List of usage examples for org.bouncycastle.cert.selector.jcajce JcaX509CertSelectorConverter JcaX509CertSelectorConverter
public JcaX509CertSelectorConverter()
From source file:org.apache.james.transport.KeyStoreHolder.java
License:Apache License
/** * Verifies the signature of a SMIME message. * /*from ww w . j av a2 s.c o m*/ * It checks also if the signer's certificate is trusted using the loaded * keystore as trusted certificate store. * * @param signed * the signed mail to check. * @return a list of SMIMESignerInfo which keeps the data of each mail * signer. * @throws Exception * @throws MessagingException */ public List<SMIMESignerInfo> verifySignatures(SMIMESigned signed) throws Exception { CertStore certs = new JcaCertStoreBuilder().addCertificates(signed.getCertificates()) .addCRLs(signed.getCRLs()).build(); SignerInformationStore siginfo = signed.getSignerInfos(); Collection<SignerInformation> sigCol = siginfo.getSigners(); List<SMIMESignerInfo> result = new ArrayList<SMIMESignerInfo>(sigCol.size()); // I iterate over the signer collection // checking if the signatures put // on the message are valid. for (SignerInformation info : sigCol) { // I get the signer's certificate X509CertificateHolderSelector x509CertificateHolderSelector = new X509CertificateHolderSelector( info.getSID().getSubjectKeyIdentifier()); X509CertSelector certSelector = new JcaX509CertSelectorConverter() .getCertSelector(x509CertificateHolderSelector); @SuppressWarnings("unchecked") Collection<X509Certificate> certCollection = (Collection<X509Certificate>) certs .getCertificates(certSelector); if (!certCollection.isEmpty()) { X509Certificate signerCert = certCollection.iterator().next(); // The issuer's certifcate is searched in the list of trusted certificate. CertPath path = verifyCertificate(signerCert, certs, keyStore); try { // if the signature is valid the SMIMESignedInfo is // created using "true" as last argument. If it is // invalid an exception is thrown by the "verify" method // and the SMIMESignerInfo is created with "false". // // The second argument "path" is not null if the // certificate can be trusted (it can be connected // by a chain of trust to a trusted certificate), null // otherwise. if (info.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signerCert))) { result.add(new SMIMESignerInfo(signerCert, path, true)); } } catch (Exception e) { result.add(new SMIMESignerInfo(signerCert, path, false)); } } } return result; }