// adds unsigned certs & revocation infos (CRL or OCSP) to existing certs & revocation info list
  // ('certificates' and 'crls' CMS fields)
  public void appendValidationValues(Collection certificateValues, Collection revocationValues) {
    try {
      Store certStore = cmsSignedData.getCertificates();
      Store crlStore = cmsSignedData.getCRLs();

      if (certificateValues != null && !certificateValues.isEmpty()) {
        Collection<Certificate> existingCerts = getSignatureCertificateInfo();
        Set<Certificate> newCerts =
            new HashSet<Certificate>(existingCerts); // 'Set' to avoid duplicates
        newCerts.addAll(certificateValues);
        certStore = new JcaCertStore(newCerts);
      }

      if (revocationValues != null && !revocationValues.isEmpty()) {
        Collection<CRL> existingCrls = getUnsignedCRLs();
        Set<CRL> newCrls = new HashSet<CRL>(existingCrls); // 'Set' to avoid duplicates
        // FIXME : also add OCSP info (use OtherRevocationInfoFormat of RevocationInfoChoices, see
        // RFC 3852)
        for (Object o : revocationValues) {
          if (o instanceof CRL) newCrls.add((CRL) o);
        }
        crlStore = new JcaCRLStore(newCrls);
      }

      cmsSignedData =
          CMSSignedData.replaceCertificatesAndCRLs(
              cmsSignedData, certStore, cmsSignedData.getAttributeCertificates(), crlStore);
    } catch (Exception e) {
      ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
    }
  }
 public CMSSignedDataWrapper(CMSSignedData cmsSignedData) {
   try {
     this.cmsSignedData = cmsSignedData;
     parseCms();
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
 }
 public TimestampToken getContentTimestamp() {
   try {
     return SignedAttributesHelper.getContentTimestamp(firstSignerInfo.getSignedAttributes());
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
 public byte[] getEncoded() {
   try {
     return cmsSignedData.getEncoded();
   } catch (IOException e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
 // OCSP responses found as signed ID_ADBE_REVOCATION attribute
 public Set<OCSPResponse> getSignedOCSPResponses() {
   try {
     AttributeTable table = firstSignerInfo.getSignedAttributes();
     return SignedAttributesHelper.getSignedOCSPResponses(table);
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
 // CRLS found as signed ID_ADBE_REVOCATION attribute
 public Collection<CRL> getSignedCRLs() {
   try {
     AttributeTable table = firstSignerInfo.getSignedAttributes();
     return SignedAttributesHelper.getSignedCRLs(table);
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
 // unsigned OCSPs at the root of CMS structure (outside signerInfos)
 public Set<OCSPResponse> getUnsignedOCSPResponses() {
   try {
     // FIXME : really fetch those values !
     Set<OCSPResponse> ocspResponses = new HashSet<OCSPResponse>();
     return ocspResponses;
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
 public Set<OCSPResponse> getOCSPResponses() {
   try {
     Set<OCSPResponse> ocspResponses = getUnsignedOCSPResponses();
     ocspResponses.addAll(getSignedOCSPResponses());
     return ocspResponses;
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
 public Collection<CRL> getCRLs() {
   Collection<CRL> crls = new HashSet<CRL>();
   try {
     crls.addAll(getUnsignedCRLs());
     crls.addAll(getSignedCRLs());
     return crls;
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return crls;
 }
 public List<TimestampToken> getSignatureTimestamps() {
   if (signatureTimeStamps == null) {
     try {
       signatureTimeStamps =
           UnsignedAttributesHelper.getSignatureTimestamps(
               firstSignerInfo.getUnsignedAttributes());
     } catch (Exception e) {
       ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
     }
   }
   return signatureTimeStamps;
 }
 public CertStore getSignatureCRLStore() {
   try {
     CertStore crlStore =
         CertStore.getInstance(
             "Collection",
             new CollectionCertStoreParameters(getCRLs()),
             BouncyCastleProvider.PROVIDER_NAME);
     return crlStore;
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
 public void appendSignatureTimeStamp(byte[] timeStampTokenBytes) {
   try {
     AttributeTable at = firstSignerInfo.getUnsignedAttributes();
     firstSignerInfo =
         SignerInformation.replaceUnsignedAttributes(
             firstSignerInfo, appendTimestampAttribute(timeStampTokenBytes, at));
     Collection<SignerInformation> signers = new ArrayList<SignerInformation>(1);
     signers.add(firstSignerInfo);
     SignerInformationStore sis = new SignerInformationStore(signers);
     cmsSignedData = CMSSignedData.replaceSigners(cmsSignedData, sis);
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
 }
  // unsigned CRLs at the root of CMS structure (outside signerInfos)
  public Collection<CRL> getUnsignedCRLs() {
    try {
      Collection<CertificateList> crlCollection = cmsSignedData.getCRLs().getMatches(null);

      // Then we need to "cast" from bouncycastle.CertificateList to java.CRL
      Collection<CRL> x509CrlsCollection = new HashSet<CRL>(crlCollection.size());
      for (CertificateList certList : crlCollection) {
        x509CrlsCollection.add(
            CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME)
                .generateCRL(new ByteArrayInputStream(certList.getEncoded())));
      }
      return x509CrlsCollection;
    } catch (Exception e) {
      ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
    }
    return null;
  }
 public List<Certificate> getSignatureCertificateInfo() {
   try {
     Store certificateStore = cmsSignedData.getCertificates();
     Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(null);
     List<Certificate> x509CertsCollection =
         new ArrayList<Certificate>(certificateCollection.size());
     for (X509CertificateHolder certHolder : certificateCollection) {
       x509CertsCollection.add(
           CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME)
               .generateCertificate(new ByteArrayInputStream(certHolder.getEncoded())));
     }
     return x509CertsCollection;
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
  protected static AttributeTable appendTimestampAttribute(
      byte[] timeStampTokenBytes, AttributeTable attributeTable) {
    Hashtable unsignedAttributesHT;
    if (attributeTable == null) {
      unsignedAttributesHT = new Hashtable();
    } else {
      unsignedAttributesHT = attributeTable.toHashtable();
    }

    try {
      UnsignedAttributesHelper.addTimestampAttribute(unsignedAttributesHT, timeStampTokenBytes);
    } catch (Exception e) {
      ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
    }
    attributeTable = new AttributeTable(unsignedAttributesHT);
    return attributeTable;
  }