Example 11 with SignerInformation
use of org.bouncycastle.cms.SignerInformation in project serverless by bluenimble.
the class VerifyDocument method main.
public static void main(String[] args) throws IOException, CertificateException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException, CertStoreException, CMSException, OperatorCreationException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
File f = new File("Signed.pk7");
byte[] buffer = new byte[(int) f.length()];
DataInputStream in = new DataInputStream(new FileInputStream(f));
in.readFully(buffer);
in.close();
CMSSignedData signature = new CMSSignedData(buffer);
SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
// Added below
Store<?> cs = signature.getCertificates();
Collection<?> matches = cs.getMatches(signer.getSID());
Iterator<?> iter = matches.iterator();
// CertStore cs = signature.getCertificatesAndCRLs ("Collection", "BC");
// Iterator<? extends Certificate> iter = cs.getCertificates (signer.getSID ()).iterator ();
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter.setProvider("BC");
X509Certificate certificate = converter.getCertificate((X509CertificateHolder) iter.next());
CMSProcessable sc = signature.getSignedContent();
byte[] data = (byte[]) sc.getContent();
// Verify the signature
// System.out.println (signer.verify (certificate, "BC"));
System.out.println(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate));
FileOutputStream envfos = new FileOutputStream("Verified.txt");
envfos.write(data);
envfos.close();
}
Also used :
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
DataInputStream(java.io.DataInputStream)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
Example 12 with SignerInformation
use of org.bouncycastle.cms.SignerInformation in project serverless by bluenimble.
the class DefaultSigner method verify.
// Updated
@Override
public void verify(SecureDocument doc, CertificateAcceptor acceptor) throws SignerException {
try {
if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
SignatureAware signed = (SignatureAware) doc;
byte[] signature = signed.getSignature();
if (signature == null) {
throw new SignerException("Signature not found in document");
}
Key key = signed.getKey();
if (key == null) {
throw new SignerException("Secret key not found in document");
}
sign(doc, key, null);
byte[] expected = ((SignatureAware) doc).getSignature();
if (!equals(signature, expected)) {
throw new SignerException("Invalid signature");
}
} else {
CMSSignedData signature = new CMSSignedData(doc.getBytes());
SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
// CertStore cs = signature.getCertificatesAndCRLs ("Collection", "BC"); //TODO : base Store returning method
Store<?> cs = signature.getCertificates();
Collection<?> matches = cs.getMatches(signer.getSID());
Iterator<?> iter = matches.iterator();
while (iter.hasNext()) {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter.setProvider("BC");
X509Certificate cert = converter.getCertificate((X509CertificateHolder) iter.next());
if (acceptor != null && !acceptor.accept(cert)) {
throw new SignerException("Invalid Signing Certificate, Not Accepted");
}
if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
throw new SignerException("Invalid signature");
}
}
CMSProcessable sc = signature.getSignedContent();
doc.setBytes((byte[]) sc.getContent());
}
} catch (Throwable th) {
throw new SignerException(th, th.getMessage());
}
}
Also used :
SignatureAware(com.bluenimble.platform.crypto.SignatureAware)
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
SignerException(com.bluenimble.platform.crypto.signer.SignerException)
StringKey(com.bluenimble.platform.crypto.signer.StringKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
Example 13 with SignerInformation
use of org.bouncycastle.cms.SignerInformation in project zm-mailbox by Zimbra.
the class DataSignerTest method testSignData.
@Test
public void testSignData() {
try {
String serverdir = MailboxTestUtil.getZimbraServerDir("");
FileInputStream p12Stream = new FileInputStream(serverdir + "data/unittest/certificate/sign1_digitalid.p12");
char[] expPass = "test123export".toCharArray();
byte[] certBytes = ByteStreams.toByteArray(p12Stream);
byte[] signedData = DataSigner.signData("hello world".getBytes(), certBytes, expPass);
// validate signed data
ByteArrayInputStream inputStream = new ByteArrayInputStream(signedData);
try (ASN1InputStream asnInputStream = new ASN1InputStream(inputStream)) {
CMSSignedData cmsSignedData = new CMSSignedData(ContentInfo.getInstance(asnInputStream.readObject()));
Store certs = cmsSignedData.getCertificates();
SignerInformationStore signers = cmsSignedData.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
Iterator<SignerInformation> it = c.iterator();
SignerInformation signer = it.next();
Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());
X509CertificateHolder certHolder = certCollection.iterator().next();
boolean verify = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));
Assert.assertTrue(verify);
}
} catch (Exception e) {
e.printStackTrace();
fail("data sign test failed");
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
Store(org.bouncycastle.util.Store)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
FileInputStream(java.io.FileInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
Test(org.junit.Test)
Example 14 with SignerInformation
use of org.bouncycastle.cms.SignerInformation in project nhin-d by DirectProject.
the class CryptoExtensions method findSignerByCert.
/**
* Searches CMS signed data for a specific X509 certificate.
* @param signedData The signed data to search.
* @param name The certificate to search for in the signed data.
* @return A pair consisting of the singer's X509 certificated and signer information that matches the provided certificate. Returns
* null if a signer matching the name cannot be found in the signed data.
*/
public static SignerCertPair findSignerByCert(CMSSignedData signedData, X509Certificate searchCert) {
if (searchCert == null) {
throw new IllegalArgumentException();
}
try {
SignerInformationStore signers = signedData.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
for (SignerInformation signer : c) {
//signer.getSID().
SignerId signerId = signer.getSID();
if (signerId.getIssuer().equals(searchCert.getIssuerX500Principal()) && signerId.getSerialNumber().equals(searchCert.getSerialNumber())) {
return new SignerCertPair(signer, searchCert);
}
}
} catch (Exception e) {
}
return null;
}
Also used :
SignerCertPair(org.nhindirect.trustbundle.cert.SignerCertPair)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
SignerId(org.bouncycastle.cms.SignerId)
SignerInformation(org.bouncycastle.cms.SignerInformation)
CertificateParsingException(java.security.cert.CertificateParsingException)
CertificateException(java.security.cert.CertificateException)
Example 15 with SignerInformation
use of org.bouncycastle.cms.SignerInformation in project nhin-d by DirectProject.
the class CryptoExtensions method findSignersByName.
/**
* Searches CMS signed data for a given email name. Signed data may consist of multiple signatures either from the same subject of from multiple
* subjects.
* @param signedData The signed data to search.
* @param name The name to search for in the list of signers.
* @param excludeNames A list of names to exclude from the list. Because the search uses a simple "contains" search, it is possible for the name parameter
* to be a substring of what is requested. The excludeNames contains a super string of the name to remove unwanted names from the returned list. This parameter
* may be null;
* @return A colllection of pairs consisting of the singer's X509 certificated and signer information that matches the provided name. Returns
* an empty collection if a signer matching the name cannot be found in the signed data.
*/
public static Collection<SignerCertPair> findSignersByName(CMSSignedData signedData, String name, Collection<String> excludeNames) {
if (name == null || name.length() == 0) {
throw new IllegalArgumentException();
}
Collection<SignerCertPair> retVal = null;
try {
CertStore certs = signedData.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
SignerInformationStore signers = signedData.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
for (SignerInformation signer : c) {
Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
if (certCollection != null && certCollection.size() > 0) {
X509Certificate cert = (X509Certificate) certCollection.iterator().next();
if (certSubjectContainsName(cert, name)) {
boolean exclude = false;
// check if we need to exclude anything
if (excludeNames != null)
for (String excludeStr : excludeNames) if (certSubjectContainsName(cert, excludeStr)) {
exclude = true;
break;
}
if (exclude)
// break out and don't include this cert
continue;
if (retVal == null)
retVal = new ArrayList<SignerCertPair>();
retVal.add(new SignerCertPair(signer, convertToProfileProvidedCertImpl(cert)));
}
}
}
} catch (Throwable e) {
}
if (retVal == null)
return Collections.emptyList();
return retVal;
}
Also used :
SignerCertPair(org.nhindirect.trustbundle.cert.SignerCertPair)
ArrayList(java.util.ArrayList)
SignerInformation(org.bouncycastle.cms.SignerInformation)
X509Certificate(java.security.cert.X509Certificate)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
CertStore(java.security.cert.CertStore)
Aggregations
SignerInformation (org.bouncycastle.cms.SignerInformation)32
SignerInformationStore (org.bouncycastle.cms.SignerInformationStore)21
CMSSignedData (org.bouncycastle.cms.CMSSignedData)19
X509Certificate (java.security.cert.X509Certificate)17
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)13
JcaSimpleSignerInfoVerifierBuilder (org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)13
CMSException (org.bouncycastle.cms.CMSException)10
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)8
CertificateException (java.security.cert.CertificateException)7
Attribute (org.bouncycastle.asn1.cms.Attribute)7
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)7
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)7
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)7
IOException (java.io.IOException)6
ArrayList (java.util.ArrayList)6
Collection (java.util.Collection)6
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6
FileInputStream (java.io.FileInputStream)4
CertStore (java.security.cert.CertStore)4
Date (java.util.Date)4
