Example 16 with CMSException
use of org.bouncycastle.cms.CMSException in project signer by demoiselle.
the class CAdESSigner method check.
/**
* Validation is done only on digital signatures with a single signer. Valid
* only with content of type DATA.: OID ContentType 1.2.840.113549.1.9.3 =
* OID Data 1.2.840.113549.1.7.1
*
* @params content Is only necessary to inform if the PKCS7 package is NOT
* ATTACHED type. If it is of type attached, this parameter will be
* replaced by the contents of the PKCS7 package.
* @params signedData Value in bytes of the PKCS7 package, such as the
* contents of a ".p7s" file. It is not only signature as in the
* case of PKCS1.
*/
@SuppressWarnings("unchecked")
// TODO: Implementar validação de co-assinaturas
@Override
@Deprecated
public boolean check(byte[] content, byte[] signedData) throws SignerException {
Security.addProvider(new BouncyCastleProvider());
CMSSignedData cmsSignedData = null;
try {
if (content == null) {
if (this.checkHash) {
cmsSignedData = new CMSSignedData(this.hashes, signedData);
this.checkHash = false;
} else {
cmsSignedData = new CMSSignedData(signedData);
}
} else {
cmsSignedData = new CMSSignedData(new CMSProcessableByteArray(content), signedData);
}
} catch (CMSException ex) {
throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), ex);
}
// Quantidade inicial de assinaturas validadas
int verified = 0;
Store<?> certStore = cmsSignedData.getCertificates();
SignerInformationStore signers = cmsSignedData.getSignerInfos();
Iterator<?> it = signers.getSigners().iterator();
// Realização da verificação básica de todas as assinaturas
while (it.hasNext()) {
try {
SignerInformation signer = (SignerInformation) it.next();
SignerInformationStore s = signer.getCounterSignatures();
SignatureInformations si = new SignatureInformations();
logger.info("Foi(ram) encontrada(s) " + s.size() + " contra-assinatura(s).");
Collection<?> certCollection = certStore.getMatches(signer.getSID());
Iterator<?> certIt = certCollection.iterator();
X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
X509Certificate varCert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
PeriodValidator pV = new PeriodValidator();
try {
pV.validate(varCert);
} catch (CertificateValidatorException cve) {
si.getValidatorErrors().add(cve.getMessage());
}
CRLValidator cV = new CRLValidator();
try {
cV.validate(varCert);
} catch (CertificateValidatorCRLException cvce) {
si.getValidatorErrors().add(cvce.getMessage());
}
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificateHolder))) {
verified++;
logger.info(cadesMessagesBundle.getString("info.signature.valid.seq", verified));
}
// Realiza a verificação dos atributos assinados
logger.info(cadesMessagesBundle.getString("info.signed.attribute"));
AttributeTable signedAttributes = signer.getSignedAttributes();
if ((signedAttributes == null) || (signedAttributes != null && signedAttributes.size() == 0)) {
throw new SignerException(cadesMessagesBundle.getString("error.signed.attribute.table.not.found"));
}
// Realiza a verificação dos atributos não assinados
logger.info(cadesMessagesBundle.getString("info.unsigned.attribute"));
AttributeTable unsignedAttributes = signer.getUnsignedAttributes();
if ((unsignedAttributes == null) || (unsignedAttributes != null && unsignedAttributes.size() == 0)) {
logger.info(cadesMessagesBundle.getString("error.unsigned.attribute.table.not.found"));
}
// Mostra data e hora da assinatura, não é carimbo de tempo
Attribute signingTime = signedAttributes.get(CMSAttributes.signingTime);
Date dataHora = null;
if (signingTime != null) {
dataHora = (((ASN1UTCTime) signingTime.getAttrValues().getObjectAt(0)).getDate());
logger.info(cadesMessagesBundle.getString("info.date.utc", dataHora));
} else {
logger.info(cadesMessagesBundle.getString("info.date.utc", "N/D"));
}
logger.info(cadesMessagesBundle.getString("info.attribute.validation"));
// Valida o atributo ContentType
Attribute attributeContentType = signedAttributes.get(CMSAttributes.contentType);
if (attributeContentType == null) {
throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "ContentType"));
}
if (!attributeContentType.getAttrValues().getObjectAt(0).equals(ContentInfo.data)) {
throw new SignerException(cadesMessagesBundle.getString("error.content.not.data"));
}
// Validando o atributo MessageDigest
Attribute attributeMessageDigest = signedAttributes.get(CMSAttributes.messageDigest);
if (attributeMessageDigest == null) {
throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "MessageDigest"));
}
// Validando o atributo MessageDigest
Attribute idSigningPolicy = null;
idSigningPolicy = signedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId.getId()));
if (idSigningPolicy == null) {
throw new SignerException(cadesMessagesBundle.getString("error.pcks7.attribute.not.found", "idSigningPolicy"));
}
// Verificando timeStamp
try {
Attribute attributeTimeStamp = null;
attributeTimeStamp = unsignedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()));
if (attributeTimeStamp != null) {
byte[] varSignature = signer.getSignature();
Timestamp varTimeStampSigner = validateTimestamp(attributeTimeStamp, varSignature);
si.setTimeStampSigner(varTimeStampSigner);
}
} catch (Exception ex) {
// nas assinaturas feitas na applet o unsignedAttributes.get gera exceção.
}
LinkedList<X509Certificate> varChain = (LinkedList<X509Certificate>) CAManager.getInstance().getCertificateChain(varCert);
si.setSignDate(dataHora);
si.setChain(varChain);
si.setSignaturePolicy(signaturePolicy);
this.getSignatureInfo().add(si);
} catch (OperatorCreationException | java.security.cert.CertificateException ex) {
throw new SignerException(ex);
} catch (CMSException ex) {
// When file is mismatch with sign
if (ex instanceof CMSSignerDigestMismatchException)
throw new SignerException(cadesMessagesBundle.getString("error.signature.mismatch"), ex);
else
throw new SignerException(cadesMessagesBundle.getString("error.signature.invalid"), ex);
} catch (ParseException e) {
throw new SignerException(e);
}
}
logger.info(cadesMessagesBundle.getString("info.signature.verified", verified));
// TODO Efetuar o parsing da estrutura CMS
return true;
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
SignedOrUnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime)
SignerInformation(org.bouncycastle.cms.SignerInformation)
CertificateException(java.security.cert.CertificateException)
CRLValidator(org.demoiselle.signer.core.validator.CRLValidator)
Timestamp(org.demoiselle.signer.timestamp.Timestamp)
SignatureInformations(org.demoiselle.signer.policy.impl.cades.SignatureInformations)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
PeriodValidator(org.demoiselle.signer.core.validator.PeriodValidator)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CertificateTrustPoint(org.demoiselle.signer.policy.engine.asn1.etsi.CertificateTrustPoint)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException)
CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException)
ParseException(java.text.ParseException)
TSPException(org.bouncycastle.tsp.TSPException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CMSException(org.bouncycastle.cms.CMSException)
CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException)
CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
LinkedList(java.util.LinkedList)
CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ParseException(java.text.ParseException)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
CMSException(org.bouncycastle.cms.CMSException)
Example 17 with CMSException
use of org.bouncycastle.cms.CMSException in project signer by demoiselle.
the class CAdESSigner method getAttached.
/**
* Extracts the signed content from the digital signature structure, if it
* is a signature with attached content.
*
* @param signed
* Signature and signed content.
* @param validateOnExtract
* TRUE (to execute validation) or FALSE (not execute validation)
*
* @return content for attached signature
*/
@Override
public byte[] getAttached(byte[] signed, boolean validateOnExtract) {
byte[] result = null;
if (validateOnExtract) {
this.check(null, signed);
}
CMSSignedData signedData = null;
try {
signedData = new CMSSignedData(signed);
} catch (CMSException exception) {
throw new SignerException(cadesMessagesBundle.getString("error.invalid.bytes.pkcs7"), exception);
}
try {
CMSProcessable contentProcessable = signedData.getSignedContent();
if (contentProcessable != null) {
result = (byte[]) contentProcessable.getContent();
}
} catch (Exception exception) {
throw new SignerException(cadesMessagesBundle.getString("error.get.content.pkcs7"), exception);
}
return result;
}
Also used :
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException)
CertificateValidatorException(org.demoiselle.signer.core.exception.CertificateValidatorException)
ParseException(java.text.ParseException)
TSPException(org.bouncycastle.tsp.TSPException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CMSException(org.bouncycastle.cms.CMSException)
CertificateValidatorCRLException(org.demoiselle.signer.core.exception.CertificateValidatorCRLException)
CMSSignerDigestMismatchException(org.bouncycastle.cms.CMSSignerDigestMismatchException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
CMSException(org.bouncycastle.cms.CMSException)
Example 18 with CMSException
use of org.bouncycastle.cms.CMSException in project signer by demoiselle.
the class CAdESSigner method validateTimestamp.
/**
* validade a timestampo on signature
* @param attributeTimeStamp
* @param varSignature
* @return
*/
@Deprecated
private Timestamp validateTimestamp(Attribute attributeTimeStamp, byte[] varSignature) {
try {
TimeStampOperator timeStampOperator = new TimeStampOperator();
byte[] varTimeStamp = attributeTimeStamp.getAttrValues().getObjectAt(0).toASN1Primitive().getEncoded();
TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(varTimeStamp));
Timestamp timeStampSigner = new Timestamp(timeStampToken);
timeStampOperator.validate(varSignature, varTimeStamp, null);
return timeStampSigner;
} catch (CertificateCoreException | IOException | TSPException | CMSException e) {
throw new SignerException(e);
}
}
Also used :
TimeStampOperator(org.demoiselle.signer.timestamp.connector.TimeStampOperator)
IOException(java.io.IOException)
TSPException(org.bouncycastle.tsp.TSPException)
TimeStampToken(org.bouncycastle.tsp.TimeStampToken)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
Timestamp(org.demoiselle.signer.timestamp.Timestamp)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException)
CMSException(org.bouncycastle.cms.CMSException)
Example 19 with CMSException
use of org.bouncycastle.cms.CMSException in project signer by demoiselle.
the class TimeStampOperator method validate.
/**
* Validate a time stamp
*
* @param content if it is assigned, the parameter hash must to be null
* @param timeStamp timestamp to be validated
* @param hash if it is assigned, the parameter content must to be null
* @throws CertificateCoreException validate exception
*/
@SuppressWarnings("unchecked")
public void validate(byte[] content, byte[] timeStamp, byte[] hash) throws CertificateCoreException {
try {
TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(timeStamp));
CMSSignedData s = timeStampToken.toCMSSignedData();
int verified = 0;
Store<?> certStore = s.getCertificates();
SignerInformationStore signers = s.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
Iterator<SignerInformation> it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = it.next();
Collection<?> certCollection = certStore.getMatches(signer.getSID());
Iterator<?> certIt = certCollection.iterator();
X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
verified++;
}
cert.getExtension(new ASN1ObjectIdentifier("2.5.29.31")).getExtnValue();
}
logger.info(timeStampMessagesBundle.getString("info.signature.verified", verified));
// Valida o hash incluso no carimbo de tempo com hash do arquivo carimbado
byte[] calculatedHash = null;
if (content != null) {
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
calculatedHash = digest.digest(content);
} else {
calculatedHash = hash;
}
if (Arrays.equals(calculatedHash, timeStampToken.getTimeStampInfo().getMessageImprintDigest())) {
logger.info(timeStampMessagesBundle.getString("info.timestamp.hash.ok"));
} else {
throw new CertificateCoreException(timeStampMessagesBundle.getString("info.timestamp.hash.nok"));
}
} catch (TSPException | IOException | CMSException | OperatorCreationException | CertificateException ex) {
throw new CertificateCoreException(ex.getMessage());
}
}
Also used :
Digest(org.demoiselle.signer.cryptography.Digest)
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CertificateCoreException(org.demoiselle.signer.core.exception.CertificateCoreException)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
TSPException(org.bouncycastle.tsp.TSPException)
TimeStampToken(org.bouncycastle.tsp.TimeStampToken)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
CMSException(org.bouncycastle.cms.CMSException)
Example 20 with CMSException
use of org.bouncycastle.cms.CMSException in project nhin-d by DirectProject.
the class CreateSignedPKCS7 method create.
/**
* Creates a pcks7 file from the certificate and key files.
* @param anchorDir :The Directory where the .der files are present.
* @param createFile : The .p7m File name.
* @param metaFile :One XML file as per required specification of TrustBundle metadata schema.
* @param p12certiFile : The .p12 file.
* @param passkey :Pass Key for the .p12 file if present or else it should be blank.
* @param destDir : The Destination folder where the output .p7m files will be created.
* * @return File : Returns the created SignedBundle as a .p7m file.
*/
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists, File p12certiFile, String passKey) {
File pkcs7File = null;
FileOutputStream outStr = null;
InputStream inStr = null;
try {
// Create the unsigned Trust Bundle
CreateUnSignedPKCS7 unSignedPKCS7 = new CreateUnSignedPKCS7();
File unsigned = unSignedPKCS7.create(anchorDir, createFile, metaFile, metaExists);
byte[] unsignedByte = loadFileData(unsigned);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
CMSSignedData unsignedData = new CMSSignedData(unsignedByte);
// Create the certificate array
KeyStore ks = java.security.KeyStore.getInstance("PKCS12", "BC");
ks.load(new FileInputStream(p12certiFile), defaultPwd.toCharArray());
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
if (ks.getKey(alias, defaultPwd.toCharArray()) != null && ks.getKey(alias, defaultPwd.toCharArray()) instanceof PrivateKey) {
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build((PrivateKey) ks.getKey(alias, defaultPwd.toCharArray()));
X509CertificateHolder holder = new X509CertificateHolder(ks.getCertificate(alias).getEncoded());
certList.add((X509Certificate) ks.getCertificate(alias));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, holder));
}
}
Store certStores = new JcaCertStore(certList);
gen.addCertificates(certStores);
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(unsignedData.getEncoded()), true);
//SignedData encapInfo = SignedData.getInstance(sigData.getContentInfo().getContent());
pkcs7File = getPKCS7OutFile(createFile);
outStr = new FileOutputStream(pkcs7File);
outStr.write(sigData.getEncoded());
} catch (CMSException e) {
// e.printStackTrace(System.err);
return null;
} catch (IOException e) {
// e.printStackTrace(System.err);
return null;
} catch (KeyStoreException e) {
// e.printStackTrace(System.err);
return null;
} catch (NoSuchProviderException e) {
// e.printStackTrace(System.err);
return null;
} catch (NoSuchAlgorithmException e) {
// e.printStackTrace(System.err);
return null;
} catch (CertificateException e) {
// e.printStackTrace(System.err);
return null;
} catch (UnrecoverableKeyException e) {
// e.printStackTrace(System.err);
return null;
} catch (OperatorCreationException e) {
// e.printStackTrace(System.err);
return null;
} catch (Exception e) {
// e.printStackTrace(System.err);
return null;
} finally {
IOUtils.closeQuietly(outStr);
IOUtils.closeQuietly(inStr);
}
return pkcs7File;
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
PrivateKey(java.security.PrivateKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
Store(org.bouncycastle.util.Store)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
KeyStore(java.security.KeyStore)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
FileOutputStream(java.io.FileOutputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
NoSuchProviderException(java.security.NoSuchProviderException)
File(java.io.File)
CMSException(org.bouncycastle.cms.CMSException)
Aggregations
CMSException (org.bouncycastle.cms.CMSException)41
CMSSignedData (org.bouncycastle.cms.CMSSignedData)30
IOException (java.io.IOException)28
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)19
X509Certificate (java.security.cert.X509Certificate)18
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)14
CMSSignedDataGenerator (org.bouncycastle.cms.CMSSignedDataGenerator)14
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)13
CertificateEncodingException (java.security.cert.CertificateEncodingException)11
CertificateException (java.security.cert.CertificateException)10
SignerInformation (org.bouncycastle.cms.SignerInformation)9
CMSAbsentContent (org.bouncycastle.cms.CMSAbsentContent)8
SignerInformationStore (org.bouncycastle.cms.SignerInformationStore)8
InputStream (java.io.InputStream)7
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)7
TSPException (org.bouncycastle.tsp.TSPException)7
CertificateCoreException (org.demoiselle.signer.core.exception.CertificateCoreException)7
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6
Attribute (org.bouncycastle.asn1.cms.Attribute)6
CMSTypedData (org.bouncycastle.cms.CMSTypedData)6
