Example 6 with SignerException
use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.
the class CertValues method getValue.
@Override
public Attribute getValue() throws SignerException {
List<org.bouncycastle.asn1.x509.Certificate> certificateValues = new ArrayList<org.bouncycastle.asn1.x509.Certificate>();
try {
int chainSize = certificates.length - 1;
for (int i = 0; i < chainSize; i++) {
X509Certificate cert = (X509Certificate) certificates[i];
byte[] data = cert.getEncoded();
certificateValues.add(org.bouncycastle.asn1.x509.Certificate.getInstance(data));
}
org.bouncycastle.asn1.x509.Certificate[] certValuesArray = new org.bouncycastle.asn1.x509.Certificate[certificateValues.size()];
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(certificateValues.toArray(certValuesArray))));
} catch (CertificateEncodingException e) {
throw new SignerException(e.getMessage());
}
}
Also used :
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
ArrayList(java.util.ArrayList)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
DERSequence(org.bouncycastle.asn1.DERSequence)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 7 with SignerException
use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.
the class CertificateRefs method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
int chainSize = certificates.length - 1;
OtherCertID[] arrayOtherCertID = new OtherCertID[chainSize];
for (int i = 1; i <= chainSize; i++) {
X509Certificate issuerCert = null;
X509Certificate cert = (X509Certificate) certificates[i];
if (i < chainSize) {
issuerCert = (X509Certificate) certificates[i + 1];
} else {
// raiz
issuerCert = (X509Certificate) certificates[i];
}
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
byte[] certHash = digest.digest(cert.getEncoded());
X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName());
GeneralName name = new GeneralName(dirName);
GeneralNames issuer = new GeneralNames(name);
ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber());
IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber);
AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
OtherCertID otherCertID = new OtherCertID(algId, certHash, issuerSerial);
arrayOtherCertID[i - 1] = otherCertID;
}
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new ASN1Encodable[] { new DERSequence(arrayOtherCertID) }));
} catch (CertificateEncodingException e) {
throw new SignerException(e.getMessage());
}
}
Also used :
IssuerSerial(org.bouncycastle.asn1.x509.IssuerSerial)
Digest(org.demoiselle.signer.cryptography.Digest)
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
OtherCertID(org.bouncycastle.asn1.ess.OtherCertID)
DERSequence(org.bouncycastle.asn1.DERSequence)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 8 with SignerException
use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.
the class EscTimeStamp method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
logger.info(cadesMessagesBundle.getString("info.tsa.connecting"));
if (timeStampGenerator != null) {
// Inicializa os valores para o timestmap
timeStampGenerator.initialize(content, privateKey, certificates, hash);
// Obtem o carimbo de tempo atraves do servidor TSA
byte[] response = timeStampGenerator.generateTimeStamp();
// Valida o carimbo de tempo gerado
timeStampGenerator.validateTimeStamp(content, response, hash);
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(ASN1Primitive.fromByteArray(response)));
} else {
throw new SignerException(cadesMessagesBundle.getString("error.tsa.not.found"));
}
} catch (SecurityException | IOException ex) {
}
throw new UnsupportedOperationException(cadesMessagesBundle.getString("error.not.supported", getClass().getName()));
}
Also used :
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
IOException(java.io.IOException)
DERSet(org.bouncycastle.asn1.DERSet)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 9 with SignerException
use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.
the class TimeStampToken method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
logger.info(cadesMessagesBundle.getString("info.tsa.connecting"));
if (timeStampGenerator != null) {
// Inicializa os valores para o timestmap
timeStampGenerator.initialize(content, privateKey, certificates, hash);
// Obtem o carimbo de tempo atraves do servidor TSA
byte[] response = timeStampGenerator.generateTimeStamp();
// Valida o carimbo de tempo gerado
timeStampGenerator.validateTimeStamp(content, response, hash);
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(ASN1Primitive.fromByteArray(response)));
} else {
throw new SignerException(cadesMessagesBundle.getString("error.tsa.not.found"));
}
} catch (SecurityException | IOException ex) {
throw new SignerException(ex.getMessage());
}
}
Also used :
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
IOException(java.io.IOException)
DERSet(org.bouncycastle.asn1.DERSet)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 10 with SignerException
use of org.demoiselle.signer.policy.impl.cades.SignerException in project signer by demoiselle.
the class CAdESSigner method check.
/**
* Validation is done only on digital signatures with a single signer. Valid
* only with content of type DATA.: OID ContentType 1.2.840.113549.1.9.3 =
* OID Data 1.2.840.113549.1.7.1
*
* @params content Is only necessary to inform if the PKCS7 package is NOT
* ATTACHED type. If it is of type attached, this parameter will be
* replaced by the contents of the PKCS7 package.
* @params signedData Value in bytes of the PKCS7 package, such as the
* contents of a ".p7s" file. It is not only signature as in the
* case of PKCS1.
*/
@SuppressWarnings("unchecked")
// TODO: Implementar validação de co-assinaturas
@Override
@Deprecated
public boolean check(byte[] content, byte[] signedData) throws SignerException {
Security.addProvider(new BouncyCastleProvider());
CMSSignedData cmsSignedData = null;
try {
if (content == null) {
if (this.checkHash) {
cmsSignedData = new CMSSignedData(this.hashes, signedData);
this.checkHash = false;
} else {
cmsSignedData = new CMSSignedData(signedData);
}
} else {
cmsSignedData = new CMSSignedData(new CMSProcessableByteArray(content), signedData);
}
} catch (CMSException ex) {
throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), ex);
}
// Quantidade inicial de assinaturas validadas
int verified = 0;
Store<?> certStore = cmsSignedData.getCertificates();
SignerInformationStore signers = cmsSignedData.getSignerInfos();
Iterator<?> it = signers.getSigners().iterator();
// Realização da verificação básica de todas as assinaturas
while (it.hasNext()) {
try {
SignerInformation signer = (SignerInformation) it.next();
SignerInformationStore s = signer.getCounterSignatures();
SignatureInformations si = new SignatureInformations();
logger.info("Foi(ram) encontrada(s) " + s.size() + " contra-assinatura(s).");
Collection<?> certCollection = certStore.getMatches(signer.getSID());
Iterator<?> certIt = certCollection.iterator();
X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
X509Certificate varCert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
PeriodValidator pV = new PeriodValidator();
try {
pV.validate(varCert);
} catch (CertificateValidatorException cve) {
si.getValidatorErrors().add(cve.getMessage());
}
CRLValidator cV = new CRLValidator();
try {
cV.validate(varCert);
} catch (CertificateValidatorCRLException cvce) {
si.getValidatorErrors().add(cvce.getMessage());
}
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificateHolder))) {
verified++;
logger.info(cadesMessagesBundle.getString("info.signature.valid.seq", verified));
}
// Realiza a verificação dos atributos assinados
logger.info(cadesMessagesBundle.getString("info.signed.attribute"));
AttributeTable signedAttributes = signer.getSignedAttributes();
if ((signedAttributes == null) || (signedAttributes != null && signedAttributes.size() == 0)) {
throw new SignerException(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
}
// Realiza a verificação dos atributos não assinados
logger.info(cadesMessagesBundle.getString("info.unsigned.attribute"));
AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
if ((unsignedAttributes == null) || (unsignedAttributes != null && unsignedAttributes.size() == 0)) {
logger.info(cadesMessagesBundle.getString("error.unsigned.attribute.table.not.found"));
}
// Mostra data e hora da assinatura, não é carimbo de tempo
Attribute signingTime = signedAttributes.get(CMSAttributes.signingTime);
Date dataHora = null;
if (signingTime != null) {
dataHora = (((ASN1UTCTime) signingTime.getAttrValues().getObjectAt(0)).getDate());
logger.info(cadesMessagesBundle.getString("info.date.utc", dataHora));
} else {
logger.info(cadesMessagesBundle.getString("info.date.utc", "N/D"));
}
logger.info(cadesMessagesBundle.getString("info.attribute.validation"));
// Valida o atributo ContentType
Attribute attributeContentType = signedAttributes.get(CMSAttributes.contentType);
if (attributeContentType == null) {
throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "ContentType"));
}
if (!attributeContentType.getAttrValues().getObjectAt(0).equals(ContentInfo.data)) {
throw new SignerException(cadesMessagesBundle.getString("error.content.not.data"));
}
// Validando o atributo MessageDigest
Attribute attributeMessageDigest = signedAttributes.get(CMSAttributes.messageDigest);
if (attributeMessageDigest == null) {
throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "MessageDigest"));
}
// Validando o atributo MessageDigest
Attribute idSigningPolicy = null;
idSigningPolicy = signedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId.getId()));
if (idSigningPolicy == null) {
throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "idSigningPolicy"));
}
// Verificando timeStamp
try {
Attribute attributeTimeStamp = null;
attributeTimeStamp = unsignedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()));
if (attributeTimeStamp != null) {
byte[] varSignature = signer.getSignature();
Timestamp varTimeStampSigner = validateTimestamp(attributeTimeStamp, varSignature);
si.setTimeStampSigner(varTimeStampSigner);
}
} catch (Exception ex) {
// nas assinaturas feitas na applet o unsignedAttributes.get gera exceção.
}
LinkedList<X509Certificate> varChain = (LinkedList<X509Certificate>) CAManager.getInstance().getCertificateChain(varCert);
si.setSignDate(dataHora);
si.setChain(varChain);
si.setSignaturePolicy(signaturePolicy);
this.getSignatureInfo().add(si);
} catch (OperatorCreationException | java.security.cert.CertificateException ex) {
throw new SignerException(ex);
} catch (CMSException ex) {
// When file is mismatch with sign
if (ex instanceof CMSSignerDigestMismatchException)
throw new SignerException(cadesMessagesBundle.getString("error.signature.mismatch"), ex);
else
throw new SignerException(cadesMessagesBundle.getString("error.signature.invalid"), ex);
} catch (ParseException e) {
throw new SignerException(e);
}
}
logger.info(cadesMessagesBundle.getString("info.signature.verified", verified));
// TODO Efetuar o parsing da estrutura CMS
return true;
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
SignedOrUnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime)
SignerInformation(org.bouncycastle.cms.SignerInformation)
CertificateException(java.security.cert.CertificateException)
CRLValidator(org.demoiselle.signer.core.validator.CRLValidator)
Timestamp(org.demoiselle.signer.timestamp.Timestamp)
SignatureInformations(org.demoiselle.signer.policy.impl.cades.SignatureInformations)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
PeriodValidator(org.demoiselle.signer.core.validator.PeriodValidator)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CertificateTrustPoint(org.demoiselle.signer.policy.engine.asn1.etsi.CertificateTrustPoint)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException)
CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException)
ParseException(java.text.ParseException)
TSPException(org.bouncycastle.tsp.TSPException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CMSException(org.bouncycastle.cms.CMSException)
CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException)
CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
LinkedList(java.util.LinkedList)
CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ParseException(java.text.ParseException)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
CMSException(org.bouncycastle.cms.CMSException)
Aggregations
SignerException (org.demoiselle.signer.policy.impl.cades.SignerException)24
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)11
Attribute (org.bouncycastle.asn1.cms.Attribute)11
X509Certificate (java.security.cert.X509Certificate)10
IOException (java.io.IOException)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
DERSet (org.bouncycastle.asn1.DERSet)8
CMSSignedData (org.bouncycastle.cms.CMSSignedData)8
CertificateCoreException (org.demoiselle.signer.core.exception.CertificateCoreException)8
CMSException (org.bouncycastle.cms.CMSException)7
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)7
DERSequence (org.bouncycastle.asn1.DERSequence)6
TSPException (org.bouncycastle.tsp.TSPException)6
Timestamp (org.demoiselle.signer.timestamp.Timestamp)6
ArrayList (java.util.ArrayList)5
SignedOrUnsignedAttribute (org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute)5
UnsignedAttribute (org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)5
ParseException (java.text.ParseException)4
CMSSignerDigestMismatchException (org.bouncycastle.cms.CMSSignerDigestMismatchException)4
SignerInformation (org.bouncycastle.cms.SignerInformation)4
