Example usage for org.apache.poi.poifs.crypt.dsig SignaturePart getCertChain

List of usage examples for org.apache.poi.poifs.crypt.dsig SignaturePart getCertChain

  1. HOME
  2. Java
  3. org.apache.poi
  4. org.apache.poi.poifs.crypt.dsig.*
  5. SignaturePart
  6. getCertChain

Introduction

In this page you can find the example usage for org.apache.poi.poifs.crypt.dsig SignaturePart getCertChain.

Prototype

public List<X509Certificate> getCertChain()

Source Link

Usage

From source file:org.roda.common.certification.OOXMLSignatureUtils.java

public static String runDigitalSignatureVerify(Path input) throws IOException, GeneralSecurityException {
    boolean isValid = true;
    try {/*from   w  w  w . j  a v  a  2s  . com*/
        OPCPackage pkg = OPCPackage.open(input.toString(), PackageAccess.READ);
        SignatureConfig sic = new SignatureConfig();
        sic.setOpcPackage(pkg);

        SignatureInfo si = new SignatureInfo();
        si.setSignatureConfig(sic);
        Iterable<SignaturePart> it = si.getSignatureParts();
        if (it != null) {
            for (SignaturePart sp : it) {
                isValid = isValid && sp.validate();

                Set<Certificate> trustedRootCerts = new HashSet<Certificate>();
                Set<Certificate> intermediateCerts = new HashSet<Certificate>();
                List<X509Certificate> certChain = sp.getCertChain();

                for (X509Certificate c : certChain) {
                    c.checkValidity();

                    if (SignatureUtils.isCertificateSelfSigned(c))
                        trustedRootCerts.add(c);
                    else
                        intermediateCerts.add(c);
                }

                SignatureUtils.verifyCertificateChain(trustedRootCerts, intermediateCerts, certChain.get(0));
            }
        }

        pkg.close();
    } catch (InvalidFormatException e) {
        return "Error opening a document file";
    } catch (CertificateExpiredException e) {
        return "Contains expired certificates";
    } catch (CertificateNotYetValidException e) {
        return "Contains certificates not yet valid";
    }

    return isValid ? "Passed" : "Not passed";
}

From source file:org.roda.core.plugins.plugins.characterization.OOXMLSignatureUtils.java

public static String runDigitalSignatureVerify(Path input) throws IOException, GeneralSecurityException {
    boolean isValid = true;
    try (OPCPackage pkg = OPCPackage.open(input.toString(), PackageAccess.READ)) {
        SignatureConfig sic = new SignatureConfig();
        sic.setOpcPackage(pkg);//w w  w . j a v a  2s .  c  om

        SignatureInfo si = new SignatureInfo();
        si.setSignatureConfig(sic);
        Iterable<SignaturePart> it = si.getSignatureParts();
        if (it != null) {
            for (SignaturePart sp : it) {
                isValid = isValid && sp.validate();

                Set<Certificate> trustedRootCerts = new HashSet<>();
                Set<Certificate> intermediateCerts = new HashSet<>();
                List<X509Certificate> certChain = sp.getCertChain();

                for (X509Certificate c : certChain) {
                    c.checkValidity();

                    if (SignatureUtils.isCertificateSelfSigned(c)) {
                        trustedRootCerts.add(c);
                    } else {
                        intermediateCerts.add(c);
                    }
                }

                SignatureUtils.verifyCertificateChain(trustedRootCerts, intermediateCerts, certChain.get(0));
            }
        }
    } catch (InvalidFormatException e) {
        return "Error opening a document file";
    } catch (CertificateExpiredException e) {
        return "Contains expired certificates";
    } catch (CertificateNotYetValidException e) {
        return "Contains certificates not yet valid";
    }

    return isValid ? "Passed" : "Not passed";
}