本文整理汇总了Java中org.bouncycastle.cms.SignerId类的典型用法代码示例。如果您正苦于以下问题:Java SignerId类的具体用法?Java SignerId怎么用?Java SignerId使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
SignerId类属于org.bouncycastle.cms包,在下文中一共展示了SignerId类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getSignerId
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
public SignerId getSignerId(X509CertSelector certSelector)
{
try
{
if (certSelector.getSubjectKeyIdentifier() != null)
{
return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
}
else
{
return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
}
}
catch (IOException e)
{
throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
}
}
示例2: updateWithCounterSignature
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
@SuppressWarnings("static-access")
private CMSSignedData updateWithCounterSignature(final CMSSignedData counterSignature,
final CMSSignedData originalSignature, SignerId selector) {
// Retrieve the SignerInformation from the countersigned signature
final SignerInformationStore originalSignerInfos = originalSignature.getSignerInfos();
// Retrieve the SignerInformation from the countersignature
final SignerInformationStore signerInfos = counterSignature.getSignerInfos();
// Add the countersignature
SignerInformation updatedSI = originalSignature.getSignerInfos().get(selector)
.addCounterSigners(originalSignerInfos.get(selector), signerInfos);
// Create updated SignerInformationStore
Collection<SignerInformation> counterSignatureInformationCollection = new ArrayList<SignerInformation>();
counterSignatureInformationCollection.add(updatedSI);
SignerInformationStore signerInformationStore = new SignerInformationStore(
counterSignatureInformationCollection);
// Return new, updated signature
return CMSSignedData.replaceSigners(originalSignature, signerInformationStore);
}
示例3: checkCertPath
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
private PKIXCertPathBuilderResult checkCertPath(SignerId signerId, Store certs)
throws IOException, GeneralSecurityException
{
CertStore store = new JcaCertStoreBuilder().setProvider("BC").addCertificates(certs).build();
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX","BC");
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setIssuer(signerId.getIssuer().getEncoded());
targetConstraints.setSerialNumber(signerId.getSerialNumber());
PKIXBuilderParameters params = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(trustAnchor, null)), targetConstraints);
params.addCertStore(store);
params.setRevocationEnabled(false); // TODO: CRLs?
return (PKIXCertPathBuilderResult)pathBuilder.build(params);
}
示例4: getSignerId
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
public SignerId getSignerId(X509CertSelector certSelector)
{
try
{
if (certSelector.getSubjectKeyIdentifier() != null)
{
return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
}
else
{
return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
}
}
catch (Exception e)
{
throw new IllegalArgumentException("conversion failed: " + e.toString());
}
}
示例5: testCPDRequest
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
public void testCPDRequest()
throws Exception
{
CMSSignedData reqMsg = getWrappedCPDRequest();
assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
{
public SignerInformationVerifier get(SignerId sid)
throws OperatorCreationException
{
return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
}
}));
DVCSRequest request = new DVCSRequest(reqMsg);
CPDRequestData reqData = (CPDRequestData)request.getData();
assertTrue(Arrays.areEqual(new byte[100], reqData.getMessage()));
}
示例6: testVPKCRequest
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
public void testVPKCRequest()
throws Exception
{
SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
VPKCRequestBuilder reqBuilder = new VPKCRequestBuilder();
reqBuilder.addTargetChain(new JcaX509CertificateHolder(signCert));
CMSSignedData reqMsg = gen.build(reqBuilder.build());
assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
{
public SignerInformationVerifier get(SignerId sid)
throws OperatorCreationException
{
return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
}
}));
DVCSRequest request = new DVCSRequest(reqMsg);
VPKCRequestData reqData = (VPKCRequestData)request.getData();
assertEquals(new TargetEtcChain(new CertEtcToken(CertEtcToken.TAG_CERTIFICATE, new JcaX509CertificateHolder(signCert).toASN1Structure())), ((TargetChain)reqData.getCerts().get(0)).toASN1Structure());
}
示例7: testVSDRequest
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
public void testVSDRequest()
throws Exception
{
CMSSignedData message = getWrappedCPDRequest();
SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
VSDRequestBuilder reqBuilder = new VSDRequestBuilder();
CMSSignedData reqMsg = gen.build(reqBuilder.build(message));
assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
{
public SignerInformationVerifier get(SignerId sid)
throws OperatorCreationException
{
return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
}
}));
DVCSRequest request = new DVCSRequest(reqMsg);
VSDRequestData reqData = (VSDRequestData)request.getData();
assertEquals(message.toASN1Structure().getContentType(), reqData.getParsedMessage().toASN1Structure().getContentType());
}
示例8: verify
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
public boolean verify(CMSSignedData csd) throws Exception {
boolean verified = true;
Store certs = csd.getCertificates("Collection", "BC");
SignerInformationStore signers = csd.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
SignerId sid = signer.getSID();
// Collection certCollection = certs.getMatches(signer.getSID());
// Collection certCollection = certs.getMatches(null);
List certCollection = filterMatches(certs.getMatches(null), sid);
if (certCollection.size() > 1 || certCollection.isEmpty()) {
return false;
}
Iterator itCert = certCollection.iterator();
// X509CertificateHolder signCertHolder = (X509CertificateHolder) itCert
// .next();
// X509Certificate signCert = new JcaX509CertificateConverter()
// .setProvider("BC").getCertificate(signCertHolder);
X509Certificate signCert = (X509Certificate) certCollection.get(0);
verified = signer.verify(signCert.getPublicKey(), "BC");
// verified = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(signCert));
if (!verified) {
return false;
}
}
return verified;
}
示例9: filterMatches
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
private List filterMatches(Collection certCollection, SignerId sid){
List ret = new ArrayList();
for(Object next : certCollection){
X509Certificate x509cert = (X509Certificate) next;
BigInteger sidSerial = sid.getSerialNumber();
BigInteger cerSerial = x509cert.getSerialNumber();
if(sidSerial.equals(cerSerial)){
ret.add(x509cert);
}
}
return ret;
}
示例10: verify
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
public boolean verify(CMSSignedData csd) throws Exception {
boolean verified = true;
Store certs = csd.getCertificates();
SignerInformationStore signers = csd.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
SignerId sid = signer.getSID();
Collection certCollection = certs.getMatches(signer.getSID());
if (certCollection.size() > 1) {
return false;
}
Iterator itCert = certCollection.iterator();
X509CertificateHolder signCertHolder = (X509CertificateHolder) itCert
.next();
X509Certificate signCert = new JcaX509CertificateConverter()
.setProvider("BC").getCertificate(signCertHolder);
// verified = signer.verify(signCert.getPublicKey(), "BC");
verified = signer.verify((new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(signCert)));
if (!verified) {
return false;
}
}
return verified;
}
示例11: verify
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
public boolean verify(CMSSignedData csd) throws Exception {
boolean verified = true;
Store certs = csd.getCertificates();
SignerInformationStore signers = csd.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
SignerId sid = signer.getSID();
Collection certCollection = certs.getMatches(signer.getSID());
if (certCollection.size() > 1) {
return false;
}
Iterator itCert = certCollection.iterator();
X509CertificateHolder signCertHolder = (X509CertificateHolder) itCert
.next();
X509Certificate signCert = new JcaX509CertificateConverter()
.setProvider("BC").getCertificate(signCertHolder);
verified = signer.verify(signCert.getPublicKey(), "BC");
if (!verified) {
return false;
}
}
return verified;
}
示例12: getCandidatesForSigningCertificate
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
/**
* ETSI TS 101 733 V2.2.1 (2013-04)
* 5.6.3 Signature Verification Process
* ...the public key from the first certificate identified in the sequence
* of certificate identifiers from SigningCertificate shall be the key used
* to verify the digital signature.
*
* @return
*/
@Override
public CandidatesForSigningCertificate getCandidatesForSigningCertificate() {
if (candidatesForSigningCertificate != null) {
return candidatesForSigningCertificate;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Searching the signing certificate...");
}
candidatesForSigningCertificate = new CandidatesForSigningCertificate();
final Collection<CertificateToken> keyInfoCertificates = getCertificateSource().getKeyInfoCertificates();
final SignerId signerId = signerInformation.getSID();
for (final CertificateToken certificateToken : keyInfoCertificates) {
final CertificateValidity certificateValidity = new CertificateValidity(certificateToken);
candidatesForSigningCertificate.add(certificateValidity);
final X509CertificateHolder x509CertificateHolder = DSSASN1Utils.getX509CertificateHolder(certificateToken);
final boolean match = signerId.match(x509CertificateHolder);
certificateValidity.setSignerIdMatch(match);
if (match) {
this.signingCertificateValidity = certificateValidity;
break;
}
}
if (signingCertificateValidity == null) {
LOG.warn("Signing certificate not found: " + signerId.getIssuer() + " " + signerId.getSerialNumber());
} else if (!verifySignedReferencesToSigningCertificate()) {
LOG.warn("There is no valid signed reference to the signing certificate: " + signingCertificateValidity.getCertificateToken().getAbbreviation());
}
return candidatesForSigningCertificate;
}
示例13: testTimestampServerTrust
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
private void testTimestampServerTrust(String tsaLocation) throws Exception {
// setup
TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator();
requestGen.setCertReq(true);
TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1,
new byte[20], BigInteger.valueOf(100));
byte[] requestData = request.getEncoded();
DefaultHttpClient httpClient = new DefaultHttpClient();
// HttpHost proxy = new HttpHost("proxy.yourict.net", 8080);
// httpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY,
// proxy);
HttpPost postMethod = new HttpPost(tsaLocation);
ContentType contentType = ContentType
.create("application/timestamp-query");
HttpEntity requestEntity = new ByteArrayEntity(requestData, contentType);
postMethod.addHeader("User-Agent", "jTrust TSP Client");
postMethod.setEntity(requestEntity);
// operate
long t0 = System.currentTimeMillis();
HttpResponse httpResponse = httpClient.execute(postMethod);
StatusLine statusLine = httpResponse.getStatusLine();
int statusCode = statusLine.getStatusCode();
long t1 = System.currentTimeMillis();
LOG.debug("dt TSP: " + (t1 - t0) + " ms");
if (statusCode != HttpURLConnection.HTTP_OK) {
LOG.error("Error contacting TSP server " + TSA_LOCATION);
throw new Exception("Error contacting TSP server " + TSA_LOCATION);
}
HttpEntity httpEntity = httpResponse.getEntity();
TimeStampResponse tspResponse = new TimeStampResponse(
httpEntity.getContent());
postMethod.releaseConnection();
TimeStampToken timeStampToken = tspResponse.getTimeStampToken();
SignerId signerId = timeStampToken.getSID();
Store certificatesStore = timeStampToken.getCertificates();
Collection<X509CertificateHolder> signerCollection = certificatesStore
.getMatches(signerId);
Iterator<X509CertificateHolder> signerCollectionIterator = signerCollection
.iterator();
X509CertificateHolder signerCertificateHolder = signerCollectionIterator
.next();
// TODO: check time-stamp token signature
List<X509Certificate> certificateChain = getCertificateChain(
signerCertificateHolder, certificatesStore);
for (X509Certificate cert : certificateChain) {
LOG.debug("certificate subject: " + cert.getSubjectX500Principal());
LOG.debug("certificate issuer: " + cert.getIssuerX500Principal());
}
CertificateRepository certificateRepository = BelgianTrustValidatorFactory
.createTSACertificateRepository();
TrustValidator trustValidator = new TrustValidator(
certificateRepository);
// NetworkConfig networkConfig = new NetworkConfig("proxy.yourict.net",
// 8080);
TrustValidatorDecorator trustValidatorDecorator = new TrustValidatorDecorator(
null);
trustValidatorDecorator.addDefaultTrustLinkerConfig(trustValidator);
trustValidator.isTrusted(certificateChain);
}
示例14: getCmsData
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
private byte[] getCmsData(byte[] cms) throws Exception {
CMSSignedData cmsSignedData = new CMSSignedData(cms);
SignerInformationStore signers = cmsSignedData.getSignerInfos();
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next();
SignerId signerId = signer.getSID();
Store certificateStore = cmsSignedData.getCertificates();
Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId);
X509CertificateHolder certificateHolder = certificateCollection.iterator().next();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded()));
// we trust SSL here, no need for explicit verification of CMS signing
// certificate
LOG.debug("CMS signing certificate subject: " + certificate.getSubjectX500Principal());
SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder()
.build(certificate);
boolean signatureResult = signer.verify(signerInformationVerifier);
if (false == signatureResult) {
throw new SecurityException("woops");
}
CMSTypedData signedContent = cmsSignedData.getSignedContent();
byte[] responseData = (byte[]) signedContent.getContent();
return responseData;
}
示例15: getVerifiedContent
import org.bouncycastle.cms.SignerId; //导入依赖的package包/类
private byte[] getVerifiedContent(byte[] cmsData)
throws CertificateException, CMSException, IOException,
OperatorCreationException {
CMSSignedData cmsSignedData = new CMSSignedData(cmsData);
SignerInformationStore signers = cmsSignedData.getSignerInfos();
SignerInformation signer = (SignerInformation) signers.getSigners()
.iterator().next();
SignerId signerId = signer.getSID();
Store certificateStore = cmsSignedData.getCertificates();
Collection<X509CertificateHolder> certificateCollection = certificateStore
.getMatches(signerId);
if (false == certificateCollection.isEmpty()) {
X509CertificateHolder certificateHolder = certificateCollection
.iterator().next();
CertificateFactory certificateFactory = CertificateFactory
.getInstance("X.509");
X509Certificate certificate = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(
certificateHolder.getEncoded()));
SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder()
.build(certificate);
boolean signatureResult = signer.verify(signerInformationVerifier);
assertTrue(signatureResult);
LOG.debug("signer certificate: " + certificate);
} else {
LOG.warn("no signer matched");
}
CMSTypedData signedContent = cmsSignedData.getSignedContent();
byte[] data = (byte[]) signedContent.getContent();
return data;
}