Example 1 with SignatureValidationException
use of org.nhindirect.stagent.SignatureValidationException in project nhin-d by DirectProject.
the class CryptographerTest method testSignMimeEntity_MD5Digest_forceStrongDigest_assertRejectValidation.
public void testSignMimeEntity_MD5Digest_forceStrongDigest_assertRejectValidation() throws Exception {
X509CertificateEx certex = TestUtils.getInternalCert("user1");
SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
cryptographer.setDigestAlgorithm(DigestAlgorithm.MD5);
MimeEntity entity = new MimeEntity();
entity.setText("Hello world.");
entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
SignedEntity signedEnt = cryptographer.sign(entity, certex);
assertNotNull(signedEnt);
byte[] signedEntityBytes = EntitySerializer.Default.serializeToBytes(signedEnt.getContent());
byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
assertTrue(Arrays.equals(signedEntityBytes, entityBytes));
assertNotNull(signedEnt.getSignature());
X509Certificate cert = TestUtils.getExternalCert("user1");
boolean exceptionOccured = false;
try {
cryptographer.checkSignature(signedEnt, cert, new ArrayList<X509Certificate>());
} catch (SignatureValidationException e) {
exceptionOccured = true;
}
assertTrue(exceptionOccured);
}
Also used :
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
SMIMECryptographerImpl(org.nhindirect.stagent.cryptography.SMIMECryptographerImpl)
MimeEntity(org.nhindirect.stagent.mail.MimeEntity)
SignatureValidationException(org.nhindirect.stagent.SignatureValidationException)
SignedEntity(org.nhindirect.stagent.cryptography.SignedEntity)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with SignatureValidationException
use of org.nhindirect.stagent.SignatureValidationException in project nhin-d by DirectProject.
the class SMIMECryptographerImpl method checkSignature.
//-----------------------------------------------------
//
// Signature Validation
//
//-----------------------------------------------------
/**
* Validates that a signed entity has a valid message and signature. The signer's certificate is validated to ensure authenticity of the message. Message
* tampering is also checked with the message's digest and the signed digest in the message signature.
* @param signedEntity The entity containing the original signed part and the message signature.
* @param signerCertificate The certificate used to sign the message.
* @param anchors A collection of certificate anchors used to determine if the certificates used in the signature can be validated as trusted certificates.
*/
public void checkSignature(SignedEntity signedEntity, X509Certificate signerCertificate, Collection<X509Certificate> anchors) throws SignatureValidationException {
CMSSignedData signatureEnvelope = deserializeSignatureEnvelope(signedEntity);
SignerInformation logSigInfo = null;
try {
// is verified with the signerCertificate
for (SignerInformation sigInfo : (Collection<SignerInformation>) signatureEnvelope.getSignerInfos().getSigners()) {
logSigInfo = sigInfo;
// such as MD5
if (!isAllowedDigestAlgorithm(sigInfo.getDigestAlgOID()))
throw new SignatureValidationException("Digest algorithm " + sigInfo.getDigestAlgOID() + " is not allowed.");
if (sigInfo.verify(signerCertificate, CryptoExtensions.getJCEProviderName())) {
// verified... return
return;
}
}
// at this point the signerCertificate cannot be verified with one of the signing certificates....
throw new SignatureValidationException("Signature validation failure.");
} catch (SignatureValidationException sve) {
throw sve;
} catch (Exception e) {
throw new SignatureValidationException("Signature validation failure.", e);
} finally {
logDigests(logSigInfo);
}
}
Also used :
Collection(java.util.Collection)
SignerInformation(org.bouncycastle.cms.SignerInformation)
SignatureValidationException(org.nhindirect.stagent.SignatureValidationException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
MessagingException(javax.mail.MessagingException)
MimeException(org.nhindirect.stagent.mail.MimeException)
NHINDException(org.nhindirect.stagent.NHINDException)
ParseException(javax.mail.internet.ParseException)
IOException(java.io.IOException)
SignatureValidationException(org.nhindirect.stagent.SignatureValidationException)
Aggregations
SignatureValidationException (org.nhindirect.stagent.SignatureValidationException)2
IOException (java.io.IOException)1
X509Certificate (java.security.cert.X509Certificate)1
Collection (java.util.Collection)1
MessagingException (javax.mail.MessagingException)1
ParseException (javax.mail.internet.ParseException)1
CMSSignedData (org.bouncycastle.cms.CMSSignedData)1
SignerInformation (org.bouncycastle.cms.SignerInformation)1
NHINDException (org.nhindirect.stagent.NHINDException)1
X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)1
SMIMECryptographerImpl (org.nhindirect.stagent.cryptography.SMIMECryptographerImpl)1
SignedEntity (org.nhindirect.stagent.cryptography.SignedEntity)1
MimeEntity (org.nhindirect.stagent.mail.MimeEntity)1
MimeException (org.nhindirect.stagent.mail.MimeException)1
