List of usage examples for org.bouncycastle.cms.jcajce JcaSimpleSignerInfoVerifierBuilder build
public SignerInformationVerifier build(PublicKey pubKey) throws OperatorCreationException
From source file:be.apsu.extremon.probes.tsp.TSPProbe.java
License:Open Source License
public TSPProbe() throws Exception { this.delay = confInt("delay", DEFAULT_DELAY); this.running = false; getAllowedSignatureOIDs(confStr(ALLOWED_SIGNATURE_CERTIFICATE_ALGORITHMS).split(",")); Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); url = new URL(confStr("url")); this.requestGenerator = new TimeStampRequestGenerator(); this.requestGenerator.setCertReq(true); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); String encodedCert = confStr("tsa.certificate"); X509Certificate tsaCert = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(encodedCert))); JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); this.signerVerifier = verifierBuilder.build(tsaCert); this.random = new Random(); start();//from ww w .j av a 2 s .c om log("initialized"); }
From source file:com.zotoh.crypto.CryptoUte.java
License:Open Source License
/** * @param mp/*from ww w. j a va 2 s . co m*/ * @param certs * @param cte * @return * @throws MessagingException * @throws GeneralSecurityException * @throws IOException * @throws CertificateEncodingException */ public static Tuple verifySmimeDigSig(Multipart mp, Certificate[] certs, String cte) throws MessagingException, GeneralSecurityException, IOException, CertificateEncodingException { tstArgIsType("multipart", mp, MimeMultipart.class); tstObjArg("certs", certs); MimeMultipart mmp = (MimeMultipart) mp; SMIMESigned sc; SignerInformation si; byte[] digest = null; try { sc = isEmpty(cte) ? new SMIMESigned(mmp) : new SMIMESigned(mmp, cte); } catch (CMSException e) { throw new GeneralSecurityException(e); } Provider prov = Crypto.getInstance().getProvider(); Store s = new JcaCertStore(asList(true, certs)); Collection<?> c; JcaSimpleSignerInfoVerifierBuilder bdr; for (Object obj : sc.getSignerInfos().getSigners()) try { si = (SignerInformation) obj; c = s.getMatches(si.getSID()); for (Iterator<?> it = c.iterator(); it.hasNext();) { bdr = new JcaSimpleSignerInfoVerifierBuilder().setProvider(prov); if (si.verify(bdr.build((X509CertificateHolder) it.next()))) { digest = si.getContentDigest(); break; } } if (digest != null) { break; } } catch (Exception e) { } if (digest == null) { throw new GeneralSecurityException("Failed to verify signature: no matching certificate"); } //else return new Tuple(sc.getContentAsMimeMessage(newSession()).getContent(), digest); }
From source file:com.zotoh.crypto.CryptoUte.java
License:Open Source License
/** * @param cert/*from ww w .j av a2 s . c o m*/ * @param data * @param signature * @return * @throws GeneralSecurityException * @throws IOException * @throws CertificateEncodingException */ public static byte[] verifyPkcsDigSig(Certificate cert, StreamData data, byte[] signature) throws GeneralSecurityException, IOException, CertificateEncodingException { tstObjArg("digital-signature", signature); tstObjArg("cert", cert); tstObjArg("input-content", data); Provider prov = Crypto.getInstance().getProvider(); SignerInformation si; CMSProcessable cproc; CMSSignedData cms; byte[] digest; if (data.isDiskFile()) { cproc = new CMSProcessableFile(data.getFileRef()); } else { cproc = new CMSProcessableByteArray(data.getBytes()); } try { cms = new CMSSignedData(cproc, signature); digest = null; } catch (CMSException e) { throw new GeneralSecurityException(e); } List<Certificate> cl = LT(); cl.add(cert); Store s = new JcaCertStore(cl); Collection<?> c; JcaSimpleSignerInfoVerifierBuilder bdr; for (Object obj : cms.getSignerInfos().getSigners()) try { si = (SignerInformation) obj; c = s.getMatches(si.getSID()); for (Iterator<?> it = c.iterator(); it.hasNext();) { bdr = new JcaSimpleSignerInfoVerifierBuilder().setProvider(prov); if (si.verify(bdr.build((X509CertificateHolder) it.next()))) { digest = si.getContentDigest(); break; } } if (digest != null) { break; } } catch (Exception e) { } if (digest == null) { throw new GeneralSecurityException("Failed to decode signature: no matching certificate"); } // else return digest; }
From source file:ee.ria.xroad.common.signature.TimestampVerifier.java
License:Open Source License
private static SignerInformationVerifier createVerifier(X509Certificate cert) throws OperatorCreationException { JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); verifierBuilder.setProvider("BC"); return verifierBuilder.build(cert); }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESSignature.java
License:Open Source License
@Override public boolean checkIntegrity(Document detachedDocument) { JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder(); try {/*from ww w . j av a 2s . c o m*/ boolean ret = false; SignerInformation si = null; if (detachedDocument != null) { // Recreate a SignerInformation with the content using a CMSSignedDataParser CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream(detachedDocument.openStream()), cmsSignedData.getEncoded()); sp.getSignedContent().drain(); si = sp.getSignerInfos().get(signerInformation.getSID()); } else { si = this.signerInformation; } ret = si.verify(verifier.build(getSigningCertificate())); return ret; } catch (OperatorCreationException e) { return false; } catch (CMSException e) { return false; } catch (IOException e) { return false; } }
From source file:eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature.java
License:Open Source License
@Override public SignatureCryptographicVerification checkSignatureIntegrity() { if (signatureCryptographicVerification != null) { return signatureCryptographicVerification; }/*from w w w. j a v a 2 s . c o m*/ signatureCryptographicVerification = new SignatureCryptographicVerification(); try { final List<SigningCertificateValidity> signingCertificateValidityList; if (providedSigningCertificateToken == null) { // To determine the signing certificate it is necessary to browse through all candidates found before. final CandidatesForSigningCertificate candidatesForSigningCertificate = getCandidatesForSigningCertificate(); signingCertificateValidityList = candidatesForSigningCertificate .getSigningCertificateValidityList(); if (signingCertificateValidityList.size() == 0) { signatureCryptographicVerification .setErrorMessage("There is no signing certificate within the signature."); return signatureCryptographicVerification; } } else { candidatesForSigningCertificate = new CandidatesForSigningCertificate(); final SigningCertificateValidity signingCertificateValidity = new SigningCertificateValidity( providedSigningCertificateToken); candidatesForSigningCertificate.add(signingCertificateValidity); signingCertificateValidityList = candidatesForSigningCertificate .getSigningCertificateValidityList(); } boolean detached = cmsSignedData.getSignedContent() == null || cmsSignedData.getSignedContent().getContent() == null ? true : false; final SignerInformation signerInformationToCheck; if (detached) { if (detachedContents == null || detachedContents.size() == 0) { if (signingCertificateValidityList.size() > 0) { candidatesForSigningCertificate .setTheSigningCertificateValidity(signingCertificateValidityList.get(0)); } signatureCryptographicVerification.setErrorMessage("Detached file not found!"); return signatureCryptographicVerification; } // Recreate a SignerInformation with the content using a CMSSignedDataParser final DSSDocument dssDocument = detachedContents.get(0); // only one element for CAdES Signature final InputStream inputStream = dssDocument.openStream(); final CMSTypedStream signedContent = new CMSTypedStream(inputStream); final CMSSignedDataParser sp = new CMSSignedDataParser(new BcDigestCalculatorProvider(), signedContent, cmsSignedData.getEncoded()); sp.getSignedContent().drain(); // Closes the stream final SignerId sid = signerInformation.getSID(); signerInformationToCheck = sp.getSignerInfos().get(sid); } else { // if (detachedContents == null || detachedContents.size() == 0) { signerInformationToCheck = signerInformation; } LOG.debug("CHECK SIGNATURE VALIDITY: "); for (final SigningCertificateValidity signingCertificateValidity : signingCertificateValidityList) { try { // In the case where one of the mandatory attributes is missing we set already the candidate for the signing certificate. // see: validation.at.nqs.bdc.TestNotQualifiedBDC.test1() candidatesForSigningCertificate.setTheSigningCertificateValidity(signingCertificateValidity); final JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder(); final CertificateToken certificateToken = signingCertificateValidity.getCertificateToken(); final X509Certificate certificate = certificateToken.getCertificate(); final SignerInformationVerifier signerInformationVerifier = verifier.build(certificate); LOG.debug(" - WITH SIGNING CERTIFICATE: " + certificateToken.getAbbreviation()); boolean signatureIntact = signerInformationToCheck.verify(signerInformationVerifier); signatureCryptographicVerification.setReferenceDataFound(signatureIntact); signatureCryptographicVerification.setReferenceDataIntact(signatureIntact); signatureCryptographicVerification.setSignatureIntact(signatureIntact); if (signatureIntact) { break; } } catch (RuntimeOperatorException e) { // Cest un problme de compatibilit avec Java 7. Limplmentation de la classe sun.security.rsa.RSASignature a chang entre la version 6 et 7. Bouncy castle ne // prend pas correctement en compte ce changement. En effet, une exception est leve par la version 7 que BC ne catch pas correctement ce qui se traduit par // lenvoi dune exception : org.bouncycastle.operator.RuntimeOperatorException (Bob) LOG.warn(e.getMessage(), e); } catch (CMSSignerDigestMismatchException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setReferenceDataFound(true); signatureCryptographicVerification.setReferenceDataIntact(false); signatureCryptographicVerification.setSignatureIntact(false); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (OperatorCreationException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (CMSException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (IllegalArgumentException e) { // Can arrive when for example: // java.lang.IllegalArgumentException: Unknown signature type requested: RIPEMD160WITH0.4.0.127.0.7.1.1.4.1.6 // at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.generate(Unknown Source) ~[bcpkix-jdk15on-1.49.jar:1.49.0] LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } } } catch (CMSException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (IOException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } LOG.debug(" - RESULT: " + signatureCryptographicVerification.isReferenceDataFound() + "/" + signatureCryptographicVerification.isReferenceDataIntact() + "/" + signatureCryptographicVerification.isSignatureIntact()); return signatureCryptographicVerification; }
From source file:eu.europa.ec.markt.dss.validation102853.TimestampToken.java
License:Open Source License
private TimestampValidation validateTimestampToken(final TimeStampToken timeStampToken, final CertificateToken issuerToken) { TimestampValidity timestampValidity = TimestampValidity.NOT_YET_VERIFIED; try {// w w w . j av a2s. co m final JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); final X509Certificate x509Certificate = issuerToken.getCertificate(); final SignerInformationVerifier verifier = verifierBuilder.build(x509Certificate); timeStampToken.validate(verifier); timestampValidity = TimestampValidity.VALID; } catch (IllegalArgumentException e) { timestampValidity = TimestampValidity.NO_SIGNING_CERTIFICATE; LOG.error("No signing certificate for timestamp token: " + e); } catch (TSPValidationException e) { timestampValidity = TimestampValidity.NOT_VALID_SIGNATURE; } catch (TSPException e) { timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE; } catch (OperatorCreationException e) { timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE; } final TimestampValidation timestampValidation = new TimestampValidation(timestampValidity); return timestampValidation; }
From source file:eu.europa.esig.dss.cades.validation.CAdESSignature.java
License:Open Source License
@Override public SignatureCryptographicVerification checkSignatureIntegrity() { if (signatureCryptographicVerification != null) { return signatureCryptographicVerification; }/*from w ww. j av a 2 s. c om*/ signatureCryptographicVerification = new SignatureCryptographicVerification(); try { final List<CertificateValidity> certificateValidityList = getCertificateValidityList(); if (certificateValidityList.size() == 0) { signatureCryptographicVerification .setErrorMessage("There is no signing certificate within the signature."); return signatureCryptographicVerification; } boolean detachedSignature = isDetachedSignature(); final SignerInformation signerInformationToCheck; if (detachedSignature) { if (CollectionUtils.isEmpty(detachedContents)) { if (certificateValidityList.size() > 0) { candidatesForSigningCertificate.setTheCertificateValidity(certificateValidityList.get(0)); } signatureCryptographicVerification.setErrorMessage("Detached file not found!"); return signatureCryptographicVerification; } signerInformationToCheck = recreateSignerInformation(); } else { signerInformationToCheck = signerInformation; } signatureCryptographicVerification.setReferenceDataFound(true); LOG.debug("CHECK SIGNATURE VALIDITY: "); if (signingCertificateValidity != null) { // for (final CertificateValidity certificateValidity : // certificateValidityList) { try { // In the case where one of the mandatory attributes is // missing we set already the candidate for the signing // certificate. // see: validation.at.nqs.bdc.TestNotQualifiedBDC.test1() candidatesForSigningCertificate.setTheCertificateValidity(signingCertificateValidity); final JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder(); final CertificateToken certificateToken = signingCertificateValidity.getCertificateToken(); final PublicKey publicKey = certificateToken.getPublicKey(); final SignerInformationVerifier signerInformationVerifier = verifier.build(publicKey); LOG.debug(" - WITH SIGNING CERTIFICATE: " + certificateToken.getAbbreviation()); boolean signatureIntact = signerInformationToCheck.verify(signerInformationVerifier); signatureCryptographicVerification.setReferenceDataIntact(signatureIntact); signatureCryptographicVerification.setSignatureIntact(signatureIntact); } catch (Exception e) { LOG.error("Unable to validate CMS Signature : " + e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); signatureCryptographicVerification.setReferenceDataIntact(false); signatureCryptographicVerification.setSignatureIntact(false); } } } catch (CMSException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } catch (IOException e) { LOG.error(e.getMessage(), e); signatureCryptographicVerification.setErrorMessage(e.getMessage()); } LOG.debug(" - RESULT: " + signatureCryptographicVerification.toString()); return signatureCryptographicVerification; }
From source file:eu.europa.esig.dss.validation.TimestampToken.java
License:Open Source License
private TimestampValidation validateTimestampToken(final TimeStampToken timeStampToken, final CertificateToken issuerToken) { TimestampValidity timestampValidity; try {//from w ww . ja va2 s . c o m final JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); final X509Certificate x509Certificate = issuerToken.getCertificate(); final SignerInformationVerifier verifier = verifierBuilder.build(x509Certificate); timeStampToken.validate(verifier); timestampValidity = TimestampValidity.VALID; } catch (IllegalArgumentException e) { if (logger.isDebugEnabled()) { logger.debug("No signing certificate for timestamp token: ", e); } else { logger.info("No signing certificate for timestamp token: ", e.getMessage()); } timestampValidity = TimestampValidity.NO_SIGNING_CERTIFICATE; } catch (TSPValidationException e) { if (logger.isDebugEnabled()) { logger.debug("No valid signature for timestamp token: ", e); } else { logger.info("No valid signature for timestamp token: " + e.getMessage()); } timestampValidity = TimestampValidity.NOT_VALID_SIGNATURE; } catch (TSPException e) { if (logger.isDebugEnabled()) { logger.debug("No valid structure for timestamp token: ", e); } else { logger.info("No valid structure for timestamp token: " + e.getMessage()); } timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE; } catch (OperatorCreationException e) { if (logger.isDebugEnabled()) { logger.debug("No valid structure for timestamp token: ", e); } else { logger.info("No valid structure for timestamp token: " + e.getMessage()); } timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE; } final TimestampValidation timestampValidation = new TimestampValidation(timestampValidity); return timestampValidation; }
From source file:mitm.common.security.cms.SignerInfoImpl.java
License:Open Source License
@Override public boolean verify(PublicKey key, String provider) throws SignerInfoException { try {// www. ja v a 2 s . c om JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); verifierBuilder.setProvider(provider); return signerInformation.verify(verifierBuilder.build(key)); } catch (CMSException e) { throw new SignerInfoException(e); } catch (OperatorCreationException e) { throw new SignerInfoException(e); } }