added set for DigestInfoCalculatorProvider - relates to github #2156

Author: dghgit

mail/src/main/java/org/bouncycastle/mail/smime/validator/SignedMailValidator.java

@@ -217,11 +217,18 @@ else if (message.isMimeType("application/pkcs7-mime") || message.isMimeType("app
             throw new SignedMailValidatorException(msg, e);
         }
 
-        // validate signatues
+        // validate signatures
         validateSignatures(param);
     }
 
     protected void validateSignatures(PKIXParameters pkixParam)
+    {
+        JcaSimpleSignerInfoVerifierBuilder signerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder()
+                  .setProvider("BC");
+        validateSignatures(signerInfoVerifierBuilder, pkixParam);
+    }
+
+    protected void validateSignatures(JcaSimpleSignerInfoVerifierBuilder signerInfoVerifierBuilder, PKIXParameters pkixParam)
     {
         PKIXParameters usedParameters = (PKIXParameters)pkixParam.clone();
 
@@ -261,8 +268,21 @@ protected void validateSignatures(PKIXParameters pkixParam)
                 continue;
             }
 
-            // check signature
-            final boolean validSignature = isValidSignature(signerCert, signer, errors);
+            boolean validSignature;
+            try
+            {
+                SignerInformationVerifier verifier = signerInfoVerifierBuilder
+                                .build(signerCert.getPublicKey());
+
+                // check signature
+                validSignature = isValidSignature(verifier, signer, errors);
+            }
+            catch (Exception e)
+            {
+                validSignature = false;
+                ErrorBundle msg = createErrorBundle("SignedMailValidator.exceptionVerifyingSignature", e);
+                errors.add(msg);
+            }
 
             // check signer certificate (mail address, key usage, etc)
             checkSignerCert(signerCert, errors, notifications);
@@ -936,15 +956,11 @@ private static X509Certificate getProvidedCert(Set trustAnchors, List certStores
         return findFirstCert(certStores, selector, null);
     }
 
-    private static boolean isValidSignature(X509Certificate cert, SignerInformation signer, List errors)
+    private static boolean isValidSignature(SignerInformationVerifier verifier, SignerInformation signer, List errors)
     {
         boolean validSignature = false;
         try
         {
-            SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder()
-                .setProvider("BC")
-                .build(cert.getPublicKey());
-
             validSignature = signer.verify(verifier);
             if (!validSignature)
             {

pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoVerifierBuilder.java

@@ -18,6 +18,7 @@
 public class JcaSimpleSignerInfoVerifierBuilder
 {
     private Helper helper = new Helper();
+    private DigestCalculatorProvider digestCalculatorProvider = null;
 
     public JcaSimpleSignerInfoVerifierBuilder setProvider(Provider provider)
     {
@@ -33,22 +34,42 @@ public JcaSimpleSignerInfoVerifierBuilder setProvider(String providerName)
         return this;
     }
 
+    public JcaSimpleSignerInfoVerifierBuilder setDigestCalculatorProvider(DigestCalculatorProvider digestCalculatorProvider)
+    {
+        this.digestCalculatorProvider = digestCalculatorProvider;
+
+        return this;
+    }
+
     public SignerInformationVerifier build(X509CertificateHolder certHolder)
         throws OperatorCreationException, CertificateException
     {
-        return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(certHolder), helper.createDigestCalculatorProvider());
+        return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(certHolder), getDigestCalculatorProvider());
     }
 
     public SignerInformationVerifier build(X509Certificate certificate)
         throws OperatorCreationException
     {
-        return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(certificate), helper.createDigestCalculatorProvider());
+        return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(certificate), getDigestCalculatorProvider());
     }
 
     public SignerInformationVerifier build(PublicKey pubKey)
         throws OperatorCreationException
     {
-        return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(pubKey), helper.createDigestCalculatorProvider());
+        return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(pubKey), getDigestCalculatorProvider());
+    }
+
+    private DigestCalculatorProvider getDigestCalculatorProvider()
+        throws OperatorCreationException
+    {
+        if (digestCalculatorProvider != null)
+        {
+            return digestCalculatorProvider;
+        }
+        else
+        {
+            return helper.createDigestCalculatorProvider();
+        }
     }
 
     private static class Helper