Package eu.europa.esig.dss.cms

Class CMSUtils

java.lang.Object
eu.europa.esig.dss.cms.CMSUtils
public final class CMSUtils extends Object
Contains utils methods for CMS processing

  • Method Summary

    Modifier and Type
    Method
    Description
    static void
    assertATSv2AugmentationSupported()
    This method returns whether the augmentation of signatures with an archive-time-stamp-v2 is supported by the current implementation
    static void
    assertEvidenceRecordEmbeddingSupported()
    This method checks whether the embedding of existing Evidence Records within CMS is supported by the current implementation
    static String
    getContentInfoEncoding(CMS cms)
    Gets encoding of the ContentInfo of CMS
    static DSSResourcesHandlerBuilder
    getDSSResourcesHandlerBuilder(DSSResourcesHandlerBuilder dssResourcesHandlerBuilder)
    This method is used to verify whether the provided DSSResourcesHandlerBuilder is supported by the current implementation.
    static CMS
    parseToCMS(byte[] binaries)
    Parses the given byte array to a CMS object
    static CMS
    parseToCMS(DSSDocument document)
    Parses the given DSSDocument to a CMS object
    static CMS
    populateDigestAlgorithmSet(CMS cms, Collection<org.bouncycastle.asn1.x509.AlgorithmIdentifier> digestAlgorithmsToAdd)
    Adds digest algorithms to CMSSignedData
    static org.bouncycastle.cms.SignerInformation
    recomputeSignerInformation(CMS cms, org.bouncycastle.cms.SignerId signerId, org.bouncycastle.operator.DigestCalculatorProvider digestCalculatorProvider, DSSResourcesHandlerBuilder resourcesHandlerBuilder)
    This method re-created the SignerInformation with a given signerId from CMS by providing the digestCalculatorProvider to the validation.
    static CMS
    replaceCertificatesAndCRLs(CMS cms, org.bouncycastle.util.Store<org.bouncycastle.cert.X509CertificateHolder> certificates, org.bouncycastle.util.Store<org.bouncycastle.cert.X509AttributeCertificateHolder> attributeCertificates, org.bouncycastle.util.Store<org.bouncycastle.cert.X509CRLHolder> crls, org.bouncycastle.util.Store<?> ocspResponsesStore, org.bouncycastle.util.Store<?> ocspBasicStore)
    Replaces SignedData content within the CMS with the provided values
    static CMS
    replaceSigners(CMS cms, org.bouncycastle.cms.SignerInformationStore newSignerStore)
    Replaces the signers within cms with the newSignerStore
    static org.bouncycastle.cms.SignerInformation
    replaceUnsignedAttributes(org.bouncycastle.cms.SignerInformation signerInformation, org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes)
    This method replaces unsignedAttributes within the given signerInformation
    static CMS
    toCMS(org.bouncycastle.tsp.TimeStampToken timeStampToken)
    Converts a TimeStampToken to a CMS
    static org.bouncycastle.cms.CMSTypedData
    toCMSEncapsulatedContent(DSSDocument document)
    Converts a DSSDocument to the corresponding CMSTypedData object type
    static void
    writeContentInfoEncoded(CMS cms, OutputStream os)
    Writes the encoded binaries of the ContentInfo element to the given OutputStream NOTE: This method is used for archive-time-stamp-v2 message-imprint computation.
    static void
    writeSignedDataCertificatesEncoded(CMS cms, OutputStream os)
    Writes the encoded binaries of the SignedData.certificates field to the given OutputStream NOTE: This method is used for archive-time-stamp-v2 message-imprint computation.
    static void
    writeSignedDataCRLsEncoded(CMS cms, OutputStream os)
    Writes the encoded binaries of the SignedData.crls field to the given OutputStream NOTE: This method is used for archive-time-stamp-v2 message-imprint computation.
    static void
    writeSignedDataDigestAlgorithmsEncoded(CMS cms, OutputStream os)
    Writes the encoded binaries of the SignedData.digestAlgorithms field to the given OutputStream NOTE: This method is used for evidence record hash computation
    static void
    writeSignedDataSignerInfosEncoded(CMS cms, OutputStream os)
    Writes the encoded binaries of the SignedData.signerInfos field to the given OutputStream NOTE: This method is used for evidence record hash computation
    static DSSDocument
    writeToDSSDocument(CMS cms, DSSResourcesHandlerBuilder resourcesHandlerBuilder)
    Creates a DSSDocument from the given CMS.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • parseToCMS

      public static CMS parseToCMS(DSSDocument document)
      Parses the given DSSDocument to a CMS object
      Parameters:
      document - DSSDocument to parse
      Returns:
      CMS

    • parseToCMS

      public static CMS parseToCMS(byte[] binaries)
      Parses the given byte array to a CMS object
      Parameters:
      binaries - byte array to parse
      Returns:
      CMS

    • writeToDSSDocument

      public static DSSDocument writeToDSSDocument(CMS cms, DSSResourcesHandlerBuilder resourcesHandlerBuilder)
      Creates a DSSDocument from the given CMS. This method uses a resourcesHandlerBuilder which defines the final document's implementation (e.g. in-memory document or a temporary document in a filesystem).
      Parameters:
      cms - CMS to create a document from
      resourcesHandlerBuilder - DSSResourcesHandlerBuilder
      Returns:
      DSSDocument

    • recomputeSignerInformation

      public static org.bouncycastle.cms.SignerInformation recomputeSignerInformation(CMS cms, org.bouncycastle.cms.SignerId signerId, org.bouncycastle.operator.DigestCalculatorProvider digestCalculatorProvider, DSSResourcesHandlerBuilder resourcesHandlerBuilder) throws org.bouncycastle.cms.CMSException
      This method re-created the SignerInformation with a given signerId from CMS by providing the digestCalculatorProvider to the validation. The returned SignerInformation contains validated digest according to the provided document.
      Parameters:
      cms - CMS containing a SignerInformation to be validated
      signerId - SignerId to re-compute
      digestCalculatorProvider - DigestCalculatorProvider containing digest of the original signed document
      resourcesHandlerBuilder - DSSResourcesHandlerBuilder
      Returns:
      SignerInformation
      Throws:
      org.bouncycastle.cms.CMSException - if an exception occurs on SignerInformation re-creation

    • replaceSigners

      public static CMS replaceSigners(CMS cms, org.bouncycastle.cms.SignerInformationStore newSignerStore)
      Replaces the signers within cms with the newSignerStore
      Parameters:
      cms - CMS to replace signers in
      newSignerStore - SignerInformationStore representing the new signers to be replaced with
      Returns:
      CMS containing the new signers store

    • replaceCertificatesAndCRLs

      public static CMS replaceCertificatesAndCRLs(CMS cms, org.bouncycastle.util.Store<org.bouncycastle.cert.X509CertificateHolder> certificates, org.bouncycastle.util.Store<org.bouncycastle.cert.X509AttributeCertificateHolder> attributeCertificates, org.bouncycastle.util.Store<org.bouncycastle.cert.X509CRLHolder> crls, org.bouncycastle.util.Store<?> ocspResponsesStore, org.bouncycastle.util.Store<?> ocspBasicStore)
      Replaces SignedData content within the CMS with the provided values
      Parameters:
      cms - CMS to replace content in
      certificates - Store
      attributeCertificates - Store
      crls - Store
      ocspResponsesStore - Store
      ocspBasicStore - Store
      Returns:
      CMS

    • populateDigestAlgorithmSet

      public static CMS populateDigestAlgorithmSet(CMS cms, Collection<org.bouncycastle.asn1.x509.AlgorithmIdentifier> digestAlgorithmsToAdd)
      Adds digest algorithms to CMSSignedData
      Parameters:
      cms - CMS to extend
      digestAlgorithmsToAdd - a collection of digest AlgorithmIdentifiers to be included
      Returns:
      CMS

    • toCMS

      public static CMS toCMS(org.bouncycastle.tsp.TimeStampToken timeStampToken)
      Converts a TimeStampToken to a CMS
      Parameters:
      timeStampToken - TimeStampToken
      Returns:
      CMS

    • getContentInfoEncoding

      public static String getContentInfoEncoding(CMS cms)
      Gets encoding of the ContentInfo of CMS
      Parameters:
      cms - CMS to check
      Returns:
      String encoding, e.g. 'DER' or 'BER'

    • writeSignedDataDigestAlgorithmsEncoded

      public static void writeSignedDataDigestAlgorithmsEncoded(CMS cms, OutputStream os) throws IOException
      Writes the encoded binaries of the SignedData.digestAlgorithms field to the given OutputStream NOTE: This method is used for evidence record hash computation
      Parameters:
      cms - CMS
      os - OutputStream
      Throws:
      IOException - if an exception occurs on bytes writing

    • writeContentInfoEncoded

      public static void writeContentInfoEncoded(CMS cms, OutputStream os) throws IOException
      Writes the encoded binaries of the ContentInfo element to the given OutputStream NOTE: This method is used for archive-time-stamp-v2 message-imprint computation.
      Parameters:
      cms - CMS
      os - OutputStream
      Throws:
      IOException - if an exception occurs on bytes writing

    • writeSignedDataCertificatesEncoded

      public static void writeSignedDataCertificatesEncoded(CMS cms, OutputStream os) throws IOException
      Writes the encoded binaries of the SignedData.certificates field to the given OutputStream NOTE: This method is used for archive-time-stamp-v2 message-imprint computation.
      Parameters:
      cms - CMS
      os - OutputStream
      Throws:
      IOException - if an exception occurs on bytes writing

    • writeSignedDataCRLsEncoded

      public static void writeSignedDataCRLsEncoded(CMS cms, OutputStream os) throws IOException
      Writes the encoded binaries of the SignedData.crls field to the given OutputStream NOTE: This method is used for archive-time-stamp-v2 message-imprint computation.
      Parameters:
      cms - CMS
      os - OutputStream
      Throws:
      IOException - if an exception occurs on bytes writing

    • writeSignedDataSignerInfosEncoded

      public static void writeSignedDataSignerInfosEncoded(CMS cms, OutputStream os) throws IOException
      Writes the encoded binaries of the SignedData.signerInfos field to the given OutputStream NOTE: This method is used for evidence record hash computation
      Parameters:
      cms - CMS
      os - OutputStream
      Throws:
      IOException - if an exception occurs on bytes writing

    • toCMSEncapsulatedContent

      public static org.bouncycastle.cms.CMSTypedData toCMSEncapsulatedContent(DSSDocument document)
      Converts a DSSDocument to the corresponding CMSTypedData object type
      Parameters:
      document - DSSDocument
      Returns:
      CMSTypedData

    • getDSSResourcesHandlerBuilder

      public static DSSResourcesHandlerBuilder getDSSResourcesHandlerBuilder(DSSResourcesHandlerBuilder dssResourcesHandlerBuilder)
      This method is used to verify whether the provided DSSResourcesHandlerBuilder is supported by the current implementation. Returns the given value in case of success.
      Parameters:
      dssResourcesHandlerBuilder - DSSResourcesHandlerBuilder
      Returns:
      DSSResourcesHandlerBuilder

    • replaceUnsignedAttributes

      public static org.bouncycastle.cms.SignerInformation replaceUnsignedAttributes(org.bouncycastle.cms.SignerInformation signerInformation, org.bouncycastle.asn1.cms.AttributeTable unsignedAttributes)
      This method replaces unsignedAttributes within the given signerInformation
      Parameters:
      signerInformation - SignerInformation to replace unsigned attributes table into
      unsignedAttributes - AttributeTable containing the unsigned properties to be replaced with
      Returns:
      SignerInformation updated

    • assertATSv2AugmentationSupported

      public static void assertATSv2AugmentationSupported()
      This method returns whether the augmentation of signatures with an archive-time-stamp-v2 is supported by the current implementation

    • assertEvidenceRecordEmbeddingSupported

      public static void assertEvidenceRecordEmbeddingSupported()
      This method checks whether the embedding of existing Evidence Records within CMS is supported by the current implementation