blob: 9107433704f9296a31b432a4ea7598d2e9463a78 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
package org.bouncycastle.mail.smime.examples;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.Properties;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMESignedParser;
import org.bouncycastle.mail.smime.util.SharedFileInputStream;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;
/**
* a simple example that reads a basic SMIME signed mail file.
*/
public class ReadLargeSignedMail
{
private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
/**
* verify the signature (assuming the cert is contained in the message)
*/
private static void verify(
SMIMESignedParser s)
throws Exception
{
//
// extract the information to verify the signatures.
//
//
// certificates and crls passed in the signature - this must happen before
// s.getSignerInfos()
//
Store certs = s.getCertificates();
//
// SignerInfo blocks which contain the signatures
//
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
//
// check each signer
//
while (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certs.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate((X509CertificateHolder)certIt.next());
//
// verify that the sig is correct and that it was generated
// when the certificate was current
//
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)))
{
System.out.println("signature verified");
}
else
{
System.out.println("signature failed!");
}
}
}
public static void main(
String[] args)
throws Exception
{
//
// Get a Session object with the default properties.
//
Properties props = System.getProperties();
Session session = Session.getDefaultInstance(props, null);
MimeMessage msg = new MimeMessage(session, new SharedFileInputStream("signed.message"));
//
// make sure this was a multipart/signed message - there should be
// two parts as we have one part for the content that was signed and
// one part for the actual signature.
//
if (msg.isMimeType("multipart/signed"))
{
SMIMESignedParser s = new SMIMESignedParser(new JcaDigestCalculatorProviderBuilder().build(),
(MimeMultipart)msg.getContent());
System.out.println("Status:");
verify(s);
}
else if (msg.isMimeType("application/pkcs7-mime"))
{
//
// in this case the content is wrapped in the signature block.
//
SMIMESignedParser s = new SMIMESignedParser(new JcaDigestCalculatorProviderBuilder().build(), msg);
System.out.println("Status:");
verify(s);
}
else
{
System.err.println("Not a signed message!");
}
}
}
|
