Examples with Signature com.github.zhenwei.core.asn1.ocsp.Signature used on opensource projects

Example 6 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class X509CRLHolder method isSignatureValid.

/**
 * Validate the signature on the CRL.
 *
 * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the
 *                         signature.
 * @return true if the signature is valid, false otherwise.
 * @throws CertException if the signature cannot be processed or is inappropriate.
 */
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
    TBSCertList tbsCRL = x509CRL.getTBSCertList();
    if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) {
        throw new CertException("signature invalid - algorithm identifier mismatch");
    }
    ContentVerifier verifier;
    try {
        verifier = verifierProvider.get((tbsCRL.getSignature()));
        OutputStream sOut = verifier.getOutputStream();
        tbsCRL.encodeTo(sOut, ASN1Encoding.DER);
        sOut.close();
    } catch (Exception e) {
        throw new CertException("unable to process signature: " + e.getMessage(), e);
    }
    return verifier.verify(x509CRL.getSignature().getOctets());
}

Example 7 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class SignerInformation method addCounterSigners.

/**
 * Return a signer information object with passed in SignerInformationStore representing counter
 * signatures attached as an unsigned attribute.
 *
 * @param signerInformation the signerInfo to be used as the basis.
 * @param counterSigners    signer info objects carrying counter signature.
 * @return a copy of the original SignerInformationObject with the changed attributes.
 */
public static SignerInformation addCounterSigners(SignerInformation signerInformation, SignerInformationStore counterSigners) {
    // TODO Perform checks from RFC 3852 11.4
    SignerInfo sInfo = signerInformation.info;
    AttributeTable unsignedAttr = signerInformation.getUnsignedAttributes();
    ASN1EncodableVector v;
    if (unsignedAttr != null) {
        v = unsignedAttr.toASN1EncodableVector();
    } else {
        v = new ASN1EncodableVector();
    }
    ASN1EncodableVector sigs = new ASN1EncodableVector();
    for (Iterator it = counterSigners.getSigners().iterator(); it.hasNext(); ) {
        sigs.add(((SignerInformation) it.next()).toASN1Structure());
    }
    v.add(new Attribute(CMSAttributes.counterSignature, new DERSet(sigs)));
    return new SignerInformation(new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(), sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), new DERSet(v)), signerInformation.contentType, signerInformation.content, null);
}

Example 8 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class SignerInformation method doVerify.

private boolean doVerify(SignerInformationVerifier verifier) throws CMSException {
    String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
    ContentVerifier contentVerifier;
    try {
        contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm());
    } catch (OperatorCreationException e) {
        throw new CMSException("can't create content verifier: " + e.getMessage(), e);
    }
    try {
        OutputStream sigOut = contentVerifier.getOutputStream();
        if (resultDigest == null) {
            DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID());
            if (content != null) {
                OutputStream digOut = calc.getOutputStream();
                if (signedAttributeSet == null) {
                    if (contentVerifier instanceof RawContentVerifier) {
                        content.write(digOut);
                    } else {
                        OutputStream cOut = new TeeOutputStream(digOut, sigOut);
                        content.write(cOut);
                        cOut.close();
                    }
                } else {
                    content.write(digOut);
                    sigOut.write(this.getEncodedSignedAttributes());
                }
                digOut.close();
            } else if (signedAttributeSet != null) {
                sigOut.write(this.getEncodedSignedAttributes());
            } else {
                // TODO Get rid of this exception and just treat content==null as empty not missing?
                throw new CMSException("data not encapsulated in signature - use detached constructor.");
            }
            resultDigest = calc.getDigest();
        } else {
            if (signedAttributeSet == null) {
                if (content != null) {
                    content.write(sigOut);
                }
            } else {
                sigOut.write(this.getEncodedSignedAttributes());
            }
        }
        sigOut.close();
    } catch (IOException e) {
        throw new CMSException("can't process mime object to create signature.", e);
    } catch (OperatorCreationException e) {
        throw new CMSException("can't create digest calculator: " + e.getMessage(), e);
    }
    // RFC 3852 11.1 Check the content-type attribute is correct
    verifyContentTypeAttributeValue();
    AttributeTable signedAttrTable = this.getSignedAttributes();
    // RFC 6211 Validate Algorithm Identifier protection attribute if present
    verifyAlgorithmIdentifierProtectionAttribute(signedAttrTable);
    // RFC 3852 11.2 Check the message-digest attribute is correct
    verifyMessageDigestAttribute();
    // RFC 3852 11.4 Validate countersignature attribute(s)
    verifyCounterSignatureAttribute(signedAttrTable);
    try {
        if (signedAttributeSet == null && resultDigest != null) {
            if (contentVerifier instanceof RawContentVerifier) {
                RawContentVerifier rawVerifier = (RawContentVerifier) contentVerifier;
                if (encName.equals("RSA")) {
                    DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.getAlgorithm(), DERNull.INSTANCE), resultDigest);
                    return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature());
                }
                return rawVerifier.verify(resultDigest, this.getSignature());
            }
        }
        return contentVerifier.verify(this.getSignature());
    } catch (IOException e) {
        throw new CMSException("can't process mime object to create signature.", e);
    }
}

Example 9 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CMSSignedDataGenerator method generate.

/**
 * Generate a CMS Signed Data object which can be carrying a detached CMS signature, or have
 * encapsulated data, depending on the value of the encapsulated parameter.
 *
 * @param content     the content to be signed.
 * @param encapsulate true if the content should be encapsulated in the signature, false
 *                    otherwise.
 */
public CMSSignedData generate(// FIXME Avoid accessing more than once to support CMSProcessableInputStream
CMSTypedData content, boolean encapsulate) throws CMSException {
    if (!signerInfs.isEmpty()) {
        throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
    }
    // TODO
    // if (signerInfs.isEmpty())
    // {
    // /* RFC 3852 5.2
    // * "In the degenerate case where there are no signers, the
    // * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
    // * case, the content type within the EncapsulatedContentInfo value being
    // * "signed" MUST be id-data (as defined in section 4), and the content
    // * field of the EncapsulatedContentInfo value MUST be omitted."
    // */
    // if (encapsulate)
    // {
    // throw new IllegalArgumentException("no signers, encapsulate must be false");
    // }
    // if (!DATA.equals(eContentType))
    // {
    // throw new IllegalArgumentException("no signers, eContentType must be id-data");
    // }
    // }
    // 
    // if (!DATA.equals(eContentType))
    // {
    // /* RFC 3852 5.3
    // * [The 'signedAttrs']...
    // * field is optional, but it MUST be present if the content type of
    // * the EncapsulatedContentInfo value being signed is not id-data.
    // */
    // // TODO signedAttrs must be present for all signers
    // }
    Set<AlgorithmIdentifier> digestAlgs = new LinkedHashSet<AlgorithmIdentifier>();
    ASN1EncodableVector signerInfos = new ASN1EncodableVector();
    // clear the current preserved digest state
    digests.clear();
    // 
    for (Iterator it = _signers.iterator(); it.hasNext(); ) {
        SignerInformation signer = (SignerInformation) it.next();
        CMSUtils.addDigestAlgs(digestAlgs, signer, digestAlgIdFinder);
        // TODO Verify the content type and calculated digest match the precalculated SignerInfo
        signerInfos.add(signer.toASN1Structure());
    }
    // 
    // add the SignerInfo objects
    // 
    ASN1ObjectIdentifier contentTypeOID = content.getContentType();
    ASN1OctetString octs = null;
    if (content.getContent() != null) {
        ByteArrayOutputStream bOut = null;
        if (encapsulate) {
            bOut = new ByteArrayOutputStream();
        }
        OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut);
        // Just in case it's unencapsulated and there are no signers!
        cOut = CMSUtils.getSafeOutputStream(cOut);
        try {
            content.write(cOut);
            cOut.close();
        } catch (IOException e) {
            throw new CMSException("data processing exception: " + e.getMessage(), e);
        }
        if (encapsulate) {
            octs = new BEROctetString(bOut.toByteArray());
        }
    }
    for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
        SignerInfoGenerator sGen = (SignerInfoGenerator) it.next();
        SignerInfo inf = sGen.generate(contentTypeOID);
        digestAlgs.add(inf.getDigestAlgorithm());
        signerInfos.add(inf);
        byte[] calcDigest = sGen.getCalculatedDigest();
        if (calcDigest != null) {
            digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest);
        }
    }
    ASN1Set certificates = null;
    if (certs.size() != 0) {
        certificates = CMSUtils.createBerSetFromList(certs);
    }
    ASN1Set certrevlist = null;
    if (crls.size() != 0) {
        certrevlist = CMSUtils.createBerSetFromList(crls);
    }
    ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
    SignedData sd = new SignedData(CMSUtils.convertToBERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
    ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
    return new CMSSignedData(content, contentInfo);
}

Example 10 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CMSSignedDataStreamGenerator method getDigestAlgorithms.

/**
 * Return a list of the current Digest AlgorithmIdentifiers applying to the next signature.
 *
 * @return a list of the Digest AlgorithmIdentifiers
 */
public List<AlgorithmIdentifier> getDigestAlgorithms() {
    List digestAlorithms = new ArrayList();
    // 
    for (Iterator it = _signers.iterator(); it.hasNext(); ) {
        SignerInformation signer = (SignerInformation) it.next();
        AlgorithmIdentifier digAlg = CMSSignedHelper.INSTANCE.fixDigestAlgID(signer.getDigestAlgorithmID(), digestAlgIdFinder);
        digestAlorithms.add(digAlg);
    }
    for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
        SignerInfoGenerator signerGen = (SignerInfoGenerator) it.next();
        digestAlorithms.add(signerGen.getDigestAlgorithm());
    }
    return digestAlorithms;
}