Search in sources :

Example 76 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project gdmatrix by gdmatrix.

the class P7MUtils method createBase64TimeStamp.

public static String createBase64TimeStamp(String serviceURI, byte[] message) throws Exception {
    ContentInfo ts = createTimeStamp(serviceURI, message);
    byte[] tsBytes = ts.getEncoded();
    return Base64.getMimeEncoder().encodeToString(tsBytes);
}
Also used : ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)

Example 77 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project gdmatrix by gdmatrix.

the class CMSData method getSignatures.

public List<CMSSignature> getSignatures() throws Exception {
    ArrayList<CMSSignature> signatures = new ArrayList();
    Store certStore = cms.getCertificates();
    SignerInformationStore siStore = cms.getSignerInfos();
    Collection signers = siStore.getSigners();
    for (Object elem : signers) {
        SignerInformation signer = (SignerInformation) elem;
        CMSSignature signature = new CMSSignature();
        signatures.add(signature);
        org.bouncycastle.cms.SignerId sid = signer.getSID();
        Collection certCollection = certStore.getMatches(sid);
        X509CertificateHolder certificateHolder = (X509CertificateHolder) certCollection.iterator().next();
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
        signature.setCertificate(certificate);
        String signerName = certificate.getSubjectDN().getName();
        signature.loadProperties(signerName);
        signature.setSignature(Base64.getMimeEncoder().encodeToString(signer.getSignature()).toUpperCase());
        // **** signed attributes ****
        AttributeTable table = signer.getSignedAttributes();
        Hashtable attributes = table.toHashtable();
        // signingTime
        Attribute attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.5"));
        if (attrib != null) {
            ASN1UTCTime time = (ASN1UTCTime) attrib.getAttrValues().getObjectAt(0);
            String timeString = time.getAdjustedTime();
            SimpleDateFormat df = new SimpleDateFormat("yyyyMMddHHmmss'GMT+'00:00");
            signature.setSigningDate(df.parse(timeString));
        }
        // filename
        DEROctetString octet;
        attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.88.2.1"));
        if (attrib != null) {
            octet = (DEROctetString) attrib.getAttrValues().getObjectAt(0);
            if (octet != null) {
                signature.setFilename(new String(octet.getOctets(), "UTF-16LE"));
            }
        }
        // decretNumber
        attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.88.2.2"));
        if (attrib != null) {
            octet = (DEROctetString) attrib.getAttrValues().getObjectAt(0);
            if (octet != null) {
                signature.setDecretNumber(new String(octet.getOctets(), "UTF-16LE"));
            }
        }
        // **** unsigned attributes ****
        table = signer.getUnsignedAttributes();
        if (table != null) {
            attributes = table.toHashtable();
            // timeStampToken
            attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2.14"));
            if (attrib != null) {
                DERSequence seq = (DERSequence) attrib.getAttrValues().getObjectAt(0);
                ContentInfo timeStampToken = ContentInfo.getInstance(seq);
                SignedData sd = SignedData.getInstance(timeStampToken.getContent());
                ASN1Encodable content = sd.getEncapContentInfo().getContent();
                // TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
                // new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
                TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
                signature.setTimeStampDate(tstInfo.getGenTime().getDate());
            }
        }
        // signature validation
        // signature.setValid(signer.verify(signature.getCertificate(), "BC"));
        signature.setValid(signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(signature.getCertificate())));
    }
    Collections.sort(signatures);
    return signatures;
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) ArrayList(java.util.ArrayList) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) Store(org.bouncycastle.util.Store) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) SignerInformation(org.bouncycastle.cms.SignerInformation) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERSequence(org.bouncycastle.asn1.DERSequence) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SignedData(org.bouncycastle.asn1.cms.SignedData) CMSSignedData(org.bouncycastle.cms.CMSSignedData) Hashtable(java.util.Hashtable) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) X509Certificate(java.security.cert.X509Certificate) TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) Collection(java.util.Collection) SimpleDateFormat(java.text.SimpleDateFormat) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 78 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project gdmatrix by gdmatrix.

the class CMSUtils method addTimeStamp.

public static CMSSignedData addTimeStamp(String serviceURI, CMSSignedData signedData) throws Exception {
    CMSSignedData newSignedData;
    SignerInformationStore sigStore = signedData.getSignerInfos();
    ArrayList siList = new ArrayList();
    for (Object o : sigStore.getSigners()) {
        Store certStore = signedData.getCertificates();
        SignerInformation si = (SignerInformation) o;
        SignerId sigId = si.getSID();
        Collection certCollection = certStore.getMatches(sigId);
        X509CertificateHolder certificateHolder = (X509CertificateHolder) certCollection.iterator().next();
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
        System.out.println(certificate.getSubjectDN().getName());
        // get signature
        byte[] signature = si.getSignature();
        // signed attributes
        System.out.println("SignedAttributes:");
        AttributeTable signedAttributes = si.getSignedAttributes();
        printAttributeTable(signedAttributes);
        // unsigned attributes
        System.out.println("UnsignedAttributes:");
        AttributeTable unsignedAttributes = si.getUnsignedAttributes();
        printAttributeTable(unsignedAttributes);
        ASN1ObjectIdentifier tsId = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2.14");
        Attribute att = unsignedAttributes == null ? null : unsignedAttributes.get(tsId);
        if (att == null) {
            System.out.println("creating timeStamp...");
            ContentInfo timeStampToken = createTimeStamp(serviceURI, signature);
            ASN1EncodableVector vector = new ASN1EncodableVector();
            vector.add(timeStampToken);
            DERSet attributeValues = new DERSet(vector);
            Attribute attribute = new Attribute(tsId, attributeValues);
            Hashtable attrMap = new Hashtable();
            attrMap.put(tsId, attribute);
            AttributeTable table = new AttributeTable(attrMap);
            SignerInformation newSi = SignerInformation.replaceUnsignedAttributes(si, table);
            siList.add(newSi);
        } else
            System.out.println("Timestamp present");
    }
    if (// replace signers
    !siList.isEmpty()) {
        newSignedData = CMSSignedData.replaceSigners(signedData, new SignerInformationStore(siList));
        newSignedData = new CMSSignedData(newSignedData.getEncoded());
    } else
        newSignedData = signedData;
    return newSignedData;
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) Hashtable(java.util.Hashtable) ArrayList(java.util.ArrayList) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) Store(org.bouncycastle.util.Store) SignerInformation(org.bouncycastle.cms.SignerInformation) CMSSignedData(org.bouncycastle.cms.CMSSignedData) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) SignerId(org.bouncycastle.cms.SignerId) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) Collection(java.util.Collection) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 79 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project gdmatrix by gdmatrix.

the class CMSUtils method createTimeStamp.

public static ContentInfo createTimeStamp(String serviceURI, byte[] message) throws Exception {
    String nonce = String.valueOf((int) (Math.random() * 1000000));
    // es crea la peticio a la TSA
    TimeStampReq timeStampRequest = createTimeStampRequest(// message
    message, // nonce
    nonce, // requireCert
    true, // extensions
    null, // digestAlgorithm identifier
    "1.3.14.3.2.26", // timestampPolicy
    "0.4.0.2023.1.1");
    // s'envia la peticio creada
    TimeStampResp timeStampResponse = sendTimestampRequest(timeStampRequest, serviceURI);
    ContentInfo contentInfo = timeStampResponse.getTimeStampToken();
    return contentInfo;
}
Also used : TimeStampReq(org.bouncycastle.asn1.tsp.TimeStampReq) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) TimeStampResp(org.bouncycastle.asn1.tsp.TimeStampResp)

Example 80 with ContentInfo

use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project itext2 by albfernandez.

the class PdfPublicKeySecurityHandler method createDERForRecipient.

private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
    String s = "1.2.840.113549.3.2";
    AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s);
    AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
    ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
    ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
    ASN1Primitive derobject = asn1inputstream.readObject();
    KeyGenerator keygenerator = KeyGenerator.getInstance(s);
    keygenerator.init(128);
    SecretKey secretkey = keygenerator.generateKey();
    Cipher cipher = Cipher.getInstance(s);
    cipher.init(1, secretkey, algorithmparameters);
    byte[] abyte1 = cipher.doFinal(in);
    DEROctetString deroctetstring = new DEROctetString(abyte1);
    KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
    DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
    AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
    EncryptedContentInfo encryptedcontentinfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
    EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (org.bouncycastle.asn1.ASN1Set) null);
    ContentInfo contentinfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
    return contentinfo.toASN1Primitive();
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo) AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERSet(org.bouncycastle.asn1.DERSet) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) ByteArrayInputStream(java.io.ByteArrayInputStream) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) Cipher(javax.crypto.Cipher) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) KeyGenerator(javax.crypto.KeyGenerator) KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo) RecipientInfo(org.bouncycastle.asn1.cms.RecipientInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) EnvelopedData(org.bouncycastle.asn1.cms.EnvelopedData) AlgorithmParameters(java.security.AlgorithmParameters) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)

Aggregations

ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)60 IOException (java.io.IOException)28 CMSSignedData (org.bouncycastle.cms.CMSSignedData)22 ContentInfo (com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)18 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15 OutputStream (java.io.OutputStream)12 X509Certificate (java.security.cert.X509Certificate)12 ArrayList (java.util.ArrayList)12 SignedData (org.bouncycastle.asn1.cms.SignedData)12 Iterator (java.util.Iterator)11 ASN1Set (org.bouncycastle.asn1.ASN1Set)11 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)10 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9 ByteArrayInputStream (java.io.ByteArrayInputStream)9 ByteArrayOutputStream (java.io.ByteArrayOutputStream)9 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)9 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)9 DERSet (org.bouncycastle.asn1.DERSet)9