I'm trying to verify if an specific message is signed with a valid signature from an entity certificate recognized by my own trust anchor. I'm doing this:
public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception
{
CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = signedData.getSignerInfos();
Iterator it = signers.getSigners().iterator();
if (it.hasNext()){
SignerInformation signer = (SignerInformation)it.next();
X509CertSelector signerConstraints = signer.getSID();
PKIXCertPathBuilderResult result = buildPath(rootCert, signerID, certsAndCRLs);
return signer.verify(result.getPublicKey(), "BC");
}
return false;
}
But this line is giving me a compile error:
X509CertSelector signerConstraints = signer.getSID();
Because it is unable to cast from SignerId to X509CertSelector. I tried using explicit cast:
X509CertSelector signerConstraints = (CertSelector) signer.getSID();
And:
X509CertSelector signerConstraints = (X509CertSelector) signer.getSID();
Without results. How can I do this? Thanks
PS: notice that this code is extracted from "Beginning Cryptography with Java" by David Hook, but it doesn't compile.
I solved yesterday my own problem. I think that was something relative to .jar included as external archive to my project. Now, I'm using these:
bcprov-jdk16-145.jar
bcmail-jdk16-145.jar
Instead of:
bcprov-jdk15on-147.jar
bcmail-jdk15on-147.jar
Maybe the old versions didn't support this kind of implicit cast.
EDIT: David Hook's answer in http://bouncy-castle.1462172.n4.nabble.com/Problem-with-SignerID-and-X509CertSelector-td4620461.html
Use org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter - unfortunately the code in "Beginning Cryptography With Java" is now getting out of date. Guess I'll have to get the word processor out again.
Regards,
David