Example 16 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project LinLong-Java by zhenwei1108.
the class CMSSignedData method replaceCertificatesAndCRLs.
/**
* Replace the certificate and CRL information associated with this CMSSignedData object with the
* new one passed in.
*
* @param signedData the signed data object to be used as a base.
* @param certificates the new certificates to be used.
* @param attrCerts the new attribute certificates to be used.
* @param revocations the new CRLs to be used - a collection of X509CRLHolder objects,
* OtherRevocationInfoFormat, or both.
* @return a new signed data object.
* @throws CMSException if there is an error processing the CertStore
*/
public static CMSSignedData replaceCertificatesAndCRLs(CMSSignedData signedData, Store certificates, Store attrCerts, Store revocations) throws CMSException {
//
// copy
//
CMSSignedData cms = new CMSSignedData(signedData);
//
// replace the certs and revocations in the SignedData object
//
ASN1Set certSet = null;
ASN1Set crlSet = null;
if (certificates != null || attrCerts != null) {
List certs = new ArrayList();
if (certificates != null) {
certs.addAll(CMSUtils.getCertificatesFromStore(certificates));
}
if (attrCerts != null) {
certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts));
}
ASN1Set set = CMSUtils.createBerSetFromList(certs);
if (set.size() != 0) {
certSet = set;
}
}
if (revocations != null) {
ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(revocations));
if (set.size() != 0) {
crlSet = set;
}
}
//
// replace the CMS structure.
//
cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), signedData.signedData.getEncapContentInfo(), certSet, crlSet, signedData.signedData.getSignerInfos());
//
// replace the contentInfo with the new one
//
cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
return cms;
}
Also used :
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
SignedData(com.github.zhenwei.pkix.util.asn1.cms.SignedData)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 17 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project LinLong-Java by zhenwei1108.
the class CMSSignedData method replaceSigners.
/**
* Replace the SignerInformation store associated with this CMSSignedData object with the new one
* passed in. You would probably only want to do this if you wanted to change the unsigned
* attributes associated with a signer, or perhaps delete one.
*
* @param signedData the signed data object to be used as a base.
* @param signerInformationStore the new signer information store to use.
* @return a new signed data object.
*/
public static CMSSignedData replaceSigners(CMSSignedData signedData, SignerInformationStore signerInformationStore) {
//
// copy
//
CMSSignedData cms = new CMSSignedData(signedData);
//
// replace the store
//
cms.signerInfoStore = signerInformationStore;
//
// replace the signers in the SignedData object
//
Set<AlgorithmIdentifier> digestAlgs = new HashSet<AlgorithmIdentifier>();
ASN1EncodableVector vec = new ASN1EncodableVector();
Iterator it = signerInformationStore.getSigners().iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
CMSUtils.addDigestAlgs(digestAlgs, signer, dgstAlgFinder);
vec.add(signer.toASN1Structure());
}
ASN1Set digests = CMSUtils.convertToBERSet(digestAlgs);
ASN1Set signers = new DLSet(vec);
ASN1Sequence sD = (ASN1Sequence) signedData.signedData.toASN1Primitive();
vec = new ASN1EncodableVector();
//
// signers are the last item in the sequence.
//
// version
vec.add(sD.getObjectAt(0));
vec.add(digests);
for (int i = 2; i != sD.size() - 1; i++) {
vec.add(sD.getObjectAt(i));
}
vec.add(signers);
cms.signedData = SignedData.getInstance(new BERSequence(vec));
//
// replace the contentInfo with the new one
//
cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
return cms;
}
Also used :
BERSequence(com.github.zhenwei.core.asn1.BERSequence)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)
Iterator(java.util.Iterator)
DLSet(com.github.zhenwei.core.asn1.DLSet)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
HashSet(java.util.HashSet)
Example 18 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project LinLong-Java by zhenwei1108.
the class CMSSignedDataParser method replaceCertificatesAndCRLs.
/**
* Replace the certificate and CRL information associated with this CMSSignedData object with the
* new one passed in.
* <p>
* The output stream is returned unclosed.
* </p>
*
* @param original the signed data stream to be used as a base.
* @param certs new certificates to be used, if any.
* @param crls new CRLs to be used, if any.
* @param attrCerts new attribute certificates to be used, if any.
* @param out the stream to write the new signed data object to.
* @return out.
* @throws CMSException if there is an error processing the CertStore
*/
public static OutputStream replaceCertificatesAndCRLs(InputStream original, Store certs, Store crls, Store attrCerts, OutputStream out) throws CMSException, IOException {
ASN1StreamParser in = new ASN1StreamParser(original);
ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser) in.readObject());
SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE));
BERSequenceGenerator sGen = new BERSequenceGenerator(out);
sGen.addObject(CMSObjectIdentifiers.signedData);
BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
// version number
sigGen.addObject(signedData.getVersion());
// digests
sigGen.getRawOutputStream().write(signedData.getDigestAlgorithms().toASN1Primitive().getEncoded());
// encap content info
ContentInfoParser encapContentInfo = signedData.getEncapContentInfo();
BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
eiGen.addObject(encapContentInfo.getContentType());
pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream());
eiGen.close();
//
// skip existing certs and CRLs
//
getASN1Set(signedData.getCertificates());
getASN1Set(signedData.getCrls());
//
if (certs != null || attrCerts != null) {
List certificates = new ArrayList();
if (certs != null) {
certificates.addAll(CMSUtils.getCertificatesFromStore(certs));
}
if (attrCerts != null) {
certificates.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts));
}
ASN1Set asn1Certs = CMSUtils.createBerSetFromList(certificates);
if (asn1Certs.size() > 0) {
sigGen.getRawOutputStream().write(new DERTaggedObject(false, 0, asn1Certs).getEncoded());
}
}
if (crls != null) {
ASN1Set asn1Crls = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls));
if (asn1Crls.size() > 0) {
sigGen.getRawOutputStream().write(new DERTaggedObject(false, 1, asn1Crls).getEncoded());
}
}
sigGen.getRawOutputStream().write(signedData.getSignerInfos().toASN1Primitive().getEncoded());
sigGen.close();
sGen.close();
return out;
}
Also used :
ContentInfoParser(com.github.zhenwei.pkix.util.asn1.cms.ContentInfoParser)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
SignedDataParser(com.github.zhenwei.pkix.util.asn1.cms.SignedDataParser)
DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject)
BERSequenceGenerator(com.github.zhenwei.core.asn1.BERSequenceGenerator)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
ASN1StreamParser(com.github.zhenwei.core.asn1.ASN1StreamParser)
Example 19 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project LinLong-Java by zhenwei1108.
the class CMSSignedDataParser method replaceSigners.
/**
* Replace the signerinformation store associated with the passed in message contained in the
* stream original with the new one passed in. You would probably only want to do this if you
* wanted to change the unsigned attributes associated with a signer, or perhaps delete one.
* <p>
* The output stream is returned unclosed.
* </p>
*
* @param original the signed data stream to be used as a base.
* @param signerInformationStore the new signer information store to use.
* @param out the stream to write the new signed data object to.
* @return out.
*/
public static OutputStream replaceSigners(InputStream original, SignerInformationStore signerInformationStore, OutputStream out) throws CMSException, IOException {
ASN1StreamParser in = new ASN1StreamParser(original);
ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser) in.readObject());
SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE));
BERSequenceGenerator sGen = new BERSequenceGenerator(out);
sGen.addObject(CMSObjectIdentifiers.signedData);
BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
// version number
sigGen.addObject(signedData.getVersion());
// digests
// skip old ones
signedData.getDigestAlgorithms().toASN1Primitive();
ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext(); ) {
SignerInformation signer = (SignerInformation) it.next();
digestAlgs.add(CMSSignedHelper.INSTANCE.fixDigestAlgID(signer.getDigestAlgorithmID(), dgstAlgFinder));
}
sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded());
// encap content info
ContentInfoParser encapContentInfo = signedData.getEncapContentInfo();
BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
eiGen.addObject(encapContentInfo.getContentType());
pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream());
eiGen.close();
writeSetToGeneratorTagged(sigGen, signedData.getCertificates(), 0);
writeSetToGeneratorTagged(sigGen, signedData.getCrls(), 1);
ASN1EncodableVector signerInfos = new ASN1EncodableVector();
for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext(); ) {
SignerInformation signer = (SignerInformation) it.next();
signerInfos.add(signer.toASN1Structure());
}
sigGen.getRawOutputStream().write(new DERSet(signerInfos).getEncoded());
sigGen.close();
sGen.close();
return out;
}
Also used :
ContentInfoParser(com.github.zhenwei.pkix.util.asn1.cms.ContentInfoParser)
SignedDataParser(com.github.zhenwei.pkix.util.asn1.cms.SignedDataParser)
BERSequenceGenerator(com.github.zhenwei.core.asn1.BERSequenceGenerator)
Iterator(java.util.Iterator)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
DERSet(com.github.zhenwei.core.asn1.DERSet)
ASN1StreamParser(com.github.zhenwei.core.asn1.ASN1StreamParser)
Example 20 with SignedData
use of com.github.zhenwei.pkix.util.asn1.cms.SignedData in project gdmatrix by gdmatrix.
the class P7MDocument method getSignatures.
public List<P7MSignature> getSignatures() throws Exception {
ArrayList<P7MSignature> signatures = new ArrayList();
// CertStore certStore = cms.getCertificatesAndCRLs("Collection", "BC");
Store certStore = cms.getCertificates();
SignerInformationStore siStore = cms.getSignerInfos();
Collection signers = siStore.getSigners();
for (Object elem : signers) {
SignerInformation signer = (SignerInformation) elem;
P7MSignature signature = new P7MSignature();
signatures.add(signature);
Collection certCollection = certStore.getMatches(signer.getSID());
// Collection certCollection = certStore.getCertificates(certSelector);
X509CertificateHolder certificateHolder = (X509CertificateHolder) certCollection.iterator().next();
X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
signature.setCertificate(certificate);
signature.loadProperties();
signature.setSignature(Base64.getMimeEncoder().encodeToString(signer.getSignature()).toUpperCase());
// **** signed attributes ****
AttributeTable table = signer.getSignedAttributes();
Hashtable attributes = table.toHashtable();
// signingTime
Attribute attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.5"));
if (attrib != null) {
ASN1UTCTime time = (ASN1UTCTime) attrib.getAttrValues().getObjectAt(0);
String timeString = time.getAdjustedTime();
SimpleDateFormat df = new SimpleDateFormat("yyyyMMddHHmmss'GMT+'00:00");
signature.setSigningDate(df.parse(timeString));
}
// filename
DEROctetString octet;
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.88.2.1"));
if (attrib != null) {
octet = (DEROctetString) attrib.getAttrValues().getObjectAt(0);
if (octet != null) {
signature.setFilename(new String(octet.getOctets(), "UTF-16LE"));
}
}
// decretNumber
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.88.2.2"));
if (attrib != null) {
octet = (DEROctetString) attrib.getAttrValues().getObjectAt(0);
if (octet != null) {
signature.setDecretNumber(new String(octet.getOctets(), "UTF-16LE"));
}
}
// **** unsigned attributes ****
table = signer.getUnsignedAttributes();
if (table != null) {
attributes = table.toHashtable();
// timeStampToken
attrib = (Attribute) attributes.get(new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2.14"));
if (attrib != null) {
ASN1Sequence seq = (ASN1Sequence) attrib.getAttrValues().getObjectAt(0);
ContentInfo timeStampToken = ContentInfo.getInstance(seq);
SignedData sd = SignedData.getInstance(timeStampToken.getContent());
ASN1Set certificates = sd.getCertificates();
ASN1Primitive derCert = certificates.getObjectAt(0).toASN1Primitive();
byte[] certBytes = derCert.getEncoded();
CertificateFactory certFactory = CertificateFactory.getInstance("X509");
X509Certificate tsCertificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
signature.setTimeStampCertificate(tsCertificate);
ASN1Encodable content = sd.getEncapContentInfo().getContent();
// TSTInfo tstInfo = new TSTInfo((ASN1Sequence)
// new ASN1InputStream(((ASN1OctetString)content).getOctets()).readObject());
TSTInfo tstInfo = TSTInfo.getInstance(((ASN1OctetString) content).getOctets());
signature.setTimeStampDate(tstInfo.getGenTime().getDate());
}
}
// signature validation
signature.setValid(signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(signature.getCertificate())));
}
Collections.sort(signatures);
return signatures;
}
Also used :
Attribute(org.bouncycastle.asn1.cms.Attribute)
ArrayList(java.util.ArrayList)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
Store(org.bouncycastle.util.Store)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime)
SignerInformation(org.bouncycastle.cms.SignerInformation)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CertificateFactory(java.security.cert.CertificateFactory)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
SignedData(org.bouncycastle.asn1.cms.SignedData)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
Hashtable(java.util.Hashtable)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
X509Certificate(java.security.cert.X509Certificate)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
TSTInfo(org.bouncycastle.asn1.tsp.TSTInfo)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
Collection(java.util.Collection)
SimpleDateFormat(java.text.SimpleDateFormat)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
SignedData (org.bouncycastle.asn1.cms.SignedData)14
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)12
CMSSignedData (org.bouncycastle.cms.CMSSignedData)8
ASN1Set (org.bouncycastle.asn1.ASN1Set)7
IOException (java.io.IOException)6
Iterator (java.util.Iterator)6
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)5
X509Certificate (java.security.cert.X509Certificate)5
ArrayList (java.util.ArrayList)5
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)4
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)4
ContentInfo (com.github.zhenwei.pkix.util.asn1.cms.ContentInfo)4
List (java.util.List)4
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4
TSTInfo (org.bouncycastle.asn1.tsp.TSTInfo)4
X500Name (org.bouncycastle.asn1.x500.X500Name)4
OutputStream (java.io.OutputStream)3
Collection (java.util.Collection)3
