public String toString() { return "TimestampParameters{" + ", digestAlgorithm=" + digestAlgorithm.getName() + ", canonicalizationMethod=" + canonicalizationMethod + "}"; } }
@Override public String toString() { return "DSSReference{" + "id='" + id + '\'' + ", uri='" + uri + '\'' + ", type='" + type + '\'' + ", digestMethod='" + (digestMethod != null ? digestMethod.getName() : digestMethod) + '\'' + ", contents=" + (contents != null ? contents.toString() : contents) + ", transforms=" + transforms + '}'; } }
private static void traceTimestampRequest(final DigestAlgorithm digestAlgorithm, final byte[] digest) { if (LOG.isTraceEnabled()) { LOG.trace("Timestamp digest algorithm: " + digestAlgorithm.getName()); LOG.trace("Timestamp digest value : " + DSSUtils.toHex(digest)); } }
@Override public String toString() { return "DSSReference{" + "id='" + id + '\'' + ", uri='" + uri + '\'' + ", type='" + type + '\'' + ", digestMethod='" + (digestMethod != null ? digestMethod.getName() : digestMethod) + '\'' + ", contents=" + (contents != null ? contents.toString() : contents) + ", transforms=" + transforms + '}'; } }
/** * For given encryption algorithm & digest algorithm this function returns the signature algorithm. * * @param encryptionAlgorithm * @param digestAlgorithm * @return */ public static SignatureAlgorithm getAlgorithm(final EncryptionAlgorithm encryptionAlgorithm, final DigestAlgorithm digestAlgorithm) { String digestAlgorithm_ = digestAlgorithm.getName(); digestAlgorithm_ = digestAlgorithm_.replace("-", ""); final String javaName = digestAlgorithm_ + "with" + encryptionAlgorithm.getName(); return JAVA_ALGORITHMS.get(javaName); }
private TimestampReference createRevocationTimestampReference(Element element) { String digestAlgorithm = DSSXMLUtils.getNode(element, xPathQueryHolder.XPATH__DIGEST_METHOD_ALGORITHM).getTextContent(); digestAlgorithm = DigestAlgorithm.forXML(digestAlgorithm).getName(); final String digestValue = DSSXMLUtils.getElement(element, xPathQueryHolder.XPATH__DIGEST_VALUE).getTextContent(); final TimestampReference revocationReference = new TimestampReference(digestAlgorithm, digestValue); return revocationReference; }
@Override public List<CertificateRef> getCertificateRefs() { Element signingCertEl = DSSXMLUtils.getElement(signatureElement, xPathQueryHolder.XPATH_CERT_REFS); if (signingCertEl == null) { return null; } List<CertificateRef> certIds = new ArrayList<CertificateRef>(); NodeList certIdnodes = DSSXMLUtils.getNodeList(signingCertEl, "./xades:Cert"); for (int i = 0; i < certIdnodes.getLength(); i++) { Element certId = (Element) certIdnodes.item(i); Element issuerNameEl = DSSXMLUtils.getElement(certId, xPathQueryHolder.XPATH__X509_ISSUER_NAME); Element issuerSerialEl = DSSXMLUtils.getElement(certId, xPathQueryHolder.XPATH__X509_SERIAL_NUMBER); Element digestAlgorithmEl = DSSXMLUtils.getElement(certId, xPathQueryHolder.XPATH__CERT_DIGEST_DIGEST_METHOD); Element digestValueEl = DSSXMLUtils.getElement(certId, xPathQueryHolder.XPATH__CERT_DIGEST_DIGEST_VALUE); CertificateRef genericCertId = new CertificateRef(); if (issuerNameEl != null && issuerSerialEl != null) { genericCertId.setIssuerName(issuerNameEl.getTextContent()); genericCertId.setIssuerSerial(issuerSerialEl.getTextContent()); } String xmlName = digestAlgorithmEl.getAttribute(XMLE_ALGORITHM); genericCertId.setDigestAlgorithm(DigestAlgorithm.forXML(xmlName).getName()); genericCertId.setDigestValue(DSSUtils.base64Decode(digestValueEl.getTextContent())); certIds.add(genericCertId); } return certIds; }
private void verifySigningCertificateV1(final BigInteger signingTokenSerialNumber, final GeneralNames signingTokenIssuerName, final Attribute signingCertificateAttributeV1) { final DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA1; final byte[] signingTokenCertHash = DSSUtils.digest(digestAlgorithm, signingCertificateValidity.getCertificateToken().getEncoded()); if (LOG.isDebugEnabled()) { LOG.debug("Candidate Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); } final ASN1Set attrValues = signingCertificateAttributeV1.getAttrValues(); for (int ii = 0; ii < attrValues.size(); ii++) { final ASN1Encodable asn1Encodable = attrValues.getObjectAt(ii); final SigningCertificate signingCertificate = SigningCertificate.getInstance(asn1Encodable); final ESSCertID[] essCertIDs = signingCertificate.getCerts(); for (final ESSCertID essCertID : essCertIDs) { final byte[] certHash = essCertID.getCertHash(); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in signingCertificateAttributeV1 {} with algorithm {}", DSSUtils.encodeHexString(certHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = essCertID.getIssuerSerial(); final boolean match = verifySigningCertificateReferences(signingTokenSerialNumber, signingTokenIssuerName, signingTokenCertHash, certHash, issuerSerial); if (match) { return; } LOG.warn("RFC 2634: The first certificate identified in the sequence of certificate identifiers MUST be the certificate used to verify the signature."); } } }
@Override public List<TimestampReference> getTimestampedReferences() { final List<TimestampReference> references = new ArrayList<TimestampReference>(); final List<CertificateRef> certRefs = getCertificateRefs(); for (final CertificateRef certificateRef : certRefs) { final String digestValue = DSSUtils.base64Encode(certificateRef.getDigestValue()); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(certificateRef.getDigestAlgorithm()); usedCertificatesDigestAlgorithms.add(digestAlgorithm); final TimestampReference reference = new TimestampReference(digestAlgorithm.name(), digestValue); references.add(reference); } final List<OCSPRef> ocspRefs = getOCSPRefs(); for (final OCSPRef ocspRef : ocspRefs) { final DigestAlgorithm digestAlgorithm = ocspRef.getDigestAlgorithm(); if (digestAlgorithm == null) { // -444 continue; } final String digestValue = DSSUtils.base64Encode(ocspRef.getDigestValue()); TimestampReference reference = new TimestampReference(digestAlgorithm.getName(), digestValue, TimestampReferenceCategory.REVOCATION); references.add(reference); } final List<CRLRef> crlRefs = getCRLRefs(); for (final CRLRef crlRef : crlRefs) { final String digestValue = DSSUtils.base64Encode(crlRef.getDigestValue()); TimestampReference reference = new TimestampReference(crlRef.getDigestAlgorithm().getName(), digestValue, TimestampReferenceCategory.REVOCATION); references.add(reference); } return references; }
LOG.debug("Candidate Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(signingTokenCertHash), digestAlgorithm.getName()); signingCertificateValidity.setDigestPresent(true); if (LOG.isDebugEnabled()) { LOG.debug("Found Certificate Hash in SigningCertificateV2 {} with algorithm {}", DSSUtils.encodeHexString(certHash), digestAlgorithm.getName());
private void addSigningCertificateAttribute(final SignatureParameters parameters, final ASN1EncodableVector signedAttributes) throws DSSException { final DigestAlgorithm digestAlgorithm = parameters.getDigestAlgorithm(); final List<ChainCertificate> chainCertificateList = parameters.getCertificateChain(); final List<ASN1Encodable> signingCertificates = new ArrayList<ASN1Encodable>(); for (final ChainCertificate chainCertificate : chainCertificateList) { if (!chainCertificate.isSignedAttribute()) { continue; } final X509Certificate signingCertificate = chainCertificate.getX509Certificate(); final byte[] encoded = DSSUtils.getEncoded(signingCertificate); final byte[] certHash = DSSUtils.digest(digestAlgorithm, encoded); if (LOG.isDebugEnabled()) { LOG.debug("Adding Certificate Hash {} with algorithm {}", DSSUtils.encodeHexString(certHash), digestAlgorithm.getName()); } final IssuerSerial issuerSerial = DSSUtils.getIssuerSerial(signingCertificate); ASN1Encodable asn1Encodable; if (digestAlgorithm == SHA1) { final ESSCertID essCertID = new ESSCertID(certHash, issuerSerial); asn1Encodable = new SigningCertificate(essCertID); } else { asn1Encodable = new ESSCertIDv2(digestAlgorithm.getAlgorithmIdentifier(), certHash, issuerSerial); } signingCertificates.add(asn1Encodable); } final Attribute attribute = createSigningCertificateAttributes(digestAlgorithm, signingCertificates); signedAttributes.add(attribute); }
LOG.debug("Timestamp generation: " + timestampDigestAlgorithm.getName() + " / " + timestampC14nMethod + " / " + encodedDigestValue);
wsDssReference.setType(dssReference.getType()); wsDssReference.setUri(dssReference.getUri()); final String name = dssReference.getDigestMethodAlgorithm().getName(); final DigestAlgorithm value = DigestAlgorithm.fromValue(name); wsDssReference.setDigestMethodAlgorithm(value);
xmlDigestAlgAndValue.setDigestMethod(digestAlgorithm.getName()); xmlDigestAlgAndValue.setDigestValue(certToken.getDigestValue(digestAlgorithm)); xmlCert.getDigestAlgAndValue().add(xmlDigestAlgAndValue); xmlBasicSignatureType.setDigestAlgoUsedToSignThisToken(signatureAlgorithm.getDigestAlgorithm().getName()); xmlBasicSignatureType.setEncryptionAlgoUsedToSignThisToken(signatureAlgorithm.getEncryptionAlgorithm().getName()); final String keyLength = certToken.getKeyLength();
xmlBasicSignatureType.setKeyLengthUsedToSignThisToken(keyLength); final String digestAlgorithmName = unknownAlgorithm ? "?" : revocationSignatureAlgo.getDigestAlgorithm().getName(); xmlBasicSignatureType.setDigestAlgoUsedToSignThisToken(digestAlgorithmName); final boolean signatureValid = revocationToken.isSignatureValid();
xmlTimestampToken.setProductionTime(DSSXMLUtils.createXMLGregorianCalendar(timestampToken.getGenerationTime())); xmlTimestampToken.setSignedDataDigestAlgo(timestampToken.getSignedDataDigestAlgo().getName()); xmlTimestampToken.setEncodedSignedDataDigestValue(timestampToken.getEncodedSignedDataDigestValue()); xmlTimestampToken.setMessageImprintDataFound(timestampToken.isMessageImprintDataFound()); xmlBasicSignatureType.setDigestAlgoUsedToSignThisToken(signatureAlgorithm.getDigestAlgorithm().getName());
xmlBasicSignature.setKeyLengthUsedToSignThisToken(String.valueOf(keyLength)); final DigestAlgorithm digestAlgorithm = signature.getDigestAlgorithm(); final String digestAlgorithmString = digestAlgorithm == null ? "?" : digestAlgorithm.getName(); xmlBasicSignature.setDigestAlgoUsedToSignThisToken(digestAlgorithmString); xmlSignature.setBasicSignature(xmlBasicSignature);