// adds unsigned certs & revocation infos (CRL or OCSP) to existing certs & revocation info list // ('certificates' and 'crls' CMS fields) public void appendValidationValues(Collection certificateValues, Collection revocationValues) { try { Store certStore = cmsSignedData.getCertificates(); Store crlStore = cmsSignedData.getCRLs(); if (certificateValues != null && !certificateValues.isEmpty()) { Collection<Certificate> existingCerts = getSignatureCertificateInfo(); Set<Certificate> newCerts = new HashSet<Certificate>(existingCerts); // 'Set' to avoid duplicates newCerts.addAll(certificateValues); certStore = new JcaCertStore(newCerts); } if (revocationValues != null && !revocationValues.isEmpty()) { Collection<CRL> existingCrls = getUnsignedCRLs(); Set<CRL> newCrls = new HashSet<CRL>(existingCrls); // 'Set' to avoid duplicates // FIXME : also add OCSP info (use OtherRevocationInfoFormat of RevocationInfoChoices, see // RFC 3852) for (Object o : revocationValues) { if (o instanceof CRL) newCrls.add((CRL) o); } crlStore = new JcaCRLStore(newCrls); } cmsSignedData = CMSSignedData.replaceCertificatesAndCRLs( cmsSignedData, certStore, cmsSignedData.getAttributeCertificates(), crlStore); } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } }
public CMSSignedDataWrapper(CMSSignedData cmsSignedData) { try { this.cmsSignedData = cmsSignedData; parseCms(); } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } }
public TimestampToken getContentTimestamp() { try { return SignedAttributesHelper.getContentTimestamp(firstSignerInfo.getSignedAttributes()); } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
public byte[] getEncoded() { try { return cmsSignedData.getEncoded(); } catch (IOException e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
// OCSP responses found as signed ID_ADBE_REVOCATION attribute public Set<OCSPResponse> getSignedOCSPResponses() { try { AttributeTable table = firstSignerInfo.getSignedAttributes(); return SignedAttributesHelper.getSignedOCSPResponses(table); } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
// CRLS found as signed ID_ADBE_REVOCATION attribute public Collection<CRL> getSignedCRLs() { try { AttributeTable table = firstSignerInfo.getSignedAttributes(); return SignedAttributesHelper.getSignedCRLs(table); } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
// unsigned OCSPs at the root of CMS structure (outside signerInfos) public Set<OCSPResponse> getUnsignedOCSPResponses() { try { // FIXME : really fetch those values ! Set<OCSPResponse> ocspResponses = new HashSet<OCSPResponse>(); return ocspResponses; } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
public Set<OCSPResponse> getOCSPResponses() { try { Set<OCSPResponse> ocspResponses = getUnsignedOCSPResponses(); ocspResponses.addAll(getSignedOCSPResponses()); return ocspResponses; } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
public Collection<CRL> getCRLs() { Collection<CRL> crls = new HashSet<CRL>(); try { crls.addAll(getUnsignedCRLs()); crls.addAll(getSignedCRLs()); return crls; } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return crls; }
public List<TimestampToken> getSignatureTimestamps() { if (signatureTimeStamps == null) { try { signatureTimeStamps = UnsignedAttributesHelper.getSignatureTimestamps( firstSignerInfo.getUnsignedAttributes()); } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } } return signatureTimeStamps; }
public CertStore getSignatureCRLStore() { try { CertStore crlStore = CertStore.getInstance( "Collection", new CollectionCertStoreParameters(getCRLs()), BouncyCastleProvider.PROVIDER_NAME); return crlStore; } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
public void appendSignatureTimeStamp(byte[] timeStampTokenBytes) { try { AttributeTable at = firstSignerInfo.getUnsignedAttributes(); firstSignerInfo = SignerInformation.replaceUnsignedAttributes( firstSignerInfo, appendTimestampAttribute(timeStampTokenBytes, at)); Collection<SignerInformation> signers = new ArrayList<SignerInformation>(1); signers.add(firstSignerInfo); SignerInformationStore sis = new SignerInformationStore(signers); cmsSignedData = CMSSignedData.replaceSigners(cmsSignedData, sis); } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } }
// unsigned CRLs at the root of CMS structure (outside signerInfos) public Collection<CRL> getUnsignedCRLs() { try { Collection<CertificateList> crlCollection = cmsSignedData.getCRLs().getMatches(null); // Then we need to "cast" from bouncycastle.CertificateList to java.CRL Collection<CRL> x509CrlsCollection = new HashSet<CRL>(crlCollection.size()); for (CertificateList certList : crlCollection) { x509CrlsCollection.add( CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME) .generateCRL(new ByteArrayInputStream(certList.getEncoded()))); } return x509CrlsCollection; } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
public List<Certificate> getSignatureCertificateInfo() { try { Store certificateStore = cmsSignedData.getCertificates(); Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(null); List<Certificate> x509CertsCollection = new ArrayList<Certificate>(certificateCollection.size()); for (X509CertificateHolder certHolder : certificateCollection) { x509CertsCollection.add( CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME) .generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()))); } return x509CertsCollection; } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } return null; }
protected static AttributeTable appendTimestampAttribute( byte[] timeStampTokenBytes, AttributeTable attributeTable) { Hashtable unsignedAttributesHT; if (attributeTable == null) { unsignedAttributesHT = new Hashtable(); } else { unsignedAttributesHT = attributeTable.toHashtable(); } try { UnsignedAttributesHelper.addTimestampAttribute(unsignedAttributesHT, timeStampTokenBytes); } catch (Exception e) { ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e); } attributeTable = new AttributeTable(unsignedAttributesHT); return attributeTable; }