Java Code Examples for org.bouncycastle.cms.CMSSignedData#getCertificates()

private Collection<X509Certificate> getSignersCertificates(CMSSignedData previewSignerData) {
	Collection<X509Certificate> result = new HashSet<X509Certificate>();
	Store<?> certStore = previewSignerData.getCertificates();
	SignerInformationStore signers = previewSignerData.getSignerInfos();
	Iterator<?> it = signers.getSigners().iterator();
	while (it.hasNext()) {
		SignerInformation signer = (SignerInformation) it.next();
		@SuppressWarnings("unchecked")
		Collection<?> certCollection = certStore.getMatches(signer.getSID());
		Iterator<?> certIt = certCollection.iterator();
		X509CertificateHolder certificateHolder = (X509CertificateHolder) certIt.next();
		try {
			result.add(new JcaX509CertificateConverter().getCertificate(certificateHolder));
		} catch (CertificateException error) {
		}
	}
	return result;

}
 

public static boolean verifSignData(final byte[] signedData) throws CMSException, IOException, OperatorCreationException, CertificateException {
    ByteArrayInputStream bIn = new ByteArrayInputStream(signedData);
    ASN1InputStream aIn = new ASN1InputStream(bIn);
    CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
    aIn.close();
    bIn.close();
    Store certs = s.getCertificates();
    SignerInformationStore signers = s.getSignerInfos();
    Collection<SignerInformation> c = signers.getSigners();
    SignerInformation signer = c.iterator().next();
    Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());
    Iterator<X509CertificateHolder> certIt = certCollection.iterator();
    X509CertificateHolder certHolder = certIt.next();
    boolean verifResult = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));
    if (!verifResult) {
        return false;
    }
    return true;
}
 

private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
 

private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
 

private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
 

private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
 

private void extractChain(SignatureVerificationResult result, CMSSignedData signedData) throws CertificateException {
   Store<X509CertificateHolder> certs = signedData.getCertificates();
   Collection<X509CertificateHolder> certCollection = certs.getMatches(new CmsSignatureBuilder.X509CertifcateSelector());
   Iterator iterator = certCollection.iterator();

   while(iterator.hasNext()) {
      result.getCertChain().add(converter.getCertificate((X509CertificateHolder)iterator.next()));
   }

}
 

/**
 * Note:
 * Section 5.1 of RFC 3852 [4] requires that, the CMS SignedData version be set to 3 if certificates from
 * SignedData is present AND (any version 1 attribute certificates are present OR any SignerInfo structures
 * are version 3 OR eContentType from encapContentInfo is other than id-data). Otherwise, the CMS
 * SignedData version is required to be set to 1.
 * CMS SignedData Version is handled automatically by BouncyCastle.
 *
 * @param parameters
 *            set of the driving signing parameters
 * @param contentSigner
 *            the contentSigner to get the hash of the data to be signed
 * @param signerInfoGeneratorBuilder
 *            the builder for the signer info generator
 * @param originalSignedData
 *            the original signed data if extending an existing signature. null otherwise.
 * @return the bouncycastle signed data generator which signs the document and adds the required signed and unsigned
 *         CMS attributes
 * @throws eu.europa.esig.dss.model.DSSException
 */
protected CMSSignedDataGenerator createCMSSignedDataGenerator(final CAdESSignatureParameters parameters, final ContentSigner contentSigner,
		final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder, final CMSSignedData originalSignedData) throws DSSException {
	try {
		final CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
		final SignerInfoGenerator signerInfoGenerator = getSignerInfoGenerator(signerInfoGeneratorBuilder, contentSigner, parameters);

		generator.addSignerInfoGenerator(signerInfoGenerator);

		final List<CertificateToken> certificateChain = new LinkedList<>();
		if (originalSignedData != null) {

			generator.addSigners(originalSignedData.getSignerInfos());
			generator.addAttributeCertificates(originalSignedData.getAttributeCertificates());
			generator.addCRLs(originalSignedData.getCRLs());
			generator.addOtherRevocationInfo(id_pkix_ocsp_basic, originalSignedData.getOtherRevocationInfo(id_pkix_ocsp_basic));
			generator.addOtherRevocationInfo(id_ri_ocsp_response, originalSignedData.getOtherRevocationInfo(id_ri_ocsp_response));

			final Store<X509CertificateHolder> certificates = originalSignedData.getCertificates();
			final Collection<X509CertificateHolder> certificatesMatches = certificates.getMatches(null);
			for (final X509CertificateHolder certificatesMatch : certificatesMatches) {
				final CertificateToken token = DSSASN1Utils.getCertificate(certificatesMatch);
				if (!certificateChain.contains(token)) {
					certificateChain.add(token);
				}
			}
		}

		final JcaCertStore jcaCertStore = getJcaCertStore(certificateChain, parameters);
		generator.addCertificates(jcaCertStore);
		return generator;
	} catch (CMSException | OperatorCreationException e) {
		throw new DSSException(e);
	}
}
 

/**
 * Extends the provided {@code cmsSignedData} with the required validation data
 * @param cmsSignedData {@link CMSSignedData} to be extended
 * @param validationDataForInclusion the {@link ValidationDataForInclusion} to be included into the cmsSignedData
 * @param detachedContents list of detached {@link DSSDocument}s
 * @return extended {@link CMSSignedData}
 */
@SuppressWarnings({ "unchecked", "rawtypes" })
public CMSSignedData extendCMSSignedData(CMSSignedData cmsSignedData, ValidationDataForInclusion validationDataForInclusion, 
		List<DSSDocument> detachedContents) {

	Store<X509CertificateHolder> certificatesStore = cmsSignedData.getCertificates();
	final Set<CertificateToken> certificates = validationDataForInclusion.getCertificateTokens();
	final Collection<X509CertificateHolder> newCertificateStore = new HashSet<>(certificatesStore.getMatches(null));
	for (final CertificateToken certificateToken : certificates) {
		final X509CertificateHolder x509CertificateHolder = DSSASN1Utils.getX509CertificateHolder(certificateToken);
		newCertificateStore.add(x509CertificateHolder);
	}
	certificatesStore = new CollectionStore<>(newCertificateStore);

	Store<X509CRLHolder> crlsStore = cmsSignedData.getCRLs();
	final Collection<X509CRLHolder> newCrlsStore = new HashSet<>(crlsStore.getMatches(null));
	final List<CRLToken> crlTokens = validationDataForInclusion.getCrlTokens();
	for (final CRLToken crlToken : crlTokens) {
		final X509CRLHolder x509CRLHolder = getX509CrlHolder(crlToken);
		newCrlsStore.add(x509CRLHolder);
	}
	crlsStore = new CollectionStore<>(newCrlsStore);

	Store otherRevocationInfoFormatStoreBasic = cmsSignedData.getOtherRevocationInfo(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
	final Collection<ASN1Primitive> newOtherRevocationInfoFormatStore = new HashSet<>(otherRevocationInfoFormatStoreBasic.getMatches(null));
	final List<OCSPToken> ocspTokens = validationDataForInclusion.getOcspTokens();
	for (final OCSPToken ocspToken : ocspTokens) {
		final BasicOCSPResp basicOCSPResp = ocspToken.getBasicOCSPResp();
		if (basicOCSPResp != null) {
			newOtherRevocationInfoFormatStore.add(DSSASN1Utils.toASN1Primitive(DSSASN1Utils.getEncoded(basicOCSPResp)));
		}
	}
	otherRevocationInfoFormatStoreBasic = new CollectionStore(newOtherRevocationInfoFormatStore);

	Store attributeCertificatesStore = cmsSignedData.getAttributeCertificates();
	Store otherRevocationInfoFormatStoreOcsp = cmsSignedData.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response);

	final CMSSignedDataBuilder cmsSignedDataBuilder = new CMSSignedDataBuilder(certificateVerifier);
	cmsSignedData = cmsSignedDataBuilder.regenerateCMSSignedData(cmsSignedData, detachedContents, certificatesStore, attributeCertificatesStore, crlsStore,
			otherRevocationInfoFormatStoreBasic, otherRevocationInfoFormatStoreOcsp);
	return cmsSignedData;
}
 

@Override
protected DSSDocument getSignedDocument() {
	FileDocument fileDocument = new FileDocument("src/test/resources/validation/counterSig.p7m");
	
	try (InputStream is = fileDocument.openStream()) {
		CMSSignedData cms = new CMSSignedData(is);
		Collection<SignerInformation> signers = cms.getSignerInfos().getSigners();
		assertEquals(1, signers.size());

		Store<X509CertificateHolder> certificates = cms.getCertificates();

		SignerInformation signerInformation = signers.iterator().next();

		Collection<X509CertificateHolder> matches = certificates.getMatches(signerInformation.getSID());
		X509CertificateHolder cert = matches.iterator().next();

		SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(new BouncyCastleProvider()).build(cert);

		assertTrue(signerInformation.verify(verifier));

		SignerInformationStore counterSignatures = signerInformation.getCounterSignatures();
		for (SignerInformation counterSigner : counterSignatures) {

			Collection<X509CertificateHolder> matchesCounter = certificates.getMatches(counterSigner.getSID());
			X509CertificateHolder counterCert = matchesCounter.iterator().next();

			SignerInformationVerifier counterVerifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(new BouncyCastleProvider()).build(counterCert);

			assertTrue(counterSigner.verify(counterVerifier));
		}
	} catch (Exception e) {
		fail(e);
	}
	
	return fileDocument;
	
}