/** * Extend cms signed data with TimeStamp first or to all signers * * @param signedData Generated CMS signed data * @return CMSSignedData Extended CMS signed data * @throws IOException */ public CMSSignedData addSignedTimeStamp(CMSSignedData signedData) throws IOException { SignerInformationStore signerStore = signedData.getSignerInfos(); List<SignerInformation> newSigners = new ArrayList<>(); for (SignerInformation signer : signerStore.getSigners()) { // This adds a timestamp to every signer (into his unsigned attributes) in the signature. newSigners.add(signTimeStamp(signer)); } // Because new SignerInformation is created, new SignerInfoStore has to be created // and also be replaced in signedData. Which creates a new signedData object. return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(newSigners)); }
/** * Extend cms signed data with TimeStamp first or to all signers * * @param signedData Generated CMS signed data * @return CMSSignedData Extended CMS signed data * @throws IOException */ public CMSSignedData addSignedTimeStamp(CMSSignedData signedData) throws IOException { SignerInformationStore signerStore = signedData.getSignerInfos(); List<SignerInformation> newSigners = new ArrayList<SignerInformation>(); for (SignerInformation signer : signerStore.getSigners()) { // This adds a timestamp to every signer (into his unsigned attributes) in the signature. newSigners.add(signTimeStamp(signer)); } // Because new SignerInformation is created, new SignerInfoStore has to be created // and also be replaced in signedData. Which creates a new signedData object. return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(newSigners)); }
/** * This method applies a countersignature to an existing signature * * @param signedData the countersignature * @return the updated signature, in which the countersignature has been embedded */ public CMSSignedData signDocument(final CMSSignedData signedData) { final ASN1ObjectIdentifier csIdentifier = OID.id_countersignature; //Retrieve the SignerInformation from the countersigned signature final SignerInformationStore originalSignerInfos = cmsSignedData.getSignerInfos(); //Retrieve the SignerInformation from the countersignature final SignerInformationStore signerInfos = signedData.getSignerInfos(); //Add the countersignature SignerInformation updatedSI = cmsSignedData.getSignerInfos().get(selector).addCounterSigners(originalSignerInfos.get(selector), signerInfos); //Create updated SignerInformationStore Collection<SignerInformation> counterSignatureInformationCollection = new ArrayList<SignerInformation>(); counterSignatureInformationCollection.add(updatedSI); SignerInformationStore signerInformationStore = new SignerInformationStore(counterSignatureInformationCollection); //Return new, updated signature return CMSSignedData.replaceSigners(cmsSignedData, signerInformationStore); } }
protected CMSSignedData modifySignedData(CMSSignedData sigData, AttributeTable unsignedAttributes, Collection<X509CertificateHolder> extraCertificates) throws IOException, CMSException { SignerInformation signerInformation = sigData.getSignerInfos().getSigners().iterator().next(); signerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); Collection<X509CertificateHolder> certificates = new ArrayList<>(); certificates.addAll(sigData.getCertificates().getMatches(null)); if (extraCertificates != null) { certificates.addAll(extraCertificates); } Store<X509CertificateHolder> certificateStore = new CollectionStore<>(certificates); AuthenticodeSignedDataGenerator generator = new AuthenticodeSignedDataGenerator(); generator.addCertificates(certificateStore); generator.addSigners(new SignerInformationStore(signerInformation)); ASN1ObjectIdentifier contentType = new ASN1ObjectIdentifier(sigData.getSignedContentTypeOID()); ASN1Encodable content = ASN1Sequence.getInstance(sigData.getSignedContent().getContent()); return generator.generate(contentType, content); }
private static CMSSignedData addTimestamp(String tsaUrl, CMSSignedData signedData) throws IOException { Collection<SignerInformation> signerInfos = signedData.getSignerInfos().getSigners(); // get signature of first signer (should be the only one) SignerInformation si = signerInfos.iterator().next(); byte[] signature = si.getSignature(); // send request to TSA byte[] token = TimeStampingClient.getTimeStampToken(tsaUrl, signature, DigestType.SHA1); // create new SignerInformation with TS attribute Attribute tokenAttr = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(token))); ASN1EncodableVector timestampVector = new ASN1EncodableVector(); timestampVector.add(tokenAttr); AttributeTable at = new AttributeTable(timestampVector); si = SignerInformation.replaceUnsignedAttributes(si, at); signerInfos.clear(); signerInfos.add(si); SignerInformationStore newSignerStore = new SignerInformationStore(signerInfos); // create new signed data CMSSignedData newSignedData = CMSSignedData.replaceSigners(signedData, newSignerStore); return newSignedData; }
/** * Take the last signerInformation of the cmsSignedData and extends the signature * * @param cmsSignedData * @return */ private CMSSignedData extendLastCMSSignature(CMSSignedData cmsSignedData, SignatureParameters parameters) { LOG.info("EXTEND LAST CMS SIGNATURES."); cmsSignedData = preExtendCMSSignedData(cmsSignedData, parameters); Collection<SignerInformation> signerInformationCollection = cmsSignedData.getSignerInfos().getSigners(); SignerInformation lastSignerInformation = getFirstSigner(cmsSignedData); final List<SignerInformation> newSignerInformationList = new ArrayList<SignerInformation>(); for (SignerInformation signerInformation : signerInformationCollection) { if (lastSignerInformation == signerInformation) { final CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation); cadesSignature.setDetachedContents(parameters.getDetachedContent()); assertSignatureValid(cadesSignature, parameters); final SignerInformation newSignerInformation = extendCMSSignature(cmsSignedData, signerInformation, parameters); newSignerInformationList.add(newSignerInformation); } else { newSignerInformationList.add(signerInformation); } } final SignerInformationStore newSignerStore = new SignerInformationStore(newSignerInformationList); cmsSignedData = CMSSignedData.replaceSigners(cmsSignedData, newSignerStore); lastSignerInformation = getFirstSigner(cmsSignedData); cmsSignedData = postExtendCMSSignedData(cmsSignedData, lastSignerInformation, parameters); return cmsSignedData; }
final List<SignerInformation> signerInformationList = new ArrayList<SignerInformation>(); signerInformationList.add(newSignerInformation); final SignerInformationStore newSignerStore = new SignerInformationStore(signerInformationList); cmsSignedDataTimeStampToken = CMSSignedData.replaceSigners(cmsSignedDataTimeStampToken, newSignerStore);
generator.addSigners(new SignerInformationStore(signers));
/** * Loops on each signerInformation of the cmsSignedData and extends the signature * * @param cmsSignedData * @return */ private CMSSignedData extendAllCMSSignatures(CMSSignedData cmsSignedData, SignatureParameters parameters) { LOG.info("EXTEND ALL CMS SIGNATURES."); Collection<SignerInformation> signerInformationCollection = cmsSignedData.getSignerInfos().getSigners(); for (SignerInformation signerInformation : signerInformationCollection) { cmsSignedData = preExtendCMSSignedData(cmsSignedData, parameters); } signerInformationCollection = cmsSignedData.getSignerInfos().getSigners(); final List<SignerInformation> newSignerInformationList = new ArrayList<SignerInformation>(); for (SignerInformation signerInformation : signerInformationCollection) { final CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation); cadesSignature.setDetachedContents(parameters.getDetachedContent()); assertSignatureValid(cadesSignature, parameters); final SignerInformation newSignerInformation = extendCMSSignature(cmsSignedData, signerInformation, parameters); newSignerInformationList.add(newSignerInformation); } final SignerInformationStore newSignerStore = new SignerInformationStore(newSignerInformationList); cmsSignedData = CMSSignedData.replaceSigners(cmsSignedData, newSignerStore); signerInformationCollection = cmsSignedData.getSignerInfos().getSigners(); for (SignerInformation signerInformation : signerInformationCollection) { cmsSignedData = postExtendCMSSignedData(cmsSignedData, signerInformation, parameters); } return cmsSignedData; }
private CMSSignedData addNestedSignature(CMSSignedData primary, CMSSignedData secondary) throws CMSException { SignerInformation signerInformation = primary.getSignerInfos().getSigners().iterator().next(); AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); if (unsignedAttributes == null) { unsignedAttributes = new AttributeTable(new DERSet()); } Attribute nestedSignaturesAttribute = unsignedAttributes.get(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID); if (nestedSignaturesAttribute == null) { // first nested signature unsignedAttributes = unsignedAttributes.add(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID, secondary.toASN1Structure()); } else { // append the signature to the previous nested signatures ASN1EncodableVector nestedSignatures = new ASN1EncodableVector(); for (ASN1Encodable nestedSignature : nestedSignaturesAttribute.getAttrValues()) { nestedSignatures.add(nestedSignature); } nestedSignatures.add(secondary.toASN1Structure()); ASN1EncodableVector attributes = unsignedAttributes.remove(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID).toASN1EncodableVector(); attributes.add(new Attribute(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID, new DERSet(nestedSignatures))); unsignedAttributes = new AttributeTable(attributes); } signerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); return CMSSignedData.replaceSigners(primary, new SignerInformationStore(signerInformation)); }