Example usage for org.bouncycastle.x509 AttributeCertificateHolder AttributeCertificateHolder

List of usage examples for org.bouncycastle.x509 AttributeCertificateHolder AttributeCertificateHolder

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.x509.*
  5. AttributeCertificateHolder
  6. AttributeCertificateHolder

Introduction

In this page you can find the example usage for org.bouncycastle.x509 AttributeCertificateHolder AttributeCertificateHolder.

Prototype

public AttributeCertificateHolder(X500Principal issuerName, BigInteger serialNumber)

Source Link

Usage

From source file:org.signserver.module.cmssigner.CMSSignerTest.java

License:Open Source License

private void helperBasicCMSSign(final int workerId, final String sigAlg, final String expectedDigAlgOID,
        final String expectedEncAlgOID, final String includedCertificateLevelsProperty,
        final int expectedIncludedCertificateLevels) throws Exception {
    final int reqid = 37;

    final String testDocument = "Something to sign...123";

    final GenericSignRequest signRequest = new GenericSignRequest(reqid, testDocument.getBytes());

    // override signature algorithm if set
    if (sigAlg != null) {
        workerSession.setWorkerProperty(workerId, CMSSigner.SIGNATUREALGORITHM_PROPERTY, sigAlg);
    } else {/*from w w w . ja v a2  s . c o  m*/
        workerSession.removeWorkerProperty(workerId, CMSSigner.SIGNATUREALGORITHM_PROPERTY);
    }

    if (includedCertificateLevelsProperty != null) {
        workerSession.setWorkerProperty(workerId, WorkerConfig.PROPERTY_INCLUDE_CERTIFICATE_LEVELS,
                includedCertificateLevelsProperty);
    } else {
        workerSession.removeWorkerProperty(workerId, WorkerConfig.PROPERTY_INCLUDE_CERTIFICATE_LEVELS);
    }

    workerSession.reloadConfiguration(workerId);

    final GenericSignResponse res = (GenericSignResponse) workerSession.process(workerId, signRequest,
            new RequestContext());
    final byte[] data = res.getProcessedData();

    // Answer to right question
    assertSame("Request ID", reqid, res.getRequestID());

    // Output for manual inspection
    final FileOutputStream fos = new FileOutputStream(
            new File(getSignServerHome(), "tmp" + File.separator + "signedcms_" + sigAlg + ".p7s"));
    fos.write((byte[]) data);
    fos.close();

    // Check certificate returned
    final Certificate signercert = res.getSignerCertificate();
    assertNotNull("Signer certificate", signercert);

    // Check that the signed data contains the document (i.e. not detached)
    final CMSSignedData signedData = new CMSSignedData(data);
    final byte[] content = (byte[]) signedData.getSignedContent().getContent();
    assertEquals("Signed document", testDocument, new String(content));

    // Get signers
    final Collection signers = signedData.getSignerInfos().getSigners();
    final SignerInformation signer = (SignerInformation) signers.iterator().next();

    // Verify using the signer's certificate
    assertTrue("Verification using signer certificate", signer.verify(signercert.getPublicKey(), "BC"));

    // Check that the signer's certificate is included
    CertStore certs = signedData.getCertificatesAndCRLs("Collection", "BC");
    X509Principal issuer = new X509Principal(signer.getSID().getIssuer());
    CertSelector cs = new AttributeCertificateHolder(issuer, signer.getSID().getSerialNumber());
    Collection<? extends Certificate> signerCerts = certs.getCertificates(cs);
    assertEquals("Certificate included", expectedIncludedCertificateLevels, signerCerts.size());
    if (!signerCerts.isEmpty()) {
        assertEquals(signercert, signerCerts.iterator().next());
    }

    // check the signature algorithm
    assertEquals("Digest algorithm", expectedDigAlgOID, signer.getDigestAlgorithmID().getAlgorithm().getId());
    assertEquals("Encryption algorithm", expectedEncAlgOID, signer.getEncryptionAlgOID());
}