Hi,
Im trying to verify the PKCS& detached signature.. Verification is working fine. But if i try to alter or delete certian characters in my signature file its still saying verification success can anybody have a look at this code and help me to sort out this issue. Is there any other way with which i can verify the signature.
Here is the code:
import java.security.Security;
import java.io.*;
import org.bouncycastle.jce.PKCS7SignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.util.Arrays;
import java.util.*;
import java.text.SimpleDateFormat;
import java.util.Iterator;
import java.util.List;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.io.FileInputStream;
import javax.security.auth.x500.X500Principal;
import java.lang.*;
import java.io.PrintWriter;
import java.security.cert.*;
import java.util.Vector;
import java.lang.*;
import java.io.IOException;
import java.util.Collection;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
class VerifyP7s {
public static void main(String args[]) {
if (args.length < 2)
usage();
//Plug the Provider into the JCA/JCE
Security.addProvider(new BouncyCastleProvider());
FileInputStream freader = null;
//------ Get the content data from file -------------
File f = new File(args[1]) ;
int sizecontent = ((int) f.length());
byte[] bytes = new byte[sizecontent];
try {
freader = new FileInputStream(f);
System.out.print("\nContent Bytes: " + freader.read(bytes, 0, sizecontent));
freader.close();
}
catch(IOException ioe) {
System.out.println(ioe.toString());
return;
}
//------ Get the pkcs #7 data from file -------
File p7s = new File(args[0]) ;
int size = ((int) p7s.length());
byte[] bytessig = new byte[size];
try {
freader = new FileInputStream(p7s);
System.out.println(" PKCS#7 bytes: " + freader.read(bytessig, 0, size));
freader.close();
}
catch(IOException ioe) {
System.out.println(ioe.toString());
return;
}
// --- Use Bouncy Castle provider to attempt verification of p7s ---
if(isBase64Encoded(bytessig)){
System.out.println("Signature file is BASE64 encoded") ;
try{
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder() ;
byte[] bdecoded = dec.decodeBuffer(new String(bytessig));
if (isVerified(bdecoded, bytes))
System.out.println("Verified pkcs#7 data: \"" + args[0] + "\" as BASE64-encoded DER file\n" +
"against content file \"" + args[1] + "\"") ;
else
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
}
catch(Exception exc) {
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
return;
}
}
else { //if NOT base64 encoded
if (isVerified(bytessig, bytes))
System.out.println("Verified pkcs#7 data: \"" + args[0] + "\" as binary DER file\n" +
"against content file \"" + args[1] + "\"") ;
else
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
}
}
private static byte[] toUnicode(byte[] bytes) {
byte[] ucbytes = new byte[2*bytes.length];
for (int j = 0; j< bytes.length; j++) {
ucbytes[2*j] = bytes[j];
ucbytes[2*j+1] = 0x00; //null byte for UNICODE encoding
}
return ucbytes;
}
private static final boolean isVerified(byte[] sig, byte[] content) {
try{
PKCS7SignedData pkcs7 = new PKCS7SignedData(sig);
pkcs7.update(content, 0, content.length); // Update checksum
boolean verified = pkcs7.verify(); // Does it add up?
if(!verified) { //see if original data was UNICODE byte encoding
//System.out.println("Original byte content not verified.\nTrying UNICODE encoding ...");
pkcs7 = new PKCS7SignedData(sig);
pkcs7.update(toUnicode(content), 0, 2*content.length);
verified = pkcs7.verify();
if(verified){
System.out.println("\nUNICODE-encoding of signed content was verified.");
return true;
}
else
//System.out.println("\nCould NOT verify signed detached content");
return false;
}
else
System.out.println("ANSI-encoding of signed content was verified.");
return true ;
}
catch(java.security.cert.CRLException crle) {
//System.out.println("crl " + crle.toString());
return false;
}
catch(java.security.SignatureException sigex) {
//System.out.println("sigexcept " + sigex.toString());
return false;
}
catch(Exception secex) {
//System.out.println("other exception " + secex.toString());
return false;
}
}
private static final boolean isBase64Encoded(byte[] data) {
Arrays.sort(Base64Map);
for (int i=0; i<data.length; i++){
//System.out.println("data[" + i + "] " + (char)data) ;
if( Arrays.binarySearch(Base64Map, (char)data)<0
&& !Character.isWhitespace((char)data) )
return false;
}
return true;
}
public String printX509Cert(X509Certificate cert){
try{
String discrt = cert.getPublicKey().toString();
return discrt;
}
catch(Exception exception)
{
System.err.println("Exception is: "+exception.getMessage());
String ex = exception.getMessage();
return ex;
}
}
private static char[] Base64Map =
{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
'w', 'x', 'y', 'z', '0', '1', '2', '3',
'4', '5', '6', '7', '8', '9', '+', '/', '='
};
private static void usage() {
System.out.println("Usage:\n java VerifyP7s <pkcs #7 signature file> <contentfile> ") ;
System.exit(1);
}
}
Here is my signature file:
MIIEoAYJKoZIhvcNAQcCoIIEkTCCBI0CAQExDjAMBggqhkiG9w0CBQUAMAsGCSqGSIb3DQEHAaCC
A3kwggN1MIICXaADAgECAhBjffJNbUvAx4VWV4qkdNLGMA0GCSqGSIb3DQEBBAUAMDExETAPBgNV
BAoTCFNJRlkgTHRkMRwwGgYDVQQDExNTSUZZIEx0ZCBQcml2YXRlIENBMB4XDTA0MDcyNjAwMDAw
MFoXDTA1MDcyNjIzNTk1OVowgZwxETAPBgNVBAoUCFNJRlkgTHRkMSIwIAYDVQQLFBlIdW1hbiBS
ZXNvdXJjZSBEZXBhcnRtZW50MRswGQYDVQQLFBJFbXBsb3llZUlEIC0gU0YwNjcxGzAZBgNVBAMT
ElN1ZGVlcCBLdW1hciBQLiBLLjEpMCcGCSqGSIb3DQEJARYac3VkZWVwa3VtYXJAc2FmZXNjcnlw
dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANGOpSIhZEDQ5Z6cxLMpZssi5WWdD0h7
kFWkbXPQk842HqCBFPcClUUWWeT/LJ10VCC9Ff0KrI5lviGl9umnVW+LeCYiI/ksnea/p7tKfOgN
NO+UBoJ4PE5XnUEq03CFWdHhGNfukNqWZiMC+bUX8e6+blFU/6ipUtHmIkIrlNZBAgMBAAGjgaAw
gZ0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgeAMF0GA1UdHwRWMFQw
UqBQoE6GTGh0dHA6Ly9vbnNpdGVjcmwuc2FmZXNjcnlwdC5jb20vU0lGWUx0ZEh1bWFuUmVzb3Vy
Y2VEZXBhcnRtZW50L0xhdGVzdENSTC5jcmwwEQYKYIZIAYb4RQEGCQQDAQH/MA0GCSqGSIb3DQEB
BAUAA4IBAQBpFEGmTHOSfA/SkeC/bvZE3sYpBU0+RG8iSm+DTbP5tiCyWT+L0AidTWDk0ZuXz7yA
eF9NR0OZyxp3/v+OQYn3Q0a1awe+JKnDCD+zayehcPbvD+q79WYHO5Ibm5UA2VnGoBbV3CDhj1qC
lCyqllEKVWk11iB6wu24PzB31uARxkar3cynFNX4P6nxy6vb83W/Wnt8eOMQHI2SiVvJtjU5SwL6
ILrkZfrm7NLcCQY2w7w4/WeFgeb2Ko8hYHSRyvJWwBUyv2ExDGnv0eqHJn6HC+4IE8wzirWre0jY
Y0529u3MfIL0F7lrkuwYnpVa3zE/b2HwCaMrN+TuY/oNkf2YMYHtMIHqAgEBMEUwMTERMA8GA1UE
ChMIU0lGWSBMdGQxHDAaBgNVBAMTE1NJRlkgTHRkIFByaXZhdGUgQ0ECEGN98k1tS8DHhVZXiqR0
0sYwDAYIKoZIhvcNAgUFADANBgkqhkiG9w0BAQEFAASBgDUpkV5Zpi781vTmtydAdOVJ7cecnQ9v
8fdTZwMgz56Q3ZI0pj6+60e8lIafO3mo596eCF2mBsZm2wEO1PhnXPKAQFXWIseDp0GVdmwTp1tH
M2e9fC2bOppNhBKkpZAr26PE6/BIDittE1rM8nJOa+9lzJcDCBBpJM3MdlHjY+8v
My Content file is:
<table width=100%><TR align=center><TH COLSPAN=3>Transfer Funds Request</TH></TR><TR><TD ALIGN=RIGHT><FONT COLOR="#0000FF" SIZE=-1 FACE="Courier">TRANSFER FROM</FONT></TD><TD>..........</TD><TD><FONT SIZE=-1 FACE="Courier"><B>Money Market</B></FONT></TD></TR><TR><TD ALIGN=RIGHT><FONT COLOR="#0000FF" SIZE=-1 FACE="Courier">TRANSFER TO</FONT></TD><TD>..........</TD><TD><FONT SIZE=-1 FACE="Courier"><B>Cash</B></FONT></TD></TR><TR><TD ALIGN=RIGHT><FONT COLOR="#0000FF" SIZE=-1 FACE="Courier">AMOUNT</FONT></TD><TD>..........</TD><TD><FONT SIZE=-1 FACE="Courier"><B>/ \ & \n</B></FONT></TD></TR></table><BR>I am authorizing the transfer of the above funds <B>by digitally signing </B> this request.
Thanx in advance.