iaik.pdf.asn1objects

Class AtsHashIndex

java.lang.Object

iaik.asn1.structures.AttributeValue

iaik.pdf.asn1objects.AbstractAtsHashIndex

iaik.pdf.asn1objects.AtsHashIndex

All Implemented Interfaces:

iaik.asn1.ASN1Type

public class AtsHashIndex
extends AbstractAtsHashIndex

This class represents the ASN.1 structure of the ats-hash-index attribute as specified in ETSI TS 101 733. This attribute includes references for all essential components for a signature verification (certificates, revocation information, signature timestamps, etc.) and is part of an archive timestamp ( ArchiveTimeStampv3). ATSHashIndex ::= SEQUENCE { hashIndAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256}, certificatesHashIndex SEQUENCE OF OCTET STRING, crlsHashIndex SEQUENCE OF OCTET STRING, unsignedAttrsHashIndex SEQUENCE OF OCTET STRING } The AtsHashIndex identifies all components that are protected by an archival timestamp. These components shall then be used for verifying the signature, the archive timestamp has been applied to. Only the components identified by an ats-hash-index attribute are considered to be trusted. An example code to identify the protected components may look like this: CadesSignatureStream cadesSig = new CadesSignatureStream(in, data); SignerInfo signerInfo = cadesSig.getSignerInfos()[signerInfoIndex]; ArchiveTimeStamp[] archiveTsps = cadesSig.getArchiveTimeStamps(signerInfoIndex); for (ArchiveTimeStamp archiveTimestamp : archiveTsps) { archiveTimestamp.verifyTimestampToken(null); AbstractAtsHashIndex atsHashIndexAbstract = archiveTimestamp.getAtsHashIndex(); if(atsHashIndexAbstract instanceof AtsHashIndex){ AtsHashIndex atsHashIndex = (AtsHashIndex)atsHashIndexAbstract; Certificate[] indexedCertificates = atsHashIndex.getIndexedCertificates(cadesSig); X509CRL[] indexedCrls = atsHashIndex.getIndexedCrls(cadesSig); BasicOCSPResponse[] indexedOcspResponses = atsHashIndex.getIndexedOcspResponses(cadesSig); Attribute[] indexedUnsignedAttrs = atsHashIndex.getIndexedUnsignedAttributes(signerInfo); } }

Field Summary

Fields

Modifier and Type	Field and Description
static iaik.asn1.ObjectID	oid The attributeType object identifier of the AtsHashIndex attribute.

Fields inherited from class iaik.pdf.asn1objects.AbstractAtsHashIndex

DEFAULTHASHALGORITHM

Constructor Summary

Constructors

Constructor and Description
AtsHashIndex() Default constructor.
AtsHashIndex(iaik.asn1.structures.AlgorithmID hashAlgorithm) Constructor used to specify an alternative digest algorithm.
AtsHashIndex(iaik.asn1.structures.AlgorithmID hashAlgorithm, iaik.cms.CertificateChoices[] certificates, iaik.cms.RevocationInfoChoice[] revInfos, iaik.asn1.structures.Attribute[] unsignedAttributes) Constructor specifying the digest algorithm and the components to include the hash for.
AtsHashIndex(iaik.asn1.ASN1Object obj) Creates an ATSHashIndex from its ASN.1 representation.
AtsHashIndex(iaik.cms.CertificateChoices[] certificates, iaik.cms.RevocationInfoChoice[] revInfos, iaik.asn1.structures.Attribute[] unsignedAttributes) Constructor specifying the components to include the hash for.

Method Summary

Modifier and Type	Method and Description
void	addUnsignedAttribute(iaik.asn1.structures.Attribute unsignedAttribute) Calculate and add the unsigned attribute's hash.
void	addUnsignedAttributeHash(byte[] unsignedAttributeHash) Add an unsigned attribute hash value to be included in this AtsHashIndex attribute.
boolean	containsUnsignedAttrHash(byte[] unsignedAttrHash) Returns true if the given unsigned attribute hash is included in this AtsHashIndex.
iaik.asn1.ObjectID	getAttributeType()
iaik.asn1.structures.Attribute[]	getIndexedUnsignedAttributes(iaik.cms.SignerInfo signerInfo) Returns all unsigned attributes included in the given signer info, whose hash values are contained in this AtsHashIndex.
java.util.ArrayList<byte[]>	getUnsignedAttributeReferencesWithoutOriginalValues(iaik.cms.SignerInfo signerInfo) Returns all unsigned attribute references (unsigned attribute hashes) included in this AtsHashIndex, for which no corresponding unsigned attribute can be found in the given signer info.
java.util.Vector<byte[]>	getUnsignedAttributesHashes() Returns all included unsigned attribute hashes.
boolean	multipleAllowed()

Methods inherited from class iaik.pdf.asn1objects.AbstractAtsHashIndex

addCertificate, addCertificateHash, addRevocatioInfo, addRevocationInfoHash, containsCertificateHash, containsReferencesWithoutOriginalValues, containsRevocationInfoHash, decode, equals, getCertificateHashes, getCertificateReferencesWithoutOriginalValues, getIndexedCertificates, getIndexedCrls, getIndexedEncodedCrls, getIndexedOcspResponses, getIndexedOtherRevocationInfos, getRevocationInfoHashes, getRevocationInfoReferencesWithoutOriginalValues, toASN1Object, toString

Methods inherited from class iaik.asn1.structures.AttributeValue

getName

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final iaik.asn1.ObjectID oid

The attributeType object identifier of the AtsHashIndex attribute. The corresponding OID string is "0.4.0.1733.2.5".

Constructor Detail

AtsHashIndex

public AtsHashIndex()
             throws java.security.NoSuchAlgorithmException

Default constructor. Default digest algorithm SHA-256 is used. Components may be added using the appropriate add-methods.

Throws:

java.security.NoSuchAlgorithmException - if the default hash algorithm can't be used

AtsHashIndex

public AtsHashIndex(iaik.asn1.structures.AlgorithmID hashAlgorithm)
             throws java.security.NoSuchAlgorithmException

Constructor used to specify an alternative digest algorithm. Components may be added using the appropriate add-methods.

Parameters:

hashAlgorithm - the digest algorithm to use for calculating the digest values of all included components

Throws:

java.security.NoSuchAlgorithmException - if the specified digest algorithm is unknown

AtsHashIndex

public AtsHashIndex(iaik.asn1.structures.AlgorithmID hashAlgorithm,
                    iaik.cms.CertificateChoices[] certificates,
                    iaik.cms.RevocationInfoChoice[] revInfos,
                    iaik.asn1.structures.Attribute[] unsignedAttributes)
             throws java.security.NoSuchAlgorithmException,
                    iaik.asn1.CodingException

Constructor specifying the digest algorithm and the components to include the hash for.

Parameters:

hashAlgorithm - digest algorithm to use for calculating the components' hash

certificates - certificates of which to calculate and include the hash

revInfos - revocation information (CRLs and/or OCSP responses) of which to calculate and include the hash

unsignedAttributes - unsigned attributes (like signature timestamps) of which to calculate and include the hash

Throws:

java.security.NoSuchAlgorithmException - if the specified digest algorithm is unknown

iaik.asn1.CodingException - if the components could not be encoded for hash calculation

AtsHashIndex

public AtsHashIndex(iaik.cms.CertificateChoices[] certificates,
                    iaik.cms.RevocationInfoChoice[] revInfos,
                    iaik.asn1.structures.Attribute[] unsignedAttributes)
             throws java.security.NoSuchAlgorithmException,
                    iaik.asn1.CodingException

Constructor specifying the components to include the hash for. Default hash algorithm SHA-256 is used.

Parameters:

certificates - certificates of which to calculate and include the hash

revInfos - revocation information (CRLs and/or OCSP responses) of which to calculate and include the hash

unsignedAttributes - unsigned attributes (like signature timestamps) of which to calculate and include the hash

Throws:

java.security.NoSuchAlgorithmException - if the specified digest algorithm is unknown

iaik.asn1.CodingException - if the components could not be encoded for hash calculation

AtsHashIndex

public AtsHashIndex(iaik.asn1.ASN1Object obj)
             throws iaik.asn1.CodingException,
                    java.security.NoSuchAlgorithmException

Creates an ATSHashIndex from its ASN.1 representation.

Parameters:

obj - the ATSHashIndex as ASN1Object

Throws:

iaik.asn1.CodingException - if the ASN1Object could not be parsed

java.security.NoSuchAlgorithmException - if the default hash algorithm can't be used

Method Detail

addUnsignedAttribute

public void addUnsignedAttribute(iaik.asn1.structures.Attribute unsignedAttribute)

Calculate and add the unsigned attribute's hash.

Parameters:

unsignedAttribute - unsigned attribute (e.g. signature timestamp) of which to calculate and include the hash

getIndexedUnsignedAttributes

public iaik.asn1.structures.Attribute[] getIndexedUnsignedAttributes(iaik.cms.SignerInfo signerInfo)

Returns all unsigned attributes included in the given signer info, whose hash values are contained in this AtsHashIndex. Use this method to get all unsigned attributes protected by the corresponding archive timestamp.

Parameters:

signerInfo - the signer info that was archived by the corresponding archive timestamp

Returns:

the indexed unsigned attributes for the given signer info or an empty array if no unsigned attributes have been archived

getUnsignedAttributeReferencesWithoutOriginalValues

public java.util.ArrayList<byte[]> getUnsignedAttributeReferencesWithoutOriginalValues(iaik.cms.SignerInfo signerInfo)

Returns all unsigned attribute references (unsigned attribute hashes) included in this AtsHashIndex, for which no corresponding unsigned attribute can be found in the given signer info.

Parameters:

signerInfo - the signer info containing the unsigned attributes to match against the unsigned attribute hashes of this AtsHashIndex

Returns:

all references without matching unsigned attributes

getUnsignedAttributesHashes

public java.util.Vector<byte[]> getUnsignedAttributesHashes()

Returns all included unsigned attribute hashes.

Returns:

the included unsigned attribute hashes

addUnsignedAttributeHash

public void addUnsignedAttributeHash(byte[] unsignedAttributeHash)

Add an unsigned attribute hash value to be included in this AtsHashIndex attribute.

Parameters:

unsignedAttributeHash - the hash value of an unsigned attribute

containsUnsignedAttrHash

public boolean containsUnsignedAttrHash(byte[] unsignedAttrHash)

Returns true if the given unsigned attribute hash is included in this AtsHashIndex.

Parameters:

unsignedAttrHash - the hash to be searched for

Returns:

true, if the given hash is included, false otherwise

getAttributeType

public iaik.asn1.ObjectID getAttributeType()

Specified by:

getAttributeType in class AbstractAtsHashIndex

multipleAllowed

public boolean multipleAllowed()

Specified by:

multipleAllowed in class AbstractAtsHashIndex