Examples of org.bouncycastle.cms.SignerInformation

• org.bouncycastle.cms.SignerInformation
  an expanded SignerInfo block from a CMS Signed message

            SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().build(publicKey);

            Iterator<SignerInformation> signerIter = signedData.getSignerInfos().getSigners().iterator();

            while (signerIter.hasNext()) {
                SignerInformation each = signerIter.next();
                if (each.verify(verifier)) {
                    return true;
                }
            }

            return false;

        ASN1Encodable signatureTimeStamp = new Attribute(oid, new DERSet(byteToASN1Object(token)));

        vector.add(signatureTimeStamp);
        Attributes signedAttributes = new Attributes(vector);

        SignerInformation newSigner = SignerInformation.replaceUnsignedAttributes(
                signer, new AttributeTable(signedAttributes));

        // TODO can this actually happen?
        if (newSigner == null)
        {

            CMSSignedData csd = new CMSSignedData(scepmsg);
            SignerInformationStore infoStore = csd.getSignerInfos();
            Collection signers = infoStore.getSigners();
            Iterator iter = signers.iterator();
            if (iter.hasNext()) {
              SignerInformation si = (SignerInformation)iter.next();
              preferredDigestAlg = si.getDigestAlgOID();
              log.debug("Set "+ preferredDigestAlg+" as preferred digest algorithm for SCEP");
            }
        } catch (CMSException e) {
          // ignore, use default digest algo
          log.error("CMSException trying to get preferred digest algorithm: ", e);
        }
        // Parse and verify the entegrity of the PKIOperation message PKCS#7
        /* If this would have been done using the newer CMS it would have made me so much happier... */
        ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(scepmsg)).readObject();
        ContentInfo ci = new ContentInfo(seq);
        String ctoid = ci.getContentType().getId();

        if (ctoid.equals(CMSObjectIdentifiers.signedData.getId())) {
            // This is SignedData so it is a pkcsCertReqSigned,
            //  pkcsGetCertInitialSigned, pkcsGetCertSigned, pkcsGetCRLSigned
            // (could also be pkcsRepSigned or certOnly, but we don't receive them on the server side
            // Try to find out what kind of message this is
            sd = new SignedData((ASN1Sequence) ci.getContent());

            // Get self signed cert to identify the senders public key
            ASN1Set certs = sd.getCertificates();
            if (certs.size() > 0) {
                // There should be only one...
                DEREncodable dercert = certs.getObjectAt(0);
                if (dercert != null) {
                    // Requestors self-signed certificate is requestKeyInfo
                    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
                    DEROutputStream dOut = new DEROutputStream(bOut);
                    dOut.writeObject(dercert);
                    if (bOut.size() > 0) {
                        requestKeyInfo = bOut.toByteArray();
                        //Create Certificate used for debugging
                        try {
              signercert = CertTools.getCertfromByteArray(requestKeyInfo);
              if (log.isDebugEnabled()) {
                log.debug("requestKeyInfo is SubjectDN: " + CertTools.getSubjectDN(signercert) +
                    ", Serial=" + CertTools.getSerialNumberAsString(signercert) +
                    "; IssuerDN: "+ CertTools.getIssuerDN(signercert).toString());
              }
            } catch (CertificateException e) {
              log.error("Error parsing requestKeyInfo : ", e);
            }

                    }
                }
            }

            Enumeration sis = sd.getSignerInfos().getObjects();

            if (sis.hasMoreElements()) {
                SignerInfo si = new SignerInfo((ASN1Sequence) sis.nextElement());
                Enumeration attr = si.getAuthenticatedAttributes().getObjects();

                while (attr.hasMoreElements()) {
                    Attribute a = new Attribute((ASN1Sequence) attr.nextElement());

                    log.debug("Found attribute: " + a.getAttrType().getId());

                    "BC");

            SignerInformationStore  signers = signedData.getSignerInfos();
            for (Object o : signers.getSigners()) {
                if (o instanceof SignerInformation) {
                    SignerInformation si = (SignerInformation) o;

                    if (LOG.isDebugEnabled()) {
                        LOG.debug("*** SIGNATURE: " + "\n" + si.getSID());
                    }

                    final Collection<? extends Certificate> signerCerts;
                    try {
                        signerCerts = certs.getCertificates(si.getSID());

                        if (LOG.isDebugEnabled()) {
                            LOG.debug("signerCerts: " + signerCerts);
                        }

                        for (Certificate signerCert : signerCerts) {
                            final X509Certificate signerX509Cert =
                                    (X509Certificate) signerCert;
                            boolean consistent = si.verify(signerCert
                                    .getPublicKey(), "BC");

                            if (consistent) {

                                if (LOG.isDebugEnabled()) {

        CMSSignedData csd = new CMSSignedData(respdoc);
        SignerInformationStore infoStore = csd.getSignerInfos();
        Collection<SignerInformation> signers = infoStore.getSigners();
        Iterator<SignerInformation> iter = signers.iterator();
        if (iter.hasNext()) {
            SignerInformation si = iter.next();
            assertNotNull(si);
            // log.info("Digest alg is: "+si.getDigestAlgOID());
            assertEquals(CMSSignedGenerator.DIGEST_SHA1, si.getDigestAlgOID());
            SignerId sid = si.getSID();
            // log.info(sid.toString());
            X500Principal issuer = sid.getIssuer();
            assertNotNull(issuer);
            assertEquals("CN=TEST", issuer.getName());
        }

        // The signer, i.e. the CA, check it's the right CA
        SignerInformationStore signers = s.getSignerInfos();
        Collection col = signers.getSigners();
        assertTrue(col.size() > 0);
        Iterator siter = col.iterator();
        SignerInformation signerInfo = (SignerInformation)siter.next();
        SignerId sinfo = signerInfo.getSID();
        // Check that the signer is the expected CA
        assertEquals(CertTools.stringToBCDNString(firstCertificate.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString()));
        CertStore certstore = s.getCertificatesAndCRLs("Collection","BC");
        Collection certs = certstore.getCertificates(null);
        assertEquals(certs.size(), 2);

        // The signer, i.e. the CA, check it's the right CA
        SignerInformationStore signers = s.getSignerInfos();
        Collection col = signers.getSigners();
        assertTrue(col.size() > 0);
        Iterator siter = col.iterator();
        SignerInformation signerInfo = (SignerInformation)siter.next();
        SignerId sinfo = signerInfo.getSID();
        // Check that the signer is the expected CA
        assertEquals(CertTools.stringToBCDNString(firstCertificate.getIssuerDN().getName()), CertTools.stringToBCDNString(sinfo.getIssuerAsString()));
        CertStore certstore = s.getCertificatesAndCRLs("Collection","BC");
        Collection certs = certstore.getCertificates(null);
        assertEquals(certs.size(), 2);

    CertStore certStore = p7b.getCertificatesAndCRLs("Collection", "BC");
    SignerInformationStore  signers = p7b.getSignerInfos();
    Iterator<SignerInformation> iter = signers.getSigners().iterator();
    while (iter.hasNext())
    {
      SignerInformation signer = iter.next();
      X509Certificate caCert = (X509Certificate) certStore.getCertificates(signer.getSID()).iterator().next();
      Iterator<? extends Certificate> iter2 = certStore.getCertificates(null).iterator();
      if (iter2.hasNext()) {
        X509Certificate cert = (X509Certificate)iter2.next();
        if (!caCert.getSubjectDN().getName().equals(cert.getSubjectDN().getName())) {
          returnCertificate = cert;

          Collection              c = signers.getSigners();
          Iterator                it = c.iterator();

          while (it.hasNext())
          {
            SignerInformation   signer = (SignerInformation)it.next();
            Collection          certCollection = certs.getCertificates(signer.getSID());

            Iterator        certIt = certCollection.iterator();
            usercert = (X509Certificate)certIt.next();

            boolean validalg = signer.getDigestAlgOID().equals(signAlg);


            verifies = validalg && signer.verify(usercert.getPublicKey(), "BC");

          }

          // Second validate the certificate
          X509Certificate rootCert = null;

              if ( col.size() <= 0 ) {
                StressTest.this.performanceTest.getLog().error("Signers can not be 0");
                return false;
              }
              Iterator<?> iter = col.iterator();
              SignerInformation signerInfo = (SignerInformation)iter.next();
              // Check that the message is signed with the correct digest alg
              if ( !StringUtils.equals(digestOid, signerInfo.getDigestAlgOID()) ) {
                StressTest.this.performanceTest.getLog().error("Digest algorithms do not match: "+digestOid+", "+signerInfo.getDigestAlgOID());
                return false;
              }
              SignerId sinfo = signerInfo.getSID();
              // Check that the signer is the expected CA
              String raCertIssuer = CertTools.stringToBCDNString(this.sessionData.certchain[0].getIssuerDN().getName());
              String sinfoIssuer = CertTools.stringToBCDNString(sinfo.getIssuerAsString());
              if ( !StringUtils.equals(raCertIssuer, sinfoIssuer) ) {
                StressTest.this.performanceTest.getLog().error("Issuers does not match: "+raCertIssuer+", "+sinfoIssuer);
                return false;
              }

              // Verify the signature
              boolean ret = signerInfo.verify(this.sessionData.certchain[0].getPublicKey(), "BC");
              if ( !ret ) {
                StressTest.this.performanceTest.getLog().error("Can not verify signerInfo");
                return false;
              }
              // Get authenticated attributes
              AttributeTable tab = signerInfo.getSignedAttributes();
              // --Fail info
              Attribute attr = tab.get(new DERObjectIdentifier(ScepRequestMessage.id_failInfo));
              // No failInfo on this success message
              if(expectedResponseStatus == ResponseStatus.SUCCESS){
                if ( attr != null ) {