001: package org.bouncycastle.cms.test;
002:
003: import junit.framework.Test;
004: import junit.framework.TestCase;
005: import junit.framework.TestSuite;
006: import org.bouncycastle.asn1.ASN1InputStream;
007: import org.bouncycastle.asn1.ASN1OctetString;
008: import org.bouncycastle.asn1.cms.Attribute;
009: import org.bouncycastle.asn1.cms.AttributeTable;
010: import org.bouncycastle.asn1.cms.CMSAttributes;
011: import org.bouncycastle.asn1.cms.ContentInfo;
012: import org.bouncycastle.cms.CMSProcessable;
013: import org.bouncycastle.cms.CMSProcessableByteArray;
014: import org.bouncycastle.cms.CMSSignedData;
015: import org.bouncycastle.cms.CMSSignedDataGenerator;
016: import org.bouncycastle.cms.CMSSignedDataParser;
017: import org.bouncycastle.cms.SignerId;
018: import org.bouncycastle.cms.SignerInformation;
019: import org.bouncycastle.cms.SignerInformationStore;
020: import org.bouncycastle.util.encoders.Base64;
021: import org.bouncycastle.x509.X509AttributeCertificate;
022: import org.bouncycastle.x509.X509CollectionStoreParameters;
023: import org.bouncycastle.x509.X509Store;
024:
025: import java.io.ByteArrayInputStream;
026: import java.security.KeyFactory;
027: import java.security.KeyPair;
028: import java.security.MessageDigest;
029: import java.security.cert.CertStore;
030: import java.security.cert.CollectionCertStoreParameters;
031: import java.security.cert.X509CRL;
032: import java.security.cert.X509Certificate;
033: import java.security.spec.PKCS8EncodedKeySpec;
034: import java.security.spec.X509EncodedKeySpec;
035: import java.util.ArrayList;
036: import java.util.Collection;
037: import java.util.Collections;
038: import java.util.Iterator;
039: import java.util.List;
040:
041: public class SignedDataTest extends TestCase {
042:
043: boolean DEBUG = true;
044:
045: private static String _origDN;
046: private static KeyPair _origKP;
047: private static X509Certificate _origCert;
048:
049: private static String _signDN;
050: private static KeyPair _signKP;
051: private static X509Certificate _signCert;
052:
053: private static KeyPair _signGostKP;
054: private static X509Certificate _signGostCert;
055:
056: private static KeyPair _signEcDsaKP;
057: private static X509Certificate _signEcDsaCert;
058:
059: private static KeyPair _signEcGostKP;
060: private static X509Certificate _signEcGostCert;
061:
062: private static KeyPair _signDsaKP;
063: private static X509Certificate _signDsaCert;
064:
065: private static String _reciDN;
066: private static KeyPair _reciKP;
067: private static X509Certificate _reciCert;
068:
069: private static X509CRL _signCrl;
070:
071: private static boolean _initialised = false;
072:
073: private byte[] disorderedMessage = Base64
074: .decode("SU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBnZXRob3N0aWQAX19n"
075: + "bW9uX3M=");
076:
077: private byte[] disorderedSet = Base64
078: .decode("MIIYXQYJKoZIhvcNAQcCoIIYTjCCGEoCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
079: + "SIb3DQEHAaCCFqswggJUMIIBwKADAgECAgMMg6wwCgYGKyQDAwECBQAwbzEL"
080: + "MAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbI"
081: + "dXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwEx"
082: + "MBEGA1UEAxQKNFItQ0EgMTpQTjAiGA8yMDAwMDMyMjA5NDM1MFoYDzIwMDQw"
083: + "MTIxMTYwNDUzWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1"
084: + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh"
085: + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3"
086: + "DQEBAQUAA4GPADCBiwKBgQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0I"
087: + "fe3QMqeGMoCUnyJxwW0k2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg"
088: + "19e9JPv061wyADOucOIaNAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKaj"
089: + "LMAw0bu1J0FadQIFAMAAAAEwCgYGKyQDAwECBQADgYEAgFauXpoTLh3Z3pT/"
090: + "3bhgrxO/2gKGZopWGSWSJPNwq/U3x2EuctOJurj+y2inTcJjespThflpN+7Q"
091: + "nvsUhXU+jL2MtPlObU0GmLvWbi47cBShJ7KElcZAaxgWMBzdRGqTOdtMv+ev"
092: + "2t4igGF/q71xf6J2c3pTLWr6P8s6tzLfOCMwggJDMIIBr6ADAgECAgQAuzyu"
093: + "MAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGll"
094: + "cnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"
095: + "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4wIhgPMjAwMTA4"
096: + "MjAwODA4MjBaGA8yMDA1MDgyMDA4MDgyMFowSzELMAkGA1UEBhMCREUxEjAQ"
097: + "BgNVBAoUCVNpZ250cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBT"
098: + "SUdOVFJVU1QgMTpQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhV12"
099: + "N2WhlR6f+3CXP57GrBM9la5Vnsu2b92zv5MZqQOPeEsYbZqDCFkYg1bSwsDE"
100: + "XsGVQqXdQNAGUaapr/EUVVN+hNZ07GcmC1sPeQECgUkxDYjGi4ihbvzxlahj"
101: + "L4nX+UTzJVBfJwXoIvJ+lMHOSpnOLIuEL3SRhBItvRECxN0CAwEAAaMSMBAw"
102: + "DgYDVR0PAQH/BAQDAgEGMAoGBiskAwMBAgUAA4GBACDc9Pc6X8sK1cerphiV"
103: + "LfFv4kpZb9ev4WPy/C6987Qw1SOTElhZAmxaJQBqmDHWlQ63wj1DEqswk7hG"
104: + "LrvQk/iX6KXIn8e64uit7kx6DHGRKNvNGofPjr1WelGeGW/T2ZJKgmPDjCkf"
105: + "sIKt2c3gwa2pDn4mmCz/DStUIqcPDbqLMIICVTCCAcGgAwIBAgIEAJ16STAK"
106: + "BgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1"
107: + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh"
108: + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMCIYDzIwMDEwMjAx"
109: + "MTM0NDI1WhgPMjAwNTAzMjIwODU1NTFaMG8xCzAJBgNVBAYTAkRFMT0wOwYD"
110: + "VQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0"
111: + "aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6"
112: + "UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvthihnl"
113: + "tsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wdbPvg"
114: + "JyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCAOXFw"
115: + "VWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIFAAOB"
116: + "gQBpSRdnDb6AcNVaXSmGo6+kVPIBhot1LzJOGaPyDNpGXxd7LV4tMBF1U7gr"
117: + "4k1g9BO6YiMWvw9uiTZmn0CfV8+k4fWEuG/nmafRoGIuay2f+ILuT+C0rnp1"
118: + "4FgMsEhuVNJJAmb12QV0PZII+UneyhAneZuQQzVUkTcVgYxogxdSOzCCAlUw"
119: + "ggHBoAMCAQICBACdekowCgYGKyQDAwECBQAwbzELMAkGA1UEBhMCREUxPTA7"
120: + "BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlr"
121: + "YXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg"
122: + "MTpQTjAiGA8yMDAxMDIwMTEzNDcwN1oYDzIwMDUwMzIyMDg1NTUxWjBvMQsw"
123: + "CQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1"
124: + "ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEw"
125: + "EQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKB"
126: + "gQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0Ife3QMqeGMoCUnyJxwW0k"
127: + "2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg19e9JPv061wyADOucOIa"
128: + "NAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKajLMAw0bu1J0FadQIFAMAA"
129: + "AAEwCgYGKyQDAwECBQADgYEAV1yTi+2gyB7sUhn4PXmi/tmBxAfe5oBjDW8m"
130: + "gxtfudxKGZ6l/FUPNcrSc5oqBYxKWtLmf3XX87LcblYsch617jtNTkMzhx9e"
131: + "qxiD02ufcrxz2EVt0Akdqiz8mdVeqp3oLcNU/IttpSrcA91CAnoUXtDZYwb/"
132: + "gdQ4FI9l3+qo/0UwggJVMIIBwaADAgECAgQAxIymMAoGBiskAwMBAgUAMG8x"
133: + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm"
134: + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB"
135: + "MTARBgNVBAMUCjZSLUNhIDE6UE4wIhgPMjAwMTEwMTUxMzMxNThaGA8yMDA1"
136: + "MDYwMTA5NTIxN1owbzELMAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVy"
137: + "dW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3Qx"
138: + "ITAMBgcCggYBCgcUEwExMBEGA1UEAxQKN1ItQ0EgMTpQTjCBoTANBgkqhkiG"
139: + "9w0BAQEFAAOBjwAwgYsCgYEAiokD/j6lEP4FexF356OpU5teUpGGfUKjIrFX"
140: + "BHc79G0TUzgVxqMoN1PWnWktQvKo8ETaugxLkP9/zfX3aAQzDW4Zki6x6GDq"
141: + "fy09Agk+RJvhfbbIzRkV4sBBco0n73x7TfG/9NTgVr/96U+I+z/1j30aboM6"
142: + "9OkLEhjxAr0/GbsCBQDAAAABMAoGBiskAwMBAgUAA4GBAHWRqRixt+EuqHhR"
143: + "K1kIxKGZL2vZuakYV0R24Gv/0ZR52FE4ECr+I49o8FP1qiGSwnXB0SwjuH2S"
144: + "iGiSJi+iH/MeY85IHwW1P5e+bOMvEOFhZhQXQixOD7totIoFtdyaj1XGYRef"
145: + "0f2cPOjNJorXHGV8wuBk+/j++sxbd/Net3FtMIICVTCCAcGgAwIBAgIEAMSM"
146: + "pzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp"
147: + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z"
148: + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBOMCIYDzIwMDEx"
149: + "MDE1MTMzNDE0WhgPMjAwNTA2MDEwOTUyMTdaMG8xCzAJBgNVBAYTAkRFMT0w"
150: + "OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5p"
151: + "a2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNh"
152: + "IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvth"
153: + "ihnltsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wd"
154: + "bPvgJyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCA"
155: + "OXFwVWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIF"
156: + "AAOBgQBi5W96UVDoNIRkCncqr1LLG9vF9SGBIkvFpLDIIbcvp+CXhlvsdCJl"
157: + "0pt2QEPSDl4cmpOet+CxJTdTuMeBNXxhb7Dvualog69w/+K2JbPhZYxuVFZs"
158: + "Zh5BkPn2FnbNu3YbJhE60aIkikr72J4XZsI5DxpZCGh6xyV/YPRdKSljFjCC"
159: + "AlQwggHAoAMCAQICAwyDqzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9"
160: + "MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVu"
161: + "aWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1D"
162: + "QSAxOlBOMCIYDzIwMDAwMzIyMDk0MTI3WhgPMjAwNDAxMjExNjA0NTNaMG8x"
163: + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm"
164: + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB"
165: + "MTARBgNVBAMUCjRSLUNBIDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGL"
166: + "AoGBAI8x26tmrFJanlm100B7KGlRemCD1R93PwdnG7svRyf5ZxOsdGrDszNg"
167: + "xg6ouO8ZHQMT3NC2dH8TvO65Js+8bIyTm51azF6clEg0qeWNMKiiXbBXa+ph"
168: + "hTkGbXiLYvACZ6/MTJMJ1lcrjpRF7BXtYeYMcEF6znD4pxOqrtbf9z5hAgUA"
169: + "wAAAATAKBgYrJAMDAQIFAAOBgQB99BjSKlGPbMLQAgXlvA9jUsDNhpnVm3a1"
170: + "YkfxSqS/dbQlYkbOKvCxkPGA9NBxisBM8l1zFynVjJoy++aysRmcnLY/sHaz"
171: + "23BF2iU7WERy18H3lMBfYB6sXkfYiZtvQZcWaO48m73ZBySuiV3iXpb2wgs/"
172: + "Cs20iqroAWxwq/W/9jCCAlMwggG/oAMCAQICBDsFZ9UwCgYGKyQDAwECBQAw"
173: + "bzELMAkGA1UEBhMCREUxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNFItQ0Eg"
174: + "MTpQTjE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxl"
175: + "a29tbXVuaWthdGlvbiB1bmQgUG9zdDAiGA8xOTk5MDEyMTE3MzUzNFoYDzIw"
176: + "MDQwMTIxMTYwMDAyWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp"
177: + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z"
178: + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAozUi1DQSAxOlBOMIGfMA0GCSqG"
179: + "SIb3DQEBAQUAA4GNADCBiQKBgI4B557mbKQg/AqWBXNJhaT/6lwV93HUl4U8"
180: + "u35udLq2+u9phns1WZkdM3gDfEpL002PeLfHr1ID/96dDYf04lAXQfombils"
181: + "of1C1k32xOvxjlcrDOuPEMxz9/HDAQZA5MjmmYHAIulGI8Qg4Tc7ERRtg/hd"
182: + "0QX0/zoOeXoDSEOBAgTAAAABMAoGBiskAwMBAgUAA4GBAIyzwfT3keHI/n2P"
183: + "LrarRJv96mCohmDZNpUQdZTVjGu5VQjVJwk3hpagU0o/t/FkdzAjOdfEw8Ql"
184: + "3WXhfIbNLv1YafMm2eWSdeYbLcbB5yJ1od+SYyf9+tm7cwfDAcr22jNRBqx8"
185: + "wkWKtKDjWKkevaSdy99sAI8jebHtWz7jzydKMIID9TCCA16gAwIBAgICbMcw"
186: + "DQYJKoZIhvcNAQEFBQAwSzELMAkGA1UEBhMCREUxEjAQBgNVBAoUCVNpZ250"
187: + "cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBTSUdOVFJVU1QgMTpQ"
188: + "TjAeFw0wNDA3MzAxMzAyNDZaFw0wNzA3MzAxMzAyNDZaMDwxETAPBgNVBAMM"
189: + "CFlhY29tOlBOMQ4wDAYDVQRBDAVZYWNvbTELMAkGA1UEBhMCREUxCjAIBgNV"
190: + "BAUTATEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIWzLlYLQApocXIp"
191: + "pgCCpkkOUVLgcLYKeOd6/bXAnI2dTHQqT2bv7qzfUnYvOqiNgYdF13pOYtKg"
192: + "XwXMTNFL4ZOI6GoBdNs9TQiZ7KEWnqnr2945HYx7UpgTBclbOK/wGHuCdcwO"
193: + "x7juZs1ZQPFG0Lv8RoiV9s6HP7POqh1sO0P/AgMBAAGjggH1MIIB8TCBnAYD"
194: + "VR0jBIGUMIGRgBQcZzNghfnXoXRm8h1+VITC5caNRqFzpHEwbzELMAkGA1UE"
195: + "BhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVs"
196: + "ZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UE"
197: + "AxQKNVItQ0EgMTpQToIEALs8rjAdBgNVHQ4EFgQU2e5KAzkVuKaM9I5heXkz"
198: + "bcAIuR8wDgYDVR0PAQH/BAQDAgZAMBIGA1UdIAQLMAkwBwYFKyQIAQEwfwYD"
199: + "VR0fBHgwdjB0oCygKoYobGRhcDovL2Rpci5zaWdudHJ1c3QuZGUvbz1TaWdu"
200: + "dHJ1c3QsYz1kZaJEpEIwQDEdMBsGA1UEAxMUQ1JMU2lnblNpZ250cnVzdDE6"
201: + "UE4xEjAQBgNVBAoTCVNpZ250cnVzdDELMAkGA1UEBhMCREUwYgYIKwYBBQUH"
202: + "AQEEVjBUMFIGCCsGAQUFBzABhkZodHRwOi8vZGlyLnNpZ250cnVzdC5kZS9T"
203: + "aWdudHJ1c3QvT0NTUC9zZXJ2bGV0L2h0dHBHYXRld2F5LlBvc3RIYW5kbGVy"
204: + "MBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwDgYHAoIGAQoMAAQDAQH/MA0G"
205: + "CSqGSIb3DQEBBQUAA4GBAHn1m3GcoyD5GBkKUY/OdtD6Sj38LYqYCF+qDbJR"
206: + "6pqUBjY2wsvXepUppEler+stH8mwpDDSJXrJyuzf7xroDs4dkLl+Rs2x+2tg"
207: + "BjU+ABkBDMsym2WpwgA8LCdymmXmjdv9tULxY+ec2pjSEzql6nEZNEfrU8nt"
208: + "ZCSCavgqW4TtMYIBejCCAXYCAQEwUTBLMQswCQYDVQQGEwJERTESMBAGA1UE"
209: + "ChQJU2lnbnRydXN0MSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEUNBIFNJR05U"
210: + "UlVTVCAxOlBOAgJsxzAJBgUrDgMCGgUAoIGAMBgGCSqGSIb3DQEJAzELBgkq"
211: + "hkiG9w0BBwEwIwYJKoZIhvcNAQkEMRYEFIYfhPoyfGzkLWWSSLjaHb4HQmaK"
212: + "MBwGCSqGSIb3DQEJBTEPFw0wNTAzMjQwNzM4MzVaMCEGBSskCAYFMRgWFi92"
213: + "YXIvZmlsZXMvdG1wXzEvdGVzdDEwDQYJKoZIhvcNAQEFBQAEgYA2IvA8lhVz"
214: + "VD5e/itUxbFboKxeKnqJ5n/KuO/uBCl1N14+7Z2vtw1sfkIG+bJdp3OY2Cmn"
215: + "mrQcwsN99Vjal4cXVj8t+DJzFG9tK9dSLvD3q9zT/GQ0kJXfimLVwCa4NaSf"
216: + "Qsu4xtG0Rav6bCcnzabAkKuNNvKtH8amSRzk870DBg==");
217:
218: /*
219: *
220: * INFRASTRUCTURE
221: *
222: */
223:
224: public SignedDataTest(String name) {
225: super (name);
226: }
227:
228: public static void main(String args[]) {
229:
230: junit.textui.TestRunner.run(SignedDataTest.class);
231: }
232:
233: public static Test suite() throws Exception {
234: init();
235:
236: return new CMSTestSetup(new TestSuite(SignedDataTest.class));
237: }
238:
239: private static void init() throws Exception {
240: if (!_initialised) {
241: _initialised = true;
242:
243: _origDN = "O=Bouncy Castle, C=AU";
244: _origKP = CMSTestUtil.makeKeyPair();
245: _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN,
246: _origKP, _origDN);
247:
248: _signDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
249: _signKP = CMSTestUtil.makeKeyPair();
250: _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN,
251: _origKP, _origDN);
252:
253: _signGostKP = CMSTestUtil.makeGostKeyPair();
254: _signGostCert = CMSTestUtil.makeCertificate(_signGostKP,
255: _signDN, _origKP, _origDN);
256:
257: _signDsaKP = CMSTestUtil.makeDsaKeyPair();
258: _signDsaCert = CMSTestUtil.makeCertificate(_signDsaKP,
259: _signDN, _origKP, _origDN);
260:
261: _signEcDsaKP = CMSTestUtil.makeEcDsaKeyPair();
262: _signEcDsaCert = CMSTestUtil.makeCertificate(_signEcDsaKP,
263: _signDN, _origKP, _origDN);
264:
265: _signEcGostKP = CMSTestUtil.makeEcGostKeyPair();
266: _signEcGostCert = CMSTestUtil.makeCertificate(
267: _signEcGostKP, _signDN, _origKP, _origDN);
268:
269: _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
270: _reciKP = CMSTestUtil.makeKeyPair();
271: _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN,
272: _signKP, _signDN);
273:
274: _signCrl = CMSTestUtil.makeCrl(_signKP);
275: }
276: }
277:
278: private void verifySignatures(CMSSignedData s, byte[] contentDigest)
279: throws Exception {
280: CertStore certStore = s.getCertificatesAndCRLs("Collection",
281: "BC");
282: SignerInformationStore signers = s.getSignerInfos();
283:
284: Collection c = signers.getSigners();
285: Iterator it = c.iterator();
286:
287: while (it.hasNext()) {
288: SignerInformation signer = (SignerInformation) it.next();
289: Collection certCollection = certStore
290: .getCertificates(signer.getSID());
291:
292: Iterator certIt = certCollection.iterator();
293: X509Certificate cert = (X509Certificate) certIt.next();
294:
295: assertEquals(true, signer.verify(cert, "BC"));
296:
297: if (contentDigest != null) {
298: assertTrue(MessageDigest.isEqual(contentDigest, signer
299: .getContentDigest()));
300: }
301: }
302:
303: Collection certColl = certStore.getCertificates(null);
304: Collection crlColl = certStore.getCRLs(null);
305:
306: assertEquals(certColl.size(), s.getCertificates("Collection",
307: "BC").getMatches(null).size());
308: assertEquals(crlColl.size(), s.getCRLs("Collection", "BC")
309: .getMatches(null).size());
310: }
311:
312: private void verifySignatures(CMSSignedData s) throws Exception {
313: verifySignatures(s, null);
314: }
315:
316: public void testSHA1AndMD5WithRSAEncapsulatedRepeated()
317: throws Exception {
318: List certList = new ArrayList();
319: CMSProcessable msg = new CMSProcessableByteArray("Hello World!"
320: .getBytes());
321:
322: certList.add(_origCert);
323: certList.add(_signCert);
324:
325: CertStore certs = CertStore.getInstance("Collection",
326: new CollectionCertStoreParameters(certList), "BC");
327:
328: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
329:
330: gen.addSigner(_origKP.getPrivate(), _origCert,
331: CMSSignedDataGenerator.DIGEST_SHA1);
332:
333: gen.addSigner(_origKP.getPrivate(), _origCert,
334: CMSSignedDataGenerator.DIGEST_MD5);
335:
336: gen.addCertificatesAndCRLs(certs);
337:
338: CMSSignedData s = gen.generate(msg, true, "BC");
339:
340: ByteArrayInputStream bIn = new ByteArrayInputStream(s
341: .getEncoded());
342: ASN1InputStream aIn = new ASN1InputStream(bIn);
343:
344: s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
345:
346: certs = s.getCertificatesAndCRLs("Collection", "BC");
347:
348: SignerInformationStore signers = s.getSignerInfos();
349:
350: assertEquals(2, signers.size());
351:
352: Collection c = signers.getSigners();
353: Iterator it = c.iterator();
354: SignerId sid = null;
355:
356: while (it.hasNext()) {
357: SignerInformation signer = (SignerInformation) it.next();
358: Collection certCollection = certs.getCertificates(signer
359: .getSID());
360:
361: Iterator certIt = certCollection.iterator();
362: X509Certificate cert = (X509Certificate) certIt.next();
363:
364: sid = signer.getSID();
365:
366: assertEquals(true, signer.verify(cert, "BC"));
367:
368: //
369: // check content digest
370: //
371:
372: byte[] contentDigest = (byte[]) gen.getGeneratedDigests()
373: .get(signer.getDigestAlgOID());
374:
375: AttributeTable table = signer.getSignedAttributes();
376: Attribute hash = table.get(CMSAttributes.messageDigest);
377:
378: assertTrue(MessageDigest.isEqual(contentDigest,
379: ((ASN1OctetString) hash.getAttrValues()
380: .getObjectAt(0)).getOctets()));
381: }
382:
383: c = signers.getSigners(sid);
384:
385: assertEquals(2, c.size());
386:
387: //
388: // try using existing signer
389: //
390:
391: gen = new CMSSignedDataGenerator();
392:
393: gen.addSigners(s.getSignerInfos());
394:
395: gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs(
396: "Collection", "BC"));
397:
398: s = gen.generate(msg, true, "BC");
399:
400: bIn = new ByteArrayInputStream(s.getEncoded());
401: aIn = new ASN1InputStream(bIn);
402:
403: s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
404:
405: certs = s.getCertificatesAndCRLs("Collection", "BC");
406:
407: signers = s.getSignerInfos();
408: c = signers.getSigners();
409: it = c.iterator();
410:
411: assertEquals(2, c.size());
412:
413: while (it.hasNext()) {
414: SignerInformation signer = (SignerInformation) it.next();
415: Collection certCollection = certs.getCertificates(signer
416: .getSID());
417:
418: Iterator certIt = certCollection.iterator();
419: X509Certificate cert = (X509Certificate) certIt.next();
420:
421: assertEquals(true, signer.verify(cert, "BC"));
422: }
423:
424: checkSignerStoreReplacement(s, signers);
425: }
426:
427: public void testSHA1WithRSANoAttributes() throws Exception {
428: List certList = new ArrayList();
429: CMSProcessable msg = new CMSProcessableByteArray("Hello world!"
430: .getBytes());
431:
432: certList.add(_origCert);
433: certList.add(_signCert);
434:
435: CertStore certs = CertStore.getInstance("Collection",
436: new CollectionCertStoreParameters(certList), "BC");
437:
438: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
439:
440: gen.addSigner(_origKP.getPrivate(), _origCert,
441: CMSSignedDataGenerator.DIGEST_SHA1);
442:
443: gen.addCertificatesAndCRLs(certs);
444:
445: CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA,
446: msg, false, "BC", false);
447:
448: //
449: // compute expected content digest
450: //
451: MessageDigest md = MessageDigest.getInstance("SHA1", "BC");
452:
453: verifySignatures(s, md.digest("Hello world!".getBytes()));
454: }
455:
456: public void testSHA1WithRSAEncapsulated() throws Exception {
457: encapsulatedTest(_signKP, _signCert,
458: CMSSignedDataGenerator.DIGEST_SHA1);
459: }
460:
461: public void testSHA224WithRSAEncapsulated() throws Exception {
462: encapsulatedTest(_signKP, _signCert,
463: CMSSignedDataGenerator.DIGEST_SHA224);
464: }
465:
466: public void testSHA256WithRSAEncapsulated() throws Exception {
467: encapsulatedTest(_signKP, _signCert,
468: CMSSignedDataGenerator.DIGEST_SHA256);
469: }
470:
471: public void testRIPEMD128WithRSAEncapsulated() throws Exception {
472: encapsulatedTest(_signKP, _signCert,
473: CMSSignedDataGenerator.DIGEST_RIPEMD128);
474: }
475:
476: public void testRIPEMD160WithRSAEncapsulated() throws Exception {
477: encapsulatedTest(_signKP, _signCert,
478: CMSSignedDataGenerator.DIGEST_RIPEMD160);
479: }
480:
481: public void testRIPEMD256WithRSAEncapsulated() throws Exception {
482: encapsulatedTest(_signKP, _signCert,
483: CMSSignedDataGenerator.DIGEST_RIPEMD256);
484: }
485:
486: public void testECDSAEncapsulated() throws Exception {
487: encapsulatedTest(_signEcDsaKP, _signEcDsaCert,
488: CMSSignedDataGenerator.DIGEST_SHA1);
489: }
490:
491: public void testECDSASHA224Encapsulated() throws Exception {
492: encapsulatedTest(_signEcDsaKP, _signEcDsaCert,
493: CMSSignedDataGenerator.DIGEST_SHA224);
494: }
495:
496: public void testECDSASHA256Encapsulated() throws Exception {
497: encapsulatedTest(_signEcDsaKP, _signEcDsaCert,
498: CMSSignedDataGenerator.DIGEST_SHA256);
499: }
500:
501: public void testECDSASHA384Encapsulated() throws Exception {
502: encapsulatedTest(_signEcDsaKP, _signEcDsaCert,
503: CMSSignedDataGenerator.DIGEST_SHA384);
504: }
505:
506: public void testECDSASHA512Encapsulated() throws Exception {
507: encapsulatedTest(_signEcDsaKP, _signEcDsaCert,
508: CMSSignedDataGenerator.DIGEST_SHA512);
509: }
510:
511: public void testECDSASHA512EncapsulatedWithKeyFactoryAsEC()
512: throws Exception {
513: X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(
514: _signEcDsaKP.getPublic().getEncoded());
515: PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(
516: _signEcDsaKP.getPrivate().getEncoded());
517: KeyFactory keyFact = KeyFactory.getInstance("EC", "BC");
518: KeyPair kp = new KeyPair(keyFact.generatePublic(pubSpec),
519: keyFact.generatePrivate(privSpec));
520:
521: encapsulatedTest(kp, _signEcDsaCert,
522: CMSSignedDataGenerator.DIGEST_SHA512);
523: }
524:
525: public void testDSAEncapsulated() throws Exception {
526: encapsulatedTest(_signDsaKP, _signDsaCert,
527: CMSSignedDataGenerator.DIGEST_SHA1);
528: }
529:
530: public void testGOST3411WithGOST3410Encapsulated() throws Exception {
531: encapsulatedTest(_signGostKP, _signGostCert,
532: CMSSignedDataGenerator.DIGEST_GOST3411);
533: }
534:
535: public void testGOST3411WithECGOST3410Encapsulated()
536: throws Exception {
537: encapsulatedTest(_signEcGostKP, _signEcGostCert,
538: CMSSignedDataGenerator.DIGEST_GOST3411);
539: }
540:
541: private void encapsulatedTest(KeyPair signaturePair,
542: X509Certificate signatureCert, String digestAlgorithm)
543: throws Exception {
544: List certList = new ArrayList();
545: CMSProcessable msg = new CMSProcessableByteArray("Hello World!"
546: .getBytes());
547:
548: certList.add(signatureCert);
549: certList.add(_origCert);
550:
551: certList.add(_signCrl);
552:
553: CertStore certsAndCrls = CertStore.getInstance("Collection",
554: new CollectionCertStoreParameters(certList), "BC");
555:
556: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
557:
558: gen.addSigner(signaturePair.getPrivate(), signatureCert,
559: digestAlgorithm);
560:
561: gen.addCertificatesAndCRLs(certsAndCrls);
562:
563: CMSSignedData s = gen.generate(msg, true, "BC");
564:
565: ByteArrayInputStream bIn = new ByteArrayInputStream(s
566: .getEncoded());
567: ASN1InputStream aIn = new ASN1InputStream(bIn);
568:
569: s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
570:
571: certsAndCrls = s.getCertificatesAndCRLs("Collection", "BC");
572:
573: SignerInformationStore signers = s.getSignerInfos();
574: Collection c = signers.getSigners();
575: Iterator it = c.iterator();
576:
577: while (it.hasNext()) {
578: SignerInformation signer = (SignerInformation) it.next();
579: Collection certCollection = certsAndCrls
580: .getCertificates(signer.getSID());
581:
582: Iterator certIt = certCollection.iterator();
583: X509Certificate cert = (X509Certificate) certIt.next();
584:
585: assertEquals(true, signer.verify(cert, "BC"));
586: }
587:
588: //
589: // check for CRLs
590: //
591: Collection crls = certsAndCrls.getCRLs(null);
592:
593: assertEquals(1, crls.size());
594:
595: assertTrue(crls.contains(_signCrl));
596:
597: //
598: // try using existing signer
599: //
600:
601: gen = new CMSSignedDataGenerator();
602:
603: gen.addSigners(s.getSignerInfos());
604:
605: gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs(
606: "Collection", "BC"));
607:
608: s = gen.generate(msg, true, "BC");
609:
610: bIn = new ByteArrayInputStream(s.getEncoded());
611: aIn = new ASN1InputStream(bIn);
612:
613: s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
614:
615: certsAndCrls = s.getCertificatesAndCRLs("Collection", "BC");
616:
617: signers = s.getSignerInfos();
618: c = signers.getSigners();
619: it = c.iterator();
620:
621: while (it.hasNext()) {
622: SignerInformation signer = (SignerInformation) it.next();
623: Collection certCollection = certsAndCrls
624: .getCertificates(signer.getSID());
625:
626: Iterator certIt = certCollection.iterator();
627: X509Certificate cert = (X509Certificate) certIt.next();
628:
629: assertEquals(true, signer.verify(cert, "BC"));
630: }
631:
632: checkSignerStoreReplacement(s, signers);
633: }
634:
635: //
636: // signerInformation store replacement test.
637: //
638: private void checkSignerStoreReplacement(CMSSignedData orig,
639: SignerInformationStore signers) throws Exception {
640: CMSSignedData s = CMSSignedData.replaceSigners(orig, signers);
641:
642: CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
643:
644: signers = s.getSignerInfos();
645: Collection c = signers.getSigners();
646: Iterator it = c.iterator();
647:
648: while (it.hasNext()) {
649: SignerInformation signer = (SignerInformation) it.next();
650: Collection certCollection = certs.getCertificates(signer
651: .getSID());
652:
653: Iterator certIt = certCollection.iterator();
654: X509Certificate cert = (X509Certificate) certIt.next();
655:
656: assertEquals(true, signer.verify(cert, "BC"));
657: }
658: }
659:
660: public void testUnsortedAttributes() throws Exception {
661: CMSSignedData s = new CMSSignedData(
662: new CMSProcessableByteArray(disorderedMessage),
663: disorderedSet);
664:
665: CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
666:
667: SignerInformationStore signers = s.getSignerInfos();
668: Collection c = signers.getSigners();
669: Iterator it = c.iterator();
670:
671: while (it.hasNext()) {
672: SignerInformation signer = (SignerInformation) it.next();
673: Collection certCollection = certs.getCertificates(signer
674: .getSID());
675:
676: Iterator certIt = certCollection.iterator();
677: X509Certificate cert = (X509Certificate) certIt.next();
678:
679: assertEquals(true, signer.verify(cert, "BC"));
680: }
681: }
682:
683: public void testNullContentWithSigner() throws Exception {
684: List certList = new ArrayList();
685:
686: certList.add(_origCert);
687: certList.add(_signCert);
688:
689: CertStore certs = CertStore.getInstance("Collection",
690: new CollectionCertStoreParameters(certList), "BC");
691:
692: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
693:
694: gen.addSigner(_origKP.getPrivate(), _origCert,
695: CMSSignedDataGenerator.DIGEST_SHA1);
696:
697: gen.addCertificatesAndCRLs(certs);
698:
699: CMSSignedData s = gen.generate(null, false, "BC");
700:
701: ByteArrayInputStream bIn = new ByteArrayInputStream(s
702: .getEncoded());
703: ASN1InputStream aIn = new ASN1InputStream(bIn);
704:
705: s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
706:
707: verifySignatures(s);
708: }
709:
710: public void testWithAttributeCertificate() throws Exception {
711: List certList = new ArrayList();
712: CMSProcessable msg = new CMSProcessableByteArray("Hello World!"
713: .getBytes());
714:
715: certList.add(_signDsaCert);
716:
717: CertStore certs = CertStore.getInstance("Collection",
718: new CollectionCertStoreParameters(certList), "BC");
719:
720: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
721:
722: gen.addSigner(_origKP.getPrivate(), _origCert,
723: CMSSignedDataGenerator.DIGEST_SHA1);
724:
725: gen.addCertificatesAndCRLs(certs);
726:
727: X509AttributeCertificate attrCert = CMSTestUtil
728: .getAttributeCertificate();
729:
730: X509Store store = X509Store.getInstance(
731: "AttributeCertificate/Collection",
732: new X509CollectionStoreParameters(Collections
733: .singleton(attrCert)), "BC");
734:
735: gen.addAttributeCertificates(store);
736:
737: CMSSignedData sd = gen.generate(msg, "BC");
738:
739: assertEquals(4, sd.getVersion());
740:
741: store = sd.getAttributeCertificates("Collection", "BC");
742:
743: Collection coll = store.getMatches(null);
744:
745: assertEquals(1, coll.size());
746:
747: assertTrue(coll.contains(attrCert));
748:
749: //
750: // create new certstore
751: //
752: certList = new ArrayList();
753: certList.add(_origCert);
754: certList.add(_signCert);
755:
756: certs = CertStore.getInstance("Collection",
757: new CollectionCertStoreParameters(certList), "BC");
758:
759: //
760: // replace certs
761: //
762: sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs);
763:
764: verifySignatures(sd);
765: }
766:
767: public void testCertStoreReplacement() throws Exception {
768: List certList = new ArrayList();
769: CMSProcessable msg = new CMSProcessableByteArray("Hello World!"
770: .getBytes());
771:
772: certList.add(_signDsaCert);
773:
774: CertStore certs = CertStore.getInstance("Collection",
775: new CollectionCertStoreParameters(certList), "BC");
776:
777: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
778:
779: gen.addSigner(_origKP.getPrivate(), _origCert,
780: CMSSignedDataGenerator.DIGEST_SHA1);
781:
782: gen.addCertificatesAndCRLs(certs);
783:
784: CMSSignedData sd = gen.generate(msg, "BC");
785:
786: //
787: // create new certstore
788: //
789: certList = new ArrayList();
790: certList.add(_origCert);
791: certList.add(_signCert);
792:
793: certs = CertStore.getInstance("Collection",
794: new CollectionCertStoreParameters(certList), "BC");
795:
796: //
797: // replace certs
798: //
799: sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs);
800:
801: verifySignatures(sd);
802: }
803:
804: public void testEncapsulatedCertStoreReplacement() throws Exception {
805: List certList = new ArrayList();
806: CMSProcessable msg = new CMSProcessableByteArray("Hello World!"
807: .getBytes());
808:
809: certList.add(_signDsaCert);
810:
811: CertStore certs = CertStore.getInstance("Collection",
812: new CollectionCertStoreParameters(certList), "BC");
813:
814: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
815:
816: gen.addSigner(_origKP.getPrivate(), _origCert,
817: CMSSignedDataGenerator.DIGEST_SHA1);
818:
819: gen.addCertificatesAndCRLs(certs);
820:
821: CMSSignedData sd = gen.generate(msg, true, "BC");
822:
823: //
824: // create new certstore
825: //
826: certList = new ArrayList();
827: certList.add(_origCert);
828: certList.add(_signCert);
829:
830: certs = CertStore.getInstance("Collection",
831: new CollectionCertStoreParameters(certList), "BC");
832:
833: //
834: // replace certs
835: //
836: sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs);
837:
838: verifySignatures(sd);
839: }
840:
841: public void testCertOrdering1() throws Exception {
842: List certList = new ArrayList();
843: CMSProcessable msg = new CMSProcessableByteArray("Hello World!"
844: .getBytes());
845:
846: certList.add(_origCert);
847: certList.add(_signCert);
848: certList.add(_signDsaCert);
849:
850: CertStore certs = CertStore.getInstance("Collection",
851: new CollectionCertStoreParameters(certList), "BC");
852:
853: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
854:
855: gen.addSigner(_origKP.getPrivate(), _origCert,
856: CMSSignedDataGenerator.DIGEST_SHA1);
857:
858: gen.addCertificatesAndCRLs(certs);
859:
860: CMSSignedData sd = gen.generate(msg, true, "BC");
861:
862: certs = sd.getCertificatesAndCRLs("Collection", "BC");
863: Iterator it = certs.getCertificates(null).iterator();
864:
865: assertEquals(_origCert, it.next());
866: assertEquals(_signCert, it.next());
867: assertEquals(_signDsaCert, it.next());
868: }
869:
870: public void testCertOrdering2() throws Exception {
871: List certList = new ArrayList();
872: CMSProcessable msg = new CMSProcessableByteArray("Hello World!"
873: .getBytes());
874:
875: certList.add(_signCert);
876: certList.add(_signDsaCert);
877: certList.add(_origCert);
878:
879: CertStore certs = CertStore.getInstance("Collection",
880: new CollectionCertStoreParameters(certList), "BC");
881:
882: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
883:
884: gen.addSigner(_origKP.getPrivate(), _origCert,
885: CMSSignedDataGenerator.DIGEST_SHA1);
886:
887: gen.addCertificatesAndCRLs(certs);
888:
889: CMSSignedData sd = gen.generate(msg, true, "BC");
890:
891: certs = sd.getCertificatesAndCRLs("Collection", "BC");
892: Iterator it = certs.getCertificates(null).iterator();
893:
894: assertEquals(_signCert, it.next());
895: assertEquals(_signDsaCert, it.next());
896: assertEquals(_origCert, it.next());
897: }
898:
899: public void testSignerStoreReplacement() throws Exception {
900: List certList = new ArrayList();
901: CMSProcessable msg = new CMSProcessableByteArray("Hello World!"
902: .getBytes());
903:
904: certList.add(_origCert);
905: certList.add(_signCert);
906:
907: CertStore certs = CertStore.getInstance("Collection",
908: new CollectionCertStoreParameters(certList), "BC");
909:
910: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
911:
912: gen.addSigner(_origKP.getPrivate(), _origCert,
913: CMSSignedDataGenerator.DIGEST_SHA1);
914:
915: gen.addCertificatesAndCRLs(certs);
916:
917: CMSSignedData original = gen.generate(msg, true, "BC");
918:
919: //
920: // create new Signer
921: //
922: gen = new CMSSignedDataGenerator();
923:
924: gen.addSigner(_origKP.getPrivate(), _origCert,
925: CMSSignedDataGenerator.DIGEST_SHA224);
926:
927: gen.addCertificatesAndCRLs(certs);
928:
929: CMSSignedData newSD = gen.generate(msg, true, "BC");
930:
931: //
932: // replace signer
933: //
934: CMSSignedData sd = CMSSignedData.replaceSigners(original, newSD
935: .getSignerInfos());
936:
937: SignerInformation signer = (SignerInformation) sd
938: .getSignerInfos().getSigners().iterator().next();
939:
940: assertEquals(CMSSignedDataGenerator.DIGEST_SHA224, signer
941: .getDigestAlgOID());
942:
943: // we use a parser here as it requires the digests to be correct in the digest set, if it
944: // isn't we'll get a NullPointerException
945: CMSSignedDataParser sp = new CMSSignedDataParser(sd
946: .getEncoded());
947:
948: sp.getSignedContent().drain();
949:
950: verifySignatures(sp);
951: }
952:
953: private void verifySignatures(CMSSignedDataParser sp)
954: throws Exception {
955: CertStore certs = sp.getCertificatesAndCRLs("Collection", "BC");
956: SignerInformationStore signers = sp.getSignerInfos();
957:
958: Collection c = signers.getSigners();
959: Iterator it = c.iterator();
960:
961: while (it.hasNext()) {
962: SignerInformation signer = (SignerInformation) it.next();
963: Collection certCollection = certs.getCertificates(signer
964: .getSID());
965:
966: Iterator certIt = certCollection.iterator();
967: X509Certificate cert = (X509Certificate) certIt.next();
968:
969: assertEquals(true, signer.verify(cert, "BC"));
970: }
971: }
972: }
|