kerby-pkix/src/test/java/org/apache/kerby/pkix/SignedDataEngine.java - directory-kerby - Git at Google

 /**
  *  Licensed to the Apache Software Foundation (ASF) under one
  *  or more contributor license agreements.  See the NOTICE file
  *  distributed with this work for additional information
  *  regarding copyright ownership.  The ASF licenses this file
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License.
  *
  */
 package org.apache.kerby.pkix;

 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaCertStore;
 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.CMSProcessableByteArray;
 import org.bouncycastle.cms.CMSSignedData;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.CMSTypedData;
 import org.bouncycastle.cms.SignerInformation;
 import org.bouncycastle.cms.SignerInformationStore;
 import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
 import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.util.Store;

 import java.io.IOException;
 import java.security.PrivateKey;
 import java.security.Security;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;


 /**
  * Encapsulates working with PKINIT signed data structures.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
 public class SignedDataEngine {

     static byte[] getSignedData(PrivateKey privateKey, X509Certificate certificate, byte[] dataToSign,
                                 String eContentType) throws IOException, OperatorCreationException,
             CertificateEncodingException, CMSException {

         if (Security.getProvider("BC") == null) {
             Security.addProvider(new BouncyCastleProvider());
         }


         List certList = new ArrayList();
         certList.add(certificate);
         Store certs = new JcaCertStore(certList);

         CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

         gen.addSignerInfoGenerator(
                 new JcaSimpleSignerInfoGeneratorBuilder()
                         .setProvider("BC")
                         .build("SHA1withRSA", privateKey, certificate));

         gen.addCertificates(certs);

         ASN1ObjectIdentifier asn1ObjectIdentifier = new ASN1ObjectIdentifier(eContentType);
         CMSTypedData msg = new CMSProcessableByteArray(asn1ObjectIdentifier, dataToSign);
         CMSSignedData s = gen.generate(msg, true);

         return s.getEncoded();
     }

     /**
      * Validates a CMS SignedData using the public key corresponding to the private
      * key used to sign the structure.
      *
      * @param s
      * @return true if the signature is valid.
      * @throws Exception
      */
     public static boolean validateSignedData(CMSSignedData s) throws Exception {

         Store certStore = s.getCertificates();
         Store crlStore = s.getCRLs();
         SignerInformationStore signers = s.getSignerInfos();

         Collection c = signers.getSigners();
         Iterator it = c.iterator();

         while (it.hasNext()) {
             SignerInformation signer = (SignerInformation) it.next();
             Collection certCollection = certStore.getMatches(signer.getSID());

             Iterator certIt = certCollection.iterator();
             X509CertificateHolder cert = (X509CertificateHolder) certIt.next();

             if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
                 return false;
             }
         }

         Collection certColl = certStore.getMatches(null);
         Collection crlColl = crlStore.getMatches(null);

         if (certColl.size() != s.getCertificates().getMatches(null).size()
                 || crlColl.size() != s.getCRLs().getMatches(null).size()) {
             return false;
         }
         return true;
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.kerby.pkix;

	import org.bouncycastle.asn1.ASN1ObjectIdentifier;
	import org.bouncycastle.cert.X509CertificateHolder;
	import org.bouncycastle.cert.jcajce.JcaCertStore;
	import org.bouncycastle.cms.CMSException;
	import org.bouncycastle.cms.CMSProcessableByteArray;
	import org.bouncycastle.cms.CMSSignedData;
	import org.bouncycastle.cms.CMSSignedDataGenerator;
	import org.bouncycastle.cms.CMSTypedData;
	import org.bouncycastle.cms.SignerInformation;
	import org.bouncycastle.cms.SignerInformationStore;
	import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
	import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
	import org.bouncycastle.jce.provider.BouncyCastleProvider;
	import org.bouncycastle.operator.OperatorCreationException;
	import org.bouncycastle.util.Store;

	import java.io.IOException;
	import java.security.PrivateKey;
	import java.security.Security;
	import java.security.cert.CertificateEncodingException;
	import java.security.cert.X509Certificate;
	import java.util.ArrayList;
	import java.util.Collection;
	import java.util.Iterator;
	import java.util.List;


	/**
	* Encapsulates working with PKINIT signed data structures.
	*
	* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
	* @version $Rev$, $Date$
	*/
	public class SignedDataEngine {

	static byte[] getSignedData(PrivateKey privateKey, X509Certificate certificate, byte[] dataToSign,
	String eContentType) throws IOException, OperatorCreationException,
	CertificateEncodingException, CMSException {

	if (Security.getProvider("BC") == null) {
	Security.addProvider(new BouncyCastleProvider());
	}


	List certList = new ArrayList();
	certList.add(certificate);
	Store certs = new JcaCertStore(certList);

	CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

	gen.addSignerInfoGenerator(
	new JcaSimpleSignerInfoGeneratorBuilder()
	.setProvider("BC")
	.build("SHA1withRSA", privateKey, certificate));

	gen.addCertificates(certs);

	ASN1ObjectIdentifier asn1ObjectIdentifier = new ASN1ObjectIdentifier(eContentType);
	CMSTypedData msg = new CMSProcessableByteArray(asn1ObjectIdentifier, dataToSign);
	CMSSignedData s = gen.generate(msg, true);

	return s.getEncoded();
	}

	/**
	* Validates a CMS SignedData using the public key corresponding to the private
	* key used to sign the structure.
	*
	* @param s
	* @return true if the signature is valid.
	* @throws Exception
	*/
	public static boolean validateSignedData(CMSSignedData s) throws Exception {

	Store certStore = s.getCertificates();
	Store crlStore = s.getCRLs();
	SignerInformationStore signers = s.getSignerInfos();

	Collection c = signers.getSigners();
	Iterator it = c.iterator();

	while (it.hasNext()) {
	SignerInformation signer = (SignerInformation) it.next();
	Collection certCollection = certStore.getMatches(signer.getSID());

	Iterator certIt = certCollection.iterator();
	X509CertificateHolder cert = (X509CertificateHolder) certIt.next();

	if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
	return false;
	}
	}

	Collection certColl = certStore.getMatches(null);
	Collection crlColl = crlStore.getMatches(null);

	if (certColl.size() != s.getCertificates().getMatches(null).size()
	\|\| crlColl.size() != s.getCRLs().getMatches(null).size()) {
	return false;
	}
	return true;
	}
	}