List of usage examples for org.bouncycastle.cms SignerInformation getSID
public SignerId getSID()
From source file:org.ejbca.extra.ra.RAApiTest.java
License:Open Source License
public void test02GenerateSimplePKCS10RequestNoCreateUser() throws Exception { // First test with a user that does not exist or has status generated, when the user it not created the request will fail SubMessages smgs = new SubMessages(null, null, null); smgs.addSubMessage(/*w ww . jav a 2 s . co m*/ ExtRAMessagesTest.genExtRAPKCS10Request(100, "SimplePKCS10Test1", Constants.pkcs10_1, false)); msghome.create("SimplePKCS10Test1", smgs); Message msg = waitForUser("SimplePKCS10Test1"); assertNotNull("No response", msg); SubMessages submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 1); Iterator iter = submessagesresp.getSubMessages().iterator(); PKCS10Response resp = (PKCS10Response) iter.next(); assertTrue(resp.getRequestId() == 100); assertTrue(resp.isSuccessful() == false); // if we create the user first, with correct status, the request should be ok smgs = new SubMessages(null, null, null); smgs.addSubMessage(ExtRAMessagesTest.genExtRAPKCS10UserRequest(101, "SimplePKCS10Test1", "foo123")); msghome.create("SimplePKCS10Test1", smgs); msg = waitForUser("SimplePKCS10Test1"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue("Number of submessages " + submessagesresp.getSubMessages().size(), submessagesresp.getSubMessages().size() == 1); ExtRAResponse editresp = (ExtRAResponse) submessagesresp.getSubMessages().iterator().next(); assertTrue("Wrong Request ID" + editresp.getRequestId(), editresp.getRequestId() == 101); assertTrue("External RA CA Service was not successful.", editresp.isSuccessful() == true); // Create a new request, now it should be ok smgs = new SubMessages(null, null, null); smgs.addSubMessage( ExtRAMessagesTest.genExtRAPKCS10Request(102, "SimplePKCS10Test1", Constants.pkcs10_1, false)); msghome.create("SimplePKCS10Test1", smgs); msg = waitForUser("SimplePKCS10Test1"); assertNotNull(msg); submessagesresp = msg.getSubMessages(null, null, null); assertTrue(submessagesresp.getSubMessages().size() == 1); iter = submessagesresp.getSubMessages().iterator(); resp = (PKCS10Response) iter.next(); assertTrue(resp.getRequestId() == 102); assertTrue(resp.isSuccessful() == true); assertTrue(resp.getCertificate().getSubjectDN().toString().equals("CN=PKCS10REQ")); firstCertificate = resp.getCertificate(); assertNotNull(firstCertificate); // Check the pkcs7 response byte[] pkcs7 = resp.getCertificateAsPKCS7(); assertNotNull(pkcs7); CMSSignedData s = new CMSSignedData(pkcs7); // The signer, i.e. the CA, check it's the right CA SignerInformationStore signers = s.getSignerInfos(); Collection col = signers.getSigners(); assertTrue(col.size() > 0); Iterator siter = col.iterator(); SignerInformation signerInfo = (SignerInformation) siter.next(); SignerId sinfo = signerInfo.getSID(); // Check that the signer is the expected CA assertEquals(CertTools.stringToBCDNString(firstCertificate.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString())); CertStore certstore = s.getCertificatesAndCRLs("Collection", "BC"); Collection certs = certstore.getCertificates(null); assertEquals(certs.size(), 2); Iterator it = certs.iterator(); boolean found = false; while (it.hasNext()) { X509Certificate retcert = (X509Certificate) it.next(); if (retcert.getSubjectDN().equals(firstCertificate.getSubjectDN())) { found = true; } } assertTrue(found); }
From source file:org.ejbca.ui.web.pub.AutoEnrollServletTest.java
License:Open Source License
/** * Post Certificate request to Servlet /* ww w . j a v a 2 s.c o m*/ */ private X509Certificate doRequest(String remoteUser, String requestData) throws Exception { final String remoteHost = SystemTestsConfiguration.getRemoteHost("127.0.0.1"); final String remotePort = SystemTestsConfiguration.getRemotePortHttp("8080"); URL localAutoEnrollServletURL = new URL("http://" + remoteHost + ":" + remotePort + "/ejbca/autoenroll"); HttpURLConnection localServletConnection = (HttpURLConnection) localAutoEnrollServletURL.openConnection(); localServletConnection.setRequestProperty("X-Remote-User", remoteUser); localServletConnection.setRequestMethod("POST"); localServletConnection.setDoOutput(true); localServletConnection.connect(); OutputStream os = localServletConnection.getOutputStream(); os.write(("request=" + requestData + "&").getBytes()); os.write("debug=false&".getBytes()); //os.write(("CertificateTemplate=" + certificateTemplate).getBytes()); os.flush(); os.close(); InputStream is = localServletConnection.getInputStream(); BufferedReader br = new BufferedReader(new InputStreamReader(is)); String response = ""; while (br.ready()) { response += br.readLine(); } assertFalse("AutoEnrollment has to be enabled for this test to work.", response.contains("Not allowed.")); response = response.replaceFirst("-----BEGIN PKCS7-----", "").replaceFirst("-----END PKCS7-----", ""); byte[] responseData = Base64.decode(response.getBytes()); X509Certificate returnCertificate = null; CMSSignedData p7b = new CMSSignedData(responseData); Store certStore = p7b.getCertificates(); SignerInformationStore signers = p7b.getSignerInfos(); @SuppressWarnings("unchecked") Iterator<SignerInformation> iter = signers.getSigners().iterator(); JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); while (iter.hasNext()) { SignerInformation signer = iter.next(); @SuppressWarnings("unchecked") List<X509CertificateHolder> certCollection = (List<X509CertificateHolder>) certStore .getMatches(signer.getSID()); X509Certificate caCert = new JcaX509CertificateConverter().getCertificate(certCollection.get(0)); @SuppressWarnings("unchecked") Iterator<X509CertificateHolder> iter2 = certStore.getMatches(null).iterator(); if (iter2.hasNext()) { X509Certificate cert = jcaX509CertificateConverter.getCertificate(iter2.next()); if (!CertTools.getSubjectDN(caCert).equals(CertTools.getSubjectDN(cert))) { returnCertificate = cert; } } } assertNotNull("No requested certificate present in response.", returnCertificate); return returnCertificate; }
From source file:org.ejbca.util.CMS.java
License:Open Source License
/** * @param is signed data to be verified/*from w ww . j av a 2 s .c o m*/ * @param os signature removed from signed data * @param cert the certificate with the public key that should do the verification * @return true if the signing was to with the private key corresponding to the public key in the certificate. * @throws Exception */ public static VerifyResult verify(final InputStream is, OutputStream os, X509Certificate cert) throws Exception { final InputStream bis = new BufferedInputStream(is, bufferSize); final OutputStream bos = new BufferedOutputStream(os, bufferSize); final CMSSignedDataParser sp = new CMSSignedDataParser(new BcDigestCalculatorProvider(), bis); final CMSTypedStream sc = sp.getSignedContent(); final InputStream ris = sc.getContentStream(); fromInToOut(ris, bos); os.close(); sc.drain(); @SuppressWarnings("rawtypes") final Iterator it = sp.getSignerInfos().getSigners().iterator(); if (!it.hasNext()) { return null; } final SignerInformation signerInfo = (SignerInformation) it.next(); final Attribute attribute = (Attribute) signerInfo.getSignedAttributes().getAll(CMSAttributes.signingTime) .get(0); final Date date = Time.getInstance(attribute.getAttrValues().getObjectAt(0).toASN1Primitive()).getDate(); final SignerId id = signerInfo.getSID(); boolean result = false; try { JcaDigestCalculatorProviderBuilder calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME); JcaSignerInfoVerifierBuilder jcaSignerInfoVerifierBuilder = new JcaSignerInfoVerifierBuilder( calculatorProviderBuilder.build()).setProvider(BouncyCastleProvider.PROVIDER_NAME); result = signerInfo.verify(jcaSignerInfoVerifierBuilder.build(cert.getPublicKey())); } catch (Throwable t) { // NOPMD log.debug("Exception when verifying", t); } return new VerifyResult(date, result, id); }
From source file:org.jnotary.client.DvcsCheck.java
License:Open Source License
private static void verifyCerificates(VerifyResult dvcsReqVerifyResult) throws Exception { TrustedStore trustedRoots = new TrustedStore( new FileStorage(config.getTrustedStorePath(), "JKS", config.getTrustedStorePassword())); Verifier verifier = new Verifier(); for (SignerInformation signerInfo : dvcsReqVerifyResult.getSigners()) { X509Certificate cert = dvcsReqVerifyResult.getSignerCertificate(signerInfo.getSID()); verifier.verifyCertificate(trustedRoots, cert); }// ww w . j av a 2s. c o m }
From source file:org.jnotary.crypto.SignAndVerifyTest.java
License:Open Source License
private void verify(TrustedStore trustedUserCertificateStore) throws Exception { File file = new File("/tmp/s1.dat"); byte[] signedData = new byte[(int) file.length()]; DataInputStream dis = new DataInputStream(new FileInputStream(file)); dis.readFully(signedData);//from w ww . j a v a 2 s .c om dis.close(); Verifier verifier = new Verifier(); VerifyResult result = verifier.verifySignature(signedData, trustedUserCertificateStore); assertTrue("Data is incorrect", Arrays.equals(result.getContent(), "Hello world!!".getBytes())); for (SignerInformation signerInfo : result.getSigners()) { final Attribute attribute = (Attribute) signerInfo.getSignedAttributes() .getAll(CMSAttributes.signingTime).get(0); final Date date = Time.getInstance(attribute.getAttrValues().getObjectAt(0)).getDate(); System.out.println(date.toString() + " " + signerInfo.getSID()); } }
From source file:org.jnotary.crypto.Verifier.java
License:Open Source License
@SuppressWarnings("rawtypes") public VerifyResult verifySignature(byte[] signedData, TrustedStore trustedUserCertificateStore) throws Exception { CMSSignedData sdata = new CMSSignedData(signedData); Store certStore = sdata.getCertificates(); SignerInformationStore signersStore = sdata.getSignerInfos(); Collection signers = signersStore.getSigners(); Iterator it = signers.iterator(); final Map<SignerId, java.security.cert.X509Certificate> certificates = new HashMap<SignerId, java.security.cert.X509Certificate>(); List<SignerInformation> signerInfoList = new ArrayList<SignerInformation>(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); signerInfoList.add(signer);// w w w .ja va 2 s . c om X509CertificateHolder cert = getCertificateHolder(trustedUserCertificateStore, certStore, signer); ByteArrayInputStream certBais = new ByteArrayInputStream(cert.getEncoded()); java.security.cert.X509Certificate x509cert = (java.security.cert.X509Certificate) CertificateFactory .getInstance("X.509").generateCertificate(certBais); certificates.put(signer.getSID(), x509cert); verifyDate(signer, x509cert); if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) throw new Exception("Signature verification failed for " + cert.getSubject().toString()); } CMSTypedData ctd = sdata.getSignedContent(); if (ctd == null) throw new Exception("Data not exists"); return new VerifyResult((byte[]) ctd.getContent(), signerInfoList, certificates); }
From source file:org.jnotary.crypto.Verifier.java
License:Open Source License
@SuppressWarnings("rawtypes") private X509CertificateHolder getCertificateHolder(TrustedStore trustedUserCertificateStore, Store certStore, SignerInformation signer) throws Exception { Collection certCollection = certStore.getMatches(signer.getSID()); if (certCollection.isEmpty() && trustedUserCertificateStore != null) certCollection = trustedUserCertificateStore.getCertStore().getMatches(signer.getSID()); if (certCollection.isEmpty()) throw new Exception("Certificate not found for " + signer.getSID().toString()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); return cert;/* w w w . j ava 2 s . c o m*/ }
From source file:org.jnotary.service.util.CryptoService.java
License:Open Source License
public void verifyCerificates(VerifyResult result, boolean checkCRL) throws DVCSException { for (SignerInformation signerInfo : result.getSigners()) { X509Certificate cert = result.getSignerCertificate(signerInfo.getSID()); verifyCerificate(cert, checkCRL); }//from w ww .j a v a 2 s . co m }
From source file:org.mailster.core.crypto.smime.SmimeUtilities.java
License:Open Source License
/** * Take a CMS SignedData message and a trust anchor and determine if * the message is signed with a valid signature from a end entity * certificate recognized by the trust anchor rootCert. *///from www .j av a 2 s . com public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception { CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = signedData.getSignerInfos(); Iterator<?> it = signers.getSigners().iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); X509CertSelector signerConstraints = signer.getSID(); signerConstraints.setKeyUsage(getKeyUsageForSignature()); PKIXCertPathBuilderResult result = buildPath(rootCert, signer.getSID(), certsAndCRLs); if (signer.verify(result.getPublicKey(), "BC")) return true; } return false; }
From source file:org.mailster.gui.dialogs.CertificateDialog.java
License:Open Source License
private X509Certificate getSubjectCertificate() { if (message != null) { try {/* w ww .j av a 2s. c o m*/ SMIMESigned signed = new SMIMESigned((MimeMultipart) message.getContent()); Iterator<?> it = signed.getSignerInfos().getSigners().iterator(); CertStore certsAndCRLs = signed.getCertificatesAndCRLs("Collection", "BC"); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); return (X509Certificate) certsAndCRLs.getCertificates(signer.getSID()).iterator().next(); } } catch (Exception e) { e.printStackTrace(); } } else return (X509Certificate) chain[0]; return null; }