List of usage examples for org.bouncycastle.cms SignerInformationStore get
public SignerInformation get(SignerId selector)
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESService.java
License:Open Source License
/** * This method countersigns a signature identified through its SignerId * * @param toCounterSignDocument the original signature document containing the signature to countersign * @param parameters the signature parameters * @param selector the SignerId identifying the signature to countersign * @return the updated signature document, in which the countersignature has been embedded *///w w w. ja v a 2 s . c om public DSSDocument counterSignDocument(final DSSDocument toCounterSignDocument, final SignatureParameters parameters, SignerId selector) { final SignatureTokenConnection token = parameters.getSigningToken(); if (token == null) { throw new DSSNullException(SignatureTokenConnection.class, "", "The connection through available API to the SSCD must be set."); } try { //Retrieve the original signature final InputStream inputStream = toCounterSignDocument.openStream(); final CMSSignedData cmsSignedData = new CMSSignedData(inputStream); DSSUtils.closeQuietly(inputStream); SignerInformationStore signerInfos = cmsSignedData.getSignerInfos(); SignerInformation signerInformation = signerInfos.get(selector); //Generate a signed digest on the contents octets of the signature octet String in the identified SignerInfo value //of the original signature's SignedData byte[] dataToSign = signerInformation.getSignature(); byte[] signatureValue = token.sign(dataToSign, parameters.getDigestAlgorithm(), parameters.getPrivateKeyEntry()); //Set the countersignature builder CounterSignatureBuilder builder = new CounterSignatureBuilder(certificateVerifier); builder.setCmsSignedData(cmsSignedData); builder.setSelector(selector); final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm(); final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId(), signatureValue); SignerInfoGeneratorBuilder signerInformationGeneratorBuilder = builder .getSignerInfoGeneratorBuilder(parameters, true); CMSSignedDataGenerator cmsSignedDataGenerator = builder.createCMSSignedDataGenerator(parameters, customContentSigner, signerInformationGeneratorBuilder, null); CMSTypedData content = cmsSignedData.getSignedContent(); CMSSignedData signedData = cmsSignedDataGenerator.generate(content); final CMSSignedData countersignedCMSData = builder.signDocument(signedData); final CMSSignedDocument signature = new CMSSignedDocument(countersignedCMSData); return signature; } catch (CMSException e) { throw new DSSException("Cannot parse CMS data", e); } }
From source file:eu.europa.ec.markt.dss.signature.cades.CounterSignatureBuilder.java
License:Open Source License
/** * This method applies a countersignature to an existing signature * @param signedData the countersignature * @return the updated signature, in which the countersignature has been embedded *///from ww w . ja v a 2 s . c o m public CMSSignedData signDocument(final CMSSignedData signedData) { final ASN1ObjectIdentifier csIdentifier = OID.id_countersignature; //Retrieve the SignerInformation from the countersigned signature final SignerInformationStore originalSignerInfos = cmsSignedData.getSignerInfos(); //Retrieve the SignerInformation from the countersignature final SignerInformationStore signerInfos = signedData.getSignerInfos(); //Add the countersignature SignerInformation updatedSI = cmsSignedData.getSignerInfos().get(selector) .addCounterSigners(originalSignerInfos.get(selector), signerInfos); //Create updated SignerInformationStore Collection<SignerInformation> counterSignatureInformationCollection = new ArrayList<SignerInformation>(); counterSignatureInformationCollection.add(updatedSI); SignerInformationStore signerInformationStore = new SignerInformationStore( counterSignatureInformationCollection); //Return new, updated signature return CMSSignedData.replaceSigners(cmsSignedData, signerInformationStore); }
From source file:eu.europa.esig.dss.cades.signature.CounterSignatureBuilder.java
License:Open Source License
/** * This method applies a countersignature to an existing signature * @param signedData the countersignature * @return the updated signature, in which the countersignature has been embedded *//*from w ww . jav a 2s. com*/ public CMSSignedData signDocument(final CMSSignedData signedData) { //Retrieve the SignerInformation from the countersigned signature final SignerInformationStore originalSignerInfos = cmsSignedData.getSignerInfos(); //Retrieve the SignerInformation from the countersignature final SignerInformationStore signerInfos = signedData.getSignerInfos(); //Add the countersignature SignerInformation updatedSI = cmsSignedData.getSignerInfos().get(selector) .addCounterSigners(originalSignerInfos.get(selector), signerInfos); //Create updated SignerInformationStore Collection<SignerInformation> counterSignatureInformationCollection = new ArrayList<SignerInformation>(); counterSignatureInformationCollection.add(updatedSI); SignerInformationStore signerInformationStore = new SignerInformationStore( counterSignatureInformationCollection); //Return new, updated signature return CMSSignedData.replaceSigners(cmsSignedData, signerInformationStore); }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESSigner.java
License:Open Source License
@SuppressWarnings("static-access") private CMSSignedData updateWithCounterSignature(final CMSSignedData counterSignature, final CMSSignedData originalSignature, SignerId selector) { // Retrieve the SignerInformation from the countersigned signature final SignerInformationStore originalSignerInfos = originalSignature.getSignerInfos(); // Retrieve the SignerInformation from the countersignature final SignerInformationStore signerInfos = counterSignature.getSignerInfos(); // Add the countersignature SignerInformation updatedSI = originalSignature.getSignerInfos().get(selector) .addCounterSigners(originalSignerInfos.get(selector), signerInfos); // Create updated SignerInformationStore Collection<SignerInformation> counterSignatureInformationCollection = new ArrayList<SignerInformation>(); counterSignatureInformationCollection.add(updatedSI); SignerInformationStore signerInformationStore = new SignerInformationStore( counterSignatureInformationCollection); // Return new, updated signature return CMSSignedData.replaceSigners(originalSignature, signerInformationStore); }
From source file:org.neociclo.odetteftp.util.EnvelopingUtil.java
License:Apache License
public static InputStream openSignedDataParser(InputStream sigData, final X509Certificate checkCert, final SignatureVerifyResult checkResult) throws CMSException { installBouncyCastleProviderIfNecessary(); // set up the parser final CMSSignedDataParser sp = new CMSSignedDataParser(sigData); // TODO what to do? the validity of the certificate isn't verified here ////from w ww .j a v a 2s . c om // Perform signature verification. // // Create a runnable block which is executed after the returned // input stream is completely read (end of stream is reached). This is // strictly important, because we are in a streaming mode the order of // the operations is important. // final Runnable signatureChecker = new Runnable() { public void run() { try { SignerInformationStore signers = sp.getSignerInfos(); // lookup signer by matching with the given certificate SignerId sigId = new SignerId(new X500Name(checkCert.getIssuerX500Principal().getName()), checkCert.getSerialNumber()); SignerInformation signer = signers.get(sigId); // perform signature verification if (signer != null) { // // verify that the signature is correct and that it was generated // when the certificate was current // if (signer.verify(checkCert, BC_PROVIDER)) { // signature verified if (checkResult != null) { checkResult.setSuccess(); } } else { // signature failed!!! if (checkResult != null) { checkResult.setFailure(); } } } else { // signer not found if (checkResult != null) { checkResult.setError(new Exception("Provided check certificate doesn't match.")); } } } catch (Exception e) { if (checkResult != null) { checkResult.setError(e); } } } }; // // Return content stream from the encapsulated data. // // A simple input stream is returned, where readable bytes represents // the original content data (without signatures) from the encapsulated // signed envelope. But a wrapping InputStream is created to execute the // signature verification after the buffer is completely read. // final InputStream contentStream = sp.getSignedContent().getContentStream(); InputStream endOfStreamSignatureCheckInputStream = new InputStream() { /** * Used to avoid running the signature checker above multiple times. */ private boolean alreadyReachedEof = false; @Override public int read() throws IOException { int b = contentStream.read(); if (b == -1 && !alreadyReachedEof) { alreadyReachedEof = true; signatureChecker.run(); } return b; } }; return endOfStreamSignatureCheckInputStream; }