Search in sources :

Example 1 with SignerCertPair

use of org.nhindirect.stagent.cert.SignerCertPair in project nhin-d by DirectProject.

the class CryptoExtensions method findSignersByName.

/**
	 * Searches CMS signed data for a given email name.  Signed data may consist of multiple signatures either from the same subject of from multiple
	 * subjects. 
	 * @param signedData The signed data to search.
	 * @param name The name to search for in the list of signers.
	 * @param excludeNames A list of names to exclude from the list.  Because the search uses a simple "contains" search, it is possible for the name parameter
	 * to be a substring of what is requested.  The excludeNames contains a super string of the name to remove unwanted names from the returned list.  This parameter
	 * may be null;
	 * @return A colllection of pairs consisting of the singer's X509 certificated and signer information that matches the provided name.  Returns
	 * an empty collection if a signer matching the name cannot be found in the signed data.
	 */
public static Collection<SignerCertPair> findSignersByName(CMSSignedData signedData, String name, Collection<String> excludeNames) {
    if (name == null || name.length() == 0) {
        throw new IllegalArgumentException();
    }
    Collection<SignerCertPair> retVal = null;
    try {
        CertStore certs = signedData.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
        SignerInformationStore signers = signedData.getSignerInfos();
        Collection<SignerInformation> c = signers.getSigners();
        for (SignerInformation signer : c) {
            Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
            if (certCollection != null && certCollection.size() > 0) {
                X509Certificate cert = (X509Certificate) certCollection.iterator().next();
                if (certSubjectContainsName(cert, name)) {
                    boolean exclude = false;
                    // check if we need to exclude anything
                    if (excludeNames != null)
                        for (String excludeStr : excludeNames) if (certSubjectContainsName(cert, excludeStr)) {
                            exclude = true;
                            break;
                        }
                    if (exclude)
                        // break out and don't include this cert
                        continue;
                    if (retVal == null)
                        retVal = new ArrayList<SignerCertPair>();
                    retVal.add(new SignerCertPair(signer, convertToProfileProvidedCertImpl(cert)));
                }
            }
        }
    } catch (Throwable e) {
    }
    if (retVal == null)
        return Collections.emptyList();
    return retVal;
}
Also used : SignerCertPair(org.nhindirect.stagent.cert.SignerCertPair) ArrayList(java.util.ArrayList) SignerInformation(org.bouncycastle.cms.SignerInformation) X509Certificate(java.security.cert.X509Certificate) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) CertStore(java.security.cert.CertStore)

Example 2 with SignerCertPair

use of org.nhindirect.stagent.cert.SignerCertPair in project nhin-d by DirectProject.

the class TrustModel method findSenderSignatures.

protected void findSenderSignatures(IncomingMessage message) {
    message.setSenderSignatures(null);
    NHINDAddress sender = message.getSender();
    Collection<DefaultMessageSignatureImpl> senderSignatures = new ArrayList<DefaultMessageSignatureImpl>();
    // check for signatures at an individual level    	
    Collection<SignerCertPair> individualSenders = CryptoExtensions.findSignersByName(message.getSignature(), sender.getAddress(), null);
    // check for signatures at an org level
    Collection<SignerCertPair> orgSenders = CryptoExtensions.findSignersByName(message.getSignature(), sender.getHost(), Arrays.asList(new String[] { sender.getAddress() }));
    for (SignerCertPair pair : individualSenders) senderSignatures.add(new DefaultMessageSignatureImpl(pair.getSigner(), false, pair.getCertificate()));
    for (SignerCertPair pair : orgSenders) senderSignatures.add(new DefaultMessageSignatureImpl(pair.getSigner(), true, pair.getCertificate()));
    message.setSenderSignatures(senderSignatures);
}
Also used : NHINDAddress(org.nhindirect.stagent.NHINDAddress) DefaultMessageSignatureImpl(org.nhindirect.stagent.DefaultMessageSignatureImpl) SignerCertPair(org.nhindirect.stagent.cert.SignerCertPair) ArrayList(java.util.ArrayList)

Example 3 with SignerCertPair

use of org.nhindirect.stagent.cert.SignerCertPair in project nhin-d by DirectProject.

the class CryptoExtensions method findSignerByCert.

/**
	 * Searches CMS signed data for a specific X509 certificate.
	 * @param signedData The signed data to search.
	 * @param name The certificate to search for in the signed data.
	 * @return A pair consisting of the singer's X509 certificated and signer information that matches the provided certificate.  Returns
	 * null if a signer matching the name cannot be found in the signed data.
	 */
public static SignerCertPair findSignerByCert(CMSSignedData signedData, X509Certificate searchCert) {
    if (searchCert == null) {
        throw new IllegalArgumentException();
    }
    try {
        SignerInformationStore signers = signedData.getSignerInfos();
        Collection<SignerInformation> c = signers.getSigners();
        for (SignerInformation signer : c) {
            //signer.getSID().
            SignerId signerId = signer.getSID();
            if (signerId.getIssuer().equals(searchCert.getIssuerX500Principal()) && signerId.getSerialNumber().equals(searchCert.getSerialNumber())) {
                return new SignerCertPair(signer, searchCert);
            }
        }
    } catch (Exception e) {
    }
    return null;
}
Also used : SignerCertPair(org.nhindirect.stagent.cert.SignerCertPair) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) SignerId(org.bouncycastle.cms.SignerId) SignerInformation(org.bouncycastle.cms.SignerInformation) CertificateParsingException(java.security.cert.CertificateParsingException) CertificateException(java.security.cert.CertificateException) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Aggregations

SignerCertPair (org.nhindirect.stagent.cert.SignerCertPair)3 ArrayList (java.util.ArrayList)2 SignerInformation (org.bouncycastle.cms.SignerInformation)2 SignerInformationStore (org.bouncycastle.cms.SignerInformationStore)2 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 CertStore (java.security.cert.CertStore)1 CertificateException (java.security.cert.CertificateException)1 CertificateParsingException (java.security.cert.CertificateParsingException)1 X509Certificate (java.security.cert.X509Certificate)1 SignerId (org.bouncycastle.cms.SignerId)1 DefaultMessageSignatureImpl (org.nhindirect.stagent.DefaultMessageSignatureImpl)1 NHINDAddress (org.nhindirect.stagent.NHINDAddress)1