My question is strictly related to Bouncy Castle i cannot get all certificate.
I use the BC code https://www.bouncycastle.org/docs/pkixdocs1.4/org/bouncycastle/cms/CMSSignedData.html whith some little variation.
Store certStore = s.getCertificates();
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext())
{
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = certStore.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)))
{
verified++;
}
}
My purpose is to extract all certificate(signers + them issuers) from the "certStore" , and verify them against a specicific keystore.
But to extract a certificate form certStore, there is only "certStore.getMatches".
The signers extract obviously only the signers and used in "certStore.getMatches" extract only the certificate of the signer(one or more).
I have to control each certificate, his CRL his date, not only the signer.
The first step to obtain allcertificate is to use a null selector
ArrayList<X509CertificateHolder> listCertDatFirm = new ArrayList(store.getMatches(null));
Then you have a group of certificate; looping recoursively you can rebuild the correct chain.