMEm5S0m5ACDxKxDRg1h/pL6x6PmjuWS030TjsKUJp4NGMeqbESDd5aXkm2WyVegzKwRaXgDVih/V+cUTAIv7k0xQOMegiFZ4rDD+0HiykmIIFXhOCOo9TbBn7X0je2vHop7YiAXpwjmoZI3tUNlHBSfMmoalXjVc1TTYHFi+5ntUzpLySFnhv7/h16nQQhUXvP37Ob+Ia6EPyOlwz4QeOoBBdUTqhCA3sQjpqvTIRuWp46yoMAZGPEnzB8sB8ddJM/bC0aHcu3viaYZ+tH3UwLOEVs0ebmVouYOhTg543n0u3uXS/ZlgKXSDG7NnUsfg7n717MG94RUQj9FLux7PPENPAaxP9VN8MaX4QQw4ybrVxGlSbZZlcMHL3++U26Nga+Oekasr261b6SAI4ro6amxMIo8pAR38LSwnAbI15mUDv+Ow712yGdf7ezMJkLZp1u/A6WYAsuPU2YbZ7iFofX1ApvGJyDWVv3nVjipjQ/xgcdcKvPwHhaQd4kJ8+LYsiFPehm/7xXSG3dUWkVUgNcAmOzZH10Z9OfPYDJlQgNxJJ+aloYiFtQKuc2+6cT0PwHcMDRICnGKZ+rweMUkI0v9b6fqnZ8OohiSKOVeWwrWqVIKEYZULZryJqdJfZ88LXUoA==";
	asn1Primitive = DSSASN1Utils.toASN1Primitive(Utils.fromBase64(certValues));
	Attribute certValuesAttibute = new Attribute(PKCSObjectIdentifiers.id_aa_ets_certValues, new DERSet(asn1Primitive));
	asn1EncodableVector.add(certValuesAttibute);
	
	AttributeTable attributeTable = new AttributeTable(asn1EncodableVector);
	List<TimeStampToken> timeStampTokens = DSSASN1Utils.findArchiveTimeStampTokens(attributeTable);
	
	assertEquals(2, timeStampTokens.size());
}
 

private Attribute getSignedAttribute(ASN1ObjectIdentifier oid) {
	final AttributeTable signedAttributes = signerInformation.getSignedAttributes();
	if (signedAttributes == null) {
		return null;
	}
	return signedAttributes.get(oid);
}
 

/**
 * The field unsignedAttrsHashIndex is a sequence of octet strings. Each one contains the hash value of one
 * instance of Attribute within unsignedAttrs field of the SignerInfo. A hash value for every instance of
 * Attribute, as present at the time when the corresponding archive time-stamp is requested, shall be included in
 * unsignedAttrsHashIndex. No other hash values shall be included in this field.
 *
 * We check that every hash attribute found in the timestamp token is found if the signerInformation.
 *
 * If there is more unsigned attributes in the signerInformation than present in the hash attributes list
 * (and there is at least the archiveTimestampAttributeV3), we don't report any error nor which attributes are
 * signed by the timestamp.
 * If there is some attributes that are not present or altered in the signerInformation, we just return some empty
 * sequence to make
 * sure that the timestamped data will not match. We do not report which attributes hash are present if any.
 *
 * If there is not attribute at all in the archive timestamp hash index, that would means we didn't check anything.
 *
 * @param signerInformation
 * @param timestampHashIndex
 * @return
 */
@SuppressWarnings("unchecked")
private ASN1Sequence getVerifiedUnsignedAttributesHashIndex(SignerInformation signerInformation, final ASN1Sequence timestampHashIndex, 
		ASN1ObjectIdentifier atsHashIndexVersionIdentifier) {
	
	final ASN1Sequence unsignedAttributesHashes = DSSASN1Utils.getUnsignedAttributesHashIndex(timestampHashIndex);
	
	final List<DEROctetString> timestampUnsignedAttributesHashesList = new ArrayList<>();
	if (unsignedAttributesHashes != null) {
		timestampUnsignedAttributesHashesList.addAll(Collections.list(unsignedAttributesHashes.getObjects()));
	}
	AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation);
	final ASN1EncodableVector asn1EncodableVector = unsignedAttributes.toASN1EncodableVector();
	for (int i = 0; i < asn1EncodableVector.size(); i++) {
		final Attribute attribute = (Attribute) asn1EncodableVector.get(i);
		List<DEROctetString> attributeDerOctetStringHashes = getAttributeDerOctetStringHashes(attribute, atsHashIndexVersionIdentifier);
		for (DEROctetString derOctetStringDigest : attributeDerOctetStringHashes) {
			final ASN1ObjectIdentifier attrType = attribute.getAttrType();
			if (timestampUnsignedAttributesHashesList.remove(derOctetStringDigest)) {
				// attribute present in signature and in timestamp
				LOG.debug("Attribute {} present in timestamp", attrType.getId());
			} else {
				LOG.debug("Attribute {} not present in timestamp", attrType.getId());
			}
		}
	}
	if (!timestampUnsignedAttributesHashesList.isEmpty()) {
		LOG.error("{} attribute(s) hash in Timestamp has not been found in document attributes: {}", timestampUnsignedAttributesHashesList.size(),
				timestampUnsignedAttributesHashesList);
		// return a empty DERSequence to screw up the hash
		return new DERSequence();
	}
	// return the original DERSequence
	return unsignedAttributesHashes;
}
 

private static Nonce getNonceAttrValue(AttributeTable attrs, ASN1ObjectIdentifier type)
    throws MessageDecodingException {
  ASN1Encodable value = ScepUtil.getFirstAttrValue(attrs, type);
  if (value instanceof ASN1OctetString) {
    byte[] bytes = ((ASN1OctetString) value).getOctets();
    return new Nonce(bytes);
  } else if (value != null) {
    throw new MessageDecodingException("the value of attribute " + type.getId()
      + " is not OctetString");
  } else {
    return null;
  }
}
 

private AttributeTable getUnsignedAttributes() {
  if (unsignedAttributes.isEmpty()) {
    return null;
  }
  ASN1EncodableVector vec = new ASN1EncodableVector();

  for (ASN1ObjectIdentifier type : unsignedAttributes.keySet()) {
    addAttribute(vec, type, unsignedAttributes.get(type));
  }
  return new AttributeTable(vec);
}
 

private AttributeTable getSignedAttributes() {
  ASN1EncodableVector vec = new ASN1EncodableVector();
  // messageType
  addAttribute(vec, ScepObjectIdentifiers.ID_MESSAGE_TYPE,
      new DERPrintableString(Integer.toString(messageType.getCode())));

  // senderNonce
  addAttribute(vec, ScepObjectIdentifiers.ID_SENDER_NONCE,
      new DEROctetString(senderNonce.getBytes()));

  // transactionID
  addAttribute(vec, ScepObjectIdentifiers.ID_TRANSACTION_ID,
      new DERPrintableString(transactionId.getId()));

  // failInfo
  if (failInfo != null) {
    addAttribute(vec, ScepObjectIdentifiers.ID_FAILINFO,
        new DERPrintableString(Integer.toString(failInfo.getCode())));
  }

  // pkiStatus
  if (pkiStatus != null) {
    addAttribute(vec, ScepObjectIdentifiers.ID_PKI_STATUS,
        new DERPrintableString(Integer.toString(pkiStatus.getCode())));
  }

  // recipientNonce
  if (recipientNonce != null) {
    addAttribute(vec, ScepObjectIdentifiers.ID_RECIPIENT_NONCE,
        new DEROctetString(recipientNonce.getBytes()));
  }

  for (ASN1ObjectIdentifier type : signedAttributes.keySet()) {
    addAttribute(vec, type, signedAttributes.get(type));
  }
  return new AttributeTable(vec);
}
 

/**
 * @param cadesSignature
 */
private void assertExtendSignaturePossible(CAdESSignature cadesSignature) throws DSSException {
	final String exceptionMessage = "Cannot extend signature. The signedData is already extended with [%s].";
	if (SignatureLevel.CAdES_BASELINE_LTA.equals(cadesSignature.getDataFoundUpToLevel())) {
		throw new DSSException(String.format(exceptionMessage, "CAdES LTA"));
	}
	AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(cadesSignature.getSignerInformation());
	if (unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_ets_escTimeStamp) != null) {
		throw new DSSException(String.format(exceptionMessage, PKCSObjectIdentifiers.id_aa_ets_escTimeStamp.getId()));
	}
}
 

public static AttributeTable emptyIfNull(AttributeTable original) {
	if (original == null) {
		return new AttributeTable(new Hashtable<ASN1ObjectIdentifier, Attribute>());
	} else {
		return original;
	}
}
 

@Override
protected SignerInformation extendCMSSignature(CMSSignedData signedData, SignerInformation signerInformation, CAdESSignatureParameters parameters)
		throws DSSException {
	final CAdESSignature cadesSignature = newCAdESSignature(signedData, signerInformation, parameters.getDetachedContents());
	assertExtendSignaturePossible(cadesSignature);

	AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation);
	unsignedAttributes = addSignatureTimestampAttribute(signerInformation, unsignedAttributes, parameters);

	return SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes);
}
 

private ExternalSignatureResult simulateExternalSignature(ToBeSigned toBeSigned) {
	ExternalSignatureResult externalSignatureResult = new ExternalSignatureResult();

	// Get hold of signature certificate.
	CertificateToken signingCertificate = getSigningCert();
	externalSignatureResult.setSigningCertificate(signingCertificate);

	DigestAlgorithm digestAlgo = signatureParameters.getDigestAlgorithm();

	// Add the signing-certificate/signing-certificate-v2 attribute to DER encoded SignedAttributes.
	try (ASN1InputStream asn1InputStream = new ASN1InputStream(toBeSigned.getBytes())) {
		DLSet dlSet = (DLSet) asn1InputStream.readObject();
		AttributeTable signedAttribute = new AttributeTable(dlSet);
		ASN1EncodableVector signedAttributeEncodableVector = signedAttribute.toASN1EncodableVector();

		CMSUtils.addSigningCertificateAttribute(signedAttributeEncodableVector, digestAlgo, signingCertificate);

		DERSet signedAttributesData = new DERSet(signedAttributeEncodableVector);

		// Update toBeSigned
		toBeSigned.setBytes(signedAttributesData.getEncoded());
		externalSignatureResult.setSignedData(toBeSigned.getBytes());
	} catch (Exception e) {
		LOG.error("Error while simulating external PAdES signature", e);
	}

	SignatureValue signatureValue = getToken().sign(toBeSigned, digestAlgo, getSignatureParameters().getMaskGenerationFunction(), getPrivateKeyEntry());
	externalSignatureResult.setSignatureValue(signatureValue);

	return externalSignatureResult;
}
 

private AttributeTable addValidationData(AttributeTable unsignedAttributes, final ValidationDataForInclusion validationDataForInclusion,
		final List<DSSDocument> detachedContents) throws IOException, CMSException, TSPException {
	TimeStampToken timestampTokenToExtend = getLastArchiveTimestamp(unsignedAttributes);
	if (timestampTokenToExtend != null) {
		CMSSignedData timestampCMSSignedData = timestampTokenToExtend.toCMSSignedData();
		CMSSignedData extendedTimestampCMSSignedData = cadesProfileLT.extendWithValidationData(
				timestampCMSSignedData, validationDataForInclusion, detachedContents);
				
		unsignedAttributes = replaceTimeStampAttribute(unsignedAttributes, timestampCMSSignedData, extendedTimestampCMSSignedData);
	}
	return unsignedAttributes;
}
 

private TimeStampToken getLastArchiveTimestamp(AttributeTable unsignedAttributes) {
	TimeStampToken lastTimeStampToken = null;
	TimeStampTokenProductionComparator comparator = new TimeStampTokenProductionComparator();
	for (TimeStampToken timeStampToken : DSSASN1Utils.findArchiveTimeStampTokens(unsignedAttributes)) {
		if (lastTimeStampToken == null || comparator.after(timeStampToken, lastTimeStampToken)) {
			lastTimeStampToken = timeStampToken; 
		}
	}
	return lastTimeStampToken;
}
 

private void collectCRLArchivalValues(AttributeTable attributes) {
	final ASN1Encodable attValue = DSSASN1Utils.getAsn1Encodable(attributes, OID.adbe_revocationInfoArchival);
	RevocationInfoArchival revValues = PAdESUtils.getRevocationInfoArchivals(attValue);
	if (revValues != null) {
		for (final CertificateList revValue : revValues.getCrlVals()) {
			try {
				addBinary(CRLUtils.buildCRLBinary(revValue.getEncoded()), RevocationOrigin.ADBE_REVOCATION_INFO_ARCHIVAL);
			} catch (IOException e) {
				LOG.warn("Could not convert CertificateList to CRLBinary : {}", e.getMessage());
			}
		}
	}
}
 

private ExternalSignatureResult simulateExternalSignature(ToBeSigned toBeSigned) {
	ExternalSignatureResult externalSignatureResult = new ExternalSignatureResult();

	// Get hold of signature certificate.
	CertificateToken signingCertificate = getSigningCert();
	externalSignatureResult.setSigningCertificate(signingCertificate);

	DigestAlgorithm digestAlgo = signatureParameters.getDigestAlgorithm();

	// Add the signing-certificate/signing-certificate-v2 attribute to DER encoded SignedAttributes.
	try (ASN1InputStream asn1InputStream = new ASN1InputStream(toBeSigned.getBytes())) {
		DLSet dlSet = (DLSet) asn1InputStream.readObject();
		AttributeTable signedAttribute = new AttributeTable(dlSet);
		ASN1EncodableVector signedAttributeEncodableVector = signedAttribute.toASN1EncodableVector();

		CMSUtils.addSigningCertificateAttribute(signedAttributeEncodableVector, digestAlgo, signingCertificate);

		DERSet signedAttributesData = new DERSet(signedAttributeEncodableVector);

		// Update toBeSigned
		toBeSigned.setBytes(signedAttributesData.getEncoded());
		externalSignatureResult.setSignedData(toBeSigned.getBytes());
	} catch (Exception e) {
		LOG.error("Error while simulating external CAdES signature", e);
	}

	SignatureValue signatureValue = getToken().sign(toBeSigned, getSignatureParameters().getDigestAlgorithm(),
			getSignatureParameters().getMaskGenerationFunction(), getPrivateKeyEntry());
	externalSignatureResult.setSignatureValue(signatureValue);

	return externalSignatureResult;
}
 

public void extractSigningCertificateReferences() {
	AttributeTable signedAttributes = currentSignerInformation.getSignedAttributes();
	if (signedAttributes != null && signedAttributes.size() > 0) {
		final Attribute signingCertificateAttributeV1 = signedAttributes.get(id_aa_signingCertificate);
		if (signingCertificateAttributeV1 != null) {
			extractSigningCertificateV1(signingCertificateAttributeV1);
		}
		final Attribute signingCertificateAttributeV2 = signedAttributes.get(id_aa_signingCertificateV2);
		if (signingCertificateAttributeV2 != null) {
			extractSigningCertificateV2(signingCertificateAttributeV2);
		}
	}
}
 

private void collectRevocationValues(AttributeTable attributes, ASN1ObjectIdentifier revocationValuesAttribute, RevocationOrigin origin) {
	final ASN1Encodable attValue = DSSASN1Utils.getAsn1Encodable(attributes, revocationValuesAttribute);
	RevocationValues revValues = DSSASN1Utils.getRevocationValues(attValue);
	if (revValues != null) {
		for (final CertificateList revValue : revValues.getCrlVals()) {
			addX509CRLHolder(new X509CRLHolder(revValue), origin);
		}
	}
}