// adds unsigned certs & revocation infos (CRL or OCSP) to existing certs & revocation info list
  // ('certificates' and 'crls' CMS fields)
  public void appendValidationValues(Collection certificateValues, Collection revocationValues) {
    try {
      Store certStore = cmsSignedData.getCertificates();
      Store crlStore = cmsSignedData.getCRLs();

      if (certificateValues != null && !certificateValues.isEmpty()) {
        Collection<Certificate> existingCerts = getSignatureCertificateInfo();
        Set<Certificate> newCerts =
            new HashSet<Certificate>(existingCerts); // 'Set' to avoid duplicates
        newCerts.addAll(certificateValues);
        certStore = new JcaCertStore(newCerts);
      }

      if (revocationValues != null && !revocationValues.isEmpty()) {
        Collection<CRL> existingCrls = getUnsignedCRLs();
        Set<CRL> newCrls = new HashSet<CRL>(existingCrls); // 'Set' to avoid duplicates
        // FIXME : also add OCSP info (use OtherRevocationInfoFormat of RevocationInfoChoices, see
        // RFC 3852)
        for (Object o : revocationValues) {
          if (o instanceof CRL) newCrls.add((CRL) o);
        }
        crlStore = new JcaCRLStore(newCrls);
      }

      cmsSignedData =
          CMSSignedData.replaceCertificatesAndCRLs(
              cmsSignedData, certStore, cmsSignedData.getAttributeCertificates(), crlStore);
    } catch (Exception e) {
      ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
    }
  }
Ejemplo n.º 2
0
  private void verifyRSASignatures(CMSSignedData s, byte[] contentDigest) throws Exception {
    Store certStore = s.getCertificates();
    SignerInformationStore signers = s.getSignerInfos();

    Collection c = signers.getSigners();
    Iterator it = c.iterator();

    while (it.hasNext()) {
      SignerInformation signer = (SignerInformation) it.next();
      Collection certCollection = certStore.getMatches(signer.getSID());

      Iterator certIt = certCollection.iterator();
      X509CertificateHolder cert = (X509CertificateHolder) certIt.next();

      if (!signer.verify(
          new BcRSASignerInfoVerifierBuilder(
                  new DefaultCMSSignatureAlgorithmNameGenerator(),
                  new DefaultSignatureAlgorithmIdentifierFinder(),
                  new DefaultDigestAlgorithmIdentifierFinder(),
                  new BcDigestCalculatorProvider())
              .build(cert))) {
        fail("signature verification failed");
      }

      if (contentDigest != null) {
        if (!Arrays.areEqual(contentDigest, signer.getContentDigest())) {
          fail("digest verification failed");
        }
      }
    }
  }
Ejemplo n.º 3
0
  @Test
  public void testCMD() throws Exception {
    Authentication auth =
        new SkeletonKeyClientBuilder()
            .username("wburke")
            .password("geheim")
            .authentication("Skeleton Key");
    ResteasyClient client = new ResteasyClient();
    WebTarget target = client.target(generateBaseUrl());
    String tiny = target.path("tokens").path("url").request().post(Entity.json(auth), String.class);
    System.out.println(tiny);
    System.out.println("tiny.size: " + tiny.length());
    Security.addProvider(new BouncyCastleProvider());

    KeyPair keyPair = KeyPairGenerator.getInstance("RSA", "BC").generateKeyPair();
    PrivateKey privateKey = keyPair.getPrivate();
    X509Certificate cert = KeyTools.generateTestCertificate(keyPair);

    byte[] signed = p7s(privateKey, cert, null, tiny.getBytes());

    CMSSignedData data = new CMSSignedData(signed);
    byte[] bytes = (byte[]) data.getSignedContent().getContent();
    System.out.println("BYTES: " + new String(bytes));
    System.out.println("size:" + signed.length);
    System.out.println("Base64.size: " + Base64.encodeBytes(signed).length());

    SignerInformation signer =
        (SignerInformation) data.getSignerInfos().getSigners().iterator().next();
    System.out.println("valid: " + signer.verify(cert, "BC"));
  }
  private SignatureData getFromCmsSignature(
      SignatureVerificationRequest signatureVerificationRequest,
      SignatureVerificationResponse response)
      throws CMSException {
    String signature = signatureVerificationRequest.getSignature();
    byte[] decoded = Base64.decode(signature);
    CMSSignedData cmsSignedData = new CMSSignedData(decoded);
    String encodedSignedData = new String((byte[]) cmsSignedData.getSignedContent().getContent());

    // Fetch information about the issuers
    List<String> certInfos = new ArrayList<String>();
    Collection certificates = cmsSignedData.getCertificates().getMatches(null);
    for (Object certificate : certificates) {
      X509CertificateHolder holder = (X509CertificateHolder) certificate;
      certInfos.add(holder.getSubject().toString());
      CertificateInfo ci = new CertificateInfo();
      ci.setSubjectDn(holder.getSubject().toString());
      ci.setValidTo(simpleDateFormat.format(holder.getNotAfter()));
      response.getCertificateInfos().getCertificateInfo().add(ci);
    }

    // Fetch timestamp
    Date signingDate = findTimestamp(cmsSignedData);
    String dateString = simpleDateFormat.format(signingDate);
    response.setSignatureDate(dateString);

    // Create the SignatureData to be verified
    SignatureData signData = new SignatureData();
    signData.setEncodedTbs(encodedSignedData);
    signData.setSignature(signature);
    ELegType clientType = new ELegType("test", "test", PkiClient.NETMAKER_NETID_4);
    signData.setClientType(clientType);
    return signData;
  }
 /**
  * Verify the email is signed by the given certificate.
  *
  * @param signedData
  * @param mailMsg
  * @return
  * @throws CMSException
  * @throws OperatorCreationException
  * @throws CertificateException
  */
 @SuppressWarnings({"rawtypes"})
 protected boolean isValid(CMSSignedData signedData, MailMessage mailMsg)
     throws OperatorCreationException, CMSException, CertificateException {
   boolean verify = false;
   SignerInformationStore signerStore = signedData.getSignerInfos();
   Iterator<SignerInformation> it = signerStore.getSigners().iterator();
   while (it.hasNext()) {
     SignerInformation signer = it.next();
     org.bouncycastle.util.Store store = signedData.getCertificates();
     @SuppressWarnings("unchecked")
     Collection certCollection = store.getMatches(signer.getSID());
     Iterator certIt = certCollection.iterator();
     X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
     X509Certificate certificate =
         new JcaX509CertificateConverter().setProvider(PROVIDER_NAME).getCertificate(certHolder);
     verify =
         signer.verify(
             new JcaSimpleSignerInfoVerifierBuilder()
                 .setProvider(PROVIDER_NAME)
                 .build(certificate));
     mailMsg.setHasSignature(true);
     mailMsg.setSignaturePassed(verify);
     mailMsg.setNameOfPrincipal(certificate.getSubjectDN().getName());
   }
   return verify;
 }
Ejemplo n.º 6
0
  /**
   * Validates that a signed entity has a valid message and signature. The signer's certificate is
   * validated to ensure authenticity of the message. Message tampering is also checked with the
   * message's digest and the signed digest in the message signature.
   *
   * @param signedEntity The entity containing the original signed part and the message signature.
   * @param signerCertificate The certificate used to sign the message.
   * @param anchors A collection of certificate anchors used to determine if the certificates used
   *     in the signature can be validated as trusted certificates.
   */
  public void checkSignature(
      SignedEntity signedEntity,
      X509Certificate signerCertificate,
      Collection<X509Certificate> anchors)
      throws SignatureValidationException {
    CMSSignedData signatureEnvelope = deserializeSignatureEnvelope(signedEntity);

    try {
      // there may be multiple signatures in the signed part... iterate through all the signing
      // certificates until one
      // is verified with the signerCertificate
      for (SignerInformation sigInfo :
          (Collection<SignerInformation>) signatureEnvelope.getSignerInfos().getSigners())
        if (sigInfo.verify(signerCertificate, CryptoExtensions.getJCEProviderName()))
          return; // verified... return

      // at this point the signerCertificate cannot be verified with one of the signing
      // certificates....
      throw new SignatureValidationException("Signature validation failure.");
    } catch (SignatureValidationException sve) {
      throw sve;
    } catch (Exception e) {
      throw new SignatureValidationException("Signature validation failure.", e);
    }
  }
Ejemplo n.º 7
0
  private int verify(String signatureb64) {
    int verified = 0;
    try {
      CMSSignedData signature = new CMSSignedData(Base64.decode(signatureb64));

      // batch verification
      Store certs = signature.getCertificates();
      SignerInformationStore signers = signature.getSignerInfos();
      Collection c = signers.getSigners();
      Iterator it = c.iterator();

      while (it.hasNext()) {
        SignerInformation signer = (SignerInformation) it.next();
        Collection certCollection = certs.getMatches(signer.getSID());

        Iterator certIt = certCollection.iterator();
        X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
        System.out.println(verified);

        if (signer.verify(
            new JcaSimpleSignerInfoVerifierBuilder()
                .setProvider(new BouncyCastleProvider())
                .build(certHolder))) {
          verified++;
        }
      }
      System.out.println(verified);
    } catch (CMSException | StoreException | CertificateException | OperatorCreationException ex) {
      System.err.println("error : " + ex.getMessage());
    }
    return verified;
  }
Ejemplo n.º 8
0
  private void testDetachedRSA() throws Exception {
    Digest md = new SHA1Digest();
    List certList = new ArrayList();
    CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());

    certList.add(_origCert);
    certList.add(_signCert);

    Store certs = new CollectionStore(certList);

    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

    byte[] digValue = new byte[md.getDigestSize()];
    byte[] data = "Hello world!".getBytes();

    md.update(data, 0, data.length);
    md.doFinal(digValue, 0);

    Attribute attr =
        new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digValue)));

    ASN1EncodableVector v = new ASN1EncodableVector();

    v.add(attr);

    AsymmetricKeyParameter privKey = (AsymmetricKeyParameter) _origKP.getPrivate();

    AlgorithmIdentifier sigAlgId =
        new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);

    BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);

    gen.addSignerInfoGenerator(
        new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
            .setSignedAttributeGenerator(
                new DefaultSignedAttributeTableGenerator(new AttributeTable(v)))
            .build(contentSignerBuilder.build(privKey), _origCert));

    gen.addCertificates(certs);

    CMSSignedData s = gen.generate(new CMSAbsentContent(), false);

    //
    // the signature is detached, so need to add msg before passing on
    //
    s = new CMSSignedData(msg, s.getEncoded());
    //
    // compute expected content digest
    //

    verifyRSASignatures(s, digValue);
  }
Ejemplo n.º 9
0
  private static byte[] p7s(
      PrivateKey priv, X509Certificate storecert, CertStore certs, byte[] contentbytes)
      throws CertStoreException, CMSException, NoSuchAlgorithmException, NoSuchProviderException,
          IOException {
    CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
    signGen.addSigner(priv, (X509Certificate) storecert, CMSSignedDataGenerator.DIGEST_SHA512);
    // signGen.addCertificatesAndCRLs(certs);
    CMSProcessable content = new CMSProcessableByteArray(contentbytes);

    CMSSignedData signedData = signGen.generate(content, true, "BC");
    return signedData.getEncoded();
  }
Ejemplo n.º 10
0
 private static ProvisioningProfile create(File file) {
   InputStream in = null;
   try {
     in = new BufferedInputStream(new FileInputStream(file));
     CMSSignedData data = new CMSSignedData(in);
     byte[] content = (byte[]) data.getSignedContent().getContent();
     NSDictionary dict = (NSDictionary) PropertyListParser.parse(content);
     return new ProvisioningProfile(file, dict);
   } catch (Exception e) {
     throw new RuntimeException(e);
   } finally {
     IOUtils.closeQuietly(in);
   }
 }
Ejemplo n.º 11
0
  /**
   * If the {@code DSSDocument} is a CMS message and the signed content's content is not null then
   * the {@code CMSSignedData} is returned. All exceptions are hidden
   *
   * @param dssDocument
   * @return {@code CMSSignedData} or {@code null}
   */
  public static CMSSignedData getOriginalSignedData(final DSSDocument dssDocument) {

    CMSSignedData originalSignedData = null;

    try {
      // check if input toSignDocument is already signed
      originalSignedData = new CMSSignedData(dssDocument.getBytes());
      if (originalSignedData.getSignedContent().getContent() == null) {
        originalSignedData = null;
      }
    } catch (Exception e) {
      // not a parallel signature
    }
    return originalSignedData;
  }
  // For external signatures, inputStream parameter is the data being signed (external eContent)
  public boolean verifyExternalWithContent(InputStream inputStream)
      throws CMSException, IOException, NoSuchAlgorithmException, NoSuchProviderException,
          CertStoreException, OperatorCreationException, CertificateException {
    CMSSignedDataParser sp =
        new CMSSignedDataParser(new CMSTypedStream(inputStream), cmsSignedData.getEncoded());
    sp.getSignedContent()
        .drain(); // here digests are computed and passed to newly created SignerInformation objects

    Collection signers = sp.getSignerInfos().getSigners();
    if (signers.size() != 1) hasMultipleSignerInfos = true;
    Iterator iterator = signers.iterator();
    firstSignerInfo = (SignerInformation) iterator.next();

    return CMSVerifier.verify(firstSignerInfo, cmsSignedData.getCertificates());
  }
  private void parseCms() {
    Collection signers = cmsSignedData.getSignerInfos().getSigners();
    if (signers.size() != 1) hasMultipleSignerInfos = true;

    Iterator iterator = signers.iterator();
    firstSignerInfo = (SignerInformation) iterator.next();
  }
Ejemplo n.º 14
0
  /**
   * Returns the ASN.1 encoded representation of {@code CMSSignedData}.
   *
   * @param data
   * @return
   * @throws DSSException
   */
  public static byte[] getEncoded(final CMSSignedData data) throws DSSException {

    try {
      return data.getEncoded();
    } catch (IOException e) {
      throw new DSSException(e);
    }
  }
 public byte[] getEncoded() {
   try {
     return cmsSignedData.getEncoded();
   } catch (IOException e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
Ejemplo n.º 16
0
  /**
   * Tests that it is possible to specify a signature algorithm who's name is not simply a
   * concatenation of a digest algorithm and the key algorithm.
   *
   * <p>This test also sets the signature provider as a provider supporting the RSASSA-PSS
   * algorithms might not be installed.
   *
   * @throws Exception
   */
  public void testWithSignatureAlgorithmSHA256withRSAandMGF1() throws Exception {
    File sourceFile = new File("target/test-classes/wineyes.exe");
    File targetFile = new File("target/test-classes/wineyes-signed.exe");

    FileUtils.copyFile(sourceFile, targetFile);

    PEFile peFile = null;
    try {
      peFile = new PEFile(targetFile);

      PESigner signer =
          new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD)
              .withTimestamping(false)
              .withDigestAlgorithm(DigestAlgorithm.SHA1)
              .withSignatureAlgorithm("SHA256withRSAandMGF1", new BouncyCastleProvider());

      signer.sign(peFile);

      peFile = new PEFile(targetFile);
      List<CMSSignedData> signatures = peFile.getSignatures();
      assertNotNull(signatures);
      assertEquals(1, signatures.size());

      CMSSignedData signedData = signatures.get(0);
      assertNotNull(signedData);

      // Check the signature algorithm
      final SignerInformation si =
          (SignerInformation) signedData.getSignerInfos().getSigners().iterator().next();
      assertEquals(
          "Digest algorithm",
          NISTObjectIdentifiers.id_sha256,
          si.getDigestAlgorithmID().getAlgorithm());
      assertEquals(
          "Encryption algorithm",
          PKCSObjectIdentifiers.id_RSASSA_PSS.getId(),
          si.getEncryptionAlgOID());
    } finally {
      if (peFile != null) {
        peFile.close();
      }
    }
  }
Ejemplo n.º 17
0
  public static boolean isValidSignature(CMSSignedData signedData, X509Certificate rootCert)
      throws Exception {

    boolean[] bArr = new boolean[2];
    bArr[0] = true;
    CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC");
    SignerInformationStore signers = signedData.getSignerInfos();
    Iterator it = signers.getSigners().iterator();

    if (it.hasNext()) {
      SignerInformation signer = (SignerInformation) it.next();
      SignerId signerConstraints = signer.getSID();
      signerConstraints.setKeyUsage(bArr);
      PKIXCertPathBuilderResult result = buildPath(rootCert, signer.getSID(), certsAndCRLs);
      return signer.verify(result.getPublicKey(), "BC");
    }

    return false;
  }
Ejemplo n.º 18
0
  public boolean verifyEstrai(String pathBase, File pathFilesSignedd) {

    boolean esito = false;

    byte[] buffer = new byte[(int) pathFilesSignedd.length()];
    DataInputStream in;
    try {
      in = new DataInputStream(new FileInputStream(pathFilesSignedd));

      in.readFully(buffer);
      in.close();

      Security.addProvider(new BouncyCastleProvider());
      CMSSignedData signature = new CMSSignedData(buffer);
      SignerInformation signer =
          (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
      CertStore cs = signature.getCertificatesAndCRLs("Collection", "BC");

      Iterator iter = cs.getCertificates(signer.getSID()).iterator();
      X509Certificate certificate = (X509Certificate) iter.next();
      CMSProcessable sc = signature.getSignedContent();
      byte[] data = (byte[]) sc.getContent();

      // Verifie la signature
      // System.out.println(signer.verify(certificate, "BC"));
      esito = signer.verify(certificate.getPublicKey(), "BC");
      System.out.println("Verifica FILE: " + esito);

      String fatturapaName =
          pathFilesSignedd.getName().substring(0, pathFilesSignedd.getName().length() - 4).trim();
      System.out.println(" test:" + fatturapaName);
      FileOutputStream envfos = new FileOutputStream(new File(pathBase, fatturapaName));
      envfos.write(data);
      envfos.close();
    } catch (Exception e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }

    return esito;
  }
Ejemplo n.º 19
0
  // ROB duplicato del metodo in VerifyTask ...
  private InputStream getCmsInputStream(String path) {

    FileInputStream is = null;
    try {
      is = new FileInputStream(path);
    } catch (FileNotFoundException ex) {
      System.out.println("Errore nell'acquisizione del file: " + ex);
    }
    ByteArrayInputStream bais = null;
    try {
      CMSSignedData cms = new CMSSignedData(is);

      ByteArrayOutputStream baos = new ByteArrayOutputStream();
      cms.getSignedContent().write(baos);
      bais = new ByteArrayInputStream(baos.toByteArray());
    } catch (CMSException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    }
    return bais;
  }
 public Certificate getSignerCertificate() {
   try {
     Collection certificateCollection =
         cmsSignedData.getCertificates().getMatches(firstSignerInfo.getSID());
     Iterator iterator = certificateCollection.iterator();
     X509CertificateHolder certHolder = (X509CertificateHolder) iterator.next();
     return CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME)
         .generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
   } catch (Exception e) {
     log.error(Channel.TECH, "Could not extract signer certificate from CMS signature : %1$s", e);
   }
   return null;
 }
 public void appendSignatureTimeStamp(byte[] timeStampTokenBytes) {
   try {
     AttributeTable at = firstSignerInfo.getUnsignedAttributes();
     firstSignerInfo =
         SignerInformation.replaceUnsignedAttributes(
             firstSignerInfo, appendTimestampAttribute(timeStampTokenBytes, at));
     Collection<SignerInformation> signers = new ArrayList<SignerInformation>(1);
     signers.add(firstSignerInfo);
     SignerInformationStore sis = new SignerInformationStore(signers);
     cmsSignedData = CMSSignedData.replaceSigners(cmsSignedData, sis);
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
 }
  /**
   * Genera una lista contenente tutti i firmatari presenti nella busta crittografica
   *
   * @return la lista con tutti i firmatari
   */
  List<SignerInformation> getAllSigners() {
    // genera la lista
    List<SignerInformation> sigInfoList = new LinkedList<SignerInformation>();

    // recupera i firmatari
    SignerInformationStore signers = signedData.getSignerInfos();
    Collection<?> c = signers.getSigners();
    Iterator<?> it = c.iterator();
    while (it.hasNext()) {
      SignerInformation signer = (SignerInformation) it.next();
      sigInfoList.add(signer);
    } // fine while

    return sigInfoList;
  }
 public List<Certificate> getSignatureCertificateInfo() {
   try {
     Store certificateStore = cmsSignedData.getCertificates();
     Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(null);
     List<Certificate> x509CertsCollection =
         new ArrayList<Certificate>(certificateCollection.size());
     for (X509CertificateHolder certHolder : certificateCollection) {
       x509CertsCollection.add(
           CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME)
               .generateCertificate(new ByteArrayInputStream(certHolder.getEncoded())));
     }
     return x509CertsCollection;
   } catch (Exception e) {
     ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
   }
   return null;
 }
  // unsigned CRLs at the root of CMS structure (outside signerInfos)
  public Collection<CRL> getUnsignedCRLs() {
    try {
      Collection<CertificateList> crlCollection = cmsSignedData.getCRLs().getMatches(null);

      // Then we need to "cast" from bouncycastle.CertificateList to java.CRL
      Collection<CRL> x509CrlsCollection = new HashSet<CRL>(crlCollection.size());
      for (CertificateList certList : crlCollection) {
        x509CrlsCollection.add(
            CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME)
                .generateCRL(new ByteArrayInputStream(certList.getEncoded())));
      }
      return x509CrlsCollection;
    } catch (Exception e) {
      ExceptionHandlerTyped.<SPISignatureException>handle(SPISignatureException.class, e);
    }
    return null;
  }
  private Date findTimestamp(CMSSignedData cmsSignedData) {
    Iterator iterator = cmsSignedData.getSignerInfos().getSigners().iterator();

    while (iterator.hasNext()) {

      SignerInformation signerInformation = (SignerInformation) iterator.next();
      AttributeTable signedAttrTable = signerInformation.getSignedAttributes();
      if (signedAttrTable == null) {
        continue;
      }

      ASN1EncodableVector v = signedAttrTable.getAll(CMSAttributes.signingTime);
      switch (v.size()) {
        case 0:
          continue;
        case 1:
          Attribute t = (Attribute) v.get(0);
          ASN1Set attrValues = t.getAttrValues();
          if (attrValues.size() != 1) {
            continue;
          }

          // found it
          try {
            return ((ASN1UTCTime) attrValues.getObjectAt(0).getDERObject()).getDate();
          } catch (ParseException e) {
            e.printStackTrace();
          }
          continue;
        default:
          continue;
      }
    }

    // no timestamp found
    return null;
  }
Ejemplo n.º 26
0
  private MimeMultipart createSignatureEntity(
      byte[] entity, Collection<X509Certificate> signingCertificates) {
    MimeMultipart retVal = null;
    try {
      MimeBodyPart signedContent = new MimeBodyPart(new ByteArrayInputStream(entity));

      ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
      SMIMECapabilityVector caps = new SMIMECapabilityVector();

      caps.addCapability(SMIMECapability.dES_EDE3_CBC);
      caps.addCapability(SMIMECapability.rC2_CBC, 128);
      caps.addCapability(SMIMECapability.dES_CBC);
      caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
      caps.addCapability(x509CertificateObjectsIdent);
      signedAttrs.add(new SMIMECapabilitiesAttribute(caps));

      List certList = new ArrayList();
      CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
      for (X509Certificate signer : signingCertificates) {
        if (signer instanceof X509CertificateEx) {
          generator.addSigner(
              ((X509CertificateEx) signer).getPrivateKey(),
              signer,
              toDigestAlgorithmOid(this.m_digestAlgorithm),
              createAttributeTable(signedAttrs),
              null);
          certList.add(signer);
        }
      }

      CertStore certsAndcrls =
          CertStore.getInstance(
              "Collection",
              new CollectionCertStoreParameters(certList),
              CryptoExtensions.getJCEProviderName());
      generator.addCertificatesAndCRLs(certsAndcrls);
      CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);

      CMSSignedData signedData =
          generator.generate(content, false, CryptoExtensions.getJCEProviderName());

      String header =
          "signed; protocol=\"application/pkcs7-signature\"; micalg="
              + toDigestAlgorithmMicalg(this.m_digestAlgorithm);

      String encodedSig = Base64.encodeBase64String(signedData.getEncoded());

      retVal = new MimeMultipart(header.toString());

      MimeBodyPart sig = new MimeBodyPart(new InternetHeaders(), encodedSig.getBytes("ASCII"));
      sig.addHeader(
          "Content-Type", "application/pkcs7-signature; name=smime.p7s; smime-type=signed-data");
      sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\"");
      sig.addHeader("Content-Description", "S/MIME Cryptographic Signature");
      sig.addHeader("Content-Transfer-Encoding", "base64");

      retVal.addBodyPart(signedContent);
      retVal.addBodyPart(sig);

    } catch (MessagingException e) {
      throw new MimeException(MimeError.InvalidMimeEntity, e);
    } catch (IOException e) {
      throw new SignatureException(SignatureError.InvalidMultipartSigned, e);
    } catch (Exception e) {
      throw new NHINDException(MimeError.Unexpected, e);
    }
    return retVal;
  }
Ejemplo n.º 27
0
 private static byte[] getEncoded(CMSSignedData obj) throws IOException {
   if (obj != null) {
     return obj.getEncoded();
   }
   return new byte[] {'0', 0};
 }
  @Test
  public void testCMSSignature() throws Exception {
    // setup
    byte[] toBeSigned = "hello world".getBytes();
    String signatureDescription = "Test CMS Signature";
    CMSTestSignatureService signatureService =
        new CMSTestSignatureService(toBeSigned, signatureDescription);

    KeyPair keyPair = PkiTestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusYears(1);
    X509Certificate certificate =
        PkiTestUtils.generateCertificate(
            keyPair.getPublic(),
            "CN=Test",
            notBefore,
            notAfter,
            null,
            keyPair.getPrivate(),
            true,
            0,
            null,
            null,
            new KeyUsage(KeyUsage.nonRepudiation));
    List<X509Certificate> signingCertificateChain = new LinkedList<X509Certificate>();
    signingCertificateChain.add(certificate);

    // operate
    DigestInfo digestInfo =
        signatureService.preSign(null, signingCertificateChain, null, null, null);

    // verify
    assertNotNull(digestInfo);
    byte[] digestValue = digestInfo.digestValue;
    LOG.debug("digest value: " + Hex.encodeHexString(digestValue));
    assertNotNull(digestValue);
    assertEquals(signatureDescription, digestInfo.description);
    assertEquals("SHA1", digestInfo.digestAlgo);

    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate());
    byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestValue);
    byte[] signatureValue = cipher.doFinal(digestInfoValue);
    LOG.debug("signature value: " + Hex.encodeHexString(signatureValue));

    // operate
    signatureService.postSign(signatureValue, signingCertificateChain);

    // verify
    byte[] cmsSignature = signatureService.getCMSSignature();
    CMSSignedData signedData = new CMSSignedData(cmsSignature);
    SignerInformationStore signers = signedData.getSignerInfos();
    Iterator<SignerInformation> iter = signers.getSigners().iterator();
    while (iter.hasNext()) {
      SignerInformation signer = iter.next();
      SignerId signerId = signer.getSID();
      assertTrue(signerId.match(certificate));
      assertTrue(signer.verify(keyPair.getPublic(), BouncyCastleProvider.PROVIDER_NAME));
    }
    byte[] data = (byte[]) signedData.getSignedContent().getContent();
    assertArrayEquals(toBeSigned, data);
  }
    protected SignerInformation createSignerInformation() throws Exception {
      X509CertificateEx internalCert = TestUtils.getInternalCert("user1");
      String testMessage = TestUtils.readResource("MultipartMimeMessage.txt");

      MimeMessage entity = EntitySerializer.Default.deserialize(testMessage);
      Message message = new Message(entity);

      MimeEntity entityToSig = message.extractEntityForSignature(true);

      byte[] messageBytes =
          EntitySerializer.Default.serializeToBytes(entityToSig); // Serialize message out as
      // ASCII encoded...

      MimeBodyPart partToSign = null;

      try {
        partToSign = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
      } catch (Exception e) {
      }

      SMIMESignedGenerator gen = new SMIMESignedGenerator();

      ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
      SMIMECapabilityVector caps = new SMIMECapabilityVector();

      caps.addCapability(SMIMECapability.dES_EDE3_CBC);
      caps.addCapability(SMIMECapability.rC2_CBC, 128);
      caps.addCapability(SMIMECapability.dES_CBC);
      caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
      caps.addCapability(PKCSObjectIdentifiers.x509Certificate);
      signedAttrs.add(new SMIMECapabilitiesAttribute(caps));

      List<X509Certificate> certList = new ArrayList<X509Certificate>();

      gen.addSigner(
          internalCert.getPrivateKey(),
          internalCert,
          SMIMESignedGenerator.DIGEST_SHA1,
          new AttributeTable(signedAttrs),
          null);
      certList.add(internalCert);

      theGetCertificates = certList;

      MimeMultipart retVal = null;

      CertStore certsAndcrls =
          CertStore.getInstance(
              "Collection",
              new CollectionCertStoreParameters(certList),
              CryptoExtensions.getJCEProviderName());
      gen.addCertificatesAndCRLs(certsAndcrls);

      retVal = gen.generate(partToSign, CryptoExtensions.getJCEProviderName());

      ByteArrayOutputStream oStream = new ByteArrayOutputStream();
      retVal.writeTo(oStream);
      oStream.flush();
      byte[] serialzedBytes = oStream.toByteArray();

      ByteArrayDataSource dataSource =
          new ByteArrayDataSource(serialzedBytes, retVal.getContentType());

      MimeMultipart verifyMM = new MimeMultipart(dataSource);

      CMSSignedData signeddata =
          new CMSSignedData(
              new CMSProcessableBodyPartInbound(partToSign),
              verifyMM.getBodyPart(1).getInputStream());
      SignerInformationStore signers = signeddata.getSignerInfos();
      Collection c = signers.getSigners();
      Iterator it = c.iterator();
      while (it.hasNext()) {
        SignerInformation signer = (SignerInformation) it.next();
        return signer;
      }
      return null;
    }
Ejemplo n.º 30
0
  public boolean doJob() {
    String strMethod = "doJob()";

    try {
      // _validateCmsSignature();
      CMSSignedData cms = _getSignPkcs7();

      SignerInformationStore sis = cms.getSignerInfos();
      Collection colSignerInfo = sis.getSigners();
      Iterator itrSignerInfo = colSignerInfo.iterator();
      SignerInformation sin = (SignerInformation) itrSignerInfo.next();

      // r�cup�ration du certificat du signataire
      CertStore cse = cms.getCertificatesAndCRLs("Collection", CmsVerif._STR_KST_PROVIDER_BC);
      Iterator itrCert = cse.getCertificates(sin.getSID()).iterator();
      X509Certificate crt = (X509Certificate) itrCert.next();

      // Verifie la signature
      boolean blnCoreValidity = sin.verify(crt, CmsVerif._STR_KST_PROVIDER_BC);

      if (blnCoreValidity) {
        MySystem.s_printOutTrace(this, strMethod, "blnCoreValidity=true");

        String strBody = "CMS Detached signature is OK!";

        strBody += "\n\n" + ". CMS signature file location:";
        strBody += "\n  " + super._strPathAbsFileSig_;

        strBody += "\n\n" + ". Data file location:";
        strBody += "\n  " + super._strPathAbsFileData_;

        OPAbstract.s_showDialogInfo(super._frmOwner_, strBody);

        // SignerInfo sio = sin.toSignerInfo();

        SignerId sid = sin.getSID();

        if (sid != null) {
          System.out.println("sid.getSerialNumber()=" + sid.getSerialNumber());
          System.out.println("sid.getIssuerAsString()=" + sid.getIssuerAsString());
          System.out.println("sid.getSubjectAsString()=" + sid.getSubjectAsString());
        }

        /*System.out.println("sin.getDigestAlgOID()=" + sin.getDigestAlgOID());
        System.out.println("sin.getEncryptionAlgOID()=" + sin.getEncryptionAlgOID());
        System.out.println("sin.toString()=" + sin.toString());
        System.out.println("sin.getVersion()=" + sin.getVersion());*/
      } else {
        MySystem.s_printOutWarning(this, strMethod, "blnCoreValidity=true");

        String strBody = "CMS Detached signature is WRONG!";

        strBody += "\n\n" + ". CMS signature file location:";
        strBody += "\n  " + super._strPathAbsFileSig_;

        strBody += "\n\n" + ". Data file location:";
        strBody += "\n  " + super._strPathAbsFileData_;

        OPAbstract.s_showDialogWarning(super._frmOwner_, strBody);
      }

    } catch (Exception exc) {
      exc.printStackTrace();
      MySystem.s_printOutError(this, strMethod, "exc caught");

      String strBody = "Failed to verify CMS detached signature.";

      strBody += "\n\n" + "Possible reason: wrong data file";

      strBody += "\n\n" + "got exception.";
      strBody += "\n" + exc.getMessage();
      strBody += "\n\n" + "More: see your session.log";

      OPAbstract.s_showDialogError(super._frmOwner_, strBody);

      return false;
    }

    // TODO
    return true;
  }