Package eu.europa.esig.dss.spi

Class DSSASN1Utils

java.lang.Object
eu.europa.esig.dss.spi.DSSASN1Utils
public final class DSSASN1Utils extends Object
Utility class that contains some ASN1 related method.

  • Method Summary

    Modifier and Type
    Method
    Description
    static org.bouncycastle.asn1.ASN1Primitive
    buildSPDocSpecificationId(String oidOrUri)
    Builds SPDocSpecification attribute from the given oidOrUri SPDocSpecification ::= CHOICE { oid OBJECT IDENTIFIER, uri IA5String }
    static byte[]
    computeSkiFromCert(CertificateToken certificateToken)
    Computes SHA-1 hash of the certificateToken's public key
    static byte[]
    computeSkiFromCertPublicKey(PublicKey publicKey)
    Computes SHA-1 hash of the given publicKey's
    static org.bouncycastle.asn1.cms.AttributeTable
    emptyIfNull(org.bouncycastle.asn1.cms.AttributeTable originalAttributeTable)
    Returns the current originalAttributeTable if instantiated, an empty AttributeTable if null
    static byte[]
    ensurePlainSignatureValue(EncryptionAlgorithm algorithm, byte[] signatureValue)
    Converts the ANS.1 binary signature value to the concatenated (plain) R || S format if required NOTE: used in XAdES and JAdES
    static String
    extractAttributeFromX500Principal(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, X500PrincipalHelper principal)
    Extract attribute with the identifier from X500PrincipalHelper
    static List<org.bouncycastle.tsp.TimeStampToken>
    findArchiveTimeStampTokens(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes)
    Finds archive TimeStampTokens
    static Map<String,String>
    get(X500Principal x500Principal)
    Gets a map of X500 attribute names and the values
    static org.bouncycastle.asn1.x509.AlgorithmIdentifier
    getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm)
    Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm
    static org.bouncycastle.asn1.x509.AlgorithmIdentifier
    getAlgorithmIdentifier(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)
    Gets the ASN.1 algorithm identifier structure corresponding to the algorithm found in the provided Timestamp Hash Index Table, if such algorithm is present
    static org.bouncycastle.asn1.cms.Attribute[]
    getAsn1Attributes(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Returns an array of Attributes for a given oid found in the unsignedAttributes
    static org.bouncycastle.asn1.ASN1Set
    getAsn1AttributeSet(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Returns an Attribute values for a given oid found in the unsignedAttributes
    static org.bouncycastle.asn1.ASN1Encodable
    getAsn1Encodable(org.bouncycastle.asn1.cms.Attribute attribute)
    Returns ASN1Encodable of the attribute
    static org.bouncycastle.asn1.ASN1Encodable
    getAsn1Encodable(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Returns ASN1Encodable for a given oid found in the unsignedAttributes
    static org.bouncycastle.asn1.ASN1Sequence
    getAsn1SequenceFromDerOctetString(byte[] bytes)
    This method returns the ASN1Sequence encapsulated in DEROctetString.
    static byte[]
    getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm, byte[] policyBytes)
    This method computes the digest of an ASN1 signature policy (used in CAdES) TS 101 733 5.8.1 : If the signature policy is defined using ASN.1, then the hash is calculated on the value without the outer type and length fields, and the hashing algorithm shall be as specified in the field sigPolicyHash.
    static org.bouncycastle.asn1.ASN1Sequence
    getAtsHashIndex(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)
    Returns ats-hash-index table, with a related version present in from timestamp's unsigned properties
    static org.bouncycastle.asn1.ASN1Sequence
    getAtsHashIndexByVersion(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)
    Returns ats-hash-index table, with a specified version present in from timestamp's unsigned properties
    static List<byte[]>
    getATSHashIndexV3OctetString(org.bouncycastle.asn1.ASN1ObjectIdentifier attributeIdentifier, org.bouncycastle.asn1.ASN1Set attributeValues)
    Returns octets from the given attribute for ATS-Hash-Index-v3 table
    static org.bouncycastle.asn1.ASN1ObjectIdentifier
    getAtsHashIndexVersionIdentifier(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)
    Returns ASN1ObjectIdentifier of the found AtsHashIndex
    static byte[]
    getAuthorityKeyIdentifier(CertificateToken certificateToken)
    This method returns authority key identifier as binaries from the certificate extension (SHA-1 of the public key of the issuer certificate).
    static byte[]
    getBEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)
    This method returns BER encoded ASN1 attribute.
    static List<String>
    getCAAccessLocations(CertificateToken certificate)
    Gives back the CA URIs meta-data found within the given certificate.
    static CertificateToken
    getCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertificateHolder)
    Extract the certificate token from X509CertificateHolder
    static List<CertificatePolicy>
    getCertificatePolicies(CertificateToken certToken)
    Retrieves a list of CertificatePolicys from a certificate token
    static CertificateRef
    getCertificateRef(org.bouncycastle.asn1.ess.OtherCertID otherCertId)
    Converts the OtherCertID to CertificateRef
    static org.bouncycastle.asn1.ASN1Sequence
    getCertificatesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)
    Extract the Unsigned Attribute Archive Timestamp Cert Hash Index from a timestampToken
    static org.bouncycastle.cms.CMSSignedData
    getCMSSignedData(org.bouncycastle.asn1.cms.Attribute attribute)
    Creates a CMSSignedData from the provided attribute
    static org.bouncycastle.asn1.ASN1Sequence
    getCRLHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)
    Extract the Unsigned Attribute Archive Timestamp Crl Hash Index from a timestampToken
    static List<String>
    getCrlUrls(CertificateToken certificateToken)
    Gives back the List of CRL URI meta-data found within the given X509 certificate.
    static Date
    getDate(org.bouncycastle.asn1.ASN1Encodable encodable)
    Reads the encodable and returns a Date
    static byte[]
    getDEREncoded(byte[] bytes)
    Returns the ASN.1 encoded representation of byte array.
    static byte[]
    getDEREncoded(TimestampBinary timestampBinary)
    Returns the ASN.1 encoded representation of TimestampBinary.
    static byte[]
    getDEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)
    This method returns DER encoded ASN1 attribute.
    static byte[]
    getDEREncoded(org.bouncycastle.cms.CMSSignedData data)
    Returns the ASN.1 encoded representation of CMSSignedData.
    static byte[]
    getDEREncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)
    Gets the DER encoded binaries of TimeStampToken
    static List<org.bouncycastle.asn1.DEROctetString>
    getDEROctetStrings(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)
    Returns list of DEROctetString from an ASN1Sequence Useful when needed to get a list of hash values
    static String
    getDirectoryStringValue(org.bouncycastle.asn1.ASN1Encodable directoryStringInstance)
    Returns a value of an ASN.1 DirectoryString instance Returns null if an error occurs during the transformation
    static byte[]
    getEncoded(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
    Gets the DER-encoded binaries of the BasicOCSPResp
    static byte[]
    getEncoded(org.bouncycastle.cms.CMSSignedData cmsSignedData)
    Returns an ASN.1 encoded bytes representing the CMSSignedData
    static byte[]
    getEncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)
    Returns an ASN.1 encoded bytes representing the TimeStampToken
    static List<String>
    getExtendedKeyUsage(CertificateToken certToken)
    Extracts all extended key usages for the certificate token
    static org.bouncycastle.cms.SignerInformation
    getFirstSignerInformation(org.bouncycastle.cms.CMSSignedData cms)
    Returns the first SignerInformation extracted from CMSSignedData.
    static String
    getHumanReadableName(CertificateToken cert)
    Extracts the pretty printed name of the certificate token
    static String
    getHumanReadableName(X500PrincipalHelper x500PrincipalHelper)
    Extracts the pretty printed name from the X500PrincipalHelper
    static org.bouncycastle.asn1.x509.IssuerSerial
    getIssuerSerial(byte[] binaries)
    Gets the IssuerSerial object
    static org.bouncycastle.asn1.x509.IssuerSerial
    getIssuerSerial(CertificateToken certToken)
    This method returns a new IssuerSerial based on the certificate token
    static List<String>
    getOCSPAccessLocations(CertificateToken certificate)
    Gives back the OCSP URIs meta-data found within the given X509 cert.
    static List<byte[]>
    getOctetStringForAtsHashIndex(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)
    Returns octets from the given attribute by defined atsh-hash-index type
    static BigInteger
    getOrderFromSignatureValue(byte[] signatureValue)
    Gets the order parameter corresponding the given signatureValue
    static org.bouncycastle.asn1.esf.RevocationValues
    getRevocationValues(org.bouncycastle.asn1.ASN1Encodable encodable)
    Returns RevocationValues from the given encodable
    static int
    getSignatureValueBitLength(byte[] signatureValue)
    This method returns a bit length of the provided signature value
    static byte[]
    getSki(CertificateToken certificateToken)
    This method returns the Subject Key Identifier (SKI) bytes from the certificate extension (SHA-1 of the public key of the current certificate).
    static byte[]
    getSki(CertificateToken certificateToken, boolean computeIfMissing)
    This method returns SKI bytes from certificate.
    static String
    getString(org.bouncycastle.asn1.ASN1Encodable attributeValue)
    Reads the value
    static List<String>
    getSubjectAlternativeNames(CertificateToken certToken)
    Returns a list of subject alternative names
    static String
    getSubjectCommonName(CertificateToken cert)
    Extracts the Subject Common name from the certificate token
    static List<org.bouncycastle.asn1.ASN1ObjectIdentifier>
    getTimestampOids()
    Returns a list of all CMS timestamp identifiers
    static org.bouncycastle.tsp.TimeStampToken
    getTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)
    Creates a TimeStampToken from the provided attribute
    static Date
    getTimeStampTokenGenerationTime(org.bouncycastle.tsp.TimeStampToken timeStampToken)
    Returns generation time for the provided timeStampToken
    static org.bouncycastle.asn1.ASN1Sequence
    getUnsignedAttributesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)
    Extract the Unsigned Attribute Archive Timestamp Attribute Hash Index from a timestampToken
    static org.bouncycastle.cert.X509CertificateHolder
    getX509CertificateHolder(CertificateToken certToken)
    Returns a X509CertificateHolder encapsulating the given X509Certificate.
    static boolean
    hasIdPkixOcspNoCheckExtension(CertificateToken token)
    Indicates if the revocation data should be checked for an OCSP signing certificate.
    http://www.ietf.org/rfc/rfc2560.txt?number=2560
    A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate.
    static boolean
    hasValAssuredShortTermCertsExtension(CertificateToken token)
    This extension indicates that the validity of the certificate is assured because the certificate is a "short-term certificate".
    static boolean
    isArchiveTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)
    Checks if the attribute is of an allowed archive timestamp type
    static boolean
    isAsn1Encoded(byte[] binaries)
    Checks if the binaries are ASN.1 encoded.
    static boolean
    isAsn1EncodedSignatureValue(byte[] binaries)
    Checks if the SignatureValue binaries are ASN.1 encoded.
    static boolean
    isASN1SequenceTag(byte tagByte)
    Checks if the byte defines an ASN1 Sequence
    static boolean
    isAttributeOfType(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier asn1ObjectIdentifier)
    Checks if the given attribute is an instance of the expected asn1ObjectIdentifier type
    static boolean
    isEmpty(org.bouncycastle.asn1.cms.AttributeTable attributeTable)
    Checks if the attributeTable is empty
    static boolean
    isExtendedKeyUsagePresent(CertificateToken certToken, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
    Checks if the keyUsage with oid is present in the certificate token
    static boolean
    isOCSPSigning(CertificateToken certToken)
    Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses.
    http://www.ietf.org/rfc/rfc3280.txt
    http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2
    {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)}
    OID: 1.3.6.1.5.5.7.3.9
    static boolean
    isSkiEqual(byte[] ski, CertificateToken certificateToken)
    Checks if the provided ski matches to a ski computed from a certificateToken's public key
    static <T extends org.bouncycastle.asn1.ASN1Primitive>
    T
    toASN1Primitive(byte[] bytes)
    This method returns T extends ASN1Primitive created from array of bytes.
    static org.bouncycastle.cert.ocsp.BasicOCSPResp
    toBasicOCSPResp(org.bouncycastle.asn1.ocsp.OCSPResponse ocspResponse)
    Converts an object of OCSPResponse class to BasicOCSPResp
    static org.bouncycastle.cert.ocsp.BasicOCSPResp[]
    toBasicOCSPResps(org.bouncycastle.asn1.ocsp.BasicOCSPResponse[] basicOCSPResponses)
    Converts an array of BasicOCSPResponses to an array of BasicOCSPResps
    static org.bouncycastle.cert.ocsp.BasicOCSPResp[]
    toBasicOCSPResps(org.bouncycastle.asn1.ocsp.OCSPResponse[] ocspResponses)
    Converts an array of OCSPResponses to an array of BasicOCSPResps
    static Date
    toDate(org.bouncycastle.asn1.ASN1GeneralizedTime asn1Date)
    Converts ASN1GeneralizedTime to Date
    static byte[]
    toPlainDSASignatureValue(byte[] asn1SignatureValue)
    Converts an ASN.1 value to a concatenation string of R and S from ECDSA/DSA encryption algorithm The JAVA JCE ECDSA/DSA Signature algorithm creates ASN.1 encoded (r,s) value pairs.
    static SignerIdentifier
    toSignerIdentifier(X500Principal issuerX500Principal, BigInteger serialNumber, byte[] ski)
    This method transforms token's issuer and serial number information into a CertificateIdentifier object
    static SignerIdentifier
    toSignerIdentifier(org.bouncycastle.asn1.x509.IssuerSerial issuerAndSerial)
    Transforms an object of class IssuerSerial into instance of CertificateIdentifier
    static SignerIdentifier
    toSignerIdentifier(org.bouncycastle.cms.SignerId signerId)
    This method transforms token's signerId into a SignerIdentifier object
    static byte[]
    toStandardDSASignatureValue(byte[] signatureValue)
    Converts a plain signatureValue to its corresponding ASN.1 format
    static String
    toString(org.bouncycastle.asn1.ASN1OctetString value)
    Reads ASN1OctetString value and returns
    static X500Principal
    toX500Principal(org.bouncycastle.asn1.x500.X500Name x500Name)
    Transforms x500Name to X500Principal
    static boolean
    x500PrincipalAreEquals(X500Principal firstX500Principal, X500Principal secondX500Principal)
    This method compares two X500Principals.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • toASN1Primitive

      public static <T extends org.bouncycastle.asn1.ASN1Primitive> T toASN1Primitive(byte[] bytes)
      This method returns T extends ASN1Primitive created from array of bytes. The IOException is transformed in DSSException.
      Type Parameters:
      T - the expected return type
      Parameters:
      bytes - array of bytes to be transformed to ASN1Primitive
      Returns:
      new T extends ASN1Primitive

    • getDEREncoded

      public static byte[] getDEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)
      This method returns DER encoded ASN1 attribute. The IOException is transformed in DSSException.
      Parameters:
      asn1Encodable - asn1Encodable to be DER encoded
      Returns:
      array of bytes representing the DER encoded asn1Encodable

    • getBEREncoded

      public static byte[] getBEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)
      This method returns BER encoded ASN1 attribute. The IOException is transformed in DSSException.
      Parameters:
      asn1Encodable - asn1Encodable to be BER encoded
      Returns:
      array of bytes representing the BER encoded asn1Encodable

    • getEncoded

      public static byte[] getEncoded(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
      Gets the DER-encoded binaries of the BasicOCSPResp
      Parameters:
      basicOCSPResp - BasicOCSPResp
      Returns:
      DER-encoded binaries

    • toDate

      public static Date toDate(org.bouncycastle.asn1.ASN1GeneralizedTime asn1Date)
      Converts ASN1GeneralizedTime to Date
      Parameters:
      asn1Date - ASN1GeneralizedTime
      Returns:
      Date

    • toString

      public static String toString(org.bouncycastle.asn1.ASN1OctetString value)
      Reads ASN1OctetString value and returns
      Parameters:
      value - ASN1OctetString
      Returns:
      String

    • getEncoded

      public static byte[] getEncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)
      Returns an ASN.1 encoded bytes representing the TimeStampToken
      Parameters:
      timeStampToken - TimeStampToken
      Returns:
      the DER encoded TimeStampToken

    • getEncoded

      public static byte[] getEncoded(org.bouncycastle.cms.CMSSignedData cmsSignedData)
      Returns an ASN.1 encoded bytes representing the CMSSignedData
      Parameters:
      cmsSignedData - CMSSignedData
      Returns:
      the binary of the CMSSignedData @ if the CMSSignedData encoding fails

    • getDEREncoded

      public static byte[] getDEREncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)
      Gets the DER encoded binaries of TimeStampToken
      Parameters:
      timeStampToken - TimeStampToken
      Returns:
      DER encoded binaries

    • getDEREncoded

      public static byte[] getDEREncoded(org.bouncycastle.cms.CMSSignedData data)
      Returns the ASN.1 encoded representation of CMSSignedData.
      Parameters:
      data - the CMSSignedData to be encoded
      Returns:
      the DER encoded CMSSignedData

    • getDEREncoded

      public static byte[] getDEREncoded(TimestampBinary timestampBinary)
      Returns the ASN.1 encoded representation of TimestampBinary.
      Parameters:
      timestampBinary - the TimestampBinary to be encoded
      Returns:
      the DER encoded timestampBinary

    • getDEREncoded

      public static byte[] getDEREncoded(byte[] bytes)
      Returns the ASN.1 encoded representation of byte array.
      Parameters:
      bytes - the binary array to encode
      Returns:
      the DER encoded bytes

    • getAsn1SequenceFromDerOctetString

      public static org.bouncycastle.asn1.ASN1Sequence getAsn1SequenceFromDerOctetString(byte[] bytes)
      This method returns the ASN1Sequence encapsulated in DEROctetString. The DEROctetString is represented as byte array.
      Parameters:
      bytes - byte representation of DEROctetString
      Returns:
      encapsulated ASN1Sequence @ in case of a decoding problem

    • getAsn1SignaturePolicyDigest

      public static byte[] getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm, byte[] policyBytes)
      This method computes the digest of an ASN1 signature policy (used in CAdES) TS 101 733 5.8.1 : If the signature policy is defined using ASN.1, then the hash is calculated on the value without the outer type and length fields, and the hashing algorithm shall be as specified in the field sigPolicyHash.
      Parameters:
      digestAlgorithm - the digest algorithm to be used
      policyBytes - the ASN.1 policy content
      Returns:
      the expected digest value

    • getAlgorithmIdentifier

      public static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)
      Gets the ASN.1 algorithm identifier structure corresponding to the algorithm found in the provided Timestamp Hash Index Table, if such algorithm is present
      Parameters:
      atsHashIndexValue - ats-hash-index table from a timestamp
      Returns:
      the ASN.1 algorithm identifier structure

    • getAlgorithmIdentifier

      public static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm)
      Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm
      Parameters:
      digestAlgorithm - the digest algorithm to encode
      Returns:
      the ASN.1 algorithm identifier structure

    • getCertificatesHashIndex

      public static org.bouncycastle.asn1.ASN1Sequence getCertificatesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)
      Extract the Unsigned Attribute Archive Timestamp Cert Hash Index from a timestampToken
      Parameters:
      atsHashIndexValue - ASN1Sequence
      Returns:
      ASN1Sequence

    • getCRLHashIndex

      public static org.bouncycastle.asn1.ASN1Sequence getCRLHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)
      Extract the Unsigned Attribute Archive Timestamp Crl Hash Index from a timestampToken
      Parameters:
      atsHashIndexValue - ASN1Sequence
      Returns:
      ASN1Sequence

    • getUnsignedAttributesHashIndex

      public static org.bouncycastle.asn1.ASN1Sequence getUnsignedAttributesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)
      Extract the Unsigned Attribute Archive Timestamp Attribute Hash Index from a timestampToken
      Parameters:
      atsHashIndexValue - ASN1Sequence
      Returns:
      ASN1Sequence

    • getDEROctetStrings

      public static List<org.bouncycastle.asn1.DEROctetString> getDEROctetStrings(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)
      Returns list of DEROctetString from an ASN1Sequence Useful when needed to get a list of hash values
      Parameters:
      asn1Sequence - ASN1Sequence to get list from
      Returns:
      list of DEROctetStrings

    • hasIdPkixOcspNoCheckExtension

      public static boolean hasIdPkixOcspNoCheckExtension(CertificateToken token)
      Indicates if the revocation data should be checked for an OCSP signing certificate.
      http://www.ietf.org/rfc/rfc2560.txt?number=2560
      A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL.
      Parameters:
      token - the certificate to be checked
      Returns:
      true if the certificate has the id_pkix_ocsp_nocheck extension

    • hasValAssuredShortTermCertsExtension

      public static boolean hasValAssuredShortTermCertsExtension(CertificateToken token)
      This extension indicates that the validity of the certificate is assured because the certificate is a "short-term certificate". That is, the time as indicated in the certificate attribute from notBefore through notAfter, inclusive, is shorter than the maximum time to process a revocation request as specified by the certificate practice statement or certificate policy.
      Parameters:
      token - the certificate to be checked
      Returns:
      true if the certificate has the id-etsi-ext-valassured-ST-certs extension

    • getCertificatePolicies

      public static List<CertificatePolicy> getCertificatePolicies(CertificateToken certToken)
      Retrieves a list of CertificatePolicys from a certificate token
      Parameters:
      certToken - CertificateToken
      Returns:
      a list of CertificatePolicys

    • getSki

      public static byte[] getSki(CertificateToken certificateToken)
      This method returns the Subject Key Identifier (SKI) bytes from the certificate extension (SHA-1 of the public key of the current certificate).
      Parameters:
      certificateToken - the CertificateToken
      Returns:
      ski bytes from the given certificate or null if missing

    • getSki

      public static byte[] getSki(CertificateToken certificateToken, boolean computeIfMissing)
      This method returns SKI bytes from certificate.
      Parameters:
      certificateToken - CertificateToken
      computeIfMissing - if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public Key
      Returns:
      ski bytes from the given certificate

    • getAuthorityKeyIdentifier

      public static byte[] getAuthorityKeyIdentifier(CertificateToken certificateToken)
      This method returns authority key identifier as binaries from the certificate extension (SHA-1 of the public key of the issuer certificate).
      Parameters:
      certificateToken - the CertificateToken
      Returns:
      authority key identifier bytes from the given certificate (can be null if the certificate is self signed)

    • computeSkiFromCert

      public static byte[] computeSkiFromCert(CertificateToken certificateToken)
      Computes SHA-1 hash of the certificateToken's public key
      Parameters:
      certificateToken - CertificateToken to compute digest for
      Returns:
      byte array of public key's SHA-1 hash

    • computeSkiFromCertPublicKey

      public static byte[] computeSkiFromCertPublicKey(PublicKey publicKey)
      Computes SHA-1 hash of the given publicKey's
      Parameters:
      publicKey - PublicKey to compute digest for
      Returns:
      byte array of public key's SHA-1 hash

    • isSkiEqual

      public static boolean isSkiEqual(byte[] ski, CertificateToken certificateToken)
      Checks if the provided ski matches to a ski computed from a certificateToken's public key
      Parameters:
      ski - a byte array representing ski value (SHA-1 of the public key)
      certificateToken - CertificateToken to check
      Returns:
      TRUE if the SKI equals, FALSE otherwise

    • getCAAccessLocations

      public static List<String> getCAAccessLocations(CertificateToken certificate)
      Gives back the CA URIs meta-data found within the given certificate.
      Parameters:
      certificate - the certificate token.
      Returns:
      a list of CA URIs, or empty list if the extension is not present.

    • getOCSPAccessLocations

      public static List<String> getOCSPAccessLocations(CertificateToken certificate)
      Gives back the OCSP URIs meta-data found within the given X509 cert.
      Parameters:
      certificate - the cert token.
      Returns:
      a list of OCSP URIs, or empty list if the extension is not present.

    • getCrlUrls

      public static List<String> getCrlUrls(CertificateToken certificateToken)
      Gives back the List of CRL URI meta-data found within the given X509 certificate.
      Parameters:
      certificateToken - the cert token certificate
      Returns:
      the List of CRL URI, or empty list if the extension is not present

    • isOCSPSigning

      public static boolean isOCSPSigning(CertificateToken certToken)
      Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses.
      http://www.ietf.org/rfc/rfc3280.txt
      http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2
      {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)}
      OID: 1.3.6.1.5.5.7.3.9
      Parameters:
      certToken - the certificate token
      Returns:
      true if the certificate has the id_kp_OCSPSigning ExtendedKeyUsage

    • isExtendedKeyUsagePresent

      public static boolean isExtendedKeyUsagePresent(CertificateToken certToken, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Checks if the keyUsage with oid is present in the certificate token
      Parameters:
      certToken - CertificateToken
      oid - ASN1ObjectIdentifier
      Returns:
      TRUE if the certificate token contains a keyUsage with the given OID, FALSE otherwise

    • getX509CertificateHolder

      public static org.bouncycastle.cert.X509CertificateHolder getX509CertificateHolder(CertificateToken certToken)
      Returns a X509CertificateHolder encapsulating the given X509Certificate.
      Parameters:
      certToken - the certificate to be encapsulated
      Returns:
      a X509CertificateHolder holding this certificate

    • getCertificate

      public static CertificateToken getCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertificateHolder)
      Extract the certificate token from X509CertificateHolder
      Parameters:
      x509CertificateHolder - X509CertificateHolder
      Returns:
      CertificateToken

    • toSignerIdentifier

      public static SignerIdentifier toSignerIdentifier(org.bouncycastle.cms.SignerId signerId)
      This method transforms token's signerId into a SignerIdentifier object
      Parameters:
      signerId - SignerId to be transformed
      Returns:
      SignerIdentifier

    • toX500Principal

      public static X500Principal toX500Principal(org.bouncycastle.asn1.x500.X500Name x500Name)
      Transforms x500Name to X500Principal
      Parameters:
      x500Name - X500Name
      Returns:
      X500Principal

    • toSignerIdentifier

      public static SignerIdentifier toSignerIdentifier(X500Principal issuerX500Principal, BigInteger serialNumber, byte[] ski)
      This method transforms token's issuer and serial number information into a CertificateIdentifier object
      Parameters:
      issuerX500Principal - X500Principal of the issuer
      serialNumber - BigInteger of the token
      ski - a byte array representing a SubjectKeyIdentifier (SHA-1 digest of the public key)
      Returns:
      SignerIdentifier

    • getIssuerSerial

      public static org.bouncycastle.asn1.x509.IssuerSerial getIssuerSerial(CertificateToken certToken)
      This method returns a new IssuerSerial based on the certificate token
      Parameters:
      certToken - the certificate token
      Returns:
      a IssuerSerial

    • x500PrincipalAreEquals

      public static boolean x500PrincipalAreEquals(X500Principal firstX500Principal, X500Principal secondX500Principal)
      This method compares two X500Principals. X500Principal.CANONICAL and X500Principal.RFC2253 forms are compared.
      Parameters:
      firstX500Principal - the first X500Principal object to be compared
      secondX500Principal - the second X500Principal object to be compared
      Returns:
      true if the two parameters contain the same key/values

    • get

      public static Map<String,String> get(X500Principal x500Principal)
      Gets a map of X500 attribute names and the values
      Parameters:
      x500Principal - X500Principal
      Returns:
      a map of X500 attribute names and the values

    • getString

      public static String getString(org.bouncycastle.asn1.ASN1Encodable attributeValue)
      Reads the value
      Parameters:
      attributeValue - ASN1Encodable to read
      Returns:
      String value

    • extractAttributeFromX500Principal

      public static String extractAttributeFromX500Principal(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, X500PrincipalHelper principal)
      Extract attribute with the identifier from X500PrincipalHelper
      Parameters:
      identifier - ASN1ObjectIdentifier oid of the attribute to get value
      principal - X500PrincipalHelper to extract the attribute value from
      Returns:
      String value

    • getSubjectCommonName

      public static String getSubjectCommonName(CertificateToken cert)
      Extracts the Subject Common name from the certificate token
      Parameters:
      cert - CertificateToken
      Returns:
      String

    • getHumanReadableName

      public static String getHumanReadableName(CertificateToken cert)
      Extracts the pretty printed name of the certificate token
      Parameters:
      cert - CertificateToken
      Returns:
      String

    • getHumanReadableName

      public static String getHumanReadableName(X500PrincipalHelper x500PrincipalHelper)
      Extracts the pretty printed name from the X500PrincipalHelper
      Parameters:
      x500PrincipalHelper - X500PrincipalHelper
      Returns:
      String

    • getFirstSignerInformation

      public static org.bouncycastle.cms.SignerInformation getFirstSignerInformation(org.bouncycastle.cms.CMSSignedData cms)
      Returns the first SignerInformation extracted from CMSSignedData.
      Parameters:
      cms - CMSSignedData
      Returns:
      returns SignerInformation

    • isASN1SequenceTag

      public static boolean isASN1SequenceTag(byte tagByte)
      Checks if the byte defines an ASN1 Sequence
      Parameters:
      tagByte - byte to check
      Returns:
      TRUE if the byte defines an ASN1 Sequence, FALSE otherwise

    • getDate

      public static Date getDate(org.bouncycastle.asn1.ASN1Encodable encodable)
      Reads the encodable and returns a Date
      Parameters:
      encodable - ASN1Encodable to read
      Returns:
      Date

    • isEmpty

      public static boolean isEmpty(org.bouncycastle.asn1.cms.AttributeTable attributeTable)
      Checks if the attributeTable is empty
      Parameters:
      attributeTable - AttributeTable
      Returns:
      TRUE if the attribute table is empty, FALSE otherwise

    • emptyIfNull

      public static org.bouncycastle.asn1.cms.AttributeTable emptyIfNull(org.bouncycastle.asn1.cms.AttributeTable originalAttributeTable)
      Returns the current originalAttributeTable if instantiated, an empty AttributeTable if null
      Parameters:
      originalAttributeTable - AttributeTable
      Returns:
      AttributeTable

    • getExtendedKeyUsage

      public static List<String> getExtendedKeyUsage(CertificateToken certToken)
      Extracts all extended key usages for the certificate token
      Parameters:
      certToken - CertificateToken
      Returns:
      a list of Strings

    • getIssuerSerial

      public static org.bouncycastle.asn1.x509.IssuerSerial getIssuerSerial(byte[] binaries)
      Gets the IssuerSerial object
      Parameters:
      binaries - representing the IssuerSerial
      Returns:
      IssuerSerial if able to parse, null otherwise

    • toSignerIdentifier

      public static SignerIdentifier toSignerIdentifier(org.bouncycastle.asn1.x509.IssuerSerial issuerAndSerial)
      Transforms an object of class IssuerSerial into instance of CertificateIdentifier
      Parameters:
      issuerAndSerial - IssuerSerial to transform
      Returns:
      SignerIdentifier

    • getAtsHashIndex

      public static org.bouncycastle.asn1.ASN1Sequence getAtsHashIndex(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)
      Returns ats-hash-index table, with a related version present in from timestamp's unsigned properties
      Parameters:
      timestampUnsignedAttributes - AttributeTable unsigned properties of the timestamp
      Returns:
      the content of SignedAttribute: ATS-hash-index unsigned attribute with a present version

    • getAtsHashIndexByVersion

      public static org.bouncycastle.asn1.ASN1Sequence getAtsHashIndexByVersion(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)
      Returns ats-hash-index table, with a specified version present in from timestamp's unsigned properties
      Parameters:
      timestampUnsignedAttributes - AttributeTable unsigned properties of the timestamp
      atsHashIndexVersionIdentifier - ASN1ObjectIdentifier identifier of ats-hash-index table to get
      Returns:
      the content of SignedAttribute: ATS-hash-index unsigned attribute with a requested version if present

    • getAtsHashIndexVersionIdentifier

      public static org.bouncycastle.asn1.ASN1ObjectIdentifier getAtsHashIndexVersionIdentifier(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)
      Returns ASN1ObjectIdentifier of the found AtsHashIndex
      Parameters:
      timestampUnsignedAttributes - AttributeTable of the timestamp's unsignedAttributes
      Returns:
      ASN1ObjectIdentifier of the AtsHashIndex element version

    • getOctetStringForAtsHashIndex

      public static List<byte[]> getOctetStringForAtsHashIndex(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)
      Returns octets from the given attribute by defined atsh-hash-index type
      Parameters:
      attribute - Attribute to get byte array from
      atsHashIndexVersionIdentifier - ASN1ObjectIdentifier to specify rules
      Returns:
      byte array

    • getATSHashIndexV3OctetString

      public static List<byte[]> getATSHashIndexV3OctetString(org.bouncycastle.asn1.ASN1ObjectIdentifier attributeIdentifier, org.bouncycastle.asn1.ASN1Set attributeValues)
      Returns octets from the given attribute for ATS-Hash-Index-v3 table
      Parameters:
      attributeIdentifier - ASN1ObjectIdentifier of the corresponding Attribute
      attributeValues - ASN1Set of the corresponding Attribute
      Returns:
      byte array representing an octet string

    • getAsn1Encodable

      public static org.bouncycastle.asn1.ASN1Encodable getAsn1Encodable(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Returns ASN1Encodable for a given oid found in the unsignedAttributes
      Parameters:
      attributeTable - AttributeTable
      oid - target ASN1ObjectIdentifier
      Returns:
      ASN1Encodable

    • getAsn1AttributeSet

      public static org.bouncycastle.asn1.ASN1Set getAsn1AttributeSet(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Returns an Attribute values for a given oid found in the unsignedAttributes
      Parameters:
      attributeTable - AttributeTable
      oid - target ASN1ObjectIdentifier
      Returns:
      ASN1Set

    • getAsn1Attributes

      public static org.bouncycastle.asn1.cms.Attribute[] getAsn1Attributes(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Returns an array of Attributes for a given oid found in the unsignedAttributes
      Parameters:
      attributeTable - AttributeTable
      oid - target ASN1ObjectIdentifier
      Returns:
      Attributes array

    • findArchiveTimeStampTokens

      public static List<org.bouncycastle.tsp.TimeStampToken> findArchiveTimeStampTokens(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes)
      Finds archive TimeStampTokens
      Parameters:
      unsignedAttributes - AttributeTable to obtain timestamps from
      Returns:
      a list of TimeStampTokens

    • getTimestampOids

      public static List<org.bouncycastle.asn1.ASN1ObjectIdentifier> getTimestampOids()
      Returns a list of all CMS timestamp identifiers
      Returns:
      a list of ASN1ObjectIdentifiers

    • isArchiveTimeStampToken

      public static boolean isArchiveTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)
      Checks if the attribute is of an allowed archive timestamp type
      Parameters:
      attribute - Attribute to check
      Returns:
      true if the attribute represents an archive timestamp element, false otherwise

    • isAttributeOfType

      public static boolean isAttributeOfType(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier asn1ObjectIdentifier)
      Checks if the given attribute is an instance of the expected asn1ObjectIdentifier type
      Parameters:
      attribute - Attribute to check
      asn1ObjectIdentifier - ASN1ObjectIdentifier type to check against
      Returns:
      TRUE if the attribute is of type asn1ObjectIdentifier, FALSE otherwise

    • getTimeStampToken

      public static org.bouncycastle.tsp.TimeStampToken getTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)
      Creates a TimeStampToken from the provided attribute
      Parameters:
      attribute - Attribute to generate TimeStampToken from
      Returns:
      TimeStampToken

    • getCMSSignedData

      public static org.bouncycastle.cms.CMSSignedData getCMSSignedData(org.bouncycastle.asn1.cms.Attribute attribute) throws org.bouncycastle.cms.CMSException, IOException
      Creates a CMSSignedData from the provided attribute
      Parameters:
      attribute - Attribute to generate CMSSignedData from
      Returns:
      CMSSignedData
      Throws:
      IOException - in case of encoding exception
      org.bouncycastle.cms.CMSException - in case if the provided attribute cannot be converted to CMSSignedData

    • getAsn1Encodable

      public static org.bouncycastle.asn1.ASN1Encodable getAsn1Encodable(org.bouncycastle.asn1.cms.Attribute attribute)
      Returns ASN1Encodable of the attribute
      Parameters:
      attribute - Attribute
      Returns:
      ASN1Encodable

    • getTimeStampTokenGenerationTime

      public static Date getTimeStampTokenGenerationTime(org.bouncycastle.tsp.TimeStampToken timeStampToken)
      Returns generation time for the provided timeStampToken
      Parameters:
      timeStampToken - TimeStampToken to get generation time for
      Returns:
      Date timestamp generation time

    • getRevocationValues

      public static org.bouncycastle.asn1.esf.RevocationValues getRevocationValues(org.bouncycastle.asn1.ASN1Encodable encodable)
      Returns RevocationValues from the given encodable
      Parameters:
      encodable - the encoded data to be parsed
      Returns:
      an instance of RevocationValues or null if the parsing failed

    • getCertificateRef

      public static CertificateRef getCertificateRef(org.bouncycastle.asn1.ess.OtherCertID otherCertId)
      Converts the OtherCertID to CertificateRef
      Parameters:
      otherCertId - OtherCertID
      Returns:
      CertificateRef

    • getSubjectAlternativeNames

      public static List<String> getSubjectAlternativeNames(CertificateToken certToken)
      Returns a list of subject alternative names
      Parameters:
      certToken - CertificateToken
      Returns:
      a list of Strings

    • isAsn1Encoded

      public static boolean isAsn1Encoded(byte[] binaries)
      Checks if the binaries are ASN.1 encoded.
      Parameters:
      binaries - byte array to check.
      Returns:
      if the SignatureValue binaries are ASN.1 encoded.

    • isAsn1EncodedSignatureValue

      public static boolean isAsn1EncodedSignatureValue(byte[] binaries)
      Checks if the SignatureValue binaries are ASN.1 encoded.
      Parameters:
      binaries - byte array to check.
      Returns:
      if the SignatureValue binaries are ASN.1 encoded.

    • ensurePlainSignatureValue

      public static byte[] ensurePlainSignatureValue(EncryptionAlgorithm algorithm, byte[] signatureValue)
      Converts the ANS.1 binary signature value to the concatenated (plain) R || S format if required NOTE: used in XAdES and JAdES
      Parameters:
      algorithm - Encryption algorithm used to create the signatureValue
      signatureValue - the originally computed signature value
      Returns:
      the converted signature value

    • toPlainDSASignatureValue

      public static byte[] toPlainDSASignatureValue(byte[] asn1SignatureValue)
      Converts an ASN.1 value to a concatenation string of R and S from ECDSA/DSA encryption algorithm The JAVA JCE ECDSA/DSA Signature algorithm creates ASN.1 encoded (r,s) value pairs.
      Parameters:
      asn1SignatureValue - the ASN1 signature value
      Returns:
      the decoded bytes
      See Also:

    • toStandardDSASignatureValue

      public static byte[] toStandardDSASignatureValue(byte[] signatureValue)
      Converts a plain signatureValue to its corresponding ASN.1 format
      Parameters:
      signatureValue - the plain signature value
      Returns:
      the encoded bytes
      See Also:

    • getOrderFromSignatureValue

      public static BigInteger getOrderFromSignatureValue(byte[] signatureValue)
      Gets the order parameter corresponding the given signatureValue
      Parameters:
      signatureValue - byte array
      Returns:
      BigInteger

    • getSignatureValueBitLength

      public static int getSignatureValueBitLength(byte[] signatureValue)
      This method returns a bit length of the provided signature value
      Parameters:
      signatureValue - byte array representing the signature value
      Returns:
      bit length of the signature value

    • getDirectoryStringValue

      public static String getDirectoryStringValue(org.bouncycastle.asn1.ASN1Encodable directoryStringInstance)
      Returns a value of an ASN.1 DirectoryString instance Returns null if an error occurs during the transformation
      Parameters:
      directoryStringInstance - ASN1Encodable to get DirectoryString value from
      Returns:
      String value

    • toBasicOCSPResp

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp toBasicOCSPResp(org.bouncycastle.asn1.ocsp.OCSPResponse ocspResponse) throws org.bouncycastle.cert.ocsp.OCSPException
      Converts an object of OCSPResponse class to BasicOCSPResp
      Parameters:
      ocspResponse - OCSPResponse to convert
      Returns:
      BasicOCSPResp
      Throws:
      org.bouncycastle.cert.ocsp.OCSPException - in case of a conversion error

    • toBasicOCSPResps

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp[] toBasicOCSPResps(org.bouncycastle.asn1.ocsp.OCSPResponse[] ocspResponses)
      Converts an array of OCSPResponses to an array of BasicOCSPResps
      Parameters:
      ocspResponses - an array of OCSPResponses to convert
      Returns:
      an array of BasicOCSPResp

    • toBasicOCSPResps

      public static org.bouncycastle.cert.ocsp.BasicOCSPResp[] toBasicOCSPResps(org.bouncycastle.asn1.ocsp.BasicOCSPResponse[] basicOCSPResponses)
      Converts an array of BasicOCSPResponses to an array of BasicOCSPResps
      Parameters:
      basicOCSPResponses - an array of BasicOCSPResponses to convert
      Returns:
      an array of BasicOCSPResp

    • buildSPDocSpecificationId

      public static org.bouncycastle.asn1.ASN1Primitive buildSPDocSpecificationId(String oidOrUri)
      Builds SPDocSpecification attribute from the given oidOrUri SPDocSpecification ::= CHOICE { oid OBJECT IDENTIFIER, uri IA5String }
      Parameters:
      oidOrUri - String represents OID or URI
      Returns:
      ASN1Primitive