eu.europa.esig.dss

Class DSSASN1Utils

java.lang.Object

eu.europa.esig.dss.DSSASN1Utils

public final class DSSASN1Utils
extends Object

Utility class that contains some ASN1 related method.

Method Summary

Modifier and Type	Method and Description
static byte[]	computeSkiFromCert(CertificateToken certificateToken)
static org.bouncycastle.asn1.cms.AttributeTable	emptyIfNull(org.bouncycastle.asn1.cms.AttributeTable original)
static String	extractAttributeFromX500Principal(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, X500Principal x500PrincipalName)
static Map<String,String>	get(X500Principal x500Principal)
static org.bouncycastle.asn1.x509.AlgorithmIdentifier	getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm) Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm
static org.bouncycastle.asn1.ASN1Sequence	getAsn1SequenceFromDerOctetString(byte[] bytes) This method returns the ASN1Sequence encapsulated in DEROctetString.
static byte[]	getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm, byte[] policyBytes) This method computes the digest of an ASN1 signature policy (used in CAdES) TS 101 733 5.8.1 : If the signature policy is defined using ASN.1, then the hash is calculated on the value without the outer type and length fields, and the hashing algorithm shall be as specified in the field sigPolicyHash.
static byte[]	getBEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable) This method returns BER encoded ASN1 attribute.
static List<String>	getCAAccessLocations(CertificateToken certificate) Gives back the CA URIs meta-data found within the given certificate.
static String	getCanonicalizedName(org.bouncycastle.asn1.x509.GeneralNames generalNames) This method can be removed the simple IssuerSerial verification can be performed.
static CertificateToken	getCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertificateHolder)
static List<CertificatePolicy>	getCertificatePolicies(CertificateToken certToken)
static List<String>	getCrlUrls(CertificateToken certificateToken) Gives back the List of CRL URI meta-data found within the given X509 certificate.
static Date	getDate(org.bouncycastle.asn1.ASN1Encodable encodable)
static byte[]	getDEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable) This method returns DER encoded ASN1 attribute.
static byte[]	getEncoded(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
static byte[]	getEncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken) Returns an ASN.1 encoded bytes representing the TimeStampToken
static List<String>	getExtendedKeyUsage(CertificateToken certToken)
static org.bouncycastle.cms.SignerInformation	getFirstSignerInformation(org.bouncycastle.cms.CMSSignedData cms) Returns the first SignerInformation extracted from CMSSignedData.
static String	getHumanReadableName(CertificateToken cert)
static org.bouncycastle.asn1.x509.IssuerSerial	getIssuerSerial(CertificateToken certToken) This method returns a new IssuerSerial based on the certificate token
static List<String>	getOCSPAccessLocations(CertificateToken certificate) Gives back the OCSP URIs meta-data found within the given X509 cert.
static List<String>	getQCStatementsIdList(CertificateToken certToken) Get the list of all QCStatement Ids that are present in the certificate.
static List<String>	getQCTypesIdList(CertificateToken certToken) Get the list of all QCType Ids that are present in the certificate.
static byte[]	getSki(CertificateToken certificateToken) This method returns SKI bytes from the certificate extension.
static byte[]	getSki(CertificateToken certificateToken, boolean computeIfMissing) This method returns SKI bytes from certificate.
static String	getSubjectCommonName(CertificateToken cert)
static String	getUtf8String(X500Principal x500Principal)
static org.bouncycastle.cert.X509CertificateHolder	getX509CertificateHolder(CertificateToken certToken) Returns a X509CertificateHolder encapsulating the given X509Certificate.
static boolean	hasIdPkixOcspNoCheckExtension(CertificateToken token) Indicates if the revocation data should be checked for an OCSP signing certificate. http://www.ietf.org/rfc/rfc2560.txt?number=2560 A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate.
static boolean	isASN1SequenceTag(byte tagByte)
static boolean	isEmpty(org.bouncycastle.asn1.cms.AttributeTable attributeTable)
static boolean	isExtendedKeyUsagePresent(CertificateToken certToken, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
static boolean	isOCSPSigning(CertificateToken certToken) Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses. http://www.ietf.org/rfc/rfc3280.txt http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)} OID: 1.3.6.1.5.5.7.3.9
static <T extends org.bouncycastle.asn1.ASN1Primitive> T	toASN1Primitive(byte[] bytes) This method returns T extends ASN1Primitive created from array of bytes.
static Date	toDate(org.bouncycastle.asn1.ASN1GeneralizedTime asn1Date)
static String	toString(org.bouncycastle.asn1.ASN1OctetString value)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

toASN1Primitive

public static <T extends org.bouncycastle.asn1.ASN1Primitive> T toASN1Primitive(byte[] bytes)

This method returns T extends ASN1Primitive created from array of bytes. The IOException is transformed in DSSException.

Type Parameters:

T - the expected return type

Parameters:

bytes - array of bytes to be transformed to ASN1Primitive

Returns:

new T extends ASN1Primitive

getDEREncoded

public static byte[] getDEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)

This method returns DER encoded ASN1 attribute. The IOException is transformed in DSSException.

Parameters:

asn1Encodable - asn1Encodable to be DER encoded

Returns:

array of bytes representing the DER encoded asn1Encodable

getBEREncoded

public static byte[] getBEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)

This method returns BER encoded ASN1 attribute. The IOException is transformed in DSSException.

Parameters:

asn1Encodable - asn1Encodable to be BER encoded

Returns:

array of bytes representing the BER encoded asn1Encodable

getEncoded

public static byte[] getEncoded(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)

toDate

public static Date toDate(org.bouncycastle.asn1.ASN1GeneralizedTime asn1Date)

toString

public static String toString(org.bouncycastle.asn1.ASN1OctetString value)

getEncoded

public static byte[] getEncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)

Returns an ASN.1 encoded bytes representing the TimeStampToken

Parameters:

timeStampToken - TimeStampToken

Returns:

the binary of the TimeStampToken @ if the TimeStampToken encoding fails

getAsn1SequenceFromDerOctetString

public static org.bouncycastle.asn1.ASN1Sequence getAsn1SequenceFromDerOctetString(byte[] bytes)

This method returns the ASN1Sequence encapsulated in DEROctetString. The DEROctetString is represented as byte array.

Parameters:

bytes - byte representation of DEROctetString

Returns:

encapsulated ASN1Sequence @ in case of a decoding problem

getAsn1SignaturePolicyDigest

public static byte[] getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm,
                                                  byte[] policyBytes)

This method computes the digest of an ASN1 signature policy (used in CAdES) TS 101 733 5.8.1 : If the signature policy is defined using ASN.1, then the hash is calculated on the value without the outer type and length fields, and the hashing algorithm shall be as specified in the field sigPolicyHash.

Parameters:

digestAlgorithm - the digest algorithm to be used

policyBytes - the ASN.1 policy content

Returns:

the expected digest value

getCanonicalizedName

public static String getCanonicalizedName(org.bouncycastle.asn1.x509.GeneralNames generalNames)

This method can be removed the simple IssuerSerial verification can be performed. In fact the hash verification is sufficient.

Parameters:

generalNames - the generalNames

Returns:

the canonicalized name

getAlgorithmIdentifier

public static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm)

Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm

Parameters:

digestAlgorithm - the digest algorithm to encode

Returns:

the ASN.1 algorithm identifier structure

hasIdPkixOcspNoCheckExtension

public static boolean hasIdPkixOcspNoCheckExtension(CertificateToken token)

Indicates if the revocation data should be checked for an OCSP signing certificate.
http://www.ietf.org/rfc/rfc2560.txt?number=2560
A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL.

Parameters:

token - the certificate to be checked

Returns:

true if the certificate has the id_pkix_ocsp_nocheck extension

getCertificatePolicies

public static List<CertificatePolicy> getCertificatePolicies(CertificateToken certToken)

getQCStatementsIdList

public static List<String> getQCStatementsIdList(CertificateToken certToken)

Get the list of all QCStatement Ids that are present in the certificate. (As per ETSI EN 319 412-5 V2.1.1)

Parameters:

certToken - the certificate

Returns:

the list of QC Statements oids

getQCTypesIdList

public static List<String> getQCTypesIdList(CertificateToken certToken)

Get the list of all QCType Ids that are present in the certificate. (As per ETSI EN 319 412-5 V2.1.1)

Parameters:

certToken - the certificate

Returns:

the list of QCTypes oids

getSki

public static byte[] getSki(CertificateToken certificateToken)

This method returns SKI bytes from the certificate extension.

Parameters:

certificateToken - the CertificateToken

Returns:

ski bytes from the given certificate or null if missing

getSki

public static byte[] getSki(CertificateToken certificateToken,
                            boolean computeIfMissing)

This method returns SKI bytes from certificate.

Parameters:

certificateToken - CertificateToken

computeIfMissing - if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public Key

Returns:

ski bytes from the given certificate

computeSkiFromCert

public static byte[] computeSkiFromCert(CertificateToken certificateToken)

getCAAccessLocations

public static List<String> getCAAccessLocations(CertificateToken certificate)

Gives back the CA URIs meta-data found within the given certificate.

Parameters:

certificate - the certificate token.

Returns:

a list of CA URIs, or empty list if the extension is not present.

getOCSPAccessLocations

public static List<String> getOCSPAccessLocations(CertificateToken certificate)

Gives back the OCSP URIs meta-data found within the given X509 cert.

Parameters:

certificate - the cert token.

Returns:

a list of OCSP URIs, or empty list if the extension is not present.

getCrlUrls

public static List<String> getCrlUrls(CertificateToken certificateToken)

Gives back the List of CRL URI meta-data found within the given X509 certificate.

Parameters:

certificateToken - the cert token certificate

Returns:

the List of CRL URI, or empty list if the extension is not present

isOCSPSigning

public static boolean isOCSPSigning(CertificateToken certToken)

Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses.
http://www.ietf.org/rfc/rfc3280.txt
http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2
{iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)}
OID: 1.3.6.1.5.5.7.3.9

Parameters:

certToken - the certificate token

Returns:

true if the certificate has the id_kp_OCSPSigning ExtendedKeyUsage

isExtendedKeyUsagePresent

public static boolean isExtendedKeyUsagePresent(CertificateToken certToken,
                                                org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

getX509CertificateHolder

public static org.bouncycastle.cert.X509CertificateHolder getX509CertificateHolder(CertificateToken certToken)

Returns a X509CertificateHolder encapsulating the given X509Certificate.

Parameters:

certToken - the certificate to be encapsulated

Returns:

a X509CertificateHolder holding this certificate

getCertificate

public static CertificateToken getCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertificateHolder)

getIssuerSerial

public static org.bouncycastle.asn1.x509.IssuerSerial getIssuerSerial(CertificateToken certToken)

This method returns a new IssuerSerial based on the certificate token

Parameters:

certToken - the certificate token

Returns:

a IssuerSerial

get

public static Map<String,String> get(X500Principal x500Principal)

getUtf8String

public static String getUtf8String(X500Principal x500Principal)

extractAttributeFromX500Principal

public static String extractAttributeFromX500Principal(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier,
                                                       X500Principal x500PrincipalName)

getSubjectCommonName

public static String getSubjectCommonName(CertificateToken cert)

getHumanReadableName

public static String getHumanReadableName(CertificateToken cert)

getFirstSignerInformation

public static org.bouncycastle.cms.SignerInformation getFirstSignerInformation(org.bouncycastle.cms.CMSSignedData cms)

Returns the first SignerInformation extracted from CMSSignedData.

Parameters:

cms - CMSSignedData

Returns:

returns SignerInformation

isASN1SequenceTag

public static boolean isASN1SequenceTag(byte tagByte)

getDate

public static Date getDate(org.bouncycastle.asn1.ASN1Encodable encodable)

isEmpty

public static boolean isEmpty(org.bouncycastle.asn1.cms.AttributeTable attributeTable)

emptyIfNull

public static org.bouncycastle.asn1.cms.AttributeTable emptyIfNull(org.bouncycastle.asn1.cms.AttributeTable original)

getExtendedKeyUsage

public static List<String> getExtendedKeyUsage(CertificateToken certToken)