Examples of org.bouncycastle.cms.CMSSignedData

• org.bouncycastle.cms.CMSSignedData
  general class for handling a pkcs7-signature message. A simple example of usage - note, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer...

   CertStore               certs = s.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore  signers = s.getSignerInfos(); Collection              c = signers.getSigners(); Iterator                it = c.iterator(); while (it.hasNext()) { SignerInformation   signer = (SignerInformation)it.next(); Collection          certCollection = certs.getCertificates(signer.getSID()); Iterator        certIt = certCollection.iterator(); X509Certificate cert = (X509Certificate)certIt.next(); if (signer.verify(cert.getPublicKey())) { verified++; }    } 

    */
   public PKCS7SignatureInput(byte[] bytes)
   {
      try
      {
         this.data = new CMSSignedData(bytes);
      }
      catch (CMSException e)
      {
         throw new RuntimeException(e);
      }

         baseGenericType = param.getActualTypeArguments()[0];
         baseType = Types.getRawType(baseGenericType);
      }
      try
      {
         CMSSignedData data = new CMSSignedData(entityStream);
         PKCS7SignatureInput input = new PKCS7SignatureInput();
         input.setType(baseType);
         input.setGenericType(baseGenericType);
         input.setAnnotations(annotations);
         input.setData(data);

      CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
      signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
      //signGen.addCertificatesAndCRLs(certs);
      CMSProcessable content = new CMSProcessableByteArray(bodyOs.toByteArray());

      CMSSignedData signedData = signGen.generate(content, true, "BC");
      return signedData.getEncoded();
   }

      CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
      signGen.addSigner(priv, (X509Certificate)storecert, CMSSignedDataGenerator.DIGEST_SHA512);
      //signGen.addCertificatesAndCRLs(certs);
      CMSProcessable content = new CMSProcessableByteArray(contentbytes);

      CMSSignedData signedData = signGen.generate(content, true, "BC");
      return signedData.getEncoded();
   }

      X509Certificate cert = KeyTools.generateTestCertificate(keyPair);

      byte[] signed = p7s(privateKey, cert, null, tiny.getBytes());


      CMSSignedData data = new CMSSignedData(signed);
      byte[] bytes = (byte[])data.getSignedContent().getContent();
      System.out.println("BYTES: " + new String(bytes));
      System.out.println("size:" + signed.length);
      System.out.println("Base64.size: " + Base64.encodeBytes(signed).length());

      SignerInformation signer = (SignerInformation)data.getSignerInfos().getSigners().iterator().next();
      System.out.println("valid: " + signer.verify(cert, "BC"));
      client.close();


   }

                new JcaDigestCalculatorProviderBuilder()
                .build())
            .setDirectSignature(true)
            .build(sha1Signer, publicKey));
        gen.addCertificates(certs);
        CMSSignedData sigData = gen.generate(data, false);

        ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
        DEROutputStream dos = new DEROutputStream(mOutputJar);
        dos.writeObject(asn1.readObject());
    }

      }

      cmsSignedDataGenerator.addCertificates(this.getCertificateStore());
      CMSTypedData content = new CMSProcessableByteArray(data);

      CMSSignedData signedData = cmsSignedDataGenerator.generate(content, true);

      if (timeStampClient != null) {
        SignerInformationStore signerInformationStore = signedData.getSignerInfos();
        List list = new ArrayList();
        for (Object o : signerInformationStore.getSigners()) {
          SignerInformation signerInformation = (SignerInformation) o;
          TimeStamp timeStamp = timeStampClient.getTimeStamp(signerInformation.getSignature());
          DERObject derObject = new ASN1InputStream(timeStamp.getEncoded()).readObject();
          DERSet derSet = new DERSet(derObject);

          Hashtable hashtable = new Hashtable();
          Attribute unsignAtt = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, derSet);
          hashtable.put(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, unsignAtt);

          AttributeTable unsignedAtts = new AttributeTable(hashtable);

          list.add(SignerInformation.replaceUnsignedAttributes(signerInformation, unsignedAtts));
        }

        SignerInformationStore tmpSignerInformationStore = new SignerInformationStore(list);

        signedData = CMSSignedData.replaceSigners(signedData, tmpSignerInformationStore);
      }

      return signedData.getEncoded();
    } catch (Exception e) {
      throw new SignerException(e);
    }
  }

  @SuppressWarnings("unchecked")
  public boolean verify(final byte[] data, final byte[] signature) {
    Assert.notEmpty(data, "data");
    Assert.notEmpty(signature, "signature");
    try {
      CMSSignedData signedData = new CMSSignedData(signature);
      CollectionStore certificatesStore = (CollectionStore) signedData.getCertificates();
      // CollectionStore crlStore = (CollectionStore) signedData.getCRLs();

      SignerInformationStore signerInformationStore = signedData.getSignerInfos();
      boolean verified = true;
      for (Object o : signerInformationStore.getSigners()) {
        SignerInformation signerInformation = (SignerInformation) o;

        Collection<Certificate> collection = certificatesStore.getMatches(null);
        if (!collection.isEmpty()) {
          for (Certificate cert : collection) {

            JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
            jcaContentVerifierProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);

            ContentVerifierProvider contentVerifierProvider = jcaContentVerifierProviderBuilder.build((X509Certificate) cert);

            JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
            digestCalculatorProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
            DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();

            SignerInformationVerifier signerInformationVerifier = new SignerInformationVerifier(contentVerifierProvider, digestCalculatorProvider);

            if (!signerInformation.verify(signerInformationVerifier)) {
              verified = false;
            }
          }
        }
      }
      if (verified) {
        CMSProcessable signedContent = signedData.getSignedContent();
        byte[] content = (byte[]) signedContent.getContent();
        verified = Arrays.equals(data, content);
      }
      return verified;
    } catch (Exception e) {

        gen.addSigner(keyPair.getPrivate(), keyCert, CMSSignedDataGenerator.DIGEST_SHA1);

        gen.addCertificatesAndCRLs(certsAndCrls);

        CMSSignedData s = gen.generate(msg, true, "SunRsaSign");

        ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
        ASN1InputStream aIn = new ASN1InputStream(bIn);

        s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));

        certsAndCrls = s.getCertificatesAndCRLs("Collection", "SUN");

        SignerInformationStore signers = s.getSignerInfos();
        Collection c = signers.getSigners();
        Iterator it = c.iterator();

        while (it.hasNext())
        {

        gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);

        gen.addCertificatesAndCRLs(certs);

        CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, "BC", false);

        CMSSignedDataParser     sp = new CMSSignedDataParser(
                new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded());

        sp.getSignedContent().drain();

        //
        // compute expected content digest