❔ Validate CADESignature
Hello guys,
Can you please help me with getting this resolved, I have an integration with a third-party , and I have been asked to do a CAdesSignature validation .
I have been provided with this sample code to apply it , but it was in Java , how I can achieve the same functionality in .Net Core ?
given that I have tried to use BouncyCastle , but didn't succeed in getting the data content !
I am not experienced with this stuff so any guidance would be much appreciated.
thanks :
NOTE: the Java sample code is in first comment .
2 Replies
/**
* This method Takes an Input String and the CAdES signature on that String. It
* then Verifies two things -
* 1. If the Signature corresponds to this Input String
* 2. If the certificate inside signature is valid
* <p>
* This method returns a boolean true/false, after validating both criteria
* stated above.
*
* @param inputSignature CAdES signarure data on the input data
* @param inputData Actual input data (String)/ SHA256 Hash of the encoded payload
* @return Boolean
*/
public boolean validateCADESignature(String inputSignature, String inputData) throws CMSException,
CertificateException, OperatorCreationException {
Boolean validated = false;
CAdESSignature cAdESSignature;
//Base64 decode of input signature
cAdESSignature = new CAdESSignature(Base64.getDecoder().decode(inputSignature));
ObjectMapper mapper = new ObjectMapper();
mapper.findAndRegisterModules();
//Extracting the Data enveloped inside signature
String extractedData = mapper
.convertValue(new String((byte[])
cAdESSignature.getCmsSignedData().getSignedContent().getContent(),
StandardCharsets.UTF_8), String.class);
//Is Input Data matching with the data retrieved from Signature?
// If yes, then first criteria is Valid
if (inputData.equalsIgnoreCase(extractedData)) {
//Verify the Certificase of Signature
CMSSignedData signedData = cAdESSignature.getCmsSignedData();
Store<X509CertificateHolder> store = signedData.getCertificates();
SignerInformationStore signers = signedData.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
for (SignerInformation signer : c) {
Collection certCollection = store.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
X509Certificate certFromSignedData;
certFromSignedData = new
JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
if (signer
.verify(new
JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certFromSignedData))) {
//Signature is verified (second criteria met)
LOG.info("Signature verified");
validated = true;
} else {
LOG.info("Signature verification failed");
}
}
}
return validated; //Return the result of Verification
}
Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.