/** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { byte[] efcsBytes = readBinaryFile("/home/tsenger/Desktop/EFCardSecurity.bin"); ASN1Sequence asnSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(efcsBytes); ContentInfo contentInfo = ContentInfo.getInstance(asnSeq); System.out.println(contentInfo.getContentType()); DERSequence derSeq = (DERSequence) contentInfo.getContent(); System.out.println(HexString.bufferToHex(derSeq.getEncoded(null))); SignedData signedData = SignedData.getInstance(derSeq); System.out.println("CMSVersion: "+signedData.getVersion().getValue().intValue()); ContentInfo contentInfo2 = signedData.getEncapContentInfo(); System.out.println(contentInfo2.getContentType()); DEROctetString octString = (DEROctetString) contentInfo2.getContent(); System.out.println("OctetString:\n"+HexString.bufferToHex(octString.getEncoded(null))); System.out.println("OctetString:\n"+HexString.bufferToHex(octString.getOctets())); SecurityInfos si = new SecurityInfos(); si.decode(octString.getOctets()); System.out.println(si); byte[] parameter = si.getChipAuthenticationPublicKeyInfoList().get(0).getPublicKey().getPublicKey(); System.out.println(HexString.bufferToHex(parameter)); System.out.println("Key Referenz: "+si.getChipAuthenticationPublicKeyInfoList().get(0).getKeyId()); System.out.println("id_CA OID: "+si.getChipAuthenticationPublicKeyInfoList().get(0).getPublicKey().getAlgorithm().getAlgorithm()); }
private SecurityInfos decodeEFCardSecurity(byte[] data) throws IOException, CertificateException, CMSException, OperatorCreationException { ASN1Sequence asnSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(data); ContentInfo contentInfo = ContentInfo.getInstance(asnSeq); DERSequence derSeq = (DERSequence) contentInfo.getContent(); SignedData cardSecurity = SignedData.getInstance(derSeq); // Get SecurityInfos ContentInfo encapContentInfo = cardSecurity.getEncapContentInfo(); DEROctetString octString = (DEROctetString) encapContentInfo.getContent(); SecurityInfos si = new SecurityInfos(); si.decode(octString.getOctets()); return si; }
/** * The field crlsHashIndex is a sequence of octet strings. Each one contains the hash value of one instance of * RevocationInfoChoice within crls field of the root SignedData. A hash value for every instance of * RevocationInfoChoice, as present at the time when the corresponding archive time-stamp is requested, shall be * included in crlsHashIndex. No other hash values shall be included in this field. * * @return * @throws eu.europa.esig.dss.DSSException */ @SuppressWarnings("unchecked") private ASN1Sequence getCRLsHashIndex() throws DSSException { final ASN1EncodableVector crlsHashIndex = new ASN1EncodableVector(); final SignedData signedData = SignedData.getInstance(cadesSignature.getCmsSignedData().toASN1Structure().getContent()); final ASN1Set signedDataCRLs = signedData.getCRLs(); if (signedDataCRLs != null) { final Enumeration<ASN1Encodable> crLs = signedDataCRLs.getObjects(); if (crLs != null) { while (crLs.hasMoreElements()) { final ASN1Encodable asn1Encodable = crLs.nextElement(); digestAndAddToList(crlsHashIndex, DSSASN1Utils.getDEREncoded(asn1Encodable)); } } } return new DERSequence(crlsHashIndex); }
@Before public void init() throws Exception { DSSDocument signedDocument = getSignedDocument(); ASN1InputStream asn1sInput = new ASN1InputStream(signedDocument.openStream()); ASN1Sequence asn1Seq = (ASN1Sequence) asn1sInput.readObject(); assertEquals(2, asn1Seq.size()); ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(asn1Seq.getObjectAt(0)); assertEquals(PKCSObjectIdentifiers.signedData, oid); ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(asn1Seq.getObjectAt(1)); signedData = SignedData.getInstance(taggedObj.getObject()); ASN1Set signerInfosAsn1 = signedData.getSignerInfos(); assertEquals(1, signerInfosAsn1.size()); signerInfo = SignerInfo.getInstance(ASN1Sequence.getInstance(signerInfosAsn1.getObjectAt(0))); Utils.closeQuietly(asn1sInput); }
private SignedData getCert(X509Ca ca, BigInteger serialNumber) throws FailInfoException, OperationException { X509Certificate cert; try { cert = ca.getCertificate(serialNumber); } catch (CertificateException ex) { final String message = "could not get certificate for CA '" + caIdent + "' and serialNumber=" + LogUtil.formatCsn(serialNumber) + ")"; LogUtil.error(LOG, ex, message); throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex); } if (cert == null) { throw FailInfoException.BAD_CERTID; } return buildSignedData(cert); }
private SignedData pollCert(X509Ca ca, X500Name subject, TransactionId tid) throws FailInfoException, OperationException { byte[] tidBytes = getTransactionIdBytes(tid.id()); List<X509Certificate> certs = ca.getCertificate(subject, tidBytes); if (CollectionUtil.isEmpty(certs)) { certs = ca.getCertificate(subject, null); } if (CollectionUtil.isEmpty(certs)) { throw FailInfoException.BAD_CERTID; } if (certs.size() > 1) { LOG.warn("given certId (subject: {}) and transactionId {} match multiple certificates", X509Util.getRfc4519Name(subject), tid.id()); throw FailInfoException.BAD_CERTID; } return buildSignedData(certs.get(0)); }
private SignedData buildSignedData(X509Certificate cert) throws OperationException { CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator(); try { X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); cmsSignedDataGen.addCertificate(certHolder); if (control.includeCaCert()) { refreshCa(); cmsSignedDataGen.addCertificate(caCert.certHolder()); } CMSSignedData signedData = cmsSignedDataGen.generate(new CMSAbsentContent()); return SignedData.getInstance(signedData.toASN1Structure().getContent()); } catch (CMSException | IOException | CertificateEncodingException ex) { LogUtil.error(LOG, ex); throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex); } }
private SignedData getCrl(X509Ca ca, BigInteger serialNumber) throws FailInfoException, OperationException { if (!control.supportGetCrl()) { throw FailInfoException.BAD_REQUEST; } CertificateList crl = ca.getBcCurrentCrl(); if (crl == null) { throw FailInfoException.BAD_REQUEST; } CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator(); cmsSignedDataGen.addCRL(new X509CRLHolder(crl)); CMSSignedData signedData; try { signedData = cmsSignedDataGen.generate(new CMSAbsentContent()); } catch (CMSException ex) { LogUtil.error(LOG, ex, "could not generate CMSSignedData"); throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex); } return SignedData.getInstance(signedData.toASN1Structure().getContent()); }
/** * The field crlsHashIndex is a sequence of octet strings. Each one contains the hash value of one instance of * RevocationInfoChoice within crls field of the root SignedData. A hash value for every instance of * RevocationInfoChoice, as present at the time when the corresponding archive time-stamp is requested, shall be * included in crlsHashIndex. No other hash values shall be included in this field. * * @return * @throws eu.europa.esig.dss.DSSException */ @SuppressWarnings("unchecked") private ASN1Sequence getVerifiedCRLsHashIndex(TimestampToken timestampToken) throws DSSException { final ASN1Sequence crlHashes = getCRLHashIndex(timestampToken); final List<DEROctetString> crlHashesList = new ArrayList<DEROctetString>(); if (crlHashes != null) { crlHashesList.addAll(Collections.list(crlHashes.getObjects())); } final SignedData signedData = SignedData.getInstance(cadesSignature.getCmsSignedData().toASN1Structure().getContent()); final ASN1Set signedDataCRLs = signedData.getCRLs(); if (signedDataCRLs != null) { final Enumeration<ASN1Encodable> crLs = signedDataCRLs.getObjects(); if (crLs != null) { while (crLs.hasMoreElements()) { final ASN1Encodable asn1Encodable = crLs.nextElement(); handleRevocationEncoded(crlHashesList, DSSASN1Utils.getDEREncoded(asn1Encodable)); } } } if (!crlHashesList.isEmpty()) { LOG.error("{} attribute hash in CRL Hashes have not been found in document attributes: {}", crlHashesList.size(), crlHashesList); // return a empty DERSequence to screw up the hash return new DERSequence(); } return crlHashes; }
private List<X509Certificate> extractCertificates(SignedData signedData) throws Exception { ASN1Set certificates = signedData.getCertificates(); logger.info("CERTIFICATES (" + certificates.size() + ") : " + certificates); List<X509Certificate> foundCertificates = new ArrayList<X509Certificate>(); for (int i = 0; i < certificates.size(); i++) { ASN1Sequence seqCertif = ASN1Sequence.getInstance(certificates.getObjectAt(i)); X509CertificateHolder certificateHolder = new X509CertificateHolder(seqCertif.getEncoded()); CertificateToken certificate = DSSASN1Utils.getCertificate(certificateHolder); foundCertificates.add(certificate.getCertificate()); } return foundCertificates; }
/** * Replace the SignerInformation store associated with this * CMSSignedData object with the new one passed in. You would * probably only want to do this if you wanted to change the unsigned * attributes associated with a signer, or perhaps delete one. * * @param signedData the signed data object to be used as a base. * @param signerInformationStore the new signer information store to use. * @return a new signed data object. */ public static CMSSignedData replaceSigners( CMSSignedData signedData, SignerInformationStore signerInformationStore) { // // copy // CMSSignedData cms = new CMSSignedData(signedData); // // replace the store // cms.signerInfoStore = signerInformationStore; // // replace the signers in the SignedData object // ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); ASN1EncodableVector vec = new ASN1EncodableVector(); Iterator it = signerInformationStore.getSigners().iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); vec.add(signer.toASN1Structure()); } ASN1Set digests = new DERSet(digestAlgs); ASN1Set signers = new DERSet(vec); ASN1Sequence sD = (ASN1Sequence)signedData.signedData.toASN1Primitive(); vec = new ASN1EncodableVector(); // // signers are the last item in the sequence. // vec.add(sD.getObjectAt(0)); // version vec.add(digests); for (int i = 2; i != sD.size() - 1; i++) { vec.add(sD.getObjectAt(i)); } vec.add(signers); cms.signedData = SignedData.getInstance(new BERSequence(vec)); // // replace the contentInfo with the new one // cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData); return cms; }
@Test public void testContentTimeStamp() throws IOException { File file = new File("src/test/resources/plugtest/cades/CAdES-BES/Sample_Set_11/Signature-C-BES-4.p7m"); FileInputStream fis = new FileInputStream(file); ASN1InputStream asn1sInput = new ASN1InputStream(Utils.toByteArray(fis)); ASN1Sequence asn1Seq = (ASN1Sequence) asn1sInput.readObject(); ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(asn1Seq.getObjectAt(1)); ASN1Primitive object = taggedObj.getObject(); SignedData signedData = SignedData.getInstance(object); ASN1Set signerInfosAsn1 = signedData.getSignerInfos(); ASN1Sequence seqSignedInfo = ASN1Sequence.getInstance(signerInfosAsn1.getObjectAt(0)); SignerInfo signedInfo = SignerInfo.getInstance(seqSignedInfo); ASN1Set authenticatedAttributes = signedInfo.getAuthenticatedAttributes(); boolean found = false; for (int i = 0; i < authenticatedAttributes.size(); i++) { ASN1Sequence authAttrSeq = ASN1Sequence.getInstance(authenticatedAttributes.getObjectAt(i)); ASN1ObjectIdentifier attrOid = ASN1ObjectIdentifier.getInstance(authAttrSeq.getObjectAt(0)); if (PKCSObjectIdentifiers.id_aa_ets_contentTimestamp.equals(attrOid)) { found = true; } } assertTrue(found); SignedDocumentValidator validator = SignedDocumentValidator.fromDocument(new FileDocument(file)); validator.setCertificateVerifier(new CommonCertificateVerifier()); Reports reports = validator.validateDocument(); // reports.print(); DiagnosticData diagnosticData = reports.getDiagnosticData(); List<String> timestampIdList = diagnosticData.getTimestampIdList(diagnosticData.getFirstSignatureId()); assertTrue(Utils.isCollectionNotEmpty(timestampIdList)); boolean foundContentTimestamp = false; for (String timestampId : timestampIdList) { String timestampType = diagnosticData.getTimestampType(timestampId); if (TimestampType.CONTENT_TIMESTAMP.name().equals(timestampType)) { foundContentTimestamp = true; } } assertTrue(foundContentTimestamp); Utils.closeQuietly(asn1sInput); Utils.closeQuietly(fis); }
/** * Replace the signerinformation store associated with this * CMSSignedData object with the new one passed in. You would * probably only want to do this if you wanted to change the unsigned * attributes associated with a signer, or perhaps delete one. * * @param signedData the signed data object to be used as a base. * @param signerInformationStore the new signer information store to use. * @return a new signed data object. */ public static CMSSignedData replaceSigners( CMSSignedData signedData, SignerInformationStore signerInformationStore) { // // copy // CMSSignedData cms = new CMSSignedData(signedData); // // replace the store // cms.signerInfoStore = signerInformationStore; // // replace the signers in the SignedData object // ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); ASN1EncodableVector vec = new ASN1EncodableVector(); Iterator it = signerInformationStore.getSigners().iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); vec.add(signer.toASN1Structure()); } ASN1Set digests = new DERSet(digestAlgs); ASN1Set signers = new DERSet(vec); ASN1Sequence sD = (ASN1Sequence)signedData.signedData.toASN1Primitive(); vec = new ASN1EncodableVector(); // // signers are the last item in the sequence. // vec.add(sD.getObjectAt(0)); // version vec.add(digests); for (int i = 2; i != sD.size() - 1; i++) { vec.add(sD.getObjectAt(i)); } vec.add(signers); cms.signedData = SignedData.getInstance(new BERSequence(vec)); // // replace the contentInfo with the new one // cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData); return cms; }
/** * Constructs DVCRequest from CMS SignedData object. * * @param signedData the CMS SignedData object containing the request * @throws DVCSConstructionException */ public DVCSRequest(CMSSignedData signedData) throws DVCSConstructionException { this(SignedData.getInstance(signedData.toASN1Structure().getContent()).getEncapContentInfo()); }
/** * Constructs DVCRequest from CMS SignedData object. * * @param signedData the CMS SignedData object containing the request * @throws org.bouncycastle.dvcs.DVCSConstructionException */ public DVCSResponse(CMSSignedData signedData) throws DVCSConstructionException { this(SignedData.getInstance(signedData.toASN1Structure().getContent()).getEncapContentInfo()); }
/** * 1) The SignedData.encapContentInfo.eContentType. * * @param cmsSignedData * @return cmsSignedData.getSignedContentTypeOID() as DER encoded */ private byte[] getEncodedContentType(final CMSSignedData cmsSignedData) { final ContentInfo contentInfo = cmsSignedData.toASN1Structure(); final SignedData signedData = SignedData.getInstance(contentInfo.getContent()); return DSSASN1Utils.getDEREncoded(signedData.getEncapContentInfo().getContentType()); }
