private TrustStatusList loadLotl() { X509Certificate lotlCert = null; if (checkSignature) { lotlCert = readLOTLCertificate(); } TrustStatusList lotl; try { LOG.info("Downloading LOTL from url= {}", lotlUrl); final ArrayList<X509Certificate> x509CertificateList = new ArrayList<X509Certificate>(); x509CertificateList.add(lotlCert); lotl = getTrustStatusList(lotlUrl, x509CertificateList); } catch (DSSException e) { LOG.error("The LOTL cannot be loaded: " + e.getMessage(), e); throw e; } diagnosticInfo.put(lotlUrl, "Loaded " + new Date().toString()); return lotl; }
/** * This method returns the public algorithm extracted from public key infrastructure. (ex: RSA) * * @param publicKey * @return */ public static String getPublicKeyEncryptionAlgo(final Key publicKey) { String publicKeyAlgorithm = "?"; // (List of different public key implementations with instanceOf test removed) publicKeyAlgorithm = publicKey.getAlgorithm(); if (!"?".equals(publicKeyAlgorithm)) { try { publicKeyAlgorithm = EncryptionAlgorithm.forName(publicKeyAlgorithm).getName(); } catch (DSSException e) { LOG.error(e.getMessage()); } } return publicKeyAlgorithm; }
@Override public RevocationToken check(final CertificateToken toCheckToken) { if (ocspSource == null) { LOG.warn("OCSPSource null"); toCheckToken.extraInfo().infoOCSPSourceIsNull(); return null; } try { final OCSPToken ocspToken = ocspSource.getOCSPToken(toCheckToken, validationCertPool); if (ocspToken == null) { if (LOG.isInfoEnabled()) { LOG.debug("No matching OCSP response found for " + toCheckToken.getDSSIdAsString()); } } return ocspToken; } catch (DSSException e) { LOG.error("OCSP DSS Exception: " + e.getMessage(), e); toCheckToken.extraInfo().infoOCSPException(e); return null; } } }
/** * */ public void doRefreshPrivateKeys() { try { final SignatureTokenConnection tokenConnection = getModel().getTokenConnection(); getModel().setPrivateKeys(tokenConnection.getKeys()); } catch (final DSSException e) { // FIXME LOG.error(e.getMessage(), e); } }
/** * Get the issuer's certificate from Authority Information Access through id-ad-caIssuers extension. * * @param token {@code CertificateToken} for which the issuer is sought. * @return {@code CertificateToken} representing the issuer certificate or null. */ private CertificateToken getIssuerFromAIA(final CertificateToken token) { final X509Certificate issuerCert; try { LOG.info("Retrieving {} certificate's issuer using AIA.", token.getAbbreviation()); issuerCert = DSSUtils.loadIssuerCertificate(token.getCertificate(), dataLoader); if (issuerCert != null) { final CertificateToken issuerCertToken = validationCertificatePool.getInstance(issuerCert, CertificateSourceType.AIA); if (token.isSignedBy(issuerCertToken)) { return issuerCertToken; } LOG.info("The retrieved certificate using AIA does not sign the certificate {}.", token.getAbbreviation()); } else { LOG.info("The issuer certificate cannot be loaded using AIA."); } } catch (DSSException e) { LOG.error(e.getMessage()); } return null; }
/** * Checks if the {@code TimeStampToken} matches the signed data. * * @param data the array of {@code byte} representing the timestamped data * @return true if the data is verified by the TimeStampToken */ public boolean matchData(final byte[] data) { try { messageImprintData = data != null; final TimeStampTokenInfo timeStampInfo = timeStamp.getTimeStampInfo(); final ASN1ObjectIdentifier hashAlgorithm = timeStampInfo.getHashAlgorithm().getAlgorithm(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(hashAlgorithm); final byte[] computedDigest = DSSUtils.digest(digestAlgorithm, data); final byte[] timestampDigest = timeStampInfo.getMessageImprintDigest(); messageImprintIntact = Arrays.equals(computedDigest, timestampDigest); if (!messageImprintIntact) { LOG.error("Extracted data from the document: {}", DSSUtils.encodeHexString(data, 200)); LOG.error("Computed digest ({}) on the extracted data from the document : {}", digestAlgorithm, DSSUtils.encodeHexString(computedDigest)); LOG.error("Digest present in TimestampToken: {}", DSSUtils.encodeHexString(timestampDigest)); LOG.error("Digest in TimestampToken matches digest of extracted data from document: {}", messageImprintIntact); } } catch (DSSException e) { messageImprintIntact = false; signedDataMessage = "Timestamp digest problem: " + e.getMessage(); } return messageImprintIntact; }