Java Code Examples for org.bouncycastle.cms.CMSSignedData#getCertificates()

The following examples show how to use org.bouncycastle.cms.CMSSignedData#getCertificates() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CAdESSigner.java    From signer with GNU Lesser General Public License v3.0 6 votes vote down vote up 
private Collection<X509Certificate> getSignersCertificates(CMSSignedData previewSignerData) {
	Collection<X509Certificate> result = new HashSet<X509Certificate>();
	Store<?> certStore = previewSignerData.getCertificates();
	SignerInformationStore signers = previewSignerData.getSignerInfos();
	Iterator<?> it = signers.getSigners().iterator();
	while (it.hasNext()) {
		SignerInformation signer = (SignerInformation) it.next();
		@SuppressWarnings("unchecked")
		Collection<?> certCollection = certStore.getMatches(signer.getSID());
		Iterator<?> certIt = certCollection.iterator();
		X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
		try {
			result.add(new JcaX509CertificateConverter().getCertificate(certificateHolder));
		} catch (CertificateException error) {
		}
	}
	return result;

}
Example 2
Source File: BouncyCastleCrypto.java    From tutorials with MIT License 6 votes vote down vote up 
public static boolean verifSignData(final byte[] signedData) throws CMSException, IOException, OperatorCreationException, CertificateException {
    ByteArrayInputStream bIn = new ByteArrayInputStream(signedData);
    ASN1InputStream aIn = new ASN1InputStream(bIn);
    CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
    aIn.close();
    bIn.close();
    Store certs = s.getCertificates();
    SignerInformationStore signers = s.getSignerInfos();
    Collection<SignerInformation> c = signers.getSigners();
    SignerInformation signer = c.iterator().next();
    Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());
    Iterator<X509CertificateHolder> certIt = certCollection.iterator();
    X509CertificateHolder certHolder = certIt.next();
    boolean verifResult = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));
    if (!verifResult) {
        return false;
    }
    return true;
}
Example 3
Source File: CmsSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up 
private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
Example 4
Source File: CmsSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up 
private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
Example 5
Source File: CmsSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up 
private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
Example 6
Source File: CmsSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up 
private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
Example 7
Source File: CmsSignatureBuilder.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up 
private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
Example 8
Source File: CMSSignedDataBuilder.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up 
/**
 * Note:
 * Section 5.1 of RFC 3852 [4] requires that, the CMS SignedData version be set to 3 if certificates from
 * SignedData is present AND (any version 1 attribute certificates are present OR any SignerInfo structures
 * are version 3 OR eContentType from encapContentInfo is other than id-data). Otherwise, the CMS
 * SignedData version is required to be set to 1.
 * CMS SignedData Version is handled automatically by BouncyCastle.
 *
 * @param parameters
 *            set of the driving signing parameters
 * @param contentSigner
 *            the contentSigner to get the hash of the data to be signed
 * @param signerInfoGeneratorBuilder
 *            the builder for the signer info generator
 * @param originalSignedData
 *            the original signed data if extending an existing signature. null otherwise.
 * @return the bouncycastle signed data generator which signs the document and adds the required signed and unsigned
 *         CMS attributes
 * @throws eu.europa.esig.dss.model.DSSException
 */
protected CMSSignedDataGenerator createCMSSignedDataGenerator(final CAdESSignatureParameters parameters, final ContentSigner contentSigner,
		final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder, final CMSSignedData originalSignedData) throws DSSException {
	try {
		final CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
		final SignerInfoGenerator signerInfoGenerator = getSignerInfoGenerator(signerInfoGeneratorBuilder, contentSigner, parameters);

		generator.addSignerInfoGenerator(signerInfoGenerator);

		final List<CertificateToken> certificateChain = new LinkedList<>();
		if (originalSignedData != null) {

			generator.addSigners(originalSignedData.getSignerInfos());
			generator.addAttributeCertificates(originalSignedData.getAttributeCertificates());
			generator.addCRLs(originalSignedData.getCRLs());
			generator.addOtherRevocationInfo(id_pkix_ocsp_basic, originalSignedData.getOtherRevocationInfo(id_pkix_ocsp_basic));
			generator.addOtherRevocationInfo(id_ri_ocsp_response, originalSignedData.getOtherRevocationInfo(id_ri_ocsp_response));

			final Store<X509CertificateHolder> certificates = originalSignedData.getCertificates();
			final Collection<X509CertificateHolder> certificatesMatches = certificates.getMatches(null);
			for (final X509CertificateHolder certificatesMatch : certificatesMatches) {
				final CertificateToken token = DSSASN1Utils.getCertificate(certificatesMatch);
				if (!certificateChain.contains(token)) {
					certificateChain.add(token);
				}
			}
		}

		final JcaCertStore jcaCertStore = getJcaCertStore(certificateChain, parameters);
		generator.addCertificates(jcaCertStore);
		return generator;
	} catch (CMSException | OperatorCreationException e) {
		throw new DSSException(e);
	}
}
Example 9
Source File: CMSSignedDataBuilder.java    From dss with GNU Lesser General Public License v2.1 4 votes vote down vote up 
/**
 * Extends the provided {@code cmsSignedData} with the required validation data
 * @param cmsSignedData {@link CMSSignedData} to be extended
 * @param validationDataForInclusion the {@link ValidationDataForInclusion} to be included into the cmsSignedData
 * @param detachedContents list of detached {@link DSSDocument}s
 * @return extended {@link CMSSignedData}
 */
@SuppressWarnings({ "unchecked", "rawtypes" })
public CMSSignedData extendCMSSignedData(CMSSignedData cmsSignedData, ValidationDataForInclusion validationDataForInclusion, 
		List<DSSDocument> detachedContents) {

	Store<X509CertificateHolder> certificatesStore = cmsSignedData.getCertificates();
	final Set<CertificateToken> certificates = validationDataForInclusion.getCertificateTokens();
	final Collection<X509CertificateHolder> newCertificateStore = new HashSet<>(certificatesStore.getMatches(null));
	for (final CertificateToken certificateToken : certificates) {
		final X509CertificateHolder x509CertificateHolder = DSSASN1Utils.getX509CertificateHolder(certificateToken);
		newCertificateStore.add(x509CertificateHolder);
	}
	certificatesStore = new CollectionStore<>(newCertificateStore);

	Store<X509CRLHolder> crlsStore = cmsSignedData.getCRLs();
	final Collection<X509CRLHolder> newCrlsStore = new HashSet<>(crlsStore.getMatches(null));
	final List<CRLToken> crlTokens = validationDataForInclusion.getCrlTokens();
	for (final CRLToken crlToken : crlTokens) {
		final X509CRLHolder x509CRLHolder = getX509CrlHolder(crlToken);
		newCrlsStore.add(x509CRLHolder);
	}
	crlsStore = new CollectionStore<>(newCrlsStore);

	Store otherRevocationInfoFormatStoreBasic = cmsSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
	final Collection<ASN1Primitive> newOtherRevocationInfoFormatStore = new HashSet<>(otherRevocationInfoFormatStoreBasic.getMatches(null));
	final List<OCSPToken> ocspTokens = validationDataForInclusion.getOcspTokens();
	for (final OCSPToken ocspToken : ocspTokens) {
		final BasicOCSPResp basicOCSPResp = ocspToken.getBasicOCSPResp();
		if (basicOCSPResp != null) {
			newOtherRevocationInfoFormatStore.add(DSSASN1Utils.toASN1Primitive(DSSASN1Utils.getEncoded(basicOCSPResp)));
		}
	}
	otherRevocationInfoFormatStoreBasic = new CollectionStore(newOtherRevocationInfoFormatStore);

	Store attributeCertificatesStore = cmsSignedData.getAttributeCertificates();
	Store otherRevocationInfoFormatStoreOcsp = cmsSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response);

	final CMSSignedDataBuilder cmsSignedDataBuilder = new CMSSignedDataBuilder(certificateVerifier);
	cmsSignedData = cmsSignedDataBuilder.regenerateCMSSignedData(cmsSignedData, detachedContents, certificatesStore, attributeCertificatesStore, crlsStore,
			otherRevocationInfoFormatStoreBasic, otherRevocationInfoFormatStoreOcsp);
	return cmsSignedData;
}
Example 10
Source File: CounterSignatureValidationTest.java    From dss with GNU Lesser General Public License v2.1 3 votes vote down vote up 
@Override
protected DSSDocument getSignedDocument() {
	FileDocument fileDocument = new FileDocument("src/test/resources/validation/counterSig.p7m");
	
	try (InputStream is = fileDocument.openStream()) {
		CMSSignedData cms = new CMSSignedData(is);
		Collection<SignerInformation> signers = cms.getSignerInfos().getSigners();
		assertEquals(1, signers.size());

		Store<X509CertificateHolder> certificates = cms.getCertificates();

		SignerInformation signerInformation = signers.iterator().next();

		Collection<X509CertificateHolder> matches = certificates.getMatches(signerInformation.getSID());
		X509CertificateHolder cert = matches.iterator().next();

		SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(new BouncyCastleProvider()).build(cert);

		assertTrue(signerInformation.verify(verifier));

		SignerInformationStore counterSignatures = signerInformation.getCounterSignatures();
		for (SignerInformation counterSigner : counterSignatures) {

			Collection<X509CertificateHolder> matchesCounter = certificates.getMatches(counterSigner.getSID());
			X509CertificateHolder counterCert = matchesCounter.iterator().next();

			SignerInformationVerifier counterVerifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(new BouncyCastleProvider()).build(counterCert);

			assertTrue(counterSigner.verify(counterVerifier));
		}
	} catch (Exception e) {
		fail(e);
	}
	
	return fileDocument;
	
}