Examples with CMSSignedData org.bouncycastle.cms.CMSSignedData used on opensource projects

Example 26 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project signer by demoiselle.

the class CAdESSigner method validateTimestamp.

/**
 *  validade a timestampo on signature
 * @param attributeTimeStamp
 * @param varSignature
 * @return
 */
@Deprecated
private Timestamp validateTimestamp(Attribute attributeTimeStamp, byte[] varSignature) {
    try {
        TimeStampOperator timeStampOperator = new TimeStampOperator();
        byte[] varTimeStamp = attributeTimeStamp.getAttrValues().getObjectAt(0).toASN1Primitive().getEncoded();
        TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(varTimeStamp));
        Timestamp timeStampSigner = new Timestamp(timeStampToken);
        timeStampOperator.validate(varSignature, varTimeStamp, null);
        return timeStampSigner;
    } catch (CertificateCoreException | IOException | TSPException | CMSException e) {
        throw new SignerException(e);
    }
}

Example 27 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project signer by demoiselle.

the class TimeStampOperator method validate.

/**
 * Validate a time stamp
 *
 * @param content if it is assigned, the parameter hash must to be null
 * @param timeStamp timestamp to be validated
 * @param hash if it is assigned, the parameter content must to be null
 * @throws CertificateCoreException validate exception
 */
@SuppressWarnings("unchecked")
public void validate(byte[] content, byte[] timeStamp, byte[] hash) throws CertificateCoreException {
    try {
        TimeStampToken timeStampToken = new TimeStampToken(new CMSSignedData(timeStamp));
        CMSSignedData s = timeStampToken.toCMSSignedData();
        int verified = 0;
        Store<?> certStore = s.getCertificates();
        SignerInformationStore signers = s.getSignerInfos();
        Collection<SignerInformation> c = signers.getSigners();
        Iterator<SignerInformation> it = c.iterator();
        while (it.hasNext()) {
            SignerInformation signer = it.next();
            Collection<?> certCollection = certStore.getMatches(signer.getSID());
            Iterator<?> certIt = certCollection.iterator();
            X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
            if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
                verified++;
            }
            cert.getExtension(new ASN1ObjectIdentifier("2.5.29.31")).getExtnValue();
        }
        logger.info(timeStampMessagesBundle.getString("info.signature.verified", verified));
        // Valida o hash  incluso no carimbo de tempo com hash do arquivo carimbado
        byte[] calculatedHash = null;
        if (content != null) {
            Digest digest = DigestFactory.getInstance().factoryDefault();
            digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
            calculatedHash = digest.digest(content);
        } else {
            calculatedHash = hash;
        }
        if (Arrays.equals(calculatedHash, timeStampToken.getTimeStampInfo().getMessageImprintDigest())) {
            logger.info(timeStampMessagesBundle.getString("info.timestamp.hash.ok"));
        } else {
            throw new CertificateCoreException(timeStampMessagesBundle.getString("info.timestamp.hash.nok"));
        }
    } catch (TSPException | IOException | CMSException | OperatorCreationException | CertificateException ex) {
        throw new CertificateCoreException(ex.getMessage());
    }
}

Example 28 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project serverless by bluenimble.

the class VerifyDocument method main.

public static void main(String[] args) throws IOException, CertificateException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException, CertStoreException, CMSException, OperatorCreationException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    File f = new File("Signed.pk7");
    byte[] buffer = new byte[(int) f.length()];
    DataInputStream in = new DataInputStream(new FileInputStream(f));
    in.readFully(buffer);
    in.close();
    CMSSignedData signature = new CMSSignedData(buffer);
    SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
    // Added below
    Store<?> cs = signature.getCertificates();
    Collection<?> matches = cs.getMatches(signer.getSID());
    Iterator<?> iter = matches.iterator();
    // CertStore cs = signature.getCertificatesAndCRLs ("Collection", "BC");
    // Iterator<? extends Certificate> iter = cs.getCertificates (signer.getSID ()).iterator ();
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    converter.setProvider("BC");
    X509Certificate certificate = converter.getCertificate((X509CertificateHolder) iter.next());
    CMSProcessable sc = signature.getSignedContent();
    byte[] data = (byte[]) sc.getContent();
    // Verify the signature
    // System.out.println (signer.verify (certificate, "BC"));
    System.out.println(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate));
    FileOutputStream envfos = new FileOutputStream("Verified.txt");
    envfos.write(data);
    envfos.close();
}

Example 29 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project serverless by bluenimble.

the class DefaultSigner method verify.

// Updated
@Override
public void verify(SecureDocument doc, CertificateAcceptor acceptor) throws SignerException {
    try {
        if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
            SignatureAware signed = (SignatureAware) doc;
            byte[] signature = signed.getSignature();
            if (signature == null) {
                throw new SignerException("Signature not found in document");
            }
            Key key = signed.getKey();
            if (key == null) {
                throw new SignerException("Secret key not found in document");
            }
            sign(doc, key, null);
            byte[] expected = ((SignatureAware) doc).getSignature();
            if (!equals(signature, expected)) {
                throw new SignerException("Invalid signature");
            }
        } else {
            CMSSignedData signature = new CMSSignedData(doc.getBytes());
            SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
            // CertStore cs = signature.getCertificatesAndCRLs ("Collection", "BC"); //TODO : base Store returning method
            Store<?> cs = signature.getCertificates();
            Collection<?> matches = cs.getMatches(signer.getSID());
            Iterator<?> iter = matches.iterator();
            while (iter.hasNext()) {
                JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
                converter.setProvider("BC");
                X509Certificate cert = converter.getCertificate((X509CertificateHolder) iter.next());
                if (acceptor != null && !acceptor.accept(cert)) {
                    throw new SignerException("Invalid Signing Certificate, Not Accepted");
                }
                if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
                    throw new SignerException("Invalid signature");
                }
            }
            CMSProcessable sc = signature.getSignedContent();
            doc.setBytes((byte[]) sc.getContent());
        }
    } catch (Throwable th) {
        throw new SignerException(th, th.getMessage());
    }
}

Example 30 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project zm-mailbox by Zimbra.

the class DataSignerTest method testSignData.

@Test
public void testSignData() {
    try {
        String serverdir = MailboxTestUtil.getZimbraServerDir("");
        FileInputStream p12Stream = new FileInputStream(serverdir + "data/unittest/certificate/sign1_digitalid.p12");
        char[] expPass = "test123export".toCharArray();
        byte[] certBytes = ByteStreams.toByteArray(p12Stream);
        byte[] signedData = DataSigner.signData("hello world".getBytes(), certBytes, expPass);
        // validate signed data
        ByteArrayInputStream inputStream = new ByteArrayInputStream(signedData);
        try (ASN1InputStream asnInputStream = new ASN1InputStream(inputStream)) {
            CMSSignedData cmsSignedData = new CMSSignedData(ContentInfo.getInstance(asnInputStream.readObject()));
            Store certs = cmsSignedData.getCertificates();
            SignerInformationStore signers = cmsSignedData.getSignerInfos();
            Collection<SignerInformation> c = signers.getSigners();
            Iterator<SignerInformation> it = c.iterator();
            SignerInformation signer = it.next();
            Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());
            X509CertificateHolder certHolder = certCollection.iterator().next();
            boolean verify = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));
            Assert.assertTrue(verify);
        }
    } catch (Exception e) {
        e.printStackTrace();
        fail("data sign test failed");
    }
}