本文整理汇总了Java中org.bouncycastle.cms.SignerInformationVerifier类的典型用法代码示例。如果您正苦于以下问题:Java SignerInformationVerifier类的具体用法?Java SignerInformationVerifier怎么用?Java SignerInformationVerifier使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
SignerInformationVerifier类属于org.bouncycastle.cms包,在下文中一共展示了SignerInformationVerifier类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: isSignatureValid
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
/**
* Return true if the signature on time stamp token is valid.
* <p>
* Note: this is a much weaker proof of correctness than calling validate().
* </p>
*
* @param sigVerifier the content verifier create the objects required to verify the CMS object in the timestamp.
* @return true if the signature matches, false otherwise.
* @throws TSPException if the signature cannot be processed or the provider cannot match the algorithm.
*/
public boolean isSignatureValid(
SignerInformationVerifier sigVerifier)
throws TSPException
{
try
{
return tsaSignerInfo.verify(sigVerifier);
}
catch (CMSException e)
{
if (e.getUnderlyingException() != null)
{
throw new TSPException(e.getMessage(), e.getUnderlyingException());
}
else
{
throw new TSPException("CMS exception: " + e, e);
}
}
}
示例2: verifyTimestampCertificates
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
/**
* Verifies a timestamp against a KeyStore.
* @param ts the timestamp
* @param keystore the <CODE>KeyStore</CODE>
* @param provider the provider or <CODE>null</CODE> to use the BouncyCastle provider
* @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6
*/
public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) {
if (provider == null)
provider = "BC";
try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try {
String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509);
ts.validate(siv);
return true;
}
catch (Exception ex) {
}
}
}
catch (Exception e) {
}
return false;
}
示例3: testCPDRequest
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
public void testCPDRequest()
throws Exception
{
CMSSignedData reqMsg = getWrappedCPDRequest();
assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
{
public SignerInformationVerifier get(SignerId sid)
throws OperatorCreationException
{
return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
}
}));
DVCSRequest request = new DVCSRequest(reqMsg);
CPDRequestData reqData = (CPDRequestData)request.getData();
assertTrue(Arrays.areEqual(new byte[100], reqData.getMessage()));
}
示例4: testVPKCRequest
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
public void testVPKCRequest()
throws Exception
{
SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
VPKCRequestBuilder reqBuilder = new VPKCRequestBuilder();
reqBuilder.addTargetChain(new JcaX509CertificateHolder(signCert));
CMSSignedData reqMsg = gen.build(reqBuilder.build());
assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
{
public SignerInformationVerifier get(SignerId sid)
throws OperatorCreationException
{
return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
}
}));
DVCSRequest request = new DVCSRequest(reqMsg);
VPKCRequestData reqData = (VPKCRequestData)request.getData();
assertEquals(new TargetEtcChain(new CertEtcToken(CertEtcToken.TAG_CERTIFICATE, new JcaX509CertificateHolder(signCert).toASN1Structure())), ((TargetChain)reqData.getCerts().get(0)).toASN1Structure());
}
示例5: testVSDRequest
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
public void testVSDRequest()
throws Exception
{
CMSSignedData message = getWrappedCPDRequest();
SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
VSDRequestBuilder reqBuilder = new VSDRequestBuilder();
CMSSignedData reqMsg = gen.build(reqBuilder.build(message));
assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
{
public SignerInformationVerifier get(SignerId sid)
throws OperatorCreationException
{
return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
}
}));
DVCSRequest request = new DVCSRequest(reqMsg);
VSDRequestData reqData = (VSDRequestData)request.getData();
assertEquals(message.toASN1Structure().getContentType(), reqData.getParsedMessage().toASN1Structure().getContentType());
}
示例6: verify
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
public void verify(X509Certificate cert) throws SFRMException {
try {
SMIMESigned signed = new SMIMESigned((MimeMultipart)bodyPart.getContent());
SignerInformationStore signers = signed.getSignerInfos();
Iterator signerInfos = signers.getSigners().iterator();
while (signerInfos.hasNext()) {
SignerInformation signerInfo = (SignerInformation)signerInfos.next();
SignerInformationVerifier verifier =
new BcRSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(),
new DefaultSignatureAlgorithmIdentifierFinder(),
new DefaultDigestAlgorithmIdentifierFinder(),
new BcDigestCalculatorProvider())
.build(new JcaX509CertificateHolder(cert));
if (!signerInfo.verify(verifier)) {
throw new SFRMMessageException("Verification failed");
}
}
MimeBodyPart signedPart = signed.getContent();
if (signedPart == null) {
throw new SFRMMessageException("Unable to extract signed part");
}
else {
this.bodyPart = signedPart;
this.setIsSigned(true);
}
} catch (org.bouncycastle.cms.CMSException ex) {
throw new SFRMException("Unable to verify body part", ex.getUnderlyingException());
} catch (Exception e) {
throw new SFRMException("Unable to verify body part", e);
}
}
示例7: testValidateSignatureVlidationTest
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
/**
* <a href="http://stackoverflow.com/questions/41116833/pdf-signature-validation">
* PDF Signature Validation
* </a>
* <br/>
* <a href="https://drive.google.com/file/d/0BzEmZ9pRWLhPOUJSYUdlRjg2eEU/view?usp=sharing">
* SignatureVlidationTest.pdf
* </a>
* <p>
* The code completely ignores the <b>SubFilter</b> of the signature.
* It is appropriate for signatures with <b>SubFilter</b> values
* <b>adbe.pkcs7.detached</b> and <b>ETSI.CAdES.detached</b>
* but will fail for signatures with <b>SubFilter</b> values
* <b>adbe.pkcs7.sha1</b> and <b>adbe.x509.rsa.sha1</b>.
* </p>
* <p>
* The example document has been signed with a signatures with
* <b>SubFilter</b> value <b>adbe.pkcs7.sha1</b>.
* </p>
*/
@Test
public void testValidateSignatureVlidationTest() throws Exception
{
System.out.println("\nValidate signature in SignatureVlidationTest.pdf; original code.");
byte[] pdfByte;
PDDocument pdfDoc = null;
SignerInformationVerifier verifier = null;
try
{
pdfByte = IOUtils.toByteArray(this.getClass().getResourceAsStream("SignatureVlidationTest.pdf"));
pdfDoc = PDDocument.load(new ByteArrayInputStream(pdfByte));
PDSignature signature = pdfDoc.getSignatureDictionaries().get(0);
byte[] signatureAsBytes = signature.getContents(pdfByte);
byte[] signedContentAsBytes = signature.getSignedContent(pdfByte);
CMSSignedData cms = new CMSSignedData(new CMSProcessableByteArray(signedContentAsBytes), signatureAsBytes);
SignerInformation signerInfo = (SignerInformation) cms.getSignerInfos().getSigners().iterator().next();
X509CertificateHolder cert = (X509CertificateHolder) cms.getCertificates().getMatches(signerInfo.getSID())
.iterator().next();
verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(new BouncyCastleProvider()).build(cert);
// result if false
boolean verifyRt = signerInfo.verify(verifier);
System.out.println("Verify result: " + verifyRt);
}
finally
{
if (pdfDoc != null)
{
pdfDoc.close();
}
}
}
示例8: testValidateSignatureVlidationTestAdbePkcs7Sha1
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
/**
* <a href="http://stackoverflow.com/questions/41116833/pdf-signature-validation">
* PDF Signature Validation
* </a>
* <br/>
* <a href="https://drive.google.com/file/d/0BzEmZ9pRWLhPOUJSYUdlRjg2eEU/view?usp=sharing">
* SignatureVlidationTest.pdf
* </a>
* <p>
* This code also ignores the <b>SubFilter</b> of the signature,
* it is appropriate for signatures with <b>SubFilter</b> value
* <b>adbe.pkcs7.sha1</b> which the example document has been
* signed with.
* </p>
*/
@Test
public void testValidateSignatureVlidationTestAdbePkcs7Sha1() throws Exception
{
System.out.println("\nValidate signature in SignatureVlidationTest.pdf; special adbe.pkcs7.sha1 code.");
byte[] pdfByte;
PDDocument pdfDoc = null;
SignerInformationVerifier verifier = null;
try
{
pdfByte = IOUtils.toByteArray(this.getClass().getResourceAsStream("SignatureVlidationTest.pdf"));
pdfDoc = PDDocument.load(new ByteArrayInputStream(pdfByte));
PDSignature signature = pdfDoc.getSignatureDictionaries().get(0);
byte[] signatureAsBytes = signature.getContents(pdfByte);
CMSSignedData cms = new CMSSignedData(new ByteArrayInputStream(signatureAsBytes));
SignerInformation signerInfo = (SignerInformation) cms.getSignerInfos().getSigners().iterator().next();
X509CertificateHolder cert = (X509CertificateHolder) cms.getCertificates().getMatches(signerInfo.getSID())
.iterator().next();
verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(new BouncyCastleProvider()).build(cert);
boolean verifyRt = signerInfo.verify(verifier);
System.out.println("Verify result: " + verifyRt);
byte[] signedContentAsBytes = signature.getSignedContent(pdfByte);
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] calculatedDigest = md.digest(signedContentAsBytes);
byte[] signedDigest = (byte[]) cms.getSignedContent().getContent();
System.out.println("Document digest equals: " + Arrays.equals(calculatedDigest, signedDigest));
}
finally
{
if (pdfDoc != null)
{
pdfDoc.close();
}
}
}
示例9: getCmsData
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
private byte[] getCmsData(byte[] cms) throws Exception {
CMSSignedData cmsSignedData = new CMSSignedData(cms);
SignerInformationStore signers = cmsSignedData.getSignerInfos();
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next();
SignerId signerId = signer.getSID();
Store certificateStore = cmsSignedData.getCertificates();
Collection<X509CertificateHolder> certificateCollection = certificateStore.getMatches(signerId);
X509CertificateHolder certificateHolder = certificateCollection.iterator().next();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded()));
// we trust SSL here, no need for explicit verification of CMS signing
// certificate
LOG.debug("CMS signing certificate subject: " + certificate.getSubjectX500Principal());
SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder()
.build(certificate);
boolean signatureResult = signer.verify(signerInformationVerifier);
if (false == signatureResult) {
throw new SecurityException("woops");
}
CMSTypedData signedContent = cmsSignedData.getSignedContent();
byte[] responseData = (byte[]) signedContent.getContent();
return responseData;
}
示例10: getVerifiedContent
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
private byte[] getVerifiedContent(byte[] cmsData)
throws CertificateException, CMSException, IOException,
OperatorCreationException {
CMSSignedData cmsSignedData = new CMSSignedData(cmsData);
SignerInformationStore signers = cmsSignedData.getSignerInfos();
SignerInformation signer = (SignerInformation) signers.getSigners()
.iterator().next();
SignerId signerId = signer.getSID();
Store certificateStore = cmsSignedData.getCertificates();
Collection<X509CertificateHolder> certificateCollection = certificateStore
.getMatches(signerId);
if (false == certificateCollection.isEmpty()) {
X509CertificateHolder certificateHolder = certificateCollection
.iterator().next();
CertificateFactory certificateFactory = CertificateFactory
.getInstance("X.509");
X509Certificate certificate = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(
certificateHolder.getEncoded()));
SignerInformationVerifier signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder()
.build(certificate);
boolean signatureResult = signer.verify(signerInformationVerifier);
assertTrue(signatureResult);
LOG.debug("signer certificate: " + certificate);
} else {
LOG.warn("no signer matched");
}
CMSTypedData signedContent = cmsSignedData.getSignedContent();
byte[] data = (byte[]) signedContent.getContent();
return data;
}
示例11: verify
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
private void verify(final SMIMESignedParser parser,
final Set<X509Certificate> certificates, final Store store)
throws CMSException, OperatorCreationException,
CertificateException, Exception {
final SignerInformationStore signerInfos = parser.getSignerInfos();
final Collection<SignerInformation> signers = signerInfos.getSigners();
for (SignerInformation signer : signers) {
final Collection<X509CertificateHolder> certCollection = store
.getMatches(signer.getSID());
for (X509CertificateHolder x509CertificateHolder : certCollection) {
SignerInformationVerifier singInfoVer = verifier
.build(x509CertificateHolder);
X509Certificate x509Certificate = jcaX509CertificateConverter
.getCertificate(x509CertificateHolder);
x509Certificate.checkValidity();
if (!signer.verify(singInfoVer)) {
throw new Exception("signature invalid");
}
certificates.add(x509Certificate);
}
}
}
示例12: testCCPDRequest
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
public void testCCPDRequest()
throws Exception
{
SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
CCPDRequestBuilder reqBuilder = new CCPDRequestBuilder();
MessageImprintBuilder imprintBuilder = new MessageImprintBuilder(new SHA1DigestCalculator());
MessageImprint messageImprint = imprintBuilder.build(new byte[100]);
CMSSignedData reqMsg = gen.build(reqBuilder.build(messageImprint));
assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
{
public SignerInformationVerifier get(SignerId sid)
throws OperatorCreationException
{
return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
}
}));
DVCSRequest request = new DVCSRequest(reqMsg);
CCPDRequestData reqData = (CCPDRequestData)request.getData();
assertEquals(messageImprint, reqData.getMessageImprint());
}
示例13: build
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
public SignerInformationVerifier build(X509CertificateHolder certHolder)
throws OperatorCreationException
{
return new SignerInformationVerifier(sigAlgNameGen, sigAlgIdFinder, contentVerifierProviderBuilder.build(certHolder), digestCalculatorProvider);
}
示例14: build
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
public SignerInformationVerifier build(X509CertificateHolder certHolder)
throws OperatorCreationException, CertificateException
{
return new SignerInformationVerifier(sigAlgNameGen, sigAlgIDFinder, helper.createContentVerifierProvider(certHolder), digestProvider);
}
示例15: build
import org.bouncycastle.cms.SignerInformationVerifier; //导入依赖的package包/类
public SignerInformationVerifier build(X509CertificateHolder certHolder)
throws OperatorCreationException, CertificateException
{
return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(certHolder), helper.createDigestCalculatorProvider());
}