Search in sources :

Example 6 with ASN1UTCTime

use of com.github.zhenwei.core.asn1.ASN1UTCTime in project ldapsdk by pingidentity.

the class X509Certificate method encodeValiditySequence.

/**
 * Encodes the certificate validity sequence, using a UTC time encoding if
 * both notBefore and notAfter values fall within the range 1950-2049, and
 * using generalized time if either value falls outside that range.
 *
 * @param  notBefore  The notBefore value to include in the sequence.
 * @param  notAfter   The notAfter value to include in the sequence.
 *
 * @return  The encoded validity sequence.
 */
@NotNull()
static ASN1Sequence encodeValiditySequence(final long notBefore, final long notAfter) {
    final GregorianCalendar notBeforeCalendar = new GregorianCalendar();
    notBeforeCalendar.setTimeInMillis(notBefore);
    final int notBeforeYear = notBeforeCalendar.get(Calendar.YEAR);
    final GregorianCalendar notAfterCalendar = new GregorianCalendar();
    notAfterCalendar.setTimeInMillis(notAfter);
    final int notAfterYear = notAfterCalendar.get(Calendar.YEAR);
    if ((notBeforeYear >= 1950) && (notBeforeYear <= 2049) && (notAfterYear >= 1950) && (notAfterYear <= 2049)) {
        return new ASN1Sequence(new ASN1UTCTime(notBefore), new ASN1UTCTime(notAfter));
    } else {
        return new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter));
    }
}
Also used : ASN1Sequence(com.unboundid.asn1.ASN1Sequence) GregorianCalendar(java.util.GregorianCalendar) ASN1UTCTime(com.unboundid.asn1.ASN1UTCTime) ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime) NotNull(com.unboundid.util.NotNull)

Example 7 with ASN1UTCTime

use of com.github.zhenwei.core.asn1.ASN1UTCTime in project gdmatrix by gdmatrix.

the class P7MUtils method printAttribute.

public static void printAttribute(Attribute attribute) throws Exception {
    ASN1Set set = attribute.getAttrValues();
    ASN1Primitive der = set.getObjectAt(0).toASN1Primitive();
    System.out.println(der.getClass());
    if (der instanceof DEROctetString) {
        DEROctetString octet = (DEROctetString) der;
        byte[] data = octet.getOctets();
        System.out.println(new String(data, "UTF-16LE"));
    } else if (der instanceof ASN1UTCTime) {
        ASN1UTCTime utcTime = (ASN1UTCTime) der;
        String time = utcTime.getAdjustedTime();
        System.out.println(time);
    } else if (der instanceof ASN1ObjectIdentifier) {
        ASN1ObjectIdentifier id = (ASN1ObjectIdentifier) der;
        System.out.println(id.getId());
    }
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 8 with ASN1UTCTime

use of com.github.zhenwei.core.asn1.ASN1UTCTime in project signer by demoiselle.

the class CAdESSigner method check.

/**
 * Validation is done only on digital signatures with a single signer. Valid
 * only with content of type DATA.: OID ContentType 1.2.840.113549.1.9.3 =
 * OID Data 1.2.840.113549.1.7.1
 *
 * @params content Is only necessary to inform if the PKCS7 package is NOT
 *         ATTACHED type. If it is of type attached, this parameter will be
 *         replaced by the contents of the PKCS7 package.
 * @params signedData Value in bytes of the PKCS7 package, such as the
 *         contents of a ".p7s" file. It is not only signature as in the
 *         case of PKCS1.
 */
@SuppressWarnings("unchecked")
// TODO: Implementar validação de co-assinaturas
@Override
@Deprecated
public boolean check(byte[] content, byte[] signedData) throws SignerException {
    Security.addProvider(new BouncyCastleProvider());
    CMSSignedData cmsSignedData = null;
    try {
        if (content == null) {
            if (this.checkHash) {
                cmsSignedData = new CMSSignedData(this.hashes, signedData);
                this.checkHash = false;
            } else {
                cmsSignedData = new CMSSignedData(signedData);
            }
        } else {
            cmsSignedData = new CMSSignedData(new CMSProcessableByteArray(content), signedData);
        }
    } catch (CMSException ex) {
        throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), ex);
    }
    // Quantidade inicial de assinaturas validadas
    int verified = 0;
    Store<?> certStore = cmsSignedData.getCertificates();
    SignerInformationStore signers = cmsSignedData.getSignerInfos();
    Iterator<?> it = signers.getSigners().iterator();
    // Realização da verificação básica de todas as assinaturas
    while (it.hasNext()) {
        try {
            SignerInformation signer = (SignerInformation) it.next();
            SignerInformationStore s = signer.getCounterSignatures();
            SignatureInformations si = new SignatureInformations();
            logger.info("Foi(ram) encontrada(s) " + s.size() + " contra-assinatura(s).");
            Collection<?> certCollection = certStore.getMatches(signer.getSID());
            Iterator<?> certIt = certCollection.iterator();
            X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
            X509Certificate varCert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
            PeriodValidator pV = new PeriodValidator();
            try {
                pV.validate(varCert);
            } catch (CertificateValidatorException cve) {
                si.getValidatorErrors().add(cve.getMessage());
            }
            CRLValidator cV = new CRLValidator();
            try {
                cV.validate(varCert);
            } catch (CertificateValidatorCRLException cvce) {
                si.getValidatorErrors().add(cvce.getMessage());
            }
            if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificateHolder))) {
                verified++;
                logger.info(cadesMessagesBundle.getString("info.signature.valid.seq", verified));
            }
            // Realiza a verificação dos atributos assinados
            logger.info(cadesMessagesBundle.getString("info.signed.attribute"));
            AttributeTable signedAttributes = signer.getSignedAttributes();
            if ((signedAttributes == null) || (signedAttributes != null && signedAttributes.size() == 0)) {
                throw new SignerException(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
            }
            // Realiza a verificação dos atributos não assinados
            logger.info(cadesMessagesBundle.getString("info.unsigned.attribute"));
            AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
            if ((unsignedAttributes == null) || (unsignedAttributes != null && unsignedAttributes.size() == 0)) {
                logger.info(cadesMessagesBundle.getString("error.unsigned.attribute.table.not.found"));
            }
            // Mostra data e  hora da assinatura, não é carimbo de tempo
            Attribute signingTime = signedAttributes.get(CMSAttributes.signingTime);
            Date dataHora = null;
            if (signingTime != null) {
                dataHora = (((ASN1UTCTime) signingTime.getAttrValues().getObjectAt(0)).getDate());
                logger.info(cadesMessagesBundle.getString("info.date.utc", dataHora));
            } else {
                logger.info(cadesMessagesBundle.getString("info.date.utc", "N/D"));
            }
            logger.info(cadesMessagesBundle.getString("info.attribute.validation"));
            // Valida o atributo ContentType
            Attribute attributeContentType = signedAttributes.get(CMSAttributes.contentType);
            if (attributeContentType == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "ContentType"));
            }
            if (!attributeContentType.getAttrValues().getObjectAt(0).equals(ContentInfo.data)) {
                throw new SignerException(cadesMessagesBundle.getString("error.content.not.data"));
            }
            // Validando o atributo MessageDigest
            Attribute attributeMessageDigest = signedAttributes.get(CMSAttributes.messageDigest);
            if (attributeMessageDigest == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "MessageDigest"));
            }
            // Validando o atributo MessageDigest
            Attribute idSigningPolicy = null;
            idSigningPolicy = signedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId.getId()));
            if (idSigningPolicy == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "idSigningPolicy"));
            }
            // Verificando timeStamp
            try {
                Attribute attributeTimeStamp = null;
                attributeTimeStamp = unsignedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()));
                if (attributeTimeStamp != null) {
                    byte[] varSignature = signer.getSignature();
                    Timestamp varTimeStampSigner = validateTimestamp(attributeTimeStamp, varSignature);
                    si.setTimeStampSigner(varTimeStampSigner);
                }
            } catch (Exception ex) {
            // nas assinaturas feitas na applet o unsignedAttributes.get gera exceção.
            }
            LinkedList<X509Certificate> varChain = (LinkedList<X509Certificate>) CAManager.getInstance().getCertificateChain(varCert);
            si.setSignDate(dataHora);
            si.setChain(varChain);
            si.setSignaturePolicy(signaturePolicy);
            this.getSignatureInfo().add(si);
        } catch (OperatorCreationException | java.security.cert.CertificateException ex) {
            throw new SignerException(ex);
        } catch (CMSException ex) {
            // When file is mismatch with sign
            if (ex instanceof CMSSignerDigestMismatchException)
                throw new SignerException(cadesMessagesBundle.getString("error.signature.mismatch"), ex);
            else
                throw new SignerException(cadesMessagesBundle.getString("error.signature.invalid"), ex);
        } catch (ParseException e) {
            throw new SignerException(e);
        }
    }
    logger.info(cadesMessagesBundle.getString("info.signature.verified", verified));
    // TODO Efetuar o parsing da estrutura CMS
    return true;
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) SignedOrUnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) SignerInformation(org.bouncycastle.cms.SignerInformation) CertificateException(java.security.cert.CertificateException) CRLValidator(org.demoiselle.signer.core.validator.CRLValidator) Timestamp(org.demoiselle.signer.timestamp.Timestamp) SignatureInformations(org.demoiselle.signer.policy.impl.cades.SignatureInformations) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) PeriodValidator(org.demoiselle.signer.core.validator.PeriodValidator) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) CertificateTrustPoint(org.demoiselle.signer.policy.engine.asn1.etsi.CertificateTrustPoint) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) ParseException(java.text.ParseException) TSPException(org.bouncycastle.tsp.TSPException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CMSException(org.bouncycastle.cms.CMSException) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) LinkedList(java.util.LinkedList) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ParseException(java.text.ParseException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) CMSException(org.bouncycastle.cms.CMSException)

Example 9 with ASN1UTCTime

use of com.github.zhenwei.core.asn1.ASN1UTCTime in project signer by demoiselle.

the class CAdESChecker method check.

/**
 * Validation is done only on digital signatures with a single signer. Valid
 * only with content of type DATA.: OID ContentType 1.2.840.113549.1.9.3 =
 * OID Data 1.2.840.113549.1.7.1
 *
 * @param content    Is only necessary to inform if the PKCS7 package is NOT
 *                   ATTACHED type. If it is of type attached, this parameter will be
 *                   replaced by the contents of the PKCS7 package.
 * @param signedData Value in bytes of the PKCS7 package, such as the
 *                   contents of a ".p7s" file. It is not only signature as in the
 *                   case of PKCS1.
 */
private boolean check(byte[] content, byte[] signedData) throws SignerException {
    Security.addProvider(new BouncyCastleProvider());
    CMSSignedData cmsSignedData = null;
    try {
        if (content == null) {
            if (this.checkHash) {
                cmsSignedData = new CMSSignedData(this.hashes, signedData);
                this.checkHash = false;
            } else {
                cmsSignedData = new CMSSignedData(signedData);
            }
        } else {
            if (this.getAttached(signedData, false).getExtractedContent() != null) {
                cmsSignedData = new CMSSignedData(signedData);
            } else {
                cmsSignedData = new CMSSignedData(new CMSProcessableByteArray(content), signedData);
            }
        }
    } catch (CMSException ex) {
        logger.error(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7") + ex.getMessage());
        throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), ex);
    }
    // Quantidade inicial de assinaturas validadas
    int verified = 0;
    Store<?> certStore = cmsSignedData.getCertificates();
    SignerInformationStore signers = cmsSignedData.getSignerInfos();
    Iterator<?> it = signers.getSigners().iterator();
    // Realização da verificação básica de todas as assinaturas
    while (it.hasNext()) {
        SignatureInformations signatureInfo = new SignatureInformations();
        try {
            SignerInformation signerInfo = (SignerInformation) it.next();
            SignerInformationStore signerInfoStore = signerInfo.getCounterSignatures();
            if (signerInfoStore.size() > 0) {
                logger.info(cadesMessagesBundle.getString("info.co.signature", signerInfoStore.size()));
            }
            @SuppressWarnings("unchecked") Collection<?> certCollection = certStore.getMatches(signerInfo.getSID());
            Iterator<?> certIt = certCollection.iterator();
            X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
            X509Certificate varCert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
            CRLValidator cV = new CRLValidator();
            try {
                cV.validate(varCert);
            } catch (CertificateValidatorCRLException cvce) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.crl.not.access", cvce.getMessage()));
                logger.debug(cadesMessagesBundle.getString("error.crl.not.access", cvce.getMessage()));
            } catch (CertificateRevocationException cre) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.crl.not.access", cre.getMessage()));
                logger.error(cadesMessagesBundle.getString("error.crl.not.access", cre.getMessage()));
            }
            PeriodValidator pV = new PeriodValidator();
            try {
                signatureInfo.setNotAfter(pV.valDate(varCert));
            } catch (CertificateValidatorException cve) {
                signatureInfo.getValidatorWarnins().add(cve.getMessage());
                logger.error(cve.getMessage());
            }
            try {
                if (signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificateHolder))) {
                    verified++;
                    logger.info(cadesMessagesBundle.getString("info.signature.valid.seq", verified));
                } else {
                    signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.invalid.signature", "Erro de verificação!"));
                    signatureInfo.setInvalidSignature(true);
                }
            } catch (CMSVerifierCertificateNotValidException e) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.invalid.signature", e.getMessage()));
                signatureInfo.setInvalidSignature(true);
            }
            // recupera atributos assinados
            logger.debug(cadesMessagesBundle.getString("info.signed.attribute"));
            String varOIDPolicy = PKCSObjectIdentifiers.id_aa_ets_sigPolicyId.getId();
            AttributeTable signedAttributes = signerInfo.getSignedAttributes();
            if ((signedAttributes == null) || (signedAttributes != null && signedAttributes.size() == 0)) {
                signatureInfo.getValidatorWarnins().add(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
                logger.warn(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
            // throw new SignerException(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
            } else {
                // Validando atributos assinados de acordo com a politica
                Attribute idSigningPolicy = null;
                idSigningPolicy = signedAttributes.get(new ASN1ObjectIdentifier(varOIDPolicy));
                if (idSigningPolicy == null) {
                    signatureInfo.getValidatorWarnins().add(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", varOIDPolicy));
                } else {
                    for (Enumeration<?> p = idSigningPolicy.getAttrValues().getObjects(); p.hasMoreElements(); ) {
                        String policyOnSignature = p.nextElement().toString();
                        for (PolicyFactory.Policies pv : PolicyFactory.Policies.values()) {
                            if (policyOnSignature.contains(pv.getUrl())) {
                                setSignaturePolicy(pv);
                                break;
                            }
                        }
                    }
                }
            }
            Date dataHora = null;
            if (signedAttributes != null) {
                // Valida o atributo ContentType
                Attribute attributeContentType = signedAttributes.get(CMSAttributes.contentType);
                if (attributeContentType == null) {
                    signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "ContentType"));
                    logger.info(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "ContentType"));
                    throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "ContentType"));
                }
                if (!attributeContentType.getAttrValues().getObjectAt(0).equals(ContentInfo.data)) {
                    signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.content.not.data"));
                    logger.info(cadesMessagesBundle.getString("error.content.not.data"));
                    throw new SignerException(cadesMessagesBundle.getString("error.content.not.data"));
                }
                // Validando o atributo MessageDigest
                Attribute attributeMessageDigest = signedAttributes.get(CMSAttributes.messageDigest);
                if (attributeMessageDigest == null) {
                    logger.info(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "MessageDigest"));
                    throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "MessageDigest"));
                }
                // Mostra data e  hora da assinatura, não é carimbo de tempo
                Attribute timeAttribute = signedAttributes.get(CMSAttributes.signingTime);
                if (timeAttribute != null) {
                    TimeZone.setDefault(null);
                    dataHora = (((ASN1UTCTime) timeAttribute.getAttrValues().getObjectAt(0)).getDate());
                    logger.debug(cadesMessagesBundle.getString("info.date.utc", dataHora));
                } else {
                    logger.debug(cadesMessagesBundle.getString("info.date.utc", "N/D"));
                }
            }
            if (signaturePolicy == null) {
                signatureInfo.getValidatorWarnins().add(cadesMessagesBundle.getString("error.policy.on.component.not.found", varOIDPolicy));
                logger.debug(cadesMessagesBundle.getString("error.policy.on.component.not.found"));
            } else {
                if (signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers() != null) {
                    for (ObjectIdentifier objectIdentifier : signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers()) {
                        String oi = objectIdentifier.getValue();
                        Attribute signedAtt = signedAttributes.get(new ASN1ObjectIdentifier(oi));
                        logger.debug(oi);
                        if (signedAtt == null) {
                            logger.debug(cadesMessagesBundle.getString("error.signed.attribute.not.found", oi, signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()));
                            signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.signed.attribute.not.found", oi, signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()));
                        }
                    }
                }
            }
            // recupera os atributos NÃO assinados
            logger.debug(cadesMessagesBundle.getString("info.unsigned.attribute"));
            AttributeTable unsignedAttributes = signerInfo.getUnsignedAttributes();
            if ((unsignedAttributes == null) || (unsignedAttributes != null && unsignedAttributes.size() == 0)) {
                // Apenas info pois a RB não tem atributos não assinados
                logger.debug(cadesMessagesBundle.getString("error.unsigned.attribute.table.not.found"));
            }
            if (signaturePolicy != null) {
                // Validando atributos NÃO assinados de acordo com a politica
                if (signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr().getObjectIdentifiers() != null) {
                    for (ObjectIdentifier objectIdentifier : signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr().getObjectIdentifiers()) {
                        String oi = objectIdentifier.getValue();
                        Attribute unSignedAtt = unsignedAttributes.get(new ASN1ObjectIdentifier(oi));
                        logger.debug(oi);
                        if (unSignedAtt == null) {
                            logger.debug(cadesMessagesBundle.getString("error.signed.attribute.not.found", oi, signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()));
                            signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.unsigned.attribute.not.found", oi, signaturePolicy.getSignPolicyInfo().getSignPolicyIdentifier().getValue()));
                        }
                        if (oi.equalsIgnoreCase(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId())) {
                            // Verificando timeStamp
                            try {
                                byte[] varSignature = signerInfo.getSignature();
                                Timestamp varTimeStampSigner = validateTimestamp(unSignedAtt, varSignature);
                                signatureInfo.setTimeStampSigner(varTimeStampSigner);
                            } catch (Exception ex) {
                                logger.info(ex.getMessage());
                                signatureInfo.getValidatorErrors().add(ex.getMessage());
                            // nas assinaturas feitas na applet o unsignedAttributes.get gera exceção.
                            }
                        }
                        if (oi.equalsIgnoreCase("1.2.840.113549.1.9.16.2.25")) {
                            logger.info("++++++++++  EscTimeStamp ++++++++++++");
                        }
                    }
                }
            }
            LinkedList<X509Certificate> varChain = (LinkedList<X509Certificate>) CAManager.getInstance().getCertificateChain(varCert);
            // menor que 2 = autoAssinado
            if (varChain.size() < 2) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.no.ca", varCert.getIssuerDN()));
                logger.info(cadesMessagesBundle.getString("error.no.ca", varCert.getIssuerDN()));
            }
            for (X509Certificate cert : varChain) {
                BasicCertificate signerCertificate = new BasicCertificate(cert);
                if (!signerCertificate.isCACertificate()) {
                    signatureInfo.setIcpBrasilcertificate(signerCertificate);
                }
            }
            signatureInfo.setSignDate(dataHora);
            signatureInfo.setChain(varChain);
            signatureInfo.setSignaturePolicy(signaturePolicy);
            this.getSignaturesInfo().add(signatureInfo);
        } catch (OperatorCreationException | java.security.cert.CertificateException ex) {
            signatureInfo.getValidatorErrors().add(ex.getMessage());
            logger.info(ex.getMessage());
        } catch (CMSException ex) {
            // When file is mismatch with sign
            if (ex instanceof CMSSignerDigestMismatchException) {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.signature.mismatch"));
                logger.info(cadesMessagesBundle.getString("error.signature.mismatch"));
                throw new SignerException(cadesMessagesBundle.getString("error.signature.mismatch"), ex);
            } else {
                signatureInfo.getValidatorErrors().add(cadesMessagesBundle.getString("error.signature.invalid", ex.getMessage()));
                logger.info(cadesMessagesBundle.getString("error.signature.invalid", ex.getMessage()));
                throw new SignerException(cadesMessagesBundle.getString("error.signature.invalid", ex.getMessage()), ex);
            }
        } catch (ParseException e) {
            signatureInfo.getValidatorErrors().add(e.getMessage());
            logger.info(e.getMessage());
        }
    }
    logger.debug(cadesMessagesBundle.getString("info.signature.verified", verified));
    // TODO Efetuar o parsing da estrutura CMS
    return true;
}
Also used : PolicyFactory(org.demoiselle.signer.policy.engine.factory.PolicyFactory) Attribute(org.bouncycastle.asn1.cms.Attribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) SignerInformation(org.bouncycastle.cms.SignerInformation) CRLValidator(org.demoiselle.signer.core.validator.CRLValidator) Timestamp(org.demoiselle.signer.timestamp.Timestamp) CertificateRevocationException(org.demoiselle.signer.core.exception.CertificateRevocationException) SignatureInformations(org.demoiselle.signer.policy.impl.cades.SignatureInformations) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) PeriodValidator(org.demoiselle.signer.core.validator.PeriodValidator) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ObjectIdentifier(org.demoiselle.signer.policy.engine.asn1.etsi.ObjectIdentifier) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) CMSVerifierCertificateNotValidException(org.bouncycastle.cms.CMSVerifierCertificateNotValidException) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) ParseException(java.text.ParseException) TSPException(org.bouncycastle.tsp.TSPException) CertificateRevocationException(org.demoiselle.signer.core.exception.CertificateRevocationException) CMSVerifierCertificateNotValidException(org.bouncycastle.cms.CMSVerifierCertificateNotValidException) CMSException(org.bouncycastle.cms.CMSException) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) IOException(java.io.IOException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) LinkedList(java.util.LinkedList) BasicCertificate(org.demoiselle.signer.core.extension.BasicCertificate) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ParseException(java.text.ParseException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) CMSException(org.bouncycastle.cms.CMSException)

Example 10 with ASN1UTCTime

use of com.github.zhenwei.core.asn1.ASN1UTCTime in project LinLong-Java by zhenwei1108.

the class ASN1Dump method _dumpAsString.

/**
 * dump a DER object as a formatted string with indentation
 *
 * @param obj the ASN1Primitive to be dumped out.
 */
static void _dumpAsString(String indent, boolean verbose, ASN1Primitive obj, StringBuffer buf) {
    String nl = Strings.lineSeparator();
    if (obj instanceof ASN1Null) {
        buf.append(indent);
        buf.append("NULL");
        buf.append(nl);
    } else if (obj instanceof ASN1Sequence) {
        buf.append(indent);
        if (obj instanceof BERSequence) {
            buf.append("BER Sequence");
        } else if (obj instanceof DERSequence) {
            buf.append("DER Sequence");
        } else {
            buf.append("Sequence");
        }
        buf.append(nl);
        ASN1Sequence sequence = (ASN1Sequence) obj;
        String elementsIndent = indent + TAB;
        for (int i = 0, count = sequence.size(); i < count; ++i) {
            _dumpAsString(elementsIndent, verbose, sequence.getObjectAt(i).toASN1Primitive(), buf);
        }
    } else if (obj instanceof ASN1Set) {
        buf.append(indent);
        if (obj instanceof BERSet) {
            buf.append("BER Set");
        } else if (obj instanceof DERSet) {
            buf.append("DER Set");
        } else {
            buf.append("Set");
        }
        buf.append(nl);
        ASN1Set set = (ASN1Set) obj;
        String elementsIndent = indent + TAB;
        for (int i = 0, count = set.size(); i < count; ++i) {
            _dumpAsString(elementsIndent, verbose, set.getObjectAt(i).toASN1Primitive(), buf);
        }
    } else if (obj instanceof ASN1ApplicationSpecific) {
        _dumpAsString(indent, verbose, ((ASN1ApplicationSpecific) obj).getTaggedObject(), buf);
    } else if (obj instanceof ASN1TaggedObject) {
        buf.append(indent);
        if (obj instanceof BERTaggedObject) {
            buf.append("BER Tagged ");
        } else if (obj instanceof DERTaggedObject) {
            buf.append("DER Tagged ");
        } else {
            buf.append("Tagged ");
        }
        ASN1TaggedObject o = (ASN1TaggedObject) obj;
        buf.append(ASN1Util.getTagText(o));
        if (!o.isExplicit()) {
            buf.append(" IMPLICIT ");
        }
        buf.append(nl);
        String baseIndent = indent + TAB;
        _dumpAsString(baseIndent, verbose, o.getBaseObject().toASN1Primitive(), buf);
    } else if (obj instanceof ASN1OctetString) {
        ASN1OctetString oct = (ASN1OctetString) obj;
        if (obj instanceof BEROctetString) {
            buf.append(indent + "BER Constructed Octet String" + "[" + oct.getOctets().length + "] ");
        } else {
            buf.append(indent + "DER Octet String" + "[" + oct.getOctets().length + "] ");
        }
        if (verbose) {
            buf.append(dumpBinaryDataAsString(indent, oct.getOctets()));
        } else {
            buf.append(nl);
        }
    } else if (obj instanceof ASN1ObjectIdentifier) {
        buf.append(indent + "ObjectIdentifier(" + ((ASN1ObjectIdentifier) obj).getId() + ")" + nl);
    } else if (obj instanceof ASN1RelativeOID) {
        buf.append(indent + "RelativeOID(" + ((ASN1RelativeOID) obj).getId() + ")" + nl);
    } else if (obj instanceof ASN1Boolean) {
        buf.append(indent + "Boolean(" + ((ASN1Boolean) obj).isTrue() + ")" + nl);
    } else if (obj instanceof ASN1Integer) {
        buf.append(indent + "Integer(" + ((ASN1Integer) obj).getValue() + ")" + nl);
    } else if (obj instanceof ASN1BitString) {
        ASN1BitString bitString = (ASN1BitString) obj;
        byte[] bytes = bitString.getBytes();
        int padBits = bitString.getPadBits();
        if (bitString instanceof DERBitString) {
            buf.append(indent + "DER Bit String" + "[" + bytes.length + ", " + padBits + "] ");
        } else if (bitString instanceof DLBitString) {
            buf.append(indent + "DL Bit String" + "[" + bytes.length + ", " + padBits + "] ");
        } else {
            buf.append(indent + "BER Bit String" + "[" + bytes.length + ", " + padBits + "] ");
        }
        if (verbose) {
            buf.append(dumpBinaryDataAsString(indent, bytes));
        } else {
            buf.append(nl);
        }
    } else if (obj instanceof ASN1IA5String) {
        buf.append(indent + "IA5String(" + ((ASN1IA5String) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1UTF8String) {
        buf.append(indent + "UTF8String(" + ((ASN1UTF8String) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1NumericString) {
        buf.append(indent + "NumericString(" + ((ASN1NumericString) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1PrintableString) {
        buf.append(indent + "PrintableString(" + ((ASN1PrintableString) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1VisibleString) {
        buf.append(indent + "VisibleString(" + ((ASN1VisibleString) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1BMPString) {
        buf.append(indent + "BMPString(" + ((ASN1BMPString) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1T61String) {
        buf.append(indent + "T61String(" + ((ASN1T61String) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1GraphicString) {
        buf.append(indent + "GraphicString(" + ((ASN1GraphicString) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1VideotexString) {
        buf.append(indent + "VideotexString(" + ((ASN1VideotexString) obj).getString() + ") " + nl);
    } else if (obj instanceof ASN1UTCTime) {
        buf.append(indent + "UTCTime(" + ((ASN1UTCTime) obj).getTime() + ") " + nl);
    } else if (obj instanceof ASN1GeneralizedTime) {
        buf.append(indent + "GeneralizedTime(" + ((ASN1GeneralizedTime) obj).getTime() + ") " + nl);
    } else if (obj instanceof ASN1Enumerated) {
        ASN1Enumerated en = (ASN1Enumerated) obj;
        buf.append(indent + "DER Enumerated(" + en.getValue() + ")" + nl);
    } else if (obj instanceof ASN1ObjectDescriptor) {
        ASN1ObjectDescriptor od = (ASN1ObjectDescriptor) obj;
        buf.append(indent + "ObjectDescriptor(" + od.getBaseGraphicString().getString() + ") " + nl);
    } else if (obj instanceof ASN1External) {
        ASN1External ext = (ASN1External) obj;
        buf.append(indent + "External " + nl);
        String tab = indent + TAB;
        if (ext.getDirectReference() != null) {
            buf.append(tab + "Direct Reference: " + ext.getDirectReference().getId() + nl);
        }
        if (ext.getIndirectReference() != null) {
            buf.append(tab + "Indirect Reference: " + ext.getIndirectReference().toString() + nl);
        }
        if (ext.getDataValueDescriptor() != null) {
            _dumpAsString(tab, verbose, ext.getDataValueDescriptor(), buf);
        }
        buf.append(tab + "Encoding: " + ext.getEncoding() + nl);
        _dumpAsString(tab, verbose, ext.getExternalContent(), buf);
    } else {
        buf.append(indent + obj.toString() + nl);
    }
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject) ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString) ASN1UTCTime(com.github.zhenwei.core.asn1.ASN1UTCTime) ASN1GeneralizedTime(com.github.zhenwei.core.asn1.ASN1GeneralizedTime) ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String) ASN1T61String(com.github.zhenwei.core.asn1.ASN1T61String) ASN1BitString(com.github.zhenwei.core.asn1.ASN1BitString) ASN1UTF8String(com.github.zhenwei.core.asn1.ASN1UTF8String) ASN1VisibleString(com.github.zhenwei.core.asn1.ASN1VisibleString) ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) ASN1NumericString(com.github.zhenwei.core.asn1.ASN1NumericString) BEROctetString(com.github.zhenwei.core.asn1.BEROctetString) ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString) ASN1VideotexString(com.github.zhenwei.core.asn1.ASN1VideotexString) DERBitString(com.github.zhenwei.core.asn1.DERBitString) ASN1PrintableString(com.github.zhenwei.core.asn1.ASN1PrintableString) DLBitString(com.github.zhenwei.core.asn1.DLBitString) ASN1GraphicString(com.github.zhenwei.core.asn1.ASN1GraphicString) DLBitString(com.github.zhenwei.core.asn1.DLBitString) DERSet(com.github.zhenwei.core.asn1.DERSet) ASN1BitString(com.github.zhenwei.core.asn1.ASN1BitString) ASN1External(com.github.zhenwei.core.asn1.ASN1External) ASN1T61String(com.github.zhenwei.core.asn1.ASN1T61String) DERSequence(com.github.zhenwei.core.asn1.DERSequence) BEROctetString(com.github.zhenwei.core.asn1.BEROctetString) ASN1Enumerated(com.github.zhenwei.core.asn1.ASN1Enumerated) BERTaggedObject(com.github.zhenwei.core.asn1.BERTaggedObject) ASN1ObjectDescriptor(com.github.zhenwei.core.asn1.ASN1ObjectDescriptor) BERSet(com.github.zhenwei.core.asn1.BERSet) ASN1NumericString(com.github.zhenwei.core.asn1.ASN1NumericString) ASN1UTF8String(com.github.zhenwei.core.asn1.ASN1UTF8String) ASN1GraphicString(com.github.zhenwei.core.asn1.ASN1GraphicString) DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject) BERSequence(com.github.zhenwei.core.asn1.BERSequence) ASN1ApplicationSpecific(com.github.zhenwei.core.asn1.ASN1ApplicationSpecific) DERBitString(com.github.zhenwei.core.asn1.DERBitString) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) ASN1RelativeOID(com.github.zhenwei.core.asn1.ASN1RelativeOID) ASN1VideotexString(com.github.zhenwei.core.asn1.ASN1VideotexString) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) ASN1Set(com.github.zhenwei.core.asn1.ASN1Set) ASN1VisibleString(com.github.zhenwei.core.asn1.ASN1VisibleString) ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String) ASN1PrintableString(com.github.zhenwei.core.asn1.ASN1PrintableString) ASN1Boolean(com.github.zhenwei.core.asn1.ASN1Boolean) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) ASN1Null(com.github.zhenwei.core.asn1.ASN1Null)

Aggregations

ASN1Sequence (com.unboundid.asn1.ASN1Sequence)7 ASN1UTCTime (com.unboundid.asn1.ASN1UTCTime)7 ASN1BitString (com.unboundid.asn1.ASN1BitString)6 ASN1Element (com.unboundid.asn1.ASN1Element)6 ASN1Null (com.unboundid.asn1.ASN1Null)6 ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)6 DN (com.unboundid.ldap.sdk.DN)6 OID (com.unboundid.util.OID)6 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6 ASN1UTCTime (org.bouncycastle.asn1.ASN1UTCTime)6 Test (org.testng.annotations.Test)6 ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)5 ASN1Integer (com.unboundid.asn1.ASN1Integer)5 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)4 X509Certificate (java.security.cert.X509Certificate)4 Attribute (org.bouncycastle.asn1.cms.Attribute)4 AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)4 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)4 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)4 CMSSignedData (org.bouncycastle.cms.CMSSignedData)4