Examples of org.bouncycastle.cms.CMSSignedData

• org.bouncycastle.cms.CMSSignedData
  general class for handling a pkcs7-signature message. A simple example of usage - note, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer...

   CertStore               certs = s.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore  signers = s.getSignerInfos(); Collection              c = signers.getSigners(); Iterator                it = c.iterator(); while (it.hasNext()) { SignerInformation   signer = (SignerInformation)it.next(); Collection          certCollection = certs.getCertificates(signer.getSID()); Iterator        certIt = certCollection.iterator(); X509Certificate cert = (X509Certificate)certIt.next(); if (signer.verify(cert.getPublicKey())) { verified++; }    } 

            while ((b = in.read()) != -1) {
                bout.write(b);
            }
            final byte[] bytes = bout.toByteArray();

            CMSSignedData signedData = null;
            try {
                signedData = new CMSSignedData(bytes);
            } catch (Exception ex) {
                LOG.debug("Not parsed as CMS: " + ex.getMessage());
            }

            final byte[] requestBytes;

        assertTrue(active);

        assertNotNull(resp);
        byte[] respdoc = resp.getCmsDocument();
        assertNotNull(resp);
        CMSSignedData csd = new CMSSignedData(respdoc);
        SignerInformationStore infoStore = csd.getSignerInfos();
        Collection<SignerInformation> signers = infoStore.getSigners();
        Iterator<SignerInformation> iter = signers.iterator();
        if (iter.hasNext()) {
            SignerInformation si = iter.next();
            assertNotNull(si);
            // log.info("Digest alg is: "+si.getDigestAlgOID());
            assertEquals(CMSSignedGenerator.DIGEST_SHA1, si.getDigestAlgOID());
            SignerId sid = si.getSID();
            // log.info(sid.toString());
            X500Principal issuer = sid.getIssuer();
            assertNotNull(issuer);
            assertEquals("CN=TEST", issuer.getName());
        }
        CertStore store = csd.getCertificatesAndCRLs("Collection", "BC");
        Collection certs = store.getCertificates(null);
        assertEquals(2, certs.size());

        CMSProcessable cp = csd.getSignedContent();
        Object o = cp.getContent();
        byte[] ob = (byte[]) o;
        assertEquals(new String(doc), new String(ob));
    }

        // Request a PKCS#7 via the WS API
        final CertificateResponse pkcs7Response = ejbcaraws.certificateRequest(userdata, requestdata, requesttype, null, CertificateHelper.RESPONSETYPE_PKCS7);
        // Verify that the response is of the right type
        assertTrue(pkcs7Response.getResponseType().equals(CertificateHelper.RESPONSETYPE_PKCS7));
        // Verify that the PKCS#7 response contains a certificate
        CMSSignedData cmsSignedData = new CMSSignedData(CertificateHelper.getPKCS7(pkcs7Response.getData()));
        assertNotNull(cmsSignedData);
        CertStore certStore = cmsSignedData.getCertificatesAndCRLs("Collection", "BC");
        assertTrue(certStore.getCertificates(null).size() == 1);
        return null;
    }

        ejbcaraws.editUser(userdatas.get(0));
        certenv = ejbcaraws
                .pkcs10Request(CA1_WSTESTUSER1, "foo123", new String(Base64.encode(pkcs10.getEncoded())), null, CertificateHelper.RESPONSETYPE_PKCS7);
        assertTrue(certenv.getResponseType().equals(CertificateHelper.RESPONSETYPE_PKCS7));
        CMSSignedData cmsSignedData = new CMSSignedData(CertificateHelper.getPKCS7(certenv.getData()));
        assertTrue(cmsSignedData != null);

        CertStore certStore = cmsSignedData.getCertificatesAndCRLs("Collection", "BC");
        assertTrue(certStore.getCertificates(null).size() == 1);

    }

    firstCertificate = resp.getCertificate();
    assertNotNull(firstCertificate);
    // Check the pkcs7 response
    byte[] pkcs7 = resp.getCertificateAsPKCS7();
    assertNotNull(pkcs7);
        CMSSignedData s = new CMSSignedData(pkcs7);
        // The signer, i.e. the CA, check it's the right CA
        SignerInformationStore signers = s.getSignerInfos();
        Collection col = signers.getSigners();
        assertTrue(col.size() > 0);
        Iterator siter = col.iterator();
        SignerInformation signerInfo = (SignerInformation)siter.next();
        SignerId sinfo = signerInfo.getSID();
        // Check that the signer is the expected CA
        assertEquals(CertTools.stringToBCDNString(firstCertificate.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString()));
        CertStore certstore = s.getCertificatesAndCRLs("Collection","BC");
        Collection certs = certstore.getCertificates(null);
        assertEquals(certs.size(), 2);
        Iterator it = certs.iterator();
        boolean found = false;
        while (it.hasNext()) {

    firstCertificate = resp.getCertificate();
    assertNotNull(firstCertificate);
    // Check the pkcs7 response
    byte[] pkcs7 = resp.getCertificateAsPKCS7();
    assertNotNull(pkcs7);
        CMSSignedData s = new CMSSignedData(pkcs7);
        // The signer, i.e. the CA, check it's the right CA
        SignerInformationStore signers = s.getSignerInfos();
        Collection col = signers.getSigners();
        assertTrue(col.size() > 0);
        Iterator siter = col.iterator();
        SignerInformation signerInfo = (SignerInformation)siter.next();
        SignerId sinfo = signerInfo.getSID();
        // Check that the signer is the expected CA
        assertEquals(CertTools.stringToBCDNString(firstCertificate.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString()));
        CertStore certstore = s.getCertificatesAndCRLs("Collection","BC");
        Collection certs = certstore.getCertificates(null);
        assertEquals(certs.size(), 2);
        Iterator it = certs.iterator();
        boolean found = false;
        while (it.hasNext()) {

    }
    assertFalse("AutoEnrollment has to be enabled for this test to work.", response.contains("Not allowed."));
    response = response.replaceFirst("-----BEGIN PKCS7-----", "").replaceFirst("-----END PKCS7-----", "");
    byte[] responseData = Base64.decode(response.getBytes());
    X509Certificate returnCertificate= null;
    CMSSignedData p7b = new CMSSignedData(responseData);
    CertStore certStore = p7b.getCertificatesAndCRLs("Collection", "BC");
    SignerInformationStore  signers = p7b.getSignerInfos();
    Iterator<SignerInformation> iter = signers.getSigners().iterator();
    while (iter.hasNext())
    {
      SignerInformation signer = iter.next();
      X509Certificate caCert = (X509Certificate) certStore.getCertificates(signer.getSID()).iterator().next();

          certList.add(signCert);
          CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), provider);
      CMSSignedDataGenerator    gen = new CMSSignedDataGenerator();
      gen.addCertificatesAndCRLs(certs);
      gen.addSigner(signKey, signCert, signAlg);
      CMSSignedData           signedData = gen.generate(new CMSProcessableByteArray(data), true, provider);
      retdata = signedData.getEncoded();
    } catch(Exception e){
      log.error("Error signing data : ", e);
    }
    return retdata;
  }

    byte[] content = null;


        try{
          // First verify the signature
          CMSSignedData     sp = new CMSSignedData(signedData);

          CertStore               certs = sp.getCertificatesAndCRLs("Collection", "BC");
          SignerInformationStore  signers = sp.getSignerInfos();

          ByteArrayOutputStream baos = new ByteArrayOutputStream();
          ((CMSProcessableByteArray) sp.getSignedContent()).write(baos);
          content = baos.toByteArray();
          baos.close();

          Collection              c = signers.getSigners();
          Iterator                it = c.iterator();

                }
                if ( !StringUtils.equals(con.getContentType(), mimetype) ) {
                    StressTest.this.performanceTest.getLog().error("Content type not "+mimetype+": "+con.getContentType());
                    return false;
                }
                final CMSSignedData s = new CMSSignedData(con.getInputStream());
                final CertStore certstore = s.getCertificatesAndCRLs("Collection","BC");
                final Collection<?> certs = certstore.getCertificates(null);
                // Length two if the Scep RA server is signed directly by a Root CA
                // Length three if the Scep RA server is signed by a CA which is signed by a Root CA
                final Iterator<?> it = certs.iterator();
                if ( this.sessionData.certchain!=null && this.sessionData.certchain.length!=certs.size() ) {