Search in sources :

Example 26 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class X509AttributeCertificateHolder method isSignatureValid.

/**
 * Validate the signature on the attribute certificate in this holder.
 *
 * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the
 *                         signature.
 * @return true if the signature is valid, false otherwise.
 * @throws CertException if the signature cannot be processed or is inappropriate.
 */
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
    AttributeCertificateInfo acinfo = attrCert.getAcinfo();
    if (!CertUtils.isAlgIdEqual(acinfo.getSignature(), attrCert.getSignatureAlgorithm())) {
        throw new CertException("signature invalid - algorithm identifier mismatch");
    }
    ContentVerifier verifier;
    try {
        verifier = verifierProvider.get((acinfo.getSignature()));
        OutputStream sOut = verifier.getOutputStream();
        acinfo.encodeTo(sOut, ASN1Encoding.DER);
        sOut.close();
    } catch (Exception e) {
        throw new CertException("unable to process signature: " + e.getMessage(), e);
    }
    return verifier.verify(this.getSignature());
}
Also used : AttributeCertificateInfo(com.github.zhenwei.core.asn1.x509.AttributeCertificateInfo) ContentVerifier(com.github.zhenwei.pkix.operator.ContentVerifier) OutputStream(java.io.OutputStream) ObjectOutputStream(java.io.ObjectOutputStream) IOException(java.io.IOException)

Example 27 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class SignerInformation method getCounterSignatures.

/**
 * Return a SignerInformationStore containing the counter signatures attached to this signer. If
 * no counter signatures are present an empty store is returned.
 */
public SignerInformationStore getCounterSignatures() {
    // TODO There are several checks implied by the RFC3852 comments that are missing
    /*
        The countersignature attribute MUST be an unsigned attribute; it MUST
        NOT be a signed attribute, an authenticated attribute, an
        unauthenticated attribute, or an unprotected attribute.
        */
    AttributeTable unsignedAttributeTable = getUnsignedAttributes();
    if (unsignedAttributeTable == null) {
        return new SignerInformationStore(new ArrayList(0));
    }
    List counterSignatures = new ArrayList();
    /*
        The UnsignedAttributes syntax is defined as a SET OF Attributes.  The
        UnsignedAttributes in a signerInfo may include multiple instances of
        the countersignature attribute.
        */
    ASN1EncodableVector allCSAttrs = unsignedAttributeTable.getAll(CMSAttributes.counterSignature);
    for (int i = 0; i < allCSAttrs.size(); ++i) {
        Attribute counterSignatureAttribute = (Attribute) allCSAttrs.get(i);
        /*
            A countersignature attribute can have multiple attribute values.  The
            syntax is defined as a SET OF AttributeValue, and there MUST be one
            or more instances of AttributeValue present.
            */
        ASN1Set values = counterSignatureAttribute.getAttrValues();
        if (values.size() < 1) {
        // TODO Throw an appropriate exception?
        }
        for (Enumeration en = values.getObjects(); en.hasMoreElements(); ) {
            /*
                Countersignature values have the same meaning as SignerInfo values
                for ordinary signatures, except that:

                   1. The signedAttributes field MUST NOT contain a content-type
                      attribute; there is no content type for countersignatures.

                   2. The signedAttributes field MUST contain a message-digest
                      attribute if it contains any other attributes.

                   3. The input to the message-digesting process is the contents
                      octets of the DER encoding of the signatureValue field of the
                      SignerInfo value with which the attribute is associated.
                */
            SignerInfo si = SignerInfo.getInstance(en.nextElement());
            counterSignatures.add(new SignerInformation(si, null, new CMSProcessableByteArray(getSignature()), null));
        }
    }
    return new SignerInformationStore(counterSignatures);
}
Also used : SignerInfo(com.github.zhenwei.pkix.util.asn1.cms.SignerInfo) Enumeration(java.util.Enumeration) ASN1Set(com.github.zhenwei.core.asn1.ASN1Set) Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute) AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable) ArrayList(java.util.ArrayList) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) ArrayList(java.util.ArrayList) List(java.util.List)

Example 28 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class SignerInformation method addCounterSigners.

/**
 * Return a signer information object with passed in SignerInformationStore representing counter
 * signatures attached as an unsigned attribute.
 *
 * @param signerInformation the signerInfo to be used as the basis.
 * @param counterSigners    signer info objects carrying counter signature.
 * @return a copy of the original SignerInformationObject with the changed attributes.
 */
public static SignerInformation addCounterSigners(SignerInformation signerInformation, SignerInformationStore counterSigners) {
    // TODO Perform checks from RFC 3852 11.4
    SignerInfo sInfo = signerInformation.info;
    AttributeTable unsignedAttr = signerInformation.getUnsignedAttributes();
    ASN1EncodableVector v;
    if (unsignedAttr != null) {
        v = unsignedAttr.toASN1EncodableVector();
    } else {
        v = new ASN1EncodableVector();
    }
    ASN1EncodableVector sigs = new ASN1EncodableVector();
    for (Iterator it = counterSigners.getSigners().iterator(); it.hasNext(); ) {
        sigs.add(((SignerInformation) it.next()).toASN1Structure());
    }
    v.add(new Attribute(CMSAttributes.counterSignature, new DERSet(sigs)));
    return new SignerInformation(new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(), sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), new DERSet(v)), signerInformation.contentType, signerInformation.content, null);
}
Also used : SignerInfo(com.github.zhenwei.pkix.util.asn1.cms.SignerInfo) Attribute(com.github.zhenwei.pkix.util.asn1.cms.Attribute) AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable) Iterator(java.util.Iterator) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DERSet(com.github.zhenwei.core.asn1.DERSet)

Example 29 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class SignerInformation method doVerify.

private boolean doVerify(SignerInformationVerifier verifier) throws CMSException {
    String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID());
    ContentVerifier contentVerifier;
    try {
        contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm());
    } catch (OperatorCreationException e) {
        throw new CMSException("can't create content verifier: " + e.getMessage(), e);
    }
    try {
        OutputStream sigOut = contentVerifier.getOutputStream();
        if (resultDigest == null) {
            DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID());
            if (content != null) {
                OutputStream digOut = calc.getOutputStream();
                if (signedAttributeSet == null) {
                    if (contentVerifier instanceof RawContentVerifier) {
                        content.write(digOut);
                    } else {
                        OutputStream cOut = new TeeOutputStream(digOut, sigOut);
                        content.write(cOut);
                        cOut.close();
                    }
                } else {
                    content.write(digOut);
                    sigOut.write(this.getEncodedSignedAttributes());
                }
                digOut.close();
            } else if (signedAttributeSet != null) {
                sigOut.write(this.getEncodedSignedAttributes());
            } else {
                // TODO Get rid of this exception and just treat content==null as empty not missing?
                throw new CMSException("data not encapsulated in signature - use detached constructor.");
            }
            resultDigest = calc.getDigest();
        } else {
            if (signedAttributeSet == null) {
                if (content != null) {
                    content.write(sigOut);
                }
            } else {
                sigOut.write(this.getEncodedSignedAttributes());
            }
        }
        sigOut.close();
    } catch (IOException e) {
        throw new CMSException("can't process mime object to create signature.", e);
    } catch (OperatorCreationException e) {
        throw new CMSException("can't create digest calculator: " + e.getMessage(), e);
    }
    // RFC 3852 11.1 Check the content-type attribute is correct
    verifyContentTypeAttributeValue();
    AttributeTable signedAttrTable = this.getSignedAttributes();
    // RFC 6211 Validate Algorithm Identifier protection attribute if present
    verifyAlgorithmIdentifierProtectionAttribute(signedAttrTable);
    // RFC 3852 11.2 Check the message-digest attribute is correct
    verifyMessageDigestAttribute();
    // RFC 3852 11.4 Validate countersignature attribute(s)
    verifyCounterSignatureAttribute(signedAttrTable);
    try {
        if (signedAttributeSet == null && resultDigest != null) {
            if (contentVerifier instanceof RawContentVerifier) {
                RawContentVerifier rawVerifier = (RawContentVerifier) contentVerifier;
                if (encName.equals("RSA")) {
                    DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.getAlgorithm(), DERNull.INSTANCE), resultDigest);
                    return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature());
                }
                return rawVerifier.verify(resultDigest, this.getSignature());
            }
        }
        return contentVerifier.verify(this.getSignature());
    } catch (IOException e) {
        throw new CMSException("can't process mime object to create signature.", e);
    }
}
Also used : TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream) DigestInfo(com.github.zhenwei.core.asn1.x509.DigestInfo) RawContentVerifier(com.github.zhenwei.pkix.operator.RawContentVerifier) ContentVerifier(com.github.zhenwei.pkix.operator.ContentVerifier) TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream) OutputStream(java.io.OutputStream) DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable) RawContentVerifier(com.github.zhenwei.pkix.operator.RawContentVerifier) ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) IOException(java.io.IOException) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 30 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class CMSSignedDataStreamGenerator method calculateVersion.

// RFC3852, section 5.1:
// IF ((certificates is present) AND
// (any certificates with a type of other are present)) OR
// ((crls is present) AND
// (any crls with a type of other are present))
// THEN version MUST be 5
// ELSE
// IF (certificates is present) AND
// (any version 2 attribute certificates are present)
// THEN version MUST be 4
// ELSE
// IF ((certificates is present) AND
// (any version 1 attribute certificates are present)) OR
// (any SignerInfo structures are version 3) OR
// (encapContentInfo eContentType is other than id-data)
// THEN version MUST be 3
// ELSE version MUST be 1
// 
private ASN1Integer calculateVersion(ASN1ObjectIdentifier contentOid) {
    boolean otherCert = false;
    boolean otherCrl = false;
    boolean attrCertV1Found = false;
    boolean attrCertV2Found = false;
    if (certs != null) {
        for (Iterator it = certs.iterator(); it.hasNext(); ) {
            Object obj = it.next();
            if (obj instanceof ASN1TaggedObject) {
                ASN1TaggedObject tagged = (ASN1TaggedObject) obj;
                if (tagged.getTagNo() == 1) {
                    attrCertV1Found = true;
                } else if (tagged.getTagNo() == 2) {
                    attrCertV2Found = true;
                } else if (tagged.getTagNo() == 3) {
                    otherCert = true;
                }
            }
        }
    }
    if (otherCert) {
        return new ASN1Integer(5);
    }
    if (// no need to check if otherCert is true
    crls != null) {
        for (Iterator it = crls.iterator(); it.hasNext(); ) {
            Object obj = it.next();
            if (obj instanceof ASN1TaggedObject) {
                otherCrl = true;
            }
        }
    }
    if (otherCrl) {
        return new ASN1Integer(5);
    }
    if (attrCertV2Found) {
        return new ASN1Integer(4);
    }
    if (attrCertV1Found) {
        return new ASN1Integer(3);
    }
    if (checkForVersion3(_signers, signerGens)) {
        return new ASN1Integer(3);
    }
    if (!CMSObjectIdentifiers.data.equals(contentOid)) {
        return new ASN1Integer(3);
    }
    return new ASN1Integer(1);
}
Also used : ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject) Iterator(java.util.Iterator) ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject) BERTaggedObject(com.github.zhenwei.core.asn1.BERTaggedObject) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)

Aggregations

Attribute (org.bouncycastle.asn1.pkcs.Attribute)36 IOException (java.io.IOException)25 Extensions (org.bouncycastle.asn1.x509.Extensions)18 ArrayList (java.util.ArrayList)17 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 List (java.util.List)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 GeneralName (org.bouncycastle.asn1.x509.GeneralName)12 ASN1Set (org.bouncycastle.asn1.ASN1Set)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9 Iterator (java.util.Iterator)9 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8 AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8 Enumeration (java.util.Enumeration)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6 GeneralSecurityException (java.security.GeneralSecurityException)6