private boolean handleCrlEncoded(ArrayList<DEROctetString> crlHashesList, byte[] crlHolderEncoded) { final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, crlHolderEncoded); final DEROctetString derOctetStringDigest = new DEROctetString(digest); return crlHashesList.remove(derOctetStringDigest); }
@Override public int uniqueId() { final byte[] digest = DSSUtils.digest(DigestAlgorithm.SHA1, cms); return bytesToInt(digest); }
@Override public String getUniqueId(final byte[] digestValue) { final byte[] digest = DSSUtils.digest(DigestAlgorithm.MD5, digestValue, tspNonceSource.getNonce().toByteArray()); return DSSUtils.encodeHexString(digest); }
/** * return a unique id for a date and the certificateToken id. * * @param signingTime * @param id * @return */ public static String getDeterministicId(final Date signingTime, final int id) { final Calendar calendar = Calendar.getInstance(); calendar.setTimeZone(TimeZone.getTimeZone("Z")); Date signingTime_ = signingTime; if (signingTime_ == null) { signingTime_ = deterministicDate; } calendar.setTime(signingTime_); final Date time = calendar.getTime(); final long milliseconds = time.getTime(); final long droppedMillis = 1000 * (milliseconds / 1000); final byte[] timeBytes = Long.toString(droppedMillis).getBytes(); final ByteBuffer byteBuffer = ByteBuffer.allocate(4); byteBuffer.putInt(id); final byte[] certificateBytes = byteBuffer.array(); final byte[] digestValue = DSSUtils.digest(DigestAlgorithm.MD5, timeBytes, certificateBytes); final String deterministicId = "id-" + toHex(digestValue); return deterministicId; }
@Override public String getDigest(final DigestAlgorithm digestAlgorithm) { final byte[] digestBytes = DSSUtils.digest(digestAlgorithm, getBytes()); final String base64Encode = DSSUtils.base64Encode(digestBytes); return base64Encode; } }
/** * Returns the encoded base 64 digest value of the certificate for a given algorithm. Can return null if the * algorithm is unknown. * * @param digestAlgorithm * @return */ public String getDigestValue(final DigestAlgorithm digestAlgorithm) { if (digests == null) { digests = new HashMap<DigestAlgorithm, String>(); } String encodedDigest = digests.get(digestAlgorithm); if (encodedDigest == null) { final byte[] digest = DSSUtils.digest(digestAlgorithm, DSSUtils.getEncoded(x509Certificate)); encodedDigest = DSSUtils.base64Encode(digest); digests.put(digestAlgorithm, encodedDigest); } return encodedDigest; }
@Override public String getDigest(final DigestAlgorithm digestAlgorithm) { final byte[] digestBytes = DSSUtils.digest(digestAlgorithm, getBytes()); final String base64Encode = DSSUtils.base64Encode(digestBytes); return base64Encode; }
private void digestAndAddToList(ASN1EncodableVector crlsHashIndex, byte[] encoded) { final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding to crlsHashIndex with hash {}", DSSUtils.encodeHexString(digest)); } final DEROctetString derOctetStringDigest = new DEROctetString(digest); crlsHashIndex.add(derOctetStringDigest); }
private DEROctetString getAttributeDerOctetStringHash(Attribute attribute) throws DSSException { final byte[] attributeEncoded = DSSASN1Utils.getDEREncoded(attribute); final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, attributeEncoded); return new DEROctetString(digest); }
@Override public String getDigest(final DigestAlgorithm digestAlgorithm) { final byte[] digestBytes = DSSUtils.digest(digestAlgorithm, getBytes()); final String base64Encode = DSSUtils.base64Encode(digestBytes); return base64Encode; }
public TimestampReference(final String signatureId) { if (signatureId == null) { throw new DSSNullException(String.class, "signatureId"); } this.signatureId = signatureId; this.digestAlgorithm = DigestAlgorithm.SHA1.name(); this.digestValue = DSSUtils.base64Encode(DSSUtils.digest(DigestAlgorithm.SHA1, signatureId.getBytes())); this.category = TimestampReferenceCategory.SIGNATURE; }
private void handleRevocationEncoded(ArrayList<DEROctetString> crlHashesList, byte[] ocspHolderEncoded) { final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, ocspHolderEncoded); final DEROctetString derOctetStringDigest = new DEROctetString(digest); if (crlHashesList.remove(derOctetStringDigest)) { // attribute present in signature and in timestamp if (LOG.isDebugEnabled()) { LOG.debug("CRL/OCSP present in timestamp {}", DSSUtils.toHex(derOctetStringDigest.getOctets())); } } else { if (LOG.isDebugEnabled()) { LOG.debug("CRL/OCSP not present in timestamp {}", DSSUtils.toHex(derOctetStringDigest.getOctets())); } } }
@Override public String getDigest(final DigestAlgorithm digestAlgorithm) { final InputStream inputStream = openStream(); final byte[] digestBytes = DSSUtils.digest(digestAlgorithm, inputStream); DSSUtils.closeQuietly(inputStream); final String base64Encode = DSSUtils.base64Encode(digestBytes); return base64Encode; } }
public byte[] getArchiveTimestampDataV3(SignerInformation signerInformation, Attribute atsHashIndexAttribute, byte[] originalDocument, DigestAlgorithm digestAlgorithm) throws DSSException { final CMSSignedData cmsSignedData = cadesSignature.getCmsSignedData(); final byte[] encodedContentType = getEncodedContentType(cmsSignedData); // OID final byte[] signedDataDigest = DSSUtils.digest(digestAlgorithm, originalDocument); final byte[] encodedFields = geSignedFields(signerInformation); final byte[] encodedAtsHashIndex = DSSASN1Utils.getDEREncoded(atsHashIndexAttribute.getAttrValues().getObjectAt(0)); /** The input for the archive-time-stamp-v3’s message imprint computation shall be the concatenation (in the * order shown by the list below) of the signed data hash (see bullet 2 below) and certain fields in their binary encoded * form without any modification and including the tag, length and value octets: */ final byte[] dataToTimestamp = DSSUtils.concatenate(encodedContentType, signedDataDigest, encodedFields, encodedAtsHashIndex); if (LOG.isDebugEnabled()) { LOG.debug("eContentType={}", DSSUtils.encodeHexString(encodedContentType)); LOG.debug("signedDataDigest={}", DSSUtils.encodeHexString(signedDataDigest)); LOG.debug("encodedFields=see above"); LOG.debug("encodedAtsHashIndex={}", DSSUtils.encodeHexString(encodedAtsHashIndex)); // LOG.debug("Archive Timestamp Data v3 is: {}", DSSUtils.encodeHexString(dataToTimestamp)); } return dataToTimestamp; }
/** * This method incorporate timestamp type object. */ private void incorporateArchiveTimestamp() { final TimestampParameters archiveTimestampParameters = params.getArchiveTimestampParameters(); final String canonicalizationMethod = archiveTimestampParameters.getCanonicalizationMethod(); final byte[] archiveTimestampData = xadesSignature.getArchiveTimestampData(null, canonicalizationMethod); final DigestAlgorithm timestampDigestAlgorithm = archiveTimestampParameters.getDigestAlgorithm(); final byte[] digestBytes = DSSUtils.digest(timestampDigestAlgorithm, archiveTimestampData); createXAdESTimeStampType(TimestampType.ARCHIVE_TIMESTAMP, canonicalizationMethod, digestBytes); } }
public static void saveDocumentIncrementally(SignatureParameters parameters, File signedFile, FileOutputStream fileOutputStream, PDDocument pdDocument) throws DSSException { FileInputStream signedFileInputStream = null; try { signedFileInputStream = new FileInputStream(signedFile); // the document needs to have an ID, if not a ID based on the current system time is used, and then the digest of the signed data is different if (pdDocument.getDocumentId() == null) { final byte[] documentIdBytes = DSSUtils.digest(DigestAlgorithm.MD5, parameters.bLevel().getSigningDate().toString().getBytes()); pdDocument.setDocumentId(DSSUtils.toLong(documentIdBytes)); pdDocument.setDocumentId(0L); } pdDocument.saveIncremental(signedFileInputStream, fileOutputStream); } catch (IOException e) { throw new DSSException(e); } catch (COSVisitorException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(signedFileInputStream); } }
/** * The field certificatesHashIndex is a sequence of octet strings. Each one contains the hash value of one * instance of CertificateChoices within certificates field of the root SignedData. A hash value for * every instance of CertificateChoices, as present at the time when the corresponding archive time-stamp is * requested, shall be included in certificatesHashIndex. No other hash value shall be included in this field. * * @return * @throws eu.europa.ec.markt.dss.exception.DSSException */ private ASN1Sequence getCertificatesHashIndex() throws DSSException { final ASN1EncodableVector certificatesHashIndexVector = new ASN1EncodableVector(); final List<CertificateToken> certificateTokens = cadesSignature.getCertificatesWithinSignatureAndTimestamps(); for (final CertificateToken certificateToken : certificateTokens) { final byte[] encodedCertificate = certificateToken.getEncoded(); final byte[] digest = DSSUtils.digest(hashIndexDigestAlgorithm, encodedCertificate); if (LOG.isDebugEnabled()) { LOG.debug("Adding to CertificatesHashIndex DSS-Identifier: {} with hash {}", certificateToken.getDSSId(), DSSUtils.encodeHexString(digest)); } final DEROctetString derOctetStringDigest = new DEROctetString(digest); certificatesHashIndexVector.add(derOctetStringDigest); } return new DERSequence(certificatesHashIndexVector); }
/** * Adds the ArchiveTimeStamp element which is an unsigned property qualifying the signature. The hash sent to the TSA * (messageImprint) is computed on the XAdES-X-L form of the electronic signature and the signed data objects.<br> * <p/> * A XAdES-A form MAY contain several ArchiveTimeStamp elements. * * @see XAdESLevelXL#extendSignatureTag() */ @Override protected void extendSignatureTag() throws DSSException { /* Up to -XL */ super.extendSignatureTag(); xadesSignature.checkSignatureIntegrity(); final TimestampParameters archiveTimestampParameters = params.getArchiveTimestampParameters(); final String canonicalizationMethod = archiveTimestampParameters.getCanonicalizationMethod(); final byte[] data = xadesSignature.getArchiveTimestampData(null, canonicalizationMethod); final DigestAlgorithm timestampDigestAlgorithm = archiveTimestampParameters.getDigestAlgorithm(); final byte[] digestBytes = DSSUtils.digest(timestampDigestAlgorithm, data); createXAdESTimeStampType(TimestampType.ARCHIVE_TIMESTAMP, canonicalizationMethod, digestBytes); } }
@Override public byte[] post(final String urlString, final byte[] requestBytes, boolean refresh) throws DSSException { final String fileName = ResourceLoader.getNormalizedFileName(urlString); final byte[] digest = DSSUtils.digest(DigestAlgorithm.MD5, requestBytes); final String digestHexEncoded = DSSUtils.toHex(digest); final String cacheFileName = fileName + "." + digestHexEncoded; final byte[] cachedFileContent = getCachedFileContent(cacheFileName, refresh); if (cachedFileContent != null) { return cachedFileContent; } if (!isNetworkProtocol(urlString)) { return getContentUsingNotNetworkProtocol(urlString); } final byte[] returnedBytes = super.post(urlString, requestBytes); if (returnedBytes.length != 0) { final File cacheFile = getCacheFile(cacheFileName); DSSUtils.saveToFile(returnedBytes, cacheFile); } return returnedBytes; }
/** * Extends the signature to a desired level. This method is overridden by other profiles.<br> * For -T profile adds the SignatureTimeStamp element which contains a single HashDataInfo element that refers to the * ds:SignatureValue element of the [XMLDSIG] signature. The timestamp token is obtained from TSP source.<br> * Adds <SignatureTimeStamp> segment into <UnsignedSignatureProperties> element. * * @throws eu.europa.ec.markt.dss.exception.DSSException */ protected void extendSignatureTag() throws DSSException { assertExtendSignaturePossible(); // We ensure that all XML segments needed for the construction of the extension -T are present. // If a segment does not exist then it is created. ensureUnsignedProperties(); ensureUnsignedSignatureProperties(); ensureSignedDataObjectProperties(); // The timestamp must be added only if there is no one or the extension -T level is being created if (!xadesSignature.hasTProfile() || XAdES_BASELINE_T.equals(params.getSignatureLevel())) { final TimestampParameters signatureTimestampParameters = params.getSignatureTimestampParameters(); final String canonicalizationMethod = signatureTimestampParameters.getCanonicalizationMethod(); final byte[] canonicalisedValue = xadesSignature.getSignatureTimestampData(null, canonicalizationMethod); final DigestAlgorithm timestampDigestAlgorithm = signatureTimestampParameters.getDigestAlgorithm(); final byte[] digestValue = DSSUtils.digest(timestampDigestAlgorithm, canonicalisedValue); createXAdESTimeStampType(SIGNATURE_TIMESTAMP, canonicalizationMethod, digestValue); } }