Example 1 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project gdmatrix by gdmatrix.
the class P7MUtils method recoverTSTInfo.
public static TSTInfo recoverTSTInfo(ContentInfo contentInfo) throws IOException {
SignedData sd = SignedData.getInstance(contentInfo.getContent());
ASN1Encodable content = sd.getEncapContentInfo().getContent();
// TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
// new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
return tstInfo;
}
Also used :
TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo)
SignedData(org.bouncycastle.asn1.cms.SignedData)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 2 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project gdmatrix by gdmatrix.
the class CMSUtils method recoverTSTInfo.
public static TSTInfo recoverTSTInfo(ContentInfo contentInfo) throws IOException {
SignedData sd = SignedData.getInstance(contentInfo.getContent());
ASN1Encodable content = sd.getEncapContentInfo().getContent();
// TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
// new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
return tstInfo;
}
Also used :
TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo)
SignedData(org.bouncycastle.asn1.cms.SignedData)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 3 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project nhin-d by DirectProject.
the class ViewTrustBundlePKCS7 method viewBundle.
@SuppressWarnings({ "rawtypes" })
public boolean viewBundle(File trustDir) {
try {
//System.out.println("File:"+trustDir.getName());
if (!trustDir.getName().endsWith(".p7m")) {
byte[] trustBundleByte = loadFileData(trustDir);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
ContentInfo contentInfo = dataParser.getContentInfo();
SignedData signedData = SignedData.getInstance(contentInfo.getContent());
Enumeration certificates = signedData.getCertificates().getObjects();
StringBuffer output = new StringBuffer();
int counter = 1;
String chk = "Absent";
while (certificates.hasMoreElements()) {
DERObject certObj = (DERObject) certificates.nextElement();
InputStream in = new ByteArrayInputStream(certObj.getDEREncoded());
X509Certificate cert = (X509Certificate) cf.generateCertificate(in);
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
output.append("Trust Anchor :" + counter + "\n");
output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
counter++;
}
if (signedData.getEncapContentInfo().getContent() != null) {
//chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
}
output.append("Meta Data :\n" + chk);
error = output.toString();
} else //end of if check of file type
{
StringBuffer output = new StringBuffer();
int counter = 1;
String chk = "Absent";
byte[] trustBundleByte = loadFileData(trustDir);
CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
ContentInfo contentInfo = dataParser.getContentInfo();
SignedData signedData = SignedData.getInstance(contentInfo.getContent());
CMSSignedData encapInfoBundle = new CMSSignedData(new CMSProcessableByteArray(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded()), contentInfo);
SignedData encapMetaData = SignedData.getInstance(encapInfoBundle.getContentInfo().getContent());
//System.out.println("ENCAP META DATA"+new String(encapMetaData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8"));
CMSProcessableByteArray cin = new CMSProcessableByteArray(((ASN1OctetString) encapMetaData.getEncapContentInfo().getContent()).getOctets());
CertificateFactory ucf = CertificateFactory.getInstance("X.509");
CMSSignedData unsignedParser = new CMSSignedData(cin.getInputStream());
ContentInfo unsginedEncapInfo = unsignedParser.getContentInfo();
SignedData metaData = SignedData.getInstance(unsginedEncapInfo.getContent());
Enumeration certificates = metaData.getCertificates().getObjects();
while (certificates.hasMoreElements()) {
DERObject certObj = (DERObject) certificates.nextElement();
InputStream bin = new ByteArrayInputStream(certObj.getDEREncoded());
X509Certificate cert = (X509Certificate) ucf.generateCertificate(bin);
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
output.append("Trust Anchor :" + counter + "\n");
output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
counter++;
}
if (metaData.getEncapContentInfo().getContent() != null) {
//chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
chk = new String(metaData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
}
output.append("Meta Data :\n" + chk);
error = output.toString();
}
//end of .p7m check if
}//end of try
catch (IOException io) {
//io.printStackTrace(System.err);
return false;
} catch (CMSException cm) {
//cm.printStackTrace(System.err);
return false;
} catch (Exception e) {
//e.printStackTrace(System.err);
return false;
}
return true;
}
Also used :
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
Enumeration(java.util.Enumeration)
SignedData(org.bouncycastle.asn1.cms.SignedData)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
IOException(java.io.IOException)
DERObject(org.bouncycastle.asn1.DERObject)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
ByteArrayInputStream(java.io.ByteArrayInputStream)
RDN(org.bouncycastle.asn1.x500.RDN)
CMSException(org.bouncycastle.cms.CMSException)
Example 4 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project robovm by robovm.
the class CMSSignedDataGenerator method generate.
public CMSSignedData generate(// FIXME Avoid accessing more than once to support CMSProcessableInputStream
CMSTypedData content, boolean encapsulate) throws CMSException {
if (!signerInfs.isEmpty()) {
throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
}
// TODO
// if (signerInfs.isEmpty())
// {
// /* RFC 3852 5.2
// * "In the degenerate case where there are no signers, the
// * EncapsulatedContentInfo value being "signed" is irrelevant. In this
// * case, the content type within the EncapsulatedContentInfo value being
// * "signed" MUST be id-data (as defined in section 4), and the content
// * field of the EncapsulatedContentInfo value MUST be omitted."
// */
// if (encapsulate)
// {
// throw new IllegalArgumentException("no signers, encapsulate must be false");
// }
// if (!DATA.equals(eContentType))
// {
// throw new IllegalArgumentException("no signers, eContentType must be id-data");
// }
// }
//
// if (!DATA.equals(eContentType))
// {
// /* RFC 3852 5.3
// * [The 'signedAttrs']...
// * field is optional, but it MUST be present if the content type of
// * the EncapsulatedContentInfo value being signed is not id-data.
// */
// // TODO signedAttrs must be present for all signers
// }
ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
ASN1EncodableVector signerInfos = new ASN1EncodableVector();
// clear the current preserved digest state
digests.clear();
//
for (Iterator it = _signers.iterator(); it.hasNext(); ) {
SignerInformation signer = (SignerInformation) it.next();
digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
// TODO Verify the content type and calculated digest match the precalculated SignerInfo
signerInfos.add(signer.toASN1Structure());
}
//
// add the SignerInfo objects
//
ASN1ObjectIdentifier contentTypeOID = content.getContentType();
ASN1OctetString octs = null;
if (content != null) {
ByteArrayOutputStream bOut = null;
if (encapsulate) {
bOut = new ByteArrayOutputStream();
}
OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut);
// Just in case it's unencapsulated and there are no signers!
cOut = CMSUtils.getSafeOutputStream(cOut);
try {
content.write(cOut);
cOut.close();
} catch (IOException e) {
throw new CMSException("data processing exception: " + e.getMessage(), e);
}
if (encapsulate) {
octs = new BEROctetString(bOut.toByteArray());
}
}
for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
SignerInfoGenerator sGen = (SignerInfoGenerator) it.next();
SignerInfo inf = sGen.generate(contentTypeOID);
digestAlgs.add(inf.getDigestAlgorithm());
signerInfos.add(inf);
byte[] calcDigest = sGen.getCalculatedDigest();
if (calcDigest != null) {
digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest);
}
}
ASN1Set certificates = null;
if (certs.size() != 0) {
certificates = CMSUtils.createBerSetFromList(certs);
}
ASN1Set certrevlist = null;
if (crls.size() != 0) {
certrevlist = CMSUtils.createBerSetFromList(crls);
}
ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
return new CMSSignedData(content, contentInfo);
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
SignedData(org.bouncycastle.asn1.cms.SignedData)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
DERSet(org.bouncycastle.asn1.DERSet)
SignerInfo(org.bouncycastle.asn1.cms.SignerInfo)
BEROctetString(org.bouncycastle.asn1.BEROctetString)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
Iterator(java.util.Iterator)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 5 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project robovm by robovm.
the class CMSSignedData method replaceCertificatesAndCRLs.
/**
* Replace the certificate and CRL information associated with this
* CMSSignedData object with the new one passed in.
*
* @param signedData the signed data object to be used as a base.
* @param certsAndCrls the new certificates and CRLs to be used.
* @return a new signed data object.
* @exception CMSException if there is an error processing the CertStore
* @deprecated use method taking Store arguments.
*/
public static CMSSignedData replaceCertificatesAndCRLs(CMSSignedData signedData, CertStore certsAndCrls) throws CMSException {
//
// copy
//
CMSSignedData cms = new CMSSignedData(signedData);
//
// replace the certs and crls in the SignedData object
//
ASN1Set certs = null;
ASN1Set crls = null;
try {
ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls));
if (set.size() != 0) {
certs = set;
}
} catch (CertStoreException e) {
throw new CMSException("error getting certs from certStore", e);
}
try {
ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls));
if (set.size() != 0) {
crls = set;
}
} catch (CertStoreException e) {
throw new CMSException("error getting crls from certStore", e);
}
//
// replace the CMS structure.
//
cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), signedData.signedData.getEncapContentInfo(), certs, crls, signedData.signedData.getSignerInfos());
//
// replace the contentInfo with the new one
//
cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
return cms;
}
Also used :
ASN1Set(org.bouncycastle.asn1.ASN1Set)
SignedData(org.bouncycastle.asn1.cms.SignedData)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
CertStoreException(java.security.cert.CertStoreException)
Aggregations
SignedData (org.bouncycastle.asn1.cms.SignedData)14
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)12
CMSSignedData (org.bouncycastle.cms.CMSSignedData)8
ASN1Set (org.bouncycastle.asn1.ASN1Set)7
IOException (java.io.IOException)6
Iterator (java.util.Iterator)6
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)5
X509Certificate (java.security.cert.X509Certificate)5
ArrayList (java.util.ArrayList)5
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)4
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)4
ContentInfo (com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)4
List (java.util.List)4
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4
TSTInfo (org.bouncycastle.asn1.tsp.TSTInfo)4
X500Name (org.bouncycastle.asn1.x500.X500Name)4
OutputStream (java.io.OutputStream)3
Collection (java.util.Collection)3
