List of usage examples for org.bouncycastle.cms CMSSignedDataParser getCertificates
public Store getCertificates() throws CMSException
From source file:com.wewebu.ow.server.util.jar.OwJarVerifier.java
License:Open Source License
/** * Get Signature Certificates// w w w . jav a 2s . c o m * @return {@link X509Certificate}[] * @throws IOException * @throws CMSException */ @SuppressWarnings("rawtypes") public X509CertificateHolder[] getSignatureCertificates() throws IOException, CMSException { JarEntry signatureBlockEntry = getSignatureBlockEntry(); if (null != signatureBlockEntry) { InputStream inputStream = null; try { inputStream = jarFile.getInputStream(signatureBlockEntry); CMSSignedDataParser sp = new CMSSignedDataParser(new BcDigestCalculatorProvider(), new BufferedInputStream(inputStream, 1024)); Store certStore = sp.getCertificates(); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); List<X509CertificateHolder> certificates = new ArrayList<X509CertificateHolder>(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); certificates.add(cert); } return certificates.toArray(new X509CertificateHolder[certificates.size()]); } finally { if (inputStream != null) { try { inputStream.close(); } catch (IOException ex) { } } inputStream = null; } } return new X509CertificateHolder[] {}; }
From source file:edu.vt.alerts.android.library.tasks.RegistrationTask.java
License:Apache License
private Collection<?> extractCerts(byte[] contents) throws Exception { JcaDigestCalculatorProviderBuilder builder = new JcaDigestCalculatorProviderBuilder(); builder.setProvider(CSR_SIGNER_PROVIDER); DigestCalculatorProvider provider = builder.build(); CMSSignedDataParser parser = new CMSSignedDataParser(provider, contents); Store store = parser.getCertificates(); return store.getMatches(certSelector); }
From source file:net.ripe.rpki.commons.crypto.util.BouncyCastleUtil.java
License:BSD License
public static List<? extends X509Certificate> extractCertificates(CMSSignedDataParser signedDataParser) throws StoreException, CMSException, CertificateException { @SuppressWarnings("unchecked") Collection<X509CertificateHolder> holders = signedDataParser.getCertificates() .getMatches(new X509CertificateHolderStoreSelector()); List<X509Certificate> result = new ArrayList<X509Certificate>(); for (X509CertificateHolder holder : holders) { result.add(holderToCertificate(holder)); }/* w ww . j av a2 s . c om*/ return result; }
From source file:org.cryptoworkshop.ximix.client.verify.SignedDataVerifier.java
License:Apache License
/** * Verify the passed in CMS signed data, return false on failure. * <p>/*ww w . java 2s . c om*/ * Note: this method assumes the parser has been freshly created and its content not read or drained. * </p> * * @param cmsParser a CMSSignedData object. * @return true if signature checks out, false if there is a problem with the signature or the path to its verifying certificate. */ public boolean signatureVerified(CMSSignedDataParser cmsParser) throws IOException, CMSException { cmsParser.getSignedContent().drain(); Store certs = cmsParser.getCertificates(); SignerInformationStore signers = cmsParser.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); SignerInformation signer = (SignerInformation) it.next(); try { PKIXCertPathBuilderResult result = checkCertPath(signer.getSID(), certs); X509Certificate cert = (X509Certificate) result.getCertPath().getCertificates().get(0); return signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)); } catch (Exception e) { // TODO: logging? return false; } }
From source file:org.dihedron.crypto.operations.verify.pkcs7.PKCS7Verifier.java
License:Open Source License
/** * @see org.dihedron.crypto.operations.verify.Verifier#verify(java.io.InputStream) */// w ww. j a v a 2 s .com @Override public boolean verify(InputStream signed) throws CryptoException { boolean result = true; try { CMSSignedDataParser parser = new CMSSignedDataParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signed); parser.getSignedContent().drain(); Store store = parser.getCertificates(); for (Object signer : parser.getSignerInfos().getSigners()) { for (Object object : store.getMatches(((SignerInformation) signer).getSID())) { X509CertificateHolder holder = (X509CertificateHolder) object; logger.trace("verifying signer '{}'", holder.getSubject()); result = result && ((SignerInformation) signer) .verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(holder)); logger.trace("verify returns: {}", result); } } logger.trace("data {} verified", result ? "was" : "was not"); return result; } catch (OperatorCreationException | CMSException | IOException | CertificateException e) { throw new CryptoException("error verifying the signature in streaming mode", e); } }
From source file:se.tillvaxtverket.ttsigvalws.ttwssigvalidation.pdf.PdfSignatureVerifier.java
License:Open Source License
private static void verifyCMSSignature(CMSSignedDataParser sp, CMSSigVerifyResult sigResult) throws CMSException, IOException, CertificateException, OperatorCreationException { CollectionStore certStore = (CollectionStore) sp.getCertificates(); Iterator ci = certStore.iterator(); List<X509Certificate> certList = new ArrayList<>(); while (ci.hasNext()) { X509CertificateHolder ch = (X509CertificateHolder) ci.next(); certList.add(getCert(ch));/* w w w . j a v a2 s . co m*/ } sigResult.setCertList(certList); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Date claimedSigningTime = getClaimedSigningTime(signer); sigResult.setClaimedSigningTime(claimedSigningTime); Collection certCollection = certStore.getMatches(signer.getSID()); X509CertificateHolder certHolder = (X509CertificateHolder) certCollection.iterator().next(); sigResult.setCert(getCert(certHolder)); //Check signature sigResult.setValid( signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder))); sigResult.setStatus(sigResult.isValid() ? "Valid" : "Signature verification failed"); if (!sigResult.isValid()) { return; } // Collect sig algo data getPkParams(sigResult.getCert().getPublicKey(), sigResult); DigestAlgorithm signerInfoHashAlgo = DigestAlgorithm.getDigestAlgoFromOid(signer.getDigestAlgOID()); sigResult.setDigestAlgo(signerInfoHashAlgo); String encryptionAlgOID = signer.getEncryptionAlgOID(); SupportedSigAlgoritm sigAlgoFromSignerInfoAndCert = SupportedSigAlgoritm .getAlgoFromOidAndHash(new ASN1ObjectIdentifier(encryptionAlgOID), signerInfoHashAlgo); sigResult.setSigAlgo(sigAlgoFromSignerInfoAndCert); Attribute cmsAlgoProtAttr = signer.getSignedAttributes() .get(new ASN1ObjectIdentifier(PdfObjectIds.ID_AA_CMS_ALGORITHM_PROTECTION)); getCMSAlgoritmProtectionData(cmsAlgoProtAttr, sigResult); if (!checkAlgoritmConsistency(sigResult)) { sigResult.setValid(false); sigResult.setStatus( "Signature was verified but with inconsistent Algoritm declarations or unsupported algoritms"); } if (sigResult.isValid()) { verifyPadesProperties(signer, sigResult); } } }