VerifyPKCS7Signature.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */


  22. package org.openspcoop2.utils.security;

  24. import java.security.Security;
  25. import java.security.cert.Certificate;
  26. import java.util.Collection;

  28. import org.bouncycastle.cert.X509CertificateHolder;
  29. import org.bouncycastle.cms.CMSProcessable;
  30. import org.bouncycastle.cms.CMSSignedData;
  31. import org.bouncycastle.cms.SignerInformation;
  32. import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
  33. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  34. import org.openspcoop2.utils.UtilsException;
  35. import org.openspcoop2.utils.certificate.KeyStore;

  37. /** 
  38.  * VerifySignature
  39.  *
  40.  * @author Poli Andrea (apoli@link.it)
  41.  * @author $Author$
  42.  * @version $Rev$, $Date$
  43.  */
  44. public class VerifyPKCS7Signature {

  46.     private KeyStore keystore;
  47.     private Certificate certificate;
  48.     private BouncyCastleProvider bouncyCastleProvider;
  49.     private byte[] originalContent;
  50.     
  51.     public VerifyPKCS7Signature(KeyStore keystore) throws UtilsException{
  52.         this.keystore = keystore;
  53.         this.certificate = this.keystore.getCertificate();
  54.     }
  55.     public VerifyPKCS7Signature(KeyStore keystore, String alias) throws UtilsException{
  56.         this.keystore = keystore;
  57.         this.certificate = this.keystore.getCertificate(alias);
  58.         
  59.         this.bouncyCastleProvider = new BouncyCastleProvider();
  60.         Security.addProvider(this.bouncyCastleProvider);
  61.     }
  62.     
  63.     public boolean verify(byte[] signatureData, String algorithm) throws UtilsException{
  64.         try{
  65.             CMSSignedData cmsSignedData = new CMSSignedData(signatureData);
  66.             
  67.             try{
  68.                 Collection<SignerInformation> signers = cmsSignedData.getSignerInfos().getSigners();
  69.                 X509CertificateHolder ch = new X509CertificateHolder(this.certificate.getEncoded());
  70.                 for (SignerInformation si : signers)
  71.                     if (si.getSID().match(ch))
  72.                         if (si.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(this.bouncyCastleProvider).build(ch)))
  73.                             return true;
  74.                 
  75.                 return false;
  76.             }finally {
  77.                  //Retrieve the json content from pkcs7
  78.                 CMSProcessable signedContent = cmsSignedData.getSignedContent();
  79.                 this.originalContent = (byte[]) signedContent.getContent();
  80.             }
  81.         
  82.         }catch(Exception e){
  83.             throw new UtilsException(e.getMessage(),e);
  84.         }
  85.     }

  87.     public byte[] getOriginalContent() {
  88.         return this.originalContent;
  89.     }
  90. }
Created with JaCoCo 0.8.8.202204050719