List of usage examples for org.bouncycastle.cert X509CertificateHolder equals
public boolean equals(Object o)
From source file:org.apache.jmeter.assertions.SMIMEAssertion.java
License:Apache License
private static AssertionResult verifySignature(SMIMEAssertionTestElement testElement, SMIMESignedParser s, String name) throws CMSException { AssertionResult res = new AssertionResult(name); try {//from w w w.ja va 2 s .c o m Store certs = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Iterator<?> signerIt = signers.getSigners().iterator(); if (signerIt.hasNext()) { SignerInformation signer = (SignerInformation) signerIt.next(); Iterator<?> certIt = certs.getMatches(signer.getSID()).iterator(); if (certIt.hasNext()) { // the signer certificate X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); if (testElement.isVerifySignature()) { SignerInformationVerifier verifier = null; try { verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert); } catch (OperatorCreationException e) { log.error("Can't create a provider", e); } if (verifier == null || !signer.verify(verifier)) { res.setFailure(true); res.setFailureMessage("Signature is invalid"); } } if (testElement.isSignerCheckConstraints()) { StringBuilder failureMessage = new StringBuilder(); String serial = testElement.getSignerSerial(); if (!JOrphanUtils.isBlank(serial)) { BigInteger serialNbr = readSerialNumber(serial); if (!serialNbr.equals(cert.getSerialNumber())) { res.setFailure(true); failureMessage.append("Serial number ").append(serialNbr) .append(" does not match serial from signer certificate: ") .append(cert.getSerialNumber()).append("\n"); } } String email = testElement.getSignerEmail(); if (!JOrphanUtils.isBlank(email)) { List<String> emailFromCert = getEmailFromCert(cert); if (!emailFromCert.contains(email)) { res.setFailure(true); failureMessage.append("Email address \"").append(email) .append("\" not present in signer certificate\n"); } } String subject = testElement.getSignerDn(); if (subject.length() > 0) { final X500Name certPrincipal = cert.getSubject(); log.debug("DN from cert: " + certPrincipal.toString()); X500Name principal = new X500Name(subject); log.debug("DN from assertion: " + principal.toString()); if (!principal.equals(certPrincipal)) { res.setFailure(true); failureMessage.append("Distinguished name of signer certificate does not match \"") .append(subject).append("\"\n"); } } String issuer = testElement.getIssuerDn(); if (issuer.length() > 0) { final X500Name issuerX500Name = cert.getIssuer(); log.debug("IssuerDN from cert: " + issuerX500Name.toString()); X500Name principal = new X500Name(issuer); log.debug("IssuerDN from assertion: " + principal); if (!principal.equals(issuerX500Name)) { res.setFailure(true); failureMessage .append("Issuer distinguished name of signer certificate does not match \"") .append(subject).append("\"\n"); } } if (failureMessage.length() > 0) { res.setFailureMessage(failureMessage.toString()); } } if (testElement.isSignerCheckByFile()) { CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CertificateHolder certFromFile; InputStream inStream = null; try { inStream = new BufferedInputStream( new FileInputStream(testElement.getSignerCertFile())); certFromFile = new JcaX509CertificateHolder( (X509Certificate) cf.generateCertificate(inStream)); } finally { IOUtils.closeQuietly(inStream); } if (!certFromFile.equals(cert)) { res.setFailure(true); res.setFailureMessage("Signer certificate does not match certificate " + testElement.getSignerCertFile()); } } } else { res.setFailure(true); res.setFailureMessage("No signer certificate found in signature"); } } // TODO support multiple signers if (signerIt.hasNext()) { log.warn("SMIME message contains multiple signers! Checking multiple signers is not supported."); } } catch (GeneralSecurityException e) { log.error(e.getMessage(), e); res.setError(true); res.setFailureMessage(e.getMessage()); } catch (FileNotFoundException e) { res.setFailure(true); res.setFailureMessage("certificate file not found: " + e.getMessage()); } return res; }
From source file:org.signserver.server.signers.BaseSigner.java
License:Open Source License
/** * @return True if the CertStore contained the Certificate *///from w w w. j a v a2s . c om private boolean containsCertificate(final Store store, final Certificate subject) throws CertStoreException, IOException, CertificateEncodingException { final X509CertificateHolder cert = new X509CertificateHolder(subject.getEncoded()); final Collection<?> matchedCerts = store.getMatches(new Selector() { @Override public boolean match(Object obj) { return cert.equals(obj); } @Override public Object clone() { return this; } }); return matchedCerts.size() > 0; }