How to create and verify Digital Signatures with PKCS7 and Bouncy Castle Provider
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import java.util.Iterator;
import java.util.Collection;
import java.util.Collection;
public class PKCS7 {
private static String
signature
;
public static String getSignature(String p_data,String p_certfile, String p_certpassword){
try{
private static String
signature
;
public static String getSignature(String p_data,String p_certfile, String p_certpassword){
try{
// ------------------------------- Generate signature - start --------------------------------------------
//KeyStore keyStore = KeyStore.getInstance("jks"); // Working
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("PKCS12"); //test
String home = System.getProperty("user.home");
InputStream input = new FileInputStream(home + "/" + p_certfile);
char [] l_pin = new String(p_certpassword).toCharArray();
System.out.println("l_pin : " + l_pin);
keyStore.load(input,l_pin);
Security.addProvider(new BouncyCastleProvider());
Enumeration aliasesEnum = null;
String l_alias = null;
PrivateKey privateKey = null;
aliasesEnum = keyStore.aliases();
while(aliasesEnum.hasMoreElements()) {
l_alias = (String)aliasesEnum.nextElement();
//KeyStore keyStore = KeyStore.getInstance("jks"); // Working
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("PKCS12"); //test
String home = System.getProperty("user.home");
InputStream input = new FileInputStream(home + "/" + p_certfile);
char [] l_pin = new String(p_certpassword).toCharArray();
System.out.println("l_pin : " + l_pin);
keyStore.load(input,l_pin);
Security.addProvider(new BouncyCastleProvider());
Enumeration aliasesEnum = null;
String l_alias = null;
PrivateKey privateKey = null;
aliasesEnum = keyStore.aliases();
while(aliasesEnum.hasMoreElements()) {
l_alias = (String)aliasesEnum.nextElement();
System.out.println("l_alias : " + l_alias);
System.out.println("keyStore.isKeyEntry(l_alias) : " + keyStore.isKeyEntry(l_alias));
System.out.println("keyStore.isCertificateEntry(l_alias) : " + keyStore.isCertificateEntry(l_alias));
System.out.println("keyStore.isKeyEntry(l_alias) : " + keyStore.isKeyEntry(l_alias));
System.out.println("keyStore.isCertificateEntry(l_alias) : " + keyStore.isCertificateEntry(l_alias));
if(keyStore.isKeyEntry(l_alias)){
break;
}
}
X509Certificate l_cert = null;
l_cert = (java.security.cert.X509Certificate) keyStore.getCertificate(l_alias);
CMSSignedDataGenerator sgen = new CMSSignedDataGenerator();
ArrayList l_certlist = new ArrayList();
CMSSignedData l_csd = null;
String l_base64 = null;
String l_data = null;
String l_pan = null;
privateKey = (PrivateKey) keyStore.getKey(l_alias,l_pin);//alias and password
System.out.println("privateKey : " + privateKey);
sgen.addSigner(privateKey, l_cert,CMSSignedDataGenerator.DIGEST_SHA1);
Certificate[] certChain =keyStore.getCertificateChain(l_alias);
for (int i=0; i < certChain.length; i++) {
l_certlist.add(certChain[i]);
}
sgen.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(l_certlist), "BC"));
l_data = p_data;
l_csd = sgen.generate(new CMSProcessableByteArray(l_data.getBytes()),true,"BC");//BC - Provider Name - Bouncy Castle
l_base64 = new String(Base64.encode(l_csd.getEncoded()));
System.out.println("l_csd : " + l_csd);
System.out.println("l_base64 : " + l_base64);
break;
}
}
X509Certificate l_cert = null;
l_cert = (java.security.cert.X509Certificate) keyStore.getCertificate(l_alias);
CMSSignedDataGenerator sgen = new CMSSignedDataGenerator();
ArrayList l_certlist = new ArrayList();
CMSSignedData l_csd = null;
String l_base64 = null;
String l_data = null;
String l_pan = null;
privateKey = (PrivateKey) keyStore.getKey(l_alias,l_pin);//alias and password
System.out.println("privateKey : " + privateKey);
sgen.addSigner(privateKey, l_cert,CMSSignedDataGenerator.DIGEST_SHA1);
Certificate[] certChain =keyStore.getCertificateChain(l_alias);
for (int i=0; i < certChain.length; i++) {
l_certlist.add(certChain[i]);
}
sgen.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(l_certlist), "BC"));
l_data = p_data;
l_csd = sgen.generate(new CMSProcessableByteArray(l_data.getBytes()),true,"BC");//BC - Provider Name - Bouncy Castle
l_base64 = new String(Base64.encode(l_csd.getEncoded()));
System.out.println("l_csd : " + l_csd);
System.out.println("l_base64 : " + l_base64);
//------------------------------ Generate signature - end --------------------------------------------
// ------------------------------ Verify signature - start --------------------------------------------
CMSSignedData s = new CMSSignedData(Base64.decode(l_base64));
CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = s.getSignerInfos();
boolean verified = false;
for (Iterator i = signers.getSigners().iterator(); i.hasNext(); ) {
SignerInformation signer = (SignerInformation) i.next();
Collection certCollection = certs.getCertificates(signer.getSID());
if (!certCollection.isEmpty()) {
X509Certificate cert = (X509Certificate) certCollection.iterator().next();
if (signer.verify(cert.getPublicKey(), "BC")) {
verified = true;
}
}
}
System.out.println("verified : " + verified);
// ------------------------------ Verify signature - start --------------------------------------------
CMSSignedData s = new CMSSignedData(Base64.decode(l_base64));
CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = s.getSignerInfos();
boolean verified = false;
for (Iterator i = signers.getSigners().iterator(); i.hasNext(); ) {
SignerInformation signer = (SignerInformation) i.next();
Collection certCollection = certs.getCertificates(signer.getSID());
if (!certCollection.isEmpty()) {
X509Certificate cert = (X509Certificate) certCollection.iterator().next();
if (signer.verify(cert.getPublicKey(), "BC")) {
verified = true;
}
}
}
System.out.println("verified : " + verified);
signature = l_base64;
// ------------------------------ Verify signature - end --------------------------------------------
// ------------------------------ Verify signature - end --------------------------------------------
}catch(Exception e){
e.printStackTrace();
}
return signature;
}
}
e.printStackTrace();
}
return signature;
}
}
Read more random topics :
0 comments :
Post a Comment