List of usage examples for org.bouncycastle.cms SignerInformation getSignedAttributes
public AttributeTable getSignedAttributes()
From source file:se.tillvaxtverket.ttsigvalws.ttwssigvalidation.pdf.PdfSignatureVerifier.java
License:Open Source License
private static void verifyCMSSignature(CMSSignedDataParser sp, CMSSigVerifyResult sigResult) throws CMSException, IOException, CertificateException, OperatorCreationException { CollectionStore certStore = (CollectionStore) sp.getCertificates(); Iterator ci = certStore.iterator(); List<X509Certificate> certList = new ArrayList<>(); while (ci.hasNext()) { X509CertificateHolder ch = (X509CertificateHolder) ci.next(); certList.add(getCert(ch));//from w ww.j a v a 2 s. c o m } sigResult.setCertList(certList); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Date claimedSigningTime = getClaimedSigningTime(signer); sigResult.setClaimedSigningTime(claimedSigningTime); Collection certCollection = certStore.getMatches(signer.getSID()); X509CertificateHolder certHolder = (X509CertificateHolder) certCollection.iterator().next(); sigResult.setCert(getCert(certHolder)); //Check signature sigResult.setValid( signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder))); sigResult.setStatus(sigResult.isValid() ? "Valid" : "Signature verification failed"); if (!sigResult.isValid()) { return; } // Collect sig algo data getPkParams(sigResult.getCert().getPublicKey(), sigResult); DigestAlgorithm signerInfoHashAlgo = DigestAlgorithm.getDigestAlgoFromOid(signer.getDigestAlgOID()); sigResult.setDigestAlgo(signerInfoHashAlgo); String encryptionAlgOID = signer.getEncryptionAlgOID(); SupportedSigAlgoritm sigAlgoFromSignerInfoAndCert = SupportedSigAlgoritm .getAlgoFromOidAndHash(new ASN1ObjectIdentifier(encryptionAlgOID), signerInfoHashAlgo); sigResult.setSigAlgo(sigAlgoFromSignerInfoAndCert); Attribute cmsAlgoProtAttr = signer.getSignedAttributes() .get(new ASN1ObjectIdentifier(PdfObjectIds.ID_AA_CMS_ALGORITHM_PROTECTION)); getCMSAlgoritmProtectionData(cmsAlgoProtAttr, sigResult); if (!checkAlgoritmConsistency(sigResult)) { sigResult.setValid(false); sigResult.setStatus( "Signature was verified but with inconsistent Algoritm declarations or unsupported algoritms"); } if (sigResult.isValid()) { verifyPadesProperties(signer, sigResult); } } }
From source file:se.tillvaxtverket.ttsigvalws.ttwssigvalidation.pdf.PdfSignatureVerifier.java
License:Open Source License
private static Date getClaimedSigningTime(SignerInformation signer) { try {/*from w w w . j a v a2s. c o m*/ AttributeTable signedAttributes = signer.getSignedAttributes(); Attribute sigTimeAttr = signedAttributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.5")); ASN1Encodable[] attributeValues = sigTimeAttr.getAttributeValues(); ASN1UTCTime utcTime = (ASN1UTCTime) attributeValues[0]; return utcTime.getDate(); } catch (Exception e) { return null; } }
From source file:se.tillvaxtverket.ttsigvalws.ttwssigvalidation.pdf.PdfSignatureVerifier.java
License:Open Source License
private static void verifyPadesProperties(SignerInformation signer, CMSSigVerifyResult sigResult) { try {//from w ww.j a v a2s. co m AttributeTable signedAttributes = signer.getSignedAttributes(); Attribute essSigningCertV2Attr = signedAttributes .get(new ASN1ObjectIdentifier(PdfObjectIds.ID_AA_SIGNING_CERTIFICATE_V2)); Attribute signingCertAttr = signedAttributes .get(new ASN1ObjectIdentifier(PdfObjectIds.ID_AA_SIGNING_CERTIFICATE_V1)); if (essSigningCertV2Attr == null && signingCertAttr == null) { sigResult.setPades(false); sigResult.setPadesVerified(false); return; } //Start assuming that PAdES validation is non-successful sigResult.setPades(true); sigResult.setPadesVerified(false); sigResult.setValid(false); DEROctetString certHashOctStr = null; DigestAlgorithm hashAlgo = null; if (essSigningCertV2Attr != null) { ASN1Encodable[] attributeValues = essSigningCertV2Attr.getAttributeValues(); ASN1Sequence signingCertificateV2Seq = (ASN1Sequence) attributeValues[0]; //Holds sequence of certs and policy ASN1Sequence essCertV2Seq = (ASN1Sequence) signingCertificateV2Seq.getObjectAt(0); // holds sequence of cert ASN1Sequence certSeq = (ASN1Sequence) essCertV2Seq.getObjectAt(0); //Holds seq of algoId, cert hash and sigId ASN1Sequence algoSeq = (ASN1Sequence) certSeq.getObjectAt(0); //Holds sequence of OID and algo params ASN1ObjectIdentifier algoOid = (ASN1ObjectIdentifier) algoSeq.getObjectAt(0); hashAlgo = getDigestAlgo(algoOid); certHashOctStr = (DEROctetString) certSeq.getObjectAt(1); } else { if (signingCertAttr != null) { ASN1Encodable[] attributeValues = signingCertAttr.getAttributeValues(); ASN1Sequence signingCertificateV2Seq = (ASN1Sequence) attributeValues[0]; //Holds sequence of certs and policy ASN1Sequence essCertV2Seq = (ASN1Sequence) signingCertificateV2Seq.getObjectAt(0); // holds sequence of cert ASN1Sequence certSeq = (ASN1Sequence) essCertV2Seq.getObjectAt(0); //holds sequence of cert hash and sigID certHashOctStr = (DEROctetString) certSeq.getObjectAt(0); hashAlgo = DigestAlgorithm.SHA1; } } if (hashAlgo == null || certHashOctStr == null) { sigResult.setStatus("Unsupported hash algo for ESS-SigningCertAttributeV2"); return; } MessageDigest md = MessageDigest.getInstance(hashAlgo.getName()); md.update(sigResult.getCert().getEncoded()); byte[] certHash = md.digest(); // //Debug // String certHashStr = String.valueOf(Base64Coder.encode(certHash)); // String expectedCertHashStr = String.valueOf(Base64Coder.encode(certHashOctStr.getOctets())); if (!Arrays.equals(certHash, certHashOctStr.getOctets())) { sigResult.setStatus("Cert Hash mismatch"); return; } //PadES validation was successful sigResult.setPadesVerified(true); sigResult.setValid(true); } catch (Exception e) { sigResult.setStatus("Exception while examining Pades signed cert attr: " + e.getMessage()); } }