List of usage examples for org.bouncycastle.mail.smime SMIMESigned getCertificates
public Store<X509CertificateHolder> getCertificates()
From source file:br.ufpb.dicomflow.integrationAPI.mail.impl.SMTPServiceExtractor.java
License:Open Source License
/** * verify the signature (assuming the cert is contained in the message) */// w w w . j a va 2 s . co m private boolean verify(SMIMESigned s) throws Exception { // // extract the information to verify the signatures. // // // certificates and crls passed in the signature - this must happen before // s.getSignerInfos() // Store certs = s.getCertificates(); // // SignerInfo blocks which contain the signatures // SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); // // check each signer // while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = certs.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509Certificate cert = new JcaX509CertificateConverter() .getCertificate((X509CertificateHolder) certIt.next()); // // verify that the sign is correct and that it was generated // when the certificate was current // if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))) { return true; } else { return false; } } return false; }
From source file:eu.peppol.as2.MimeMessageHelperTest.java
License:EUPL
/** * verify the signature (assuming the cert is contained in the message) *//*from w w w .j ava2 s . c om*/ private boolean verify(String resourceName, boolean debug) { System.out.println("Verifying resource " + resourceName + " (debug=" + debug + ")"); String resourcePath = "real-mdn-examples/" + resourceName; try { // add provider Security.addProvider(new BouncyCastleProvider()); // shortcuts lots of steps in the above test (parseLegalMimeMessageWithHeaders) MimeMultipart multipartSigned = (MimeMultipart) MimeMessageHelper .createMimeMessage( MimeMessageHelperTest.class.getClassLoader().getResourceAsStream(resourcePath)) .getContent(); assertNotNull(multipartSigned); // verify signature SMIMESigned signedMessage = new SMIMESigned(multipartSigned); Store certs = signedMessage.getCertificates(); SignerInformationStore signers = signedMessage.getSignerInfos(); for (Object signerInformation : signers.getSigners()) { SignerInformation signer = (SignerInformation) signerInformation; Collection certCollection = certs.getMatches(signer.getSID()); Iterator certIterator = certCollection.iterator(); X509Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()) .getCertificate((X509CertificateHolder) certIterator.next()); if (debug) System.out.println("Signing certificate : " + cert); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .setProvider(new BouncyCastleProvider()).build(cert); if (signer.verify(signerInformationVerifier)) return true; } } catch (Exception ex) { System.out.println("Verification failed with exception " + ex.getMessage()); } return false; }
From source file:net.markenwerk.utils.mail.smime.SmimeUtil.java
License:Open Source License
/** * Checks a SMIMESigned to make sure that the signature matches. *//*from w w w. j a v a2 s.com*/ private static boolean checkSignature(SMIMESigned smimeSigned) throws MessagingException, IOException, GeneralSecurityException { try { boolean returnValue = true; @SuppressWarnings("rawtypes") Store certificates = smimeSigned.getCertificates(); Iterator<SignerInformation> signerInformations = smimeSigned.getSignerInfos().getSigners().iterator(); while (returnValue && signerInformations.hasNext()) { SignerInformation signerInformation = signerInformations.next(); X509Certificate certificate = getCertificate(certificates, signerInformation.getSID()); SignerInformationVerifier verifier = getVerifier(certificate); if (!signerInformation.verify(verifier)) { returnValue = false; } } return returnValue; } catch (Exception e) { throw handledException(e); } }
From source file:no.difi.oxalis.as2.util.MimeMessageHelperTest.java
License:EUPL
/** * verify the signature (assuming the cert is contained in the message) *//*from w w w. j ava 2s . c o m*/ private boolean verify(String resourceName, boolean debug) { System.out.println("Verifying resource " + resourceName + " (debug=" + debug + ")"); String resourcePath = "real-mdn-examples/" + resourceName; try { // shortcuts lots of steps in the above test (parseLegalMimeMessageWithHeaders) MimeMultipart multipartSigned = (MimeMultipart) MimeMessageHelper .createMimeMessage( MimeMessageHelperTest.class.getClassLoader().getResourceAsStream(resourcePath)) .getContent(); assertNotNull(multipartSigned); // verify signature SMIMESigned signedMessage = new SMIMESigned(multipartSigned); Store certs = signedMessage.getCertificates(); SignerInformationStore signers = signedMessage.getSignerInfos(); for (Object signerInformation : signers.getSigners()) { SignerInformation signer = (SignerInformation) signerInformation; Collection certCollection = certs.getMatches(signer.getSID()); Iterator certIterator = certCollection.iterator(); X509Certificate cert = new JcaX509CertificateConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate((X509CertificateHolder) certIterator.next()); if (debug) System.out.println("Signing certificate : " + cert); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(cert); if (signer.verify(signerInformationVerifier)) return true; } } catch (Exception ex) { System.out.println("Verification failed with exception " + ex.getMessage()); } return false; }
From source file:org.apache.james.transport.KeyStoreHolder.java
License:Apache License
/** * Verifies the signature of a SMIME message. * /*from w ww . j a v a2 s. c o m*/ * It checks also if the signer's certificate is trusted using the loaded * keystore as trusted certificate store. * * @param signed * the signed mail to check. * @return a list of SMIMESignerInfo which keeps the data of each mail * signer. * @throws Exception * @throws MessagingException */ public List<SMIMESignerInfo> verifySignatures(SMIMESigned signed) throws Exception { CertStore certs = new JcaCertStoreBuilder().addCertificates(signed.getCertificates()) .addCRLs(signed.getCRLs()).build(); SignerInformationStore siginfo = signed.getSignerInfos(); Collection<SignerInformation> sigCol = siginfo.getSigners(); List<SMIMESignerInfo> result = new ArrayList<SMIMESignerInfo>(sigCol.size()); // I iterate over the signer collection // checking if the signatures put // on the message are valid. for (SignerInformation info : sigCol) { // I get the signer's certificate X509CertificateHolderSelector x509CertificateHolderSelector = new X509CertificateHolderSelector( info.getSID().getSubjectKeyIdentifier()); X509CertSelector certSelector = new JcaX509CertSelectorConverter() .getCertSelector(x509CertificateHolderSelector); @SuppressWarnings("unchecked") Collection<X509Certificate> certCollection = (Collection<X509Certificate>) certs .getCertificates(certSelector); if (!certCollection.isEmpty()) { X509Certificate signerCert = certCollection.iterator().next(); // The issuer's certifcate is searched in the list of trusted certificate. CertPath path = verifyCertificate(signerCert, certs, keyStore); try { // if the signature is valid the SMIMESignedInfo is // created using "true" as last argument. If it is // invalid an exception is thrown by the "verify" method // and the SMIMESignerInfo is created with "false". // // The second argument "path" is not null if the // certificate can be trusted (it can be connected // by a chain of trust to a trusted certificate), null // otherwise. if (info.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signerCert))) { result.add(new SMIMESignerInfo(signerCert, path, true)); } } catch (Exception e) { result.add(new SMIMESignerInfo(signerCert, path, false)); } } } return result; }
From source file:org.votingsystem.signature.smime.SMIMESignedValidator.java
License:Open Source License
/** * verify that the sig is correct and that it was generated when the * certificate was current(assuming the cert is contained in the message). *//* www . j a va 2 s . c o m*/ public static boolean isValidSignature(SMIMESigned smimeSigned) throws Exception { // certificates and crls passed in the signature Store certs = smimeSigned.getCertificates(); // SignerInfo blocks which contain the signatures SignerInformationStore signers = smimeSigned.getSignerInfos(); log.info("signers.size(): " + signers.size()); Collection c = signers.getSigners(); Iterator it = c.iterator(); boolean result = false; // check each signer while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = certs.getMatches(signer.getSID()); log.info("Collection matches: " + certCollection.size()); Iterator certIt = certCollection.iterator(); X509Certificate cert = new JcaX509CertificateConverter().setProvider(ContextVS.PROVIDER) .getCertificate((X509CertificateHolder) certIt.next()); log.info("SubjectDN: " + cert.getSubjectDN() + " - Not before: " + cert.getNotBefore() + " - Not after: " + cert.getNotAfter() + " - SigningTime: " + getSigningTime(signer)); if (signer .verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(ContextVS.PROVIDER).build(cert))) { log.info("signature verified"); result = true; } else { log.info("signature failed!"); result = false; } } return result; }