Search in sources :

Example 6 with SignerException

use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.

the class CertValues method getValue.

@Override
public Attribute getValue() throws SignerException {
    List<org.bouncycastle.asn1.x509.Certificate> certificateValues = new ArrayList<org.bouncycastle.asn1.x509.Certificate>();
    try {
        int chainSize = certificates.length - 1;
        for (int i = 0; i < chainSize; i++) {
            X509Certificate cert = (X509Certificate) certificates[i];
            byte[] data = cert.getEncoded();
            certificateValues.add(org.bouncycastle.asn1.x509.Certificate.getInstance(data));
        }
        org.bouncycastle.asn1.x509.Certificate[] certValuesArray = new org.bouncycastle.asn1.x509.Certificate[certificateValues.size()];
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(certificateValues.toArray(certValuesArray))));
    } catch (CertificateEncodingException e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) DERSequence(org.bouncycastle.asn1.DERSequence) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 7 with SignerException

use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.

the class CertificateRefs method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        int chainSize = certificates.length - 1;
        OtherCertID[] arrayOtherCertID = new OtherCertID[chainSize];
        for (int i = 1; i <= chainSize; i++) {
            X509Certificate issuerCert = null;
            X509Certificate cert = (X509Certificate) certificates[i];
            if (i < chainSize) {
                issuerCert = (X509Certificate) certificates[i + 1];
            } else {
                // raiz
                issuerCert = (X509Certificate) certificates[i];
            }
            Digest digest = DigestFactory.getInstance().factoryDefault();
            digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
            byte[] certHash = digest.digest(cert.getEncoded());
            X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
            GeneralName name = new GeneralName(dirName);
            GeneralNames issuer = new GeneralNames(name);
            ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
            IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
            AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
            OtherCertID otherCertID = new OtherCertID(algId, certHash, issuerSerial);
            arrayOtherCertID[i - 1] = otherCertID;
        }
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new ASN1Encodable[] { new DERSequence(arrayOtherCertID) }));
    } catch (CertificateEncodingException e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial) Digest(org.demoiselle.signer.cryptography.Digest) UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) OtherCertID(org.bouncycastle.asn1.ess.OtherCertID) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 8 with SignerException

use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.

the class EscTimeStamp method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        logger.info(cadesMessagesBundle.getString("info.tsa.connecting"));
        if (timeStampGenerator != null) {
            // Inicializa os valores para o timestmap
            timeStampGenerator.initialize(content, privateKey, certificates, hash);
            // Obtem o carimbo de tempo atraves do servidor TSA
            byte[] response = timeStampGenerator.generateTimeStamp();
            // Valida o carimbo de tempo gerado
            timeStampGenerator.validateTimeStamp(content, response, hash);
            return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(ASN1Primitive.fromByteArray(response)));
        } else {
            throw new SignerException(cadesMessagesBundle.getString("error.tsa.not.found"));
        }
    } catch (SecurityException | IOException ex) {
    }
    throw new UnsupportedOperationException(cadesMessagesBundle.getString("error.not.supported", getClass().getName()));
}
Also used : UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) IOException(java.io.IOException) DERSet(org.bouncycastle.asn1.DERSet) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 9 with SignerException

use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.

the class TimeStampToken method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        logger.info(cadesMessagesBundle.getString("info.tsa.connecting"));
        if (timeStampGenerator != null) {
            // Inicializa os valores para o timestmap
            timeStampGenerator.initialize(content, privateKey, certificates, hash);
            // Obtem o carimbo de tempo atraves do servidor TSA
            byte[] response = timeStampGenerator.generateTimeStamp();
            // Valida o carimbo de tempo gerado
            timeStampGenerator.validateTimeStamp(content, response, hash);
            return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(ASN1Primitive.fromByteArray(response)));
        } else {
            throw new SignerException(cadesMessagesBundle.getString("error.tsa.not.found"));
        }
    } catch (SecurityException | IOException ex) {
        throw new SignerException(ex.getMessage());
    }
}
Also used : UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) IOException(java.io.IOException) DERSet(org.bouncycastle.asn1.DERSet) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 10 with SignerException

use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.

the class CAdESSigner method check.

/**
 * Validation is done only on digital signatures with a single signer. Valid
 * only with content of type DATA.: OID ContentType 1.2.840.113549.1.9.3 =
 * OID Data 1.2.840.113549.1.7.1
 *
 * @params content Is only necessary to inform if the PKCS7 package is NOT
 *         ATTACHED type. If it is of type attached, this parameter will be
 *         replaced by the contents of the PKCS7 package.
 * @params signedData Value in bytes of the PKCS7 package, such as the
 *         contents of a ".p7s" file. It is not only signature as in the
 *         case of PKCS1.
 */
@SuppressWarnings("unchecked")
// TODO: Implementar validação de co-assinaturas
@Override
@Deprecated
public boolean check(byte[] content, byte[] signedData) throws SignerException {
    Security.addProvider(new BouncyCastleProvider());
    CMSSignedData cmsSignedData = null;
    try {
        if (content == null) {
            if (this.checkHash) {
                cmsSignedData = new CMSSignedData(this.hashes, signedData);
                this.checkHash = false;
            } else {
                cmsSignedData = new CMSSignedData(signedData);
            }
        } else {
            cmsSignedData = new CMSSignedData(new CMSProcessableByteArray(content), signedData);
        }
    } catch (CMSException ex) {
        throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), ex);
    }
    // Quantidade inicial de assinaturas validadas
    int verified = 0;
    Store<?> certStore = cmsSignedData.getCertificates();
    SignerInformationStore signers = cmsSignedData.getSignerInfos();
    Iterator<?> it = signers.getSigners().iterator();
    // Realização da verificação básica de todas as assinaturas
    while (it.hasNext()) {
        try {
            SignerInformation signer = (SignerInformation) it.next();
            SignerInformationStore s = signer.getCounterSignatures();
            SignatureInformations si = new SignatureInformations();
            logger.info("Foi(ram) encontrada(s) " + s.size() + " contra-assinatura(s).");
            Collection<?> certCollection = certStore.getMatches(signer.getSID());
            Iterator<?> certIt = certCollection.iterator();
            X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
            X509Certificate varCert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
            PeriodValidator pV = new PeriodValidator();
            try {
                pV.validate(varCert);
            } catch (CertificateValidatorException cve) {
                si.getValidatorErrors().add(cve.getMessage());
            }
            CRLValidator cV = new CRLValidator();
            try {
                cV.validate(varCert);
            } catch (CertificateValidatorCRLException cvce) {
                si.getValidatorErrors().add(cvce.getMessage());
            }
            if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificateHolder))) {
                verified++;
                logger.info(cadesMessagesBundle.getString("info.signature.valid.seq", verified));
            }
            // Realiza a verificação dos atributos assinados
            logger.info(cadesMessagesBundle.getString("info.signed.attribute"));
            AttributeTable signedAttributes = signer.getSignedAttributes();
            if ((signedAttributes == null) || (signedAttributes != null && signedAttributes.size() == 0)) {
                throw new SignerException(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
            }
            // Realiza a verificação dos atributos não assinados
            logger.info(cadesMessagesBundle.getString("info.unsigned.attribute"));
            AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
            if ((unsignedAttributes == null) || (unsignedAttributes != null && unsignedAttributes.size() == 0)) {
                logger.info(cadesMessagesBundle.getString("error.unsigned.attribute.table.not.found"));
            }
            // Mostra data e  hora da assinatura, não é carimbo de tempo
            Attribute signingTime = signedAttributes.get(CMSAttributes.signingTime);
            Date dataHora = null;
            if (signingTime != null) {
                dataHora = (((ASN1UTCTime) signingTime.getAttrValues().getObjectAt(0)).getDate());
                logger.info(cadesMessagesBundle.getString("info.date.utc", dataHora));
            } else {
                logger.info(cadesMessagesBundle.getString("info.date.utc", "N/D"));
            }
            logger.info(cadesMessagesBundle.getString("info.attribute.validation"));
            // Valida o atributo ContentType
            Attribute attributeContentType = signedAttributes.get(CMSAttributes.contentType);
            if (attributeContentType == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "ContentType"));
            }
            if (!attributeContentType.getAttrValues().getObjectAt(0).equals(ContentInfo.data)) {
                throw new SignerException(cadesMessagesBundle.getString("error.content.not.data"));
            }
            // Validando o atributo MessageDigest
            Attribute attributeMessageDigest = signedAttributes.get(CMSAttributes.messageDigest);
            if (attributeMessageDigest == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "MessageDigest"));
            }
            // Validando o atributo MessageDigest
            Attribute idSigningPolicy = null;
            idSigningPolicy = signedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId.getId()));
            if (idSigningPolicy == null) {
                throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "idSigningPolicy"));
            }
            // Verificando timeStamp
            try {
                Attribute attributeTimeStamp = null;
                attributeTimeStamp = unsignedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()));
                if (attributeTimeStamp != null) {
                    byte[] varSignature = signer.getSignature();
                    Timestamp varTimeStampSigner = validateTimestamp(attributeTimeStamp, varSignature);
                    si.setTimeStampSigner(varTimeStampSigner);
                }
            } catch (Exception ex) {
            // nas assinaturas feitas na applet o unsignedAttributes.get gera exceção.
            }
            LinkedList<X509Certificate> varChain = (LinkedList<X509Certificate>) CAManager.getInstance().getCertificateChain(varCert);
            si.setSignDate(dataHora);
            si.setChain(varChain);
            si.setSignaturePolicy(signaturePolicy);
            this.getSignatureInfo().add(si);
        } catch (OperatorCreationException | java.security.cert.CertificateException ex) {
            throw new SignerException(ex);
        } catch (CMSException ex) {
            // When file is mismatch with sign
            if (ex instanceof CMSSignerDigestMismatchException)
                throw new SignerException(cadesMessagesBundle.getString("error.signature.mismatch"), ex);
            else
                throw new SignerException(cadesMessagesBundle.getString("error.signature.invalid"), ex);
        } catch (ParseException e) {
            throw new SignerException(e);
        }
    }
    logger.info(cadesMessagesBundle.getString("info.signature.verified", verified));
    // TODO Efetuar o parsing da estrutura CMS
    return true;
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) SignedOrUnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) SignerInformation(org.bouncycastle.cms.SignerInformation) CertificateException(java.security.cert.CertificateException) CRLValidator(org.demoiselle.signer.core.validator.CRLValidator) Timestamp(org.demoiselle.signer.timestamp.Timestamp) SignatureInformations(org.demoiselle.signer.policy.impl.cades.SignatureInformations) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) PeriodValidator(org.demoiselle.signer.core.validator.PeriodValidator) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) CertificateTrustPoint(org.demoiselle.signer.policy.engine.asn1.etsi.CertificateTrustPoint) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) ParseException(java.text.ParseException) TSPException(org.bouncycastle.tsp.TSPException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CMSException(org.bouncycastle.cms.CMSException) CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException) CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) LinkedList(java.util.LinkedList) CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ParseException(java.text.ParseException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) CMSException(org.bouncycastle.cms.CMSException)

Aggregations

SignerException (org.demoiselle.signer.policy.impl.cades.SignerException)24 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)11 Attribute (org.bouncycastle.asn1.cms.Attribute)11 X509Certificate (java.security.cert.X509Certificate)10 IOException (java.io.IOException)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 DERSet (org.bouncycastle.asn1.DERSet)8 CMSSignedData (org.bouncycastle.cms.CMSSignedData)8 CertificateCoreException (org.demoiselle.signer.core.exception.CertificateCoreException)8 CMSException (org.bouncycastle.cms.CMSException)7 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)7 DERSequence (org.bouncycastle.asn1.DERSequence)6 TSPException (org.bouncycastle.tsp.TSPException)6 Timestamp (org.demoiselle.signer.timestamp.Timestamp)6 ArrayList (java.util.ArrayList)5 SignedOrUnsignedAttribute (org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute)5 UnsignedAttribute (org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)5 ParseException (java.text.ParseException)4 CMSSignerDigestMismatchException (org.bouncycastle.cms.CMSSignerDigestMismatchException)4 SignerInformation (org.bouncycastle.cms.SignerInformation)4