[Solved] Cannot verify signature (cmssigneddata) bouncycastle


You need to add the certificate to a org.bouncycastle.util.CollectionStore, and add this store to the signature.

I’m using BouncyCastle 1.56:

import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.util.CollectionStore;

// add these lines after gen.addSignerInfoGenerator(...)

// cert is your X509Certificate
X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
CollectionStore<X509CertificateHolder> certStore = new CollectionStore<>(Collections.singletonList(holder));
gen.addCertificates(certStore); // add the store to the signature

The CollectionStore is useful when you want to add more than one certificate. If you want to add just one, you can also do:

X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
gen.addCertificate(holder);

The output I’ve got:

enter while loop1
[org.bouncycastle.cert.X509CertificateHolder@5bc807a8]collection of certs
enter while loop2
verified correct

solved Cannot verify signature (cmssigneddata) bouncycastle