Examples with SignerInformation - org.bouncycastle.cms.SignerInformation

Example 26 with SignerInformation

use of org.bouncycastle.cms.SignerInformation in project keystore-explorer by kaikramer.

the class JarSigner method addTimestamp.

private static CMSSignedData addTimestamp(String tsaUrl, CMSSignedData signedData) throws IOException {
    Collection<SignerInformation> signerInfos = signedData.getSignerInfos().getSigners();
    // get signature of first signer (should be the only one)
    SignerInformation si = signerInfos.iterator().next();
    byte[] signature = si.getSignature();
    // send request to TSA
    byte[] token = TimeStampingClient.getTimeStampToken(tsaUrl, signature, DigestType.SHA1);
    // create new SignerInformation with TS attribute
    Attribute tokenAttr = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(token)));
    ASN1EncodableVector timestampVector = new ASN1EncodableVector();
    timestampVector.add(tokenAttr);
    AttributeTable at = new AttributeTable(timestampVector);
    si = SignerInformation.replaceUnsignedAttributes(si, at);
    signerInfos.clear();
    signerInfos.add(si);
    SignerInformationStore newSignerStore = new SignerInformationStore(signerInfos);
    // create new signed data
    CMSSignedData newSignedData = CMSSignedData.replaceSigners(signedData, newSignerStore);
    return newSignedData;
}

Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) SignerInformation(org.bouncycastle.cms.SignerInformation) DERSet(org.bouncycastle.asn1.DERSet) CMSSignedData(org.bouncycastle.cms.CMSSignedData)

Example 27 with SignerInformation

use of org.bouncycastle.cms.SignerInformation in project pdfbox by apache.

the class ValidationTimeStamp method addSignedTimeStamp.

/**
 * Extend cms signed data with TimeStamp first or to all signers
 *
 * @param signedData Generated CMS signed data
 * @return CMSSignedData Extended CMS signed data
 * @throws IOException
 */
public CMSSignedData addSignedTimeStamp(CMSSignedData signedData) throws IOException {
    SignerInformationStore signerStore = signedData.getSignerInfos();
    List<SignerInformation> newSigners = new ArrayList<>();
    for (SignerInformation signer : signerStore.getSigners()) {
        // This adds a timestamp to every signer (into his unsigned attributes) in the signature.
        newSigners.add(signTimeStamp(signer));
    }
    // and also be replaced in signedData. Which creates a new signedData object.
    return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(newSigners));
}

Also used : SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) ArrayList(java.util.ArrayList) SignerInformation(org.bouncycastle.cms.SignerInformation)

Example 28 with SignerInformation

use of org.bouncycastle.cms.SignerInformation in project pdfbox by apache.

the class CertInformationCollector method getCertInfo.

/**
 * Processes one signature and its including certificates.
 *
 * @param signatureContent the byte[]-Content of the signature
 * @return the CertSignatureInformation for this signature
 * @throws IOException
 * @throws CertificateProccessingException
 */
private CertSignatureInformation getCertInfo(byte[] signatureContent) throws CertificateProccessingException, IOException {
    rootCertInfo = new CertSignatureInformation();
    rootCertInfo.signatureHash = CertInformationHelper.getSha1Hash(signatureContent);
    try {
        CMSSignedData signedData = new CMSSignedData(signatureContent);
        Store<X509CertificateHolder> certificatesStore = signedData.getCertificates();
        SignerInformation signerInformation = processSignerStore(certificatesStore, signedData, rootCertInfo);
        addTimestampCerts(signerInformation);
    } catch (CMSException e) {
        LOG.error("Error occurred getting Certificate Information from Signature", e);
        throw new CertificateProccessingException(e);
    }
    return rootCertInfo;
}

Also used : X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) SignerInformation(org.bouncycastle.cms.SignerInformation) CMSSignedData(org.bouncycastle.cms.CMSSignedData) CMSException(org.bouncycastle.cms.CMSException)

Example 29 with SignerInformation

use of org.bouncycastle.cms.SignerInformation in project tutorials by eugenp.

the class BouncyCastleCrypto method verifSignData.

public static boolean verifSignData(final byte[] signedData) throws CMSException, IOException, OperatorCreationException, CertificateException {
    ByteArrayInputStream bIn = new ByteArrayInputStream(signedData);
    ASN1InputStream aIn = new ASN1InputStream(bIn);
    CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
    aIn.close();
    bIn.close();
    Store certs = s.getCertificates();
    SignerInformationStore signers = s.getSignerInfos();
    Collection<SignerInformation> c = signers.getSigners();
    SignerInformation signer = c.iterator().next();
    Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());
    Iterator<X509CertificateHolder> certIt = certCollection.iterator();
    X509CertificateHolder certHolder = certIt.next();
    boolean verifResult = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));
    if (!verifResult) {
        return false;
    }
    return true;
}

Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) Store(org.bouncycastle.util.Store) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) SignerInformation(org.bouncycastle.cms.SignerInformation) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) CMSSignedData(org.bouncycastle.cms.CMSSignedData)

Example 30 with SignerInformation

use of org.bouncycastle.cms.SignerInformation in project jmeter by apache.

the class SMIMEAssertion method verifySignature.

private static AssertionResult verifySignature(SMIMEAssertionTestElement testElement, SMIMESignedParser s, String name) throws CMSException {
    AssertionResult res = new AssertionResult(name);
    try {
        Store<?> certs = s.getCertificates();
        SignerInformationStore signers = s.getSignerInfos();
        Iterator<?> signerIt = signers.getSigners().iterator();
        if (signerIt.hasNext()) {
            SignerInformation signer = (SignerInformation) signerIt.next();
            Iterator<?> certIt = certs.getMatches(signer.getSID()).iterator();
            if (certIt.hasNext()) {
                // the signer certificate
                X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
                if (testElement.isVerifySignature()) {
                    verifySignature(signer, res, cert);
                }
                if (testElement.isSignerCheckConstraints()) {
                    StringBuilder failureMessage = new StringBuilder();
                    checkSerial(testElement, res, cert, failureMessage);
                    checkEmail(testElement, res, cert, failureMessage);
                    checkSubject(testElement, res, cert, failureMessage);
                    checkIssuer(testElement, res, cert, failureMessage);
                    if (failureMessage.length() > 0) {
                        res.setFailureMessage(failureMessage.toString());
                    }
                }
                if (testElement.isSignerCheckByFile()) {
                    checkSignerByFile(testElement, res, cert);
                }
            } else {
                res.setFailure(true);
                res.setFailureMessage("No signer certificate found in signature");
            }
        }
        // TODO support multiple signers
        if (signerIt.hasNext()) {
            log.warn("SMIME message contains multiple signers! Checking multiple signers is not supported.");
        }
    } catch (GeneralSecurityException e) {
        log.error(e.getMessage(), e);
        res.setError(true);
        res.setFailureMessage(e.getMessage());
    }
    return res;
}

Also used : SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) GeneralSecurityException(java.security.GeneralSecurityException) SignerInformation(org.bouncycastle.cms.SignerInformation)

Aggregations

SignerInformation (org.bouncycastle.cms.SignerInformation)32 SignerInformationStore (org.bouncycastle.cms.SignerInformationStore)21 CMSSignedData (org.bouncycastle.cms.CMSSignedData)19 X509Certificate (java.security.cert.X509Certificate)17 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)13 JcaSimpleSignerInfoVerifierBuilder (org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)13 CMSException (org.bouncycastle.cms.CMSException)10 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)8 CertificateException (java.security.cert.CertificateException)7 Attribute (org.bouncycastle.asn1.cms.Attribute)7 AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)7 CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)7 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)7 IOException (java.io.IOException)6 ArrayList (java.util.ArrayList)6 Collection (java.util.Collection)6 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6 FileInputStream (java.io.FileInputStream)4 CertStore (java.security.cert.CertStore)4 Date (java.util.Date)4