Example 26 with ContentInfo
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.
the class Client method enroll.
// method scepRenewalReq
private EnrolmentResponse enroll(MessageType messageType, CertificationRequest csr, PrivateKey identityKey, X509Cert identityCert) throws ScepClientException {
TransactionId tid;
try {
tid = TransactionId.sha1TransactionId(csr.getCertificationRequestInfo().getSubjectPublicKeyInfo());
} catch (InvalidKeySpecException ex) {
throw new ScepClientException(ex.getMessage(), ex);
}
PkiMessage pkiMessage = new PkiMessage(tid, messageType);
pkiMessage.setMessageData(csr);
ContentInfo envRequest = encryptThenSign(pkiMessage, identityKey, identityCert);
ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, envRequest);
CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes());
DecodedPkiMessage response = decode(cmsSignedData, identityKey, identityCert);
assertSameNonce(pkiMessage, response);
return new EnrolmentResponse(response);
}
Also used :
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
TransactionId(org.xipki.scep.transaction.TransactionId)
Example 27 with ContentInfo
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project xipki by xipki.
the class SignatureCmpCaClient method decrypt.
private byte[] decrypt(EnvelopedData ed0) throws Exception {
ContentInfo ci = new ContentInfo(CMSObjectIdentifiers.envelopedData, ed0);
CMSEnvelopedData ed = new CMSEnvelopedData(ci);
RecipientInformationStore recipients = ed.getRecipientInfos();
Iterator<RecipientInformation> it = recipients.getRecipients().iterator();
RecipientInformation ri = it.next();
ASN1ObjectIdentifier encAlg = ri.getKeyEncryptionAlgorithm().getAlgorithm();
Recipient recipient;
if (encAlg.equals(CMSAlgorithm.ECDH_SHA1KDF) || encAlg.equals(CMSAlgorithm.ECDH_SHA224KDF) || encAlg.equals(CMSAlgorithm.ECDH_SHA256KDF) || encAlg.equals(CMSAlgorithm.ECDH_SHA384KDF) || encAlg.equals(CMSAlgorithm.ECDH_SHA384KDF) || encAlg.equals(CMSAlgorithm.ECDH_SHA512KDF)) {
recipient = new JceKeyAgreeEnvelopedRecipient(requestorKey).setProvider("BC");
} else {
recipient = new JceKeyTransEnvelopedRecipient(requestorKey).setProvider("BC");
}
return ri.getContent(recipient);
}
Also used :
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
JceKeyAgreeEnvelopedRecipient(org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient)
JceKeyAgreeEnvelopedRecipient(org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient)
JceKeyTransEnvelopedRecipient(org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient)
JceKeyTransEnvelopedRecipient(org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient)
Example 28 with ContentInfo
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project LinLong-Java by zhenwei1108.
the class CMSSignedData method addDigestAlgorithm.
/**
* Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm in it.
*
* @param signedData the signed data object to be used as a base.
* @param digestAlgorithm the digest algorithm to be added to the signed data.
* @return a new signed data object.
*/
public static CMSSignedData addDigestAlgorithm(CMSSignedData signedData, AlgorithmIdentifier digestAlgorithm) {
Set<AlgorithmIdentifier> digestAlgorithms = signedData.getDigestAlgorithmIDs();
AlgorithmIdentifier digestAlg = CMSSignedHelper.INSTANCE.fixDigestAlgID(digestAlgorithm, dgstAlgFinder);
//
if (digestAlgorithms.contains(digestAlg)) {
return signedData;
}
//
// copy
//
CMSSignedData cms = new CMSSignedData(signedData);
//
// build up the new set
//
Set<AlgorithmIdentifier> digestAlgs = new HashSet<AlgorithmIdentifier>();
Iterator it = digestAlgorithms.iterator();
while (it.hasNext()) {
digestAlgs.add(CMSSignedHelper.INSTANCE.fixDigestAlgID((AlgorithmIdentifier) it.next(), dgstAlgFinder));
}
digestAlgs.add(digestAlg);
ASN1Set digests = CMSUtils.convertToBERSet(digestAlgs);
ASN1Sequence sD = (ASN1Sequence) signedData.signedData.toASN1Primitive();
ASN1EncodableVector vec = new ASN1EncodableVector();
//
// signers are the last item in the sequence.
//
// version
vec.add(sD.getObjectAt(0));
vec.add(digests);
for (int i = 2; i != sD.size(); i++) {
vec.add(sD.getObjectAt(i));
}
cms.signedData = SignedData.getInstance(new BERSequence(vec));
//
// replace the contentInfo with the new one
//
cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
return cms;
}
Also used :
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
BERSequence(com.github.zhenwei.core.asn1.BERSequence)
Iterator(java.util.Iterator)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
HashSet(java.util.HashSet)
Example 29 with ContentInfo
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project LinLong-Java by zhenwei1108.
the class CMSSignedDataGenerator method generate.
/**
* Generate a CMS Signed Data object which can be carrying a detached CMS signature, or have
* encapsulated data, depending on the value of the encapsulated parameter.
*
* @param content the content to be signed.
* @param encapsulate true if the content should be encapsulated in the signature, false
* otherwise.
*/
public CMSSignedData generate(// FIXME Avoid accessing more than once to support CMSProcessableInputStream
CMSTypedData content, boolean encapsulate) throws CMSException {
if (!signerInfs.isEmpty()) {
throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
}
// TODO
// if (signerInfs.isEmpty())
// {
// /* RFC 3852 5.2
// * "In the degenerate case where there are no signers, the
// * EncapsulatedContentInfo value being "signed" is irrelevant. In this
// * case, the content type within the EncapsulatedContentInfo value being
// * "signed" MUST be id-data (as defined in section 4), and the content
// * field of the EncapsulatedContentInfo value MUST be omitted."
// */
// if (encapsulate)
// {
// throw new IllegalArgumentException("no signers, encapsulate must be false");
// }
// if (!DATA.equals(eContentType))
// {
// throw new IllegalArgumentException("no signers, eContentType must be id-data");
// }
// }
//
// if (!DATA.equals(eContentType))
// {
// /* RFC 3852 5.3
// * [The 'signedAttrs']...
// * field is optional, but it MUST be present if the content type of
// * the EncapsulatedContentInfo value being signed is not id-data.
// */
// // TODO signedAttrs must be present for all signers
// }
Set<AlgorithmIdentifier> digestAlgs = new LinkedHashSet<AlgorithmIdentifier>();
ASN1EncodableVector signerInfos = new ASN1EncodableVector();
// clear the current preserved digest state
digests.clear();
//
for (Iterator it = _signers.iterator(); it.hasNext(); ) {
SignerInformation signer = (SignerInformation) it.next();
CMSUtils.addDigestAlgs(digestAlgs, signer, digestAlgIdFinder);
// TODO Verify the content type and calculated digest match the precalculated SignerInfo
signerInfos.add(signer.toASN1Structure());
}
//
// add the SignerInfo objects
//
ASN1ObjectIdentifier contentTypeOID = content.getContentType();
ASN1OctetString octs = null;
if (content.getContent() != null) {
ByteArrayOutputStream bOut = null;
if (encapsulate) {
bOut = new ByteArrayOutputStream();
}
OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut);
// Just in case it's unencapsulated and there are no signers!
cOut = CMSUtils.getSafeOutputStream(cOut);
try {
content.write(cOut);
cOut.close();
} catch (IOException e) {
throw new CMSException("data processing exception: " + e.getMessage(), e);
}
if (encapsulate) {
octs = new BEROctetString(bOut.toByteArray());
}
}
for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
SignerInfoGenerator sGen = (SignerInfoGenerator) it.next();
SignerInfo inf = sGen.generate(contentTypeOID);
digestAlgs.add(inf.getDigestAlgorithm());
signerInfos.add(inf);
byte[] calcDigest = sGen.getCalculatedDigest();
if (calcDigest != null) {
digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest);
}
}
ASN1Set certificates = null;
if (certs.size() != 0) {
certificates = CMSUtils.createBerSetFromList(certs);
}
ASN1Set certrevlist = null;
if (crls.size() != 0) {
certrevlist = CMSUtils.createBerSetFromList(crls);
}
ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
SignedData sd = new SignedData(CMSUtils.convertToBERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
return new CMSSignedData(content, contentInfo);
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
SignedData(com.github.zhenwei.pkix.util.asn1.cms.SignedData)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
DERSet(com.github.zhenwei.core.asn1.DERSet)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
SignerInfo(com.github.zhenwei.pkix.util.asn1.cms.SignerInfo)
BEROctetString(com.github.zhenwei.core.asn1.BEROctetString)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
Iterator(java.util.Iterator)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
Example 30 with ContentInfo
use of com.github.zhenwei.pkix.util.asn1.cms.ContentInfo in project LinLong-Java by zhenwei1108.
the class CMSAuthenticatedDataGenerator method generate.
/**
* Generate an authenticated data object from the passed in typedData and MacCalculator.
*
* @param typedData the data to have a MAC attached.
* @param macCalculator the calculator of the MAC to be attached.
* @param digestCalculator calculator for computing digest of the encapsulated data.
* @return the resulting CMSAuthenticatedData object.
* @throws CMSException on failure in encoding data or processing recipients.
*/
public CMSAuthenticatedData generate(CMSTypedData typedData, MacCalculator macCalculator, final DigestCalculator digestCalculator) throws CMSException {
ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
ASN1OctetString encContent;
ASN1OctetString macResult;
for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext(); ) {
RecipientInfoGenerator recipient = (RecipientInfoGenerator) it.next();
recipientInfos.add(recipient.generate(macCalculator.getKey()));
}
AuthenticatedData authData;
if (digestCalculator != null) {
try {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = new TeeOutputStream(digestCalculator.getOutputStream(), bOut);
typedData.write(out);
out.close();
encContent = new BEROctetString(bOut.toByteArray());
} catch (IOException e) {
throw new CMSException("unable to perform digest calculation: " + e.getMessage(), e);
}
Map parameters = Collections.unmodifiableMap(getBaseParameters(typedData.getContentType(), digestCalculator.getAlgorithmIdentifier(), macCalculator.getAlgorithmIdentifier(), digestCalculator.getDigest()));
if (authGen == null) {
authGen = new DefaultAuthenticatedAttributeTableGenerator();
}
ASN1Set authed = new DERSet(authGen.getAttributes(parameters).toASN1EncodableVector());
try {
OutputStream mOut = macCalculator.getOutputStream();
mOut.write(authed.getEncoded(ASN1Encoding.DER));
mOut.close();
macResult = new DEROctetString(macCalculator.getMac());
} catch (IOException e) {
throw new CMSException("unable to perform MAC calculation: " + e.getMessage(), e);
}
ASN1Set unauthed = (unauthGen != null) ? new BERSet(unauthGen.getAttributes(parameters).toASN1EncodableVector()) : null;
ContentInfo eci = new ContentInfo(typedData.getContentType(), encContent);
authData = new AuthenticatedData(originatorInfo, new DERSet(recipientInfos), macCalculator.getAlgorithmIdentifier(), digestCalculator.getAlgorithmIdentifier(), eci, authed, macResult, unauthed);
} else {
try {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream mOut = new TeeOutputStream(bOut, macCalculator.getOutputStream());
typedData.write(mOut);
mOut.close();
encContent = new BEROctetString(bOut.toByteArray());
macResult = new DEROctetString(macCalculator.getMac());
} catch (IOException e) {
throw new CMSException("unable to perform MAC calculation: " + e.getMessage(), e);
}
ASN1Set unauthed = (unauthGen != null) ? new BERSet(unauthGen.getAttributes(Collections.EMPTY_MAP).toASN1EncodableVector()) : null;
ContentInfo eci = new ContentInfo(typedData.getContentType(), encContent);
authData = new AuthenticatedData(originatorInfo, new DERSet(recipientInfos), macCalculator.getAlgorithmIdentifier(), null, eci, null, macResult, unauthed);
}
ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.authenticatedData, authData);
return new CMSAuthenticatedData(contentInfo, new DigestCalculatorProvider() {
public DigestCalculator get(AlgorithmIdentifier digestAlgorithmIdentifier) throws OperatorCreationException {
return digestCalculator;
}
});
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
BERSet(com.github.zhenwei.core.asn1.BERSet)
TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream)
OutputStream(java.io.OutputStream)
TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
DERSet(com.github.zhenwei.core.asn1.DERSet)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
BEROctetString(com.github.zhenwei.core.asn1.BEROctetString)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
DigestCalculatorProvider(com.github.zhenwei.pkix.operator.DigestCalculatorProvider)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
AuthenticatedData(com.github.zhenwei.pkix.util.asn1.cms.AuthenticatedData)
Iterator(java.util.Iterator)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
Map(java.util.Map)
Aggregations
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)60
IOException (java.io.IOException)28
CMSSignedData (org.bouncycastle.cms.CMSSignedData)22
ContentInfo (com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)18
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15
OutputStream (java.io.OutputStream)12
X509Certificate (java.security.cert.X509Certificate)12
ArrayList (java.util.ArrayList)12
SignedData (org.bouncycastle.asn1.cms.SignedData)12
Iterator (java.util.Iterator)11
ASN1Set (org.bouncycastle.asn1.ASN1Set)11
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)10
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)10
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9
ByteArrayInputStream (java.io.ByteArrayInputStream)9
ByteArrayOutputStream (java.io.ByteArrayOutputStream)9
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)9
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)9
DERSet (org.bouncycastle.asn1.DERSet)9
