(Java) Verify and Unwrap S/MIME, and get Information about CMS Signature

Demonstrates calling the Verify method to verify and unwrap S/MIME. The MIME is restored to the original structure that it would have originally had prior to signing. The Verify method works with both detached signatures, as well as opaque/attached signatures.

Calls LastJsonData to get information about the signature(s) that were verified.

Chilkat Java Downloads Java Libs for Windows, MacOS, Linux, Alpine Linux, Solaris Java Libs for Android

import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkMime mime = new CkMime();

    // Load the signed MIME from a file...
    boolean success = mime.LoadMimeFile("qa_data/mime/detached_sig.eml");
    if (success == false) {
        System.out.println(mime.lastErrorText());
        return;
        }

    // Verify the S/MIME and restore the MIME
    // to the structure/content it had prior to signing.
    boolean verified = mime.Verify();
    if (verified == false) {
        System.out.println(mime.lastErrorText());
        return;
        }

    // Examine the details of what was verified.
    CkJsonObject json = mime.LastJsonData();
    json.put_EmitCompact(false);
    System.out.println(json.emit());

    // The code to parse the following JSON (i.e. extract desired information) is shown below..

    // {
    //   "pkcs7": {
    //     "verify": {
    //       "certs": [
    //         {
    //           "issuerCN": "VeriSign Class 1 Public Primary Certification Authority - G3",
    //           "serial": "0702A21A85B84B659E180A6EE6F5A365"
    //         },
    //         {
    //           "issuerCN": "VeriSign Class 1 Public Primary Certification Authority - G3",
    //           "serial": "008B5B75568454850B00CFAF3848CEB1A4"
    //         },
    //         {
    //           "issuerCN": "Symantec Class 1 Individual Subscriber CA - G5",
    //           "serial": "619C55C32FF6BD1A7B7E0330D21C8F3C"
    //         }
    //       ],
    //       "digestAlgorithms": [
    //         "sha1"
    //       ],
    //       "signerInfo": [
    //         {
    //           "cert": {
    //             "serialNumber": "619C55C32FF6BD1A7B7E0330D21C8F3C",
    //             "issuerCN": "Symantec Class 1 Individual Subscriber CA - G5",
    //             "digestAlgOid": "1.3.14.3.2.26",
    //             "digestAlgName": "SHA1"
    //           },
    //           "contentType": "1.2.840.113549.1.7.1",
    //           "signingTime": "160428055000Z",
    //           "messageDigest": "2hJJVmO/jtaJV5uCKMFzIkRRvtY=",
    //           "signingAlgOid": "1.2.840.113549.1.1.1",
    //           "signingAlgName": "RSA-PKCSV-1_5",
    //           "authAttr": {
    //             "1.2.840.113549.1.9.3": {
    //               "name": "contentType",
    //               "oid": "1.2.840.113549.1.7.1"
    //             },
    //             "1.2.840.113549.1.9.5": {
    //               "name": "signingTime",
    //               "utctime": "160428055000Z"
    //             },
    //             "1.2.840.113549.1.9.4": {
    //               "name": "messageDigest",
    //               "digest": "2hJJVmO/jtaJV5uCKMFzIkRRvtY="
    //             },
    //             "1.2.840.113549.1.9.15": {
    //               "der": "MFAwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKA=="
    //             },
    //             "1.3.6.1.4.1.311.16.4": {
    //               "der": "MIG7MIG...7fgMw0hyPPA=="
    //             }
    //           }
    //         }
    //       ]
    //     }
    //   }
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    CkDtObj signingTime = new CkDtObj();
    CkDtObj authAttrSigningTimeUtctime = new CkDtObj();
    String issuerCN;
    String serial;
    String strVal;
    String certSerialNumber;
    String certIssuerCN;
    String certDigestAlgOid;
    String certDigestAlgName;
    String contentType;
    String messageDigest;
    String signingAlgOid;
    String signingAlgName;
    String authAttrContentTypeName;
    String authAttrContentTypeOid;
    String authAttrSigningTimeName;
    String authAttrMessageDigestName;
    String authAttrMessageDigestDigest;
    String authAttr1_2_840_113549_1_9_15Der;
    String authAttr1_3_6_1_4_1_311_16_4Der;

    int i = 0;
    int count_i = json.SizeOfArray("pkcs7.verify.certs");
    while (i < count_i) {
        json.put_I(i);
        issuerCN = json.stringOf("pkcs7.verify.certs[i].issuerCN");
        serial = json.stringOf("pkcs7.verify.certs[i].serial");
        i = i+1;
        }

    i = 0;
    count_i = json.SizeOfArray("pkcs7.verify.digestAlgorithms");
    while (i < count_i) {
        json.put_I(i);
        strVal = json.stringOf("pkcs7.verify.digestAlgorithms[i]");
        i = i+1;
        }

    i = 0;
    count_i = json.SizeOfArray("pkcs7.verify.signerInfo");
    while (i < count_i) {
        json.put_I(i);
        certSerialNumber = json.stringOf("pkcs7.verify.signerInfo[i].cert.serialNumber");
        certIssuerCN = json.stringOf("pkcs7.verify.signerInfo[i].cert.issuerCN");
        certDigestAlgOid = json.stringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid");
        certDigestAlgName = json.stringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName");
        contentType = json.stringOf("pkcs7.verify.signerInfo[i].contentType");
        json.DtOf("pkcs7.verify.signerInfo[i].signingTime",false,signingTime);
        messageDigest = json.stringOf("pkcs7.verify.signerInfo[i].messageDigest");
        signingAlgOid = json.stringOf("pkcs7.verify.signerInfo[i].signingAlgOid");
        signingAlgName = json.stringOf("pkcs7.verify.signerInfo[i].signingAlgName");
        authAttrContentTypeName = json.stringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".name");
        authAttrContentTypeOid = json.stringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".oid");
        authAttrSigningTimeName = json.stringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".name");
        json.DtOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".utctime",false,authAttrSigningTimeUtctime);
        authAttrMessageDigestName = json.stringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".name");
        authAttrMessageDigestDigest = json.stringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".digest");
        authAttr1_2_840_113549_1_9_15Der = json.stringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.15\".der");
        authAttr1_3_6_1_4_1_311_16_4Der = json.stringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.3.6.1.4.1.311.16.4\".der");
        i = i+1;
        }
  }
}