Java tutorial
/** * DSS - Digital Signature Services * Copyright (C) 2015 European Commission, provided under the CEF programme * * This file is part of the "DSS - Digital Signature Services" project. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ package eu.europa.esig.dss.cades.validation; import java.io.InputStream; import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringUtils; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.CMSSignedData; import org.bouncycastle.cms.SignerInformation; import org.bouncycastle.util.encoders.Base64; import eu.europa.esig.dss.DSSDocument; import eu.europa.esig.dss.DSSException; import eu.europa.esig.dss.DSSUtils; import eu.europa.esig.dss.InMemoryDocument; import eu.europa.esig.dss.cades.CMSUtils; import eu.europa.esig.dss.validation.AdvancedSignature; import eu.europa.esig.dss.validation.SignedDocumentValidator; /** * Validation of CMS document * */ public class CMSDocumentValidator extends SignedDocumentValidator { protected CMSSignedData cmsSignedData; private static final String BASE64_REGEX = "^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$"; /** * This constructor is used with {@code TimeStampToken}. */ public CMSDocumentValidator() { super(new CAdESSignatureScopeFinder()); } /** * The default constructor for {@code CMSDocumentValidator}. * * @param cmsSignedData * pkcs7-signature(s) */ public CMSDocumentValidator(final CMSSignedData cmsSignedData) { this(); this.cmsSignedData = cmsSignedData; } /** * The default constructor for {@code CMSDocumentValidator}. * * @param document * document to validate (with the signature(s)) * @throws DSSException */ public CMSDocumentValidator(final DSSDocument document) throws DSSException { this(); this.document = document; InputStream inputStream = null; try { inputStream = document.openStream(); if (DSSUtils.available(inputStream) > 0) { this.cmsSignedData = new CMSSignedData(inputStream); } } catch (CMSException e) { throw new DSSException("Not a valid CAdES file", e); } finally { IOUtils.closeQuietly(inputStream); } } @Override public boolean isSupported(DSSDocument dssDocument) { int headerLength = 500; byte[] preamble = new byte[headerLength]; DSSUtils.readToArray(dssDocument, headerLength, preamble); final String preambleString = new String(preamble); if (preambleString.getBytes()[0] == 0x30) { return true; } return false; } @Override public List<AdvancedSignature> getSignatures() { List<AdvancedSignature> signatures = new ArrayList<AdvancedSignature>(); if (cmsSignedData != null) { for (final Object signerInformationObject : cmsSignedData.getSignerInfos().getSigners()) { final SignerInformation signerInformation = (SignerInformation) signerInformationObject; final CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation, validationCertPool); cadesSignature.setDetachedContents(detachedContents); cadesSignature.setProvidedSigningCertificateToken(providedSigningCertificateToken); signatures.add(cadesSignature); } } return signatures; } @Override public DSSDocument getOriginalDocument(final String signatureId) throws DSSException { if (StringUtils.isBlank(signatureId)) { throw new NullPointerException("signatureId"); } for (final Object signerInformationObject : cmsSignedData.getSignerInfos().getSigners()) { final SignerInformation signerInformation = (SignerInformation) signerInformationObject; final CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation, validationCertPool); cadesSignature.setDetachedContents(detachedContents); cadesSignature.setProvidedSigningCertificateToken(providedSigningCertificateToken); if (cadesSignature.getId().equals(signatureId)) { if (!cadesSignature.getDetachedContents().isEmpty()) { throw new DSSException("The signature must be an enveloping signature"); } byte[] content = CMSUtils.getSignedContent(cmsSignedData.getSignedContent()); content = isBase64Encoded(content) ? Base64.decode(content) : content; return new InMemoryDocument(content); } } throw new DSSException("The signature with the given id was not found!"); } private boolean isBase64Encoded(byte[] array) { return isBase64Encoded(new String(array)); } private boolean isBase64Encoded(String text) { Pattern pattern = Pattern.compile(BASE64_REGEX); Matcher matcher = pattern.matcher(text); return matcher.matches(); } }