import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
/**
 * @param args
 * @throws Exception 
 */
public static void main(String[] args) throws Exception {
	byte[] efcsBytes = readBinaryFile("/home/tsenger/Desktop/EFCardSecurity.bin");
	ASN1Sequence asnSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(efcsBytes);
	ContentInfo contentInfo = ContentInfo.getInstance(asnSeq);
	System.out.println(contentInfo.getContentType());
	DERSequence derSeq = (DERSequence) contentInfo.getContent();
	System.out.println(HexString.bufferToHex(derSeq.getEncoded(null)));
	SignedData signedData = SignedData.getInstance(derSeq);
	System.out.println("CMSVersion: "+signedData.getVersion().getValue().intValue());
	ContentInfo contentInfo2 = signedData.getEncapContentInfo();
	System.out.println(contentInfo2.getContentType());
	DEROctetString octString = (DEROctetString) contentInfo2.getContent();
	System.out.println("OctetString:\n"+HexString.bufferToHex(octString.getEncoded(null)));
	System.out.println("OctetString:\n"+HexString.bufferToHex(octString.getOctets()));
	
	SecurityInfos si = new SecurityInfos();
	si.decode(octString.getOctets());
	System.out.println(si);
	
	byte[] parameter = si.getChipAuthenticationPublicKeyInfoList().get(0).getPublicKey().getPublicKey();
	System.out.println(HexString.bufferToHex(parameter));
	System.out.println("Key Referenz: "+si.getChipAuthenticationPublicKeyInfoList().get(0).getKeyId());
	System.out.println("id_CA OID: "+si.getChipAuthenticationPublicKeyInfoList().get(0).getPublicKey().getAlgorithm().getAlgorithm());

}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
private SecurityInfos decodeEFCardSecurity(byte[] data)
		throws IOException, CertificateException, CMSException, OperatorCreationException {
	
	ASN1Sequence asnSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(data);
	ContentInfo contentInfo = ContentInfo.getInstance(asnSeq);
	DERSequence derSeq = (DERSequence) contentInfo.getContent();

	SignedData cardSecurity = SignedData.getInstance(derSeq);

	// Get SecurityInfos
	ContentInfo encapContentInfo = cardSecurity.getEncapContentInfo();
	DEROctetString octString = (DEROctetString) encapContentInfo.getContent();
	SecurityInfos si = new SecurityInfos();
	si.decode(octString.getOctets());

	return si;
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
/**
 * The field crlsHashIndex is a sequence of octet strings. Each one contains the hash value of one instance of
 * RevocationInfoChoice within crls field of the root SignedData. A hash value for every instance of
 * RevocationInfoChoice, as present at the time when the corresponding archive time-stamp is requested, shall be
 * included in crlsHashIndex. No other hash values shall be included in this field.
 *
 * @return
 * @throws eu.europa.esig.dss.DSSException
 */
@SuppressWarnings("unchecked")
private ASN1Sequence getCRLsHashIndex() throws DSSException {

	final ASN1EncodableVector crlsHashIndex = new ASN1EncodableVector();

	final SignedData signedData = SignedData.getInstance(cadesSignature.getCmsSignedData().toASN1Structure().getContent());
	final ASN1Set signedDataCRLs = signedData.getCRLs();
	if (signedDataCRLs != null) {
		final Enumeration<ASN1Encodable> crLs = signedDataCRLs.getObjects();
		if (crLs != null) {
			while (crLs.hasMoreElements()) {
				final ASN1Encodable asn1Encodable = crLs.nextElement();
				digestAndAddToList(crlsHashIndex, DSSASN1Utils.getDEREncoded(asn1Encodable));
			}
		}
	}

	return new DERSequence(crlsHashIndex);
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
@Before
public void init() throws Exception {
	DSSDocument signedDocument = getSignedDocument();

	ASN1InputStream asn1sInput = new ASN1InputStream(signedDocument.openStream());
	ASN1Sequence asn1Seq = (ASN1Sequence) asn1sInput.readObject();
	assertEquals(2, asn1Seq.size());
	ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(asn1Seq.getObjectAt(0));
	assertEquals(PKCSObjectIdentifiers.signedData, oid);

	ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(asn1Seq.getObjectAt(1));
	signedData = SignedData.getInstance(taggedObj.getObject());

	ASN1Set signerInfosAsn1 = signedData.getSignerInfos();
	assertEquals(1, signerInfosAsn1.size());

	signerInfo = SignerInfo.getInstance(ASN1Sequence.getInstance(signerInfosAsn1.getObjectAt(0)));

	Utils.closeQuietly(asn1sInput);
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
private SignedData getCert(X509Ca ca, BigInteger serialNumber)
        throws FailInfoException, OperationException {
    X509Certificate cert;
    try {
        cert = ca.getCertificate(serialNumber);
    } catch (CertificateException ex) {
        final String message = "could not get certificate for CA '" + caIdent
                + "' and serialNumber=" + LogUtil.formatCsn(serialNumber) + ")";
        LogUtil.error(LOG, ex, message);
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    if (cert == null) {
        throw FailInfoException.BAD_CERTID;
    }
    return buildSignedData(cert);
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
private SignedData pollCert(X509Ca ca, X500Name subject, TransactionId tid)
        throws FailInfoException, OperationException {
    byte[] tidBytes = getTransactionIdBytes(tid.id());
    List<X509Certificate> certs = ca.getCertificate(subject, tidBytes);
    if (CollectionUtil.isEmpty(certs)) {
        certs = ca.getCertificate(subject, null);
    }

    if (CollectionUtil.isEmpty(certs)) {
        throw FailInfoException.BAD_CERTID;
    }

    if (certs.size() > 1) {
        LOG.warn("given certId (subject: {}) and transactionId {} match multiple certificates",
            X509Util.getRfc4519Name(subject), tid.id());
        throw FailInfoException.BAD_CERTID;
    }

    return buildSignedData(certs.get(0));
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
private SignedData buildSignedData(X509Certificate cert) throws OperationException {
    CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
    try {
        X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded());
        cmsSignedDataGen.addCertificate(certHolder);
        if (control.includeCaCert()) {
            refreshCa();
            cmsSignedDataGen.addCertificate(caCert.certHolder());
        }
        CMSSignedData signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
        return SignedData.getInstance(signedData.toASN1Structure().getContent());
    } catch (CMSException | IOException | CertificateEncodingException ex) {
        LogUtil.error(LOG, ex);
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
private SignedData getCrl(X509Ca ca, BigInteger serialNumber)
        throws FailInfoException, OperationException {
    if (!control.supportGetCrl()) {
        throw FailInfoException.BAD_REQUEST;
    }

    CertificateList crl = ca.getBcCurrentCrl();
    if (crl == null) {
        throw FailInfoException.BAD_REQUEST;
    }
    CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
    cmsSignedDataGen.addCRL(new X509CRLHolder(crl));

    CMSSignedData signedData;
    try {
        signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
    } catch (CMSException ex) {
        LogUtil.error(LOG, ex, "could not generate CMSSignedData");
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    return SignedData.getInstance(signedData.toASN1Structure().getContent());
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
/**
 * The field crlsHashIndex is a sequence of octet strings. Each one contains the hash value of one instance of
 * RevocationInfoChoice within crls field of the root SignedData. A hash value for every instance of
 * RevocationInfoChoice, as present at the time when the corresponding archive time-stamp is requested, shall be
 * included in crlsHashIndex. No other hash values shall be included in this field.
 *
 * @return
 * @throws eu.europa.esig.dss.DSSException
 */
@SuppressWarnings("unchecked")
private ASN1Sequence getVerifiedCRLsHashIndex(TimestampToken timestampToken) throws DSSException {

	final ASN1Sequence crlHashes = getCRLHashIndex(timestampToken);
	final List<DEROctetString> crlHashesList = new ArrayList<DEROctetString>();
	if (crlHashes != null) {
		crlHashesList.addAll(Collections.list(crlHashes.getObjects()));
	}

	final SignedData signedData = SignedData.getInstance(cadesSignature.getCmsSignedData().toASN1Structure().getContent());
	final ASN1Set signedDataCRLs = signedData.getCRLs();
	if (signedDataCRLs != null) {
		final Enumeration<ASN1Encodable> crLs = signedDataCRLs.getObjects();
		if (crLs != null) {
			while (crLs.hasMoreElements()) {
				final ASN1Encodable asn1Encodable = crLs.nextElement();
				handleRevocationEncoded(crlHashesList, DSSASN1Utils.getDEREncoded(asn1Encodable));
			}
		}
	}

	if (!crlHashesList.isEmpty()) {
		LOG.error("{} attribute hash in CRL Hashes have not been found in document attributes: {}", crlHashesList.size(), crlHashesList);
		// return a empty DERSequence to screw up the hash
		return new DERSequence();
	}

	return crlHashes;
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
private List<X509Certificate> extractCertificates(SignedData signedData) throws Exception {
	ASN1Set certificates = signedData.getCertificates();
	logger.info("CERTIFICATES (" + certificates.size() + ") : " + certificates);

	List<X509Certificate> foundCertificates = new ArrayList<X509Certificate>();
	for (int i = 0; i < certificates.size(); i++) {
		ASN1Sequence seqCertif = ASN1Sequence.getInstance(certificates.getObjectAt(i));

		X509CertificateHolder certificateHolder = new X509CertificateHolder(seqCertif.getEncoded());
		CertificateToken certificate = DSSASN1Utils.getCertificate(certificateHolder);

		foundCertificates.add(certificate.getCertificate());
	}
	return foundCertificates;
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
/**
 * Replace the SignerInformation store associated with this
 * CMSSignedData object with the new one passed in. You would
 * probably only want to do this if you wanted to change the unsigned 
 * attributes associated with a signer, or perhaps delete one.
 * 
 * @param signedData the signed data object to be used as a base.
 * @param signerInformationStore the new signer information store to use.
 * @return a new signed data object.
 */
public static CMSSignedData replaceSigners(
    CMSSignedData           signedData,
    SignerInformationStore  signerInformationStore)
{
    //
    // copy
    //
    CMSSignedData   cms = new CMSSignedData(signedData);
    
    //
    // replace the store
    //
    cms.signerInfoStore = signerInformationStore;

    //
    // replace the signers in the SignedData object
    //
    ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
    ASN1EncodableVector vec = new ASN1EncodableVector();
    
    Iterator    it = signerInformationStore.getSigners().iterator();
    while (it.hasNext())
    {
        SignerInformation signer = (SignerInformation)it.next();
        digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
        vec.add(signer.toASN1Structure());
    }

    ASN1Set             digests = new DERSet(digestAlgs);
    ASN1Set             signers = new DERSet(vec);
    ASN1Sequence        sD = (ASN1Sequence)signedData.signedData.toASN1Primitive();

    vec = new ASN1EncodableVector();
    
    //
    // signers are the last item in the sequence.
    //
    vec.add(sD.getObjectAt(0)); // version
    vec.add(digests);

    for (int i = 2; i != sD.size() - 1; i++)
    {
        vec.add(sD.getObjectAt(i));
    }
    
    vec.add(signers);
    
    cms.signedData = SignedData.getInstance(new BERSequence(vec));
    
    //
    // replace the contentInfo with the new one
    //
    cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
    
    return cms;
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
@Test
public void testContentTimeStamp() throws IOException {
	File file = new File("src/test/resources/plugtest/cades/CAdES-BES/Sample_Set_11/Signature-C-BES-4.p7m");

	FileInputStream fis = new FileInputStream(file);
	ASN1InputStream asn1sInput = new ASN1InputStream(Utils.toByteArray(fis));
	ASN1Sequence asn1Seq = (ASN1Sequence) asn1sInput.readObject();

	ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(asn1Seq.getObjectAt(1));
	ASN1Primitive object = taggedObj.getObject();
	SignedData signedData = SignedData.getInstance(object);

	ASN1Set signerInfosAsn1 = signedData.getSignerInfos();
	ASN1Sequence seqSignedInfo = ASN1Sequence.getInstance(signerInfosAsn1.getObjectAt(0));

	SignerInfo signedInfo = SignerInfo.getInstance(seqSignedInfo);
	ASN1Set authenticatedAttributes = signedInfo.getAuthenticatedAttributes();

	boolean found = false;
	for (int i = 0; i < authenticatedAttributes.size(); i++) {
		ASN1Sequence authAttrSeq = ASN1Sequence.getInstance(authenticatedAttributes.getObjectAt(i));
		ASN1ObjectIdentifier attrOid = ASN1ObjectIdentifier.getInstance(authAttrSeq.getObjectAt(0));
		if (PKCSObjectIdentifiers.id_aa_ets_contentTimestamp.equals(attrOid)) {
			found = true;
		}
	}
	assertTrue(found);

	SignedDocumentValidator validator = SignedDocumentValidator.fromDocument(new FileDocument(file));
	validator.setCertificateVerifier(new CommonCertificateVerifier());

	Reports reports = validator.validateDocument();
	// reports.print();

	DiagnosticData diagnosticData = reports.getDiagnosticData();
	List<String> timestampIdList = diagnosticData.getTimestampIdList(diagnosticData.getFirstSignatureId());
	assertTrue(Utils.isCollectionNotEmpty(timestampIdList));

	boolean foundContentTimestamp = false;
	for (String timestampId : timestampIdList) {
		String timestampType = diagnosticData.getTimestampType(timestampId);
		if (TimestampType.CONTENT_TIMESTAMP.name().equals(timestampType)) {
			foundContentTimestamp = true;
		}
	}
	assertTrue(foundContentTimestamp);

	Utils.closeQuietly(asn1sInput);
	Utils.closeQuietly(fis);
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
/**
 * Replace the signerinformation store associated with this
 * CMSSignedData object with the new one passed in. You would
 * probably only want to do this if you wanted to change the unsigned 
 * attributes associated with a signer, or perhaps delete one.
 * 
 * @param signedData the signed data object to be used as a base.
 * @param signerInformationStore the new signer information store to use.
 * @return a new signed data object.
 */
public static CMSSignedData replaceSigners(
    CMSSignedData           signedData,
    SignerInformationStore  signerInformationStore)
{
    //
    // copy
    //
    CMSSignedData   cms = new CMSSignedData(signedData);
    
    //
    // replace the store
    //
    cms.signerInfoStore = signerInformationStore;

    //
    // replace the signers in the SignedData object
    //
    ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
    ASN1EncodableVector vec = new ASN1EncodableVector();
    
    Iterator    it = signerInformationStore.getSigners().iterator();
    while (it.hasNext())
    {
        SignerInformation signer = (SignerInformation)it.next();
        digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
        vec.add(signer.toASN1Structure());
    }

    ASN1Set             digests = new DERSet(digestAlgs);
    ASN1Set             signers = new DERSet(vec);
    ASN1Sequence        sD = (ASN1Sequence)signedData.signedData.toASN1Primitive();

    vec = new ASN1EncodableVector();
    
    //
    // signers are the last item in the sequence.
    //
    vec.add(sD.getObjectAt(0)); // version
    vec.add(digests);

    for (int i = 2; i != sD.size() - 1; i++)
    {
        vec.add(sD.getObjectAt(i));
    }
    
    vec.add(signers);
    
    cms.signedData = SignedData.getInstance(new BERSequence(vec));
    
    //
    // replace the contentInfo with the new one
    //
    cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
    
    return cms;
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
/**
 * Constructs DVCRequest from CMS SignedData object.
 *
 * @param signedData the CMS SignedData object containing the request
 * @throws DVCSConstructionException
 */
public DVCSRequest(CMSSignedData signedData)
    throws DVCSConstructionException
{
    this(SignedData.getInstance(signedData.toASN1Structure().getContent()).getEncapContentInfo());
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
/**
 * Constructs DVCRequest from CMS SignedData object.
 *
 * @param signedData the CMS SignedData object containing the request
 * @throws org.bouncycastle.dvcs.DVCSConstructionException
 */
public DVCSResponse(CMSSignedData signedData)
    throws DVCSConstructionException
{
    this(SignedData.getInstance(signedData.toASN1Structure().getContent()).getEncapContentInfo());
}
 

import org.bouncycastle.asn1.cms.SignedData; //导入依赖的package包/类
/**
 * 1) The SignedData.encapContentInfo.eContentType.
 *
 * @param cmsSignedData
 * @return cmsSignedData.getSignedContentTypeOID() as DER encoded
 */
private byte[] getEncodedContentType(final CMSSignedData cmsSignedData) {
	final ContentInfo contentInfo = cmsSignedData.toASN1Structure();
	final SignedData signedData = SignedData.getInstance(contentInfo.getContent());
	return DSSASN1Utils.getDEREncoded(signedData.getEncapContentInfo().getContentType());
}