List of usage examples for org.bouncycastle.x509 AttributeCertificateHolder AttributeCertificateHolder
public AttributeCertificateHolder(X500Principal issuerName, BigInteger serialNumber)
From source file:org.signserver.module.cmssigner.CMSSignerTest.java
License:Open Source License
private void helperBasicCMSSign(final int workerId, final String sigAlg, final String expectedDigAlgOID, final String expectedEncAlgOID, final String includedCertificateLevelsProperty, final int expectedIncludedCertificateLevels) throws Exception { final int reqid = 37; final String testDocument = "Something to sign...123"; final GenericSignRequest signRequest = new GenericSignRequest(reqid, testDocument.getBytes()); // override signature algorithm if set if (sigAlg != null) { workerSession.setWorkerProperty(workerId, CMSSigner.SIGNATUREALGORITHM_PROPERTY, sigAlg); } else {/*from w w w . ja v a2 s . c o m*/ workerSession.removeWorkerProperty(workerId, CMSSigner.SIGNATUREALGORITHM_PROPERTY); } if (includedCertificateLevelsProperty != null) { workerSession.setWorkerProperty(workerId, WorkerConfig.PROPERTY_INCLUDE_CERTIFICATE_LEVELS, includedCertificateLevelsProperty); } else { workerSession.removeWorkerProperty(workerId, WorkerConfig.PROPERTY_INCLUDE_CERTIFICATE_LEVELS); } workerSession.reloadConfiguration(workerId); final GenericSignResponse res = (GenericSignResponse) workerSession.process(workerId, signRequest, new RequestContext()); final byte[] data = res.getProcessedData(); // Answer to right question assertSame("Request ID", reqid, res.getRequestID()); // Output for manual inspection final FileOutputStream fos = new FileOutputStream( new File(getSignServerHome(), "tmp" + File.separator + "signedcms_" + sigAlg + ".p7s")); fos.write((byte[]) data); fos.close(); // Check certificate returned final Certificate signercert = res.getSignerCertificate(); assertNotNull("Signer certificate", signercert); // Check that the signed data contains the document (i.e. not detached) final CMSSignedData signedData = new CMSSignedData(data); final byte[] content = (byte[]) signedData.getSignedContent().getContent(); assertEquals("Signed document", testDocument, new String(content)); // Get signers final Collection signers = signedData.getSignerInfos().getSigners(); final SignerInformation signer = (SignerInformation) signers.iterator().next(); // Verify using the signer's certificate assertTrue("Verification using signer certificate", signer.verify(signercert.getPublicKey(), "BC")); // Check that the signer's certificate is included CertStore certs = signedData.getCertificatesAndCRLs("Collection", "BC"); X509Principal issuer = new X509Principal(signer.getSID().getIssuer()); CertSelector cs = new AttributeCertificateHolder(issuer, signer.getSID().getSerialNumber()); Collection<? extends Certificate> signerCerts = certs.getCertificates(cs); assertEquals("Certificate included", expectedIncludedCertificateLevels, signerCerts.size()); if (!signerCerts.isEmpty()) { assertEquals(signercert, signerCerts.iterator().next()); } // check the signature algorithm assertEquals("Digest algorithm", expectedDigAlgOID, signer.getDigestAlgorithmID().getAlgorithm().getId()); assertEquals("Encryption algorithm", expectedEncAlgOID, signer.getEncryptionAlgOID()); }