List of usage examples for org.bouncycastle.cms CMSSignedData getSignedContent
public CMSTypedData getSignedContent()
From source file:org.xwiki.crypto.signer.internal.cms.BcCMSUtils.java
License:Open Source License
/** * Create a new {@link org.xwiki.crypto.signer.param.CMSSignedDataVerified} for the given signed data. * * The verified data is filled with the signed data content, content type, and certificates. * * @param signedData the signed data about to be verified. * @param factory a certificate factory to be used for certificates conversion. * @return a new verified signed data to be completed with the signature verifications. *///w ww . jav a2 s . co m public static BcCMSSignedDataVerified getCMSSignedDataVerified(CMSSignedData signedData, CertificateFactory factory) { BcCMSSignedDataVerified verifiedData = new BcCMSSignedDataVerified(signedData.getSignedContentTypeOID(), (signedData.getSignedContent() != null ? (byte[]) signedData.getSignedContent().getContent() : null)); BcStoreUtils.addCertificatesToVerifiedData(signedData.getCertificates(), verifiedData, factory); return verifiedData; }
From source file:org.yawlfoundation.yawl.digitalSignature.DigitalSignature.java
License:Open Source License
public boolean checkSignature(byte[] Document) { try {/* w ww.j av a 2 s .com*/ System.out.println("Beginning of Checking XmlSignature:"); System.out.println(Document); Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // extract the Signed Fingerprint data CMSSignedData signature = new CMSSignedData(Document); System.out.println("Beginning of Checking XmlSignature:"); SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator() .next(); System.out.println("Beginning of Checking XmlSignature:"); // Get from the collection the appropriate registered certificate CertStore cs = signature.getCertificatesAndCRLs("Collection", "BC"); Iterator iter = cs.getCertificates(signer.getSID()).iterator(); System.out.println("Beginning of Checking XmlSignature:"); X509Certificate certificate = (X509Certificate) iter.next(); System.out.println("Beginning of Checking XmlSignature:"); // get the contents of the document CMSProcessable sg = signature.getSignedContent(); byte[] data = (byte[]) sg.getContent(); String content = new String(data); //convert the document content to a valid xml document for YAWL org.w3c.dom.Document XMLNode = ConvertStringToDocument(content); org.jdom2.input.DOMBuilder builder = new org.jdom2.input.DOMBuilder(); Doc = builder.build(XMLNode); //Check the document System.out.println("xml to Sign:"); System.out.println(JDOMUtil.documentToString(Doc)); // get the name of the signer _Name = certificate.getSubjectDN().getName().split("(=|, )", -1).toString(); //return the result of the signature checking return signer.verify(certificate, "BC"); } catch (Exception e) { System.out.println("Test error"); e.printStackTrace(); return false; } }
From source file:test.integ.be.e_contract.mycarenet.etee.SealTest.java
License:Open Source License
private byte[] getVerifiedContent(byte[] cmsData) throws CertificateException, CMSException, IOException, OperatorCreationException { CMSSignedData cmsSignedData = new CMSSignedData(cmsData); SignerInformationStore signers = cmsSignedData.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); Store certificateStore = cmsSignedData.getCertificates(); Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); if (false == certificateCollection.isEmpty()) { X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .build(certificate);/*from ww w . j av a 2 s. c om*/ boolean signatureResult = signer.verify(signerInformationVerifier); assertTrue(signatureResult); LOG.debug("signer certificate: " + certificate); } else { LOG.warn("no signer matched"); } CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); return data; }
From source file:test.unit.be.e_contract.mycarenet.etee.EncryptionTokenTest.java
License:Open Source License
@Test public void testReadEncryptionToken() throws Exception { InputStream etkInputStream = EncryptionTokenTest.class.getResourceAsStream("/etk-fcorneli.der"); assertNotNull(etkInputStream);//www .j a v a 2s . co m CMSSignedData cmsSignedData = new CMSSignedData(etkInputStream); LOG.debug("SignedData version: " + cmsSignedData.getVersion()); SignerInformationStore signers = cmsSignedData.getSignerInfos(); LOG.debug("signers: " + signers.size()); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); LOG.debug("signer Id: " + signerId.getIssuer()); Store certificateStore = cmsSignedData.getCertificates(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); LOG.debug("certificate collection size: " + certificateCollection.size()); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); LOG.debug("signer certificate: " + certificate); CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); X509Certificate encryptionCertificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(data)); LOG.debug("encryption certificate: " + encryptionCertificate); }
From source file:test.unit.be.e_contract.mycarenet.etee.SealTest.java
License:Open Source License
@Test public void testSeal() throws Exception { InputStream sealInputStream = SealTest.class.getResourceAsStream("/seal-fcorneli.der"); assertNotNull(sealInputStream);/* w ww. j a v a 2 s.c om*/ // check outer signature CMSSignedData cmsSignedData = new CMSSignedData(sealInputStream); SignerInformationStore signers = cmsSignedData.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); Store certificateStore = cmsSignedData.getCertificates(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); Security.addProvider(new BouncyCastleProvider()); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .build(certificate); boolean signatureResult = signer.verify(signerInformationVerifier); assertTrue(signatureResult); LOG.debug("signer certificate: " + certificate); CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); // decrypt content CMSEnvelopedDataParser cmsEnvelopedDataParser = new CMSEnvelopedDataParser(data); LOG.debug("content encryption algo: " + cmsEnvelopedDataParser.getContentEncryptionAlgorithm().getAlgorithm().getId()); RecipientInformationStore recipientInformationStore = cmsEnvelopedDataParser.getRecipientInfos(); @SuppressWarnings("unchecked") Collection<RecipientInformation> recipients = recipientInformationStore.getRecipients(); RecipientInformation recipientInformation = recipients.iterator().next(); LOG.debug("recipient info type: " + recipientInformation.getClass().getName()); KeyTransRecipientInformation keyTransRecipientInformation = (KeyTransRecipientInformation) recipientInformation; }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractCMSSignatureServiceTest.java
License:Open Source License
@Test public void testCMSSignature() throws Exception { // setup//from w w w.j ava 2 s.com byte[] toBeSigned = "hello world".getBytes(); String signatureDescription = "Test CMS Signature"; CMSTestSignatureService signatureService = new CMSTestSignatureService(toBeSigned, signatureDescription); KeyPair keyPair = PkiTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation)); List<X509Certificate> signingCertificateChain = new LinkedList<X509Certificate>(); signingCertificateChain.add(certificate); // operate DigestInfo digestInfo = signatureService.preSign(null, signingCertificateChain, null, null, null); // verify assertNotNull(digestInfo); byte[] digestValue = digestInfo.digestValue; LOG.debug("digest value: " + Hex.encodeHexString(digestValue)); assertNotNull(digestValue); assertEquals(signatureDescription, digestInfo.description); assertEquals("SHA1", digestInfo.digestAlgo); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestValue); byte[] signatureValue = cipher.doFinal(digestInfoValue); LOG.debug("signature value: " + Hex.encodeHexString(signatureValue)); // operate signatureService.postSign(signatureValue, signingCertificateChain); // verify byte[] cmsSignature = signatureService.getCMSSignature(); CMSSignedData signedData = new CMSSignedData(cmsSignature); SignerInformationStore signers = signedData.getSignerInfos(); Iterator<SignerInformation> iter = signers.getSigners().iterator(); while (iter.hasNext()) { SignerInformation signer = iter.next(); SignerId signerId = signer.getSID(); assertTrue(signerId.match(certificate)); assertTrue(signer.verify(keyPair.getPublic(), BouncyCastleProvider.PROVIDER_NAME)); } byte[] data = (byte[]) signedData.getSignedContent().getContent(); assertArrayEquals(toBeSigned, data); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CMSTest.java
License:Open Source License
/** * CMS signature with embedded data and external certificate. The CMS only * contains the original content, signature and some certificate selector. * //from w ww. ja v a 2s . c om * @throws Exception */ @Test public void testCmsSignatureWithContent() throws Exception { // setup KeyPair keyPair = PkiTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusMonths(1); X509Certificate certificate = generateSelfSignedCertificate(keyPair, "CN=Test", notBefore, notAfter); byte[] toBeSigned = "hello world".getBytes(); // operate CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); generator.addSigner(keyPair.getPrivate(), certificate, CMSSignedDataGenerator.DIGEST_SHA1); CMSProcessable content = new CMSProcessableByteArray(toBeSigned); CMSSignedData signedData = generator.generate(content, true, (String) null); byte[] cmsSignature = signedData.getEncoded(); LOG.debug("CMS signature: " + ASN1Dump.dumpAsString(new ASN1StreamParser(cmsSignature).readObject())); // verify signedData = new CMSSignedData(cmsSignature); SignerInformationStore signers = signedData.getSignerInfos(); Iterator<SignerInformation> iter = signers.getSigners().iterator(); while (iter.hasNext()) { SignerInformation signer = iter.next(); SignerId signerId = signer.getSID(); LOG.debug("signer: " + signerId); assertTrue(signerId.match(certificate)); assertTrue(signer.verify(keyPair.getPublic(), BouncyCastleProvider.PROVIDER_NAME)); } byte[] data = (byte[]) signedData.getSignedContent().getContent(); assertArrayEquals(toBeSigned, data); LOG.debug("content type: " + signedData.getSignedContentTypeOID()); }