Example 1 with CMSProcessable
use of org.bouncycastle.cms.CMSProcessable in project pdfbox by apache.
the class ShowSignature method verifyPKCS7.
/**
* Verify a PKCS7 signature.
*
* @param byteArray the byte sequence that has been signed
* @param contents the /Contents field as a COSString
* @param sig the PDF signature (the /V dictionary)
* @throws CertificateException
* @throws CMSException
* @throws StoreException
* @throws OperatorCreationException
*/
private void verifyPKCS7(byte[] byteArray, COSString contents, PDSignature sig) throws CMSException, CertificateException, StoreException, OperatorCreationException, NoSuchAlgorithmException, NoSuchProviderException {
// inspiration:
// http://stackoverflow.com/a/26702631/535646
// http://stackoverflow.com/a/9261365/535646
CMSProcessable signedContent = new CMSProcessableByteArray(byteArray);
CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes());
Store<X509CertificateHolder> certificatesStore = signedData.getCertificates();
Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
SignerInformation signerInformation = signers.iterator().next();
Collection<X509CertificateHolder> matches = certificatesStore.getMatches(signerInformation.getSID());
X509CertificateHolder certificateHolder = matches.iterator().next();
X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder);
System.out.println("certFromSignedData: " + certFromSignedData);
certFromSignedData.checkValidity(sig.getSignDate().getTime());
if (isSelfSigned(certFromSignedData)) {
System.err.println("Certificate is self-signed, LOL!");
} else {
System.out.println("Certificate is not self-signed");
// todo rest of chain
}
if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData))) {
System.out.println("Signature verified");
} else {
System.out.println("Signature verification failed");
}
}
Also used :
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with CMSProcessable
use of org.bouncycastle.cms.CMSProcessable in project signer by demoiselle.
the class CAdESChecker method getAttached.
/**
* Extracts the signed content from the digital signature structure, if it
* is a signature with attached content.
*
* @param signed
* Signature and signed content.
* @param validateOnExtract
* TRUE (to execute validation) or FALSE (not execute validation)
*
* @return content for attached signature
*/
@Override
public byte[] getAttached(byte[] signed, boolean validateOnExtract) {
byte[] result = null;
if (validateOnExtract) {
this.check(null, signed);
}
CMSSignedData signedData = null;
try {
signedData = new CMSSignedData(signed);
} catch (CMSException exception) {
throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), exception);
}
try {
CMSProcessable contentProcessable = signedData.getSignedContent();
if (contentProcessable != null) {
result = (byte[]) contentProcessable.getContent();
}
} catch (Exception exception) {
throw new SignerException(cadesMessagesBundle.getString("error.get.content.pkcs7"), exception);
}
return result;
}
Also used :
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException)
CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException)
ParseException(java.text.ParseException)
TSPException(org.bouncycastle.tsp.TSPException)
CMSException(org.bouncycastle.cms.CMSException)
CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException)
CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException)
IOException(java.io.IOException)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
CMSException(org.bouncycastle.cms.CMSException)
Example 3 with CMSProcessable
use of org.bouncycastle.cms.CMSProcessable in project signer by demoiselle.
the class CAdESSigner method getAttached.
/**
* Extracts the signed content from the digital signature structure, if it
* is a signature with attached content.
*
* @param signed
* Signature and signed content.
* @param validateOnExtract
* TRUE (to execute validation) or FALSE (not execute validation)
*
* @return content for attached signature
*/
@Override
public byte[] getAttached(byte[] signed, boolean validateOnExtract) {
byte[] result = null;
if (validateOnExtract) {
this.check(null, signed);
}
CMSSignedData signedData = null;
try {
signedData = new CMSSignedData(signed);
} catch (CMSException exception) {
throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), exception);
}
try {
CMSProcessable contentProcessable = signedData.getSignedContent();
if (contentProcessable != null) {
result = (byte[]) contentProcessable.getContent();
}
} catch (Exception exception) {
throw new SignerException(cadesMessagesBundle.getString("error.get.content.pkcs7"), exception);
}
return result;
}
Also used :
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException)
CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException)
ParseException(java.text.ParseException)
TSPException(org.bouncycastle.tsp.TSPException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CMSException(org.bouncycastle.cms.CMSException)
CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException)
CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
CMSException(org.bouncycastle.cms.CMSException)
Example 4 with CMSProcessable
use of org.bouncycastle.cms.CMSProcessable in project serverless by bluenimble.
the class VerifyDocument method main.
public static void main(String[] args) throws IOException, CertificateException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException, CertStoreException, CMSException, OperatorCreationException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
File f = new File("Signed.pk7");
byte[] buffer = new byte[(int) f.length()];
DataInputStream in = new DataInputStream(new FileInputStream(f));
in.readFully(buffer);
in.close();
CMSSignedData signature = new CMSSignedData(buffer);
SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
// Added below
Store<?> cs = signature.getCertificates();
Collection<?> matches = cs.getMatches(signer.getSID());
Iterator<?> iter = matches.iterator();
// CertStore cs = signature.getCertificatesAndCRLs ("Collection", "BC");
// Iterator<? extends Certificate> iter = cs.getCertificates (signer.getSID ()).iterator ();
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter.setProvider("BC");
X509Certificate certificate = converter.getCertificate((X509CertificateHolder) iter.next());
CMSProcessable sc = signature.getSignedContent();
byte[] data = (byte[]) sc.getContent();
// Verify the signature
// System.out.println (signer.verify (certificate, "BC"));
System.out.println(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate));
FileOutputStream envfos = new FileOutputStream("Verified.txt");
envfos.write(data);
envfos.close();
}
Also used :
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
DataInputStream(java.io.DataInputStream)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
Example 5 with CMSProcessable
use of org.bouncycastle.cms.CMSProcessable in project serverless by bluenimble.
the class DefaultSigner method verify.
// Updated
@Override
public void verify(SecureDocument doc, CertificateAcceptor acceptor) throws SignerException {
try {
if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
SignatureAware signed = (SignatureAware) doc;
byte[] signature = signed.getSignature();
if (signature == null) {
throw new SignerException("Signature not found in document");
}
Key key = signed.getKey();
if (key == null) {
throw new SignerException("Secret key not found in document");
}
sign(doc, key, null);
byte[] expected = ((SignatureAware) doc).getSignature();
if (!equals(signature, expected)) {
throw new SignerException("Invalid signature");
}
} else {
CMSSignedData signature = new CMSSignedData(doc.getBytes());
SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
// CertStore cs = signature.getCertificatesAndCRLs ("Collection", "BC"); //TODO : base Store returning method
Store<?> cs = signature.getCertificates();
Collection<?> matches = cs.getMatches(signer.getSID());
Iterator<?> iter = matches.iterator();
while (iter.hasNext()) {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter.setProvider("BC");
X509Certificate cert = converter.getCertificate((X509CertificateHolder) iter.next());
if (acceptor != null && !acceptor.accept(cert)) {
throw new SignerException("Invalid Signing Certificate, Not Accepted");
}
if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
throw new SignerException("Invalid signature");
}
}
CMSProcessable sc = signature.getSignedContent();
doc.setBytes((byte[]) sc.getContent());
}
} catch (Throwable th) {
throw new SignerException(th, th.getMessage());
}
}
Also used :
SignatureAware(com.bluenimble.platform.crypto.SignatureAware)
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
SignerException(com.bluenimble.platform.crypto.signer.SignerException)
StringKey(com.bluenimble.platform.crypto.signer.StringKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
Aggregations
CMSProcessable (org.bouncycastle.cms.CMSProcessable)7
CMSSignedData (org.bouncycastle.cms.CMSSignedData)7
X509Certificate (java.security.cert.X509Certificate)4
CMSException (org.bouncycastle.cms.CMSException)4
SignerInformation (org.bouncycastle.cms.SignerInformation)4
JcaSimpleSignerInfoVerifierBuilder (org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)4
IOException (java.io.IOException)3
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)3
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)3
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)3
PrivateKey (java.security.PrivateKey)2
CertificateException (java.security.cert.CertificateException)2
ParseException (java.text.ParseException)2
CMSSignerDigestMismatchException (org.bouncycastle.cms.CMSSignerDigestMismatchException)2
TSPException (org.bouncycastle.tsp.TSPException)2
CertificateCoreException (org.demoiselle.signer.core.exception.CertificateCoreException)2
CertificateValidatorCRLException (org.demoiselle.signer.core.exception.CertificateValidatorCRLException)2
CertificateValidatorException (org.demoiselle.signer.core.exception.CertificateValidatorException)2
SignerException (org.demoiselle.signer.policy.impl.cades.SignerException)2
SignatureAware (com.bluenimble.platform.crypto.SignatureAware)1
