001 /* Copyright (c) 2002 Graz University of Technology. All rights reserved.
002 *
003 * Redistribution and use in source and binary forms, with or without
004 * modification, are permitted provided that the following conditions are met:
005 *
006 * 1. Redistributions of source code must retain the above copyright notice,
007 * this list of conditions and the following disclaimer.
008 *
009 * 2. Redistributions in binary form must reproduce the above copyright notice,
010 * this list of conditions and the following disclaimer in the documentation
011 * and/or other materials provided with the distribution.
012 *
013 * 3. The end-user documentation included with the redistribution, if any, must
014 * include the following acknowledgment:
015 *
016 * "This product includes software developed by IAIK of Graz University of
017 * Technology."
018 *
019 * Alternately, this acknowledgment may appear in the software itself, if
020 * and wherever such third-party acknowledgments normally appear.
021 *
022 * 4. The names "Graz University of Technology" and "IAIK of Graz University of
023 * Technology" must not be used to endorse or promote products derived from
024 * this software without prior written permission.
025 *
026 * 5. Products derived from this software may not be called
027 * "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior
028 * written permission of Graz University of Technology.
029 *
030 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
031 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
032 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
033 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
034 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
035 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
036 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
037 * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
038 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
039 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
040 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
041 * POSSIBILITY OF SUCH DAMAGE.
042 */
043
044 package demo.pkcs.pkcs11;
045
046 import java.io.FileInputStream;
047 import java.io.FileOutputStream;
048 import java.io.InputStream;
049 import java.io.OutputStream;
050 import java.security.Security;
051 import java.security.SignatureException;
052
053 import iaik.pkcs.pkcs7.SignedDataStream;
054 import iaik.pkcs.pkcs7.SignerInfo;
055 import iaik.security.provider.IAIK;
056 import iaik.x509.X509Certificate;
057
058
059
060 /**
061 * This helper class simply verifies the signature of a PKCS#7 signed data
062 * object and extracts the verified content data.
063 *
064 * @author <a href="mailto:Karl.Scheibelhofer@iaik.at"> Karl Scheibelhofer </a>
065 * @version 0.1
066 * @invariants
067 */
068 public class VerifyPKCS7SignedData {
069
070 public static void main(String[] args) {
071 if ((args.length != 1) && (args.length != 2)) {
072 printUsage();
073 System.exit(1);
074 }
075
076 try {
077 Security.addProvider(new IAIK());
078
079 System.out.println("Verifying PKCS#7 signed data from file: " + args[0]);
080 InputStream dataInput = new FileInputStream(args[0]);
081
082 SignedDataStream signedData = new SignedDataStream(dataInput);
083
084 InputStream contentStream = signedData.getInputStream();
085 OutputStream verifiedContentStream = (args.length == 2) ? new FileOutputStream(args[1]) : null;
086 byte[] buffer = new byte[1024];
087 int bytesRead;
088
089 if (verifiedContentStream != null) {
090 while ((bytesRead = contentStream.read(buffer)) > 0) {
091 verifiedContentStream.write(buffer, 0, bytesRead);
092 }
093 verifiedContentStream.flush();
094 verifiedContentStream.close();
095 System.out.println("Verified content written to: " + args[1]);
096 System.out.println("________________________________________________________________________________");
097 } else {
098 System.out.println("The signed content data is: ");
099 System.out.println("________________________________________________________________________________");
100 while ((bytesRead = contentStream.read(buffer)) > 0) {
101 System.out.write(buffer, 0, bytesRead);
102 }
103 System.out.println();
104 System.out.println("________________________________________________________________________________");
105 }
106
107 // get the signer infos
108 SignerInfo[] signerInfos = signedData.getSignerInfos();
109 // verify the signatures
110 for (int i=0; i < signerInfos.length; i++) {
111 try {
112 // verify the signature for SignerInfo at index i
113 X509Certificate signerCertificate = signedData.verify(i);
114 // if the signature is OK the certificate of the signer is returned
115 System.out.println("Signature OK from signer with certificate: ");
116 System.out.println(signerCertificate);
117 System.out.println();
118 } catch (SignatureException ex) {
119 // if the signature is not OK a SignatureException is thrown
120 System.out.println("Signature ERROR from signer with certificate: ");
121 System.out.println(signedData.getCertificate(signerInfos[i].getIssuerAndSerialNumber()));
122 System.out.println();
123 ex.printStackTrace();
124 }
125 }
126
127 } catch (Throwable thr) {
128 thr.printStackTrace();
129 }
130 }
131
132 public static void printUsage() {
133 System.out.println("Usage: VerifyPKCS7SignedData <PKCS#7 signed data file> <verified content data>");
134 System.out.println(" e.g.: VerifyPKCS7SignedData signedData.p7 verifiedContentData.dat");
135 }
136
137
138 }