Kid Alchemy,
This is the wrong list for BouncyCastle questions!
-Anders
Anyway, here is an extract from code that I use (I'm not an expert of CMS):
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
public class VerifyProxy
{
public byte[] getAndVerifySignedData (byte[] signedData,
List<X509Certificate> caCerts) throws SignatureException, CMSException,
IOException, GeneralSecurityException
{
CMSSignedData csd = new CMSSignedData(signedData);
CertStore certs = csd.getCertificatesAndCRLs("Collection", "BC");
SignerInformation signer = (SignerInformation)
csd.getSignerInfos().getSigners().iterator().next();
Collection<? extends Certificate> certCollection =
certs.getCertificates(signer.getSID());
X509Certificate cert = (X509Certificate)
certCollection.iterator().next();
if (!signer.verify(cert.getPublicKey(), "BC")) {
throw new SignatureException ("Signature Error");
}
for (X509Certificate caCert : caCerts) {
if (cert.getIssuerX500Principal().getName
().equals(caCert.getSubjectX500Principal().getName ())) {
cert.verify(caCert.getPublicKey());
CMSProcessableByteArray cpb = (CMSProcessableByteArray)
csd.getSignedContent();
byte[] signedContent = (byte[]) cpb.getContent();
return signedContent;
}
}
throw new SignatureException ("No CA key matching: " +
cert.getIssuerX500Principal().getName());
}
2012-09-14 15:51, KidAlchemy wrote:
> On Friday, August 17, 2012 5:44:40 AM UTC-4, Anders Rundgren wrote:
>> On 2012-08-15 21:35, KidAlchemy wrote:
>>
>>> On Thursday, August 9, 2012 10:26:12 AM UTC-4, KidAlchemy wrote:
>>
>>>> I want to use the JSS library just to parse the CMS package into the
>>>> specific structures that are provided by JSS. I can get the signedData,
>>>> then I call signedData.getContentInfo(), which gives me the
>>>> encapsulatedContentInfo populated structure and this works fine.
>>
>>>>
>>
>>>>
>>
>>>>
>>
>>>> The problem: The encapsulatedContentInfo now contains a
>>>> id-ct-KP-encryptedKeyPkg. How do I proceed with my parsing from here? The
>>>> encapsulatedContentInfo.getContent() returns an OCTET_STRING but I dont
>>>> know what to do with it from here.
>>
>>>>
>>
>>>>
>>
>>>>
>>
>>>> Can you provide some code examples in Java for me?
>>
>>>
>>
>>> Anyone have a clue?
>>
>>
>>
>> Yes, DO NOT use JSS if you want to consume (parser) cryptographic messages.
>>
>> JSS is essentially unsupported. BouncyCastle has the stuff you are looking
>> for.
>>
>>
>>
>>>
> Can you answer this...why cant I find an example that starts from the
> beginning, meaning reading in a whole CMS package and use JSS and bouncy
> castle to parse it?
>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
