Refine search
/** * get certificate info */ @SuppressWarnings("unchecked") public List<CertificateMeta> parse() throws CertificateException { CMSSignedData cmsSignedData; try { cmsSignedData = new CMSSignedData(data); } catch (CMSException e) { throw new CertificateException(e); } Store<X509CertificateHolder> certStore = cmsSignedData.getCertificates(); SignerInformationStore signerInfos = cmsSignedData.getSignerInfos(); Collection<SignerInformation> signers = signerInfos.getSigners(); List<X509Certificate> certificates = new ArrayList<>(); for (SignerInformation signer : signers) { Collection<X509CertificateHolder> matches = certStore.getMatches(signer.getSID()); for (X509CertificateHolder holder : matches) { certificates.add(new JcaX509CertificateConverter().setProvider(provider).getCertificate(holder)); } } return CertificateMetas.from(certificates); }
/** * Extend cms signed data with TimeStamp first or to all signers * * @param signedData Generated CMS signed data * @return CMSSignedData Extended CMS signed data * @throws IOException */ public CMSSignedData addSignedTimeStamp(CMSSignedData signedData) throws IOException { SignerInformationStore signerStore = signedData.getSignerInfos(); List<SignerInformation> newSigners = new ArrayList<>(); for (SignerInformation signer : signerStore.getSigners()) { // This adds a timestamp to every signer (into his unsigned attributes) in the signature. newSigners.add(signTimeStamp(signer)); } // Because new SignerInformation is created, new SignerInfoStore has to be created // and also be replaced in signedData. Which creates a new signedData object. return CMSSignedData.replaceSigners(signedData, new SignerInformationStore(newSigners)); }
/** * This method applies a countersignature to an existing signature * * @param signedData the countersignature * @return the updated signature, in which the countersignature has been embedded */ public CMSSignedData signDocument(final CMSSignedData signedData) { final ASN1ObjectIdentifier csIdentifier = OID.id_countersignature; //Retrieve the SignerInformation from the countersigned signature final SignerInformationStore originalSignerInfos = cmsSignedData.getSignerInfos(); //Retrieve the SignerInformation from the countersignature final SignerInformationStore signerInfos = signedData.getSignerInfos(); //Add the countersignature SignerInformation updatedSI = cmsSignedData.getSignerInfos().get(selector).addCounterSigners(originalSignerInfos.get(selector), signerInfos); //Create updated SignerInformationStore Collection<SignerInformation> counterSignatureInformationCollection = new ArrayList<SignerInformation>(); counterSignatureInformationCollection.add(updatedSI); SignerInformationStore signerInformationStore = new SignerInformationStore(counterSignatureInformationCollection); //Return new, updated signature return CMSSignedData.replaceSigners(cmsSignedData, signerInformationStore); } }
try { if (content == null) { signedData = new CMSSignedData(contentSigned); } else { signedData = new CMSSignedData(new CMSProcessableByteArray(content), contentSigned); SignerInformationStore signerInformationStore = signedData.getSignerInfos(); SignerInformation signerInformation = (SignerInformation) signerInformationStore.getSigners().iterator().next(); Security.addProvider(new BouncyCastleProvider()); certs = signedData.getCertificatesAndCRLs("Collection", "BC"); Collection<? extends Certificate> collCertificados = certs.getCertificates(signerInformation.getSID()); if (!collCertificados.isEmpty()) { certificate = (X509Certificate) collCertificados.iterator().next(); AttributeTable signedAttributesTable = signerInformation.getSignedAttributes(); byte[] hashContentSigned = octeto.getOctets(); String algorithm = SignerAlgorithmEnum.getSignerOIDAlgorithmHashEnum(signerInformation.getDigestAlgorithmID().getObjectId().toString()).getAlgorithmHash(); if (!algorithm.equals(DigestAlgorithmEnum.SHA_256.getAlgorithm())) { throw new SignerException("Algoritmo de resumo inválido para esta política");
ScepUtil.requireNonNull("pkiMessage", pkiMessage); SignerInformationStore signerStore = pkiMessage.getSignerInfos(); Collection<SignerInformation> signerInfos = signerStore.getSigners(); if (signerInfos.size() != 1) { throw new MessageDecodingException( SignerId sid = signerInfo.getSID(); signedDataCerts = pkiMessage.getCertificates().getMatches(signerInfo.getSID()); AttributeTable signedAttrs = signerInfo.getSignedAttributes(); if (signedAttrs == null) { throw new MessageDecodingException("missing signed attributes"); CMSTypedData signedContent = pkiMessage.getSignedContent(); ASN1ObjectIdentifier signedContentType = signedContent.getContentType(); if (!CMSObjectIdentifiers.signedData.equals(signedContentType)) {
Store store = signedData.getCertificates(); SignerInformationStore signers = signedData.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = store.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder certHolder = (X509CertificateHolder)certIt.next(); X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder); if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) { ret = true; } }
CMSProcessable signedContent = pkiMessage.getSignedContent(); SignerInformationStore signerStore = pkiMessage.getSignerInfos(); SignerInformation signerInfo = signerStore.get(new JcaSignerId(signer)); if (signerInfo == null) { throw new MessageDecodingException("Could not for signerInfo for " .getDigestAlgorithmID().getAlgorithm()); LOGGER.debug("pkiMessage encryption algorithm: {}", signerInfo.getEncryptionAlgOID()); Store store = pkiMessage.getCertificates(); Collection<?> certColl; try { certColl = store.getMatches(signerInfo.getSID()); } catch (StoreException e) { throw new MessageDecodingException(e);
CMSSignedData s = new CMSSignedData(signedBytes); CertStore certs = s.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = s.getSignerInfos(); boolean verified = false; for (Iterator i = signers.getSigners().iterator(); i.hasNext(); ) { SignerInformation signer = (SignerInformation) i.next(); Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID()); if (!certCollection.isEmpty()) { X509Certificate cert = (X509Certificate) certCollection.iterator().next(); if (signer.verify(cert.getPublicKey(), "BC")) { verified = true; } } } CMSProcessable signedContent = s.getSignedContent() ; byte[] originalContent = (byte[]) signedContent.getContent();
final CMSSignedData signed = new CMSSignedData(rawBundle); for (SignerInformation sigInfo : (Collection<SignerInformation>)signed.getSignerInfos().getSigners()) if (sigInfo.verify(signingCert, CryptoExtensions.getJCEProviderName())) final CMSProcessableByteArray signedContent = (CMSProcessableByteArray)signed.getSignedContent();
signedData = new CMSSignedData(signed); } else { signedData = new CMSSignedData(new CMSProcessableByteArray(content), signed); SignerInformationStore signerInformationStore = signedData.getSignerInfos(); SignerInformation signerInformation = (SignerInformation) signerInformationStore.getSigners().iterator().next(); Security.addProvider(new BouncyCastleProvider()); certs = signedData.getCertificatesAndCRLs("Collection", "BC"); Collection<? extends Certificate> collCertificados = certs.getCertificates(signerInformation.getSID()); if (!collCertificados.isEmpty()) { certificate = (X509Certificate) collCertificados.iterator().next(); signerInformation.verify(publicKey, "BC"); } catch (NoSuchAlgorithmException e) { throw new SignerException(e); AttributeTable signedAttributes = signerInformation.getSignedAttributes();
public boolean verify(PublicKey publicKey) throws Exception { for (Object info : data.getSignerInfos().getSigners()) { SignerInformation signer = (SignerInformation)info; if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))) { return true; } } return false; }
CMSSignedData cmsSignedDataTimeStampToken = new CMSSignedData(timeStampToken.getEncoded()); final SignerInformation signerInformation = (SignerInformation) cmsSignedDataTimeStampToken.getSignerInfos().getSigners().iterator().next(); AttributeTable unsignedAttributes = CAdESSignature.getUnsignedAttributes(signerInformation); for (final Attribute attributeToAdd : attributesForTimestampToken) { unsignedAttributes = unsignedAttributes.add(attrType, objectAt); final SignerInformation newSignerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); final List<SignerInformation> signerInformationList = new ArrayList<SignerInformation>(); signerInformationList.add(newSignerInformation); final SignerInformationStore newSignerStore = new SignerInformationStore(signerInformationList); cmsSignedDataTimeStampToken = CMSSignedData.replaceSigners(cmsSignedDataTimeStampToken, newSignerStore); final byte[] newTimeStampTokenBytes = cmsSignedDataTimeStampToken.getEncoded();
/** * Processes a signer store and goes through the signers certificate-chain. Adds the found data * to the certInfo. Handles only the first signer, although multiple would be possible, but is * not yet practicable. * * @param certificatesStore To get the certificate information from. Certificates will be saved * in certificatesMap. * @param signedData data from which to get the SignerInformation * @param certInfo where to add certificate information * @return Signer Information of the processed certificatesStore for further usage. * @throws IOException on data-processing error * @throws CertificateProccessingException on a specific error with a certificate */ private SignerInformation processSignerStore(Store<X509CertificateHolder> certificatesStore, CMSSignedData signedData, CertSignatureInformation certInfo) throws IOException, CertificateProccessingException { Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); SignerInformation signerInformation = signers.iterator().next(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> matches = certificatesStore .getMatches((Selector<X509CertificateHolder>) signerInformation.getSID()); X509Certificate certificate = getCertFromHolder(matches.iterator().next()); Collection<X509CertificateHolder> allCerts = certificatesStore.getMatches(null); addAllCerts(allCerts); traverseChain(certificate, certInfo, MAX_CERTIFICATE_CHAIN_DEPTH); return signerInformation; }
out.println("Signatures"); for (CMSSignedData signedData : signatures) { SignerInformation signerInformation = signedData.getSignerInfos().getSigners().iterator().next(); X509CertificateHolder certificate = (X509CertificateHolder) signedData.getCertificates().getMatches(signerInformation.getSID()).iterator().next(); AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); boolean timestamped = unsignedAttributes != null && (unsignedAttributes.get(PKCSObjectIdentifiers.pkcs_9_at_counterSignature) != null || unsignedAttributes.get(AuthenticodeObjectIdentifiers.SPC_RFC3161_OBJID) != null); DigestAlgorithm algorithm = DigestAlgorithm.of(signerInformation.getDigestAlgorithmID().getAlgorithm()); out.println(" " + commonName + " " + (algorithm != null ? "[" + algorithm.id + "] " : "") + (timestamped ? "(timestamped)" : ""));
@SuppressWarnings("unchecked") static Collection<SignerInformation> getSigners(CMSSignedData signedData) { return signedData.getSignerInfos().getSigners(); } }
protected CMSSignedData modifySignedData(CMSSignedData sigData, AttributeTable unsignedAttributes, Collection<X509CertificateHolder> extraCertificates) throws IOException, CMSException { SignerInformation signerInformation = sigData.getSignerInfos().getSigners().iterator().next(); signerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); Collection<X509CertificateHolder> certificates = new ArrayList<>(); certificates.addAll(sigData.getCertificates().getMatches(null)); if (extraCertificates != null) { certificates.addAll(extraCertificates); } Store<X509CertificateHolder> certificateStore = new CollectionStore<>(certificates); AuthenticodeSignedDataGenerator generator = new AuthenticodeSignedDataGenerator(); generator.addCertificates(certificateStore); generator.addSigners(new SignerInformationStore(signerInformation)); ASN1ObjectIdentifier contentType = new ASN1ObjectIdentifier(sigData.getSignedContentTypeOID()); ASN1Encodable content = ASN1Sequence.getInstance(sigData.getSignedContent().getContent()); return generator.generate(contentType, content); }
SignerInformation signerInformation = signedData.getSignerInfos().getSigners().iterator().next(); AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); if (unsignedAttributes != null) { Attribute nestedSignatures = unsignedAttributes.get(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID); if (nestedSignatures != null) { for (ASN1Encodable nestedSignature : nestedSignatures.getAttrValues()) { signatures.add(new CMSSignedData((CMSProcessable) null, ContentInfo.getInstance(nestedSignature)));
private CMSSignedData addNestedSignature(CMSSignedData primary, CMSSignedData secondary) throws CMSException { SignerInformation signerInformation = primary.getSignerInfos().getSigners().iterator().next(); AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes(); if (unsignedAttributes == null) { unsignedAttributes = new AttributeTable(new DERSet()); } Attribute nestedSignaturesAttribute = unsignedAttributes.get(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID); if (nestedSignaturesAttribute == null) { // first nested signature unsignedAttributes = unsignedAttributes.add(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID, secondary.toASN1Structure()); } else { // append the signature to the previous nested signatures ASN1EncodableVector nestedSignatures = new ASN1EncodableVector(); for (ASN1Encodable nestedSignature : nestedSignaturesAttribute.getAttrValues()) { nestedSignatures.add(nestedSignature); } nestedSignatures.add(secondary.toASN1Structure()); ASN1EncodableVector attributes = unsignedAttributes.remove(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID).toASN1EncodableVector(); attributes.add(new Attribute(AuthenticodeObjectIdentifiers.SPC_NESTED_SIGNATURE_OBJID, new DERSet(nestedSignatures))); unsignedAttributes = new AttributeTable(attributes); } signerInformation = SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAttributes); return CMSSignedData.replaceSigners(primary, new SignerInformationStore(signerInformation)); }
for (SignerInformation sigInfo : (Collection<SignerInformation>)signatureEnvelope.getSignerInfos().getSigners()) if (!isAllowedDigestAlgorithm(sigInfo.getDigestAlgOID())) throw new SignatureValidationException("Digest algorithm " + sigInfo.getDigestAlgOID() + " is not allowed."); if (sigInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(CryptoExtensions.getJCEProviderName()).build(signerCertificate)))
private static CMSSignedData addTimestamp(String tsaUrl, CMSSignedData signedData) throws IOException { Collection<SignerInformation> signerInfos = signedData.getSignerInfos().getSigners(); // get signature of first signer (should be the only one) SignerInformation si = signerInfos.iterator().next(); byte[] signature = si.getSignature(); // send request to TSA byte[] token = TimeStampingClient.getTimeStampToken(tsaUrl, signature, DigestType.SHA1); // create new SignerInformation with TS attribute Attribute tokenAttr = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(token))); ASN1EncodableVector timestampVector = new ASN1EncodableVector(); timestampVector.add(tokenAttr); AttributeTable at = new AttributeTable(timestampVector); si = SignerInformation.replaceUnsignedAttributes(si, at); signerInfos.clear(); signerInfos.add(si); SignerInformationStore newSignerStore = new SignerInformationStore(signerInfos); // create new signed data CMSSignedData newSignedData = CMSSignedData.replaceSigners(signedData, newSignerStore); return newSignedData; }