Package eu.europa.esig.dss.cades

Class CMSUtils

java.lang.Object
eu.europa.esig.dss.cades.CMSUtils
public final class CMSUtils extends Object
The utils for dealing with CMS object

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final DigestAlgorithm
    DEFAULT_ARCHIVE_TIMESTAMP_HASH_ALGO
    The default DigestAlgorithm for ArchiveTimestamp

  • Method Summary

    Modifier and Type
    Method
    Description
    static org.bouncycastle.cms.CMSSignedData
    addDigestAlgorithm(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithmIdentifier)
    This method adds a DigestAlgorithm used by an Archive TimeStamp to the SignedData.digestAlgorithms set, when required.
    static void
    addSigningCertificateAttribute(org.bouncycastle.asn1.ASN1EncodableVector signedAttributes, DigestAlgorithm digestAlgorithm, CertificateToken signingToken)
    Method to add signing certificate to ASN.1 DER encoded signed attributes.
    static boolean
    containsATSTv2(org.bouncycastle.cms.SignerInformation signerInformation)
    Checks if the given SignerInformation's unsignedProperties contain an archive-time-stamp (ATSv2) element
    static org.bouncycastle.cms.CMSSignedData
    generateCMSSignedData(org.bouncycastle.cms.CMSSignedDataGenerator generator, org.bouncycastle.cms.CMSTypedData content, boolean encapsulate)
    This method generate CMSSignedData using the provided #CMSSignedDataGenerator, the content and the indication if the content should be encapsulated.
    static org.bouncycastle.cms.SignerInformationStore
    generateCounterSigners(org.bouncycastle.cms.CMSSignedDataGenerator cmsSignedDataGenerator, org.bouncycastle.cms.SignerInformation signerInfoToSign)
    Generates a counter signature
    static org.bouncycastle.cms.CMSSignedData
    generateDetachedCMSSignedData(org.bouncycastle.cms.CMSSignedDataGenerator generator, org.bouncycastle.cms.CMSProcessableByteArray content)
    Generates a detached CMS SignedData
    static org.bouncycastle.asn1.cms.AttributeTable
    getAttributesFromByteArray(byte[] encodedAttributes)
    This method returns an AttributeTable parsed from ASN.1 encoded representation
    static org.bouncycastle.cms.CMSTypedData
    getContentToBeSigned(DSSDocument toSignData)
    Returns the content to be signed
    static org.bouncycastle.asn1.DERTaggedObject
    getDERSignedAttributes(org.bouncycastle.cms.SignerInformation signerInformation)
    Gets the DER SignedAttributes table from the given SignerInformation
    static org.bouncycastle.operator.DigestCalculatorProvider
    getDigestCalculatorProvider(DSSDocument toSignDocument, DigestAlgorithm digestAlgorithm)
    Returns a DigestCalculatorProvider
    static DSSDocument
    getOriginalDocument(org.bouncycastle.cms.CMSSignedData cmsSignedData, List<DSSDocument> detachedDocuments)
    Returns the original document from the provided cmsSignedData
    static org.bouncycastle.asn1.cms.Attribute
    getSignedAttribute(org.bouncycastle.cms.SignerInformation signerInformation, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Returns a signed attribute with the given oid from signerInformation if present
    static org.bouncycastle.asn1.cms.AttributeTable
    getSignedAttributes(org.bouncycastle.cms.SignerInformation signerInformation)
    This method returns the existing signed attributes or a new empty attributes hashtable
    static byte[]
    getSignedContent(org.bouncycastle.cms.CMSTypedData cmsTypedData)
    This method returns the signed content extracted from a CMSTypedData
    static org.bouncycastle.asn1.cms.Attribute
    getUnsignedAttribute(org.bouncycastle.cms.SignerInformation signerInformation, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Returns an unsigned attribute by its given oid
    static org.bouncycastle.asn1.cms.AttributeTable
    getUnsignedAttributes(org.bouncycastle.cms.SignerInformation signerInformation)
    This method returns the existing unsigned attributes or a new empty attributes hashtable
    static boolean
    isCMSSignedDataEqual(org.bouncycastle.cms.CMSSignedData signedData, org.bouncycastle.cms.CMSSignedData signedDataToCompare)
    Compares two CMSSignedData objects by their encoded binaries
    static boolean
    isDetachedSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData)
    Checks if the signature is detached
    static org.bouncycastle.cms.CMSSignedData
    populateDigestAlgorithmSet(org.bouncycastle.cms.CMSSignedData newCmsSignedData, org.bouncycastle.cms.CMSSignedData oldCmsSignedData)
    This method is used to ensure the presence of all items from SignedData.digestAlgorithm set from oldCmsSignedData within newCmsSignedData
    static Date
    readSigningDate(org.bouncycastle.asn1.ASN1Encodable attrValue)
    Reads the SigningDate with respect to the RFC 3852

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • DEFAULT_ARCHIVE_TIMESTAMP_HASH_ALGO

      public static final DigestAlgorithm DEFAULT_ARCHIVE_TIMESTAMP_HASH_ALGO
      The default DigestAlgorithm for ArchiveTimestamp

  • Method Details

    • generateCMSSignedData

      public static org.bouncycastle.cms.CMSSignedData generateCMSSignedData(org.bouncycastle.cms.CMSSignedDataGenerator generator, org.bouncycastle.cms.CMSTypedData content, boolean encapsulate)
      This method generate CMSSignedData using the provided #CMSSignedDataGenerator, the content and the indication if the content should be encapsulated.
      Parameters:
      generator - CMSSignedDataGenerator
      content - CMSTypedData
      encapsulate - true if the content should be encapsulated in the signature, false otherwise
      Returns:
      CMSSignedData

    • generateCounterSigners

      public static org.bouncycastle.cms.SignerInformationStore generateCounterSigners(org.bouncycastle.cms.CMSSignedDataGenerator cmsSignedDataGenerator, org.bouncycastle.cms.SignerInformation signerInfoToSign)
      Generates a counter signature
      Parameters:
      cmsSignedDataGenerator - CMSSignedDataGenerator to extend the CMS SignedData
      signerInfoToSign - SignerInformation to be counter signed
      Returns:
      SignerInformationStore with a counter signature

    • generateDetachedCMSSignedData

      public static org.bouncycastle.cms.CMSSignedData generateDetachedCMSSignedData(org.bouncycastle.cms.CMSSignedDataGenerator generator, org.bouncycastle.cms.CMSProcessableByteArray content)
      Generates a detached CMS SignedData
      Parameters:
      generator - CMSSignedDataGenerator
      content - CMSProcessableByteArray to sign
      Returns:
      CMSSignedData

    • populateDigestAlgorithmSet

      public static org.bouncycastle.cms.CMSSignedData populateDigestAlgorithmSet(org.bouncycastle.cms.CMSSignedData newCmsSignedData, org.bouncycastle.cms.CMSSignedData oldCmsSignedData)
      This method is used to ensure the presence of all items from SignedData.digestAlgorithm set from oldCmsSignedData within newCmsSignedData
      Parameters:
      newCmsSignedData - CMSSignedData to be extended with digest algorithms, if required
      oldCmsSignedData - CMSSignedData to copy digest algorithms set from
      Returns:
      extended CMSSignedData

    • addDigestAlgorithm

      public static org.bouncycastle.cms.CMSSignedData addDigestAlgorithm(org.bouncycastle.cms.CMSSignedData cmsSignedData, org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithmIdentifier)
      This method adds a DigestAlgorithm used by an Archive TimeStamp to the SignedData.digestAlgorithms set, when required. See ETSI EN 319 122-1, ch. "5.5.3 The archive-time-stamp-v3 attribute"
      Parameters:
      cmsSignedData - CMSSignedData to extend
      algorithmIdentifier - AlgorithmIdentifier to add
      Returns:
      CMSSignedData

    • getDERSignedAttributes

      public static org.bouncycastle.asn1.DERTaggedObject getDERSignedAttributes(org.bouncycastle.cms.SignerInformation signerInformation)
      Gets the DER SignedAttributes table from the given SignerInformation
      Parameters:
      signerInformation - SignerInformation
      Returns:
      DERTaggedObject representing the signed attributes

    • getSignedContent

      public static byte[] getSignedContent(org.bouncycastle.cms.CMSTypedData cmsTypedData)
      This method returns the signed content extracted from a CMSTypedData
      Parameters:
      cmsTypedData - CMSTypedData cannot be null
      Returns:
      the signed content extracted from CMSTypedData

    • getUnsignedAttributes

      public static org.bouncycastle.asn1.cms.AttributeTable getUnsignedAttributes(org.bouncycastle.cms.SignerInformation signerInformation)
      This method returns the existing unsigned attributes or a new empty attributes hashtable
      Parameters:
      signerInformation - the signer information
      Returns:
      the existing unsigned attributes or an empty attributes hashtable

    • getSignedAttributes

      public static org.bouncycastle.asn1.cms.AttributeTable getSignedAttributes(org.bouncycastle.cms.SignerInformation signerInformation)
      This method returns the existing signed attributes or a new empty attributes hashtable
      Parameters:
      signerInformation - the signer information
      Returns:
      the existing signed attributes or an empty attributes Hashtable

    • getAttributesFromByteArray

      public static org.bouncycastle.asn1.cms.AttributeTable getAttributesFromByteArray(byte[] encodedAttributes)
      This method returns an AttributeTable parsed from ASN.1 encoded representation
      Parameters:
      encodedAttributes - ASN.1 encoded AttributesTable
      Returns:
      AttributeTable created from given encodedAttributes

    • addSigningCertificateAttribute

      public static void addSigningCertificateAttribute(org.bouncycastle.asn1.ASN1EncodableVector signedAttributes, DigestAlgorithm digestAlgorithm, CertificateToken signingToken)
      Method to add signing certificate to ASN.1 DER encoded signed attributes. Certificate will be added as either signing-certificate or signing-certificate-v2 attribute depending on digest algorithm being used.
      Parameters:
      signedAttributes - Signed attributes to append signing certificate to
      digestAlgorithm - the digest algorithm to be used
      signingToken - The signing certificate to be append

    • isCMSSignedDataEqual

      public static boolean isCMSSignedDataEqual(org.bouncycastle.cms.CMSSignedData signedData, org.bouncycastle.cms.CMSSignedData signedDataToCompare) throws IOException
      Compares two CMSSignedData objects by their encoded binaries
      Parameters:
      signedData - CMSSignedData object to compare
      signedDataToCompare - CMSSignedData object to compare with
      Returns:
      true if binaries of two CMSSignedData are equal, false otherwise
      Throws:
      IOException - if an exception occurs

    • getSignedAttribute

      public static org.bouncycastle.asn1.cms.Attribute getSignedAttribute(org.bouncycastle.cms.SignerInformation signerInformation, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Returns a signed attribute with the given oid from signerInformation if present
      Parameters:
      signerInformation - SignerInformation containing signed attributes
      oid - ASN1ObjectIdentifier oid of the element to extract
      Returns:
      Attribute with the given OID

    • getUnsignedAttribute

      public static org.bouncycastle.asn1.cms.Attribute getUnsignedAttribute(org.bouncycastle.cms.SignerInformation signerInformation, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Returns an unsigned attribute by its given oid
      Parameters:
      signerInformation - SignerInformation to get attribute from
      oid - ASN1ObjectIdentifier of the target attribute
      Returns:
      Attribute

    • isDetachedSignature

      public static boolean isDetachedSignature(org.bouncycastle.cms.CMSSignedData cmsSignedData)
      Checks if the signature is detached
      Parameters:
      cmsSignedData - CMSSignedData
      Returns:
      TRUE if the signature is detached, FALSE otherwise

    • getOriginalDocument

      public static DSSDocument getOriginalDocument(org.bouncycastle.cms.CMSSignedData cmsSignedData, List<DSSDocument> detachedDocuments)
      Returns the original document from the provided cmsSignedData
      Parameters:
      cmsSignedData - CMSSignedData to get original document from
      detachedDocuments - list of DSSDocuments
      Returns:
      original DSSDocument

    • getContentToBeSigned

      public static org.bouncycastle.cms.CMSTypedData getContentToBeSigned(DSSDocument toSignData)
      Returns the content to be signed
      Parameters:
      toSignData - DSSDocument to sign
      Returns:
      CMSTypedData

    • getDigestCalculatorProvider

      public static org.bouncycastle.operator.DigestCalculatorProvider getDigestCalculatorProvider(DSSDocument toSignDocument, DigestAlgorithm digestAlgorithm)
      Returns a DigestCalculatorProvider
      Parameters:
      toSignDocument - DSSDocument to sign
      digestAlgorithm - DigestAlgorithm to use
      Returns:
      DigestCalculatorProvider

    • containsATSTv2

      public static boolean containsATSTv2(org.bouncycastle.cms.SignerInformation signerInformation)
      Checks if the given SignerInformation's unsignedProperties contain an archive-time-stamp (ATSv2) element
      Parameters:
      signerInformation - SignerInformation to check
      Returns:
      TRUE if the signerInformation contains an ATSv2, FALSE otherwise

    • readSigningDate

      public static Date readSigningDate(org.bouncycastle.asn1.ASN1Encodable attrValue)
      Reads the SigningDate with respect to the RFC 3852
      Parameters:
      attrValue - ASN1Encodable containing the signingDate
      Returns:
      Date if its format is correct, null otherwise