Search in sources :

Example 1 with SignedData

use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project gdmatrix by gdmatrix.

the class P7MUtils method recoverTSTInfo.

public static TSTInfo recoverTSTInfo(ContentInfo contentInfo) throws IOException {
    SignedData sd = SignedData.getInstance(contentInfo.getContent());
    ASN1Encodable content = sd.getEncapContentInfo().getContent();
    // TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
    // new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
    TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
    return tstInfo;
}
Also used : TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo) SignedData(org.bouncycastle.asn1.cms.SignedData) CMSSignedData(org.bouncycastle.cms.CMSSignedData) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Example 2 with SignedData

use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project gdmatrix by gdmatrix.

the class CMSUtils method recoverTSTInfo.

public static TSTInfo recoverTSTInfo(ContentInfo contentInfo) throws IOException {
    SignedData sd = SignedData.getInstance(contentInfo.getContent());
    ASN1Encodable content = sd.getEncapContentInfo().getContent();
    // TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
    // new ASN1InputStream(((DEROctetString)content).getOctets()).readObject());
    TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
    return tstInfo;
}
Also used : TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo) SignedData(org.bouncycastle.asn1.cms.SignedData) CMSSignedData(org.bouncycastle.cms.CMSSignedData) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Example 3 with SignedData

use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project nhin-d by DirectProject.

the class ViewTrustBundlePKCS7 method viewBundle.

@SuppressWarnings({ "rawtypes" })
public boolean viewBundle(File trustDir) {
    try {
        //System.out.println("File:"+trustDir.getName());
        if (!trustDir.getName().endsWith(".p7m")) {
            byte[] trustBundleByte = loadFileData(trustDir);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
            ContentInfo contentInfo = dataParser.getContentInfo();
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            Enumeration certificates = signedData.getCertificates().getObjects();
            StringBuffer output = new StringBuffer();
            int counter = 1;
            String chk = "Absent";
            while (certificates.hasMoreElements()) {
                DERObject certObj = (DERObject) certificates.nextElement();
                InputStream in = new ByteArrayInputStream(certObj.getDEREncoded());
                X509Certificate cert = (X509Certificate) cf.generateCertificate(in);
                X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                output.append("Trust Anchor :" + counter + "\n");
                output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
                output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
                counter++;
            }
            if (signedData.getEncapContentInfo().getContent() != null) {
                //chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
                chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
            }
            output.append("Meta Data :\n" + chk);
            error = output.toString();
        } else //end of if check of file type
        {
            StringBuffer output = new StringBuffer();
            int counter = 1;
            String chk = "Absent";
            byte[] trustBundleByte = loadFileData(trustDir);
            CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
            ContentInfo contentInfo = dataParser.getContentInfo();
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            CMSSignedData encapInfoBundle = new CMSSignedData(new CMSProcessableByteArray(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded()), contentInfo);
            SignedData encapMetaData = SignedData.getInstance(encapInfoBundle.getContentInfo().getContent());
            //System.out.println("ENCAP META DATA"+new String(encapMetaData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8"));
            CMSProcessableByteArray cin = new CMSProcessableByteArray(((ASN1OctetString) encapMetaData.getEncapContentInfo().getContent()).getOctets());
            CertificateFactory ucf = CertificateFactory.getInstance("X.509");
            CMSSignedData unsignedParser = new CMSSignedData(cin.getInputStream());
            ContentInfo unsginedEncapInfo = unsignedParser.getContentInfo();
            SignedData metaData = SignedData.getInstance(unsginedEncapInfo.getContent());
            Enumeration certificates = metaData.getCertificates().getObjects();
            while (certificates.hasMoreElements()) {
                DERObject certObj = (DERObject) certificates.nextElement();
                InputStream bin = new ByteArrayInputStream(certObj.getDEREncoded());
                X509Certificate cert = (X509Certificate) ucf.generateCertificate(bin);
                X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                output.append("Trust Anchor :" + counter + "\n");
                output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
                output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
                counter++;
            }
            if (metaData.getEncapContentInfo().getContent() != null) {
                //chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
                chk = new String(metaData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
            }
            output.append("Meta Data :\n" + chk);
            error = output.toString();
        }
    //end of .p7m check if
    }//end of try
     catch (IOException io) {
        //io.printStackTrace(System.err);
        return false;
    } catch (CMSException cm) {
        //cm.printStackTrace(System.err);
        return false;
    } catch (Exception e) {
        //e.printStackTrace(System.err);
        return false;
    }
    return true;
}
Also used : CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) Enumeration(java.util.Enumeration) SignedData(org.bouncycastle.asn1.cms.SignedData) CMSSignedData(org.bouncycastle.cms.CMSSignedData) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) CMSSignedData(org.bouncycastle.cms.CMSSignedData) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) CMSException(org.bouncycastle.cms.CMSException) IOException(java.io.IOException) DERObject(org.bouncycastle.asn1.DERObject) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) ByteArrayInputStream(java.io.ByteArrayInputStream) RDN(org.bouncycastle.asn1.x500.RDN) CMSException(org.bouncycastle.cms.CMSException)

Example 4 with SignedData

use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project robovm by robovm.

the class CMSSignedDataGenerator method generate.

public CMSSignedData generate(// FIXME Avoid accessing more than once to support CMSProcessableInputStream
CMSTypedData content, boolean encapsulate) throws CMSException {
    if (!signerInfs.isEmpty()) {
        throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
    }
    // TODO
    //        if (signerInfs.isEmpty())
    //        {
    //            /* RFC 3852 5.2
    //             * "In the degenerate case where there are no signers, the
    //             * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
    //             * case, the content type within the EncapsulatedContentInfo value being
    //             * "signed" MUST be id-data (as defined in section 4), and the content
    //             * field of the EncapsulatedContentInfo value MUST be omitted."
    //             */
    //            if (encapsulate)
    //            {
    //                throw new IllegalArgumentException("no signers, encapsulate must be false");
    //            }
    //            if (!DATA.equals(eContentType))
    //            {
    //                throw new IllegalArgumentException("no signers, eContentType must be id-data");
    //            }
    //        }
    //
    //        if (!DATA.equals(eContentType))
    //        {
    //            /* RFC 3852 5.3
    //             * [The 'signedAttrs']...
    //             * field is optional, but it MUST be present if the content type of
    //             * the EncapsulatedContentInfo value being signed is not id-data.
    //             */
    //            // TODO signedAttrs must be present for all signers
    //        }
    ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
    ASN1EncodableVector signerInfos = new ASN1EncodableVector();
    // clear the current preserved digest state
    digests.clear();
    //
    for (Iterator it = _signers.iterator(); it.hasNext(); ) {
        SignerInformation signer = (SignerInformation) it.next();
        digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
        // TODO Verify the content type and calculated digest match the precalculated SignerInfo
        signerInfos.add(signer.toASN1Structure());
    }
    //
    // add the SignerInfo objects
    //
    ASN1ObjectIdentifier contentTypeOID = content.getContentType();
    ASN1OctetString octs = null;
    if (content != null) {
        ByteArrayOutputStream bOut = null;
        if (encapsulate) {
            bOut = new ByteArrayOutputStream();
        }
        OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut);
        // Just in case it's unencapsulated and there are no signers!
        cOut = CMSUtils.getSafeOutputStream(cOut);
        try {
            content.write(cOut);
            cOut.close();
        } catch (IOException e) {
            throw new CMSException("data processing exception: " + e.getMessage(), e);
        }
        if (encapsulate) {
            octs = new BEROctetString(bOut.toByteArray());
        }
    }
    for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
        SignerInfoGenerator sGen = (SignerInfoGenerator) it.next();
        SignerInfo inf = sGen.generate(contentTypeOID);
        digestAlgs.add(inf.getDigestAlgorithm());
        signerInfos.add(inf);
        byte[] calcDigest = sGen.getCalculatedDigest();
        if (calcDigest != null) {
            digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest);
        }
    }
    ASN1Set certificates = null;
    if (certs.size() != 0) {
        certificates = CMSUtils.createBerSetFromList(certs);
    }
    ASN1Set certrevlist = null;
    if (crls.size() != 0) {
        certrevlist = CMSUtils.createBerSetFromList(crls);
    }
    ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
    SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
    ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
    return new CMSSignedData(content, contentInfo);
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) SignedData(org.bouncycastle.asn1.cms.SignedData) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) DERSet(org.bouncycastle.asn1.DERSet) SignerInfo(org.bouncycastle.asn1.cms.SignerInfo) BEROctetString(org.bouncycastle.asn1.BEROctetString) ASN1Set(org.bouncycastle.asn1.ASN1Set) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) Iterator(java.util.Iterator) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 5 with SignedData

use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project robovm by robovm.

the class CMSSignedData method replaceCertificatesAndCRLs.

/**
     * Replace the certificate and CRL information associated with this
     * CMSSignedData object with the new one passed in.
     * 
     * @param signedData the signed data object to be used as a base.
     * @param certsAndCrls the new certificates and CRLs to be used.
     * @return a new signed data object.
     * @exception CMSException if there is an error processing the CertStore
     * @deprecated use method taking Store arguments.
     */
public static CMSSignedData replaceCertificatesAndCRLs(CMSSignedData signedData, CertStore certsAndCrls) throws CMSException {
    //
    // copy
    //
    CMSSignedData cms = new CMSSignedData(signedData);
    //
    // replace the certs and crls in the SignedData object
    //
    ASN1Set certs = null;
    ASN1Set crls = null;
    try {
        ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls));
        if (set.size() != 0) {
            certs = set;
        }
    } catch (CertStoreException e) {
        throw new CMSException("error getting certs from certStore", e);
    }
    try {
        ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls));
        if (set.size() != 0) {
            crls = set;
        }
    } catch (CertStoreException e) {
        throw new CMSException("error getting crls from certStore", e);
    }
    //
    // replace the CMS structure.
    //
    cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), signedData.signedData.getEncapContentInfo(), certs, crls, signedData.signedData.getSignerInfos());
    //
    // replace the contentInfo with the new one
    //
    cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
    return cms;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) SignedData(org.bouncycastle.asn1.cms.SignedData) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) CertStoreException(java.security.cert.CertStoreException)

Aggregations

SignedData (org.bouncycastle.asn1.cms.SignedData)14 ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)12 CMSSignedData (org.bouncycastle.cms.CMSSignedData)8 ASN1Set (org.bouncycastle.asn1.ASN1Set)7 IOException (java.io.IOException)6 Iterator (java.util.Iterator)6 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)5 X509Certificate (java.security.cert.X509Certificate)5 ArrayList (java.util.ArrayList)5 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)4 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)4 ContentInfo (com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)4 List (java.util.List)4 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 TSTInfo (org.bouncycastle.asn1.tsp.TSTInfo)4 X500Name (org.bouncycastle.asn1.x500.X500Name)4 OutputStream (java.io.OutputStream)3 Collection (java.util.Collection)3