Example usage for java.security.cert CollectionCertStoreParameters CollectionCertStoreParameters

List of usage examples for java.security.cert CollectionCertStoreParameters CollectionCertStoreParameters

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. CollectionCertStoreParameters
  6. CollectionCertStoreParameters

Introduction

In this page you can find the example usage for java.security.cert CollectionCertStoreParameters CollectionCertStoreParameters.

Prototype

public CollectionCertStoreParameters(Collection<?> collection)

Source Link

Document

Creates an instance of CollectionCertStoreParameters which will allow certificates and CRLs to be retrieved from the specified Collection .

Usage

From source file:test.unit.be.fedict.eid.applet.service.signer.CMSTest.java

/**
 * CMS signature with external data and embedded certificate. The CMS only
 * contains the signature, signing certificate and some certificate
 * selector./*from  w  w  w. j a  v a 2 s. c  om*/
 * 
 * @throws Exception
 */
@Test
public void testCmsSignatureWithCertificate() throws Exception {
    // setup
    KeyPair keyPair = PkiTestUtils.generateKeyPair();
    DateTime notBefore = new DateTime();
    DateTime notAfter = notBefore.plusMonths(1);
    X509Certificate certificate = generateSelfSignedCertificate(keyPair, "CN=Test", notBefore, notAfter);
    byte[] toBeSigned = "hello world".getBytes();

    // operate
    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    /*
     * addSigner requires the certificate to be able to calculate the key
     * selector.
     */
    generator.addSigner(keyPair.getPrivate(), certificate, CMSSignedDataGenerator.DIGEST_SHA1);
    List<X509Certificate> certList = new LinkedList<X509Certificate>();
    certList.add(certificate);
    CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList));
    generator.addCertificatesAndCRLs(certStore);
    CMSProcessable content = new CMSProcessableByteArray(toBeSigned);
    CMSSignedData signedData = generator.generate(content, false, (String) null);

    byte[] cmsSignature = signedData.getEncoded();
    LOG.debug("CMS signature: " + ASN1Dump.dumpAsString(new ASN1StreamParser(cmsSignature).readObject()));

    // verify
    signedData = new CMSSignedData(content, cmsSignature);
    certStore = signedData.getCertificatesAndCRLs("Collection", BouncyCastleProvider.PROVIDER_NAME);
    SignerInformationStore signers = signedData.getSignerInfos();
    Iterator<SignerInformation> iter = signers.getSigners().iterator();
    while (iter.hasNext()) {
        SignerInformation signer = iter.next();
        SignerId signerId = signer.getSID();
        LOG.debug("signer: " + signerId);
        X509CertSelector signerConstraints = new JcaX509CertSelectorConverter().getCertSelector(signerId);
        LOG.debug("signerConstraints: " + signerConstraints);
        assertTrue(signerConstraints.match(certificate));
        assertTrue(signer.verify(keyPair.getPublic(), BouncyCastleProvider.PROVIDER_NAME));

        X509Certificate storedCert = (X509Certificate) certStore // TODO FIXME
                .getCertificates(signerConstraints).iterator().next();
        assertEquals(certificate, storedCert);
    }
    LOG.debug("content type: " + signedData.getSignedContentTypeOID());
}