List of usage examples for org.bouncycastle.cms SignerId SignerId
public SignerId(X500Name issuer, BigInteger serialNumber)
From source file:org.bitrepository.protocol.security.PermissionStoreTest.java
License:Open Source License
@Test(groups = { "regressiontest" })
public void negativeCertificateRetrievalTest() throws Exception {
addDescription("Tests that a certificate cannot be retrieved based on the wrong signerId.");
addStep("Create signer and modify its ID so lookup will fail", "No exceptions");
byte[] decodeSig = Base64
.decode(SecurityTestConstants.getSignature().getBytes(SecurityModuleConstants.defaultEncodingType));
CMSSignedData s = new CMSSignedData(
new CMSProcessableByteArray(
SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)),
decodeSig);//from w w w. j av a2s. c o m
SignerInformation signer = (SignerInformation) s.getSignerInfos().getSigners().iterator().next();
SignerId signerId = signer.getSID();
BigInteger serial = signerId.getSerialNumber();
serial.add(new BigInteger("2"));
signerId = new SignerId(signerId.getIssuer(), serial);
addStep("Lookup certificate based on signerId", "No exceptions");
X509Certificate certificateFromStore = permissionStore.getCertificate(signerId);
ByteArrayInputStream bs = new ByteArrayInputStream(SecurityTestConstants.getPositiveCertificate()
.getBytes(SecurityModuleConstants.defaultEncodingType));
X509Certificate positiveCertificate = (X509Certificate) CertificateFactory
.getInstance(SecurityModuleConstants.CertificateType).generateCertificate(bs);
assertEquals(positiveCertificate, certificateFromStore);
}
From source file:org.neociclo.odetteftp.util.EnvelopingUtil.java
License:Apache License
public static InputStream openSignedDataParser(InputStream sigData, final X509Certificate checkCert, final SignatureVerifyResult checkResult) throws CMSException { installBouncyCastleProviderIfNecessary(); // set up the parser final CMSSignedDataParser sp = new CMSSignedDataParser(sigData); // TODO what to do? the validity of the certificate isn't verified here ///*w w w . ja va 2 s . c o m*/ // Perform signature verification. // // Create a runnable block which is executed after the returned // input stream is completely read (end of stream is reached). This is // strictly important, because we are in a streaming mode the order of // the operations is important. // final Runnable signatureChecker = new Runnable() { public void run() { try { SignerInformationStore signers = sp.getSignerInfos(); // lookup signer by matching with the given certificate SignerId sigId = new SignerId(new X500Name(checkCert.getIssuerX500Principal().getName()), checkCert.getSerialNumber()); SignerInformation signer = signers.get(sigId); // perform signature verification if (signer != null) { // // verify that the signature is correct and that it was generated // when the certificate was current // if (signer.verify(checkCert, BC_PROVIDER)) { // signature verified if (checkResult != null) { checkResult.setSuccess(); } } else { // signature failed!!! if (checkResult != null) { checkResult.setFailure(); } } } else { // signer not found if (checkResult != null) { checkResult.setError(new Exception("Provided check certificate doesn't match.")); } } } catch (Exception e) { if (checkResult != null) { checkResult.setError(e); } } } }; // // Return content stream from the encapsulated data. // // A simple input stream is returned, where readable bytes represents // the original content data (without signatures) from the encapsulated // signed envelope. But a wrapping InputStream is created to execute the // signature verification after the buffer is completely read. // final InputStream contentStream = sp.getSignedContent().getContentStream(); InputStream endOfStreamSignatureCheckInputStream = new InputStream() { /** * Used to avoid running the signature checker above multiple times. */ private boolean alreadyReachedEof = false; @Override public int read() throws IOException { int b = contentStream.read(); if (b == -1 && !alreadyReachedEof) { alreadyReachedEof = true; signatureChecker.run(); } return b; } }; return endOfStreamSignatureCheckInputStream; }
From source file:org.votingsystem.signature.smime.SMIMEMessage.java
License:Open Source License
public Collection checkSignerCert(X509Certificate x509Cert) throws Exception { if (smimeSigned == null) isValidSignature();// w ww .ja va2s.c o m Store certs = smimeSigned.getCertificates(); X509CertificateHolder holder = new X509CertificateHolder(x509Cert.getEncoded()); SignerId signerId = new SignerId(holder.getIssuer(), x509Cert.getSerialNumber()); return certs.getMatches(signerId); }
From source file:org.xwiki.crypto.pkix.internal.BcStoreX509CertificateProvider.java
License:Open Source License
@Override public CertifiedPublicKey getCertificate(PrincipalIndentifier issuer, BigInteger serial) { return BcUtils.convertCertificate(this.factory, getCertificate(new SignerId(BcUtils.getX500Name(issuer), serial))); }