use of com.mindbright.security.pkcs7.ContentInfo in project jss by dogtagpki.
the class AuthenticatedSafes method addSafeContents.
/**
* Returns the decrypted content from the encrypted content info.
* private static byte[]
* decryptEncryptedContentInfo(EncryptedContentInfo eci, Password pass)
* throws IllegalStateException,CryptoManager.NotInitializedException,
* NoSuchAlgorithmException, InvalidBERException, IOException,
* InvalidKeyException, InvalidAlgorithmParameterException, TokenException,
* IllegalBlockSizeException, BadPaddingException
* {
* OCTET_STRING encryptedContent = eci.getEncryptedContent();
* if( encryptedContent == null ) {
* return null;
* }
*
* // get the key gen parameters
* AlgorithmIdentifier algid = eci.getContentEncryptionAlgorithm();
* KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID( algid.getOID() );
* ASN1Value params = algid.getParameters();
* if( params == null ) {
* throw new InvalidAlgorithmParameterException(
* "PBE algorithms require parameters");
* }
* byte[] encodedParams = ASN1Util.encode(params);
* PBEParameter pbeParams = (PBEParameter)
* ASN1Util.decode( PBEParameter.getTemplate(), encodedParams );
* PBEKeyGenParams kgp = new PBEKeyGenParams(pass,
* pbeParams.getSalt(), pbeParams.getIterations() );
*
* // compute the key and IV
* CryptoToken token =
* CryptoManager.getInstance().getInternalCryptoToken();
* KeyGenerator kg = token.getKeyGenerator( kgAlg );
* kg.setCharToByteConverter( new PasswordConverter() );
* kg.initialize( kgp );
* SymmetricKey key = kg.generate();
*
* // compute algorithm parameters
* EncryptionAlgorithm encAlg = keyGenAlgToEncryptionAlg(kgAlg);
* AlgorithmParameterSpec algParams;
* if( encAlg.getParameterClass().equals( IVParameterSpec.class ) ) {
* algParams = new IVParameterSpec( kg.generatePBE_IV() );
* } else {
* algParams = null;
* }
*
* // perform the decryption
* Cipher cipher = token.getCipherContext( encAlg );
* cipher.initDecrypt(key, algParams );
* return cipher.doFinal( encryptedContent.toByteArray() );
* }
*/
/**
* Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.
*/
public void addSafeContents(SEQUENCE safeContents) {
checkSafeContents(safeContents);
ContentInfo ci = new ContentInfo(ASN1Util.encode(safeContents));
sequence.addElement(ci);
}
use of com.mindbright.security.pkcs7.ContentInfo in project SpringRemote by HaleyWang.
the class PKCS12KeyStore method engineLoad.
public void engineLoad(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
try {
ASN1DER ber = new ASN1DER();
PFX pfx = new PFX();
ber.decode(stream, pfx);
if (password == null) {
password = new char[0];
}
checkMac(pfx, password);
AuthenticatedSafe authSafe = new AuthenticatedSafe();
ASN1OctetString data = pfx.getDataContent();
ByteArrayInputStream ba = new ByteArrayInputStream(data.getRaw());
ber.decode(ba, authSafe);
for (int i = 0; i < authSafe.getCount(); i++) {
ContentInfo ci = authSafe.getContentInfo(i);
String cit = ci.contentType.getString();
if (cit.equals("1.2.840.113549.1.7.1")) {
data = (ASN1OctetString) ci.content.getValue();
processSafeContents(data.getRaw());
} else if (cit.equals("1.2.840.113549.1.7.6")) {
EncryptedData ed = (EncryptedData) ci.content.getValue();
String alg = ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithmName();
byte[] enc = ed.encryptedContentInfo.encryptedContent.getRaw();
PKCS12PbeParams params = (PKCS12PbeParams) ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters.getValue();
byte[] salt = params.salt.getRaw();
int iterations = params.iterations.getValue().intValue();
byte[] dec = new byte[enc.length];
doCipher(Cipher.DECRYPT_MODE, password, enc, enc.length, dec, salt, iterations, alg);
processSafeContents(dec);
} else {
throw new IOException("ContentInfo type not supported: " + cit);
}
}
} catch (IOException e) {
e.printStackTrace();
throw e;
}
}
use of com.mindbright.security.pkcs7.ContentInfo in project apksig by venshine.
the class ApkSigningBlockUtils method generatePkcs7DerEncodedMessage.
/**
* Wrap the signature according to CMS PKCS #7 RFC 5652.
* The high-level simplified structure is as follows:
* // ContentInfo
* // digestAlgorithm
* // SignedData
* // bag of certificates
* // SignerInfo
* // signing cert issuer and serial number (for locating the cert in the above bag)
* // digestAlgorithm
* // signatureAlgorithm
* // signature
*
* @throws Asn1EncodingException if the ASN.1 structure could not be encoded
*/
public static byte[] generatePkcs7DerEncodedMessage(byte[] signatureBytes, ByteBuffer data, List<X509Certificate> signerCerts, AlgorithmIdentifier digestAlgorithmId, AlgorithmIdentifier signatureAlgorithmId) throws Asn1EncodingException, CertificateEncodingException {
SignerInfo signerInfo = new SignerInfo();
signerInfo.version = 1;
X509Certificate signingCert = signerCerts.get(0);
X500Principal signerCertIssuer = signingCert.getIssuerX500Principal();
signerInfo.sid = new SignerIdentifier(new IssuerAndSerialNumber(new Asn1OpaqueObject(signerCertIssuer.getEncoded()), signingCert.getSerialNumber()));
signerInfo.digestAlgorithm = digestAlgorithmId;
signerInfo.signatureAlgorithm = signatureAlgorithmId;
signerInfo.signature = ByteBuffer.wrap(signatureBytes);
SignedData signedData = new SignedData();
signedData.certificates = new ArrayList<>(signerCerts.size());
for (X509Certificate cert : signerCerts) {
signedData.certificates.add(new Asn1OpaqueObject(cert.getEncoded()));
}
signedData.version = 1;
signedData.digestAlgorithms = Collections.singletonList(digestAlgorithmId);
signedData.encapContentInfo = new EncapsulatedContentInfo(Pkcs7Constants.OID_DATA);
// If data is not null, data will be embedded as is in the result -- an attached pcsk7
signedData.encapContentInfo.content = data;
signedData.signerInfos = Collections.singletonList(signerInfo);
ContentInfo contentInfo = new ContentInfo();
contentInfo.contentType = Pkcs7Constants.OID_SIGNED_DATA;
contentInfo.content = new Asn1OpaqueObject(Asn1DerEncoder.encode(signedData));
return Asn1DerEncoder.encode(contentInfo);
}
Aggregations