I have received a p7b file from a client which should contain a certificate chain and am trying to extract the certificates from it using bouncycastle.
I am running the latest 1.55 version of bouncy castle and am using the code you see everywhere for this:
byte [] content = ...;
CMSSignedData data = new CMSSignedData(content);
Store certStore = data.getCertificates();
SignerInformationStore signerInfos = data.getSignerInfos();
Collection<SignerInformation> signers = signerInfos.getSigners();
List<X509Certificate> result = new ArrayList<X509Certificate>();
for (SignerInformation signer : signers) {
Collection<X509CertificateHolder> matches = certStore.getMatches(signer.getSID());
for (X509CertificateHolder holder : matches) {
result.add(new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder));
}
}
return result;
The problem is that the signers collection is empty.
Note that I was able to extract them successfully using openssl:
openssl pkcs7 -print_certs -in test.p7b -out test.pem
But I rather have a clean java-based solution. Am I missing something? Is the CMSSignedData not being constructed correctly?