Search in sources :

Example 16 with ContentInfo

use of com.mindbright.security.pkcs7.ContentInfo in project jss by dogtagpki.

the class AuthenticatedSafes method addSafeContents.

/**
 * Returns the decrypted content from the encrypted content info.
 *    private static byte[]
 *    decryptEncryptedContentInfo(EncryptedContentInfo eci, Password pass)
 *        throws IllegalStateException,CryptoManager.NotInitializedException,
 *        NoSuchAlgorithmException, InvalidBERException, IOException,
 *        InvalidKeyException, InvalidAlgorithmParameterException, TokenException,
 *        IllegalBlockSizeException, BadPaddingException
 *    {
 *        OCTET_STRING encryptedContent = eci.getEncryptedContent();
 *        if( encryptedContent == null ) {
 *            return null;
 *        }
 *
 *        // get the key gen parameters
 *        AlgorithmIdentifier algid = eci.getContentEncryptionAlgorithm();
 *        KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID( algid.getOID() );
 *        ASN1Value params = algid.getParameters();
 *        if( params == null ) {
 *            throw new InvalidAlgorithmParameterException(
 *                "PBE algorithms require parameters");
 *        }
 *        byte[] encodedParams = ASN1Util.encode(params);
 *        PBEParameter pbeParams = (PBEParameter)
 *                ASN1Util.decode( PBEParameter.getTemplate(), encodedParams );
 *        PBEKeyGenParams kgp = new PBEKeyGenParams(pass,
 *                    pbeParams.getSalt(), pbeParams.getIterations() );
 *
 *        // compute the key and IV
 *        CryptoToken token =
 *            CryptoManager.getInstance().getInternalCryptoToken();
 *        KeyGenerator kg = token.getKeyGenerator( kgAlg );
 *        kg.setCharToByteConverter( new PasswordConverter() );
 *        kg.initialize( kgp );
 *        SymmetricKey key = kg.generate();
 *
 *        // compute algorithm parameters
 *        EncryptionAlgorithm encAlg = keyGenAlgToEncryptionAlg(kgAlg);
 *        AlgorithmParameterSpec algParams;
 *        if( encAlg.getParameterClass().equals( IVParameterSpec.class ) ) {
 *            algParams = new IVParameterSpec( kg.generatePBE_IV() );
 *        } else {
 *            algParams = null;
 *        }
 *
 *        // perform the decryption
 *        Cipher cipher = token.getCipherContext( encAlg );
 *        cipher.initDecrypt(key,  algParams );
 *        return cipher.doFinal( encryptedContent.toByteArray() );
 *    }
 */
/**
 * Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.
 */
public void addSafeContents(SEQUENCE safeContents) {
    checkSafeContents(safeContents);
    ContentInfo ci = new ContentInfo(ASN1Util.encode(safeContents));
    sequence.addElement(ci);
}
Also used : ContentInfo(org.mozilla.jss.pkcs7.ContentInfo) EncryptedContentInfo(org.mozilla.jss.pkcs7.EncryptedContentInfo)

Example 17 with ContentInfo

use of com.mindbright.security.pkcs7.ContentInfo in project SpringRemote by HaleyWang.

the class PKCS12KeyStore method engineLoad.

public void engineLoad(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
    try {
        ASN1DER ber = new ASN1DER();
        PFX pfx = new PFX();
        ber.decode(stream, pfx);
        if (password == null) {
            password = new char[0];
        }
        checkMac(pfx, password);
        AuthenticatedSafe authSafe = new AuthenticatedSafe();
        ASN1OctetString data = pfx.getDataContent();
        ByteArrayInputStream ba = new ByteArrayInputStream(data.getRaw());
        ber.decode(ba, authSafe);
        for (int i = 0; i < authSafe.getCount(); i++) {
            ContentInfo ci = authSafe.getContentInfo(i);
            String cit = ci.contentType.getString();
            if (cit.equals("1.2.840.113549.1.7.1")) {
                data = (ASN1OctetString) ci.content.getValue();
                processSafeContents(data.getRaw());
            } else if (cit.equals("1.2.840.113549.1.7.6")) {
                EncryptedData ed = (EncryptedData) ci.content.getValue();
                String alg = ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithmName();
                byte[] enc = ed.encryptedContentInfo.encryptedContent.getRaw();
                PKCS12PbeParams params = (PKCS12PbeParams) ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters.getValue();
                byte[] salt = params.salt.getRaw();
                int iterations = params.iterations.getValue().intValue();
                byte[] dec = new byte[enc.length];
                doCipher(Cipher.DECRYPT_MODE, password, enc, enc.length, dec, salt, iterations, alg);
                processSafeContents(dec);
            } else {
                throw new IOException("ContentInfo type not supported: " + cit);
            }
        }
    } catch (IOException e) {
        e.printStackTrace();
        throw e;
    }
}
Also used : ASN1OctetString(com.mindbright.asn1.ASN1OctetString) PFX(com.mindbright.security.pkcs12.PFX) ASN1DER(com.mindbright.asn1.ASN1DER) ByteArrayInputStream(java.io.ByteArrayInputStream) ContentInfo(com.mindbright.security.pkcs7.ContentInfo) PKCS12PbeParams(com.mindbright.security.pkcs12.PKCS12PbeParams) AuthenticatedSafe(com.mindbright.security.pkcs12.AuthenticatedSafe) ASN1OctetString(com.mindbright.asn1.ASN1OctetString) ASN1CharString(com.mindbright.asn1.ASN1CharString) EncryptedData(com.mindbright.security.pkcs7.EncryptedData) IOException(java.io.IOException)

Example 18 with ContentInfo

use of com.mindbright.security.pkcs7.ContentInfo in project apksig by venshine.

the class ApkSigningBlockUtils method generatePkcs7DerEncodedMessage.

/**
 * Wrap the signature according to CMS PKCS #7 RFC 5652.
 * The high-level simplified structure is as follows:
 * // ContentInfo
 *     //   digestAlgorithm
 *     //   SignedData
 *     //     bag of certificates
 *     //     SignerInfo
 *     //       signing cert issuer and serial number (for locating the cert in the above bag)
 *     //       digestAlgorithm
 *     //       signatureAlgorithm
 *     //       signature
 *
 * @throws Asn1EncodingException if the ASN.1 structure could not be encoded
 */
public static byte[] generatePkcs7DerEncodedMessage(byte[] signatureBytes, ByteBuffer data, List<X509Certificate> signerCerts, AlgorithmIdentifier digestAlgorithmId, AlgorithmIdentifier signatureAlgorithmId) throws Asn1EncodingException, CertificateEncodingException {
    SignerInfo signerInfo = new SignerInfo();
    signerInfo.version = 1;
    X509Certificate signingCert = signerCerts.get(0);
    X500Principal signerCertIssuer = signingCert.getIssuerX500Principal();
    signerInfo.sid = new SignerIdentifier(new IssuerAndSerialNumber(new Asn1OpaqueObject(signerCertIssuer.getEncoded()), signingCert.getSerialNumber()));
    signerInfo.digestAlgorithm = digestAlgorithmId;
    signerInfo.signatureAlgorithm = signatureAlgorithmId;
    signerInfo.signature = ByteBuffer.wrap(signatureBytes);
    SignedData signedData = new SignedData();
    signedData.certificates = new ArrayList<>(signerCerts.size());
    for (X509Certificate cert : signerCerts) {
        signedData.certificates.add(new Asn1OpaqueObject(cert.getEncoded()));
    }
    signedData.version = 1;
    signedData.digestAlgorithms = Collections.singletonList(digestAlgorithmId);
    signedData.encapContentInfo = new EncapsulatedContentInfo(Pkcs7Constants.OID_DATA);
    // If data is not null, data will be embedded as is in the result -- an attached pcsk7
    signedData.encapContentInfo.content = data;
    signedData.signerInfos = Collections.singletonList(signerInfo);
    ContentInfo contentInfo = new ContentInfo();
    contentInfo.contentType = Pkcs7Constants.OID_SIGNED_DATA;
    contentInfo.content = new Asn1OpaqueObject(Asn1DerEncoder.encode(signedData));
    return Asn1DerEncoder.encode(contentInfo);
}
Also used : IssuerAndSerialNumber(com.android.apksig.internal.pkcs7.IssuerAndSerialNumber) SignerInfo(com.android.apksig.internal.pkcs7.SignerInfo) SignedData(com.android.apksig.internal.pkcs7.SignedData) ContentInfo(com.android.apksig.internal.pkcs7.ContentInfo) EncapsulatedContentInfo(com.android.apksig.internal.pkcs7.EncapsulatedContentInfo) X500Principal(javax.security.auth.x500.X500Principal) SignerIdentifier(com.android.apksig.internal.pkcs7.SignerIdentifier) EncapsulatedContentInfo(com.android.apksig.internal.pkcs7.EncapsulatedContentInfo) Asn1OpaqueObject(com.android.apksig.internal.asn1.Asn1OpaqueObject) X509Certificate(java.security.cert.X509Certificate) GuaranteedEncodedFormX509Certificate(com.android.apksig.internal.util.GuaranteedEncodedFormX509Certificate)

Aggregations

IOException (java.io.IOException)12 ContentInfo (org.apache.harmony.security.pkcs7.ContentInfo)11 SignedData (org.apache.harmony.security.pkcs7.SignedData)11 BerInputStream (org.apache.harmony.security.asn1.BerInputStream)9 Certificate (java.security.cert.Certificate)8 X509Certificate (java.security.cert.X509Certificate)8 ArrayList (java.util.ArrayList)6 Signature (java.security.Signature)5 SignerInfo (org.apache.harmony.security.pkcs7.SignerInfo)5 ContentInfo (org.mozilla.jss.pkcs7.ContentInfo)5 ByteArrayInputStream (java.io.ByteArrayInputStream)4 CertificateException (java.security.cert.CertificateException)4 X500Principal (javax.security.auth.x500.X500Principal)4 X509CertImpl (org.apache.harmony.security.provider.cert.X509CertImpl)4 BigInteger (java.math.BigInteger)3 GeneralSecurityException (java.security.GeneralSecurityException)3 MessageDigest (java.security.MessageDigest)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 EncryptedContentInfo (org.mozilla.jss.pkcs7.EncryptedContentInfo)3 RandomAccessFile (java.io.RandomAccessFile)2