public class AtsHashIndexv3 extends AbstractAtsHashIndex
ArchiveTimeStampv3
).
ATSHashIndexV3 ::= SEQUENCE {
hashIndAlgorithm AlgorithmIdentifier,
certificatesHashIndex SEQUENCE OF OCTET STRING,
crlsHashIndex SEQUENCE OF OCTET STRING,
unsignedAttrValuesHashIndex SEQUENCE OF OCTET STRING
}
The AtsHashIndexv3 identifies all components that are protected by an archival timestamp. These
components shall then be used for verifying the signature, the archive timestamp has been applied
to. Only the components identified by an ats-hash-index attribute are considered to be trusted.
An example code to identify the protected components may look like this:
CadesSignatureStream cadesSig = new CadesSignatureStream(in, data);
SignerInfo signerInfo = cadesSig.getSignerInfos()[signerInfoIndex];
ArchiveTimeStamp[] archiveTsps = cadesSig.getArchiveTimeStamps(signerInfoIndex);
for (ArchiveTimeStamp archiveTimestamp : archiveTsps) {
archiveTimestamp.verifyTimestampToken(null);
AbstractAtsHashIndex atsHashIndexAbstract = archiveTimestamp.getAtsHashIndex();
if(atsHashIndexAbstract instanceof AtsHashIndexv3){
AtsHashIndexv3 atsHashIndex = (AtsHashIndexv3)atsHashIndexAbstract;
Certificate[] indexedCertificates = atsHashIndex.getIndexedCertificates(cadesSig);
X509CRL[] indexedCrls = atsHashIndex.getIndexedCrls(cadesSig);
BasicOCSPResponse[] indexedOcspResponses = atsHashIndex.getIndexedOcspResponses(cadesSig);
AttributeValue[] indexedUnsignedAttrValues = atsHashIndex.getIndexedUnsignedAttrValues(signerInfo);
}
}
Modifier and Type | Field and Description |
---|---|
static iaik.asn1.ObjectID |
oid
The attributeType object identifier of the AtsHashIndexv3 attribute.
|
DEFAULTHASHALGORITHM
Constructor and Description |
---|
AtsHashIndexv3()
Default constructor.
|
AtsHashIndexv3(iaik.asn1.structures.AlgorithmID hashAlgorithm)
Constructor used to specify an alternative digest algorithm.
|
AtsHashIndexv3(iaik.asn1.structures.AlgorithmID hashAlgorithm,
iaik.cms.CertificateChoices[] certificates,
iaik.cms.RevocationInfoChoice[] revInfos,
iaik.asn1.structures.Attribute[] unsignedAttributes)
Constructor specifying the digest algorithm and the components to include the hash for.
|
AtsHashIndexv3(iaik.asn1.ASN1Object obj)
Creates an ATSHashIndexv3 from its ASN.1 representation.
|
AtsHashIndexv3(iaik.cms.CertificateChoices[] certificates,
iaik.cms.RevocationInfoChoice[] revInfos,
iaik.asn1.structures.Attribute[] unsignedAttributes)
Constructor specifying the components to include the hash for.
|
Modifier and Type | Method and Description |
---|---|
void |
addUnsignedAttrVAlueHash(byte[] unsignedAttrValueHash)
Add an unsigned attribute value hash to be included in this AtsHashIndexv3 attribute.
|
void |
addUnsignedAttrValues(iaik.asn1.structures.Attribute unsignedAttribute)
Calculate and add the hash for each value included in the given unsigned attribute.
|
boolean |
containsUnsignedAttrValueHash(byte[] unsignedAttrValueHash)
Returns true if the given unsigned attribute value hash is included in this
AtsHashIndexv3.
|
iaik.asn1.ObjectID |
getAttributeType() |
iaik.asn1.structures.AttributeValue[] |
getIndexedUnsignedAttrValues(iaik.cms.SignerInfo signerInfo)
Returns all unsigned attribute values included in the given signer info, whose hash values are
contained in this AtsHashIndexv3.
|
java.util.ArrayList<byte[]> |
getUnsignedAttreValueReferencesWithoutOriginalValues(iaik.cms.SignerInfo signerInfo)
Returns all unsigned attribute value references included in this AtsHashIndexv3, for
which no corresponding unsigned attribute value can be found in the given signer info.
|
java.util.Vector<byte[]> |
getUnsignedAttrValueHashes()
Returns all included unsigned attribute value hashes.
|
boolean |
multipleAllowed() |
addCertificate, addCertificateHash, addRevocatioInfo, addRevocationInfoHash, containsCertificateHash, containsReferencesWithoutOriginalValues, containsRevocationInfoHash, decode, equals, getCertificateHashes, getCertificateReferencesWithoutOriginalValues, getIndexedCertificates, getIndexedCrls, getIndexedEncodedCrls, getIndexedOcspResponses, getIndexedOtherRevocationInfos, getRevocationInfoHashes, getRevocationInfoReferencesWithoutOriginalValues, toASN1Object, toString
public static final iaik.asn1.ObjectID oid
public AtsHashIndexv3() throws java.security.NoSuchAlgorithmException
java.security.NoSuchAlgorithmException
- if the default hash algorithm can't be usedpublic AtsHashIndexv3(iaik.asn1.structures.AlgorithmID hashAlgorithm) throws java.security.NoSuchAlgorithmException
hashAlgorithm
- the digest algorithm to use for calculating the digest values of all included
componentsjava.security.NoSuchAlgorithmException
- if the specified digest algorithm is unknownpublic AtsHashIndexv3(iaik.asn1.structures.AlgorithmID hashAlgorithm, iaik.cms.CertificateChoices[] certificates, iaik.cms.RevocationInfoChoice[] revInfos, iaik.asn1.structures.Attribute[] unsignedAttributes) throws java.security.NoSuchAlgorithmException, iaik.asn1.CodingException
hashAlgorithm
- digest algorithm to use for calculating the components' hashcertificates
- certificates of which to calculate and include the hashrevInfos
- revocation information (CRLs and/or OCSP responses) of which to calculate and include
the hashunsignedAttributes
- unsigned attributes (like signature timestamps) of which to use the values for hash
calculation to be included in this AtsHashIndexv3java.security.NoSuchAlgorithmException
- if the specified digest algorithm is unknowniaik.asn1.CodingException
- if the components could not be encoded for hash calculationpublic AtsHashIndexv3(iaik.cms.CertificateChoices[] certificates, iaik.cms.RevocationInfoChoice[] revInfos, iaik.asn1.structures.Attribute[] unsignedAttributes) throws java.security.NoSuchAlgorithmException, iaik.asn1.CodingException
certificates
- certificates of which to calculate and include the hashrevInfos
- revocation information (CRLs and/or OCSP responses) of which to calculate and include
the hashunsignedAttributes
- unsigned attributes (like signature timestamps) of which to use the values for hash
calculation to be included in this AtsHashIndexv3java.security.NoSuchAlgorithmException
- if the specified digest algorithm is unknowniaik.asn1.CodingException
- if the components could not be encoded for hash calculationpublic AtsHashIndexv3(iaik.asn1.ASN1Object obj) throws iaik.asn1.CodingException, java.security.NoSuchAlgorithmException
obj
- the ATSHashIndexv3 as ASN1Objectiaik.asn1.CodingException
- if the ASN1Object could not be parsedjava.security.NoSuchAlgorithmException
- if the default hash algorithm can't be usedpublic void addUnsignedAttrValues(iaik.asn1.structures.Attribute unsignedAttribute) throws iaik.asn1.CodingException
unsignedAttribute
- unsigned attribute (e.g. signature timestamp) of which to include the
valuesiaik.asn1.CodingException
- if the unsigned attribute can't be encoded for the hash calculationpublic iaik.asn1.structures.AttributeValue[] getIndexedUnsignedAttrValues(iaik.cms.SignerInfo signerInfo) throws iaik.asn1.CodingException
signerInfo
- the signer info that was archived by the corresponding archive timestampiaik.asn1.CodingException
- if an unsigned attribute value of the given signer info can't be encoded for the hash
calculationpublic java.util.ArrayList<byte[]> getUnsignedAttreValueReferencesWithoutOriginalValues(iaik.cms.SignerInfo signerInfo) throws iaik.asn1.CodingException
signerInfo
- the signer info containing the unsigned attribute values to match against the unsigned
attribute value hashes of this AtsHashIndexv3iaik.asn1.CodingException
- if the unsigned attribute can't be encoded for the hash calculationpublic java.util.Vector<byte[]> getUnsignedAttrValueHashes()
public void addUnsignedAttrVAlueHash(byte[] unsignedAttrValueHash)
unsignedAttrValueHash
- the hash value of an unsigned attribute valuepublic boolean containsUnsignedAttrValueHash(byte[] unsignedAttrValueHash)
unsignedAttrValueHash
- the hash to be searched forpublic iaik.asn1.ObjectID getAttributeType()
getAttributeType
in class AbstractAtsHashIndex
public boolean multipleAllowed()
multipleAllowed
in class AbstractAtsHashIndex
2.2 (c) 2002 IAIK, (c) 2003 - 2016 SIC |