Package eu.europa.esig.dss.spi

Class DSSASN1Utils

java.lang.Object

eu.europa.esig.dss.spi.DSSASN1Utils

public final class DSSASN1Utils
extends Object

Utility class that contains some ASN1 related method.

Method Summary

Modifier and Type	Method	Description
static byte[]	computeSkiFromCert(CertificateToken certificateToken)	Computes SHA-1 hash of the certificateToken's public key
static byte[]	computeSkiFromCertPublicKey(PublicKey publicKey)	Computes SHA-1 hash of the given publicKey's
static org.bouncycastle.asn1.cms.AttributeTable	emptyIfNull(org.bouncycastle.asn1.cms.AttributeTable originalAttributeTable)	Returns the current originalAttributeTable if instantiated, an empty AttributeTable if null
static String	extractAttributeFromX500Principal(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, X500PrincipalHelper principal)	Extract attribute with the identifier from X500PrincipalHelper
static List<org.bouncycastle.tsp.TimeStampToken>	findArchiveTimeStampTokens(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes)	Finds archive TimeStampTokens
static byte[]	fromAsn1toSignatureValue(EncryptionAlgorithm algorithm, byte[] signatureValue)	Converts the ANS.1 binary signature value to the concatenated R || S format NOTE: used in XAdES and JAdES
static Map<String,String>	get(X500Principal x500Principal)	Gets a map of X500 attribute names and the values
static org.bouncycastle.asn1.x509.AlgorithmIdentifier	getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm)	Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm
static org.bouncycastle.asn1.x509.AlgorithmIdentifier	getAlgorithmIdentifier(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)	Gets the ASN.1 algorithm identifier structure corresponding to the algorithm found in the provided Timestamp Hash Index Table, if such algorithm is present
static org.bouncycastle.asn1.cms.Attribute[]	getAsn1Attributes(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)	Returns an array of Attributes for a given oid found in the unsignedAttributes
static org.bouncycastle.asn1.ASN1Set	getAsn1AttributeSet(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)	Returns an Attribute values for a given oid found in the unsignedAttributes
static org.bouncycastle.asn1.ASN1Encodable	getAsn1Encodable(org.bouncycastle.asn1.cms.Attribute attribute)	Returns ASN1Encodable of the attribute
static org.bouncycastle.asn1.ASN1Encodable	getAsn1Encodable(org.bouncycastle.asn1.cms.AttributeTable attributeTable, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)	Returns ASN1Encodable for a given oid found in the unsignedAttributes
static org.bouncycastle.asn1.ASN1Sequence	getAsn1SequenceFromDerOctetString(byte[] bytes)	This method returns the ASN1Sequence encapsulated in DEROctetString.
static byte[]	getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm, byte[] policyBytes)	This method computes the digest of an ASN1 signature policy (used in CAdES) TS 101 733 5.8.1 : If the signature policy is defined using ASN.1, then the hash is calculated on the value without the outer type and length fields, and the hashing algorithm shall be as specified in the field sigPolicyHash.
static org.bouncycastle.asn1.ASN1Sequence	getAtsHashIndex(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)	Returns ats-hash-index table, with a related version present in from timestamp's unsigned properties
static org.bouncycastle.asn1.ASN1Sequence	getAtsHashIndexByVersion(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)	Returns ats-hash-index table, with a specified version present in from timestamp's unsigned properties
static List<byte[]>	getATSHashIndexV3OctetString(org.bouncycastle.asn1.ASN1ObjectIdentifier attributeIdentifier, org.bouncycastle.asn1.ASN1Set attributeValues)	Returns octets from the given attribute for ATS-Hash-Index-v3 table
static org.bouncycastle.asn1.ASN1ObjectIdentifier	getAtsHashIndexVersionIdentifier(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)	Returns ASN1ObjectIdentifier of the found AtsHashIndex
static byte[]	getAuthorityKeyIdentifier(CertificateToken certificateToken)	This method returns authority key identifier as binaries from the certificate extension (SHA-1 of the public key of the issuer certificate).
static byte[]	getBEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)	This method returns BER encoded ASN1 attribute.
static List<String>	getCAAccessLocations(CertificateToken certificate)	Gives back the CA URIs meta-data found within the given certificate.
static CertificateToken	getCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertificateHolder)	Extract the certificate token from X509CertificateHolder
static List<CertificatePolicy>	getCertificatePolicies(CertificateToken certToken)	Retrieves a list of CertificatePolicys from a certificate token
static CertificateRef	getCertificateRef(org.bouncycastle.asn1.ess.OtherCertID otherCertId)	Converts the OtherCertID to CertificateRef
static org.bouncycastle.asn1.ASN1Sequence	getCertificatesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)	Extract the Unsigned Attribute Archive Timestamp Cert Hash Index from a timestampToken
static org.bouncycastle.cms.CMSSignedData	getCMSSignedData(org.bouncycastle.asn1.cms.Attribute attribute)	Creates a CMSSignedData from the provided attribute
static org.bouncycastle.asn1.ASN1Sequence	getCRLHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)	Extract the Unsigned Attribute Archive Timestamp Crl Hash Index from a timestampToken
static List<String>	getCrlUrls(CertificateToken certificateToken)	Gives back the List of CRL URI meta-data found within the given X509 certificate.
static Date	getDate(org.bouncycastle.asn1.ASN1Encodable encodable)	Reads the encodable and returns a Date
static byte[]	getDEREncoded(byte[] bytes)	Returns the ASN.1 encoded representation of byte array.
static byte[]	getDEREncoded(TimestampBinary timestampBinary)	Returns the ASN.1 encoded representation of TimestampBinary.
static byte[]	getDEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)	This method returns DER encoded ASN1 attribute.
static byte[]	getDEREncoded(org.bouncycastle.cms.CMSSignedData data)	Returns the ASN.1 encoded representation of CMSSignedData.
static byte[]	getDEREncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)	Gets the DER encoded binaries of TimeStampToken
static List<org.bouncycastle.asn1.DEROctetString>	getDEROctetStrings(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)	Returns list of DEROctetString from an ASN1Sequence Useful when needed to get a list of hash values
static String	getDirectoryStringValue(org.bouncycastle.asn1.ASN1Encodable directoryStringInstance)	Returns a value of an ASN.1 DirectoryString instance Returns null if an error occurs during the transformation
static byte[]	getEncoded(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)	Gets the DER-encoded binaries of the BasicOCSPResp
static byte[]	getEncoded(org.bouncycastle.cms.CMSSignedData cmsSignedData)	Returns an ASN.1 encoded bytes representing the CMSSignedData
static byte[]	getEncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)	Returns an ASN.1 encoded bytes representing the TimeStampToken
static List<String>	getExtendedKeyUsage(CertificateToken certToken)	Extracts all extended key usages for the certificate token
static org.bouncycastle.cms.SignerInformation	getFirstSignerInformation(org.bouncycastle.cms.CMSSignedData cms)	Returns the first SignerInformation extracted from CMSSignedData.
static String	getHumanReadableName(CertificateToken cert)	Extracts the pretty printed name of the certificate token
static org.bouncycastle.asn1.x509.IssuerSerial	getIssuerSerial(byte[] binaries)	Gets the IssuerSerial object
static org.bouncycastle.asn1.x509.IssuerSerial	getIssuerSerial(CertificateToken certToken)	This method returns a new IssuerSerial based on the certificate token
static X500Principal	getNormalizedX500Principal(X500Principal x500Principal)	This method normalizes the X500Principal object
static List<String>	getOCSPAccessLocations(CertificateToken certificate)	Gives back the OCSP URIs meta-data found within the given X509 cert.
static List<byte[]>	getOctetStringForAtsHashIndex(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)	Returns octets from the given attribute by defined atsh-hash-index type
static PSD2QcType	getPSD2QcStatement(CertificateToken certToken)	This method extract the PSD2 QcStatement informations for a given certificate
static List<String>	getQCLegislations(CertificateToken certToken)	Retrieves a list of QC Legislation statements from the given certificate token
static QCLimitValue	getQcLimitValue(CertificateToken certToken)	This method extracts the QcStatement regarding limits on the value of transactions for a given certificate
static List<String>	getQCStatementsIdList(CertificateToken certToken)	Get the list of all QCStatement Ids that are present in the certificate.
static List<String>	getQCTypesIdList(CertificateToken certToken)	Get the list of all QCType Ids that are present in the certificate.
static org.bouncycastle.asn1.esf.RevocationValues	getRevocationValues(org.bouncycastle.asn1.ASN1Encodable encodable)	Returns RevocationValues from the given encodable
static SemanticsIdentifier	getSemanticsIdentifier(CertificateToken certToken)	Extracts the SemanticsIdentifier from the certificate token
static byte[]	getSki(CertificateToken certificateToken)	This method returns the Subject Key Identifier (SKI) bytes from the certificate extension (SHA-1 of the public key of the current certificate).
static byte[]	getSki(CertificateToken certificateToken, boolean computeIfMissing)	This method returns SKI bytes from certificate.
static String	getString(org.bouncycastle.asn1.ASN1Encodable attributeValue)	Reads the value
static List<String>	getSubjectAlternativeNames(CertificateToken certToken)	Returns a list of subject alternative names
static String	getSubjectCommonName(CertificateToken cert)	Extracts the Subject Common name from the certificate token
static List<org.bouncycastle.asn1.ASN1ObjectIdentifier>	getTimestampOids()	Returns a list of all CMS timestamp identifiers
static org.bouncycastle.tsp.TimeStampToken	getTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)	Creates a TimeStampToken from the provided attribute
static Date	getTimeStampTokenGenerationTime(org.bouncycastle.tsp.TimeStampToken timeStampToken)	Returns generation time for the provided timeStampToken
static org.bouncycastle.asn1.ASN1Sequence	getUnsignedAttributesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)	Extract the Unsigned Attribute Archive Timestamp Attribute Hash Index from a timestampToken
static String	getUtf8String(X500Principal x500Principal)	Gets the UTF-8 distinguished names of X500Principal
static org.bouncycastle.cert.X509CertificateHolder	getX509CertificateHolder(CertificateToken certToken)	Returns a X509CertificateHolder encapsulating the given X509Certificate.
static boolean	hasIdPkixOcspNoCheckExtension(CertificateToken token)	Indicates if the revocation data should be checked for an OCSP signing certificate. http://www.ietf.org/rfc/rfc2560.txt?
static boolean	isArchiveTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)	Checks if the attribute is of an allowed archive timestamp type
static boolean	isAsn1Encoded(byte[] binaries)	Checks if the binaries are ASN.1 encoded.
static boolean	isASN1SequenceTag(byte tagByte)	Checks if the byte defines an ASN1 Sequence
static boolean	isAttributeOfType(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier asn1ObjectIdentifier)	Checks if the given attribute is an instance of the expected asn1ObjectIdentifier type
static boolean	isEmpty(org.bouncycastle.asn1.cms.AttributeTable attributeTable)	Checks if the attributeTable is empty
static boolean	isExtendedKeyUsagePresent(CertificateToken certToken, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)	Checks if the keyUsage with oid is present in the certificate token
static boolean	isOCSPSigning(CertificateToken certToken)	Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses. http://www.ietf.org/rfc/rfc3280.txt http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)} OID: 1.3.6.1.5.5.7.3.9
static boolean	isSkiEqual(byte[] ski, CertificateToken certificateToken)	Checks if the provided ski matches to a ski computed from a certificateToken's public key
static <T extends org.bouncycastle.asn1.ASN1Primitive> T	toASN1Primitive(byte[] bytes)	This method returns T extends ASN1Primitive created from array of bytes.
static CertificateIdentifier	toCertificateIdentifier(X500Principal issuerX500Principal, BigInteger serialNumber, byte[] ski)	This method transforms token's issuer and serial number information into a CertificateIdentifier object
static CertificateIdentifier	toCertificateIdentifier(org.bouncycastle.asn1.x509.IssuerSerial issuerAndSerial)	Transforms an object of class IssuerSerial into instance of CertificateIdentifier
static Date	toDate(org.bouncycastle.asn1.ASN1GeneralizedTime asn1Date)	Converts ASN1GeneralizedTime to Date
static CertificateIdentifier	toIssuerSerialInfo(org.bouncycastle.cms.SignerId signerId)	This method transforms token's signerId into a CertificateIdentifier object
static String	toString(org.bouncycastle.asn1.ASN1OctetString value)	Reads ASN1OctetString value and returns
static X500Principal	toX500Principal(org.bouncycastle.asn1.x500.X500Name x500Name)	Transforms x500Name to X500Principal
static boolean	x500PrincipalAreEquals(X500Principal firstX500Principal, X500Principal secondX500Principal)	This method compares two X500Principals.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

toASN1Primitive

public static <T extends org.bouncycastle.asn1.ASN1Primitive>
T toASN1Primitive(byte[] bytes)

This method returns T extends ASN1Primitive created from array of bytes. The IOException is transformed in DSSException.

Type Parameters:

T - the expected return type

Parameters:

bytes - array of bytes to be transformed to ASN1Primitive

Returns:

new T extends ASN1Primitive

getDEREncoded

public static byte[] getDEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)

This method returns DER encoded ASN1 attribute. The IOException is transformed in DSSException.

Parameters:

asn1Encodable - asn1Encodable to be DER encoded

Returns:

array of bytes representing the DER encoded asn1Encodable

getBEREncoded

public static byte[] getBEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)

This method returns BER encoded ASN1 attribute. The IOException is transformed in DSSException.

Parameters:

asn1Encodable - asn1Encodable to be BER encoded

Returns:

array of bytes representing the BER encoded asn1Encodable

getEncoded

public static byte[] getEncoded(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)

Gets the DER-encoded binaries of the BasicOCSPResp

Parameters:

basicOCSPResp - BasicOCSPResp

Returns:

DER-encoded binaries

toDate

public static Date toDate(org.bouncycastle.asn1.ASN1GeneralizedTime asn1Date)

Converts ASN1GeneralizedTime to Date

Parameters:

asn1Date - ASN1GeneralizedTime

Returns:

Date

toString

public static String toString(org.bouncycastle.asn1.ASN1OctetString value)

Reads ASN1OctetString value and returns

Parameters:

value - ASN1OctetString

Returns:

String

getEncoded

public static byte[] getEncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)

Returns an ASN.1 encoded bytes representing the TimeStampToken

Parameters:

timeStampToken - TimeStampToken

Returns:

the DER encoded TimeStampToken

getEncoded

public static byte[] getEncoded(org.bouncycastle.cms.CMSSignedData cmsSignedData)

Returns an ASN.1 encoded bytes representing the CMSSignedData

Parameters:

cmsSignedData - CMSSignedData

Returns:

the binary of the CMSSignedData @ if the CMSSignedData encoding fails

getDEREncoded

public static byte[] getDEREncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)

Gets the DER encoded binaries of TimeStampToken

Parameters:

timeStampToken - TimeStampToken

Returns:

DER encoded binaries

getDEREncoded

public static byte[] getDEREncoded(org.bouncycastle.cms.CMSSignedData data)

Returns the ASN.1 encoded representation of CMSSignedData.

Parameters:

data - the CMSSignedData to be encoded

Returns:

the DER encoded CMSSignedData

getDEREncoded

public static byte[] getDEREncoded(TimestampBinary timestampBinary)

Returns the ASN.1 encoded representation of TimestampBinary.

Parameters:

timestampBinary - the TimestampBinary to be encoded

Returns:

the DER encoded timestampBinary

getDEREncoded

public static byte[] getDEREncoded(byte[] bytes)

Returns the ASN.1 encoded representation of byte array.

Parameters:

bytes - the binary array to encode

Returns:

the DER encoded bytes

getAsn1SequenceFromDerOctetString

public static org.bouncycastle.asn1.ASN1Sequence getAsn1SequenceFromDerOctetString(byte[] bytes)

This method returns the ASN1Sequence encapsulated in DEROctetString. The DEROctetString is represented as byte array.

Parameters:

bytes - byte representation of DEROctetString

Returns:

encapsulated ASN1Sequence @ in case of a decoding problem

getAsn1SignaturePolicyDigest

public static byte[] getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm,
byte[] policyBytes)

This method computes the digest of an ASN1 signature policy (used in CAdES) TS 101 733 5.8.1 : If the signature policy is defined using ASN.1, then the hash is calculated on the value without the outer type and length fields, and the hashing algorithm shall be as specified in the field sigPolicyHash.

Parameters:

digestAlgorithm - the digest algorithm to be used

policyBytes - the ASN.1 policy content

Returns:

the expected digest value

getAlgorithmIdentifier

public static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)

Gets the ASN.1 algorithm identifier structure corresponding to the algorithm found in the provided Timestamp Hash Index Table, if such algorithm is present

Parameters:

atsHashIndexValue - ats-hash-index table from a timestamp

Returns:

the ASN.1 algorithm identifier structure

getAlgorithmIdentifier

public static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm)

Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm

Parameters:

digestAlgorithm - the digest algorithm to encode

Returns:

the ASN.1 algorithm identifier structure

getCertificatesHashIndex

public static org.bouncycastle.asn1.ASN1Sequence getCertificatesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)

Extract the Unsigned Attribute Archive Timestamp Cert Hash Index from a timestampToken

Parameters:

atsHashIndexValue - ASN1Sequence

Returns:

ASN1Sequence

getCRLHashIndex

public static org.bouncycastle.asn1.ASN1Sequence getCRLHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)

Extract the Unsigned Attribute Archive Timestamp Crl Hash Index from a timestampToken

Parameters:

atsHashIndexValue - ASN1Sequence

Returns:

ASN1Sequence

getUnsignedAttributesHashIndex

public static org.bouncycastle.asn1.ASN1Sequence getUnsignedAttributesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)

Extract the Unsigned Attribute Archive Timestamp Attribute Hash Index from a timestampToken

Parameters:

atsHashIndexValue - ASN1Sequence

Returns:

ASN1Sequence

getDEROctetStrings

public static List<org.bouncycastle.asn1.DEROctetString> getDEROctetStrings(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)

Returns list of DEROctetString from an ASN1Sequence Useful when needed to get a list of hash values

Parameters:

asn1Sequence - ASN1Sequence to get list from

Returns:

list of DEROctetStrings

hasIdPkixOcspNoCheckExtension

public static boolean hasIdPkixOcspNoCheckExtension(CertificateToken token)

Indicates if the revocation data should be checked for an OCSP signing certificate.
http://www.ietf.org/rfc/rfc2560.txt?number=2560
A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL.

Parameters:

token - the certificate to be checked

Returns:

true if the certificate has the id_pkix_ocsp_nocheck extension

getCertificatePolicies

public static List<CertificatePolicy> getCertificatePolicies(CertificateToken certToken)

Retrieves a list of CertificatePolicys from a certificate token

Parameters:

certToken - CertificateToken

Returns:

a list of CertificatePolicys

getQCStatementsIdList

public static List<String> getQCStatementsIdList(CertificateToken certToken)

Get the list of all QCStatement Ids that are present in the certificate. (As per ETSI EN 319 412-5 V2.1.1)

Parameters:

certToken - the certificate

Returns:

the list of QC Statements oids

getQCTypesIdList

public static List<String> getQCTypesIdList(CertificateToken certToken)

Get the list of all QCType Ids that are present in the certificate. (As per ETSI EN 319 412-5 V2.1.1)

Parameters:

certToken - the certificate

Returns:

the list of QCTypes oids

getQCLegislations

public static List<String> getQCLegislations(CertificateToken certToken)

Retrieves a list of QC Legislation statements from the given certificate token

Parameters:

certToken - CertificateToken

Returns:

a list of QC Legislation statements

getSki

public static byte[] getSki(CertificateToken certificateToken)

This method returns the Subject Key Identifier (SKI) bytes from the certificate extension (SHA-1 of the public key of the current certificate).

Parameters:

certificateToken - the CertificateToken

Returns:

ski bytes from the given certificate or null if missing

getSki

public static byte[] getSki(CertificateToken certificateToken,
boolean computeIfMissing)

This method returns SKI bytes from certificate.

Parameters:

certificateToken - CertificateToken

computeIfMissing - if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public Key

Returns:

ski bytes from the given certificate

getAuthorityKeyIdentifier

public static byte[] getAuthorityKeyIdentifier(CertificateToken certificateToken)

This method returns authority key identifier as binaries from the certificate extension (SHA-1 of the public key of the issuer certificate).

Parameters:

certificateToken - the CertificateToken

Returns:

authority key identifier bytes from the given certificate (can be null if the certificate is self signed)

computeSkiFromCert

public static byte[] computeSkiFromCert(CertificateToken certificateToken)

Computes SHA-1 hash of the certificateToken's public key

Parameters:

certificateToken - CertificateToken to compute digest for

Returns:

byte array of public key's SHA-1 hash

computeSkiFromCertPublicKey

public static byte[] computeSkiFromCertPublicKey(PublicKey publicKey)

Computes SHA-1 hash of the given publicKey's

Parameters:

publicKey - PublicKey to compute digest for

Returns:

byte array of public key's SHA-1 hash

isSkiEqual

public static boolean isSkiEqual(byte[] ski,
CertificateToken certificateToken)

Checks if the provided ski matches to a ski computed from a certificateToken's public key

Parameters:

ski - a byte array representing ski value (SHA-1 of the public key)

certificateToken - CertificateToken to check

Returns:

TRUE if the SKI equals, FALSE otherwise

getCAAccessLocations

public static List<String> getCAAccessLocations(CertificateToken certificate)

Gives back the CA URIs meta-data found within the given certificate.

Parameters:

certificate - the certificate token.

Returns:

a list of CA URIs, or empty list if the extension is not present.

getOCSPAccessLocations

public static List<String> getOCSPAccessLocations(CertificateToken certificate)

Gives back the OCSP URIs meta-data found within the given X509 cert.

Parameters:

certificate - the cert token.

Returns:

a list of OCSP URIs, or empty list if the extension is not present.

getCrlUrls

public static List<String> getCrlUrls(CertificateToken certificateToken)

Gives back the List of CRL URI meta-data found within the given X509 certificate.

Parameters:

certificateToken - the cert token certificate

Returns:

the List of CRL URI, or empty list if the extension is not present

isOCSPSigning

public static boolean isOCSPSigning(CertificateToken certToken)

Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses.
http://www.ietf.org/rfc/rfc3280.txt
http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2
{iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)}
OID: 1.3.6.1.5.5.7.3.9

Parameters:

certToken - the certificate token

Returns:

true if the certificate has the id_kp_OCSPSigning ExtendedKeyUsage

isExtendedKeyUsagePresent

public static boolean isExtendedKeyUsagePresent(CertificateToken certToken,
org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

Checks if the keyUsage with oid is present in the certificate token

Parameters:

certToken - CertificateToken

oid - ASN1ObjectIdentifier

Returns:

TRUE if the certificate token contains a keyUsage with the given OID, FALSE otherwise

getX509CertificateHolder

public static org.bouncycastle.cert.X509CertificateHolder getX509CertificateHolder(CertificateToken certToken)

Returns a X509CertificateHolder encapsulating the given X509Certificate.

Parameters:

certToken - the certificate to be encapsulated

Returns:

a X509CertificateHolder holding this certificate

getCertificate

public static CertificateToken getCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertificateHolder)

Extract the certificate token from X509CertificateHolder

Parameters:

x509CertificateHolder - X509CertificateHolder

Returns:

CertificateToken

toIssuerSerialInfo

public static CertificateIdentifier toIssuerSerialInfo(org.bouncycastle.cms.SignerId signerId)

This method transforms token's signerId into a CertificateIdentifier object

Parameters:

signerId - SignerId to be transformed

Returns:

CertificateIdentifier

toX500Principal

public static X500Principal toX500Principal(org.bouncycastle.asn1.x500.X500Name x500Name)

Transforms x500Name to X500Principal

Parameters:

x500Name - X500Name

Returns:

X500Principal

toCertificateIdentifier

public static CertificateIdentifier toCertificateIdentifier(X500Principal issuerX500Principal,
BigInteger serialNumber,
byte[] ski)

This method transforms token's issuer and serial number information into a CertificateIdentifier object

Parameters:

issuerX500Principal - X500Principal of the issuer

serialNumber - BigInteger of the token

ski - a byte array representing a SubjectKeyIdentifier (SHA-1 digest of the public key)

Returns:

CertificateIdentifier

getIssuerSerial

public static org.bouncycastle.asn1.x509.IssuerSerial getIssuerSerial(CertificateToken certToken)

This method returns a new IssuerSerial based on the certificate token

Parameters:

certToken - the certificate token

Returns:

a IssuerSerial

x500PrincipalAreEquals

public static boolean x500PrincipalAreEquals(X500Principal firstX500Principal,
X500Principal secondX500Principal)

This method compares two X500Principals. X500Principal.CANONICAL and X500Principal.RFC2253 forms are compared.

Parameters:

firstX500Principal - the first X500Principal object to be compared

secondX500Principal - the second X500Principal object to be compared

Returns:

true if the two parameters contain the same key/values

get

public static Map<String,String> get(X500Principal x500Principal)

Gets a map of X500 attribute names and the values

Parameters:

x500Principal - X500Principal

Returns:

a map of X500 attribute names and the values

getNormalizedX500Principal

public static X500Principal getNormalizedX500Principal(X500Principal x500Principal)

This method normalizes the X500Principal object

Parameters:

x500Principal - to be normalized

Returns:

X500Principal normalized

getUtf8String

public static String getUtf8String(X500Principal x500Principal)

Gets the UTF-8 distinguished names of X500Principal

Parameters:

x500Principal - X500Principal

Returns:

String utf-8

getString

public static String getString(org.bouncycastle.asn1.ASN1Encodable attributeValue)

Reads the value

Parameters:

attributeValue - ASN1Encodable to read

Returns:

String value

extractAttributeFromX500Principal

public static String extractAttributeFromX500Principal(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier,
X500PrincipalHelper principal)

Extract attribute with the identifier from X500PrincipalHelper

Parameters:

identifier - ASN1ObjectIdentifier oid of the attribute to get value

principal - X500PrincipalHelper to extract the attribute value from

Returns:

String value

getSubjectCommonName

public static String getSubjectCommonName(CertificateToken cert)

Extracts the Subject Common name from the certificate token

Parameters:

cert - CertificateToken

Returns:

String

getHumanReadableName

public static String getHumanReadableName(CertificateToken cert)

Extracts the pretty printed name of the certificate token

Parameters:

cert - CertificateToken

Returns:

String

getFirstSignerInformation

public static org.bouncycastle.cms.SignerInformation getFirstSignerInformation(org.bouncycastle.cms.CMSSignedData cms)

Returns the first SignerInformation extracted from CMSSignedData.

Parameters:

cms - CMSSignedData

Returns:

returns SignerInformation

isASN1SequenceTag

public static boolean isASN1SequenceTag(byte tagByte)

Checks if the byte defines an ASN1 Sequence

Parameters:

tagByte - byte to check

Returns:

TRUE if the byte defines an ASN1 Sequence, FALSE otherwise

getDate

public static Date getDate(org.bouncycastle.asn1.ASN1Encodable encodable)

Reads the encodable and returns a Date

Parameters:

encodable - ASN1Encodable to read

Returns:

Date

isEmpty

public static boolean isEmpty(org.bouncycastle.asn1.cms.AttributeTable attributeTable)

Checks if the attributeTable is empty

Parameters:

attributeTable - AttributeTable

Returns:

TRUE if the attribute table is empty, FALSE otherwise

emptyIfNull

public static org.bouncycastle.asn1.cms.AttributeTable emptyIfNull(org.bouncycastle.asn1.cms.AttributeTable originalAttributeTable)

Returns the current originalAttributeTable if instantiated, an empty AttributeTable if null

Parameters:

originalAttributeTable - AttributeTable

Returns:

AttributeTable

getExtendedKeyUsage

public static List<String> getExtendedKeyUsage(CertificateToken certToken)

Extracts all extended key usages for the certificate token

Parameters:

certToken - CertificateToken

Returns:

a list of Strings

getIssuerSerial

public static org.bouncycastle.asn1.x509.IssuerSerial getIssuerSerial(byte[] binaries)

Gets the IssuerSerial object

Parameters:

binaries - representing the IssuerSerial

Returns:

IssuerSerial if able to parse, null otherwise

toCertificateIdentifier

public static CertificateIdentifier toCertificateIdentifier(org.bouncycastle.asn1.x509.IssuerSerial issuerAndSerial)

Transforms an object of class IssuerSerial into instance of CertificateIdentifier

Parameters:

issuerAndSerial - IssuerSerial to transform

Returns:

CertificateIdentifier

getAtsHashIndex

public static org.bouncycastle.asn1.ASN1Sequence getAtsHashIndex(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)

Returns ats-hash-index table, with a related version present in from timestamp's unsigned properties

Parameters:

timestampUnsignedAttributes - AttributeTable unsigned properties of the timestamp

Returns:

the content of SignedAttribute: ATS-hash-index unsigned attribute with a present version

getAtsHashIndexByVersion

public static org.bouncycastle.asn1.ASN1Sequence getAtsHashIndexByVersion(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes,
org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)

Returns ats-hash-index table, with a specified version present in from timestamp's unsigned properties

Parameters:

timestampUnsignedAttributes - AttributeTable unsigned properties of the timestamp

atsHashIndexVersionIdentifier - ASN1ObjectIdentifier identifier of ats-hash-index table to get

Returns:

the content of SignedAttribute: ATS-hash-index unsigned attribute with a requested version if present

getAtsHashIndexVersionIdentifier

public static org.bouncycastle.asn1.ASN1ObjectIdentifier getAtsHashIndexVersionIdentifier(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)

Returns ASN1ObjectIdentifier of the found AtsHashIndex

Parameters:

timestampUnsignedAttributes - AttributeTable of the timestamp's unsignedAttributes

Returns:

ASN1ObjectIdentifier of the AtsHashIndex element version

getOctetStringForAtsHashIndex

public static List<byte[]> getOctetStringForAtsHashIndex(org.bouncycastle.asn1.cms.Attribute attribute,
org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)

Returns octets from the given attribute by defined atsh-hash-index type

Parameters:

attribute - Attribute to get byte array from

atsHashIndexVersionIdentifier - ASN1ObjectIdentifier to specify rules

Returns:

byte array

getATSHashIndexV3OctetString

public static List<byte[]> getATSHashIndexV3OctetString(org.bouncycastle.asn1.ASN1ObjectIdentifier attributeIdentifier,
org.bouncycastle.asn1.ASN1Set attributeValues)

Returns octets from the given attribute for ATS-Hash-Index-v3 table

Parameters:

attributeIdentifier - ASN1ObjectIdentifier of the corresponding Attribute

attributeValues - ASN1Set of the corresponding Attribute

Returns:

byte array representing an octet string

getAsn1Encodable

public static org.bouncycastle.asn1.ASN1Encodable getAsn1Encodable(org.bouncycastle.asn1.cms.AttributeTable attributeTable,
org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

Returns ASN1Encodable for a given oid found in the unsignedAttributes

Parameters:

attributeTable - AttributeTable

oid - target ASN1ObjectIdentifier

Returns:

ASN1Encodable

getAsn1AttributeSet

public static org.bouncycastle.asn1.ASN1Set getAsn1AttributeSet(org.bouncycastle.asn1.cms.AttributeTable attributeTable,
org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

Returns an Attribute values for a given oid found in the unsignedAttributes

Parameters:

attributeTable - AttributeTable

oid - target ASN1ObjectIdentifier

Returns:

ASN1Set

getAsn1Attributes

public static org.bouncycastle.asn1.cms.Attribute[] getAsn1Attributes(org.bouncycastle.asn1.cms.AttributeTable attributeTable,
org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

Returns an array of Attributes for a given oid found in the unsignedAttributes

Parameters:

attributeTable - AttributeTable

oid - target ASN1ObjectIdentifier

Returns:

Attributes array

findArchiveTimeStampTokens

public static List<org.bouncycastle.tsp.TimeStampToken> findArchiveTimeStampTokens(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes)

Finds archive TimeStampTokens

Parameters:

unsignedAttributes - AttributeTable to obtain timestamps from

Returns:

a list of TimeStampTokens

getTimestampOids

public static List<org.bouncycastle.asn1.ASN1ObjectIdentifier> getTimestampOids()

Returns a list of all CMS timestamp identifiers

Returns:

a list of ASN1ObjectIdentifiers

isArchiveTimeStampToken

public static boolean isArchiveTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)

Checks if the attribute is of an allowed archive timestamp type

Parameters:

attribute - Attribute to check

Returns:

true if the attribute represents an archive timestamp element, false otherwise

isAttributeOfType

public static boolean isAttributeOfType(org.bouncycastle.asn1.cms.Attribute attribute,
org.bouncycastle.asn1.ASN1ObjectIdentifier asn1ObjectIdentifier)

Checks if the given attribute is an instance of the expected asn1ObjectIdentifier type

Parameters:

attribute - Attribute to check

asn1ObjectIdentifier - ASN1ObjectIdentifier type to check against

Returns:

TRUE if the attribute is of type asn1ObjectIdentifier, FALSE otherwise

getTimeStampToken

public static org.bouncycastle.tsp.TimeStampToken getTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)

Creates a TimeStampToken from the provided attribute

Parameters:

attribute - Attribute to generate TimeStampToken from

Returns:

TimeStampToken

getCMSSignedData

public static org.bouncycastle.cms.CMSSignedData getCMSSignedData(org.bouncycastle.asn1.cms.Attribute attribute)
                                                           throws org.bouncycastle.cms.CMSException,
IOException

Creates a CMSSignedData from the provided attribute

Parameters:

attribute - Attribute to generate CMSSignedData from

Returns:

CMSSignedData

Throws:

IOException - in case of encoding exception

org.bouncycastle.cms.CMSException - in case if the provided attribute cannot be converted to CMSSignedData

getAsn1Encodable

public static org.bouncycastle.asn1.ASN1Encodable getAsn1Encodable(org.bouncycastle.asn1.cms.Attribute attribute)

Returns ASN1Encodable of the attribute

Parameters:

attribute - Attribute

Returns:

ASN1Encodable

getTimeStampTokenGenerationTime

public static Date getTimeStampTokenGenerationTime(org.bouncycastle.tsp.TimeStampToken timeStampToken)

Returns generation time for the provided timeStampToken

Parameters:

timeStampToken - TimeStampToken to get generation time for

Returns:

Date timestamp generation time

getRevocationValues

public static org.bouncycastle.asn1.esf.RevocationValues getRevocationValues(org.bouncycastle.asn1.ASN1Encodable encodable)

Returns RevocationValues from the given encodable

Parameters:

encodable - the encoded data to be parsed

Returns:

an instance of RevocationValues or null if the parsing failed

getCertificateRef

public static CertificateRef getCertificateRef(org.bouncycastle.asn1.ess.OtherCertID otherCertId)

Converts the OtherCertID to CertificateRef

Parameters:

otherCertId - OtherCertID

Returns:

CertificateRef

getPSD2QcStatement

public static PSD2QcType getPSD2QcStatement(CertificateToken certToken)

This method extract the PSD2 QcStatement informations for a given certificate

Parameters:

certToken - the certificate

Returns:

an instance of PSD2QcType or null

getQcLimitValue

public static QCLimitValue getQcLimitValue(CertificateToken certToken)

This method extracts the QcStatement regarding limits on the value of transactions for a given certificate

Parameters:

certToken - the certificate

Returns:

an instance of QCLimitValue or null

getSubjectAlternativeNames

public static List<String> getSubjectAlternativeNames(CertificateToken certToken)

Returns a list of subject alternative names

Parameters:

certToken - CertificateToken

Returns:

a list of Strings

getSemanticsIdentifier

public static SemanticsIdentifier getSemanticsIdentifier(CertificateToken certToken)

Extracts the SemanticsIdentifier from the certificate token

Parameters:

certToken - CertificateToken

Returns:

SemanticsIdentifier

fromAsn1toSignatureValue

public static byte[] fromAsn1toSignatureValue(EncryptionAlgorithm algorithm,
byte[] signatureValue)

Converts the ANS.1 binary signature value to the concatenated R || S format NOTE: used in XAdES and JAdES

Parameters:

algorithm - Encryption algorithm used to create the signatureValue

signatureValue - the originally computed signature value

Returns:

the converted signature value

isAsn1Encoded

public static boolean isAsn1Encoded(byte[] binaries)

Checks if the binaries are ASN.1 encoded.

Parameters:

binaries - byte array to check.

Returns:

if the binaries are ASN.1 encoded.

getDirectoryStringValue

public static String getDirectoryStringValue(org.bouncycastle.asn1.ASN1Encodable directoryStringInstance)

Returns a value of an ASN.1 DirectoryString instance Returns null if an error occurs during the transformation

Parameters:

directoryStringInstance - ASN1Encodable to get DirectoryString value from

Returns:

String value