bc-java
bc-java copied to clipboard
bcgit
How to create CMSSignedData instance that accepts webcrypto ECDSA signatures
I need help adapting the Groovy code below to work with ECDSA signature generated via webcrypto. The signature is in the r|s form. I have incorporated the toASN1 converter as implemented here: https://gist.github.com/DinoChiesa/7520e1dea6e79888acab8ea8206afe92
It results in malformed content error owing apparently to expecting the first entry in the toASN1 sequence to be an OID.
public boolean verify(String signedString,String signature,Object signerCert)
{
//Create a CMSProcessable object, specify any encoding
CMSProcessable signedContent = new CMSProcessableByteArray(DigestUtils.sha256Hex(signedString).getBytes());
//Create a InputStream object
InputStream is = new ByteArrayInputStream(toASN1(Base64.decodeBase64(signature.getBytes())));
//Pass them both to CMSSignedData constructor
CMSSignedData signedData = new CMSSignedData(signedContent, is);
Store store = signedData.getCertificates();
if(signerCert != null){
//Build CMS
List certList = new ArrayList();
certList.add(signerCert);
store = new JcaCertStore(certList);
}
SignerInformationStore signers = signedData.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation)it.next();
Collection certCollection = store.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder certHolder = (X509CertificateHolder)certIt.next();
X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
return true;
}
}
return false;
}
