List of usage examples for org.bouncycastle.cms CMSSignedData CMSSignedData
public CMSSignedData(ContentInfo sigData) throws CMSException
From source file:org.poreid.verify.sod.SOD.java
License:Open Source License
protected SOD(byte[] sod, KeyStore keystore) throws SODException { try {//from w w w . j a v a2 s . c om cms = new CMSSignedData(sod); lds = LDSSecurityObject.getInstance(cms.getSignedContent().getContent()); this.keystore = keystore; } catch (CMSException ex) { throw new SODException("no foi possivel instanciar o SOD", ex); } }
From source file:org.signserver.client.cli.defaultimpl.TimeStampCommand.java
License:Open Source License
private void tsaPrintReply() throws Exception { final byte[] bytes = readFiletoBuffer(inrepstring); TimeStampResponse response = null;/*from www . ja va 2s . c om*/ out.println("Time-stamp response {"); try { response = new TimeStampResponse(bytes); out.println(" Status: " + response.getStatus()); out.println(" Status message: " + response.getStatusString()); } catch (TSPException ex) { out.println(" Not a response"); } if (response != null) { PKIFailureInfo failureInfo = response.getFailInfo(); if (failureInfo != null) { out.print(" Failure info: "); out.println(failureInfo.intValue()); } } final TimeStampToken token; if (response == null) { token = new TimeStampToken(new CMSSignedData(bytes)); } else { token = response.getTimeStampToken(); } if (token != null) { out.println(" Time-stamp token:"); TimeStampTokenInfo info = token.getTimeStampInfo(); if (info != null) { out.println(" Info:"); out.print(" " + "Accuracy: "); out.println(info.getAccuracy() != null ? info.getAccuracy() : "(null)"); out.print(" " + "Gen Time: "); out.println(info.getGenTime()); out.print(" " + "Gen Time Accuracy: "); out.println(info.getGenTimeAccuracy()); out.print(" " + "Message imprint digest: "); out.println(new String(Hex.encode(info.getMessageImprintDigest()))); out.print(" " + "Message imprint algorithm: "); out.println(info.getMessageImprintAlgOID()); out.print(" " + "Nonce: "); out.println(info.getNonce() != null ? info.getNonce().toString(16) : "(null)"); out.print(" " + "Serial Number: "); out.println(info.getSerialNumber() != null ? info.getSerialNumber().toString(16) : "(null)"); out.print(" " + "TSA: "); out.println(info.getTsa() != null ? info.getTsa() : "(null)"); out.print(" " + "Policy: "); out.println(info.getPolicy()); } out.println(" Signer ID: "); out.println(" Serial Number: " + token.getSID().getSerialNumber().toString(16)); out.println(" Issuer: " + token.getSID().getIssuer()); out.println(" Signer certificate: "); Store certs = token.getCertificates(); Selector signerSelector = new AttributeCertificateHolder(token.getSID().getIssuer(), token.getSID().getSerialNumber()); Collection certCollection = certs.getMatches(signerSelector); for (Object o : certCollection) { if (o instanceof X509CertificateHolder) { X509CertificateHolder cert = (X509CertificateHolder) o; out.println(" Certificate: "); out.println(" Serial Number: " + cert.getSerialNumber().toString(16)); out.println(" Subject: " + cert.getSubject()); out.println(" Issuer: " + cert.getIssuer()); } else { out.println("Not an X.509 certificate: " + o); } } out.println(" Other certificates: "); certCollection = certs.getMatches(new InvertedSelector(signerSelector)); for (Object o : certCollection) { if (o instanceof X509CertificateHolder) { X509CertificateHolder cert = (X509CertificateHolder) o; out.println(" Certificate: "); out.println(" Serial Number: " + cert.getSerialNumber().toString(16)); out.println(" Subject: " + cert.getSubject()); out.println(" Issuer: " + cert.getIssuer()); } else { out.println("Not an X.509 certificate: " + o); } } } out.println("}"); }
From source file:org.signserver.module.cmssigner.CMSSignerTest.java
License:Open Source License
private void helperBasicCMSSign(final int workerId, final String sigAlg, final String expectedDigAlgOID, final String expectedEncAlgOID, final String includedCertificateLevelsProperty, final int expectedIncludedCertificateLevels) throws Exception { final int reqid = 37; final String testDocument = "Something to sign...123"; final GenericSignRequest signRequest = new GenericSignRequest(reqid, testDocument.getBytes()); // override signature algorithm if set if (sigAlg != null) { workerSession.setWorkerProperty(workerId, CMSSigner.SIGNATUREALGORITHM_PROPERTY, sigAlg); } else {//from w ww.j a va 2s.c o m workerSession.removeWorkerProperty(workerId, CMSSigner.SIGNATUREALGORITHM_PROPERTY); } if (includedCertificateLevelsProperty != null) { workerSession.setWorkerProperty(workerId, WorkerConfig.PROPERTY_INCLUDE_CERTIFICATE_LEVELS, includedCertificateLevelsProperty); } else { workerSession.removeWorkerProperty(workerId, WorkerConfig.PROPERTY_INCLUDE_CERTIFICATE_LEVELS); } workerSession.reloadConfiguration(workerId); final GenericSignResponse res = (GenericSignResponse) workerSession.process(workerId, signRequest, new RequestContext()); final byte[] data = res.getProcessedData(); // Answer to right question assertSame("Request ID", reqid, res.getRequestID()); // Output for manual inspection final FileOutputStream fos = new FileOutputStream( new File(getSignServerHome(), "tmp" + File.separator + "signedcms_" + sigAlg + ".p7s")); fos.write((byte[]) data); fos.close(); // Check certificate returned final Certificate signercert = res.getSignerCertificate(); assertNotNull("Signer certificate", signercert); // Check that the signed data contains the document (i.e. not detached) final CMSSignedData signedData = new CMSSignedData(data); final byte[] content = (byte[]) signedData.getSignedContent().getContent(); assertEquals("Signed document", testDocument, new String(content)); // Get signers final Collection signers = signedData.getSignerInfos().getSigners(); final SignerInformation signer = (SignerInformation) signers.iterator().next(); // Verify using the signer's certificate assertTrue("Verification using signer certificate", signer.verify(signercert.getPublicKey(), "BC")); // Check that the signer's certificate is included CertStore certs = signedData.getCertificatesAndCRLs("Collection", "BC"); X509Principal issuer = new X509Principal(signer.getSID().getIssuer()); CertSelector cs = new AttributeCertificateHolder(issuer, signer.getSID().getSerialNumber()); Collection<? extends Certificate> signerCerts = certs.getCertificates(cs); assertEquals("Certificate included", expectedIncludedCertificateLevels, signerCerts.size()); if (!signerCerts.isEmpty()) { assertEquals(signercert, signerCerts.iterator().next()); } // check the signature algorithm assertEquals("Digest algorithm", expectedDigAlgOID, signer.getDigestAlgorithmID().getAlgorithm().getId()); assertEquals("Encryption algorithm", expectedEncAlgOID, signer.getEncryptionAlgOID()); }
From source file:org.signserver.module.cmssigner.CMSSignerUnitTest.java
License:Open Source License
/** * Tests that not specifying the DETACHEDSIGNATURE property and not * saying anything in the request about detached signatures gives a * signature with the content encapsulated. * @throws java.lang.Exception//from ww w . j av a 2 s.c o m */ @Test public void testDetachedSignatureDefaultValue() throws Exception { LOG.info("testDetachedSignatureDefaultValue"); WorkerConfig config = new WorkerConfig(); CMSSigner instance = new MockedCMSSigner(tokenRSA); instance.init(1, config, new SignServerContext(), null); final byte[] data = "my-data".getBytes("ASCII"); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-100-1"); GenericSignRequest request = new GenericSignRequest(100, data); GenericSignResponse response = (GenericSignResponse) instance.processData(request, requestContext); byte[] cms = response.getProcessedData(); CMSSignedData signedData = new CMSSignedData(cms); CMSProcessableByteArray signedContent = (CMSProcessableByteArray) signedData.getSignedContent(); byte[] actualData = (byte[]) signedContent.getContent(); assertEquals(Hex.toHexString(data), Hex.toHexString(actualData)); }
From source file:org.signserver.module.cmssigner.CMSSignerUnitTest.java
License:Open Source License
/** * Tests that requesting no detached is okey if no detached is configured * even if allow override is false.// w w w . j a v a2s . c om * @throws java.lang.Exception */ @Test public void testDetachedSignatureFalseRequestFalse() throws Exception { LOG.info("testDetachedSignatureFalseRequestFalse"); WorkerConfig config = new WorkerConfig(); config.setProperty("DETACHEDSIGNATURE", "FALSE"); config.setProperty("ALLOW_DETACHEDSIGNATURE_OVERRIDE", "FALSE"); CMSSigner instance = new MockedCMSSigner(tokenRSA); instance.init(1, config, new SignServerContext(), null); final byte[] data = "my-data".getBytes("ASCII"); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-100-1"); GenericSignRequest request = new GenericSignRequest(100, data); RequestMetadata metadata = RequestMetadata.getInstance(requestContext); metadata.put("DETACHEDSIGNATURE", "false"); GenericSignResponse response = (GenericSignResponse) instance.processData(request, requestContext); byte[] cms = response.getProcessedData(); CMSSignedData signedData = new CMSSignedData(cms); CMSProcessableByteArray signedContent = (CMSProcessableByteArray) signedData.getSignedContent(); byte[] actualData = (byte[]) signedContent.getContent(); assertEquals(Hex.toHexString(data), Hex.toHexString(actualData)); }
From source file:org.signserver.module.cmssigner.CMSSignerUnitTest.java
License:Open Source License
/** * Tests that requesting detached is okey if detached is configured * even if allow override is false.//from w ww . ja v a2 s. com * @throws java.lang.Exception */ @Test public void testDetachedSignatureTrueRequestTrue() throws Exception { LOG.info("testDetachedSignatureTrueRequestTrue"); WorkerConfig config = new WorkerConfig(); config.setProperty("DETACHEDSIGNATURE", "TRUE"); config.setProperty("ALLOW_DETACHEDSIGNATURE_OVERRIDE", "FALSE"); CMSSigner instance = new MockedCMSSigner(tokenRSA); instance.init(1, config, new SignServerContext(), null); final byte[] data = "my-data".getBytes("ASCII"); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-100-1"); GenericSignRequest request = new GenericSignRequest(100, data); RequestMetadata metadata = RequestMetadata.getInstance(requestContext); metadata.put("DETACHEDSIGNATURE", "TRUE"); GenericSignResponse response = (GenericSignResponse) instance.processData(request, requestContext); byte[] cms = response.getProcessedData(); CMSSignedData signedData = new CMSSignedData(cms); CMSProcessableByteArray signedContent = (CMSProcessableByteArray) signedData.getSignedContent(); assertNull("detached", signedContent); }
From source file:org.signserver.module.cmssigner.CMSSignerUnitTest.java
License:Open Source License
/** * Tests that requesting detached is okey if allow override is set to true. * @throws java.lang.Exception//from w w w . j a v a 2s . c o m */ @Test public void testDetachedSignatureFalseRequestTrue() throws Exception { LOG.info("testDetachedSignatureFalseRequestTrue"); WorkerConfig config = new WorkerConfig(); config.setProperty("DETACHEDSIGNATURE", "FALSE"); config.setProperty("ALLOW_DETACHEDSIGNATURE_OVERRIDE", "TRUE"); CMSSigner instance = new MockedCMSSigner(tokenRSA); instance.init(1, config, new SignServerContext(), null); final byte[] data = "my-data".getBytes("ASCII"); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-100-1"); GenericSignRequest request = new GenericSignRequest(100, data); RequestMetadata metadata = RequestMetadata.getInstance(requestContext); metadata.put("DETACHEDSIGNATURE", "TRUE"); GenericSignResponse response = (GenericSignResponse) instance.processData(request, requestContext); byte[] cms = response.getProcessedData(); CMSSignedData signedData = new CMSSignedData(cms); CMSProcessableByteArray signedContent = (CMSProcessableByteArray) signedData.getSignedContent(); assertNull("detached", signedContent); }
From source file:org.signserver.module.cmssigner.CMSSignerUnitTest.java
License:Open Source License
/** * Tests that requesting no detached is okey if allow override is true. * @throws java.lang.Exception/* www . j av a 2s. c o m*/ */ @Test public void testDetachedSignatureTrueRequestFalse() throws Exception { LOG.info("testDetachedSignatureTrueRequestFalse"); WorkerConfig config = new WorkerConfig(); config.setProperty("DETACHEDSIGNATURE", "TRUE"); config.setProperty("ALLOW_DETACHEDSIGNATURE_OVERRIDE", "TRUE"); CMSSigner instance = new MockedCMSSigner(tokenRSA); instance.init(1, config, new SignServerContext(), null); final byte[] data = "my-data".getBytes("ASCII"); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-100-1"); GenericSignRequest request = new GenericSignRequest(100, data); RequestMetadata metadata = RequestMetadata.getInstance(requestContext); metadata.put("DETACHEDSIGNATURE", "false"); GenericSignResponse response = (GenericSignResponse) instance.processData(request, requestContext); byte[] cms = response.getProcessedData(); CMSSignedData signedData = new CMSSignedData(cms); CMSProcessableByteArray signedContent = (CMSProcessableByteArray) signedData.getSignedContent(); byte[] actualData = (byte[]) signedContent.getContent(); assertEquals(Hex.toHexString(data), Hex.toHexString(actualData)); }
From source file:org.signserver.module.cmssigner.CMSSignerUnitTest.java
License:Open Source License
/** * Tests that requesting with empty string is the same as not requesting. * @throws java.lang.Exception// ww w . j av a2s . c o m */ @Test public void testDetachedSignatureTrueRequestEmpty() throws Exception { LOG.info("testDetachedSignatureTrueRequestEmpty"); WorkerConfig config = new WorkerConfig(); config.setProperty("DETACHEDSIGNATURE", "TRUE"); config.setProperty("ALLOW_DETACHEDSIGNATURE_OVERRIDE", "FALSE"); CMSSigner instance = new MockedCMSSigner(tokenRSA); instance.init(1, config, new SignServerContext(), null); final byte[] data = "my-data".getBytes("ASCII"); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-100-1"); GenericSignRequest request = new GenericSignRequest(100, data); RequestMetadata metadata = RequestMetadata.getInstance(requestContext); metadata.put("DETACHEDSIGNATURE", ""); GenericSignResponse response = (GenericSignResponse) instance.processData(request, requestContext); byte[] cms = response.getProcessedData(); CMSSignedData signedData = new CMSSignedData(cms); CMSProcessableByteArray signedContent = (CMSProcessableByteArray) signedData.getSignedContent(); assertNull("detached", signedContent); }
From source file:org.signserver.module.renewal.worker.RenewalWorker.java
License:Open Source License
private void renewWorker(final int workerId, final String sigAlg, final String subjectDN, final String endEntity, final boolean explicitEccParameters, final boolean defaultKey, final String nextCertSignKey, final LogMap logMap) throws Exception { final String pkcs10 = createRequestPEM(workerId, sigAlg, subjectDN, explicitEccParameters, defaultKey); if (LOG.isDebugEnabled()) { LOG.debug("PKCS10: " + pkcs10); }//from w w w. j a v a 2 s . c o m // Connect to EjbcaWS final EjbcaWS ejbcaws = getEjbcaWS(ejbcaWsUrl, alias, truststoreType, truststorePath, truststoreValue, truststorePass); if (ejbcaws == null) { LOG.debug("Could not get EjbcaWS"); } else { LOG.debug("Got EjbcaWS"); final UserMatch usermatch = new UserMatch(); usermatch.setMatchwith(MATCH_WITH_USERNAME); usermatch.setMatchtype(MATCH_TYPE_EQUALS); usermatch.setMatchvalue(endEntity); final List<UserDataVOWS> result = ejbcaws.findUser(usermatch); if (LOG.isDebugEnabled()) { LOG.debug("Got users: " + result); } if (result.isEmpty()) { throw new IllegalArgumentException("End entity not found in EJBCA: " + endEntity); } else { // Update user with status and new password final UserDataVOWS user1 = result.get(0); final char[] password = RandomPasswordGenerator.getInstance().generate(20); if (LOG.isDebugEnabled()) { LOG.debug("Changing to status to NEW from " + user1.getStatus() + " for end entity " + endEntity + "."); } user1.setStatus(STATUS_NEW); user1.setPassword(new String(password)); ejbcaws.editUser(user1); // Send request to CA final CertificateResponse resp = ejbcaws.pkcs10Request(endEntity, new String(password), pkcs10, null, RESPONSETYPE_PKCS7WITHCHAIN); RandomPasswordGenerator.getInstance().fill(password); final String b64Cert = new String(resp.getData()); if (LOG.isDebugEnabled()) { LOG.debug("Got PKCS7: " + b64Cert); } final CMSSignedData signedData = new CMSSignedData(Base64.decode(b64Cert)); final Store certStore = signedData.getCertificates(); final List<X509CertificateHolder> certChain = getCertificateChain( certStore.getMatches(new RenewalWorker.AllSelector())); if (LOG.isDebugEnabled()) { LOG.debug("Got certificates: " + certChain); } final X509CertificateHolder signerCert = getEndEntityCertificate(certChain); if (LOG.isDebugEnabled()) { LOG.debug("New certificate subject DN: " + signerCert.getSubject()); } // Log logMap.put(RenewalWorkerProperties.LOG_NEWCERTISSUERDN, signerCert.getIssuer().toString()); logMap.put(RenewalWorkerProperties.LOG_NEWCERTSERIALNO, signerCert.getSerialNumber().toString(16)); logMap.put(RenewalWorkerProperties.LOG_NEWCERTSUBJECTDN, signerCert.getSubject().toString()); // TODO: Check the certificate // Public key should match // Update worker to use the new certificate getWorkerSession().uploadSignerCertificate(workerId, signerCert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); getWorkerSession().uploadSignerCertificateChain(workerId, getCertificateChainBytes(certChain), GlobalConfiguration.SCOPE_GLOBAL); // If not the default key we need to promote the key // Set DEFAULTKEY to NEXTCERTSIGNKEY if (defaultKey) { LOG.debug("Uploaded was for DEFAULTKEY"); } else if (!defaultKey && nextCertSignKey != null) { LOG.debug("Uploaded was for NEXTCERTSIGNKEY"); getWorkerSession().setWorkerProperty(workerId, "DEFAULTKEY", nextCertSignKey); getWorkerSession().removeWorkerProperty(workerId, NEXTCERTSIGNKEY); } getWorkerSession().reloadConfiguration(workerId); LOG.debug("New configuration applied"); } } }