List of usage examples for org.bouncycastle.cms SignerInformation getContentDigest
public byte[] getContentDigest()
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
@SuppressWarnings("unchecked") protected static String validarAssinaturaCMS(byte[] digest, String digestAlgorithm, byte[] assinatura, Date dtAssinatura) throws InvalidKeyException, SecurityException, CRLException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, AplicacaoException, ChainValidationException, IOException, Exception { final CMSSignedData s; if (digest != null) { Map<String, byte[]> map = new HashMap<String, byte[]>(); map.put(digestAlgorithm, digest); s = new CMSSignedData(map, assinatura); } else {/*from w w w. jav a 2s.c o m*/ s = new CMSSignedData(assinatura); } Store certs = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection<SignerInformation> c = signers.getSigners(); Iterator<SignerInformation> it = c.iterator(); X509CertificateHolder firstSignerCert = null; while (it.hasNext()) { SignerInformation signer = it.next(); Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID()); Iterator<X509CertificateHolder> certIt = certCollection.iterator(); X509CertificateHolder cert = certIt.next(); if (firstSignerCert == null) firstSignerCert = cert; if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) throw new Exception("Assinatura invlida!"); System.out.println("\nSigner Info: \n"); System.out.println("Is Signature Valid? true"); System.out.println("Digest: " + asHex(signer.getContentDigest())); System.out.println("Enc Alg Oid: " + signer.getEncryptionAlgOID()); System.out.println("Digest Alg Oid: " + signer.getDigestAlgOID()); System.out.println("Signature: " + asHex(signer.getSignature())); } // X509Certificate[] cadeiaTotal = montarCadeiaOrdenadaECompleta((Collection<X509Certificate>) (certs.getCertificates(null))); X509Certificate[] cadeiaTotal = montarCadeiaOrdenadaECompleta(certs.getMatches(null)); List<X509CRLObject> crls = new ArrayList<>(); if (certs.getMatches(null) != null) { Enumeration ec = ASN1Set.getInstance(certs.getMatches(null)).getObjects(); while (ec.hasMoreElements()) { crls.add(new X509CRLObject(CertificateList.getInstance(ec.nextElement()))); } } final X509ChainValidator cadeia = new X509ChainValidator(cadeiaTotal, /* trustedAnchors */new HashSet(FachadaDeCertificadosAC.getTrustAnchors()), crls.toArray(new X509CRLObject[0])); cadeia.checkCRL(true); try { cadeia.validateChain(dtAssinatura); } catch (Exception e1) { if (e1.getMessage().endsWith("Validation time is in future.")) { String s1 = e1.getMessage() + " Current date: [" + new Date().toString() + "]. Record date: [" + dtAssinatura + "]. LCRs' dates ["; for (X509CRLObject crl : (Collection<X509CRLObject>) certs.getMatches(null)) { String s2 = crl.getIssuerX500Principal().getName(); s2 = s2.split(",")[0]; s1 += s2 + " (" + crl.getThisUpdate() + " - " + crl.getNextUpdate() + ") "; } s1 += "]"; throw new AplicacaoException(s1, 0, e1); } else throw e1; } // String s1 = firstSignerCert.getSubjectDN().getName(); String s1 = firstSignerCert.getSubject().toString(); s1 = obterNomeExibicao(s1); return s1; }
From source file:com.zotoh.crypto.CryptoUte.java
License:Open Source License
/** * @param mp//w w w .j a v a 2s. c om * @param certs * @param cte * @return * @throws MessagingException * @throws GeneralSecurityException * @throws IOException * @throws CertificateEncodingException */ public static Tuple verifySmimeDigSig(Multipart mp, Certificate[] certs, String cte) throws MessagingException, GeneralSecurityException, IOException, CertificateEncodingException { tstArgIsType("multipart", mp, MimeMultipart.class); tstObjArg("certs", certs); MimeMultipart mmp = (MimeMultipart) mp; SMIMESigned sc; SignerInformation si; byte[] digest = null; try { sc = isEmpty(cte) ? new SMIMESigned(mmp) : new SMIMESigned(mmp, cte); } catch (CMSException e) { throw new GeneralSecurityException(e); } Provider prov = Crypto.getInstance().getProvider(); Store s = new JcaCertStore(asList(true, certs)); Collection<?> c; JcaSimpleSignerInfoVerifierBuilder bdr; for (Object obj : sc.getSignerInfos().getSigners()) try { si = (SignerInformation) obj; c = s.getMatches(si.getSID()); for (Iterator<?> it = c.iterator(); it.hasNext();) { bdr = new JcaSimpleSignerInfoVerifierBuilder().setProvider(prov); if (si.verify(bdr.build((X509CertificateHolder) it.next()))) { digest = si.getContentDigest(); break; } } if (digest != null) { break; } } catch (Exception e) { } if (digest == null) { throw new GeneralSecurityException("Failed to verify signature: no matching certificate"); } //else return new Tuple(sc.getContentAsMimeMessage(newSession()).getContent(), digest); }
From source file:com.zotoh.crypto.CryptoUte.java
License:Open Source License
/** * @param cert/*www . j a va 2 s . c o m*/ * @param data * @param signature * @return * @throws GeneralSecurityException * @throws IOException * @throws CertificateEncodingException */ public static byte[] verifyPkcsDigSig(Certificate cert, StreamData data, byte[] signature) throws GeneralSecurityException, IOException, CertificateEncodingException { tstObjArg("digital-signature", signature); tstObjArg("cert", cert); tstObjArg("input-content", data); Provider prov = Crypto.getInstance().getProvider(); SignerInformation si; CMSProcessable cproc; CMSSignedData cms; byte[] digest; if (data.isDiskFile()) { cproc = new CMSProcessableFile(data.getFileRef()); } else { cproc = new CMSProcessableByteArray(data.getBytes()); } try { cms = new CMSSignedData(cproc, signature); digest = null; } catch (CMSException e) { throw new GeneralSecurityException(e); } List<Certificate> cl = LT(); cl.add(cert); Store s = new JcaCertStore(cl); Collection<?> c; JcaSimpleSignerInfoVerifierBuilder bdr; for (Object obj : cms.getSignerInfos().getSigners()) try { si = (SignerInformation) obj; c = s.getMatches(si.getSID()); for (Iterator<?> it = c.iterator(); it.hasNext();) { bdr = new JcaSimpleSignerInfoVerifierBuilder().setProvider(prov); if (si.verify(bdr.build((X509CertificateHolder) it.next()))) { digest = si.getContentDigest(); break; } } if (digest != null) { break; } } catch (Exception e) { } if (digest == null) { throw new GeneralSecurityException("Failed to decode signature: no matching certificate"); } // else return digest; }
From source file:org.roda.common.certification.SignatureUtility.java
@SuppressWarnings("unchecked") private boolean verifySignatures(CMSSignedData s, byte[] contentDigest) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, CertStoreException, CertificateException, OperatorCreationException { boolean valid = true; // CertStore certStore = s.getCertificatesAndCRLs("Collection", provider); Store<?> certStore = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection<SignerInformation> c = signers.getSigners(); Iterator<SignerInformation> it = c.iterator(); while (it.hasNext()) { SignerInformation signer = it.next(); Collection<?> certCollection = certStore.getMatches(signer.getSID()); Iterator<?> certIt = certCollection.iterator(); X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next(); SignerInformationVerifier signerVerifierInformation = new BcRSASignerInfoVerifierBuilder( new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(certHolder); boolean certValid = signer.verify(signerVerifierInformation); valid &= certValid;// w ww . ja v a 2 s .c o m if (!certValid) { System.err.println("Invalid certificate " + certHolder); } if (contentDigest != null) { boolean digestValid = MessageDigest.isEqual(contentDigest, signer.getContentDigest()); valid &= digestValid; if (!digestValid) { System.err.println("Invalid digest " + contentDigest); } } } return valid; }
From source file:org.roda.core.plugins.plugins.characterization.SignatureUtility.java
private boolean verifySignatures(CMSSignedData s, byte[] contentDigest) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, CMSException { boolean valid = true; Store<?> certStore = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection<SignerInformation> c = signers.getSigners(); Iterator<SignerInformation> it = c.iterator(); while (it.hasNext()) { SignerInformation signer = it.next(); Collection<?> certCollection = certStore.getMatches(signer.getSID()); Iterator<?> certIt = certCollection.iterator(); X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next(); X509Certificate cert = new JcaX509CertificateConverter().setProvider(provider) .getCertificate(certHolder); boolean certValid = signer.verify(cert, provider); valid &= certValid;/*from w w w . ja v a2s. c o m*/ if (!certValid) { LOGGER.error("Invalid certificate '{}'", cert); } if (contentDigest != null) { boolean digestValid = MessageDigest.isEqual(contentDigest, signer.getContentDigest()); valid &= digestValid; if (!digestValid) { LOGGER.error("Invalid digest '{}'", contentDigest); } } } return valid; }