iaik.pdf.asn1objects

Class AbstractAtsHashIndex

java.lang.Object

iaik.asn1.structures.AttributeValue

iaik.pdf.asn1objects.AbstractAtsHashIndex

All Implemented Interfaces:

iaik.asn1.ASN1Type

Direct Known Subclasses:

AtsHashIndex, AtsHashIndexv3

public abstract class AbstractAtsHashIndex
extends iaik.asn1.structures.AttributeValue

This class is an abstract super class for the ats-hash-index attribute and its successor, the ats-hash-index-v3 attribute. It implements all functionality, that these attributes have in common. An ats-hash-index includes references to all essential components for a signature verification (certificates, revocation information, signature timestamps, etc.) and is part of an archive timestamp ( ArchiveTimeStampv3). An ats-hash-index identifies all components that are protected by an archival timestamp. These components shall then be used for verifying the signature, the archive timestamp has been applied to. Only the components identified by an ats-hash-index are considered to be trusted. An example code to identify the protected components may look like this: CadesSignatureStream cadesSig = new CadesSignatureStream(in, data); SignerInfo signerInfo = cadesSig.getSignerInfos()[signerInfoIndex]; ArchiveTimeStamp[] archiveTsps = cadesSig.getArchiveTimeStamps(signerInfoIndex); for (ArchiveTimeStamp archiveTimestamp : archiveTsps) { archiveTimestamp.verifyTimestampToken(null); AbstractAtsHashIndex atsHashIndex = archiveTimestamp.getAtsHashIndex(); Certificate[] indexedCertificates = atsHashIndex.getIndexedCertificates(cadesSig); X509CRL[] indexedCrls = atsHashIndex.getIndexedCrls(cadesSig); BasicOCSPResponse[] indexedOcspResponses = atsHashIndex.getIndexedOcspResponses(cadesSig); Attribute[] indexedUnsignedAttrs; AttributeValue[] indexedUnsignedAttrValues; if(atsHashIndex instanceof AtsHashIndex) indexedUnsignedAttrs = (AtsHashIndex)atsHashIndex.getIndexedUnsignedAttributes(signerInfo); else if(atsHashIndex instanceof AtsHashIndexv3) indexedUnsignedAttrValues = atsHashIndex.getIndexedUnsignedAttrValues(signerInfo); }

Field Summary

Fields

Modifier and Type	Field and Description
static iaik.asn1.structures.AlgorithmID	DEFAULTHASHALGORITHM Default digest algorithm SHA-256, used to calculate the digest values of all included components (certificates, revocation information, signature timestamps) if no other algorithm is specified.

Method Summary

Modifier and Type	Method and Description
void	addCertificate(iaik.cms.CertificateChoices certificate) Calculate and add the certificate's hash.
void	addCertificateHash(byte[] certHash) Add a certificate's hash value to be included in this ats-hash-index attribute.
void	addRevocatioInfo(iaik.cms.RevocationInfoChoice revocationInfo) Calculate and add the revocation info's hash.
void	addRevocationInfoHash(byte[] revocationInfoHash) Add a revocation info (CRL or OCSP response) hash value to be included in this ats-hash-index attribute.
boolean	containsCertificateHash(byte[] certificateHash) Returns true if the given certificate hash is included in this ats-hash-index.
boolean	containsReferencesWithoutOriginalValues(AbstractCadesSignature archivedSignature, iaik.cms.SignerInfo archivedSignerInfo) Checks whether this ats-hash-index contains any references, for which no corresponding objects (certificates, revocation infos, unsigned attributes) can be found in the given signature.
boolean	containsRevocationInfoHash(byte[] revocationInfoHash) Returns true if the given revocation info hash (of a CRL or OCSP response) is included in this ats-hash-index.
void	decode(iaik.asn1.ASN1Object obj) Decodes the given ASN.1 ats-hash-index object
boolean	equals(java.lang.Object obj) Compares this ats-hash-index to the specified object.
abstract iaik.asn1.ObjectID	getAttributeType()
java.util.Vector<byte[]>	getCertificateHashes() Returns all included certificate hashes.
java.util.ArrayList<byte[]>	getCertificateReferencesWithoutOriginalValues(AbstractCadesSignature archivedSignature) Returns all certificate references (certificate hashes) included in this ats-hash-index, for which no corresponding certificates can be found in the given signature.
java.security.cert.Certificate[]	getIndexedCertificates(AbstractCadesSignature archivedSignature) Returns all certificates included in the given signature, whose hash values are contained in this ats-hash-index.
iaik.x509.X509CRL[]	getIndexedCrls(AbstractCadesSignature archivedSignature) Returns all CRLs included in the given signature, whose hash values are contained in this ats-hash-index.
byte[][]	getIndexedEncodedCrls(AbstractCadesSignature archivedSignature) Returns the encodings of all CRLs included in the given signature, whose hash values are contained in this ats-hash-index.
iaik.x509.ocsp.BasicOCSPResponse[]	getIndexedOcspResponses(AbstractCadesSignature archivedSignature) Returns all OCSP responses included in the given signature, whose hash values are contained in this ats-hash-index.
java.security.cert.CRL[]	getIndexedOtherRevocationInfos(AbstractCadesSignature archivedSignature) Returns all revocation infos included in the given signature, that are not of type CRL or OCSP response and whose hash values are contained in this ats-hash-index.
java.util.Vector<byte[]>	getRevocationInfoHashes() Returns all included revocation information (CRL and/or OCSP responses) hashes.
java.util.ArrayList<byte[]>	getRevocationInfoReferencesWithoutOriginalValues(AbstractCadesSignature archivedSignature) Returns all revocation info references (revocation info hashes) included in this ats-hash-index, for which no corresponding revocation info object can be found in the given signature.
abstract boolean	multipleAllowed()
iaik.asn1.ASN1Object	toASN1Object() Returns this ats-hash-index as ASN1Object.
java.lang.String	toString()

Methods inherited from class iaik.asn1.structures.AttributeValue

getName

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULTHASHALGORITHM

public static final iaik.asn1.structures.AlgorithmID DEFAULTHASHALGORITHM

Default digest algorithm SHA-256, used to calculate the digest values of all included components (certificates, revocation information, signature timestamps) if no other algorithm is specified.

Method Detail

addCertificate

public void addCertificate(iaik.cms.CertificateChoices certificate)
                    throws iaik.asn1.CodingException

Calculate and add the certificate's hash.

Parameters:

certificate - certificate of which to calculate and include the hash

Throws:

iaik.asn1.CodingException - if the certificate could not be encoded for hash calculation

addRevocatioInfo

public void addRevocatioInfo(iaik.cms.RevocationInfoChoice revocationInfo)
                      throws iaik.asn1.CodingException

Calculate and add the revocation info's hash.

Parameters:

revocationInfo - revocation information (CRL or OCSP response) of which to calculate and include the hash

Throws:

iaik.asn1.CodingException - if the revocation information could not be encoded for hash calculation

getIndexedCertificates

public java.security.cert.Certificate[] getIndexedCertificates(AbstractCadesSignature archivedSignature)
                                                        throws iaik.asn1.CodingException

Returns all certificates included in the given signature, whose hash values are contained in this ats-hash-index. Use this method to get all certificates protected by the corresponding archive timestamp.

Parameters:

archivedSignature - the signature (CadesSignature or CadesSignatureStream) that was archived by the corresponding archive timestamp

Returns:

the indexed certificates or an empty array if no matching certificate references have been archived

Throws:

iaik.asn1.CodingException - if the certificates could not be encoded for hash calculation

getCertificateReferencesWithoutOriginalValues

public java.util.ArrayList<byte[]> getCertificateReferencesWithoutOriginalValues(AbstractCadesSignature archivedSignature)
                                                                          throws iaik.asn1.CodingException

Returns all certificate references (certificate hashes) included in this ats-hash-index, for which no corresponding certificates can be found in the given signature.

Parameters:

archivedSignature - the signature containing the certificates to match against the certificate hashes of this ats-hash-index

Returns:

all references without matching certificates

Throws:

iaik.asn1.CodingException - if a certificate of the given signature can't be encoded for the hash calculation

getIndexedCrls

public iaik.x509.X509CRL[] getIndexedCrls(AbstractCadesSignature archivedSignature)
                                   throws iaik.asn1.CodingException,
                                          CmsCadesException

Returns all CRLs included in the given signature, whose hash values are contained in this ats-hash-index. Use this method to get all CRLs protected by the corresponding archive timestamp.

Parameters:

archivedSignature - the signature (CadesSignature or CadesSignatureStream) that was archived by the corresponding archive timestamp

Returns:

the indexed CRLs or an empty array if no matching CRL references have been archived

Throws:

iaik.asn1.CodingException - if the CRLs can't be encoded for hash calculation

CmsCadesException - if the included CRLs can't be parsed

getIndexedEncodedCrls

public byte[][] getIndexedEncodedCrls(AbstractCadesSignature archivedSignature)
                               throws iaik.asn1.CodingException,
                                      CmsCadesException

Returns the encodings of all CRLs included in the given signature, whose hash values are contained in this ats-hash-index. Use this method to get all CRLs protected by the corresponding archive timestamp.

Parameters:

archivedSignature - the signature (CadesSignature or CadesSignatureStream) that was archived by the corresponding archive timestamp

Returns:

the encodings of all indexed CRLs or an empty array if no matching CRL references have been archived

Throws:

iaik.asn1.CodingException - if the CRLs can't be encoded for hash calculation

CmsCadesException - if the included CRLs can't be parsed

getIndexedOcspResponses

public iaik.x509.ocsp.BasicOCSPResponse[] getIndexedOcspResponses(AbstractCadesSignature archivedSignature)
                                                           throws iaik.asn1.CodingException,
                                                                  CmsCadesException

Returns all OCSP responses included in the given signature, whose hash values are contained in this ats-hash-index. Use this method to get all OCSP responses protected by the corresponding archive timestamp.

Parameters:

archivedSignature - the signature (CadesSignature or CadesSignatureStream) that was archived by the corresponding archive timestamp

Returns:

the indexed OCSP responses or an empty array if no matching OCSP response references have been archived

Throws:

iaik.asn1.CodingException - if the OCSP responses can't be encoded for hash calculation

CmsCadesException - if the included revocation infos can't be parsed

getIndexedOtherRevocationInfos

public java.security.cert.CRL[] getIndexedOtherRevocationInfos(AbstractCadesSignature archivedSignature)
                                                        throws iaik.asn1.CodingException,
                                                               CmsCadesException

Returns all revocation infos included in the given signature, that are not of type CRL or OCSP response and whose hash values are contained in this ats-hash-index. Use this method to get all other revocation infos protected by the corresponding archive timestamp.

Parameters:

archivedSignature - the signature (CadesSignature or CadesSignatureStream) that was archived by the corresponding archive timestamp

Returns:

the indexed other revocation infos or an empty array if no matching other revocation info references have been archived

Throws:

iaik.asn1.CodingException - if the other revocation info can't be encoded for hash calculation

CmsCadesException - if a revocation info can't be parsed to determine its type

getRevocationInfoReferencesWithoutOriginalValues

public java.util.ArrayList<byte[]> getRevocationInfoReferencesWithoutOriginalValues(AbstractCadesSignature archivedSignature)
                                                                             throws iaik.asn1.CodingException,
                                                                                    CmsCadesException

Returns all revocation info references (revocation info hashes) included in this ats-hash-index, for which no corresponding revocation info object can be found in the given signature.

Parameters:

archivedSignature - the signature containing the revocation infos to match against the revocation info hashes of this ats-hash-index

Returns:

all references without matching revocation infos

Throws:

iaik.asn1.CodingException - if a revocation info of the given signature can't be encoded for the hash calculation

CmsCadesException - if a revocation info can't be parsed to determine its type

containsReferencesWithoutOriginalValues

public boolean containsReferencesWithoutOriginalValues(AbstractCadesSignature archivedSignature,
                                                       iaik.cms.SignerInfo archivedSignerInfo)
                                                throws iaik.asn1.CodingException,
                                                       CmsCadesException

Checks whether this ats-hash-index contains any references, for which no corresponding objects (certificates, revocation infos, unsigned attributes) can be found in the given signature.

Parameters:

archivedSignature - the signature containing the certificates and revocation infos to match the references of this ats-hash-index against

archivedSignerInfo - the signer info containing the unsigned attributes to match the references of this ats-hash-index against

Returns:

true if this ats-hash-index contains references for which no matching objects can be found, false otherwise

Throws:

iaik.asn1.CodingException - if an error occurs when encoding for hash calculation

CmsCadesException - if another error occurs

getCertificateHashes

public java.util.Vector<byte[]> getCertificateHashes()

Returns all included certificate hashes.

Returns:

the included certificate hashes

getRevocationInfoHashes

public java.util.Vector<byte[]> getRevocationInfoHashes()

Returns all included revocation information (CRL and/or OCSP responses) hashes.

Returns:

the included revocation information hashes

addCertificateHash

public void addCertificateHash(byte[] certHash)

Add a certificate's hash value to be included in this ats-hash-index attribute.

Parameters:

certHash - the hash value of a certificate

addRevocationInfoHash

public void addRevocationInfoHash(byte[] revocationInfoHash)

Add a revocation info (CRL or OCSP response) hash value to be included in this ats-hash-index attribute.

Parameters:

revocationInfoHash - the hash value of a revocation info

containsCertificateHash

public boolean containsCertificateHash(byte[] certificateHash)

Returns true if the given certificate hash is included in this ats-hash-index.

Parameters:

certificateHash - the hash to be searched for

Returns:

true, if the given hash is included, false otherwise

containsRevocationInfoHash

public boolean containsRevocationInfoHash(byte[] revocationInfoHash)

Returns true if the given revocation info hash (of a CRL or OCSP response) is included in this ats-hash-index.

Parameters:

revocationInfoHash - the hash to be searched for

Returns:

true, if the given hash is included, false otherwise

decode

public void decode(iaik.asn1.ASN1Object obj)
            throws iaik.asn1.CodingException

Decodes the given ASN.1 ats-hash-index object

Parameters:

obj - the ats-hash-index as ASN1Object

Throws:

iaik.asn1.CodingException - if the ASN1Object could not be parsed

toASN1Object

public iaik.asn1.ASN1Object toASN1Object()
                                  throws iaik.asn1.CodingException

Returns this ats-hash-index as ASN1Object.

Returns:

this ats-hash-index as ASN1Object

Throws:

iaik.asn1.CodingException - if an de/encoding error occurs

toString

public java.lang.String toString()

Specified by:

toString in class iaik.asn1.structures.AttributeValue

equals

public boolean equals(java.lang.Object obj)

Compares this ats-hash-index to the specified object.

Overrides:

equals in class java.lang.Object

Parameters:

obj - the object to compare this ats-hash-index against.

Returns:

true, if the given object is equal to this ats-hash-index, false otherwise

getAttributeType

public abstract iaik.asn1.ObjectID getAttributeType()

Specified by:

getAttributeType in class iaik.asn1.structures.AttributeValue

multipleAllowed

public abstract boolean multipleAllowed()

Overrides:

multipleAllowed in class iaik.asn1.structures.AttributeValue