List of usage examples for org.bouncycastle.cms SignerInformation getSID
public SignerId getSID()
From source file:org.yawlfoundation.yawl.digitalSignature.DigitalSignature.java
License:Open Source License
public boolean checkSignature(byte[] Document) { try {/*from w w w. j a va 2 s .co m*/ System.out.println("Beginning of Checking XmlSignature:"); System.out.println(Document); Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // extract the Signed Fingerprint data CMSSignedData signature = new CMSSignedData(Document); System.out.println("Beginning of Checking XmlSignature:"); SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator() .next(); System.out.println("Beginning of Checking XmlSignature:"); // Get from the collection the appropriate registered certificate CertStore cs = signature.getCertificatesAndCRLs("Collection", "BC"); Iterator iter = cs.getCertificates(signer.getSID()).iterator(); System.out.println("Beginning of Checking XmlSignature:"); X509Certificate certificate = (X509Certificate) iter.next(); System.out.println("Beginning of Checking XmlSignature:"); // get the contents of the document CMSProcessable sg = signature.getSignedContent(); byte[] data = (byte[]) sg.getContent(); String content = new String(data); //convert the document content to a valid xml document for YAWL org.w3c.dom.Document XMLNode = ConvertStringToDocument(content); org.jdom2.input.DOMBuilder builder = new org.jdom2.input.DOMBuilder(); Doc = builder.build(XMLNode); //Check the document System.out.println("xml to Sign:"); System.out.println(JDOMUtil.documentToString(Doc)); // get the name of the signer _Name = certificate.getSubjectDN().getName().split("(=|, )", -1).toString(); //return the result of the signature checking return signer.verify(certificate, "BC"); } catch (Exception e) { System.out.println("Test error"); e.printStackTrace(); return false; } }
From source file:pdfbox.SignatureVerifier.java
License:Apache License
/** * Verify a PKCS7 signature./*from www .jav a 2 s . co m*/ * * @param byteArray the byte sequence that has been signed * @param contents the /Contents field as a COSString * @param sig the PDF signature (the /V dictionary) * @throws CertificateException * @throws CMSException * @throws StoreException * @throws OperatorCreationException */ private SignatureResult verifyPKCS7(byte[] byteArray, COSString contents, PDSignature sig) throws CMSException, CertificateException, StoreException, OperatorCreationException { // inspiration: // http://stackoverflow.com/a/26702631/535646 // http://stackoverflow.com/a/9261365/535646 CMSProcessable signedContent = new CMSProcessableByteArray(byteArray); CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes()); Store certificatesStore = signedData.getCertificates(); Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); SignerInformation signerInformation = signers.iterator().next(); Collection matches = certificatesStore.getMatches(signerInformation.getSID()); X509CertificateHolder certificateHolder = (X509CertificateHolder) matches.iterator().next(); X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder); //System.out.println("certFromSignedData: " + certFromSignedData); certFromSignedData.checkValidity(sig.getSignDate().getTime()); JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); if (provider != null) { verifierBuilder.setProvider(provider); } boolean validated = false; try { validated = signerInformation.verify(verifierBuilder.build(certFromSignedData)); } catch (CMSSignerDigestMismatchException e) { System.out.println("Signature failed to validate: "); e.printStackTrace(); } return new SignatureResult(certFromSignedData, validated); }
From source file:se.tillvaxtverket.ttsigvalws.ttwssigvalidation.pdf.PdfSignatureVerifier.java
License:Open Source License
private static void verifyCMSSignature(CMSSignedDataParser sp, CMSSigVerifyResult sigResult) throws CMSException, IOException, CertificateException, OperatorCreationException { CollectionStore certStore = (CollectionStore) sp.getCertificates(); Iterator ci = certStore.iterator(); List<X509Certificate> certList = new ArrayList<>(); while (ci.hasNext()) { X509CertificateHolder ch = (X509CertificateHolder) ci.next(); certList.add(getCert(ch));//w w w. jav a 2s . c o m } sigResult.setCertList(certList); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Date claimedSigningTime = getClaimedSigningTime(signer); sigResult.setClaimedSigningTime(claimedSigningTime); Collection certCollection = certStore.getMatches(signer.getSID()); X509CertificateHolder certHolder = (X509CertificateHolder) certCollection.iterator().next(); sigResult.setCert(getCert(certHolder)); //Check signature sigResult.setValid( signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder))); sigResult.setStatus(sigResult.isValid() ? "Valid" : "Signature verification failed"); if (!sigResult.isValid()) { return; } // Collect sig algo data getPkParams(sigResult.getCert().getPublicKey(), sigResult); DigestAlgorithm signerInfoHashAlgo = DigestAlgorithm.getDigestAlgoFromOid(signer.getDigestAlgOID()); sigResult.setDigestAlgo(signerInfoHashAlgo); String encryptionAlgOID = signer.getEncryptionAlgOID(); SupportedSigAlgoritm sigAlgoFromSignerInfoAndCert = SupportedSigAlgoritm .getAlgoFromOidAndHash(new ASN1ObjectIdentifier(encryptionAlgOID), signerInfoHashAlgo); sigResult.setSigAlgo(sigAlgoFromSignerInfoAndCert); Attribute cmsAlgoProtAttr = signer.getSignedAttributes() .get(new ASN1ObjectIdentifier(PdfObjectIds.ID_AA_CMS_ALGORITHM_PROTECTION)); getCMSAlgoritmProtectionData(cmsAlgoProtAttr, sigResult); if (!checkAlgoritmConsistency(sigResult)) { sigResult.setValid(false); sigResult.setStatus( "Signature was verified but with inconsistent Algoritm declarations or unsupported algoritms"); } if (sigResult.isValid()) { verifyPadesProperties(signer, sigResult); } } }
From source file:test.integ.be.e_contract.mycarenet.etee.SealTest.java
License:Open Source License
private byte[] getVerifiedContent(byte[] cmsData) throws CertificateException, CMSException, IOException, OperatorCreationException { CMSSignedData cmsSignedData = new CMSSignedData(cmsData); SignerInformationStore signers = cmsSignedData.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); Store certificateStore = cmsSignedData.getCertificates(); Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); if (false == certificateCollection.isEmpty()) { X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .build(certificate);/*from w w w .j av a2 s. co m*/ boolean signatureResult = signer.verify(signerInformationVerifier); assertTrue(signatureResult); LOG.debug("signer certificate: " + certificate); } else { LOG.warn("no signer matched"); } CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); return data; }
From source file:test.unit.be.e_contract.mycarenet.etee.EncryptionTokenTest.java
License:Open Source License
@Test public void testReadEncryptionToken() throws Exception { InputStream etkInputStream = EncryptionTokenTest.class.getResourceAsStream("/etk-fcorneli.der"); assertNotNull(etkInputStream);/*from w w w . j a v a2s . c om*/ CMSSignedData cmsSignedData = new CMSSignedData(etkInputStream); LOG.debug("SignedData version: " + cmsSignedData.getVersion()); SignerInformationStore signers = cmsSignedData.getSignerInfos(); LOG.debug("signers: " + signers.size()); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); LOG.debug("signer Id: " + signerId.getIssuer()); Store certificateStore = cmsSignedData.getCertificates(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); LOG.debug("certificate collection size: " + certificateCollection.size()); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); LOG.debug("signer certificate: " + certificate); CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); X509Certificate encryptionCertificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(data)); LOG.debug("encryption certificate: " + encryptionCertificate); }
From source file:test.unit.be.e_contract.mycarenet.etee.SealTest.java
License:Open Source License
@Test public void testSeal() throws Exception { InputStream sealInputStream = SealTest.class.getResourceAsStream("/seal-fcorneli.der"); assertNotNull(sealInputStream);//from w ww . ja v a2 s . c om // check outer signature CMSSignedData cmsSignedData = new CMSSignedData(sealInputStream); SignerInformationStore signers = cmsSignedData.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); Store certificateStore = cmsSignedData.getCertificates(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); Security.addProvider(new BouncyCastleProvider()); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .build(certificate); boolean signatureResult = signer.verify(signerInformationVerifier); assertTrue(signatureResult); LOG.debug("signer certificate: " + certificate); CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); // decrypt content CMSEnvelopedDataParser cmsEnvelopedDataParser = new CMSEnvelopedDataParser(data); LOG.debug("content encryption algo: " + cmsEnvelopedDataParser.getContentEncryptionAlgorithm().getAlgorithm().getId()); RecipientInformationStore recipientInformationStore = cmsEnvelopedDataParser.getRecipientInfos(); @SuppressWarnings("unchecked") Collection<RecipientInformation> recipients = recipientInformationStore.getRecipients(); RecipientInformation recipientInformation = recipients.iterator().next(); LOG.debug("recipient info type: " + recipientInformation.getClass().getName()); KeyTransRecipientInformation keyTransRecipientInformation = (KeyTransRecipientInformation) recipientInformation; }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractCMSSignatureServiceTest.java
License:Open Source License
@Test public void testCMSSignature() throws Exception { // setup/*from w ww . j a va 2 s .c om*/ byte[] toBeSigned = "hello world".getBytes(); String signatureDescription = "Test CMS Signature"; CMSTestSignatureService signatureService = new CMSTestSignatureService(toBeSigned, signatureDescription); KeyPair keyPair = PkiTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation)); List<X509Certificate> signingCertificateChain = new LinkedList<X509Certificate>(); signingCertificateChain.add(certificate); // operate DigestInfo digestInfo = signatureService.preSign(null, signingCertificateChain, null, null, null); // verify assertNotNull(digestInfo); byte[] digestValue = digestInfo.digestValue; LOG.debug("digest value: " + Hex.encodeHexString(digestValue)); assertNotNull(digestValue); assertEquals(signatureDescription, digestInfo.description); assertEquals("SHA1", digestInfo.digestAlgo); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestValue); byte[] signatureValue = cipher.doFinal(digestInfoValue); LOG.debug("signature value: " + Hex.encodeHexString(signatureValue)); // operate signatureService.postSign(signatureValue, signingCertificateChain); // verify byte[] cmsSignature = signatureService.getCMSSignature(); CMSSignedData signedData = new CMSSignedData(cmsSignature); SignerInformationStore signers = signedData.getSignerInfos(); Iterator<SignerInformation> iter = signers.getSigners().iterator(); while (iter.hasNext()) { SignerInformation signer = iter.next(); SignerId signerId = signer.getSID(); assertTrue(signerId.match(certificate)); assertTrue(signer.verify(keyPair.getPublic(), BouncyCastleProvider.PROVIDER_NAME)); } byte[] data = (byte[]) signedData.getSignedContent().getContent(); assertArrayEquals(toBeSigned, data); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CMSTest.java
License:Open Source License
/** * CMS signature with external data and external certificate. The CMS only * contains the signature and some certificate selector. * /*from w ww . j a v a 2 s . co m*/ * @throws Exception */ @Test public void testBasicCmsSignature() throws Exception { // setup KeyPair keyPair = PkiTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusMonths(1); X509Certificate certificate = generateSelfSignedCertificate(keyPair, "CN=Test", notBefore, notAfter); byte[] toBeSigned = "hello world".getBytes(); // operate CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); generator.addSigner(keyPair.getPrivate(), certificate, CMSSignedDataGenerator.DIGEST_SHA1); CMSProcessable content = new CMSProcessableByteArray(toBeSigned); CMSSignedData signedData = generator.generate(content, false, (String) null); byte[] cmsSignature = signedData.getEncoded(); LOG.debug("CMS signature: " + ASN1Dump.dumpAsString(new ASN1StreamParser(cmsSignature).readObject())); // verify signedData = new CMSSignedData(content, cmsSignature); SignerInformationStore signers = signedData.getSignerInfos(); Iterator<SignerInformation> iter = signers.getSigners().iterator(); while (iter.hasNext()) { SignerInformation signer = iter.next(); SignerId signerId = signer.getSID(); LOG.debug("signer: " + signerId); assertTrue(signerId.match(certificate)); assertTrue(signer.verify(keyPair.getPublic(), BouncyCastleProvider.PROVIDER_NAME)); } LOG.debug("content type: " + signedData.getSignedContentTypeOID()); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CMSTest.java
License:Open Source License
/** * CMS signature with embedded data and external certificate. The CMS only * contains the original content, signature and some certificate selector. * /*from w w w . java 2s . c o m*/ * @throws Exception */ @Test public void testCmsSignatureWithContent() throws Exception { // setup KeyPair keyPair = PkiTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusMonths(1); X509Certificate certificate = generateSelfSignedCertificate(keyPair, "CN=Test", notBefore, notAfter); byte[] toBeSigned = "hello world".getBytes(); // operate CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); generator.addSigner(keyPair.getPrivate(), certificate, CMSSignedDataGenerator.DIGEST_SHA1); CMSProcessable content = new CMSProcessableByteArray(toBeSigned); CMSSignedData signedData = generator.generate(content, true, (String) null); byte[] cmsSignature = signedData.getEncoded(); LOG.debug("CMS signature: " + ASN1Dump.dumpAsString(new ASN1StreamParser(cmsSignature).readObject())); // verify signedData = new CMSSignedData(cmsSignature); SignerInformationStore signers = signedData.getSignerInfos(); Iterator<SignerInformation> iter = signers.getSigners().iterator(); while (iter.hasNext()) { SignerInformation signer = iter.next(); SignerId signerId = signer.getSID(); LOG.debug("signer: " + signerId); assertTrue(signerId.match(certificate)); assertTrue(signer.verify(keyPair.getPublic(), BouncyCastleProvider.PROVIDER_NAME)); } byte[] data = (byte[]) signedData.getSignedContent().getContent(); assertArrayEquals(toBeSigned, data); LOG.debug("content type: " + signedData.getSignedContentTypeOID()); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CMSTest.java
License:Open Source License
/** * CMS signature with external data and embedded certificate. The CMS only * contains the signature, signing certificate and some certificate * selector.//from w w w . j a v a 2 s .c o m * * @throws Exception */ @Test public void testCmsSignatureWithCertificate() throws Exception { // setup KeyPair keyPair = PkiTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusMonths(1); X509Certificate certificate = generateSelfSignedCertificate(keyPair, "CN=Test", notBefore, notAfter); byte[] toBeSigned = "hello world".getBytes(); // operate CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); /* * addSigner requires the certificate to be able to calculate the key * selector. */ generator.addSigner(keyPair.getPrivate(), certificate, CMSSignedDataGenerator.DIGEST_SHA1); List<X509Certificate> certList = new LinkedList<X509Certificate>(); certList.add(certificate); CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)); generator.addCertificatesAndCRLs(certStore); CMSProcessable content = new CMSProcessableByteArray(toBeSigned); CMSSignedData signedData = generator.generate(content, false, (String) null); byte[] cmsSignature = signedData.getEncoded(); LOG.debug("CMS signature: " + ASN1Dump.dumpAsString(new ASN1StreamParser(cmsSignature).readObject())); // verify signedData = new CMSSignedData(content, cmsSignature); certStore = signedData.getCertificatesAndCRLs("Collection", BouncyCastleProvider.PROVIDER_NAME); SignerInformationStore signers = signedData.getSignerInfos(); Iterator<SignerInformation> iter = signers.getSigners().iterator(); while (iter.hasNext()) { SignerInformation signer = iter.next(); SignerId signerId = signer.getSID(); LOG.debug("signer: " + signerId); assertTrue(signerId.match(certificate)); assertTrue(signer.verify(keyPair.getPublic(), BouncyCastleProvider.PROVIDER_NAME)); X509Certificate storedCert = (X509Certificate) certStore.getCertificates(signerId).iterator().next(); assertEquals(certificate, storedCert); } LOG.debug("content type: " + signedData.getSignedContentTypeOID()); }