Method: Ccrypto::Java::PKCS7Engine#verify

Defined in:: lib/ccrypto/java/engines/pkcs7_engine.rb
#verify(val, inForm = :bin, &block) ⇒ `Object`

# File 'lib/ccrypto/java/engines/pkcs7_engine.rb', line 140

def verify(val, inForm = :bin, &block)

  srcData = nil
  os = nil
  prov = Ccrypto::Java::JCEProvider::DEFProv
  if block
    srcData = block.call(:signed_data)
    os = block.call(:output_stream)
    prov = block.call(:jce_provider)
  end

  os = java.io.ByteArrayOutputStream.new if os.nil?
  prov = Ccrypto::Java::JCEProvider::DEFProv if is_empty?(prov)

  data = nil
  case srcData
  when java.io.File
    data = org.bouncycastle.cms.CMSProcessableFile.new(val)
    teLogger.debug "Given original data is a java.io.File"
  else
    if not_empty?(srcData)
      ba = to_java_bytes(srcData)
      if ba.is_a?(::Java::byte[])
        data = org.bouncycastle.cms.CMSProcessableByteArray.new(ba)
        teLogger.debug "Given original data is a byte array"
      else
        raise PKCS7EngineException, "Failed to read original data. Given #{srcData}"
      end
    else
      teLogger.debug "Original data for signing is not given."
    end
  end

  case val
  when java.io.InputStream
    if data.nil?
      teLogger.debug "Attached signature with java.io.InputStream signature detected during verification"
      signed = org.bouncycastle.cms.CMSSignedData.new(val)
    else
      teLogger.debug "Detached signature with java.io.InputStream signature detected during verification"
      signed = org.bouncycastle.cms.CMSSignedData.new(data, val)
    end
  else
    if not_empty?(val)
      ba = to_java_bytes(val)
      if ba.is_a?(::Java::byte[])
        if data.nil?
          teLogger.debug "Attached signature with byte array signature detected during verification"
          signed = org.bouncycastle.cms.CMSSignedData.new(ba)
        else
          teLogger.debug "Detached signature with byte array signature detected during verification"
          signed = org.bouncycastle.cms.CMSSignedData.new(data, ba)
        end
      else
        raise PKCS7EngineException, "Failed to convert input to java byte array. Given #{val.class}"
      end
    else
      raise PKCS7EngineException, "Given signature to verify is empty."
    end
  end

  certs = signed.certificates
  signerInfo = signed.getSignerInfos
  signers = signerInfo.getSigners
  signatureVerified = false
  signers.each do |signer|

    certVerified = true
    certs.getMatches(signer.getSID).each do |c|
      begin

        if block
          certVerified = block.call(:verify_certificate, c)
          if certVerified.nil?
            teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
            certVerified = true
          elsif is_bool?(certVerified)
            if certVerified
              teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} accepted by application"
            else
              teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} rejected by application"
            end
          else
            teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application. Given #{certVerified})"
          end
        else
          teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
        end

        if certVerified

          teLogger.debug "Verifing signature against certificate '#{c.subject}'"
          verifier = org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder.new.setProvider(prov).build(c)
          if signer.verify(verifier)
            teLogger.debug "Signer with #{c.subject} verified!"
            if block
              block.call(:verification_result, true)
              if data.nil?
                block.call(:attached_data, signed.getSignedContent.getContent)
              end
            end

            signatureVerified = true

          else
            teLogger.debug "Signer with #{c.subject} failed. Retry with subsequent certificate"
            signatureVerified = false
          end

        end
      rescue ::Java::OrgBouncycastleCms::CMSSignerDigestMismatchException => ex
        teLogger.error "Signer digest mismatch exception : #{ex.message}" 
        signatureVerified = false
        break
      rescue Exception => ex
        teLogger.error ex
        teLogger.error ex.message
        teLogger.error ex.backtrace.join("\n")
      end
    end
    # end certs.getMatches

    break if signatureVerified

  end
  # end signers.each

  signatureVerified

end
Method: Ccrypto::Java::PKCS7Engine#verify

#verify(val, inForm = :bin, &block) ⇒ Object

#verify(val, inForm = :bin, &block) ⇒ `Object`
