use of org.nhindirect.stagent.cert.SignerCertPair in project nhin-d by DirectProject.
the class CryptoExtensions method findSignersByName.
/**
* Searches CMS signed data for a given email name. Signed data may consist of multiple signatures either from the same subject of from multiple
* subjects.
* @param signedData The signed data to search.
* @param name The name to search for in the list of signers.
* @param excludeNames A list of names to exclude from the list. Because the search uses a simple "contains" search, it is possible for the name parameter
* to be a substring of what is requested. The excludeNames contains a super string of the name to remove unwanted names from the returned list. This parameter
* may be null;
* @return A colllection of pairs consisting of the singer's X509 certificated and signer information that matches the provided name. Returns
* an empty collection if a signer matching the name cannot be found in the signed data.
*/
public static Collection<SignerCertPair> findSignersByName(CMSSignedData signedData, String name, Collection<String> excludeNames) {
if (name == null || name.length() == 0) {
throw new IllegalArgumentException();
}
Collection<SignerCertPair> retVal = null;
try {
CertStore certs = signedData.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
SignerInformationStore signers = signedData.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
for (SignerInformation signer : c) {
Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
if (certCollection != null && certCollection.size() > 0) {
X509Certificate cert = (X509Certificate) certCollection.iterator().next();
if (certSubjectContainsName(cert, name)) {
boolean exclude = false;
// check if we need to exclude anything
if (excludeNames != null)
for (String excludeStr : excludeNames) if (certSubjectContainsName(cert, excludeStr)) {
exclude = true;
break;
}
if (exclude)
// break out and don't include this cert
continue;
if (retVal == null)
retVal = new ArrayList<SignerCertPair>();
retVal.add(new SignerCertPair(signer, convertToProfileProvidedCertImpl(cert)));
}
}
}
} catch (Throwable e) {
}
if (retVal == null)
return Collections.emptyList();
return retVal;
}
use of org.nhindirect.stagent.cert.SignerCertPair in project nhin-d by DirectProject.
the class TrustModel method findSenderSignatures.
protected void findSenderSignatures(IncomingMessage message) {
message.setSenderSignatures(null);
NHINDAddress sender = message.getSender();
Collection<DefaultMessageSignatureImpl> senderSignatures = new ArrayList<DefaultMessageSignatureImpl>();
// check for signatures at an individual level
Collection<SignerCertPair> individualSenders = CryptoExtensions.findSignersByName(message.getSignature(), sender.getAddress(), null);
// check for signatures at an org level
Collection<SignerCertPair> orgSenders = CryptoExtensions.findSignersByName(message.getSignature(), sender.getHost(), Arrays.asList(new String[] { sender.getAddress() }));
for (SignerCertPair pair : individualSenders) senderSignatures.add(new DefaultMessageSignatureImpl(pair.getSigner(), false, pair.getCertificate()));
for (SignerCertPair pair : orgSenders) senderSignatures.add(new DefaultMessageSignatureImpl(pair.getSigner(), true, pair.getCertificate()));
message.setSenderSignatures(senderSignatures);
}
use of org.nhindirect.stagent.cert.SignerCertPair in project nhin-d by DirectProject.
the class CryptoExtensions method findSignerByCert.
/**
* Searches CMS signed data for a specific X509 certificate.
* @param signedData The signed data to search.
* @param name The certificate to search for in the signed data.
* @return A pair consisting of the singer's X509 certificated and signer information that matches the provided certificate. Returns
* null if a signer matching the name cannot be found in the signed data.
*/
public static SignerCertPair findSignerByCert(CMSSignedData signedData, X509Certificate searchCert) {
if (searchCert == null) {
throw new IllegalArgumentException();
}
try {
SignerInformationStore signers = signedData.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
for (SignerInformation signer : c) {
//signer.getSID().
SignerId signerId = signer.getSID();
if (signerId.getIssuer().equals(searchCert.getIssuerX500Principal()) && signerId.getSerialNumber().equals(searchCert.getSerialNumber())) {
return new SignerCertPair(signer, searchCert);
}
}
} catch (Exception e) {
}
return null;
}
Aggregations