public boolean verify(PublicKey publicKey) throws Exception { SMIMESigned signed = new SMIMESigned(body); SignerInformationStore signers = signed.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); return (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))); }
SMIMESigned signed; if (obj instanceof MimeMultipart) { signed = new SMIMESigned((MimeMultipart) message.getContent()); } else if (obj instanceof SMIMESigned) { signed = (SMIMESigned) obj; } else if (obj instanceof byte[]) { signed = new SMIMESigned(message); } else { signed = null; strippedMessage = signed.getContent(); } else { LOGGER.info("Content not identified as signed");
.addCertificates(signed.getCertificates()) .addCRLs(signed.getCRLs()) .build(); SignerInformationStore siginfo = signed.getSignerInfos(); Collection<SignerInformation> sigCol = siginfo.getSigners(); List<SMIMESignerInfo> result = new ArrayList<>(sigCol.size());
private SignedMessage(MimeMessage message) throws IOException, OxalisAs2Exception { try { // Verify content type if (!message.isMimeType("multipart/signed")) throw new OxalisAs2Exception("Received content is not 'multipart/signed'."); micalg = extractMicalg(message); // Extract headers //noinspection unchecked // headers = Collections.list((Enumeration<Header>) message.getAllHeaders()); // Create MimeMultitype mimeMultipart = (MimeMultipart) message.getContent(); // Extracting signature signature = ByteStreams.toByteArray(mimeMultipart.getBodyPart(1).getInputStream()); // Create signed message smimeSigned = new SMIMESigned(mimeMultipart); } catch (CMSException | MessagingException e) { throw new OxalisAs2Exception("Unable to parse received content.", e); } }
SignerInformationStore signers = signedMessage.getSignerInfos(); Iterator<SignerInformation> it = signers.getSigners().iterator(); Store<?> certs = signedMessage.getCertificates();
public InputStream getContent() throws IOException, OxalisSecurityException, OxalisAs2Exception { try { if (signer == null) throw new OxalisSecurityException("Content is not validated."); return smimeSigned.getContent().getInputStream(); } catch (MessagingException e) { throw new OxalisAs2Exception("Unable to fetch content.", e); } }
public void validate(X509Certificate certificate) throws OxalisSecurityException, PeppolSecurityException { try { SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .build(certificate.getPublicKey()); for (SignerInformation signerInformation : smimeSigned.getSignerInfos().getSigners()) { if (signerInformation.verify(verifier)) { signer = certificate; digest = signerInformation.getContentDigest(); return; } } } catch (CMSException e) { throw new OxalisSecurityException(e.getMessage(), e); } catch (OperatorCreationException e) { throw new OxalisSecurityException("Unable to create SignerInformationVerifier.", e); } throw new PeppolSecurityException("Unable to verify signature."); }
public void validate(Service service, CertificateValidator validator, String commonName) throws IOException, OxalisSecurityException, PeppolSecurityException { for (X509CertificateHolder holder : (CollectionStore<X509CertificateHolder>) smimeSigned.getCertificates()) { if (CertificateUtils.containsCommonName(holder.getSubject(), commonName)) { try { X509Certificate certificate = CertificateUtils.parseCertificate(holder.getEncoded()); if (isValid(service, validator, certificate)) { validate(certificate); return; } } catch (CertificateException e) { log.debug("Unable to initiate certificate object."); } } } throw new OxalisSecurityException(commonName == null ? "Unable to find valid certificate for validation of content." : String.format("Unable to find valid certificate with CN '%s' for validation of content.", commonName)); }
SMIMESigned signedPart = new SMIMESigned(mainParts); String contentTxfrEnc = signedPart.getContent().getEncoding(); if (contentTxfrEnc == null || contentTxfrEnc.length() < 1) return signedPart.getContent();
private SignedMessage(MimeMessage message) throws IOException, OxalisAs2Exception { try { // Verify content type if (!message.isMimeType("multipart/signed")) throw new OxalisAs2Exception("Received content is not 'multipart/signed'."); micalg = extractMicalg(message); // Extract headers //noinspection unchecked // headers = Collections.list((Enumeration<Header>) message.getAllHeaders()); // Create MimeMultitype mimeMultipart = (MimeMultipart) message.getContent(); // Extracting signature signature = ByteStreams.toByteArray(mimeMultipart.getBodyPart(1).getInputStream()); // Create signed message smimeSigned = new SMIMESigned(mimeMultipart); } catch (CMSException | MessagingException e) { throw new OxalisAs2Exception("Unable to parse received content.", e); } }
public InputStream getContent() throws IOException, OxalisSecurityException, OxalisAs2Exception { try { if (signer == null) throw new OxalisSecurityException("Content is not validated."); return smimeSigned.getContent().getInputStream(); } catch (MessagingException e) { throw new OxalisAs2Exception("Unable to fetch content.", e); } }
public void validate(X509Certificate certificate) throws OxalisSecurityException, PeppolSecurityException { try { SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .build(certificate.getPublicKey()); for (SignerInformation signerInformation : smimeSigned.getSignerInfos().getSigners()) { if (signerInformation.verify(verifier)) { signer = certificate; digest = signerInformation.getContentDigest(); return; } } } catch (CMSException e) { throw new OxalisSecurityException(e.getMessage(), e); } catch (OperatorCreationException e) { throw new OxalisSecurityException("Unable to create SignerInformationVerifier.", e); } throw new PeppolSecurityException("Unable to verify signature."); }
public void validate(Service service, CertificateValidator validator, String commonName) throws IOException, OxalisSecurityException, PeppolSecurityException { for (X509CertificateHolder holder : (CollectionStore<X509CertificateHolder>) smimeSigned.getCertificates()) { if (CertificateUtils.containsCommonName(holder.getSubject(), commonName)) { try { X509Certificate certificate = CertificateUtils.parseCertificate(holder.getEncoded()); if (isValid(service, validator, certificate)) { validate(certificate); return; } } catch (CertificateException e) { log.debug("Unable to initiate certificate object."); } } } throw new OxalisSecurityException(commonName == null ? "Unable to find valid certificate for validation of content." : String.format("Unable to find valid certificate with CN '%s' for validation of content.", commonName)); }
.contains(CONTENT_TYPE_MULTIPART_SIGNED)) { signedMessage = new SMIMESigned(multipartContent); } else if (content instanceof BASE64DecoderStream) { signedMessage = new SMIMESigned(decryptedMsg); // will throw exception if not signed decryptedMsg.setContent(signedMessage.getContent().getContent(), signedMessage.getContent().getContentType());
/** * Get the internal SMIMESigned message * * @return the SMIMESigned message instance * @throws PackageException */ public SMIMESigned getSMIMESignedMessage() throws PackageException { if (smimeSignedMessage == null && message != null) { // smimeSignedMessage is not 'null' if the message is signed and already decrypted final String notASignedMessage = "The Content-Type is '" + CONTENT_TYPE_MULTIPART_SIGNED + "' but could not create SMIMESigned message"; try { if (message.isMimeType(CONTENT_TYPE_MULTIPART_SIGNED)) { smimeSignedMessage = new SMIMESigned((MimeMultipart) message.getContent()); } } catch (MessagingException me) { throw new PackageException("Could not get message details", me); } catch (CMSException e) { throw new PackageException(notASignedMessage, e); } catch (IOException e) { throw new PackageException(notASignedMessage, e); } } return smimeSignedMessage; }