Fran Verona Fran Verona - 6 months ago 41
Java Question

SignerID cast to X509CertSelector in BouncyCastle library

I'm trying to verify if an specific message is signed with a valid signature from an entity certificate recognized by my own trust anchor. I'm doing this:

public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception
CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = signedData.getSignerInfos();
Iterator it = signers.getSigners().iterator();

if (it.hasNext()){
SignerInformation signer = (SignerInformation);

X509CertSelector signerConstraints = signer.getSID();

PKIXCertPathBuilderResult result = buildPath(rootCert, signerID, certsAndCRLs);

return signer.verify(result.getPublicKey(), "BC");
return false;

But this line is giving me a compile error:

X509CertSelector signerConstraints = signer.getSID();

Because it is unable to cast from SignerId to X509CertSelector. I tried using explicit cast:

X509CertSelector signerConstraints = (CertSelector) signer.getSID();


X509CertSelector signerConstraints = (X509CertSelector) signer.getSID();

Without results. How can I do this? Thanks

PS: notice that this code is extracted from "Beginning Cryptography with Java" by David Hook, but it doesn't compile.


I solved yesterday my own problem. I think that was something relative to .jar included as external archive to my project. Now, I'm using these:


Instead of:


Maybe the old versions didn't support this kind of implicit cast.

EDIT: David Hook's answer in

Use org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter - unfortunately the code in "Beginning Cryptography With Java" is now getting out of date. Guess I'll have to get the word processor out again.