List of usage examples for org.bouncycastle.cms SignerInformation verify
public boolean verify(SignerInformationVerifier verifier) throws CMSException
From source file:org.xwiki.crypto.signer.internal.cms.BcCMSUtils.java
License:Open Source License
/** * Verify a CMS signature.//from w ww . jav a 2 s . c o m * * @param signer the signer to verify. * @param certKey the certified public key of the signer. * @param contentVerifierProviderBuilder a builder of content provider. * @param digestProvider a digest provider. * @return true if the signature is verified and the certificate was valid at the time of signature. * @throws CMSException if the verifier is unable to create appropriate ContentVerifiers or DigestCalculators. */ public static boolean verify(SignerInformation signer, CertifiedPublicKey certKey, BcContentVerifierProviderBuilder contentVerifierProviderBuilder, DigestFactory digestProvider) throws CMSException { if (certKey == null) { throw new CMSException("No certified key for proceeding to signature validation."); } return signer.verify(new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), contentVerifierProviderBuilder.build(certKey), (DigestCalculatorProvider) digestProvider)); }
From source file:pdfbox.SignatureVerifier.java
License:Apache License
/** * Verify a PKCS7 signature./* w ww . j a v a2s . c o m*/ * * @param byteArray the byte sequence that has been signed * @param contents the /Contents field as a COSString * @param sig the PDF signature (the /V dictionary) * @throws CertificateException * @throws CMSException * @throws StoreException * @throws OperatorCreationException */ private SignatureResult verifyPKCS7(byte[] byteArray, COSString contents, PDSignature sig) throws CMSException, CertificateException, StoreException, OperatorCreationException { // inspiration: // http://stackoverflow.com/a/26702631/535646 // http://stackoverflow.com/a/9261365/535646 CMSProcessable signedContent = new CMSProcessableByteArray(byteArray); CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes()); Store certificatesStore = signedData.getCertificates(); Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); SignerInformation signerInformation = signers.iterator().next(); Collection matches = certificatesStore.getMatches(signerInformation.getSID()); X509CertificateHolder certificateHolder = (X509CertificateHolder) matches.iterator().next(); X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder); //System.out.println("certFromSignedData: " + certFromSignedData); certFromSignedData.checkValidity(sig.getSignDate().getTime()); JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); if (provider != null) { verifierBuilder.setProvider(provider); } boolean validated = false; try { validated = signerInformation.verify(verifierBuilder.build(certFromSignedData)); } catch (CMSSignerDigestMismatchException e) { System.out.println("Signature failed to validate: "); e.printStackTrace(); } return new SignatureResult(certFromSignedData, validated); }
From source file:se.tillvaxtverket.ttsigvalws.ttwssigvalidation.pdf.PdfSignatureVerifier.java
License:Open Source License
private static void verifyCMSSignature(CMSSignedDataParser sp, CMSSigVerifyResult sigResult) throws CMSException, IOException, CertificateException, OperatorCreationException { CollectionStore certStore = (CollectionStore) sp.getCertificates(); Iterator ci = certStore.iterator(); List<X509Certificate> certList = new ArrayList<>(); while (ci.hasNext()) { X509CertificateHolder ch = (X509CertificateHolder) ci.next(); certList.add(getCert(ch));//from w ww . j a v a 2s .c om } sigResult.setCertList(certList); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Date claimedSigningTime = getClaimedSigningTime(signer); sigResult.setClaimedSigningTime(claimedSigningTime); Collection certCollection = certStore.getMatches(signer.getSID()); X509CertificateHolder certHolder = (X509CertificateHolder) certCollection.iterator().next(); sigResult.setCert(getCert(certHolder)); //Check signature sigResult.setValid( signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder))); sigResult.setStatus(sigResult.isValid() ? "Valid" : "Signature verification failed"); if (!sigResult.isValid()) { return; } // Collect sig algo data getPkParams(sigResult.getCert().getPublicKey(), sigResult); DigestAlgorithm signerInfoHashAlgo = DigestAlgorithm.getDigestAlgoFromOid(signer.getDigestAlgOID()); sigResult.setDigestAlgo(signerInfoHashAlgo); String encryptionAlgOID = signer.getEncryptionAlgOID(); SupportedSigAlgoritm sigAlgoFromSignerInfoAndCert = SupportedSigAlgoritm .getAlgoFromOidAndHash(new ASN1ObjectIdentifier(encryptionAlgOID), signerInfoHashAlgo); sigResult.setSigAlgo(sigAlgoFromSignerInfoAndCert); Attribute cmsAlgoProtAttr = signer.getSignedAttributes() .get(new ASN1ObjectIdentifier(PdfObjectIds.ID_AA_CMS_ALGORITHM_PROTECTION)); getCMSAlgoritmProtectionData(cmsAlgoProtAttr, sigResult); if (!checkAlgoritmConsistency(sigResult)) { sigResult.setValid(false); sigResult.setStatus( "Signature was verified but with inconsistent Algoritm declarations or unsupported algoritms"); } if (sigResult.isValid()) { verifyPadesProperties(signer, sigResult); } } }
From source file:test.integ.be.e_contract.mycarenet.etee.SealTest.java
License:Open Source License
private byte[] getVerifiedContent(byte[] cmsData) throws CertificateException, CMSException, IOException, OperatorCreationException { CMSSignedData cmsSignedData = new CMSSignedData(cmsData); SignerInformationStore signers = cmsSignedData.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); Store certificateStore = cmsSignedData.getCertificates(); Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); if (false == certificateCollection.isEmpty()) { X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .build(certificate);/*from w w w. jav a 2 s .co m*/ boolean signatureResult = signer.verify(signerInformationVerifier); assertTrue(signatureResult); LOG.debug("signer certificate: " + certificate); } else { LOG.warn("no signer matched"); } CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); return data; }
From source file:test.unit.be.e_contract.mycarenet.etee.SealTest.java
License:Open Source License
@Test public void testSeal() throws Exception { InputStream sealInputStream = SealTest.class.getResourceAsStream("/seal-fcorneli.der"); assertNotNull(sealInputStream);//from w w w .j a v a 2 s . c o m // check outer signature CMSSignedData cmsSignedData = new CMSSignedData(sealInputStream); SignerInformationStore signers = cmsSignedData.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); Store certificateStore = cmsSignedData.getCertificates(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); Security.addProvider(new BouncyCastleProvider()); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .build(certificate); boolean signatureResult = signer.verify(signerInformationVerifier); assertTrue(signatureResult); LOG.debug("signer certificate: " + certificate); CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] data = (byte[]) signedContent.getContent(); // decrypt content CMSEnvelopedDataParser cmsEnvelopedDataParser = new CMSEnvelopedDataParser(data); LOG.debug("content encryption algo: " + cmsEnvelopedDataParser.getContentEncryptionAlgorithm().getAlgorithm().getId()); RecipientInformationStore recipientInformationStore = cmsEnvelopedDataParser.getRecipientInfos(); @SuppressWarnings("unchecked") Collection<RecipientInformation> recipients = recipientInformationStore.getRecipients(); RecipientInformation recipientInformation = recipients.iterator().next(); LOG.debug("recipient info type: " + recipientInformation.getClass().getName()); KeyTransRecipientInformation keyTransRecipientInformation = (KeyTransRecipientInformation) recipientInformation; }