Example 6 with CMSSignedData
use of org.bouncycastle.cms.CMSSignedData in project nhin-d by DirectProject.
the class SplitProviderDirectSignedDataGenerator_generateTest method testGenerate_sameDefaultSigAndDigestProvider_assertGenerated.
public void testGenerate_sameDefaultSigAndDigestProvider_assertGenerated() throws Exception {
final SplitProviderDirectSignedDataGenerator gen = new SplitProviderDirectSignedDataGenerator("", "");
setupSigningInfo(gen);
// create the content
final MimeBodyPart signedContent = new MimeBodyPart();
signedContent.addHeader("To:", "me@you.com");
signedContent.addHeader("From", "test.test.com");
signedContent.setText("Some Text To Sign");
final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
final CMSSignedData signedData = gen.generate(content);
validateSignature(signedData);
}
Also used :
SplitProviderDirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
Example 7 with CMSSignedData
use of org.bouncycastle.cms.CMSSignedData in project robovm by robovm.
the class ProvisioningProfile method create.
private static ProvisioningProfile create(File file) {
InputStream in = null;
try {
in = new BufferedInputStream(new FileInputStream(file));
CMSSignedData data = new CMSSignedData(in);
byte[] content = (byte[]) data.getSignedContent().getContent();
NSDictionary dict = (NSDictionary) PropertyListParser.parse(content);
return new ProvisioningProfile(file, dict);
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
IOUtils.closeQuietly(in);
}
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
BufferedInputStream(java.io.BufferedInputStream)
FileInputStream(java.io.FileInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
NSDictionary(com.dd.plist.NSDictionary)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
FileInputStream(java.io.FileInputStream)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 8 with CMSSignedData
use of org.bouncycastle.cms.CMSSignedData in project pdfbox by apache.
the class CreateEmbeddedTimeStamp method processRelevantSignatures.
/**
* Create changed Signature with embedded TimeStamp from TSA
*
* @param documentBytes byte[] of the input file
* @throws IOException
* @throws CMSException
* @throws NoSuchAlgorithmException
*/
private void processRelevantSignatures(byte[] documentBytes) throws IOException, CMSException, NoSuchAlgorithmException {
getRelevantSignature(document);
if (signature != null) {
byte[] sigBlock = signature.getContents(documentBytes);
CMSSignedData signedData = new CMSSignedData(sigBlock);
System.out.println("INFO: Byte Range: " + Arrays.toString(signature.getByteRange()));
if (tsaUrl != null && tsaUrl.length() > 0) {
ValidationTimeStamp validation = new ValidationTimeStamp(tsaUrl);
signedData = validation.addSignedTimeStamp(signedData);
}
byte[] newEncoded = Hex.getBytes(signedData.getEncoded());
int maxSize = signature.getByteRange()[2] - signature.getByteRange()[1];
System.out.println("INFO: New Signature has Size: " + newEncoded.length + " maxSize: " + maxSize);
if (newEncoded.length > maxSize - 2) {
throw new IOException("New Signature is too big for existing Signature-Placeholder. Max Place: " + maxSize);
} else {
changedEncodedSignature = newEncoded;
}
}
}
Also used :
IOException(java.io.IOException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
Example 9 with CMSSignedData
use of org.bouncycastle.cms.CMSSignedData in project pdfbox by apache.
the class CreateSignatureBase method sign.
/**
* SignatureInterface implementation.
*
* This method will be called from inside of the pdfbox and create the PKCS #7 signature.
* The given InputStream contains the bytes that are given by the byte range.
*
* This method is for internal use only.
*
* Use your favorite cryptographic library to implement PKCS #7 signature creation.
*
* @throws IOException
*/
@Override
public byte[] sign(InputStream content) throws IOException {
// cannot be done private (interface)
try {
List<Certificate> certList = new ArrayList<>();
certList.addAll(Arrays.asList(certificateChain));
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate.getInstance(certificateChain[0].getEncoded());
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, new X509CertificateHolder(cert)));
gen.addCertificates(certs);
CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
CMSSignedData signedData = gen.generate(msg, false);
if (tsaUrl != null && tsaUrl.length() > 0) {
ValidationTimeStamp validation = new ValidationTimeStamp(tsaUrl);
signedData = validation.addSignedTimeStamp(signedData);
}
return signedData.getEncoded();
} catch (GeneralSecurityException | CMSException | OperatorCreationException e) {
throw new IOException(e);
}
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
Store(org.bouncycastle.util.Store)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
KeyStore(java.security.KeyStore)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
IOException(java.io.IOException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
CMSException(org.bouncycastle.cms.CMSException)
Example 10 with CMSSignedData
use of org.bouncycastle.cms.CMSSignedData in project pdfbox by apache.
the class ShowSignature method verifyPKCS7.
/**
* Verify a PKCS7 signature.
*
* @param byteArray the byte sequence that has been signed
* @param contents the /Contents field as a COSString
* @param sig the PDF signature (the /V dictionary)
* @throws CertificateException
* @throws CMSException
* @throws StoreException
* @throws OperatorCreationException
*/
private void verifyPKCS7(byte[] byteArray, COSString contents, PDSignature sig) throws CMSException, CertificateException, StoreException, OperatorCreationException, NoSuchAlgorithmException, NoSuchProviderException {
// inspiration:
// http://stackoverflow.com/a/26702631/535646
// http://stackoverflow.com/a/9261365/535646
CMSProcessable signedContent = new CMSProcessableByteArray(byteArray);
CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes());
Store<X509CertificateHolder> certificatesStore = signedData.getCertificates();
Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
SignerInformation signerInformation = signers.iterator().next();
Collection<X509CertificateHolder> matches = certificatesStore.getMatches(signerInformation.getSID());
X509CertificateHolder certificateHolder = matches.iterator().next();
X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder);
System.out.println("certFromSignedData: " + certFromSignedData);
certFromSignedData.checkValidity(sig.getSignDate().getTime());
if (isSelfSigned(certFromSignedData)) {
System.err.println("Certificate is self-signed, LOL!");
} else {
System.out.println("Certificate is not self-signed");
// todo rest of chain
}
if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certFromSignedData))) {
System.out.println("Signature verified");
} else {
System.out.println("Signature verification failed");
}
}
Also used :
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
CMSSignedData (org.bouncycastle.cms.CMSSignedData)68
X509Certificate (java.security.cert.X509Certificate)32
IOException (java.io.IOException)31
CMSException (org.bouncycastle.cms.CMSException)31
CMSSignedDataGenerator (org.bouncycastle.cms.CMSSignedDataGenerator)22
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)20
SignerInformation (org.bouncycastle.cms.SignerInformation)19
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)17
ArrayList (java.util.ArrayList)16
JcaCertStore (org.bouncycastle.cert.jcajce.JcaCertStore)15
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)15
ByteArrayInputStream (java.io.ByteArrayInputStream)13
SignerInformationStore (org.bouncycastle.cms.SignerInformationStore)12
JcaSignerInfoGeneratorBuilder (org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)12
CertificateException (java.security.cert.CertificateException)9
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)9
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)9
ContentSigner (org.bouncycastle.operator.ContentSigner)9
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)9
