Example 1 with CrlValidatedID
use of org.bouncycastle.asn1.esf.CrlValidatedID in project signer by demoiselle.
the class RevocationRefs method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
int chainSize = certificates.length - 1;
ArrayList<CrlValidatedID> crls = new ArrayList<CrlValidatedID>();
for (int ix = 0; ix < chainSize; ix++) {
X509Certificate cert = (X509Certificate) certificates[ix];
Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
for (ICPBR_CRL icpCrl : icpCrls) {
crls.add(makeCrlValidatedID(icpCrl.getCRL()));
}
}
int crlsIdSize = crls.size();
CrlValidatedID[] crlsForId = new CrlValidatedID[crlsIdSize];
int i = 0;
for (CrlValidatedID crlVID : crls) {
crlsForId[i] = crlVID;
i++;
}
// CrlListID crlids = new CrlListID(crlsForId);
DERSequence crlValidatedIDSeq = new DERSequence(crlsForId);
// --CRLListID--/
ASN1Encodable[] crlValidatedIDSeqArr = new ASN1Encodable[1];
crlValidatedIDSeqArr[0] = crlValidatedIDSeq;
DERSequence crlListID = new DERSequence(crlValidatedIDSeqArr);
// CRLListID--/
DERTaggedObject crlListIDTagged = new DERTaggedObject(0, crlListID);
// CrlOcspRef--/
ASN1Encodable[] crlListIDTaggedArr = new ASN1Encodable[1];
crlListIDTaggedArr[0] = crlListIDTagged;
DERSequence crlOscpRef = new DERSequence(crlListIDTaggedArr);
// --CompleteRevocationRefs--/
ASN1Encodable[] crlOscpRefArr = new ASN1Encodable[1];
crlOscpRefArr[0] = crlOscpRef;
DERSequence completeRevocationRefs = new DERSequence(crlOscpRefArr);
// CrlOcspRef crlOcspRef = new CrlOcspRef(crlids, null, null);
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(completeRevocationRefs));
// CrlOcspRef[] crlOcspRefArray = new
// CrlOcspRef[completeRevocationRefs.size()];
} catch (NoSuchAlgorithmException | CRLException e) {
throw new SignerException(e.getMessage());
}
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ArrayList(java.util.ArrayList)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL)
CrlValidatedID(org.bouncycastle.asn1.esf.CrlValidatedID)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
CRLException(java.security.cert.CRLException)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 2 with CrlValidatedID
use of org.bouncycastle.asn1.esf.CrlValidatedID in project signer by demoiselle.
the class RevocationRefs method makeCrlValidatedID.
/**
* @param extract
* CrlValidatedID from X509CRL
* @return a CrlValidatedID
* @throws NoSuchAlgorithmException
* @throws CRLException
*/
private CrlValidatedID makeCrlValidatedID(X509CRL crl) throws NoSuchAlgorithmException, CRLException {
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), new DEROctetString(digest.digest(crl.getEncoded())));
OtherHash hash = new OtherHash(otherHashAlgAndValue);
BigInteger crlnumber;
CrlIdentifier crlid;
if (crl.getExtensionValue("2.5.29.20") != null) {
ASN1Integer varASN1Integer = new ASN1Integer(crl.getExtensionValue("2.5.29.20"));
crlnumber = varASN1Integer.getPositiveValue();
crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber);
} else {
crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()));
}
CrlValidatedID crlvid = new CrlValidatedID(hash, crlid);
return crlvid;
}
Also used :
CrlValidatedID(org.bouncycastle.asn1.esf.CrlValidatedID)
Digest(org.demoiselle.signer.cryptography.Digest)
DERUTCTime(org.bouncycastle.asn1.DERUTCTime)
BigInteger(java.math.BigInteger)
CrlIdentifier(org.bouncycastle.asn1.esf.CrlIdentifier)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
X500Name(org.bouncycastle.asn1.x500.X500Name)
OtherHashAlgAndValue(org.bouncycastle.asn1.esf.OtherHashAlgAndValue)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
OtherHash(org.bouncycastle.asn1.esf.OtherHash)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
CrlValidatedID (org.bouncycastle.asn1.esf.CrlValidatedID)2
BigInteger (java.math.BigInteger)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
CRLException (java.security.cert.CRLException)1
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
DERSequence (org.bouncycastle.asn1.DERSequence)1
DERSet (org.bouncycastle.asn1.DERSet)1
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)1
DERUTCTime (org.bouncycastle.asn1.DERUTCTime)1
Attribute (org.bouncycastle.asn1.cms.Attribute)1
CrlIdentifier (org.bouncycastle.asn1.esf.CrlIdentifier)1
OtherHash (org.bouncycastle.asn1.esf.OtherHash)1
OtherHashAlgAndValue (org.bouncycastle.asn1.esf.OtherHashAlgAndValue)1
X500Name (org.bouncycastle.asn1.x500.X500Name)1
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1
