certs.add(x509Certificate);
}
}
*/
// the signerInfos
ASN1Set signerInfos = (ASN1Set)content.getObjectAt(next);
if (signerInfos.size() != 1)
throw new IllegalArgumentException(MessageLocalization.getComposedMessage("this.pkcs.7.object.has.multiple.signerinfos.only.one.is.supported.at.this.time"));
ASN1Sequence signerInfo = (ASN1Sequence)signerInfos.getObjectAt(0);
// the positions that we care are
// 0 - version
// 1 - the signing certificate issuer and serial number
// 2 - the digest algorithm
// 3 or 4 - digestEncryptionAlgorithm
// 4 or 5 - encryptedDigest
signerversion = ((ASN1Integer)signerInfo.getObjectAt(0)).getValue().intValue();
// Get the signing certificate
ASN1Sequence issuerAndSerialNumber = (ASN1Sequence)signerInfo.getObjectAt(1);
X509Principal issuer = new X509Principal(issuerAndSerialNumber.getObjectAt(0).toASN1Primitive().getEncoded());
BigInteger serialNumber = ((ASN1Integer)issuerAndSerialNumber.getObjectAt(1)).getValue();
for (Object element : certs) {
X509Certificate cert = (X509Certificate)element;
if (cert.getIssuerDN().equals(issuer) && serialNumber.equals(cert.getSerialNumber())) {
signCert = cert;
break;
}
}
if (signCert == null) {
throw new IllegalArgumentException(MessageLocalization.getComposedMessage("can.t.find.signing.certificate.with.serial.1",
issuer.getName() + " / " + serialNumber.toString(16)));
}
signCertificateChain();
digestAlgorithmOid = ((ASN1ObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
next = 3;
boolean foundCades = false;
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
sigAttr = sseq.getEncoded();
// maybe not necessary, but we use the following line as fallback:
sigAttrDer = sseq.getEncoded(ASN1Encoding.DER);
for (int k = 0; k < sseq.size(); ++k) {
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
String idSeq2 = ((ASN1ObjectIdentifier)seq2.getObjectAt(0)).getId();
if (idSeq2.equals(SecurityIDs.ID_MESSAGE_DIGEST)) {
ASN1Set set = (ASN1Set)seq2.getObjectAt(1);
digestAttr = ((ASN1OctetString)set.getObjectAt(0)).getOctets();
}
else if (idSeq2.equals(SecurityIDs.ID_ADBE_REVOCATION)) {
ASN1Set setout = (ASN1Set)seq2.getObjectAt(1);
ASN1Sequence seqout = (ASN1Sequence)setout.getObjectAt(0);
for (int j = 0; j < seqout.size(); ++j) {
ASN1TaggedObject tg = (ASN1TaggedObject)seqout.getObjectAt(j);
if (tg.getTagNo() == 0) {
ASN1Sequence seqin = (ASN1Sequence)tg.getObject();
findCRL(seqin);
}
if (tg.getTagNo() == 1) {
ASN1Sequence seqin = (ASN1Sequence)tg.getObject();
findOcsp(seqin);
}
}
}
else if (isCades && idSeq2.equals(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V1)) {
ASN1Set setout = (ASN1Set)seq2.getObjectAt(1);
ASN1Sequence seqout = (ASN1Sequence)setout.getObjectAt(0);
SigningCertificate sv2 = SigningCertificate.getInstance(seqout);
ESSCertID[] cerv2m = sv2.getCerts();
ESSCertID cerv2 = cerv2m[0];
byte[] enc2 = signCert.getEncoded();
MessageDigest m2 = new BouncyCastleDigest().getMessageDigest("SHA-1");
byte[] signCertHash = m2.digest(enc2);
byte[] hs2 = cerv2.getCertHash();
if (!Arrays.equals(signCertHash, hs2))
throw new IllegalArgumentException("Signing certificate doesn't match the ESS information.");
foundCades = true;
}
else if (isCades && idSeq2.equals(SecurityIDs.ID_AA_SIGNING_CERTIFICATE_V2)) {
ASN1Set setout = (ASN1Set)seq2.getObjectAt(1);
ASN1Sequence seqout = (ASN1Sequence)setout.getObjectAt(0);
SigningCertificateV2 sv2 = SigningCertificateV2.getInstance(seqout);
ESSCertIDv2[] cerv2m = sv2.getCerts();
ESSCertIDv2 cerv2 = cerv2m[0];
AlgorithmIdentifier ai2 = cerv2.getHashAlgorithm();
byte[] enc2 = signCert.getEncoded();
MessageDigest m2 = new BouncyCastleDigest().getMessageDigest(DigestAlgorithms.getDigest(ai2.getAlgorithm().getId()));
byte[] signCertHash = m2.digest(enc2);
byte[] hs2 = cerv2.getCertHash();
if (!Arrays.equals(signCertHash, hs2))
throw new IllegalArgumentException("Signing certificate doesn't match the ESS information.");
foundCades = true;
}
}
if (digestAttr == null)
throw new IllegalArgumentException(MessageLocalization.getComposedMessage("authenticated.attribute.is.missing.the.digest"));
++next;
}
if (isCades && !foundCades)
throw new IllegalArgumentException("CAdES ESS information missing.");
digestEncryptionAlgorithmOid = ((ASN1ObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
digest = ((ASN1OctetString)signerInfo.getObjectAt(next++)).getOctets();
if (next < signerInfo.size() && signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject taggedObject = (ASN1TaggedObject) signerInfo.getObjectAt(next);
ASN1Set unat = ASN1Set.getInstance(taggedObject, false);
AttributeTable attble = new AttributeTable(unat);
Attribute ts = attble.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
if (ts != null && ts.getAttrValues().size() > 0) {
ASN1Set attributeValues = ts.getAttrValues();
ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0));
ContentInfo contentInfo = new ContentInfo(tokenSequence);
this.timeStampToken = new TimeStampToken(contentInfo);
}
}
if (isTsp) {