Fran Verona Fran Verona - 1 month ago 9
Java Question

SignerID cast to X509CertSelector in BouncyCastle library

I'm trying to verify if an specific message is signed with a valid signature from an entity certificate recognized by my own trust anchor. I'm doing this:

public static boolean isValid(CMSSignedData signedData, X509Certificate rootCert) throws Exception
{
CertStore certsAndCRLs = signedData.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = signedData.getSignerInfos();
Iterator it = signers.getSigners().iterator();

if (it.hasNext()){
SignerInformation signer = (SignerInformation)it.next();

X509CertSelector signerConstraints = signer.getSID();

PKIXCertPathBuilderResult result = buildPath(rootCert, signerID, certsAndCRLs);

return signer.verify(result.getPublicKey(), "BC");
}
return false;
}


But this line is giving me a compile error:

X509CertSelector signerConstraints = signer.getSID();


Because it is unable to cast from SignerId to X509CertSelector. I tried using explicit cast:

X509CertSelector signerConstraints = (CertSelector) signer.getSID();


And:

X509CertSelector signerConstraints = (X509CertSelector) signer.getSID();


Without results. How can I do this? Thanks

PS: notice that this code is extracted from "Beginning Cryptography with Java" by David Hook, but it doesn't compile.

Answer

I solved yesterday my own problem. I think that was something relative to .jar included as external archive to my project. Now, I'm using these:

bcprov-jdk16-145.jar
bcmail-jdk16-145.jar

Instead of:

bcprov-jdk15on-147.jar
bcmail-jdk15on-147.jar

Maybe the old versions didn't support this kind of implicit cast.

EDIT: David Hook's answer in http://bouncy-castle.1462172.n4.nabble.com/Problem-with-SignerID-and-X509CertSelector-td4620461.html

Use org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter - unfortunately the code in "Beginning Cryptography With Java" is now getting out of date. Guess I'll have to get the word processor out again.

Regards,

David