private SignatureData getFromCmsSignature( SignatureVerificationRequest signatureVerificationRequest, SignatureVerificationResponse response) throws CMSException { String signature = signatureVerificationRequest.getSignature(); byte[] decoded = Base64.decode(signature); CMSSignedData cmsSignedData = new CMSSignedData(decoded); String encodedSignedData = new String((byte[]) cmsSignedData.getSignedContent().getContent()); // Fetch information about the issuers List<String> certInfos = new ArrayList<String>(); Collection certificates = cmsSignedData.getCertificates().getMatches(null); for (Object certificate : certificates) { X509CertificateHolder holder = (X509CertificateHolder) certificate; certInfos.add(holder.getSubject().toString()); CertificateInfo ci = new CertificateInfo(); ci.setSubjectDn(holder.getSubject().toString()); ci.setValidTo(simpleDateFormat.format(holder.getNotAfter())); response.getCertificateInfos().getCertificateInfo().add(ci); } // Fetch timestamp Date signingDate = findTimestamp(cmsSignedData); String dateString = simpleDateFormat.format(signingDate); response.setSignatureDate(dateString); // Create the SignatureData to be verified SignatureData signData = new SignatureData(); signData.setEncodedTbs(encodedSignedData); signData.setSignature(signature); ELegType clientType = new ELegType("test", "test", PkiClient.NETMAKER_NETID_4); signData.setClientType(clientType); return signData; }
/** * Preparation for signing, ie. encode <code>tbs</code> - To Be Signed and generate <code>nonce * </code>. The returned string should be the name of a pki client and should mapped to a view * with the same name. * * @param signData data used during signing * @return the name of the pki client * @throws SignatureException if preparation fails */ public String prepareSign(SignatureData signData) throws SignatureException { encodeTbs(signData); if (!signData.getPkiClient().equals(PkiClient.MOBILE_BANKID)) { String nonce = signatureService.generateNonce(signData.getPkiClient()); signData.setNonce(nonce); } return signData.getPkiClient().toString(); }
private SignatureData createSignatureDataFromXmlDigSig(String signature) throws SignatureException { // Start with setting some fields that are known directly SignatureData signatureData = new SignatureData(); signatureData.setClientType(new ELegType("test", "test", PkiClient.NEXUS_PERSONAL_4X)); signatureData.setSignature(new String(Base64.encode(signature.getBytes()))); // For the rest we need to parse the XML try { Document document = createDocument(new ByteArrayInputStream(signature.getBytes()), false); // nonce and tbs XPath xpath = XPathFactory.newInstance().newXPath(); XPathExpression expression = xpath.compile("/Signature/Object/bankIdSignedData/srvInfo/nonce/text()"); String encodedNonce = (String) expression.evaluate(document, XPathConstants.STRING); String decodedNonce = new String(Base64.decode(encodedNonce)); // will be re-encoded again before it is sent signatureData.setNonce(decodedNonce); expression = xpath.compile("/Signature/Object/bankIdSignedData/usrVisibleData/text()"); String encodedTbs = (String) expression.evaluate(document, XPathConstants.STRING); String decodedTbs = new String(Base64.decode(encodedTbs)); // this will be re-encoded again before it is sent signatureData.setEncodedTbs(encodedTbs); signatureData.setTbs(decodedTbs); } catch (XPathExpressionException e) { throw new SignatureException(e); } catch (ParserConfigurationException e) { throw new SignatureException(e); } catch (SAXException e) { throw new SignatureException(e); } catch (IOException e) { throw new SignatureException(e); } return signatureData; }
private void encodeTbs(SignatureData signData) throws SignatureException { String encodedTbs = signatureService.encodeTbs(signData.getTbs(), signData.getPkiClient()); signData.setEncodedTbs(encodedTbs); }