Package eu.europa.esig.dss.spi

Class DSSASN1Utils

java.lang.Object

eu.europa.esig.dss.spi.DSSASN1Utils

public final class DSSASN1Utils
extends Object

Utility class that contains some ASN1 related method.

Method Summary

Modifier and Type	Method	Description
static byte[]	computeSkiFromCert(CertificateToken certificateToken)	Computes SHA-1 hash of the certificateToken's public key
static byte[]	computeSkiFromCertPublicKey(PublicKey publicKey)	Computes SHA-1 hash of the given publicKey's
static org.bouncycastle.asn1.cms.AttributeTable	emptyIfNull(org.bouncycastle.asn1.cms.AttributeTable original)
static String	extractAttributeFromX500Principal(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, X500PrincipalHelper principal)
static List<org.bouncycastle.tsp.TimeStampToken>	findArchiveTimeStampTokens(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes)	Finds archive TimeStampTokens
static Map<String,String>	get(X500Principal x500Principal)
static org.bouncycastle.asn1.x509.AlgorithmIdentifier	getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm)	Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm
static org.bouncycastle.asn1.x509.AlgorithmIdentifier	getAlgorithmIdentifier(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)	Gets the ASN.1 algorithm identifier structure corresponding to the algorithm found in the provided Timestamp Hash Index Table, if such algorithm is present
static org.bouncycastle.asn1.cms.Attribute[]	getAsn1Attributes(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)	Returns an array of Attributes for a given oid found in the unsignedAttributes
static org.bouncycastle.asn1.ASN1Set	getAsn1AttributeSet(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)	Returns an Attribute values for a given oid found in the unsignedAttributes
static org.bouncycastle.asn1.ASN1Encodable	getAsn1Encodable(org.bouncycastle.asn1.cms.Attribute attribute)	Returns ASN1Encodable of the attribute
static org.bouncycastle.asn1.ASN1Encodable	getAsn1Encodable(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)	Returns ASN1Encodable for a given oid found in the unsignedAttributes
static org.bouncycastle.asn1.ASN1Sequence	getAsn1SequenceFromDerOctetString(byte[] bytes)	This method returns the ASN1Sequence encapsulated in DEROctetString.
static byte[]	getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm, byte[] policyBytes)	This method computes the digest of an ASN1 signature policy (used in CAdES) TS 101 733 5.8.1 : If the signature policy is defined using ASN.1, then the hash is calculated on the value without the outer type and length fields, and the hashing algorithm shall be as specified in the field sigPolicyHash.
static org.bouncycastle.asn1.ASN1Sequence	getAtsHashIndex(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)	Returns ats-hash-index table, with a related version present in from timestamp's unsigned properties
static org.bouncycastle.asn1.ASN1Sequence	getAtsHashIndexByVersion(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)	Returns ats-hash-index table, with a specified version present in from timestamp's unsigned properties
static org.bouncycastle.asn1.ASN1ObjectIdentifier	getAtsHashIndexVersionIdentifier(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)	Returns ASN1ObjectIdentifier of the found AtsHashIndex
static byte[]	getAuthorityKeyIdentifier(CertificateToken certificateToken)	This method returns authority key identifier as binaries from the certificate extension (SHA-1 of the public key of the issuer certificate).
static byte[]	getBEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)	This method returns BER encoded ASN1 attribute.
static List<String>	getCAAccessLocations(CertificateToken certificate)	Gives back the CA URIs meta-data found within the given certificate.
static CertificateToken	getCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertificateHolder)
static List<CertificatePolicy>	getCertificatePolicies(CertificateToken certToken)
static CertificateRef	getCertificateRef(org.bouncycastle.asn1.ess.OtherCertID otherCertId)
static org.bouncycastle.asn1.ASN1Sequence	getCertificatesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)	Extract the Unsigned Attribute Archive Timestamp Cert Hash Index from a timestampToken
static org.bouncycastle.cms.CMSSignedData	getCMSSignedData(org.bouncycastle.asn1.cms.Attribute attribute)	Creates a CMSSignedData from the provided attribute
static org.bouncycastle.asn1.ASN1Sequence	getCRLHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)	Extract the Unsigned Attribute Archive Timestamp Crl Hash Index from a timestampToken
static List<String>	getCrlUrls(CertificateToken certificateToken)	Gives back the List of CRL URI meta-data found within the given X509 certificate.
static Date	getDate(org.bouncycastle.asn1.ASN1Encodable encodable)
static byte[]	getDEREncoded(byte[] bytes)	Returns the ASN.1 encoded representation of byte array.
static byte[]	getDEREncoded(TimestampBinary timestampBinary)	Returns the ASN.1 encoded representation of TimestampBinary.
static byte[]	getDEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)	This method returns DER encoded ASN1 attribute.
static byte[]	getDEREncoded(org.bouncycastle.cms.CMSSignedData data)	Returns the ASN.1 encoded representation of CMSSignedData.
static byte[]	getDEREncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)
static List<org.bouncycastle.asn1.DEROctetString>	getDEROctetStrings(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)	Returns list of DEROctetString from an ASN1Sequence Useful when needed to get a list of hash values
static byte[]	getEncoded(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)
static byte[]	getEncoded(org.bouncycastle.cms.CMSSignedData cmsSignedData)	Returns an ASN.1 encoded bytes representing the CMSSignedData
static byte[]	getEncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)	Returns an ASN.1 encoded bytes representing the TimeStampToken
static List<String>	getExtendedKeyUsage(CertificateToken certToken)
static org.bouncycastle.cms.SignerInformation	getFirstSignerInformation(org.bouncycastle.cms.CMSSignedData cms)	Returns the first SignerInformation extracted from CMSSignedData.
static String	getHumanReadableName(CertificateToken cert)
static org.bouncycastle.asn1.x509.IssuerSerial	getIssuerSerial(byte[] binaries)
static org.bouncycastle.asn1.x509.IssuerSerial	getIssuerSerial(CertificateToken certToken)	This method returns a new IssuerSerial based on the certificate token
static X500Principal	getNormalizedX500Principal(X500Principal x500Principal)	This method normalizes the X500Principal object
static List<String>	getOCSPAccessLocations(CertificateToken certificate)	Gives back the OCSP URIs meta-data found within the given X509 cert.
static List<byte[]>	getOctetStringForAtsHashIndex(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)	Returns octets from the given attribute by defined atsh-hash-index type
static PSD2QcType	getPSD2QcStatement(CertificateToken certToken)	This method extract the PSD2 QcStatement informations for a given certificate
static List<String>	getQCLegislations(CertificateToken certToken)
static List<String>	getQCStatementsIdList(CertificateToken certToken)	Get the list of all QCStatement Ids that are present in the certificate.
static List<String>	getQCTypesIdList(CertificateToken certToken)	Get the list of all QCType Ids that are present in the certificate.
static org.bouncycastle.asn1.esf.RevocationValues	getRevocationValues(org.bouncycastle.asn1.ASN1Encodable encodable)	Returns RevocationValues from the given encodable
static SemanticsIdentifier	getSemanticsIdentifier(CertificateToken certToken)
static byte[]	getSki(CertificateToken certificateToken)	This method returns the Subject Key Identifier (SKI) bytes from the certificate extension (SHA-1 of the public key of the current certificate).
static byte[]	getSki(CertificateToken certificateToken, boolean computeIfMissing)	This method returns SKI bytes from certificate.
static String	getString(org.bouncycastle.asn1.ASN1Encodable attributeValue)
static List<String>	getSubjectAlternativeNames(CertificateToken certToken)
static String	getSubjectCommonName(CertificateToken cert)
static org.bouncycastle.tsp.TimeStampToken	getTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)	Creates a TimeStampToken from the provided attribute
static Date	getTimeStampTokenGenerationTime(org.bouncycastle.tsp.TimeStampToken timeStampToken)	Returns generation time for the provided timeStampToken
static org.bouncycastle.asn1.ASN1Sequence	getUnsignedAttributesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)	Extract the Unsigned Attribute Archive Timestamp Attribute Hash Index from a timestampToken
static String	getUtf8String(X500Principal x500Principal)
static org.bouncycastle.cert.X509CertificateHolder	getX509CertificateHolder(CertificateToken certToken)	Returns a X509CertificateHolder encapsulating the given X509Certificate.
static boolean	hasIdPkixOcspNoCheckExtension(CertificateToken token)	Indicates if the revocation data should be checked for an OCSP signing certificate. http://www.ietf.org/rfc/rfc2560.txt?
static boolean	isArchiveTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)	Checks if the attribute is of an allowed archive timestamp type
static boolean	isASN1SequenceTag(byte tagByte)
static boolean	isAttributeOfType(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier asn1ObjectIdentifier)	Checks if the given attribute is an instance of the expected asn1ObjectIdentifier type
static boolean	isEmpty(org.bouncycastle.asn1.cms.AttributeTable attributeTable)
static boolean	isExtendedKeyUsagePresent(CertificateToken certToken, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
static boolean	isOCSPSigning(CertificateToken certToken)	Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses. http://www.ietf.org/rfc/rfc3280.txt http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)} OID: 1.3.6.1.5.5.7.3.9
static boolean	isSkiEqual(byte[] ski, CertificateToken certificateToken)	Checks if the provided ski matches to a ski computed from a certificateToken's public key
static <T extends org.bouncycastle.asn1.ASN1Primitive> T	toASN1Primitive(byte[] bytes)	This method returns T extends ASN1Primitive created from array of bytes.
static CertificateIdentifier	toCertificateIdentifier(X500Principal issuerX500Principal, BigInteger serialNumber, byte[] ski)	This method transforms token's issuer and serial number information into a CertificateIdentifier object
static CertificateIdentifier	toCertificateIdentifier(org.bouncycastle.asn1.x509.IssuerSerial issuerAndSerial)	Transforms an object of class IssuerSerial into instance of CertificateIdentifier
static Date	toDate(org.bouncycastle.asn1.ASN1GeneralizedTime asn1Date)
static CertificateIdentifier	toIssuerSerialInfo(org.bouncycastle.cms.SignerId signerId)	This method transforms token's signerId into a CertificateIdentifier object
static String	toString(org.bouncycastle.asn1.ASN1OctetString value)
static X500Principal	toX500Principal(org.bouncycastle.asn1.x500.X500Name x500Name)	Transforms x500Name to X500Principal
static boolean	x500PrincipalAreEquals(X500Principal firstX500Principal, X500Principal secondX500Principal)	This method compares two X500Principals.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

toASN1Primitive

public static <T extends org.bouncycastle.asn1.ASN1Primitive> T toASN1Primitive(byte[] bytes)

This method returns T extends ASN1Primitive created from array of bytes. The IOException is transformed in DSSException.

Type Parameters:

T - the expected return type

Parameters:

bytes - array of bytes to be transformed to ASN1Primitive

Returns:

new T extends ASN1Primitive

getDEREncoded

public static byte[] getDEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)

This method returns DER encoded ASN1 attribute. The IOException is transformed in DSSException.

Parameters:

asn1Encodable - asn1Encodable to be DER encoded

Returns:

array of bytes representing the DER encoded asn1Encodable

getBEREncoded

public static byte[] getBEREncoded(org.bouncycastle.asn1.ASN1Encodable asn1Encodable)

This method returns BER encoded ASN1 attribute. The IOException is transformed in DSSException.

Parameters:

asn1Encodable - asn1Encodable to be BER encoded

Returns:

array of bytes representing the BER encoded asn1Encodable

getEncoded

public static byte[] getEncoded(org.bouncycastle.cert.ocsp.BasicOCSPResp basicOCSPResp)

toDate

public static Date toDate(org.bouncycastle.asn1.ASN1GeneralizedTime asn1Date)

toString

public static String toString(org.bouncycastle.asn1.ASN1OctetString value)

getEncoded

public static byte[] getEncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)

Returns an ASN.1 encoded bytes representing the TimeStampToken

Parameters:

timeStampToken - TimeStampToken

Returns:

the DER encoded TimeStampToken

getEncoded

public static byte[] getEncoded(org.bouncycastle.cms.CMSSignedData cmsSignedData)

Returns an ASN.1 encoded bytes representing the CMSSignedData

Parameters:

cmsSignedData - CMSSignedData

Returns:

the binary of the CMSSignedData @ if the CMSSignedData encoding fails

getDEREncoded

public static byte[] getDEREncoded(org.bouncycastle.tsp.TimeStampToken timeStampToken)

getDEREncoded

public static byte[] getDEREncoded(org.bouncycastle.cms.CMSSignedData data)

Returns the ASN.1 encoded representation of CMSSignedData.

Parameters:

data - the CMSSignedData to be encoded

Returns:

the DER encoded CMSSignedData

getDEREncoded

public static byte[] getDEREncoded(TimestampBinary timestampBinary)

Returns the ASN.1 encoded representation of TimestampBinary.

Parameters:

timestampBinary - the TimestampBinary to be encoded

Returns:

the DER encoded timestampBinary

getDEREncoded

public static byte[] getDEREncoded(byte[] bytes)

Returns the ASN.1 encoded representation of byte array.

Parameters:

bytes - the binary array to encode

Returns:

the DER encoded bytes

getAsn1SequenceFromDerOctetString

public static org.bouncycastle.asn1.ASN1Sequence getAsn1SequenceFromDerOctetString(byte[] bytes)

This method returns the ASN1Sequence encapsulated in DEROctetString. The DEROctetString is represented as byte array.

Parameters:

bytes - byte representation of DEROctetString

Returns:

encapsulated ASN1Sequence @ in case of a decoding problem

getAsn1SignaturePolicyDigest

public static byte[] getAsn1SignaturePolicyDigest(DigestAlgorithm digestAlgorithm, byte[] policyBytes)

This method computes the digest of an ASN1 signature policy (used in CAdES) TS 101 733 5.8.1 : If the signature policy is defined using ASN.1, then the hash is calculated on the value without the outer type and length fields, and the hashing algorithm shall be as specified in the field sigPolicyHash.

Parameters:

digestAlgorithm - the digest algorithm to be used

policyBytes - the ASN.1 policy content

Returns:

the expected digest value

getAlgorithmIdentifier

public static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)

Gets the ASN.1 algorithm identifier structure corresponding to the algorithm found in the provided Timestamp Hash Index Table, if such algorithm is present

Parameters:

atsHashIndexValue - ats-hash-index table from a timestamp

Returns:

the ASN.1 algorithm identifier structure

getAlgorithmIdentifier

public static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm)

Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm

Parameters:

digestAlgorithm - the digest algorithm to encode

Returns:

the ASN.1 algorithm identifier structure

getCertificatesHashIndex

public static org.bouncycastle.asn1.ASN1Sequence getCertificatesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)

Extract the Unsigned Attribute Archive Timestamp Cert Hash Index from a timestampToken

Parameters:

atsHashIndexValue -

Returns:

getCRLHashIndex

public static org.bouncycastle.asn1.ASN1Sequence getCRLHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)

Extract the Unsigned Attribute Archive Timestamp Crl Hash Index from a timestampToken

Parameters:

atsHashIndexValue -

Returns:

getUnsignedAttributesHashIndex

public static org.bouncycastle.asn1.ASN1Sequence getUnsignedAttributesHashIndex(org.bouncycastle.asn1.ASN1Sequence atsHashIndexValue)

Extract the Unsigned Attribute Archive Timestamp Attribute Hash Index from a timestampToken

Parameters:

atsHashIndexValue -

Returns:

getDEROctetStrings

public static List<org.bouncycastle.asn1.DEROctetString> getDEROctetStrings(org.bouncycastle.asn1.ASN1Sequence asn1Sequence)

Returns list of DEROctetString from an ASN1Sequence Useful when needed to get a list of hash values

Parameters:

asn1Sequence - ASN1Sequence to get list from

Returns:

list of DEROctetStrings

hasIdPkixOcspNoCheckExtension

public static boolean hasIdPkixOcspNoCheckExtension(CertificateToken token)

Indicates if the revocation data should be checked for an OCSP signing certificate.
http://www.ietf.org/rfc/rfc2560.txt?number=2560
A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL.

Parameters:

token - the certificate to be checked

Returns:

true if the certificate has the id_pkix_ocsp_nocheck extension

getCertificatePolicies

public static List<CertificatePolicy> getCertificatePolicies(CertificateToken certToken)

getQCStatementsIdList

public static List<String> getQCStatementsIdList(CertificateToken certToken)

Get the list of all QCStatement Ids that are present in the certificate. (As per ETSI EN 319 412-5 V2.1.1)

Parameters:

certToken - the certificate

Returns:

the list of QC Statements oids

getQCTypesIdList

public static List<String> getQCTypesIdList(CertificateToken certToken)

Get the list of all QCType Ids that are present in the certificate. (As per ETSI EN 319 412-5 V2.1.1)

Parameters:

certToken - the certificate

Returns:

the list of QCTypes oids

getQCLegislations

public static List<String> getQCLegislations(CertificateToken certToken)

getSki

public static byte[] getSki(CertificateToken certificateToken)

This method returns the Subject Key Identifier (SKI) bytes from the certificate extension (SHA-1 of the public key of the current certificate).

Parameters:

certificateToken - the CertificateToken

Returns:

ski bytes from the given certificate or null if missing

getSki

public static byte[] getSki(CertificateToken certificateToken, boolean computeIfMissing)

This method returns SKI bytes from certificate.

Parameters:

certificateToken - CertificateToken

computeIfMissing - if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public Key

Returns:

ski bytes from the given certificate

getAuthorityKeyIdentifier

public static byte[] getAuthorityKeyIdentifier(CertificateToken certificateToken)

This method returns authority key identifier as binaries from the certificate extension (SHA-1 of the public key of the issuer certificate).

Parameters:

certificateToken - the CertificateToken

Returns:

authority key identifier bytes from the given certificate (can be null if the certificate is self signed)

computeSkiFromCert

public static byte[] computeSkiFromCert(CertificateToken certificateToken)

Computes SHA-1 hash of the certificateToken's public key

Parameters:

certificateToken - CertificateToken to compute digest for

Returns:

byte array of public key's SHA-1 hash

computeSkiFromCertPublicKey

public static byte[] computeSkiFromCertPublicKey(PublicKey publicKey)

Computes SHA-1 hash of the given publicKey's

Parameters:

publicKey - PublicKey to compute digest for

Returns:

byte array of public key's SHA-1 hash

isSkiEqual

public static boolean isSkiEqual(byte[] ski, CertificateToken certificateToken)

Checks if the provided ski matches to a ski computed from a certificateToken's public key

Parameters:

ski - a byte array representing ski value (SHA-1 of the public key)

certificateToken - CertificateToken to check

Returns:

getCAAccessLocations

public static List<String> getCAAccessLocations(CertificateToken certificate)

Gives back the CA URIs meta-data found within the given certificate.

Parameters:

certificate - the certificate token.

Returns:

a list of CA URIs, or empty list if the extension is not present.

getOCSPAccessLocations

public static List<String> getOCSPAccessLocations(CertificateToken certificate)

Gives back the OCSP URIs meta-data found within the given X509 cert.

Parameters:

certificate - the cert token.

Returns:

a list of OCSP URIs, or empty list if the extension is not present.

getCrlUrls

public static List<String> getCrlUrls(CertificateToken certificateToken)

Gives back the List of CRL URI meta-data found within the given X509 certificate.

Parameters:

certificateToken - the cert token certificate

Returns:

the List of CRL URI, or empty list if the extension is not present

isOCSPSigning

public static boolean isOCSPSigning(CertificateToken certToken)

Indicates that a X509Certificates corresponding private key is used by an authority to sign OCSP-Responses.
http://www.ietf.org/rfc/rfc3280.txt
http://tools.ietf.org/pdf/rfc6960.pdf 4.2.2.2
{iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)}
OID: 1.3.6.1.5.5.7.3.9

Parameters:

certToken - the certificate token

Returns:

true if the certificate has the id_kp_OCSPSigning ExtendedKeyUsage

isExtendedKeyUsagePresent

public static boolean isExtendedKeyUsagePresent(CertificateToken certToken, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

getX509CertificateHolder

public static org.bouncycastle.cert.X509CertificateHolder getX509CertificateHolder(CertificateToken certToken)

Returns a X509CertificateHolder encapsulating the given X509Certificate.

Parameters:

certToken - the certificate to be encapsulated

Returns:

a X509CertificateHolder holding this certificate

getCertificate

public static CertificateToken getCertificate(org.bouncycastle.cert.X509CertificateHolder x509CertificateHolder)

toIssuerSerialInfo

public static CertificateIdentifier toIssuerSerialInfo(org.bouncycastle.cms.SignerId signerId)

This method transforms token's signerId into a CertificateIdentifier object

Parameters:

signerId - SignerId to be transformed

Returns:

CertificateIdentifier

toX500Principal

public static X500Principal toX500Principal(org.bouncycastle.asn1.x500.X500Name x500Name)

Transforms x500Name to X500Principal

Parameters:

x500Name - X500Name

Returns:

X500Principal

toCertificateIdentifier

public static CertificateIdentifier toCertificateIdentifier(X500Principal issuerX500Principal, BigInteger serialNumber, byte[] ski)

This method transforms token's issuer and serial number information into a CertificateIdentifier object

Parameters:

issuerX500Principal - X500Principal of the issuer

serialNumber - BigInteger of the token

ski - a byte array representing a SubjectKeyIdentifier (SHA-1 digest of the public key)

Returns:

CertificateIdentifier

getIssuerSerial

public static org.bouncycastle.asn1.x509.IssuerSerial getIssuerSerial(CertificateToken certToken)

This method returns a new IssuerSerial based on the certificate token

Parameters:

certToken - the certificate token

Returns:

a IssuerSerial

x500PrincipalAreEquals

public static boolean x500PrincipalAreEquals(X500Principal firstX500Principal, X500Principal secondX500Principal)

This method compares two X500Principals. X500Principal.CANONICAL and X500Principal.RFC2253 forms are compared.

Parameters:

firstX500Principal - the first X500Principal object to be compared

secondX500Principal - the second X500Principal object to be compared

Returns:

true if the two parameters contain the same key/values

get

public static Map<String,String> get(X500Principal x500Principal)

getNormalizedX500Principal

public static X500Principal getNormalizedX500Principal(X500Principal x500Principal)

This method normalizes the X500Principal object

Parameters:

x500Principal - to be normalized

Returns:

X500Principal normalized

getUtf8String

public static String getUtf8String(X500Principal x500Principal)

getString

public static String getString(org.bouncycastle.asn1.ASN1Encodable attributeValue)

extractAttributeFromX500Principal

public static String extractAttributeFromX500Principal(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, X500PrincipalHelper principal)

getSubjectCommonName

public static String getSubjectCommonName(CertificateToken cert)

getHumanReadableName

public static String getHumanReadableName(CertificateToken cert)

getFirstSignerInformation

public static org.bouncycastle.cms.SignerInformation getFirstSignerInformation(org.bouncycastle.cms.CMSSignedData cms)

Returns the first SignerInformation extracted from CMSSignedData.

Parameters:

cms - CMSSignedData

Returns:

returns SignerInformation

isASN1SequenceTag

public static boolean isASN1SequenceTag(byte tagByte)

getDate

public static Date getDate(org.bouncycastle.asn1.ASN1Encodable encodable)

isEmpty

public static boolean isEmpty(org.bouncycastle.asn1.cms.AttributeTable attributeTable)

emptyIfNull

public static org.bouncycastle.asn1.cms.AttributeTable emptyIfNull(org.bouncycastle.asn1.cms.AttributeTable original)

getExtendedKeyUsage

public static List<String> getExtendedKeyUsage(CertificateToken certToken)

getIssuerSerial

public static org.bouncycastle.asn1.x509.IssuerSerial getIssuerSerial(byte[] binaries)

toCertificateIdentifier

public static CertificateIdentifier toCertificateIdentifier(org.bouncycastle.asn1.x509.IssuerSerial issuerAndSerial)

Transforms an object of class IssuerSerial into instance of CertificateIdentifier

Parameters:

issuerAndSerial - IssuerSerial to transform

Returns:

CertificateIdentifier

getAtsHashIndex

public static org.bouncycastle.asn1.ASN1Sequence getAtsHashIndex(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)

Returns ats-hash-index table, with a related version present in from timestamp's unsigned properties

Parameters:

timestampUnsignedAttributes - AttributeTable unsigned properties of the timestamp

Returns:

the content of SignedAttribute: ATS-hash-index unsigned attribute with a present version

getAtsHashIndexByVersion

public static org.bouncycastle.asn1.ASN1Sequence getAtsHashIndexByVersion(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)

Returns ats-hash-index table, with a specified version present in from timestamp's unsigned properties

Parameters:

timestampUnsignedAttributes - AttributeTable unsigned properties of the timestamp

atsHashIndexVersionIdentifier - ASN1ObjectIdentifier identifier of ats-hash-index table to get

Returns:

the content of SignedAttribute: ATS-hash-index unsigned attribute with a requested version if present

getAtsHashIndexVersionIdentifier

public static org.bouncycastle.asn1.ASN1ObjectIdentifier getAtsHashIndexVersionIdentifier(org.bouncycastle.asn1.cms.AttributeTable timestampUnsignedAttributes)

Returns ASN1ObjectIdentifier of the found AtsHashIndex

Parameters:

timestampUnsignedAttributes - AttributeTable of the timestamp's unsignedAttributes

Returns:

ASN1ObjectIdentifier of the AtsHashIndex element version

getOctetStringForAtsHashIndex

public static List<byte[]> getOctetStringForAtsHashIndex(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier atsHashIndexVersionIdentifier)

Returns octets from the given attribute by defined atsh-hash-index type

Parameters:

attribute - Attribute to get byte array from

atsHashIndexVersionIdentifier - ASN1ObjectIdentifier to specify rules

Returns:

byte array

getAsn1Encodable

public static org.bouncycastle.asn1.ASN1Encodable getAsn1Encodable(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

Returns ASN1Encodable for a given oid found in the unsignedAttributes

Parameters:

unsignedAttributes - AttributeTable of a signature

oid - target ASN1ObjectIdentifier

Returns:

ASN1Encodable

getAsn1AttributeSet

public static org.bouncycastle.asn1.ASN1Set getAsn1AttributeSet(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

Returns an Attribute values for a given oid found in the unsignedAttributes

Parameters:

unsignedAttributes - AttributeTable of a signature

oid - target ASN1ObjectIdentifier

Returns:

ASN1Set

getAsn1Attributes

public static org.bouncycastle.asn1.cms.Attribute[] getAsn1Attributes(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

Returns an array of Attributes for a given oid found in the unsignedAttributes

Parameters:

unsignedAttributes - AttributeTable of a signature

oid - target ASN1ObjectIdentifier

Returns:

Attributes array

findArchiveTimeStampTokens

public static List<org.bouncycastle.tsp.TimeStampToken> findArchiveTimeStampTokens(org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes)

Finds archive TimeStampTokens

Parameters:

unsignedAttributes - AttributeTable to obtain timestamps from

isArchiveTimeStampToken

public static boolean isArchiveTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)

Checks if the attribute is of an allowed archive timestamp type

Parameters:

attribute - Attribute to check

Returns:

true if the attribute represents an archive timestamp element, false otherwise

isAttributeOfType

public static boolean isAttributeOfType(org.bouncycastle.asn1.cms.Attribute attribute, org.bouncycastle.asn1.ASN1ObjectIdentifier asn1ObjectIdentifier)

Checks if the given attribute is an instance of the expected asn1ObjectIdentifier type

Parameters:

attribute - Attribute to check

asn1ObjectIdentifier - ASN1ObjectIdentifier type to check against

Returns:

TRUE if the attribute is of type asn1ObjectIdentifier, FALSE otherwise

getTimeStampToken

public static org.bouncycastle.tsp.TimeStampToken getTimeStampToken(org.bouncycastle.asn1.cms.Attribute attribute)

Creates a TimeStampToken from the provided attribute

Parameters:

attribute - Attribute to generate TimeStampToken from

Returns:

TimeStampToken

getCMSSignedData

public static org.bouncycastle.cms.CMSSignedData getCMSSignedData(org.bouncycastle.asn1.cms.Attribute attribute) throws org.bouncycastle.cms.CMSException, IOException

Creates a CMSSignedData from the provided attribute

Parameters:

attribute - Attribute to generate CMSSignedData from

Returns:

CMSSignedData

Throws:

IOException - in case of encoding exception

org.bouncycastle.cms.CMSException - in case if the provided attribute cannot be converted to CMSSignedData

getAsn1Encodable

public static org.bouncycastle.asn1.ASN1Encodable getAsn1Encodable(org.bouncycastle.asn1.cms.Attribute attribute)

Returns ASN1Encodable of the attribute

Parameters:

attribute - Attribute

getTimeStampTokenGenerationTime

public static Date getTimeStampTokenGenerationTime(org.bouncycastle.tsp.TimeStampToken timeStampToken)

Returns generation time for the provided timeStampToken

Parameters:

timeStampToken - TimeStampToken to get generation time for

Returns:

Date timestamp generation time

getRevocationValues

public static org.bouncycastle.asn1.esf.RevocationValues getRevocationValues(org.bouncycastle.asn1.ASN1Encodable encodable)

Returns RevocationValues from the given encodable

Parameters:

encodable - the encoded data to be parsed

Returns:

an instance of RevocationValues or null if the parsing failed

getCertificateRef

public static CertificateRef getCertificateRef(org.bouncycastle.asn1.ess.OtherCertID otherCertId)

getPSD2QcStatement

public static PSD2QcType getPSD2QcStatement(CertificateToken certToken)

This method extract the PSD2 QcStatement informations for a given certificate

Parameters:

certToken - the certificate

Returns:

an instance of PSD2QcType or null

getSubjectAlternativeNames

public static List<String> getSubjectAlternativeNames(CertificateToken certToken)

getSemanticsIdentifier

public static SemanticsIdentifier getSemanticsIdentifier(CertificateToken certToken)