public String toString() { return "TimestampParameters{" + ", digestAlgorithm=" + digestAlgorithm.getName() + ", canonicalizationMethod=" + canonicalizationMethod + "}"; } }
private AlgorithmIdentifier getHashIndexDigestAlgorithmIdentifier() { if (OMIT_ALGORITHM_IDENTIFIER_IF_DEFAULT && hashIndexDigestAlgorithm.getOid().equals(DEFAULT_ARCHIVE_TIMESTAMP_HASH_ALGO.getOid())) { return null; } else { return hashIndexDigestAlgorithm.getAlgorithmIdentifier(); } }
private TimestampReference createCertificateTimestampReference(final CertificateToken certificateToken) throws DSSException { usedCertificatesDigestAlgorithms.add(DigestAlgorithm.SHA1); final TimestampReference reference = new TimestampReference(DigestAlgorithm.SHA1.name(), certificateToken.getDigestValue(DigestAlgorithm.SHA1)); return reference; }
private TimestampReference createRevocationTimestampReference(Element element) { String digestAlgorithm = DSSXMLUtils.getNode(element, xPathQueryHolder.XPATH__DIGEST_METHOD_ALGORITHM).getTextContent(); digestAlgorithm = DigestAlgorithm.forXML(digestAlgorithm).getName(); final String digestValue = DSSXMLUtils.getElement(element, xPathQueryHolder.XPATH__DIGEST_VALUE).getTextContent(); final TimestampReference revocationReference = new TimestampReference(digestAlgorithm, digestValue); return revocationReference; }
/** * This method creates * * @param element * @return * @throws eu.europa.ec.markt.dss.exception.DSSException */ private TimestampReference createCertificateTimestampReference(final Element element) throws DSSException { final String xmlDigestAlgorithm = DSSXMLUtils.getNode(element, xPathQueryHolder.XPATH__DIGEST_METHOD_ALGORITHM).getTextContent(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forXML(xmlDigestAlgorithm); usedCertificatesDigestAlgorithms.add(digestAlgorithm); final Element digestValueElement = DSSXMLUtils.getElement(element, xPathQueryHolder.XPATH__DIGEST_VALUE); final String digestValue = (digestValueElement == null) ? "" : digestValueElement.getTextContent(); final TimestampReference reference = new TimestampReference(digestAlgorithm.name(), digestValue); return reference; }
@Override public List<TimestampReference> getTimestampedReferences() { final List<TimestampReference> references = new ArrayList<TimestampReference>(); final List<CertificateRef> certRefs = getCertificateRefs(); for (final CertificateRef certificateRef : certRefs) { final String digestValue = DSSUtils.base64Encode(certificateRef.getDigestValue()); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(certificateRef.getDigestAlgorithm()); usedCertificatesDigestAlgorithms.add(digestAlgorithm); final TimestampReference reference = new TimestampReference(digestAlgorithm.name(), digestValue); references.add(reference); } final List<OCSPRef> ocspRefs = getOCSPRefs(); for (final OCSPRef ocspRef : ocspRefs) { final DigestAlgorithm digestAlgorithm = ocspRef.getDigestAlgorithm(); if (digestAlgorithm == null) { // -444 continue; } final String digestValue = DSSUtils.base64Encode(ocspRef.getDigestValue()); TimestampReference reference = new TimestampReference(digestAlgorithm.getName(), digestValue, TimestampReferenceCategory.REVOCATION); references.add(reference); } final List<CRLRef> crlRefs = getCRLRefs(); for (final CRLRef crlRef : crlRefs) { final String digestValue = DSSUtils.base64Encode(crlRef.getDigestValue()); TimestampReference reference = new TimestampReference(crlRef.getDigestAlgorithm().getName(), digestValue, TimestampReferenceCategory.REVOCATION); references.add(reference); } return references; }
final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(algorithmId); signingCertificateValidity.setDigestAlgorithm(digestAlgorithm); if (digestAlgorithm != lastDigestAlgorithm) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in SigningCertificateV2 {} with algorithm {}", DSSUtils.encodeHexString(certHash), digestAlgorithm.getName());
private void addSigningCertificateAttribute(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) throws DSSException { final DigestAlgorithm digestAlgorithm = parameters.getDigestAlgorithm(); final List<ChainCertificate> chainCertificateList = parameters.getCertificateChain(); final List<ASN1Encodable> signingCertificates = new ArrayList<ASN1Encodable>(); for (final ChainCertificate chainCertificate : chainCertificateList) { if (!chainCertificate.isSignedAttribute()) { continue; } final X509Certificate signingCertificate = chainCertificate.getX509Certificate(); final byte[] encoded = DSSUtils.getEncoded(signingCertificate); final byte[] certHash = DSSUtils.digest(digestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(certHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = DSSUtils.getIssuerSerial(signingCertificate); ASN1Encodable asn1Encodable; if (digestAlgorithm == SHA1) { final ESSCertID essCertID = new ESSCertID(certHash, issuerSerial); asn1Encodable = new SigningCertificate(essCertID); } else { asn1Encodable = new ESSCertIDv2(digestAlgorithm.getAlgorithmIdentifier(), certHash, issuerSerial); } signingCertificates.add(asn1Encodable); } final Attribute attribute = createSigningCertificateAttributes(digestAlgorithm, signingCertificates); signedAttributes.add(attribute); }
@Override public DigestAlgorithm getDigestAlgorithm() { final String digestAlgOID = signerInformation.getDigestAlgOID(); return DigestAlgorithm.forOID(digestAlgOID); }
/** * @param digestAlgorithm * @return * @throws NoSuchAlgorithmException */ public static MessageDigest getMessageDigest(final DigestAlgorithm digestAlgorithm) throws NoSuchAlgorithmException { // TODO-Bob (13/07/2014): To be checked if the default implementation copes with RIPEMD160 // if (digestAlgorithm.equals(DigestAlgorithm.RIPEMD160)) { // // final RIPEMD160Digest digest = new RIPEMD160Digest(); // final byte[] message = certificateToken.getEncoded(); // digest.update(message, 0, message.length); // final byte[] digestValue = new byte[digest.getDigestSize()]; // digest.doFinal(digestValue, 0); // recalculatedBase64DigestValue = DSSUtils.base64BinaryEncode(digestValue); // } else { final String digestAlgorithmOid = digestAlgorithm.getOid().getId(); // System.out.println(">>> " + digestAlgorithmOid); final MessageDigest messageDigest = MessageDigest.getInstance(digestAlgorithmOid); // System.out.println(">>> " + messageDigest.getProvider() + "/" + messageDigest.getClass().getName()); return messageDigest; }
/** * This method returns the {@code DigestAlgorithm} of the first signature. * * @return The {@code DigestAlgorithm} of the first signature */ public DigestAlgorithm getSignatureDigestAlgorithm() { final String signatureDigestAlgorithmName = getValue("/DiagnosticData/Signature[1]/BasicSignature/DigestAlgoUsedToSignThisToken/text()"); final DigestAlgorithm signatureDigestAlgorithm = DigestAlgorithm.forName(signatureDigestAlgorithmName, null); return signatureDigestAlgorithm; }
final AlgorithmIdentifier signPolicyHashAlgIdentifier = AlgorithmIdentifier.getInstance(signPolicyHashAlgObject); final String signPolicyHashAlgOID = signPolicyHashAlgIdentifier.getAlgorithm().getId(); signPolicyHashAlgFromPolicy = DigestAlgorithm.forOID(signPolicyHashAlgOID); if (!signPolicyHashAlgFromPolicy.equals(signPolicyHashAlgFromSignature)) {
@Override public List<CertificateRef> getCertificateRefs() { Element signingCertEl = DSSXMLUtils.getElement(signatureElement, xPathQueryHolder.XPATH_CERT_REFS); if (signingCertEl == null) { return null; } List<CertificateRef> certIds = new ArrayList<CertificateRef>(); NodeList certIdnodes = DSSXMLUtils.getNodeList(signingCertEl, "./xades:Cert"); for (int i = 0; i < certIdnodes.getLength(); i++) { Element certId = (Element) certIdnodes.item(i); Element issuerNameEl = DSSXMLUtils.getElement(certId, xPathQueryHolder.XPATH__X509_ISSUER_NAME); Element issuerSerialEl = DSSXMLUtils.getElement(certId, xPathQueryHolder.XPATH__X509_SERIAL_NUMBER); Element digestAlgorithmEl = DSSXMLUtils.getElement(certId, xPathQueryHolder.XPATH__CERT_DIGEST_DIGEST_METHOD); Element digestValueEl = DSSXMLUtils.getElement(certId, xPathQueryHolder.XPATH__CERT_DIGEST_DIGEST_VALUE); CertificateRef genericCertId = new CertificateRef(); if (issuerNameEl != null && issuerSerialEl != null) { genericCertId.setIssuerName(issuerNameEl.getTextContent()); genericCertId.setIssuerSerial(issuerSerialEl.getTextContent()); } String xmlName = digestAlgorithmEl.getAttribute(XMLE_ALGORITHM); genericCertId.setDigestAlgorithm(DigestAlgorithm.forXML(xmlName).getName()); genericCertId.setDigestValue(DSSUtils.base64Decode(digestValueEl.getTextContent())); certIds.add(genericCertId); } return certIds; }
/** * Returns the digest algorithm associated to the given OID. * * @param oid * @return */ public static DigestAlgorithm forOID(final String oid) { ASN1ObjectIdentifier asn1ObjectIdentifier = new ASN1ObjectIdentifier(oid); final DigestAlgorithm algorithm = forOID(asn1ObjectIdentifier); return algorithm; }
/** * Setup the time stamp request * * @param digestAlgorithm {@code DigestAlgorithm} used to generate the message imprint * @param digest digest value as byte array * @return array of bytes representing the {@code TimeStampRequest} * @throws DSSException */ private byte[] generateTimestampRequest(final DigestAlgorithm digestAlgorithm, final byte[] digest) throws DSSException { final TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); tsqGenerator.setCertReq(certReq); if (reqPolicyOid != null) { tsqGenerator.setReqPolicy(reqPolicyOid); } final ASN1ObjectIdentifier asn1ObjectIdentifier = digestAlgorithm.getOid(); final BigInteger nonce = getNonce(); final TimeStampRequest request = tsqGenerator.generate(asn1ObjectIdentifier, digest, nonce); return DSSUtils.getEncoded(request); }
/** * This method returns the {@code DigestAlgorithm} for the given signature. * * @param signatureId The identifier of the signature, for which the algorithm is sought. * @return The {@code DigestAlgorithm} for the given signature */ public DigestAlgorithm getSignatureDigestAlgorithm(final String signatureId) { final String signatureDigestAlgorithmName = getValue("/DiagnosticData/Signature[@Id='%s']/BasicSignature/DigestAlgoUsedToSignThisToken/text()", signatureId); final DigestAlgorithm signatureDigestAlgorithm = DigestAlgorithm.forName(signatureDigestAlgorithmName); return signatureDigestAlgorithm; }
@Override public String toString() { return "DSSReference{" + "id='" + id + '\'' + ", uri='" + uri + '\'' + ", type='" + type + '\'' + ", digestMethod='" + (digestMethod != null ? digestMethod.getName() : digestMethod) + '\'' + ", contents=" + (contents != null ? contents.toString() : contents) + ", transforms=" + transforms + '}'; } }
private TimestampReference createCertificateTimestampReference(final DigestAlgorithm digestAlgorithm, final byte[] certHash) { final TimestampReference reference = new TimestampReference(digestAlgorithm.name(), DSSUtils.base64Encode(certHash)); return reference; }
/** * The default constructor for OCSPRef. */ public OCSPRef(final OtherHash otherHash, final boolean matchOnlyBasicOCSPResponse) { if (otherHash != null) { // -444 this.digestAlgorithm = DigestAlgorithm.forOID(otherHash.getHashAlgorithm().getAlgorithm()); this.digestValue = otherHash.getHashValue(); } this.matchOnlyBasicOCSPResponse = matchOnlyBasicOCSPResponse; }
private void addSignaturePolicyId(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) { Policy policy = parameters.bLevel().getSignaturePolicy(); if (policy != null && policy.getId() != null) { final String policyId = policy.getId(); SignaturePolicyIdentifier sigPolicy = null; if (!"".equals(policyId)) { // explicit final ASN1ObjectIdentifier derOIPolicyId = new ASN1ObjectIdentifier(policyId); final ASN1ObjectIdentifier oid = policy.getDigestAlgorithm().getOid(); final AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(oid); OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, new DEROctetString(policy.getDigestValue())); sigPolicy = new SignaturePolicyIdentifier(new SignaturePolicyId(derOIPolicyId, otherHashAlgAndValue)); } else {// implicit sigPolicy = new SignaturePolicyIdentifier(); } final DERSet attrValues = new DERSet(sigPolicy); final Attribute attribute = new Attribute(id_aa_ets_sigPolicyId, attrValues); signedAttributes.add(attribute); } }