org.bouncycastle.asn1.ASN1Object Java Examples

private PublicKey getPublicKey(P11ObjectIdentifier objectId)
    throws P11UnknownEntityException, P11TokenException {
  ASN1Object req =
      new ProxyMessage.SlotIdAndObjectId(asn1SlotId, new ProxyMessage.ObjectIdentifier(objectId));
  byte[] resp = module.send(P11ProxyConstants.ACTION_GET_PUBLICKEY, req);
  if (resp == null) {
    return null;
  }

  SubjectPublicKeyInfo pkInfo = SubjectPublicKeyInfo.getInstance(resp);
  try {
    return KeyUtil.generatePublicKey(pkInfo);
  } catch (InvalidKeySpecException ex) {
    throw new P11TokenException("could not generate Public Key from SubjectPublicKeyInfo:"
        + ex.getMessage(), ex);
  }
}
 

private CertificateSignRequest.Builder addAltName(int tag, String name) {
  if (altNames == null) {
    altNames = new ArrayList<>();
  }
  if (tag == GeneralName.otherName) {
    ASN1Object ono = addOtherNameAsn1Object(name);

    altNames.add(new GeneralName(tag, ono));
  } else {
    altNames.add(new GeneralName(tag, name));
  }
  return this;
}
 

/**
 * addOtherNameAsn1Object requires special handling since
 * Bouncy Castle does not support othername as string.
 * @param name
 * @return
 */
private ASN1Object addOtherNameAsn1Object(String name) {
  // Below oid is copied from this URL:
  // https://docs.microsoft.com/en-us/windows/win32/adschema/a-middlename
  final String otherNameOID = "2.16.840.1.113730.3.1.34";
  ASN1EncodableVector otherName = new ASN1EncodableVector();
  otherName.add(new ASN1ObjectIdentifier(otherNameOID));
  otherName.add(new DERTaggedObject(
      true, GeneralName.otherName, new DERUTF8String(name)));
  return new DERTaggedObject(
      false, 0, new DERSequence(otherName));
}
 

@Override
public boolean equals(Object paramObject) {

	if (paramObject == null) {
		return false;
	}

	try {
		return Arrays.equals(((ASN1Object) paramObject).getEncoded(), getEncoded());
	} catch (Exception e) {
		// ignore
	}
	return false;
}
 

public static BigInteger getCrlNumber(X509CRL crl) throws IOException
{
    byte[] crlNumEnc = crl.getExtensionValue(X509Extension.cRLNumber.getId());
    BigInteger crlNum = null;
    // XAdES 7.4.2: "The 'number' element is an optional hint ..."
    if (crlNumEnc != null)
    {
        ASN1Object derCrlNum = X509ExtensionUtil.fromExtensionValue(crlNumEnc);
        crlNum = CRLNumber.getInstance(derCrlNum).getCRLNumber();
    }
    return crlNum;
}
 

private X509Cert getCertificate(P11ObjectIdentifier objectId) throws P11TokenException {
  ASN1Object req =
      new ProxyMessage.SlotIdAndObjectId(asn1SlotId, new ProxyMessage.ObjectIdentifier(objectId));
  byte[] resp = module.send(P11ProxyConstants.ACTION_GET_CERT, req);
  if (resp == null) {
    return null;
  }

  try {
    return X509Util.parseCert(resp);
  } catch (CertificateException ex) {
    throw new P11TokenException("could not parse certificate:" + ex.getMessage(), ex);
  }
}
 

private static byte[] getSuccessResp(short version, byte[] transactionId, short action,
    ASN1Object respContent) {
  byte[] encoded;
  try {
    encoded = respContent.getEncoded();
  } catch (IOException ex) {
    LogUtil.error(LOG, ex, "could not encode response ASN1Object");
    return getResp(version, transactionId, P11ProxyConstants.RC_INTERNAL_ERROR, action);
  }
  return getSuccessResp(version, transactionId, action, encoded);
}
 

protected ASN1Object getTimeStampAttributeValue(byte[] message, CAdESSignatureParameters parameters) {
	final DigestAlgorithm timestampDigestAlgorithm = parameters.getSignatureTimestampParameters().getDigestAlgorithm();
	return getTimeStampAttributeValue(message, timestampDigestAlgorithm);
}
 

public ASN1Object getTimeStampAttributeValue(final byte[] messageToTimestamp, final DigestAlgorithm timestampDigestAlgorithm,
		final Attribute... attributesForTimestampToken) {
	try {

		if (LOG.isDebugEnabled()) {
			LOG.debug("Message to timestamp is: {}", Utils.toHex(messageToTimestamp));
		}
		byte[] timestampDigest = DSSUtils.digest(timestampDigestAlgorithm, messageToTimestamp);
		if (LOG.isDebugEnabled()) {
			LOG.debug("Digested ({}) message to timestamp is {}", timestampDigestAlgorithm, Utils.toHex(timestampDigest));
		}

		final TimestampBinary timeStampToken = tspSource.getTimeStampResponse(timestampDigestAlgorithm, timestampDigest);
		CMSSignedData cmsSignedDataTimeStampToken = new CMSSignedData(timeStampToken.getBytes());

		// TODO (27/08/2014): attributesForTimestampToken cannot be null: to be modified
		if (attributesForTimestampToken != null) {
			// timeStampToken contains one and only one signer
			final SignerInformation signerInformation = cmsSignedDataTimeStampToken.getSignerInfos().getSigners().iterator().next();
			AttributeTable unsignedAttributes = CMSUtils.getUnsignedAttributes(signerInformation);
			for (final Attribute attributeToAdd : attributesForTimestampToken) {
				final ASN1ObjectIdentifier attrType = attributeToAdd.getAttrType();
				final ASN1Encodable objectAt = attributeToAdd.getAttrValues().getObjectAt(0);
				unsignedAttributes = unsignedAttributes.add(attrType, objectAt);
			}
			// Unsigned attributes cannot be empty (RFC 5652 5.3)
			if (unsignedAttributes.size() == 0) {
				unsignedAttributes = null;
			}
			final SignerInformation newSignerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes);
			final List<SignerInformation> signerInformationList = new ArrayList<>();
			signerInformationList.add(newSignerInformation);
			final SignerInformationStore newSignerStore = new SignerInformationStore(signerInformationList);
			cmsSignedDataTimeStampToken = CMSSignedData.replaceSigners(cmsSignedDataTimeStampToken, newSignerStore);
		}
		final byte[] newTimeStampTokenBytes = cmsSignedDataTimeStampToken.getEncoded();
		return DSSASN1Utils.toASN1Primitive(newTimeStampTokenBytes);
	} catch (IOException | CMSException e) {
		throw new DSSException("Cannot obtain timestamp attribute value.", e);
	}

}
 

private AttributeTable addSignatureTimestampAttribute(SignerInformation signerInformation, AttributeTable unsignedAttributes,
		CAdESSignatureParameters parameters) {
	ASN1Object signatureTimeStamp = getTimeStampAttributeValue(signerInformation.getSignature(), parameters);
	return unsignedAttributes.add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, signatureTimeStamp);
}
 

/**
 * The input for the archive-time-stamp-v3’s message imprint computation shall be the concatenation (in the
 * order shown by the list below) of the signed data hash (see bullet 2 below) and certain fields in their binary
 * encoded
 * form without any modification and including the tag, length and value octets:
 * <ol>
 * <li>The SignedData.encapContentInfo.eContentType.
 * <li>The octets representing the hash of the signed data. The hash is computed on the same content that was used
 * for computing the hash value that is encapsulated within the message-digest signed attribute of the
 * CAdES signature being archive-time-stamped. The hash algorithm applied shall be the same as the hash
 * algorithm used for computing the archive time-stamp’s message imprint. The inclusion of the hash algorithm
 * in the SignedData.digestAlgorithms set is recommended.
 * <li>Fields version, sid, digestAlgorithm, signedAttrs, signatureAlgorithm, and
 * signature within the SignedData.signerInfos’s item corresponding to the signature being archive
 * time-stamped, in their order of appearance.
 * <li>A single instance of ATSHashIndex type (created as specified in clause 6.4.2).
 * </ol>
 *
 * @param cadesSignature
 * @param signerInformation
 * @param parameters
 * @param unsignedAttributes
 */
private AttributeTable addArchiveTimestampV3Attribute(CAdESSignature cadesSignature, SignerInformation signerInformation,
		CAdESSignatureParameters parameters, AttributeTable unsignedAttributes) {

	final CadesLevelBaselineLTATimestampExtractor timestampExtractor = new CadesLevelBaselineLTATimestampExtractor(cadesSignature);
	final DigestAlgorithm timestampDigestAlgorithm = parameters.getArchiveTimestampParameters().getDigestAlgorithm();
	byte[] originalDocumentDigest = Utils.fromBase64(cadesSignature.getOriginalDocument().getDigest(timestampDigestAlgorithm));

	ASN1ObjectIdentifier atsHashIndexTableIdentifier = getAtsHashIndexTableIdentifier(parameters);
	final Attribute atsHashIndexAttribute = timestampExtractor.getAtsHashIndex(signerInformation, timestampDigestAlgorithm, atsHashIndexTableIdentifier);

	final byte[] encodedToTimestamp = timestampExtractor.getArchiveTimestampDataV3(signerInformation, atsHashIndexAttribute, originalDocumentDigest);

	final ASN1Object timeStampAttributeValue = getTimeStampAttributeValue(encodedToTimestamp, timestampDigestAlgorithm,
			atsHashIndexAttribute);

	return unsignedAttributes.add(OID.id_aa_ets_archiveTimestampV3, timeStampAttributeValue);
}
 

@Override
protected void removeIdentity0(P11IdentityId identityId) throws P11TokenException {
  ASN1Object req =  new ProxyMessage.SlotIdAndObjectId(asn1SlotId,
      new ProxyMessage.ObjectIdentifier(identityId.getKeyId()));
  module.send(P11ProxyConstants.ACTION_REMOVE_IDENTITY, req);
}
 

@Override
protected void removeCerts0(P11ObjectIdentifier objectId) throws P11TokenException {
  ASN1Object req =
      new ProxyMessage.SlotIdAndObjectId(asn1SlotId, new ProxyMessage.ObjectIdentifier(objectId));
  module.send(P11ProxyConstants.ACTION_REMOVE_CERTS, req);
}
 

/**
 * A content time-stamp allows a time-stamp token of the data to be signed to be incorporated into the signed
 * information.
 * It provides proof of the existence of the data before the signature was created.
 *
 * A content time-stamp attribute is the time-stamp token of the signed data content before it is signed.
 * This attribute is a signed attribute.
 * Its object identifier is :
 * id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
 * smime(16) id-aa(2) 20}
 *
 * Content time-stamp attribute values have ASN.1 type ContentTimestamp:
 * ContentTimestamp ::= TimeStampToken
 *
 * The value of messageImprint of TimeStampToken (as described in RFC 3161) is the hash of the message digest as
 * defined in
 * ETSI standard 101733 v.2.2.1, clause 5.6.1.
 *
 * NOTE: content-time-stamp indicates that the signed information was formed before the date included in the
 * content-time-stamp.
 * NOTE (bis): There is a small difference in treatment between the content-time-stamp and the archive-timestamp
 * (ATSv2) when the signature
 * is attached. In that case, the content-time-stamp is computed on the raw data (without ASN.1 tag and length)
 * whereas the archive-timestamp
 * is computed on data as read.
 *
 * @param parameters
 * @param signedAttributes
 * @return
 */
private void addContentTimestamps(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) {

	if (Utils.isCollectionNotEmpty(parameters.getContentTimestamps())) {

		final List<TimestampToken> contentTimestamps = parameters.getContentTimestamps();
		for (final TimestampToken contentTimestamp : contentTimestamps) {

			final ASN1Object asn1Object = DSSASN1Utils.toASN1Primitive(contentTimestamp.getEncoded());
			final DERSet attrValues = new DERSet(asn1Object);
			final Attribute attribute = new Attribute(id_aa_ets_contentTimestamp, attrValues);
			signedAttributes.add(attribute);
		}
	}
}