// adds unsigned certs & revocation infos (CRL or OCSP) to existing certs & revocation info list
// ('certificates' and 'crls' CMS fields)
public void appendValidationValues(Collection certificateValues, Collection revocationValues) {
try {
Store certStore = cmsSignedData.getCertificates();
Store crlStore = cmsSignedData.getCRLs();
if (certificateValues != null && !certificateValues.isEmpty()) {
Collection<Certificate> existingCerts = getSignatureCertificateInfo();
Set<Certificate> newCerts =
new HashSet<Certificate>(existingCerts); // 'Set' to avoid duplicates
newCerts.addAll(certificateValues);
certStore = new JcaCertStore(newCerts);
}
if (revocationValues != null && !revocationValues.isEmpty()) {
Collection<CRL> existingCrls = getUnsignedCRLs();
Set<CRL> newCrls = new HashSet<CRL>(existingCrls); // 'Set' to avoid duplicates
// FIXME : also add OCSP info (use OtherRevocationInfoFormat of RevocationInfoChoices, see
// RFC 3852)
for (Object o : revocationValues) {
if (o instanceof CRL) newCrls.add((CRL) o);
}
crlStore = new JcaCRLStore(newCrls);
}
cmsSignedData =
CMSSignedData.replaceCertificatesAndCRLs(
cmsSignedData, certStore, cmsSignedData.getAttributeCertificates(), crlStore);
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
}
public CMSSignedDataWrapper(CMSSignedData cmsSignedData) {
try {
this.cmsSignedData = cmsSignedData;
parseCms();
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
}
public TimestampToken getContentTimestamp() {
try {
return SignedAttributesHelper.getContentTimestamp(firstSignerInfo.getSignedAttributes());
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
public byte[] getEncoded() {
try {
return cmsSignedData.getEncoded();
} catch (IOException e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
// OCSP responses found as signed ID_ADBE_REVOCATION attribute
public Set<OCSPResponse> getSignedOCSPResponses() {
try {
AttributeTable table = firstSignerInfo.getSignedAttributes();
return SignedAttributesHelper.getSignedOCSPResponses(table);
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
// CRLS found as signed ID_ADBE_REVOCATION attribute
public Collection<CRL> getSignedCRLs() {
try {
AttributeTable table = firstSignerInfo.getSignedAttributes();
return SignedAttributesHelper.getSignedCRLs(table);
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
// unsigned OCSPs at the root of CMS structure (outside signerInfos)
public Set<OCSPResponse> getUnsignedOCSPResponses() {
try {
// FIXME : really fetch those values !
Set<OCSPResponse> ocspResponses = new HashSet<OCSPResponse>();
return ocspResponses;
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
public Set<OCSPResponse> getOCSPResponses() {
try {
Set<OCSPResponse> ocspResponses = getUnsignedOCSPResponses();
ocspResponses.addAll(getSignedOCSPResponses());
return ocspResponses;
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
public Collection<CRL> getCRLs() {
Collection<CRL> crls = new HashSet<CRL>();
try {
crls.addAll(getUnsignedCRLs());
crls.addAll(getSignedCRLs());
return crls;
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return crls;
}
public List<TimestampToken> getSignatureTimestamps() {
if (signatureTimeStamps == null) {
try {
signatureTimeStamps =
UnsignedAttributesHelper.getSignatureTimestamps(
firstSignerInfo.getUnsignedAttributes());
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
}
return signatureTimeStamps;
}
public CertStore getSignatureCRLStore() {
try {
CertStore crlStore =
CertStore.getInstance(
"Collection",
new CollectionCertStoreParameters(getCRLs()),
BouncyCastleProvider.PROVIDER_NAME);
return crlStore;
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
public void appendSignatureTimeStamp(byte[] timeStampTokenBytes) {
try {
AttributeTable at = firstSignerInfo.getUnsignedAttributes();
firstSignerInfo =
SignerInformation.replaceUnsignedAttributes(
firstSignerInfo, appendTimestampAttribute(timeStampTokenBytes, at));
Collection<SignerInformation> signers = new ArrayList<SignerInformation>(1);
signers.add(firstSignerInfo);
SignerInformationStore sis = new SignerInformationStore(signers);
cmsSignedData = CMSSignedData.replaceSigners(cmsSignedData, sis);
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
}
// unsigned CRLs at the root of CMS structure (outside signerInfos)
public Collection<CRL> getUnsignedCRLs() {
try {
Collection<CertificateList> crlCollection = cmsSignedData.getCRLs().getMatches(null);
// Then we need to "cast" from bouncycastle.CertificateList to java.CRL
Collection<CRL> x509CrlsCollection = new HashSet<CRL>(crlCollection.size());
for (CertificateList certList : crlCollection) {
x509CrlsCollection.add(
CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME)
.generateCRL(new ByteArrayInputStream(certList.getEncoded())));
}
return x509CrlsCollection;
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
public List<Certificate> getSignatureCertificateInfo() {
try {
Store certificateStore = cmsSignedData.getCertificates();
Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(null);
List<Certificate> x509CertsCollection =
new ArrayList<Certificate>(certificateCollection.size());
for (X509CertificateHolder certHolder : certificateCollection) {
x509CertsCollection.add(
CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME)
.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded())));
}
return x509CertsCollection;
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
return null;
}
protected static AttributeTable appendTimestampAttribute(
byte[] timeStampTokenBytes, AttributeTable attributeTable) {
Hashtable unsignedAttributesHT;
if (attributeTable == null) {
unsignedAttributesHT = new Hashtable();
} else {
unsignedAttributesHT = attributeTable.toHashtable();
}
try {
UnsignedAttributesHelper.addTimestampAttribute(unsignedAttributesHT, timeStampTokenBytes);
} catch (Exception e) {
ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
}
attributeTable = new AttributeTable(unsignedAttributesHT);
return attributeTable;
}
