124 tsaURI = params.getTimestampingAuthority(); 125 if (tsaURI == null) { 126 // Examine TSA cert 127 tsaURI = getTimestampingURI( 128 params.getTimestampingAuthorityCertificate()); 129 if (tsaURI == null) { 130 throw new CertificateException( 131 "Subject Information Access extension not found"); 132 } 133 } 134 } 135 return PKCS7.generateSignedData(signature, signerChain, content, 136 params.getSignatureAlgorithm(), tsaURI, 137 params.getTSAPolicyID(), 138 params.getTSADigestAlg()); 139 } 140 141 /** 142 * Examine the certificate for a Subject Information Access extension 143 * (<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>). 144 * The extension's <tt>accessMethod</tt> field should contain the object 145 * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its 146 * <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL. 147 * 148 * @param tsaCertificate An X.509 certificate for the TSA. 149 * @return An HTTP or HTTPS URI or null if none was found. 150 */ 151 public static URI getTimestampingURI(X509Certificate tsaCertificate) { 152 153 if (tsaCertificate == null) { 154 return null; 155 } 156 // Parse the extensions 157 try { 158 byte[] extensionValue = 159 tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID); 160 if (extensionValue == null) { 161 return null; 162 } 163 DerInputStream der = new DerInputStream(extensionValue); 164 der = new DerInputStream(der.getOctetString()); 165 DerValue[] derValue = der.getSequence(5); 166 AccessDescription description; | 124 tsaURI = params.getTimestampingAuthority(); 125 if (tsaURI == null) { 126 // Examine TSA cert 127 tsaURI = getTimestampingURI( 128 params.getTimestampingAuthorityCertificate()); 129 if (tsaURI == null) { 130 throw new CertificateException( 131 "Subject Information Access extension not found"); 132 } 133 } 134 } 135 return PKCS7.generateSignedData(signature, signerChain, content, 136 params.getSignatureAlgorithm(), tsaURI, 137 params.getTSAPolicyID(), 138 params.getTSADigestAlg()); 139 } 140 141 /** 142 * Examine the certificate for a Subject Information Access extension 143 * (<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>). 144 * The extension's {@code accessMethod} field should contain the object 145 * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its 146 * {@code accessLocation} field should contain an HTTP or HTTPS URL. 147 * 148 * @param tsaCertificate An X.509 certificate for the TSA. 149 * @return An HTTP or HTTPS URI or null if none was found. 150 */ 151 public static URI getTimestampingURI(X509Certificate tsaCertificate) { 152 153 if (tsaCertificate == null) { 154 return null; 155 } 156 // Parse the extensions 157 try { 158 byte[] extensionValue = 159 tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID); 160 if (extensionValue == null) { 161 return null; 162 } 163 DerInputStream der = new DerInputStream(extensionValue); 164 der = new DerInputStream(der.getOctetString()); 165 DerValue[] derValue = der.getSequence(5); 166 AccessDescription description; |