public boolean verify(PublicKey publicKey) throws Exception { SMIMESigned signed = new SMIMESigned(body); SignerInformationStore signers = signed.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); return (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))); }
private void validateTimestampToken(TimeStampToken timeStampToken) throws TSPException, CertificateException, OperatorCreationException, IOException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
public boolean verify(PublicKey publicKey) throws Exception { for (Object info : data.getSignerInfos().getSigners()) { SignerInformation signer = (SignerInformation)info; if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))) { return true; } } return false; }
public boolean verify(X509Certificate certificate) throws Exception { for (Object info : data.getSignerInfos().getSigners()) { SignerInformation signer = (SignerInformation)info; if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate))) { return true; } } return false; } public boolean verify(PublicKey publicKey) throws Exception
setProvider(SecurityProvider.getProvider()).build(certFromSignedData)))
JcaSimpleSignerInfoVerifierBuilder builder = new JcaSimpleSignerInfoVerifierBuilder(); SignerInformationVerifier verifier = builder.build(signerCertificateHolder); assertTrue(signerInfo.verify(verifier));
private boolean isSignatureValid(TimeStampToken timeStampToken) { try { JcaSimpleSignerInfoVerifierBuilder sigVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); Collection certCollection = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); Certificate x509Cert = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(cert.getEncoded())); SignerInformationVerifier signerInfoVerifier = sigVerifierBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME).build(x509Cert.getPublicKey()); return timeStampToken.isSignatureValid(signerInfoVerifier); } catch (Exception e) { throw new MalformedDocumentException(e); } }
static void isSignatureValid(TimeStampToken validator, X509Certificate certStoreX509, String provider) throws OperatorCreationException, TSPException { if (provider == null) provider = "BC"; validator.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509)); }
/** * Verifies a time stamp against a KeyStore. * @param ts the time stamp * @param keystore the <CODE>KeyStore</CODE> * @param provider the provider or <CODE>null</CODE> to use the BouncyCastle provider * @return <CODE>true</CODE> is a certificate was found */ public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { if (provider == null) provider = "BC"; try { for (Enumeration<String> aliases = keystore.aliases(); aliases.hasMoreElements();) { try { String alias = aliases.nextElement(); if (!keystore.isCertificateEntry(alias)) continue; X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); ts.isSignatureValid(new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509)); return true; } catch (Exception ex) { } } } catch (Exception e) { } return false; }
static void isSignatureValid(TimeStampToken validator, X509Certificate certStoreX509, String provider) throws OperatorCreationException, TSPException { if (provider == null) provider = "BC"; validator.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509)); }
private byte[] getCmsData(byte[] cms) throws Exception { CMSSignedData cmsSignedData = new CMSSignedData(cms); SignerInformationStore signers = cmsSignedData.getSignerInfos(); SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); SignerId signerId = signer.getSID(); Store certificateStore = cmsSignedData.getCertificates(); Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId); X509CertificateHolder certificateHolder = certificateCollection.iterator().next(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())); // we trust SSL here, no need for explicit verification of CMS signing // certificate LOG.debug("CMS signing certificate subject: " + certificate.getSubjectX500Principal()); SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder() .build(certificate); boolean signatureResult = signer.verify(signerInformationVerifier); if (false == signatureResult) { throw new SecurityException("woops"); } CMSTypedData signedContent = cmsSignedData.getSignedContent(); byte[] responseData = (byte[]) signedContent.getContent(); return responseData; }
private void validateTimestampToken(TimeStampToken timeStampToken) throws IOException, CertificateException, TSPException, OperatorCreationException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
private TimestampValidation validateTimestampToken(final TimeStampToken timeStampToken, final CertificateToken issuerToken) { TimestampValidity timestampValidity; try { final JcaSimpleSignerInfoVerifierBuilder verifierBuilder = new JcaSimpleSignerInfoVerifierBuilder(); final X509Certificate x509Certificate = issuerToken.getCertificate(); final SignerInformationVerifier verifier = verifierBuilder.build(x509Certificate); timeStampToken.validate(verifier); timestampValidity = TimestampValidity.VALID; } catch (IllegalArgumentException e) { timestampValidity = TimestampValidity.NO_SIGNING_CERTIFICATE; LOG.error("No signing certificate for timestamp token: " + e); } catch (TSPValidationException e) { timestampValidity = TimestampValidity.NOT_VALID_SIGNATURE; } catch (TSPException e) { timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE; } catch (OperatorCreationException e) { timestampValidity = TimestampValidity.NOT_VALID_STRUCTURE; } final TimestampValidation timestampValidation = new TimestampValidation(timestampValidity); return timestampValidation; }
X509CertificateHolder certHolder = (X509CertificateHolder) objMatch; System.out.print("verifying against " + certHolder.getSubject().toString()); if (signer.verify(verifier.build(certHolder))) { System.out.println(": verified"); } else {
private boolean isSignatureValid(TimeStampToken token) { try { X509CertificateHolder holder = (X509CertificateHolder) token.getCertificates().getMatches(token.getSID()) .iterator().next(); return token.isSignatureValid( new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build( DSSUtils.loadCertificate(holder.getEncoded()).getCertificate().getPublicKey())); } catch (Exception e) { throw new DigiDoc4JException(e); } }
/** * Verifies if the signature is valid using the signature certificate. * @return True if the signature is valid. False otherwise. */ public boolean checkSignature() { try { signatureValid = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(CryptoExtensions.getJCEProviderName()).build(signerCert)); } catch (Exception e) { // TODO: Log an error signatureValid = false; } finally { logDigests(signer); } return signatureValid; }
@SuppressWarnings("unchecked") public static no.difi.commons.asic.jaxb.asic.Certificate validate(byte[] data, byte[] signature) { no.difi.commons.asic.jaxb.asic.Certificate certificate = null; try { CMSSignedData cmsSignedData = new CMSSignedData(new CMSProcessableByteArray(data), signature); Store store = cmsSignedData.getCertificates(); SignerInformationStore signerInformationStore = cmsSignedData.getSignerInfos(); for (SignerInformation signerInformation : signerInformationStore.getSigners()) { X509CertificateHolder x509Certificate = (X509CertificateHolder) store.getMatches(signerInformation.getSID()).iterator().next(); logger.info(x509Certificate.getSubject().toString()); if (signerInformation.verify(jcaSimpleSignerInfoVerifierBuilder.build(x509Certificate))) { certificate = new no.difi.commons.asic.jaxb.asic.Certificate(); certificate.setCertificate(x509Certificate.getEncoded()); certificate.setSubject(x509Certificate.getSubject().toString()); } } } catch (Exception e) { logger.warn(e.getMessage()); certificate = null; } if (certificate == null) throw new IllegalStateException("Unable to verify signature."); return certificate; } }
LOG.debug (x509Certificate.getSubject ().toString ()); if (aSignerInformation.verify (s_aJcaSimpleSignerInfoVerifierBuilder.build (x509Certificate)))
public void validate(X509Certificate certificate) throws OxalisSecurityException, PeppolSecurityException { try { SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .build(certificate.getPublicKey()); for (SignerInformation signerInformation : smimeSigned.getSignerInfos().getSigners()) { if (signerInformation.verify(verifier)) { signer = certificate; digest = signerInformation.getContentDigest(); return; } } } catch (CMSException e) { throw new OxalisSecurityException(e.getMessage(), e); } catch (OperatorCreationException e) { throw new OxalisSecurityException("Unable to create SignerInformationVerifier.", e); } throw new PeppolSecurityException("Unable to verify signature."); }
public void validate(X509Certificate certificate) throws OxalisSecurityException, PeppolSecurityException { try { SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .build(certificate.getPublicKey()); for (SignerInformation signerInformation : smimeSigned.getSignerInfos().getSigners()) { if (signerInformation.verify(verifier)) { signer = certificate; digest = signerInformation.getContentDigest(); return; } } } catch (CMSException e) { throw new OxalisSecurityException(e.getMessage(), e); } catch (OperatorCreationException e) { throw new OxalisSecurityException("Unable to create SignerInformationVerifier.", e); } throw new PeppolSecurityException("Unable to verify signature."); }