|
|
|
|
@ -46,8 +46,11 @@
|
|
|
|
|
*/ |
|
|
|
|
package com.fr.third.com.lowagie.text.pdf; |
|
|
|
|
|
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Integer; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Object; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1ObjectIdentifier; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1String; |
|
|
|
|
|
|
|
|
|
import java.io.ByteArrayInputStream; |
|
|
|
|
import java.io.ByteArrayOutputStream; |
|
|
|
|
import java.io.File; |
|
|
|
|
@ -77,19 +80,15 @@ import java.util.HashSet;
|
|
|
|
|
import java.util.Iterator; |
|
|
|
|
import java.util.Set; |
|
|
|
|
|
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Encodable; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Sequence; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Set; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DEREnumerated; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERInteger; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1Enumerated; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERNull; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DEROctetString; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DEROutputStream; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERSequence; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERSet; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.DERTaggedObject; |
|
|
|
|
@ -101,12 +100,12 @@ import com.fr.third.org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
|
|
|
|
|
import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser; |
|
|
|
|
import com.fr.third.org.bouncycastle.jce.provider.X509CertParser; |
|
|
|
|
import com.fr.third.com.lowagie.text.ExceptionConverter; |
|
|
|
|
|
|
|
|
|
import java.security.cert.CertificateParsingException; |
|
|
|
|
import java.util.Date; |
|
|
|
|
|
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.ASN1OctetString; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint; |
|
|
|
|
import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions; |
|
|
|
|
//import org.bouncycastle.ocsp.BasicOCSPResp;
|
|
|
|
|
//import org.bouncycastle.ocsp.CertificateID;
|
|
|
|
|
@ -242,6 +241,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Gets the digest name for a certain id |
|
|
|
|
* |
|
|
|
|
* @param oid an id (for instance "1.2.840.113549.2.5") |
|
|
|
|
* @return a digest name (for instance "MD5") |
|
|
|
|
* @since 2.1.6 |
|
|
|
|
@ -256,6 +256,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Gets the algorithm name for a certain id. |
|
|
|
|
* |
|
|
|
|
* @param oid an id (for instance "1.2.840.113549.1.1.1") |
|
|
|
|
* @return an algorithm name (for instance "RSA") |
|
|
|
|
* @since 2.1.6 |
|
|
|
|
@ -293,6 +294,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Verifies a signature using the sub-filter adbe.x509.rsa_sha1. |
|
|
|
|
* |
|
|
|
|
* @param contentsKey the /Contents key |
|
|
|
|
* @param certsKey the /Cert key |
|
|
|
|
* @param provider the provider or <code>null</code> for the default provider |
|
|
|
|
@ -313,8 +315,7 @@ public class PdfPKCS7 {
|
|
|
|
|
else |
|
|
|
|
sig = Signature.getInstance("SHA1withRSA", provider); |
|
|
|
|
sig.initVerify(signCert.getPublicKey()); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
@ -323,19 +324,19 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Gets the OCSP basic response if there is one. |
|
|
|
|
* |
|
|
|
|
* @return the OCSP basic response or null |
|
|
|
|
* @since 2.1.6 |
|
|
|
|
*/ |
|
|
|
|
// public BasicOCSPResp getOcsp() {
|
|
|
|
|
// return basicResp;
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
private void findOcsp(ASN1Sequence seq) throws IOException { |
|
|
|
|
// basicResp = null;
|
|
|
|
|
boolean ret = false; |
|
|
|
|
while (true) { |
|
|
|
|
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) |
|
|
|
|
&& ((DERObjectIdentifier)seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) { |
|
|
|
|
if ((seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) |
|
|
|
|
&& ((ASN1ObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) { |
|
|
|
|
break; |
|
|
|
|
} |
|
|
|
|
ret = true; |
|
|
|
|
@ -351,8 +352,7 @@ public class PdfPKCS7 {
|
|
|
|
|
seq = (ASN1Sequence) tag.getObject(); |
|
|
|
|
ret = false; |
|
|
|
|
break; |
|
|
|
|
} |
|
|
|
|
else |
|
|
|
|
} else |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
@ -368,6 +368,7 @@ public class PdfPKCS7 {
|
|
|
|
|
/** |
|
|
|
|
* Verifies a signature using the sub-filter adbe.pkcs7.detached or |
|
|
|
|
* adbe.pkcs7.sha1. |
|
|
|
|
* |
|
|
|
|
* @param contentsKey the /Contents key |
|
|
|
|
* @param provider the provider or <code>null</code> for the default provider |
|
|
|
|
*/ |
|
|
|
|
@ -383,15 +384,14 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
pkcs = din.readObject(); |
|
|
|
|
} |
|
|
|
|
catch (IOException e) { |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
throw new IllegalArgumentException("can't decode PKCS7SignedData object"); |
|
|
|
|
} |
|
|
|
|
if (!(pkcs instanceof ASN1Sequence)) { |
|
|
|
|
throw new IllegalArgumentException("Not a valid PKCS#7 object - not a sequence"); |
|
|
|
|
} |
|
|
|
|
ASN1Sequence signedData = (ASN1Sequence) pkcs; |
|
|
|
|
DERObjectIdentifier objId = (DERObjectIdentifier)signedData.getObjectAt(0); |
|
|
|
|
ASN1ObjectIdentifier objId = (ASN1ObjectIdentifier) signedData.getObjectAt(0); |
|
|
|
|
if (!objId.getId().equals(ID_PKCS7_SIGNED_DATA)) |
|
|
|
|
throw new IllegalArgumentException("Not a valid PKCS#7 object - not signed data"); |
|
|
|
|
ASN1Sequence content = (ASN1Sequence) ((DERTaggedObject) signedData.getObjectAt(1)).getObject(); |
|
|
|
|
@ -403,15 +403,14 @@ public class PdfPKCS7 {
|
|
|
|
|
// last - signerInfos
|
|
|
|
|
|
|
|
|
|
// the version
|
|
|
|
|
version = ((DERInteger)content.getObjectAt(0)).getValue().intValue(); |
|
|
|
|
version = ((ASN1Integer) content.getObjectAt(0)).getValue().intValue(); |
|
|
|
|
|
|
|
|
|
// the digestAlgorithms
|
|
|
|
|
digestalgos = new HashSet(); |
|
|
|
|
Enumeration e = ((ASN1Set) content.getObjectAt(1)).getObjects(); |
|
|
|
|
while (e.hasMoreElements()) |
|
|
|
|
{ |
|
|
|
|
while (e.hasMoreElements()) { |
|
|
|
|
ASN1Sequence s = (ASN1Sequence) e.nextElement(); |
|
|
|
|
DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0); |
|
|
|
|
ASN1ObjectIdentifier o = (ASN1ObjectIdentifier) s.getObjectAt(0); |
|
|
|
|
digestalgos.add(o.getId()); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -444,10 +443,10 @@ public class PdfPKCS7 {
|
|
|
|
|
// 2 - the digest algorithm
|
|
|
|
|
// 3 or 4 - digestEncryptionAlgorithm
|
|
|
|
|
// 4 or 5 - encryptedDigest
|
|
|
|
|
signerversion = ((DERInteger)signerInfo.getObjectAt(0)).getValue().intValue(); |
|
|
|
|
signerversion = ((ASN1Integer) signerInfo.getObjectAt(0)).getValue().intValue(); |
|
|
|
|
// Get the signing certificate
|
|
|
|
|
ASN1Sequence issuerAndSerialNumber = (ASN1Sequence) signerInfo.getObjectAt(1); |
|
|
|
|
BigInteger serialNumber = ((DERInteger)issuerAndSerialNumber.getObjectAt(1)).getValue(); |
|
|
|
|
BigInteger serialNumber = ((ASN1Integer) issuerAndSerialNumber.getObjectAt(1)).getValue(); |
|
|
|
|
for (Iterator i = certs.iterator(); i.hasNext(); ) { |
|
|
|
|
X509Certificate cert = (X509Certificate) i.next(); |
|
|
|
|
if (serialNumber.equals(cert.getSerialNumber())) { |
|
|
|
|
@ -459,7 +458,7 @@ public class PdfPKCS7 {
|
|
|
|
|
throw new IllegalArgumentException("Can't find signing certificate with serial " + serialNumber.toString(16)); |
|
|
|
|
} |
|
|
|
|
signCertificateChain(); |
|
|
|
|
digestAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId(); |
|
|
|
|
digestAlgorithm = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(2)).getObjectAt(0)).getId(); |
|
|
|
|
next = 3; |
|
|
|
|
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { |
|
|
|
|
ASN1TaggedObject tagsig = (ASN1TaggedObject) signerInfo.getObjectAt(next); |
|
|
|
|
@ -468,11 +467,10 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
for (int k = 0; k < sseq.size(); ++k) { |
|
|
|
|
ASN1Sequence seq2 = (ASN1Sequence) sseq.getObjectAt(k); |
|
|
|
|
if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().equals(ID_MESSAGE_DIGEST)) { |
|
|
|
|
if (((ASN1ObjectIdentifier) seq2.getObjectAt(0)).getId().equals(ID_MESSAGE_DIGEST)) { |
|
|
|
|
ASN1Set set = (ASN1Set) seq2.getObjectAt(1); |
|
|
|
|
digestAttr = ((DEROctetString) set.getObjectAt(0)).getOctets(); |
|
|
|
|
} |
|
|
|
|
else if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().equals(ID_ADBE_REVOCATION)) { |
|
|
|
|
} else if (((ASN1ObjectIdentifier) seq2.getObjectAt(0)).getId().equals(ID_ADBE_REVOCATION)) { |
|
|
|
|
ASN1Set setout = (ASN1Set) seq2.getObjectAt(1); |
|
|
|
|
ASN1Sequence seqout = (ASN1Sequence) setout.getObjectAt(0); |
|
|
|
|
for (int j = 0; j < seqout.size(); ++j) { |
|
|
|
|
@ -488,7 +486,7 @@ public class PdfPKCS7 {
|
|
|
|
|
throw new IllegalArgumentException("Authenticated attribute is missing the digest."); |
|
|
|
|
++next; |
|
|
|
|
} |
|
|
|
|
digestEncryptionAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId(); |
|
|
|
|
digestEncryptionAlgorithm = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(next++)).getObjectAt(0)).getId(); |
|
|
|
|
digest = ((DEROctetString) signerInfo.getObjectAt(next++)).getOctets(); |
|
|
|
|
if (next < signerInfo.size() && (signerInfo.getObjectAt(next) instanceof DERTaggedObject)) { |
|
|
|
|
DERTaggedObject taggedObject = (DERTaggedObject) signerInfo.getObjectAt(next); |
|
|
|
|
@ -513,14 +511,14 @@ public class PdfPKCS7 {
|
|
|
|
|
else |
|
|
|
|
sig = Signature.getInstance(getDigestAlgorithm(), provider); |
|
|
|
|
sig.initVerify(signCert.getPublicKey()); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Generates a signature. |
|
|
|
|
* |
|
|
|
|
* @param privKey the private key |
|
|
|
|
* @param certChain the certificate chain |
|
|
|
|
* @param crlList the certificate revocation list |
|
|
|
|
@ -534,8 +532,7 @@ public class PdfPKCS7 {
|
|
|
|
|
public PdfPKCS7(PrivateKey privKey, Certificate[] certChain, CRL[] crlList, |
|
|
|
|
String hashAlgorithm, String provider, boolean hasRSAdata) |
|
|
|
|
throws InvalidKeyException, NoSuchProviderException, |
|
|
|
|
NoSuchAlgorithmException |
|
|
|
|
{ |
|
|
|
|
NoSuchAlgorithmException { |
|
|
|
|
this.privKey = privKey; |
|
|
|
|
this.provider = provider; |
|
|
|
|
|
|
|
|
|
@ -570,11 +567,9 @@ public class PdfPKCS7 {
|
|
|
|
|
digestEncryptionAlgorithm = privKey.getAlgorithm(); |
|
|
|
|
if (digestEncryptionAlgorithm.equals("RSA")) { |
|
|
|
|
digestEncryptionAlgorithm = ID_RSA; |
|
|
|
|
} |
|
|
|
|
else if (digestEncryptionAlgorithm.equals("DSA")) { |
|
|
|
|
} else if (digestEncryptionAlgorithm.equals("DSA")) { |
|
|
|
|
digestEncryptionAlgorithm = ID_DSA; |
|
|
|
|
} |
|
|
|
|
else { |
|
|
|
|
} else { |
|
|
|
|
throw new NoSuchAlgorithmException("Unknown Key Algorithm " + digestEncryptionAlgorithm); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
@ -598,6 +593,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Update the digest with the specified bytes. This method is used both for signing and verifying |
|
|
|
|
* |
|
|
|
|
* @param buf the data buffer |
|
|
|
|
* @param off the offset in the data buffer |
|
|
|
|
* @param len the data length |
|
|
|
|
@ -612,8 +608,9 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Verify the digest. |
|
|
|
|
* @throws SignatureException on error |
|
|
|
|
* |
|
|
|
|
* @return <CODE>true</CODE> if the signature checks out, <CODE>false</CODE> otherwise |
|
|
|
|
* @throws SignatureException on error |
|
|
|
|
*/ |
|
|
|
|
public boolean verify() throws SignatureException { |
|
|
|
|
if (verified) |
|
|
|
|
@ -625,8 +622,7 @@ public class PdfPKCS7 {
|
|
|
|
|
messageDigest.update(msd); |
|
|
|
|
} |
|
|
|
|
verifyResult = (Arrays.equals(messageDigest.digest(), digestAttr) && sig.verify(digest)); |
|
|
|
|
} |
|
|
|
|
else { |
|
|
|
|
} else { |
|
|
|
|
if (RSAdata != null) |
|
|
|
|
sig.update(messageDigest.digest()); |
|
|
|
|
verifyResult = sig.verify(digest); |
|
|
|
|
@ -654,6 +650,7 @@ public class PdfPKCS7 {
|
|
|
|
|
/** |
|
|
|
|
* Get all the X.509 certificates associated with this PKCS#7 object in no particular order. |
|
|
|
|
* Other certificates, from OCSP for example, will also be included. |
|
|
|
|
* |
|
|
|
|
* @return the X.509 certificates associated with this PKCS#7 object |
|
|
|
|
*/ |
|
|
|
|
public Certificate[] getCertificates() { |
|
|
|
|
@ -664,6 +661,7 @@ public class PdfPKCS7 {
|
|
|
|
|
* Get the X.509 sign certificate chain associated with this PKCS#7 object. |
|
|
|
|
* Only the certificates used for the main signature will be returned, with |
|
|
|
|
* the signing certificate first. |
|
|
|
|
* |
|
|
|
|
* @return the X.509 certificates associated with this PKCS#7 object |
|
|
|
|
* @since 2.1.6 |
|
|
|
|
*/ |
|
|
|
|
@ -696,8 +694,7 @@ public class PdfPKCS7 {
|
|
|
|
|
cc.add(oc.get(k)); |
|
|
|
|
oc.remove(k); |
|
|
|
|
break; |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
@ -706,6 +703,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the X.509 certificate revocation lists associated with this PKCS#7 object |
|
|
|
|
* |
|
|
|
|
* @return the X.509 certificate revocation lists associated with this PKCS#7 object |
|
|
|
|
*/ |
|
|
|
|
public Collection getCRLs() { |
|
|
|
|
@ -714,6 +712,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the X.509 certificate actually used to sign the digest. |
|
|
|
|
* |
|
|
|
|
* @return the X.509 certificate actually used to sign the digest |
|
|
|
|
*/ |
|
|
|
|
public X509Certificate getSigningCertificate() { |
|
|
|
|
@ -722,6 +721,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the version of the PKCS#7 object. Always 1 |
|
|
|
|
* |
|
|
|
|
* @return the version of the PKCS#7 object. Always 1 |
|
|
|
|
*/ |
|
|
|
|
public int getVersion() { |
|
|
|
|
@ -730,6 +730,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the version of the PKCS#7 "SignerInfo" object. Always 1 |
|
|
|
|
* |
|
|
|
|
* @return the version of the PKCS#7 "SignerInfo" object. Always 1 |
|
|
|
|
*/ |
|
|
|
|
public int getSigningInfoVersion() { |
|
|
|
|
@ -738,6 +739,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the algorithm used to calculate the message digest |
|
|
|
|
* |
|
|
|
|
* @return the algorithm used to calculate the message digest |
|
|
|
|
*/ |
|
|
|
|
public String getDigestAlgorithm() { |
|
|
|
|
@ -750,6 +752,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Returns the algorithm. |
|
|
|
|
* |
|
|
|
|
* @return the digest algorithm |
|
|
|
|
*/ |
|
|
|
|
public String getHashAlgorithm() { |
|
|
|
|
@ -759,6 +762,7 @@ public class PdfPKCS7 {
|
|
|
|
|
/** |
|
|
|
|
* Loads the default root certificates at <java.home>/lib/security/cacerts |
|
|
|
|
* with the default provider. |
|
|
|
|
* |
|
|
|
|
* @return a <CODE>KeyStore</CODE> |
|
|
|
|
*/ |
|
|
|
|
public static KeyStore loadCacertsKeyStore() { |
|
|
|
|
@ -767,6 +771,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Loads the default root certificates at <java.home>/lib/security/cacerts. |
|
|
|
|
* |
|
|
|
|
* @param provider the provider or <code>null</code> for the default provider |
|
|
|
|
* @return a <CODE>KeyStore</CODE> |
|
|
|
|
*/ |
|
|
|
|
@ -784,17 +789,21 @@ public class PdfPKCS7 {
|
|
|
|
|
k = KeyStore.getInstance("JKS", provider); |
|
|
|
|
k.load(fin, null); |
|
|
|
|
return k; |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} finally { |
|
|
|
|
try { |
|
|
|
|
if (fin != null) { |
|
|
|
|
fin.close(); |
|
|
|
|
} |
|
|
|
|
} catch (Exception ex) { |
|
|
|
|
} |
|
|
|
|
finally { |
|
|
|
|
try{if (fin != null) {fin.close();}}catch(Exception ex){} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Verifies a single certificate. |
|
|
|
|
* |
|
|
|
|
* @param cert the certificate to verify |
|
|
|
|
* @param crls the certificate revocation list or <CODE>null</CODE> |
|
|
|
|
* @param calendar the date or <CODE>null</CODE> for the current date |
|
|
|
|
@ -808,8 +817,7 @@ public class PdfPKCS7 {
|
|
|
|
|
return "Has unsupported critical extension"; |
|
|
|
|
try { |
|
|
|
|
cert.checkValidity(calendar.getTime()); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
return e.getMessage(); |
|
|
|
|
} |
|
|
|
|
if (crls != null) { |
|
|
|
|
@ -823,6 +831,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Verifies a certificate chain against a KeyStore. |
|
|
|
|
* |
|
|
|
|
* @param certs the certificate chain |
|
|
|
|
* @param keystore the <CODE>KeyStore</CODE> |
|
|
|
|
* @param crls the certificate revocation list or <CODE>null</CODE> |
|
|
|
|
@ -851,16 +860,13 @@ public class PdfPKCS7 {
|
|
|
|
|
try { |
|
|
|
|
cert.verify(certStoreX509.getPublicKey()); |
|
|
|
|
return null; |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
continue; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
catch (Exception ex) { |
|
|
|
|
} catch (Exception ex) { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
} |
|
|
|
|
int j; |
|
|
|
|
for (j = 0; j < certs.length; ++j) { |
|
|
|
|
@ -870,8 +876,7 @@ public class PdfPKCS7 {
|
|
|
|
|
try { |
|
|
|
|
cert.verify(certNext.getPublicKey()); |
|
|
|
|
break; |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if (j == certs.length) |
|
|
|
|
@ -942,6 +947,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Retrieves the OCSP URL from the given certificate. |
|
|
|
|
* |
|
|
|
|
* @param certificate the certificate |
|
|
|
|
* @return the URL or null |
|
|
|
|
* @throws CertificateParsingException on error |
|
|
|
|
@ -960,7 +966,7 @@ public class PdfPKCS7 {
|
|
|
|
|
if (AccessDescription.size() != 2) { |
|
|
|
|
continue; |
|
|
|
|
} else { |
|
|
|
|
if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) { |
|
|
|
|
if ((AccessDescription.getObjectAt(0) instanceof ASN1ObjectIdentifier) && ((ASN1ObjectIdentifier) AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) { |
|
|
|
|
String AccessLocation = getStringFromGeneralName((ASN1Object) AccessDescription.getObjectAt(1)); |
|
|
|
|
if (AccessLocation == null) { |
|
|
|
|
return ""; |
|
|
|
|
@ -977,6 +983,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Checks if OCSP revocation refers to the document signing certificate. |
|
|
|
|
* |
|
|
|
|
* @return true if it checks false otherwise |
|
|
|
|
* @since 2.1.6 |
|
|
|
|
*/ |
|
|
|
|
@ -998,7 +1005,6 @@ public class PdfPKCS7 {
|
|
|
|
|
// }
|
|
|
|
|
// return false;
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException { |
|
|
|
|
byte[] bytes = cert.getExtensionValue(oid); |
|
|
|
|
if (bytes == null) { |
|
|
|
|
@ -1017,6 +1023,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the "issuer" from the TBSCertificate bytes that are passed in |
|
|
|
|
* |
|
|
|
|
* @param enc a TBSCertificate in a byte array |
|
|
|
|
* @return a DERObject |
|
|
|
|
*/ |
|
|
|
|
@ -1025,14 +1032,14 @@ public class PdfPKCS7 {
|
|
|
|
|
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); |
|
|
|
|
ASN1Sequence seq = (ASN1Sequence) in.readObject(); |
|
|
|
|
return (ASN1Object) seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); |
|
|
|
|
} |
|
|
|
|
catch (IOException e) { |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the "subject" from the TBSCertificate bytes that are passed in |
|
|
|
|
* |
|
|
|
|
* @param enc A TBSCertificate in a byte array |
|
|
|
|
* @return a DERObject |
|
|
|
|
*/ |
|
|
|
|
@ -1041,42 +1048,42 @@ public class PdfPKCS7 {
|
|
|
|
|
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); |
|
|
|
|
ASN1Sequence seq = (ASN1Sequence) in.readObject(); |
|
|
|
|
return (ASN1Object) seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); |
|
|
|
|
} |
|
|
|
|
catch (IOException e) { |
|
|
|
|
} catch (IOException e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the issuer fields from an X509 Certificate |
|
|
|
|
* |
|
|
|
|
* @param cert an X509Certificate |
|
|
|
|
* @return an X509Name |
|
|
|
|
*/ |
|
|
|
|
public static X509Name getIssuerFields(X509Certificate cert) { |
|
|
|
|
try { |
|
|
|
|
return new X509Name((ASN1Sequence) getIssuer(cert.getTBSCertificate())); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Get the subject fields from an X509 Certificate |
|
|
|
|
* |
|
|
|
|
* @param cert an X509Certificate |
|
|
|
|
* @return an X509Name |
|
|
|
|
*/ |
|
|
|
|
public static X509Name getSubjectFields(X509Certificate cert) { |
|
|
|
|
try { |
|
|
|
|
return new X509Name((ASN1Sequence) getSubject(cert.getTBSCertificate())); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Gets the bytes for the PKCS#1 object. |
|
|
|
|
* |
|
|
|
|
* @return a byte array |
|
|
|
|
*/ |
|
|
|
|
public byte[] getEncodedPKCS1() { |
|
|
|
|
@ -1092,14 +1099,14 @@ public class PdfPKCS7 {
|
|
|
|
|
dout.close(); |
|
|
|
|
|
|
|
|
|
return bOut.toByteArray(); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Sets the digest/signature to an external calculated value. |
|
|
|
|
* |
|
|
|
|
* @param digest the digest. This is the actual signature |
|
|
|
|
* @param RSAdata the extra data that goes into the data tag in PKCS#7 |
|
|
|
|
* @param digestEncryptionAlgorithm the encryption algorithm. It may must be <CODE>null</CODE> if the <CODE>digest</CODE> |
|
|
|
|
@ -1112,17 +1119,16 @@ public class PdfPKCS7 {
|
|
|
|
|
if (digestEncryptionAlgorithm != null) { |
|
|
|
|
if (digestEncryptionAlgorithm.equals("RSA")) { |
|
|
|
|
this.digestEncryptionAlgorithm = ID_RSA; |
|
|
|
|
} |
|
|
|
|
else if (digestEncryptionAlgorithm.equals("DSA")) { |
|
|
|
|
} else if (digestEncryptionAlgorithm.equals("DSA")) { |
|
|
|
|
this.digestEncryptionAlgorithm = ID_DSA; |
|
|
|
|
} |
|
|
|
|
else |
|
|
|
|
} else |
|
|
|
|
throw new ExceptionConverter(new NoSuchAlgorithmException("Unknown Key Algorithm " + digestEncryptionAlgorithm)); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Gets the bytes for the PKCS7SignedData object. |
|
|
|
|
* |
|
|
|
|
* @return the bytes for the PKCS7SignedData object |
|
|
|
|
*/ |
|
|
|
|
public byte[] getEncodedPKCS7() { |
|
|
|
|
@ -1132,6 +1138,7 @@ public class PdfPKCS7 {
|
|
|
|
|
/** |
|
|
|
|
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes |
|
|
|
|
* in the signerInfo can also be set. If either of the parameters is <CODE>null</CODE>, none will be used. |
|
|
|
|
* |
|
|
|
|
* @param secondDigest the digest in the authenticatedAttributes |
|
|
|
|
* @param signingTime the signing time in the authenticatedAttributes |
|
|
|
|
* @return the bytes for the PKCS7SignedData object |
|
|
|
|
@ -1144,6 +1151,7 @@ public class PdfPKCS7 {
|
|
|
|
|
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes |
|
|
|
|
* in the signerInfo can also be set, OR a time-stamp-authority client |
|
|
|
|
* may be provided. |
|
|
|
|
* |
|
|
|
|
* @param secondDigest the digest in the authenticatedAttributes |
|
|
|
|
* @param signingTime the signing time in the authenticatedAttributes |
|
|
|
|
* @param tsaClient TSAClient - null or an optional time stamp authority client |
|
|
|
|
@ -1156,13 +1164,11 @@ public class PdfPKCS7 {
|
|
|
|
|
digest = externalDigest; |
|
|
|
|
if (RSAdata != null) |
|
|
|
|
RSAdata = externalRSAdata; |
|
|
|
|
} |
|
|
|
|
else if (externalRSAdata != null && RSAdata != null) { |
|
|
|
|
} else if (externalRSAdata != null && RSAdata != null) { |
|
|
|
|
RSAdata = externalRSAdata; |
|
|
|
|
sig.update(RSAdata); |
|
|
|
|
digest = sig.sign(); |
|
|
|
|
} |
|
|
|
|
else { |
|
|
|
|
} else { |
|
|
|
|
if (RSAdata != null) { |
|
|
|
|
RSAdata = messageDigest.digest(); |
|
|
|
|
sig.update(RSAdata); |
|
|
|
|
@ -1174,14 +1180,14 @@ public class PdfPKCS7 {
|
|
|
|
|
ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector(); |
|
|
|
|
for (Iterator it = digestalgos.iterator(); it.hasNext(); ) { |
|
|
|
|
ASN1EncodableVector algos = new ASN1EncodableVector(); |
|
|
|
|
algos.add(new DERObjectIdentifier((String)it.next())); |
|
|
|
|
algos.add(new ASN1ObjectIdentifier((String) it.next())); |
|
|
|
|
algos.add(DERNull.INSTANCE); |
|
|
|
|
digestAlgorithms.add(new DERSequence(algos)); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Create the contentInfo.
|
|
|
|
|
ASN1EncodableVector v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(ID_PKCS7_DATA)); |
|
|
|
|
v.add(new ASN1ObjectIdentifier(ID_PKCS7_DATA)); |
|
|
|
|
if (RSAdata != null) |
|
|
|
|
v.add(new DERTaggedObject(0, new DEROctetString(RSAdata))); |
|
|
|
|
DERSequence contentinfo = new DERSequence(v); |
|
|
|
|
@ -1202,17 +1208,17 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
// Add the signerInfo version
|
|
|
|
|
//
|
|
|
|
|
signerinfo.add(new DERInteger(signerversion)); |
|
|
|
|
signerinfo.add(new ASN1Integer(signerversion)); |
|
|
|
|
|
|
|
|
|
v = new ASN1EncodableVector(); |
|
|
|
|
v.add(getIssuer(signCert.getTBSCertificate())); |
|
|
|
|
v.add(new DERInteger(signCert.getSerialNumber())); |
|
|
|
|
v.add(new ASN1Integer(signCert.getSerialNumber())); |
|
|
|
|
signerinfo.add(new DERSequence(v)); |
|
|
|
|
|
|
|
|
|
// Add the digestAlgorithm
|
|
|
|
|
v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(digestAlgorithm)); |
|
|
|
|
v.add(new DERNull()); |
|
|
|
|
v.add(new ASN1ObjectIdentifier(digestAlgorithm)); |
|
|
|
|
v.add(DERNull.INSTANCE); |
|
|
|
|
signerinfo.add(new DERSequence(v)); |
|
|
|
|
|
|
|
|
|
// add the authenticated attribute if present
|
|
|
|
|
@ -1221,8 +1227,8 @@ public class PdfPKCS7 {
|
|
|
|
|
} |
|
|
|
|
// Add the digestEncryptionAlgorithm
|
|
|
|
|
v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(digestEncryptionAlgorithm)); |
|
|
|
|
v.add(new DERNull()); |
|
|
|
|
v.add(new ASN1ObjectIdentifier(digestEncryptionAlgorithm)); |
|
|
|
|
v.add(DERNull.INSTANCE); |
|
|
|
|
signerinfo.add(new DERSequence(v)); |
|
|
|
|
|
|
|
|
|
// Add the digest
|
|
|
|
|
@ -1244,7 +1250,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
// Finally build the body out of all the components above
|
|
|
|
|
ASN1EncodableVector body = new ASN1EncodableVector(); |
|
|
|
|
body.add(new DERInteger(version)); |
|
|
|
|
body.add(new ASN1Integer(version)); |
|
|
|
|
body.add(new DERSet(digestAlgorithms)); |
|
|
|
|
body.add(contentinfo); |
|
|
|
|
body.add(new DERTaggedObject(false, 0, dercertificates)); |
|
|
|
|
@ -1266,7 +1272,7 @@ public class PdfPKCS7 {
|
|
|
|
|
// and return it
|
|
|
|
|
//
|
|
|
|
|
ASN1EncodableVector whole = new ASN1EncodableVector(); |
|
|
|
|
whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA)); |
|
|
|
|
whole.add(new ASN1ObjectIdentifier(ID_PKCS7_SIGNED_DATA)); |
|
|
|
|
whole.add(new DERTaggedObject(0, new DERSequence(body))); |
|
|
|
|
|
|
|
|
|
ByteArrayOutputStream bOut = new ByteArrayOutputStream(); |
|
|
|
|
@ -1276,8 +1282,7 @@ public class PdfPKCS7 {
|
|
|
|
|
dout.close(); |
|
|
|
|
|
|
|
|
|
return bOut.toByteArray(); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
@ -1287,6 +1292,7 @@ public class PdfPKCS7 {
|
|
|
|
|
* to start with the timeStampToken (signedData 1.2.840.113549.1.7.2). |
|
|
|
|
* Token is the TSA response without response status, which is usually |
|
|
|
|
* handled by the (vendor supplied) TSA request/response interface). |
|
|
|
|
* |
|
|
|
|
* @param timeStampToken byte[] - time stamp token, DER encoded signedData |
|
|
|
|
* @return ASN1EncodableVector |
|
|
|
|
* @throws IOException |
|
|
|
|
@ -1302,7 +1308,7 @@ public class PdfPKCS7 {
|
|
|
|
|
ASN1EncodableVector unauthAttributes = new ASN1EncodableVector(); |
|
|
|
|
|
|
|
|
|
ASN1EncodableVector v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken
|
|
|
|
|
v.add(new ASN1ObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken
|
|
|
|
|
ASN1Sequence seq = (ASN1Sequence) tempstream.readObject(); |
|
|
|
|
v.add(new DERSet(seq)); |
|
|
|
|
|
|
|
|
|
@ -1334,6 +1340,7 @@ public class PdfPKCS7 {
|
|
|
|
|
* pk7.update(sh, 0, sh.length); |
|
|
|
|
* byte sg[] = pk7.getEncodedPKCS7(hash, cal); |
|
|
|
|
* </pre> |
|
|
|
|
* |
|
|
|
|
* @param secondDigest the content digest |
|
|
|
|
* @param signingTime the signing time |
|
|
|
|
* @return the byte array representation of the authenticatedAttributes ready to be signed |
|
|
|
|
@ -1341,8 +1348,7 @@ public class PdfPKCS7 {
|
|
|
|
|
public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) { |
|
|
|
|
try { |
|
|
|
|
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER"); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
@ -1351,36 +1357,35 @@ public class PdfPKCS7 {
|
|
|
|
|
try { |
|
|
|
|
ASN1EncodableVector attribute = new ASN1EncodableVector(); |
|
|
|
|
ASN1EncodableVector v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(ID_CONTENT_TYPE)); |
|
|
|
|
v.add(new DERSet(new DERObjectIdentifier(ID_PKCS7_DATA))); |
|
|
|
|
v.add(new ASN1ObjectIdentifier(ID_CONTENT_TYPE)); |
|
|
|
|
v.add(new DERSet(new ASN1ObjectIdentifier(ID_PKCS7_DATA))); |
|
|
|
|
attribute.add(new DERSequence(v)); |
|
|
|
|
v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(ID_SIGNING_TIME)); |
|
|
|
|
v.add(new ASN1ObjectIdentifier(ID_SIGNING_TIME)); |
|
|
|
|
v.add(new DERSet(new DERUTCTime(signingTime.getTime()))); |
|
|
|
|
attribute.add(new DERSequence(v)); |
|
|
|
|
v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(ID_MESSAGE_DIGEST)); |
|
|
|
|
v.add(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST)); |
|
|
|
|
v.add(new DERSet(new DEROctetString(secondDigest))); |
|
|
|
|
attribute.add(new DERSequence(v)); |
|
|
|
|
if (ocsp != null) { |
|
|
|
|
v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION)); |
|
|
|
|
v.add(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION)); |
|
|
|
|
DEROctetString doctet = new DEROctetString(ocsp); |
|
|
|
|
ASN1EncodableVector vo1 = new ASN1EncodableVector(); |
|
|
|
|
ASN1EncodableVector v2 = new ASN1EncodableVector(); |
|
|
|
|
v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic); |
|
|
|
|
v2.add(doctet); |
|
|
|
|
DEREnumerated den = new DEREnumerated(0); |
|
|
|
|
ASN1Enumerated den = new ASN1Enumerated(0); |
|
|
|
|
ASN1EncodableVector v3 = new ASN1EncodableVector(); |
|
|
|
|
v3.add(den); |
|
|
|
|
v3.add(new DERTaggedObject(true, 0, new DERSequence(v2))); |
|
|
|
|
vo1.add(new DERSequence(v3)); |
|
|
|
|
v.add(new DERSet(new DERSequence(new DERTaggedObject(true, 1, new DERSequence(vo1))))); |
|
|
|
|
attribute.add(new DERSequence(v)); |
|
|
|
|
} |
|
|
|
|
else if (!crls.isEmpty()) { |
|
|
|
|
} else if (!crls.isEmpty()) { |
|
|
|
|
v = new ASN1EncodableVector(); |
|
|
|
|
v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION)); |
|
|
|
|
v.add(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION)); |
|
|
|
|
ASN1EncodableVector v2 = new ASN1EncodableVector(); |
|
|
|
|
for (Iterator i = crls.iterator(); i.hasNext(); ) { |
|
|
|
|
ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(((X509CRL) i.next()).getEncoded())); |
|
|
|
|
@ -1390,14 +1395,14 @@ public class PdfPKCS7 {
|
|
|
|
|
attribute.add(new DERSequence(v)); |
|
|
|
|
} |
|
|
|
|
return new DERSet(attribute); |
|
|
|
|
} |
|
|
|
|
catch (Exception e) { |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
throw new ExceptionConverter(e); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Getter for property reason. |
|
|
|
|
* |
|
|
|
|
* @return Value of property reason. |
|
|
|
|
*/ |
|
|
|
|
public String getReason() { |
|
|
|
|
@ -1406,6 +1411,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Setter for property reason. |
|
|
|
|
* |
|
|
|
|
* @param reason New value of property reason. |
|
|
|
|
*/ |
|
|
|
|
public void setReason(String reason) { |
|
|
|
|
@ -1414,6 +1420,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Getter for property location. |
|
|
|
|
* |
|
|
|
|
* @return Value of property location. |
|
|
|
|
*/ |
|
|
|
|
public String getLocation() { |
|
|
|
|
@ -1422,6 +1429,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Setter for property location. |
|
|
|
|
* |
|
|
|
|
* @param location New value of property location. |
|
|
|
|
*/ |
|
|
|
|
public void setLocation(String location) { |
|
|
|
|
@ -1430,6 +1438,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Getter for property signDate. |
|
|
|
|
* |
|
|
|
|
* @return Value of property signDate. |
|
|
|
|
*/ |
|
|
|
|
public Calendar getSignDate() { |
|
|
|
|
@ -1438,6 +1447,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Setter for property signDate. |
|
|
|
|
* |
|
|
|
|
* @param signDate New value of property signDate. |
|
|
|
|
*/ |
|
|
|
|
public void setSignDate(Calendar signDate) { |
|
|
|
|
@ -1446,6 +1456,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Getter for property sigName. |
|
|
|
|
* |
|
|
|
|
* @return Value of property sigName. |
|
|
|
|
*/ |
|
|
|
|
public String getSignName() { |
|
|
|
|
@ -1454,6 +1465,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Setter for property sigName. |
|
|
|
|
* |
|
|
|
|
* @param signName New value of property sigName. |
|
|
|
|
*/ |
|
|
|
|
public void setSignName(String signName) { |
|
|
|
|
@ -1467,72 +1479,88 @@ public class PdfPKCS7 {
|
|
|
|
|
/** |
|
|
|
|
* country code - StringType(SIZE(2)) |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier C = new DERObjectIdentifier("2.5.4.6"); |
|
|
|
|
public static final ASN1ObjectIdentifier C = new ASN1ObjectIdentifier("2.5.4.6"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* organization - StringType(SIZE(1..64)) |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier O = new DERObjectIdentifier("2.5.4.10"); |
|
|
|
|
public static final ASN1ObjectIdentifier O = new ASN1ObjectIdentifier("2.5.4.10"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* organizational unit name - StringType(SIZE(1..64)) |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier OU = new DERObjectIdentifier("2.5.4.11"); |
|
|
|
|
public static final ASN1ObjectIdentifier OU = new ASN1ObjectIdentifier("2.5.4.11"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Title |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier T = new DERObjectIdentifier("2.5.4.12"); |
|
|
|
|
public static final ASN1ObjectIdentifier T = new ASN1ObjectIdentifier("2.5.4.12"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* common name - StringType(SIZE(1..64)) |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier CN = new DERObjectIdentifier("2.5.4.3"); |
|
|
|
|
public static final ASN1ObjectIdentifier CN = new ASN1ObjectIdentifier("2.5.4.3"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* device serial number name - StringType(SIZE(1..64)) |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier SN = new DERObjectIdentifier("2.5.4.5"); |
|
|
|
|
public static final ASN1ObjectIdentifier SN = new ASN1ObjectIdentifier("2.5.4.5"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* locality name - StringType(SIZE(1..64)) |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier L = new DERObjectIdentifier("2.5.4.7"); |
|
|
|
|
public static final ASN1ObjectIdentifier L = new ASN1ObjectIdentifier("2.5.4.7"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* state, or province name - StringType(SIZE(1..64)) |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier ST = new DERObjectIdentifier("2.5.4.8"); |
|
|
|
|
public static final ASN1ObjectIdentifier ST = new ASN1ObjectIdentifier("2.5.4.8"); |
|
|
|
|
|
|
|
|
|
/** Naming attribute of type X520name */ |
|
|
|
|
public static final DERObjectIdentifier SURNAME = new DERObjectIdentifier("2.5.4.4"); |
|
|
|
|
/** Naming attribute of type X520name */ |
|
|
|
|
public static final DERObjectIdentifier GIVENNAME = new DERObjectIdentifier("2.5.4.42"); |
|
|
|
|
/** Naming attribute of type X520name */ |
|
|
|
|
public static final DERObjectIdentifier INITIALS = new DERObjectIdentifier("2.5.4.43"); |
|
|
|
|
/** Naming attribute of type X520name */ |
|
|
|
|
public static final DERObjectIdentifier GENERATION = new DERObjectIdentifier("2.5.4.44"); |
|
|
|
|
/** Naming attribute of type X520name */ |
|
|
|
|
public static final DERObjectIdentifier UNIQUE_IDENTIFIER = new DERObjectIdentifier("2.5.4.45"); |
|
|
|
|
/** |
|
|
|
|
* Naming attribute of type X520name |
|
|
|
|
*/ |
|
|
|
|
public static final ASN1ObjectIdentifier SURNAME = new ASN1ObjectIdentifier("2.5.4.4"); |
|
|
|
|
/** |
|
|
|
|
* Naming attribute of type X520name |
|
|
|
|
*/ |
|
|
|
|
public static final ASN1ObjectIdentifier GIVENNAME = new ASN1ObjectIdentifier("2.5.4.42"); |
|
|
|
|
/** |
|
|
|
|
* Naming attribute of type X520name |
|
|
|
|
*/ |
|
|
|
|
public static final ASN1ObjectIdentifier INITIALS = new ASN1ObjectIdentifier("2.5.4.43"); |
|
|
|
|
/** |
|
|
|
|
* Naming attribute of type X520name |
|
|
|
|
*/ |
|
|
|
|
public static final ASN1ObjectIdentifier GENERATION = new ASN1ObjectIdentifier("2.5.4.44"); |
|
|
|
|
/** |
|
|
|
|
* Naming attribute of type X520name |
|
|
|
|
*/ |
|
|
|
|
public static final ASN1ObjectIdentifier UNIQUE_IDENTIFIER = new ASN1ObjectIdentifier("2.5.4.45"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Email address (RSA PKCS#9 extension) - IA5String. |
|
|
|
|
* <p>Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here. |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier EmailAddress = new DERObjectIdentifier("1.2.840.113549.1.9.1"); |
|
|
|
|
public static final ASN1ObjectIdentifier EmailAddress = new ASN1ObjectIdentifier("1.2.840.113549.1.9.1"); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* email address in Verisign certificates |
|
|
|
|
*/ |
|
|
|
|
public static final DERObjectIdentifier E = EmailAddress; |
|
|
|
|
public static final ASN1ObjectIdentifier E = EmailAddress; |
|
|
|
|
|
|
|
|
|
/** object identifier */ |
|
|
|
|
public static final DERObjectIdentifier DC = new DERObjectIdentifier("0.9.2342.19200300.100.1.25"); |
|
|
|
|
/** |
|
|
|
|
* object identifier |
|
|
|
|
*/ |
|
|
|
|
public static final ASN1ObjectIdentifier DC = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25"); |
|
|
|
|
|
|
|
|
|
/** LDAP User id. */ |
|
|
|
|
public static final DERObjectIdentifier UID = new DERObjectIdentifier("0.9.2342.19200300.100.1.1"); |
|
|
|
|
/** |
|
|
|
|
* LDAP User id. |
|
|
|
|
*/ |
|
|
|
|
public static final ASN1ObjectIdentifier UID = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1"); |
|
|
|
|
|
|
|
|
|
/** A HashMap with default symbols */ |
|
|
|
|
/** |
|
|
|
|
* A HashMap with default symbols |
|
|
|
|
*/ |
|
|
|
|
public static HashMap DefaultSymbols = new HashMap(); |
|
|
|
|
|
|
|
|
|
static { |
|
|
|
|
@ -1552,11 +1580,15 @@ public class PdfPKCS7 {
|
|
|
|
|
DefaultSymbols.put(INITIALS, "INITIALS"); |
|
|
|
|
DefaultSymbols.put(GENERATION, "GENERATION"); |
|
|
|
|
} |
|
|
|
|
/** A HashMap with values */ |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* A HashMap with values |
|
|
|
|
*/ |
|
|
|
|
public HashMap values = new HashMap(); |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Constructs an X509 name |
|
|
|
|
* |
|
|
|
|
* @param seq an ASN1 Sequence |
|
|
|
|
*/ |
|
|
|
|
public X509Name(ASN1Sequence seq) { |
|
|
|
|
@ -1579,8 +1611,10 @@ public class PdfPKCS7 {
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Constructs an X509 name |
|
|
|
|
* |
|
|
|
|
* @param dirName a directory name |
|
|
|
|
*/ |
|
|
|
|
public X509Name(String dirName) { |
|
|
|
|
@ -1613,6 +1647,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* gets a field array from the values Hashmap |
|
|
|
|
* |
|
|
|
|
* @param name |
|
|
|
|
* @return an ArrayList |
|
|
|
|
*/ |
|
|
|
|
@ -1623,6 +1658,7 @@ public class PdfPKCS7 {
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* getter for values |
|
|
|
|
* |
|
|
|
|
* @return a HashMap with the fields of the X509 name |
|
|
|
|
*/ |
|
|
|
|
public HashMap getFields() { |
|
|
|
|
@ -1675,24 +1711,19 @@ public class PdfPKCS7 {
|
|
|
|
|
if (c == '"') { |
|
|
|
|
if (!escaped) { |
|
|
|
|
quoted = !quoted; |
|
|
|
|
} |
|
|
|
|
else { |
|
|
|
|
} else { |
|
|
|
|
buf.append(c); |
|
|
|
|
} |
|
|
|
|
escaped = false; |
|
|
|
|
} |
|
|
|
|
else { |
|
|
|
|
} else { |
|
|
|
|
if (escaped || quoted) { |
|
|
|
|
buf.append(c); |
|
|
|
|
escaped = false; |
|
|
|
|
} |
|
|
|
|
else if (c == '\\') { |
|
|
|
|
} else if (c == '\\') { |
|
|
|
|
escaped = true; |
|
|
|
|
} |
|
|
|
|
else if (c == ',') { |
|
|
|
|
} else if (c == ',') { |
|
|
|
|
break; |
|
|
|
|
} |
|
|
|
|
else { |
|
|
|
|
} else { |
|
|
|
|
buf.append(c); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
