Examples of CMSSignedData

• org.bouncycastle.cms.CMSSignedData
  general class for handling a pkcs7-signature message. A simple example of usage - note, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer...

   CertStore               certs = s.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore  signers = s.getSignerInfos(); Collection              c = signers.getSigners(); Iterator                it = c.iterator(); while (it.hasNext()) { SignerInformation   signer = (SignerInformation)it.next(); Collection          certCollection = certs.getCertificates(signer.getSID()); Iterator        certIt = certCollection.iterator(); X509Certificate cert = (X509Certificate)certIt.next(); if (signer.verify(cert.getPublicKey())) { verified++; }    } 

• org.netsys.cms.CMSSignedData

Examples of org.bouncycastle.cms.CMSSignedData

  } else if (op == Operation.PKI_OPERATION) {
      // PKIOperation

      res.setHeader("Content-Type", "application/x-pki-message");

      CMSSignedData sd;
      try {
    sd = new CMSSignedData(body);
      } catch (CMSException e) {
    throw new ServletException(e);
      }

      Store reqStore = sd.getCertificates();
      Collection<X509CertificateHolder> reqCerts = reqStore
        .getMatches(null);

      CertificateFactory factory;
      try {
    factory = CertificateFactory.getInstance("X.509");
      } catch (CertificateException e) {
    throw new ServletException(e);
      }
      X509CertificateHolder holder = reqCerts.iterator().next();
      ByteArrayInputStream bais = new ByteArrayInputStream(
        holder.getEncoded());
      X509Certificate reqCert;
      try {
    reqCert = (X509Certificate) factory.generateCertificate(bais);
      } catch (CertificateException e) {
    throw new ServletException(e);
      }

      PkiMessage<?> msg;
      try {
    PkcsPkiEnvelopeDecoder envDecoder = new PkcsPkiEnvelopeDecoder(
      getRecipient(), getRecipientKey());
    PkiMessageDecoder decoder = new PkiMessageDecoder(reqCert,
      envDecoder);
    msg = decoder.decode(sd);
      } catch (MessageDecodingException e) {
    LOGGER.error("Error decoding request", e);
    throw new ServletException(e);
      }

      LOGGER.debug("Processing message {}", msg);

      MessageType msgType = msg.getMessageType();
      Object msgData = msg.getMessageData();

      Nonce senderNonce = Nonce.nextNonce();
      TransactionId transId = msg.getTransactionId();
      Nonce recipientNonce = msg.getSenderNonce();
      CertRep certRep;

      if (msgType == MessageType.GET_CERT) {
    final IssuerAndSerialNumber iasn = (IssuerAndSerialNumber) msgData;
    final X500Name principal = iasn.getName();
    final BigInteger serial = iasn.getSerialNumber().getValue();

    try {
        List<X509Certificate> issued = doGetCert(principal, serial);
        if (issued.size() == 0) {
      certRep = new CertRep(transId, senderNonce,
        recipientNonce, FailInfo.badCertId);
        } else {
      CMSSignedData messageData = getMessageData(issued);

      certRep = new CertRep(transId, senderNonce,
        recipientNonce, messageData);
        }
    } catch (OperationFailureException e) {
        certRep = new CertRep(transId, senderNonce, recipientNonce,
          e.getFailInfo());
    } catch (Exception e) {
        throw new ServletException(e);
    }
      } else if (msgType == MessageType.GET_CERT_INITIAL) {
    final IssuerAndSubject ias = (IssuerAndSubject) msgData;
    final X500Name issuer = X500Name.getInstance(ias.getIssuer());
    final X500Name subject = X500Name.getInstance(ias.getSubject());

    try {
        List<X509Certificate> issued = doGetCertInitial(issuer,
          subject, transId);

        if (issued.size() == 0) {
      certRep = new CertRep(transId, senderNonce,
        recipientNonce);
        } else {
      CMSSignedData messageData = getMessageData(issued);

      certRep = new CertRep(transId, senderNonce,
        recipientNonce, messageData);
        }
    } catch (OperationFailureException e) {
        certRep = new CertRep(transId, senderNonce, recipientNonce,
          e.getFailInfo());
    } catch (Exception e) {
        throw new ServletException(e);
    }
      } else if (msgType == MessageType.GET_CRL) {
    final IssuerAndSerialNumber iasn = (IssuerAndSerialNumber) msgData;
    final X500Name issuer = iasn.getName();
    final BigInteger serialNumber = iasn.getSerialNumber()
      .getValue();

    try {
        LOGGER.debug("Invoking doGetCrl");
        CMSSignedData messageData = getMessageData(doGetCrl(issuer,
          serialNumber));

        certRep = new CertRep(transId, senderNonce, recipientNonce,
          messageData);
    } catch (OperationFailureException e) {
        LOGGER.error("Error executing GetCRL request", e);
        certRep = new CertRep(transId, senderNonce, recipientNonce,
          e.getFailInfo());
    } catch (Exception e) {
        LOGGER.error("Error executing GetCRL request", e);
        throw new ServletException(e);
    }
      } else if (msgType == MessageType.PKCS_REQ) {
    final PKCS10CertificationRequest certReq = (PKCS10CertificationRequest) msgData;

    try {
        LOGGER.debug("Invoking doEnrol");
        List<X509Certificate> issued = doEnrol(certReq, transId);

        if (issued.size() == 0) {
      certRep = new CertRep(transId, senderNonce,
        recipientNonce);
        } else {
      CMSSignedData messageData = getMessageData(issued);

      certRep = new CertRep(transId, senderNonce,
        recipientNonce, messageData);
        }
    } catch (OperationFailureException e) {
        certRep = new CertRep(transId, senderNonce, recipientNonce,
          e.getFailInfo());
    } catch (Exception e) {
        throw new ServletException(e);
    }
      } else {
    throw new ServletException("Unknown Message for Operation");
      }

      PkcsPkiEnvelopeEncoder envEncoder = new PkcsPkiEnvelopeEncoder(
        reqCert, "DESede");
      PkiMessageEncoder encoder = new PkiMessageEncoder(getSignerKey(),
        getSigner(), envEncoder);
      CMSSignedData signedData;
      try {
    signedData = encoder.encode(certRep);
      } catch (MessageEncodingException e) {
    LOGGER.error("Error decoding response", e);
    throw new ServletException(e);
      }

      res.getOutputStream().write(signedData.getEncoded());
      res.getOutputStream().close();
  } else {
      res.sendError(HttpServletResponse.SC_BAD_REQUEST,
        "Unknown Operation");
  }

Examples of org.bouncycastle.cms.CMSSignedData

        "SHA1withRSA").build(getRecipientKey());
      SignerInfoGenerator infoGen = infoGenBuilder.build(contentSigner,
        certHolder);
      generator.addSignerInfoGenerator(infoGen);

      CMSSignedData degenerateSd = generator
        .generate(new CMSAbsentContent());
      byte[] bytes = degenerateSd.getEncoded();

      res.getOutputStream().write(bytes);
      res.getOutputStream().close();
  }
    }

Examples of org.bouncycastle.cms.CMSSignedData

    ioe.initCause(e);

    throw ioe;
      }
      generator.addCertificates(store);
      CMSSignedData degenerateSd = generator
        .generate(new CMSAbsentContent());
      bytes = degenerateSd.getEncoded();
  }

  res.getOutputStream().write(bytes);
  res.getOutputStream().close();
    }

Examples of org.bouncycastle.cms.CMSSignedData

    try {
      CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
      generator.addSignerInfoGenerator(getSignerInfo(message));
      generator.addCertificates(getCertificates());
      LOGGER.debug("Signing {} content", content);
      CMSSignedData pkiMessage = generator.generate(DATA, content, true,
          (Provider) null, true);
      LOGGER.debug("Finished encoding pkiMessage");

      return pkiMessage;
    } catch (CMSException e) {

Examples of org.bouncycastle.cms.CMSSignedData

    return new CertRep(transId, senderNonce, recipientNonce);
      } else {
    final CMSEnvelopedData ed = getEnvelopedData(signedContent
      .getContent());
    final byte[] envelopedContent = decoder.decode(ed);
    CMSSignedData messageData;
    try {
        messageData = new CMSSignedData(envelopedContent);
    } catch (CMSException e) {
        throw new MessageDecodingException(e);
    }
    LOGGER.debug("Finished decoding pkiMessage");
    return new CertRep(transId, senderNonce, recipientNonce,

Examples of org.bouncycastle.cms.CMSSignedData

      // [1] CA
      if (content.length == 0) {
        throw new InvalidContentException(
            "Expected a SignedData object, but response was empty");
      }
      CMSSignedData sd;
      try {
        sd = new CMSSignedData(content);
      } catch (CMSException e) {
        throw new InvalidContentException(e);
      }
      return SignedDataUtils.fromSignedData(sd);
    } else {

Examples of org.bouncycastle.cms.CMSSignedData

      // http://tools.ietf.org/html/draft-nourse-scep-20#section-4.6.1

      // The response consists of a SignedData PKCS#7 [RFC2315],
      // signed by the current CA (or RA) signing key.
      try {
    CMSSignedData cmsMessageData = new CMSSignedData(content);
    ContentInfo cmsContentInfo = ContentInfo
      .getInstance(cmsMessageData.getEncoded());

    final CMSSignedData sd = new CMSSignedData(cmsContentInfo);
    if (!SignedDataUtils.isSignedBy(sd, signer)) {
        throw new InvalidContentException("Invalid Signer");
    }
    // The content of the SignedData PKCS#7 [RFC2315] is a
    // degenerate

Examples of org.bouncycastle.cms.CMSSignedData

     */
    public CMSSignedData getResponse(byte[] content, String mimeType)
      throws ContentException {
  if (mimeType.startsWith(PKI_MESSAGE)) {
      try {
    return new CMSSignedData(content);
      } catch (CMSException e) {
    throw new InvalidContentException(e);
      }
  } else {
      throw new InvalidContentTypeException(mimeType, PKI_MESSAGE);

Examples of org.bouncycastle.cms.CMSSignedData

  @Override
  @SuppressWarnings("unchecked")
  public Certificate[] read(final InputStream inputStream) {
    try {
      CMSSignedData cmsSignedData = new CMSSignedData(inputStream);
      Collection<X509CertificateHolder> certificates = cmsSignedData.getCertificates().getMatches(null);
      List<Certificate> list = new LinkedList<Certificate>();
      if (certificates.size() > 0) {
        X509CertificateHolder principal = certificates.iterator().next();
        Certificate principalCertificate = BouncyCastleProviderHelper.getCertificate(principal);

Examples of org.netsys.cms.CMSSignedData

                  String digestOID) {
    KeyStore keyStore = null;
    Key privateKey;
    CMSSignedDataGenerator generator;
    CMSProcessable processableData;
    CMSSignedData signedContainer;
    MethodResult loadingKeyStoreResult;

    MethodResult signingDataResult;
    byte[] signedData = null;
    int resultValue = UNKNOWN_ERROR;
    Throwable th = null;

    loadingKeyStoreResult = loadKeyStore(keyStorePath, keyStorePassword);
//    Log.d(TAG, "keystore: " + loadingKeyStoreResult.getResultObject());

    if (loadingKeyStoreResult.getResultValue() == OPERATION_SUCCESSFUL) {
      try {
        keyStore = (KeyStore) loadingKeyStoreResult.getResultObject();
        privateKey = keyStore.getKey(keyAlias, privateKeyPassword);
        generator = new CMSSignedDataGenerator();
        generator.addSigner((PrivateKey) privateKey,
                    (X509Certificate) keyStore.getCertificate(keyAlias),
                    digestOID);
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        certList.add((X509Certificate) keyStore.getCertificate(keyAlias));
        CertStoreParameters params = new CollectionCertStoreParameters(certList);
        CertStore cs = CertStore.getInstance("Collection", params, "BC");
        generator.addCertificatesAndCRLs(cs);
        processableData = new CMSProcessableByteArray(data2beSigned);
        signedContainer = generator.generate(processableData, true, "BC");
        signedData = signedContainer.getEncoded();
        resultValue = OPERATION_SUCCESSFUL;
      } catch (UnrecoverableKeyException uke) {
        uke.printStackTrace();
        resultValue = PRIVATE_KEY_CORRUPTED;
        th = uke;