List of usage examples for org.bouncycastle.cms CMSSignedDataParser getSignedContent
public CMSTypedStream getSignedContent()
From source file:com.gc.iotools.fmt.decoders.Pkcs7Decoder.java
License:BSD License
/** * {@inheritDoc}//from ww w . j a v a 2s . c o m */ @Override public InputStream decode(final InputStream istream) throws IOException { CMSSignedDataParser sdp; try { sdp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), istream); } catch (final CMSException e) { final IOException e1 = new IOException("Error parsing PKCS7 content"); e1.initCause(e); throw e1; } catch (OperatorCreationException e) { final IOException e1 = new IOException("Error initializing PKCS7 decoder."); e1.initCause(e); throw e1; } final CMSTypedStream ts = sdp.getSignedContent(); return ts.getContentStream(); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * Returns the digest OID algorithm from a signature. The return value * for sha1 is e.g. "1.3.14.3.2.26"./*from w ww .j a v a 2 s . c o m*/ */ public String getDigestAlgOIDFromSignature(InputStream signed, Certificate cert) throws Exception { CMSSignedDataParser parser = new CMSSignedDataParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signed); parser.getSignedContent().drain(); SignerInformationStore signers = parser.getSignerInfos(); Collection signerCollection = signers.getSigners(); Iterator it = signerCollection.iterator(); boolean verified = false; X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC") .build(certHolder); while (it.hasNext()) { SignerInformation signerInformation = (SignerInformation) it.next(); if (!verified) { verified = signerInformation.verify(verifier); if (verified) { return (signerInformation.getDigestAlgOID()); } } } throw new GeneralSecurityException("getDigestAlgOIDFromSignature: Unable to identify signature algorithm."); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * Verifies a signature of a passed content against the passed certificate *//*from ww w. ja va 2 s. c o m*/ public boolean verify(byte[] content, byte[] signature, Certificate cert) throws Exception { if (content == null) { throw new GeneralSecurityException("verify: Content is absent"); } if (signature == null) { throw new GeneralSecurityException("verify: Signature is absent"); } if (signature.length == 0) { throw new Exception("verify: Signature length is 0"); } CMSTypedStream signedContent = new CMSTypedStream(new ByteArrayInputStream(content)); CMSSignedDataParser dataParser = new CMSSignedDataParser(new BcDigestCalculatorProvider(), signedContent, new ByteArrayInputStream(signature)); dataParser.getSignedContent().drain(); SignerInformationStore signers = dataParser.getSignerInfos(); Collection signerCollection = signers.getSigners(); Iterator it = signerCollection.iterator(); X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC") .build(certHolder); boolean verified = false; while (it.hasNext()) { SignerInformation signerInformation = (SignerInformation) it.next(); if (!verified) { verified = signerInformation.verify(verifier); } if (verified) { break; } } return (verified); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
public boolean verifySignatureCMS(InputStream signed, Certificate cert) throws Exception { CMSSignedDataParser parser = new CMSSignedDataParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signed); parser.getSignedContent().drain(); SignerInformationStore signers = parser.getSignerInfos(); Collection signerCollection = signers.getSigners(); Iterator it = signerCollection.iterator(); boolean verified = false; X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC") .build(certHolder);//from w w w .ja v a 2 s. co m while (it.hasNext()) { SignerInformation signerInformation = (SignerInformation) it.next(); if (!verified) { verified = signerInformation.verify(verifier); } if (verified) { break; } } return (verified); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
public void removeSignatureCMS(InputStream signed, OutputStream unsigned, Certificate cert) throws Exception { CMSSignedDataParser parser = new CMSSignedDataParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signed); InputStream signedContent = parser.getSignedContent().getContentStream(); this.copyStreams(signedContent, unsigned); unsigned.flush();//from w ww . j av a 2 s. c o m }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESSignature.java
License:Open Source License
@Override public boolean checkIntegrity(Document detachedDocument) { JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder(); try {/*ww w. ja v a 2s. c o m*/ boolean ret = false; SignerInformation si = null; if (detachedDocument != null) { // Recreate a SignerInformation with the content using a CMSSignedDataParser CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream(detachedDocument.openStream()), cmsSignedData.getEncoded()); sp.getSignedContent().drain(); si = sp.getSignerInfos().get(signerInformation.getSID()); } else { si = this.signerInformation; } ret = si.verify(verifier.build(getSigningCertificate())); return ret; } catch (OperatorCreationException e) { return false; } catch (CMSException e) { return false; } catch (IOException e) { return false; } }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
@Override public SignatureCryptographicVerification checkSignatureIntegrity() { if (signatureCryptographicVerification != null) { return signatureCryptographicVerification; }/* www . j a va 2 s . c o m*/ signatureCryptographicVerification = new SignatureCryptographicVerification(); try { final List<SigningCertificateValidity> signingCertificateValidityList; if (providedSigningCertificateToken == null) { // To determine the signing certificate it is necessary to browse through all candidates found before. final CandidatesForSigningCertificate candidatesForSigningCertificate = getCandidatesForSigningCertificate(); signingCertificateValidityList = candidatesForSigningCertificate .getSigningCertificateValidityList(); if (signingCertificateValidityList.size() == 0) { signatureCryptographicVerification .setErrorMessage("There is no signing certificate within the signature."); return signatureCryptographicVerification; } } else { candidatesForSigningCertificate = new CandidatesForSigningCertificate(); final SigningCertificateValidity signingCertificateValidity = new SigningCertificateValidity( providedSigningCertificateToken); candidatesForSigningCertificate.add(signingCertificateValidity); signingCertificateValidityList = candidatesForSigningCertificate .getSigningCertificateValidityList(); } boolean detached = cmsSignedData.getSignedContent() == null || cmsSignedData.getSignedContent().getContent() == null ? true : false; final SignerInformation signerInformationToCheck; if (detached) { if (detachedContents == null || detachedContents.size() == 0) { if (signingCertificateValidityList.size() > 0) { candidatesForSigningCertificate .setTheSigningCertificateValidity(signingCertificateValidityList.get(0)); } signatureCryptographicVerification.setErrorMessage("Detached file not found!"); return signatureCryptographicVerification; } // Recreate a SignerInformation with the content using a CMSSignedDataParser final DSSDocument dssDocument = detachedContents.get(0); // only one element for CAdES Signature final InputStream inputStream = dssDocument.openStream(); final CMSTypedStream signedContent = new CMSTypedStream(inputStream); final CMSSignedDataParser sp = new CMSSignedDataParser(new BcDigestCalculatorProvider(), signedContent, cmsSignedData.getEncoded()); sp.getSignedContent().drain(); // Closes the stream final SignerId sid = signerInformation.getSID(); signerInformationToCheck = sp.getSignerInfos().get(sid); } else { // if (detachedContents == null || detachedContents.size() == 0) { signerInformationToCheck = signerInformation; } LOG.debug("CHECK SIGNATURE VALIDITY: "); for (final SigningCertificateValidity signingCertificateValidity : signingCertificateValidityList) { try { // In the case where one of the mandatory attributes is missing we set already the candidate for the signing certificate. // see: validation.at.nqs.bdc.TestNotQualifiedBDC.test1() candidatesForSigningCertificate.setTheSigningCertificateValidity(signingCertificateValidity); final JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder(); final CertificateToken certificateToken = signingCertificateValidity.getCertificateToken(); final X509Certificate certificate = certificateToken.getCertificate(); final SignerInformationVerifier signerInformationVerifier = verifier.build(certificate); LOG.debug(" - WITH SIGNING CERTIFICATE: " + certificateToken.getAbbreviation()); boolean signatureIntact = signerInformationToCheck.verify(signerInformationVerifier); signatureCryptographicVerification.setReferenceDataFound(signatureIntact); signatureCryptographicVerification.setReferenceDataIntact(signatureIntact); signatureCryptographicVerification.setSignatureIntact(signatureIntact); if (signatureIntact) { break; } } catch (RuntimeOperatorException e) { // Cest un problme de compatibilit avec Java 7. Limplmentation de la classe sun.security.rsa.RSASignature a chang entre la version 6 et 7. Bouncy castle ne // prend pas correctement en compte ce changement. En effet, une exception est leve par la version 7 que BC ne catch pas correctement ce qui se traduit par // lenvoi dune exception : org.bouncycastle.operator.RuntimeOperatorException (Bob) LOG.warn(e.getMessage(), e); } catch (CMSSignerDigestMismatchException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setReferenceDataFound(true); signatureCryptographicVerification.setReferenceDataIntact(false); signatureCryptographicVerification.setSignatureIntact(false); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (OperatorCreationException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (CMSException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (IllegalArgumentException e) { // Can arrive when for example: // java.lang.IllegalArgumentException: Unknown signature type requested: RIPEMD160WITH0.4.0.127.0.7.1.1.4.1.6 // at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.generate(Unknown Source) ~[bcpkix-jdk15on-1.49.jar:1.49.0] LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } } } catch (CMSException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (IOException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } LOG.debug(" - RESULT: " + signatureCryptographicVerification.isReferenceDataFound() + "/" + signatureCryptographicVerification.isReferenceDataIntact() + "/" + signatureCryptographicVerification.isSignatureIntact()); return signatureCryptographicVerification; }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
/** * This method recreates a {@code SignerInformation} with the content using * a {@code CMSSignedDataParser}./*w ww . j av a 2 s .c o m*/ * * @return * @throws CMSException * @throws IOException */ private SignerInformation recreateSignerInformation() throws CMSException, IOException { final DSSDocument dssDocument = detachedContents.get(0); // only one element for CAdES Signature final InputStream inputStream = dssDocument.openStream(); final CMSTypedStream signedContent = new CMSTypedStream(inputStream); final CMSSignedDataParser cmsSignedDataParser = new CMSSignedDataParser(new BcDigestCalculatorProvider(), signedContent, cmsSignedData.getEncoded()); cmsSignedDataParser.getSignedContent().drain(); // Closes the stream final SignerId signerId = signerInformation.getSID(); final SignerInformation signerInformationToCheck = cmsSignedDataParser.getSignerInfos().get(signerId); return signerInformationToCheck; }
From source file:net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser.java
License:BSD License
private void parseContent(CMSSignedDataParser sp) { contentType = sp.getSignedContent().getContentType(); InputStream signedContentStream = sp.getSignedContent().getContentStream(); ASN1InputStream asn1InputStream = new ASN1InputStream(signedContentStream); try {/*from w ww .ja va 2 s . co m*/ decodeContent(asn1InputStream.readObject()); } catch (IOException e) { validationResult.rejectIfFalse(false, DECODE_CONTENT); return; } validationResult.rejectIfFalse(true, DECODE_CONTENT); try { validationResult.rejectIfFalse(asn1InputStream.readObject() == null, ONLY_ONE_SIGNED_OBJECT); asn1InputStream.close(); } catch (IOException e) { validationResult.rejectIfFalse(false, CMS_CONTENT_PARSING); } validationResult.rejectIfFalse(true, CMS_CONTENT_PARSING); }
From source file:org.apache.tika.parser.crypto.Pkcs7Parser.java
License:Apache License
public void parse(InputStream stream, ContentHandler handler, Metadata metadata, ParseContext context) throws IOException, SAXException, TikaException { try {// w w w . j a v a 2 s .com DigestCalculatorProvider digestCalculatorProvider = new JcaDigestCalculatorProviderBuilder() .setProvider("BC").build(); CMSSignedDataParser parser = new CMSSignedDataParser(digestCalculatorProvider, new CloseShieldInputStream(stream)); try { CMSTypedStream content = parser.getSignedContent(); if (content == null) { throw new TikaException("cannot parse detached pkcs7 signature (no signed data to parse)"); } try (InputStream input = content.getContentStream()) { Parser delegate = context.get(Parser.class, EmptyParser.INSTANCE); delegate.parse(input, handler, metadata, context); } } finally { parser.close(); } } catch (OperatorCreationException e) { throw new TikaException("Unable to create DigestCalculatorProvider", e); } catch (CMSException e) { throw new TikaException("Unable to parse pkcs7 signed data", e); } }