/** * ETSI TS 101 733 V2.2.1 (2013-04) * 5.11.3 signer-attributes Attribute * NOTE 1: Only a single signer-attributes can be used. * * The signer-attributes attribute specifies additional attributes of the signer (e.g. role). * It may be either: * • claimed attributes of the signer; or * • certified attributes of the signer. * The signer-attributes attribute shall be a signed attribute. * * @param parameters * @param signedAttributes * @return */ private void addSignerAttribute(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) { // In PAdES, the role is in the signature dictionary if (!padesUsage) { final List<String> claimedSignerRoles = parameters.bLevel().getClaimedSignerRoles(); if (claimedSignerRoles != null) { List<org.bouncycastle.asn1.x509.Attribute> claimedAttributes = new ArrayList<org.bouncycastle.asn1.x509.Attribute>(claimedSignerRoles.size()); for (final String claimedSignerRole : claimedSignerRoles) { final DERUTF8String roles = new DERUTF8String(claimedSignerRole); // TODO: role attribute key (id_at_name) should be customizable final org.bouncycastle.asn1.x509.Attribute id_aa_ets_signerAttr = new org.bouncycastle.asn1.x509.Attribute(X509ObjectIdentifiers.id_at_name, new DERSet(roles)); claimedAttributes.add(id_aa_ets_signerAttr); } final org.bouncycastle.asn1.cms.Attribute attribute = new org.bouncycastle.asn1.cms.Attribute(id_aa_ets_signerAttr, new DERSet(new SignerAttribute(claimedAttributes.toArray(new org.bouncycastle.asn1.x509.Attribute[claimedAttributes.size()])))); signedAttributes.add(attribute); } // TODO: handle CertifiedAttributes ::= AttributeCertificate -- as defined in RFC 3281: see clause 4.1. // final List<String> certifiedSignerRoles = parameters.bLevel().getCertifiedSignerRoles(); } }
@Override public String[] getClaimedSignerRoles() { final Attribute id_aa_ets_signerAttr = getSignedAttribute(PKCSObjectIdentifiers.id_aa_ets_signerAttr); if (id_aa_ets_signerAttr == null) { return null; } final ASN1Set attrValues = id_aa_ets_signerAttr.getAttrValues(); final ASN1Encodable attrValue = attrValues.getObjectAt(0); try { final SignerAttribute signerAttr = SignerAttribute.getInstance(attrValue); if (signerAttr == null) { return null; } final List<String> claimedRoles = new ArrayList<String>(); final Object[] signerAttrValues = signerAttr.getValues(); for (final Object signerAttrValue : signerAttrValues) { if (!(signerAttrValue instanceof org.bouncycastle.asn1.x509.Attribute[])) { continue; } final org.bouncycastle.asn1.x509.Attribute[] signerAttrValueArray = (org.bouncycastle.asn1.x509.Attribute[]) signerAttrValue; for (final org.bouncycastle.asn1.x509.Attribute claimedRole : signerAttrValueArray) { final ASN1Encodable[] attrValues1 = claimedRole.getAttrValues().toArray(); for (final ASN1Encodable asn1Encodable : attrValues1) { if (asn1Encodable instanceof ASN1String) { ASN1String asn1String = (ASN1String) asn1Encodable; final String s = asn1String.getString(); claimedRoles.add(s); } } } } final String[] strings = claimedRoles.toArray(new String[claimedRoles.size()]); return strings; } catch (Exception e) { LOG.error("Error when dealing with claimed signer roles: [" + attrValue.toString() + "]", e); return null; } }
@Override public List<CertifiedRole> getCertifiedSignerRoles() { final Attribute id_aa_ets_signerAttr = getSignedAttribute(PKCSObjectIdentifiers.id_aa_ets_signerAttr); if (id_aa_ets_signerAttr == null) { return null; } final ASN1Set attrValues = id_aa_ets_signerAttr.getAttrValues(); final ASN1Encodable asn1EncodableAttrValue = attrValues.getObjectAt(0); try { final SignerAttribute signerAttr = SignerAttribute.getInstance(asn1EncodableAttrValue); if (signerAttr == null) { return null; } List<CertifiedRole> roles = null; final Object[] signerAttrValues = signerAttr.getValues(); for (final Object signerAttrValue : signerAttrValues) { if (signerAttrValue instanceof AttributeCertificate) { if (roles == null) { roles = new ArrayList<CertifiedRole>(); } final AttributeCertificate attributeCertificate = (AttributeCertificate) signerAttrValue; final AttributeCertificateInfo acInfo = attributeCertificate.getAcinfo(); final AttCertValidityPeriod attrCertValidityPeriod = acInfo.getAttrCertValidityPeriod(); final ASN1Sequence attributes = acInfo.getAttributes(); for (int ii = 0; ii < attributes.size(); ii++) { final ASN1Encodable objectAt = attributes.getObjectAt(ii); final org.bouncycastle.asn1.x509.Attribute attribute = org.bouncycastle.asn1.x509.Attribute.getInstance(objectAt); final ASN1Set attrValues1 = attribute.getAttrValues(); DERSequence derSequence = (DERSequence) attrValues1.getObjectAt(0); RoleSyntax roleSyntax = RoleSyntax.getInstance(derSequence); CertifiedRole certifiedRole = new CertifiedRole(); certifiedRole.setRole(roleSyntax.getRoleNameAsString()); certifiedRole.setNotBefore(DSSASN1Utils.toDate(attrCertValidityPeriod.getNotBeforeTime())); certifiedRole.setNotAfter(DSSASN1Utils.toDate(attrCertValidityPeriod.getNotAfterTime())); roles.add(certifiedRole); } } } return roles; } catch (Exception e) { LOG.error("Error when dealing with certified signer roles: [" + asn1EncodableAttrValue.toString() + "]", e); return null; } }
