public boolean verify(PublicKey publicKey) throws Exception { SMIMESigned signed = new SMIMESigned(body); SignerInformationStore signers = signed.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); return (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))); }
/** * Extend cms signed data with TimeStamp first or to all signers * * @param signedData Generated CMS signed data * @return CMSSignedData Extended CMS signed data * @throws IOException */ public CMSSignedData addSignedTimeStamp(CMSSignedData signedData) throws IOException { SignerInformationStore signerStore = signedData.getSignerInfos(); List<SignerInformation> newSigners = new ArrayList<>(); for (SignerInformation signer : signerStore.getSigners()) { // This adds a timestamp to every signer (into his unsigned attributes) in the signature. newSigners.add(signTimeStamp(signer)); } // Because new SignerInformation is created, new SignerInfoStore has to be created // and also be replaced in signedData. Which creates a new signedData object. return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(newSigners)); }
/** * Processes a signer store and goes through the signers certificate-chain. Adds the found data * to the certInfo. Handles only the first signer, although multiple would be possible, but is * not yet practicable. * * @param certificatesStore To get the certificate information from. Certificates will be saved * in certificatesMap. * @param signedData data from which to get the SignerInformation * @param certInfo where to add certificate information * @return Signer Information of the processed certificatesStore for further usage. * @throws IOException on data-processing error * @throws CertificateProccessingException on a specific error with a certificate */ private SignerInformation processSignerStore(Store<X509CertificateHolder> certificatesStore, CMSSignedData signedData, CertSignatureInformation certInfo) throws IOException, CertificateProccessingException { Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); SignerInformation signerInformation = signers.iterator().next(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> matches = certificatesStore .getMatches((Selector<X509CertificateHolder>) signerInformation.getSID()); X509Certificate certificate = getCertFromHolder(matches.iterator().next()); Collection<X509CertificateHolder> allCerts = certificatesStore.getMatches(null); addAllCerts(allCerts); traverseChain(certificate, certInfo, MAX_CERTIFICATE_CHAIN_DEPTH); return signerInformation; }
public boolean verify(PublicKey publicKey) throws Exception { for (Object info : data.getSignerInfos().getSigners()) { SignerInformation signer = (SignerInformation)info; if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))) { return true; } } return false; }
public boolean verify(X509Certificate certificate) throws Exception { for (Object info : data.getSignerInfos().getSigners()) { SignerInformation signer = (SignerInformation)info; if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate))) { return true; } } return false; } public boolean verify(PublicKey publicKey) throws Exception
/** * get certificate info */ @SuppressWarnings("unchecked") public List<CertificateMeta> parse() throws CertificateException { CMSSignedData cmsSignedData; try { cmsSignedData = new CMSSignedData(data); } catch (CMSException e) { throw new CertificateException(e); } Store<X509CertificateHolder> certStore = cmsSignedData.getCertificates(); SignerInformationStore signerInfos = cmsSignedData.getSignerInfos(); Collection<SignerInformation> signers = signerInfos.getSigners(); List<X509Certificate> certificates = new ArrayList<>(); for (SignerInformation signer : signers) { Collection<X509CertificateHolder> matches = certStore.getMatches(signer.getSID()); for (X509CertificateHolder holder : matches) { certificates.add(new JcaX509CertificateConverter().setProvider(provider).getCertificate(holder)); } } return CertificateMetas.from(certificates); }
CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes()); Store<X509CertificateHolder> certificatesStore = signedData.getCertificates(); Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); SignerInformation signerInformation = signers.iterator().next(); @SuppressWarnings("unchecked")
@SuppressWarnings("unchecked") static Collection<SignerInformation> getSigners(CMSSignedData signedData) { return signedData.getSignerInfos().getSigners(); } }
private SignerInformation getFirstSigner(CMSSignedData cmsSignedData) { final Collection<SignerInformation> signers = cmsSignedData.getSignerInfos().getSigners(); SignerInformation lastSignerInformation; lastSignerInformation = null; for (SignerInformation signerInformation : signers) { lastSignerInformation = signerInformation; break; } return lastSignerInformation; }
/** * Returns the first {@code SignerInformation} extracted from {@code CMSSignedData}. * * @param cms CMSSignedData * @return returns {@code SignerInformation} */ private static SignerInformation getFirstSignerInformation(final CMSSignedData cms) { final Collection signers = cms.getSignerInfos().getSigners(); if (signers.size() > 1) { LOG.warn("!!! The framework handles only one signer (SignerInformation) !!!"); } final SignerInformation signerInformation = (SignerInformation) signers.iterator().next(); return signerInformation; }
/** * Returns the first {@code SignerInformation} extracted from {@code CMSSignedData}. * * @param cms * CMSSignedData * @return returns {@code SignerInformation} */ public static SignerInformation getFirstSignerInformation(final CMSSignedData cms) { final Collection<SignerInformation> signers = cms.getSignerInfos().getSigners(); if (signers.size() > 1) { LOG.warn("!!! The framework handles only one signer (SignerInformation) !!!"); } return signers.iterator().next(); }
String toVerify = "A1005056807CE11EE2B4CE0025305725CFrCN%3DKED,OU%3DI0020266601,OU%3DSAPWebAS,O%3DSAPTrustCommunity,C%3DDE20130611102236"; String signed = "MIIBUQYJKoZIhvcNAQcCoIIBQjCCAT4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR0wggEZAgEBMG8wZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMjY2NjAxMQwwCgYDVQQDEwNLRUQCByASEgITMlYwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDYxMTA4MjM1MVowIwYJKoZIhvcNAQkEMRYEFGy7jXb/pUqMYdk2dss2Qe6hNroaMAkGByqGSM44BAMELjAsAhRMJ+t5/3RxQAsHKnIoPY4BnO0qCAIUAbKRwWNjOYsewB56zoZqnZwRyWw="; byte[] signedByte = Base64.decode(signed); Security.addProvider(new BouncyCastleProvider()); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(toVerify.getBytes()), signedByte); SignerInformationStore signers = s.getSignerInfos(); SignerInformation signerInfo = (SignerInformation)signers.getSigners().iterator().next(); FileInputStream fis = new FileInputStream("c:\\sap.cer"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificates(fis).iterator().next(); boolean result = signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SUN").build(cert.getPublicKey())); System.out.println("Verified: "+result);
CMSSignedData csd = new CMSSignedData(byteArr); CertStore cStore = csd.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = csd.getSignerInfos(); Collection<SignerInformation> lstSigner = signers.getSigners();
@Override public List<AdvancedSignature> getCounterSignatures() { final List<AdvancedSignature> cadesList = new ArrayList<AdvancedSignature>(); for (final Object signer : signerInformation.getCounterSignatures().getSigners()) { final SignerInformation signerInformation = (SignerInformation) signer; final CAdESSignature cadesSignature = new CAdESSignature(cmsSignedData, signerInformation, certPool); cadesSignature.setMasterSignature(this); cadesList.add(cadesSignature); } return cadesList; }
public CAdESCertificateSource(final TimeStampToken timeStamp, final CertificatePool certPool) { this(timeStamp.toCMSSignedData(), ((SignerInformation) timeStamp.toCMSSignedData().getSignerInfos().getSigners().iterator().next()), certPool); }
Store store = signedData.getCertificates(); SignerInformationStore signers = signedData.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = store.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder certHolder = (X509CertificateHolder)certIt.next(); X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder); if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) { ret = true; } }
CMSSignedData s = new CMSSignedData(signedBytes); CertStore certs = s.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = s.getSignerInfos(); boolean verified = false; for (Iterator i = signers.getSigners().iterator(); i.hasNext(); ) { SignerInformation signer = (SignerInformation) i.next(); Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID()); if (!certCollection.isEmpty()) { X509Certificate cert = (X509Certificate) certCollection.iterator().next(); if (signer.verify(cert.getPublicKey(), "BC")) { verified = true; } } } CMSProcessable signedContent = s.getSignedContent() ; byte[] originalContent = (byte[]) signedContent.getContent();
/** * Return the encrypted digest of the specified signature. */ private byte[] getEncryptedDigest(CMSSignedData sigData) { SignerInformation signerInformation = sigData.getSignerInfos().getSigners().iterator().next(); return signerInformation.toASN1Structure().getEncryptedDigest().getOctets(); }
@Override protected AttributeTable getUnsignedAttributes(CMSSignedData token) { SignerInformation timestampSignerInformation = token.getSignerInfos().getSigners().iterator().next(); Attribute counterSignature = new Attribute(CMSAttributes.counterSignature, new DERSet(timestampSignerInformation.toASN1Structure())); return new AttributeTable(counterSignature); }
protected CMSSignedData modifySignedData(CMSSignedData sigData, AttributeTable unsignedAttributes, Collection<X509CertificateHolder> extraCertificates) throws IOException, CMSException { SignerInformation signerInformation = sigData.getSignerInfos().getSigners().iterator().next(); signerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); Collection<X509CertificateHolder> certificates = new ArrayList<>(); certificates.addAll(sigData.getCertificates().getMatches(null)); if (extraCertificates != null) { certificates.addAll(extraCertificates); } Store<X509CertificateHolder> certificateStore = new CollectionStore<>(certificates); AuthenticodeSignedDataGenerator generator = new AuthenticodeSignedDataGenerator(); generator.addCertificates(certificateStore); generator.addSigners(new SignerInformationStore(signerInformation)); ASN1ObjectIdentifier contentType = new ASN1ObjectIdentifier(sigData.getSignedContentTypeOID()); ASN1Encodable content = ASN1Sequence.getInstance(sigData.getSignedContent().getContent()); return generator.generate(contentType, content); }