List of usage examples for org.bouncycastle.asn1.cms ContentInfo getInstance
public static ContentInfo getInstance(Object obj)
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
/** * Read an existing PKCS#7 object from a DER encoded byte array *//*from w ww . j a v a 2 s. c o m*/ protected static org.bouncycastle.asn1.pkcs.SignedData pkcs7SignedData(byte[] in) { ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // ASN1Primitive pkcs; try { pkcs = din.readObject(); } catch (IOException e) { throw new SecurityException("can't decode PKCS7SignedData object"); } finally { try { din.close(); } catch (IOException e) { e.printStackTrace(); } } if (!(pkcs instanceof ASN1Sequence)) { throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); } ContentInfo content = ContentInfo.getInstance(pkcs); org.bouncycastle.asn1.pkcs.SignedData data = org.bouncycastle.asn1.pkcs.SignedData .getInstance(content.getContent()); return data; }
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
/** * Read an existing PKCS#7 object from a DER encoded byte array *//*from w ww. j a v a2 s . c o m*/ protected static org.bouncycastle.asn1.cms.SignedData cmsSignedData(byte[] in) { ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // ASN1Primitive cms; try { cms = din.readObject(); } catch (IOException e) { throw new SecurityException("can't decode CMSSignedData object"); } finally { try { din.close(); } catch (IOException e) { e.printStackTrace(); } } if (!(cms instanceof ASN1Sequence)) { throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); } ContentInfo content = ContentInfo.getInstance(cms); org.bouncycastle.asn1.cms.SignedData data = org.bouncycastle.asn1.cms.SignedData .getInstance(content.getContent()); return data; }
From source file:com.infinities.keystone4j.utils.Cms.java
License:Apache License
@SuppressWarnings("rawtypes") public String verifySignature(byte[] sigbytes, String signingCertFileName, String caFileName) throws CMSException, CertificateException, OperatorCreationException, NoSuchAlgorithmException, NoSuchProviderException, CertPathBuilderException, InvalidAlgorithmParameterException, IOException, CertificateVerificationException { logger.debug("signingCertFile: {}, caFile:{}", new Object[] { signingCertFileName, caFileName }); Security.addProvider(new BouncyCastleProvider()); X509Certificate signercert = generateCertificate(signingCertFileName); X509Certificate cacert = generateCertificate(caFileName); Set<X509Certificate> additionalCerts = new HashSet<X509Certificate>(); additionalCerts.add(cacert);/*from ww w .j a va2 s.c o m*/ CertificateVerifier.verifyCertificate(signercert, additionalCerts, true); // .validateKeyChain(signercert, // certs); if (Base64Verifier.isBase64(sigbytes)) { try { sigbytes = Base64.decode(sigbytes); logger.debug("Signature file is BASE64 encoded"); } catch (Exception ioe) { logger.warn("Problem decoding from b64", ioe); } } // sigbytes = Base64.decode(sigbytes); // --- Use Bouncy Castle provider to verify included-content CSM/PKCS#7 // signature --- ASN1InputStream in = null; try { logger.debug("sigbytes size: {}", sigbytes.length); in = new ASN1InputStream(new ByteArrayInputStream(sigbytes), Integer.MAX_VALUE); CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(in.readObject())); Store store = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); int verified = 0; while (it.hasNext()) { X509Certificate cert = null; SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = store.getMatches(signer.getSID()); if (certCollection.isEmpty() && signercert == null) continue; else if (signercert != null) // use a signer cert file for // verification, if it was // provided cert = signercert; else { // use the certificates included in the signature for // verification Iterator certIt = certCollection.iterator(); cert = (X509Certificate) certIt.next(); } // if (signer.verify(new // JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) // verified++; } if (verified == 0) { logger.warn(" No signers' signatures could be verified !"); } else if (signercert != null) logger.info("Verified a signature using signer certificate file {}", signingCertFileName); else logger.info("Verified a signature using a certificate in the signature data"); CMSProcessableByteArray cpb = (CMSProcessableByteArray) s.getSignedContent(); byte[] rawcontent = (byte[]) cpb.getContent(); return new String(rawcontent); } catch (Exception ex) { logger.error("Couldn't verify included-content CMS signature", ex); throw new RuntimeException("Couldn't verify included-content CMS signature", ex); } finally { if (in != null) { in.close(); } } }
From source file:de.tsenger.animamea.Operator.java
License:Open Source License
private static SecurityInfos decodeEFCardSecurity(byte[] data) throws IOException, CertificateException, NoSuchProviderException, CMSException, OperatorCreationException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); ASN1Sequence asnSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(data); ContentInfo contentInfo = ContentInfo.getInstance(asnSeq); DERSequence derSeq = (DERSequence) contentInfo.getContent(); System.out.println("ContentType: " + contentInfo.getContentType().toString()); SignedData cardSecurity = SignedData.getInstance(derSeq); //Get SecurityInfos ContentInfo encapContentInfo = cardSecurity.getEncapContentInfo(); DEROctetString octString = (DEROctetString) encapContentInfo.getContent(); SecurityInfos si = new SecurityInfos(); si.decode(octString.getOctets());//from w w w . java 2s .com return si; }
From source file:de.tsenger.sandbox.CardSecurityParser.java
License:Open Source License
/** * @param args//from w w w . j a va 2 s . com * @throws Exception */ public static void main(String[] args) throws Exception { byte[] efcsBytes = readBinaryFile("/home/tsenger/Desktop/EFCardSecurity.bin"); ASN1Sequence asnSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(efcsBytes); ContentInfo contentInfo = ContentInfo.getInstance(asnSeq); System.out.println(contentInfo.getContentType()); DERSequence derSeq = (DERSequence) contentInfo.getContent(); System.out.println(HexString.bufferToHex(derSeq.getEncoded(null))); SignedData signedData = SignedData.getInstance(derSeq); System.out.println("CMSVersion: " + signedData.getVersion().getValue().intValue()); ContentInfo contentInfo2 = signedData.getEncapContentInfo(); System.out.println(contentInfo2.getContentType()); DEROctetString octString = (DEROctetString) contentInfo2.getContent(); System.out.println("OctetString:\n" + HexString.bufferToHex(octString.getEncoded(null))); System.out.println("OctetString:\n" + HexString.bufferToHex(octString.getOctets())); SecurityInfos si = new SecurityInfos(); si.decode(octString.getOctets()); System.out.println(si); byte[] parameter = si.getChipAuthenticationPublicKeyInfoList().get(0).getPublicKey().getPublicKey(); System.out.println(HexString.bufferToHex(parameter)); System.out.println("Key Referenz: " + si.getChipAuthenticationPublicKeyInfoList().get(0).getKeyId()); System.out.println("CA OID: " + si.getChipAuthenticationPublicKeyInfoList().get(0).getPublicKey().getAlgorithm().getAlgorithm()); }
From source file:dorkbox.build.util.jar.JarSignatureUtil.java
License:Apache License
/** * Verify that the two certificates MATCH from within a signature block (ie, * XXXXX.DSA in the META-INF directory). * * @return true if the two certificates are the same. false otherwise. *///from w w w.jav a2s. c om public static final boolean compareCertificates(byte[] newSignatureContainerBytes, byte[] oldSignatureContainerBytes) { ASN1InputStream newSigStream = null; ASN1InputStream oldSigStream = null; try { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); InputStream newSignatureIn = new ByteArrayInputStream(newSignatureContainerBytes); newSigStream = new ASN1InputStream(newSignatureIn); ASN1Primitive newSigASNPrim = newSigStream.readObject(); ContentInfo newSigContent = ContentInfo.getInstance(newSigASNPrim); InputStream oldSignatureIn = new ByteArrayInputStream(oldSignatureContainerBytes); oldSigStream = new ASN1InputStream(oldSignatureIn); ASN1Primitive oldSigASNPrim = oldSigStream.readObject(); ContentInfo oldSigContent = ContentInfo.getInstance(oldSigASNPrim); // Extract certificates SignedData newSignedData = SignedData.getInstance(newSigContent.getContent()); @SuppressWarnings("rawtypes") Enumeration newSigOjects = newSignedData.getCertificates().getObjects(); SignedData oldSignedData = SignedData.getInstance(oldSigContent.getContent()); @SuppressWarnings("rawtypes") Enumeration oldSigOjects = oldSignedData.getCertificates().getObjects(); Object newSigElement = newSigOjects.nextElement(); Object oldSigElement = oldSigOjects.nextElement(); if (newSigElement instanceof DERSequence && oldSigElement instanceof DERSequence) { DERSequence newSigDERElement = (DERSequence) newSigElement; InputStream newSigIn = new ByteArrayInputStream(newSigDERElement.getEncoded()); Certificate newSigCertificate = certFactory.generateCertificate(newSigIn); DERSequence oldSigDERElement = (DERSequence) oldSigElement; InputStream oldSigIn = new ByteArrayInputStream(oldSigDERElement.getEncoded()); Certificate oldSigCertificate = certFactory.generateCertificate(oldSigIn); // certificate bytes byte[] newSigCertificateBytes = newSigCertificate.getEncoded(); byte[] oldSigCertificateBytes = oldSigCertificate.getEncoded(); return Arrays.equals(newSigCertificateBytes, oldSigCertificateBytes); } } catch (IOException e) { } catch (CertificateException e) { } finally { Sys.close(newSigStream); Sys.close(oldSigStream); } return false; }
From source file:es.gob.afirma.signers.pkcs7.DigestedData.java
License:Open Source License
/** Crea un object CMS DigestedData a partir de una Secuencia ASN.1. * @param seq Secuencia origen/*w w w . jav a2 s . c o m*/ */ public DigestedData(final ASN1Sequence seq) { final Enumeration<?> e = seq.getObjects(); this.version = (ASN1Integer) e.nextElement(); this.digestAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); this.contentInfo = ContentInfo.getInstance(e.nextElement()); this.digest = (ASN1OctetString) e.nextElement(); }
From source file:net.jsign.pe.CertificateTableEntry.java
License:Apache License
public CMSSignedData getSignature() throws CMSException { if (type != CertificateType.PKCS_SIGNED_DATA.getValue()) { throw new UnsupportedOperationException("Unsupported certificate type: " + type); }//from w w w . j a v a 2s . co m if (revision != 0x0200) { throw new UnsupportedOperationException("Unsupported certificate revision: " + revision); } if (signature == null) { signature = new CMSSignedData((CMSProcessable) null, ContentInfo.getInstance(content)); } return signature; }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObjectBuilderTest.java
License:BSD License
/** * http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.2 *//*from w w w . ja v a2s. co m*/ @Test public void shouldCmsObjectHaveCorrectDigestAlgorithm() throws Exception { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(cmsObject.getEncoded())); ContentInfo info = ContentInfo.getInstance(in.readObject()); SignedData signedData = SignedData.getInstance(info.getContent()); ASN1Set digestAlgorithms = signedData.getDigestAlgorithms(); ASN1Encodable asn1Object = digestAlgorithms.getObjectAt(0); AlgorithmIdentifier algorithmId = AlgorithmIdentifier.getInstance(asn1Object.toASN1Primitive()); assertEquals(DIGEST_SHA256, algorithmId.getAlgorithm().getId()); }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObjectParser.java
License:BSD License
private AlgorithmIdentifier getDigestAlgorithmOidFromEncodedCmsObject(byte[] data) { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(data)); ContentInfo info;/*from w w w . j a v a 2s.co m*/ try { info = ContentInfo.getInstance(in.readObject()); } catch (IOException e) { throw new ProvisioningCmsObjectParserException("error while reading cms object content info", e); } SignedData signedData = SignedData.getInstance(info.getContent()); ASN1Set digestAlgorithms = signedData.getDigestAlgorithms(); ASN1Encodable object = digestAlgorithms.getObjectAt(0); return AlgorithmIdentifier.getInstance(object.toASN1Primitive()); }