List of usage examples for org.bouncycastle.cms SignerInformation getSignedAttributes
public AttributeTable getSignedAttributes()
From source file:it.trento.comune.j4sign.cms.utils.CMSVerifier.java
License:Open Source License
private void parseAuthenticatedAttributes(SignerInformation signer) { AttributeTable attr = signer.getSignedAttributes(); Iterator<Attribute> iter = attr.toHashtable().values().iterator(); if (debug)/*from w w w .j ava2 s . co m*/ System.out.println("Listing authenticated attributes:"); int count = 1; while (iter.hasNext()) { Attribute a = iter.next(); if (debug) System.out.println("Attribute " + count + ":"); if (a.getAttrType().getId().equals(CMSAttributes.signingTime.getId())) { Time time = Time.getInstance(a.getAttrValues().getObjectAt(0)); if (debug) System.out.println("Authenticated time: " + time.getDate()); this.signingTime = time.getDate(); } if (a.getAttrType().getId().equals(CMSAttributes.contentType.getId())) { if (CMSObjectIdentifiers.data.getId() .equals(DERObjectIdentifier.getInstance(a.getAttrValues().getObjectAt(0)).getId())) if (debug) System.out.println("Content Type: PKCS7_DATA"); } if (a.getAttrType().getId().equals(CMSAttributes.messageDigest.getId())) { byte[] md = DEROctetString.getInstance(a.getAttrValues().getObjectAt(0)).getOctets(); if (debug) System.out.println( "Message Digest (hash of data content):\n" + CMSBuilder.formatAsString(md, " ", 16)); } if (debug) System.out.println("\nAttribute dump follows:"); if (debug) System.out.println(ASN1Dump.dumpAsString(a) + "\n"); count++; } }
From source file:known.issues.DSS642.CAdESCounterSignatureTest.java
License:Open Source License
@Test public void test() throws Exception { CertificateService certificateService = new CertificateService(); final MockPrivateKeyEntry entryUserA = certificateService .generateCertificateChain(SignatureAlgorithm.RSA_SHA256); final MockPrivateKeyEntry entryUserB = certificateService .generateCertificateChain(SignatureAlgorithm.RSA_SHA256); DSSDocument document = new FileDocument(new File("src/test/resources/sample.xml")); // Sign/*from w ww .j av a2 s. co m*/ CAdESSignatureParameters signatureParameters = new CAdESSignatureParameters(); signatureParameters.setSigningCertificate(entryUserA.getCertificate()); signatureParameters.setCertificateChain(entryUserA.getCertificateChain()); signatureParameters.setSignatureLevel(SignatureLevel.CAdES_BASELINE_B); signatureParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING); CertificateVerifier certificateVerifier = new CommonCertificateVerifier(); CAdESService service = new CAdESService(certificateVerifier); ToBeSigned dataToSign = service.getDataToSign(document, signatureParameters); SignatureValue signatureValue = sign(signatureParameters.getSignatureAlgorithm(), entryUserA, dataToSign); DSSDocument signedDocument = service.signDocument(document, signatureParameters, signatureValue); // Countersign final InputStream inputStream = signedDocument.openStream(); final CMSSignedData cmsSignedData = new CMSSignedData(inputStream); IOUtils.closeQuietly(inputStream); SignerInformationStore signerInfosStore = cmsSignedData.getSignerInfos(); Collection<SignerInformation> signerInfos = signerInfosStore.getSigners(); assertEquals(1, signerInfos.size()); SignerInformation signerInfo = signerInfos.iterator().next(); Thread.sleep(1000); CAdESSignatureParameters countersigningParameters = new CAdESSignatureParameters(); countersigningParameters.setSignatureLevel(SignatureLevel.CAdES_BASELINE_B); countersigningParameters.setSignaturePackaging(SignaturePackaging.ENVELOPING); countersigningParameters.setSigningCertificate(entryUserB.getCertificate()); countersigningParameters.setCertificateChain(entryUserB.getCertificateChain()); DSSDocument counterSignDocument = service.counterSignDocument(signedDocument, countersigningParameters, signerInfo.getSID(), new MockSignatureTokenConnection(), entryUserB); assertNotNull(counterSignDocument); counterSignDocument.save("target/countersign.p7m"); CMSSignedData data = new CMSSignedData(counterSignDocument.openStream()); SignerInformationStore informationStore = data.getSignerInfos(); Collection<SignerInformation> signers = informationStore.getSigners(); for (SignerInformation signerInformation : signers) { AttributeTable signedAttributes = signerInformation.getSignedAttributes(); Attribute attribute = signedAttributes.get(PKCSObjectIdentifiers.pkcs_9_at_contentType); assertNotNull(attribute); SignerInformationStore counterSignatures = signerInformation.getCounterSignatures(); assertNotNull(counterSignatures); Collection<SignerInformation> signersCounter = counterSignatures.getSigners(); for (SignerInformation signerCounter : signersCounter) { AttributeTable signedAttributes2 = signerCounter.getSignedAttributes(); Attribute attribute2 = signedAttributes2.get(PKCSObjectIdentifiers.pkcs_9_at_contentType); // Counter-signatures don't allow content-type assertNull(attribute2); } } SignerInformationVerifierProvider vProv = new SignerInformationVerifierProvider() { @Override public SignerInformationVerifier get(SignerId signerId) throws OperatorCreationException { if (entryUserA.getCertificate().getSerialNumber().equals(signerId.getSerialNumber())) { return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME) .build(entryUserA.getCertificate().getCertificate()); } else if (entryUserB.getCertificate().getSerialNumber().equals(signerId.getSerialNumber())) { return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME) .build(entryUserB.getCertificate().getCertificate()); } else { throw new IllegalStateException("no signerID matched"); } } }; // Validate both signatures by BC assertTrue(data.verifySignatures(vProv, false)); // Validate SignedDocumentValidator validator = SignedDocumentValidator.fromDocument(counterSignDocument); validator.setCertificateVerifier(new CommonCertificateVerifier()); Reports reports = validator.validateDocument(); reports.print(); DiagnosticData diagnosticData = reports.getDiagnosticData(); List<XmlDom> signatures = diagnosticData.getElements("/DiagnosticData/Signature"); assertEquals(2, signatures.size()); boolean foundCounterSignature = false; for (XmlDom xmlDom : signatures) { String type = xmlDom.getAttribute("Type"); if (AttributeValue.COUNTERSIGNATURE.equals(type)) { foundCounterSignature = true; } assertTrue(diagnosticData.isBLevelTechnicallyValid(xmlDom.getAttribute("Id"))); } assertTrue(foundCounterSignature); }
From source file:net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser.java
License:BSD License
private boolean verifyOptionalSignedAttributes(SignerInformation signer) { //To loop over ASN1EncodableVector signedAttributes = signer.getSignedAttributes().toASN1EncodableVector(); boolean allAttributesCorrect = true; for (int i = 0; i < signedAttributes.size(); i++) { ASN1Encodable signedAttribute = signedAttributes.get(i); if (!isAllowedSignedAttribute((Attribute) signedAttribute)) { allAttributesCorrect = false; break; }/*w ww. ja v a 2s .c om*/ } if (allAttributesCorrect) { validationResult.pass(SIGNED_ATTRS_CORRECT); } else { validationResult.warn(SIGNED_ATTRS_CORRECT); } return allAttributesCorrect; }
From source file:net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser.java
License:BSD License
private boolean verifySigner(SignerInformation signer, X509Certificate certificate) { validationResult.rejectIfFalse(DIGEST_ALGORITHM_OID.equals(signer.getDigestAlgOID()), CMS_SIGNER_INFO_DIGEST_ALGORITHM); validationResult.rejectIfFalse(RSA_ENCRYPTION_OID.equals(signer.getEncryptionAlgOID()) || SHA256WITHRSA_ENCRYPTION_OID.equals(signer.getEncryptionAlgOID()), ENCRYPTION_ALGORITHM); if (!validationResult.rejectIfNull(signer.getSignedAttributes(), SIGNED_ATTRS_PRESENT)) { return false; }//w w w .j a v a2s .c o m validationResult.rejectIfNull(signer.getSignedAttributes().get(CMSAttributes.contentType), CONTENT_TYPE_ATTR_PRESENT); validationResult.rejectIfNull(signer.getSignedAttributes().get(CMSAttributes.messageDigest), MSG_DIGEST_ATTR_PRESENT); //http://tools.ietf.org/html/rfc6488#section-2.1.6.4 //MUST include contentType and messageDigest //MAY include signingTime, binary-signing-time, or both //Other attributes MUST NOT be included //Check if the signedAttributes are allowed verifyOptionalSignedAttributes(signer); SignerId signerId = signer.getSID(); try { validationResult.rejectIfFalse(signerId.match(new JcaX509CertificateHolder(certificate)), SIGNER_ID_MATCH); } catch (CertificateEncodingException e) { throw new AbstractX509CertificateWrapperException(e); } return true; }
From source file:net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectParser.java
License:BSD License
private boolean verifyAndStoreSigningTime(SignerInformation signer) { Attribute signingTimeAttibute = signer.getSignedAttributes().get(CMSAttributes.signingTime); if (!validationResult.rejectIfNull(signingTimeAttibute, SIGNING_TIME_ATTR_PRESENT)) { return false; }//from w w w . j ava2 s. c o m if (!validationResult.rejectIfFalse(signingTimeAttibute.getAttrValues().size() == 1, ONLY_ONE_SIGNING_TIME_ATTR)) { return false; } Time signingTimeDate = Time.getInstance(signingTimeAttibute.getAttrValues().getObjectAt(0)); signingTime = new DateTime(signingTimeDate.getDate().getTime(), DateTimeZone.UTC); return true; }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObject.java
License:BSD License
/** * This is used to check against replay attacks, see <a * href="http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.2" * >http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.2</a><br > */// w w w .j av a 2 s. c om public DateTime getSigningTime() { try { CMSSignedData cmsSignedData = new CMSSignedData(encodedContent); SignerInformationStore sis = cmsSignedData.getSignerInfos(); @SuppressWarnings("unchecked") Collection<SignerInformation> signers = sis.getSigners(); for (SignerInformation signerInformation : signers) { AttributeTable signedAttributes = signerInformation.getSignedAttributes(); Attribute signingTime = signedAttributes.get(CMSAttributes.signingTime); @SuppressWarnings("unchecked") Enumeration<Object> en = signingTime.getAttrValues().getObjects(); while (en.hasMoreElements()) { Object obj = en.nextElement(); if (obj instanceof DERUTCTime) { DERUTCTime derTime = (DERUTCTime) obj; return new DateTime(derTime.getDate()); } } } throw new IllegalArgumentException("Malformed encoded cms content"); } catch (CMSException e) { throw new IllegalArgumentException("Malformed encoded cms content", e); } catch (ParseException e) { throw new IllegalArgumentException("Malformed encoded cms content", e); } }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObjectBuilderTest.java
License:BSD License
/** * http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.4 *///w w w . j av a 2 s. c o m @Test public void shouldCmsObjectHaveSignedAttributes() throws Exception { Collection<?> signers = signedDataParser.getSignerInfos().getSigners(); SignerInformation signer = (SignerInformation) signers.iterator().next(); assertNotNull(signer.getSignedAttributes()); }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObjectBuilderTest.java
License:BSD License
/** * http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.4.1 *//*from w ww . java2s .c o m*/ @Test public void shouldCmsObjectHaveCorrectContentTypeSignedAttribute() throws Exception { Collection<?> signers = signedDataParser.getSignerInfos().getSigners(); SignerInformation signer = (SignerInformation) signers.iterator().next(); AttributeTable attributeTable = signer.getSignedAttributes(); Attribute contentType = attributeTable.get(CMSAttributes.contentType); assertNotNull(contentType); assertEquals(1, contentType.getAttrValues().size()); assertEquals(new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.1.28"), contentType.getAttrValues().getObjectAt(0)); }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObjectBuilderTest.java
License:BSD License
/** * http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.4.2 *///from ww w. j ava2 s. c o m @Test public void shouldCmsObjectHaveCorrectMessageDigestSignedAttribute() throws Exception { Collection<?> signers = signedDataParser.getSignerInfos().getSigners(); SignerInformation signer = (SignerInformation) signers.iterator().next(); AttributeTable attributeTable = signer.getSignedAttributes(); Attribute messageDigest = attributeTable.get(CMSAttributes.messageDigest); assertNotNull(messageDigest); assertEquals(1, messageDigest.getAttrValues().size()); assertNotNull(messageDigest.getAttrValues().getObjectAt(0)); }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObjectBuilderTest.java
License:BSD License
/** * http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.4.3 */// w w w .j a v a 2 s. c o m @Test public void shouldCmsObjectHaveSigningTimeSignedAttribute() throws Exception { Collection<?> signers = signedDataParser.getSignerInfos().getSigners(); SignerInformation signer = (SignerInformation) signers.iterator().next(); AttributeTable attributeTable = signer.getSignedAttributes(); Attribute signingTimeAttr = attributeTable.get(CMSAttributes.signingTime); assertNotNull(signingTimeAttr); assertEquals(1, signingTimeAttr.getAttrValues().size()); DERUTCTime signingTime = (DERUTCTime) signingTimeAttr.getAttrValues().getObjectAt(0); assertEquals(this.signingTime, signingTime.getDate().getTime()); }