Example 1 with RecipientInfo
use of org.bouncycastle.asn1.cms.RecipientInfo in project jruby-openssl by jruby.
the class RecipInfo method fromASN1.
/**
* RecipientInfo ::= SEQUENCE {
* version Version,
* issuerAndSerialNumber IssuerAndSerialNumber,
* keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
* encryptedKey EncryptedKey }
*
* EncryptedKey ::= OCTET STRING
*/
public static RecipInfo fromASN1(ASN1Encodable content) {
ASN1Sequence sequence = (ASN1Sequence) content;
RecipInfo ri = new RecipInfo();
ri.setVersion(((ASN1Integer) sequence.getObjectAt(0)).getValue().intValue());
ri.setIssuerAndSerial(IssuerAndSerialNumber.getInstance(sequence.getObjectAt(1)));
ri.setKeyEncAlgor(AlgorithmIdentifier.getInstance(sequence.getObjectAt(2)));
ri.setEncKey((ASN1OctetString) sequence.getObjectAt(3));
return ri;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Example 2 with RecipientInfo
use of org.bouncycastle.asn1.cms.RecipientInfo in project pdfbox by apache.
the class PublicKeySecurityHandler method createDERForRecipient.
private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
String algorithm = "1.2.840.113549.3.2";
AlgorithmParameterGenerator apg;
KeyGenerator keygen;
Cipher cipher;
try {
apg = AlgorithmParameterGenerator.getInstance(algorithm, SecurityProvider.getProvider());
keygen = KeyGenerator.getInstance(algorithm, SecurityProvider.getProvider());
cipher = Cipher.getInstance(algorithm, SecurityProvider.getProvider());
} catch (NoSuchAlgorithmException e) {
// happens when using the command line app .jar file
throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + algorithm + "; possible reason: using an unsigned .jar file", e);
} catch (NoSuchPaddingException e) {
// should never happen, if this happens throw IOException instead
throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
}
AlgorithmParameters parameters = apg.generateParameters();
ASN1Primitive object;
try (ASN1InputStream input = new ASN1InputStream(parameters.getEncoded("ASN.1"))) {
object = input.readObject();
}
keygen.init(128);
SecretKey secretkey = keygen.generateKey();
cipher.init(1, secretkey, parameters);
byte[] bytes = cipher.doFinal(in);
KeyTransRecipientInfo recipientInfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet set = new DERSet(new RecipientInfo(recipientInfo));
AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object);
EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes));
EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, enveloped);
return contentInfo.toASN1Primitive();
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
COSString(org.apache.pdfbox.cos.COSString)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
DERSet(org.bouncycastle.asn1.DERSet)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
Cipher(javax.crypto.Cipher)
KeyGenerator(javax.crypto.KeyGenerator)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo)
RecipientInfo(org.bouncycastle.asn1.cms.RecipientInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
EnvelopedData(org.bouncycastle.asn1.cms.EnvelopedData)
CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData)
AlgorithmParameters(java.security.AlgorithmParameters)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
Example 3 with RecipientInfo
use of org.bouncycastle.asn1.cms.RecipientInfo in project jruby-openssl by jruby.
the class PKCS7 method dataDecode.
/**
* c: PKCS7_dataDecode
*/
public BIO dataDecode(PrivateKey pkey, BIO inBio, X509AuxCertificate pcert) throws PKCS7Exception {
BIO out = null;
BIO btmp;
BIO etmp;
BIO bio;
byte[] dataBody = null;
Collection<AlgorithmIdentifier> mdSk = null;
Collection<RecipInfo> rsk = null;
AlgorithmIdentifier encAlg = null;
Cipher evpCipher = null;
RecipInfo ri = null;
int i = getType();
switch(i) {
case ASN1Registry.NID_pkcs7_signed:
dataBody = getSign().getContents().getOctetString().getOctets();
mdSk = getSign().getMdAlgs();
break;
case ASN1Registry.NID_pkcs7_signedAndEnveloped:
rsk = getSignedAndEnveloped().getRecipientInfo();
mdSk = getSignedAndEnveloped().getMdAlgs();
dataBody = getSignedAndEnveloped().getEncData().getEncData().getOctets();
encAlg = getSignedAndEnveloped().getEncData().getAlgorithm();
try {
evpCipher = EVP.getCipher(encAlg.getAlgorithm());
} catch (Exception e) {
e.printStackTrace(System.err);
throw new PKCS7Exception(F_PKCS7_DATADECODE, R_UNSUPPORTED_CIPHER_TYPE, e);
}
break;
case ASN1Registry.NID_pkcs7_enveloped:
rsk = getEnveloped().getRecipientInfo();
dataBody = getEnveloped().getEncData().getEncData().getOctets();
encAlg = getEnveloped().getEncData().getAlgorithm();
try {
evpCipher = EVP.getCipher(encAlg.getAlgorithm());
} catch (Exception e) {
e.printStackTrace(System.err);
throw new PKCS7Exception(F_PKCS7_DATADECODE, R_UNSUPPORTED_CIPHER_TYPE, e);
}
break;
default:
throw new PKCS7Exception(F_PKCS7_DATADECODE, R_UNSUPPORTED_CONTENT_TYPE);
}
/* We will be checking the signature */
if (mdSk != null) {
for (AlgorithmIdentifier xa : mdSk) {
try {
MessageDigest evpMd = EVP.getDigest(xa.getAlgorithm());
btmp = BIO.mdFilter(evpMd);
if (out == null) {
out = btmp;
} else {
out.push(btmp);
}
} catch (Exception e) {
e.printStackTrace(System.err);
throw new PKCS7Exception(F_PKCS7_DATADECODE, R_UNKNOWN_DIGEST_TYPE, e);
}
}
}
if (evpCipher != null) {
/* Find the recipientInfo which matches the passed certificate
* (if any)
*/
if (pcert != null) {
for (Iterator<RecipInfo> iter = rsk.iterator(); iter.hasNext(); ) {
ri = iter.next();
if (ri.compare(pcert)) {
break;
}
ri = null;
}
if (null == ri) {
throw new PKCS7Exception(F_PKCS7_DATADECODE, R_NO_RECIPIENT_MATCHES_CERTIFICATE);
}
}
byte[] tmp = null;
/* If we haven't got a certificate try each ri in turn */
if (null == pcert) {
for (Iterator<RecipInfo> iter = rsk.iterator(); iter.hasNext(); ) {
ri = iter.next();
try {
tmp = EVP.decrypt(ri.getEncKey().getOctets(), pkey);
if (tmp != null) {
break;
}
} catch (Exception e) {
tmp = null;
}
ri = null;
}
if (ri == null) {
throw new PKCS7Exception(F_PKCS7_DATADECODE, R_NO_RECIPIENT_MATCHES_KEY);
}
} else {
try {
Cipher cipher = SecurityHelper.getCipher(CipherSpec.getWrappingAlgorithm(pkey.getAlgorithm()));
cipher.init(Cipher.DECRYPT_MODE, pkey);
tmp = cipher.doFinal(ri.getEncKey().getOctets());
} catch (Exception e) {
e.printStackTrace(System.err);
throw new PKCS7Exception(F_PKCS7_DATADECODE, -1, e);
}
}
ASN1Encodable params = encAlg.getParameters();
try {
String algo = org.jruby.ext.openssl.Cipher.Algorithm.getAlgorithmBase(evpCipher);
if (params != null && params instanceof ASN1OctetString) {
if (algo.startsWith("RC2")) {
// J9's IBMJCE needs this exceptional RC2 support.
// Giving IvParameterSpec throws 'Illegal parameter' on IBMJCE.
SecretKeySpec sks = new SecretKeySpec(tmp, algo);
RC2ParameterSpec s = new RC2ParameterSpec(tmp.length * 8, ((ASN1OctetString) params).getOctets());
evpCipher.init(Cipher.DECRYPT_MODE, sks, s);
} else {
SecretKeySpec sks = new SecretKeySpec(tmp, algo);
IvParameterSpec iv = new IvParameterSpec(((ASN1OctetString) params).getOctets());
evpCipher.init(Cipher.DECRYPT_MODE, sks, iv);
}
} else {
evpCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(tmp, algo));
}
} catch (Exception e) {
e.printStackTrace(System.err);
throw new PKCS7Exception(F_PKCS7_DATADECODE, -1, e);
}
etmp = BIO.cipherFilter(evpCipher);
if (out == null) {
out = etmp;
} else {
out.push(etmp);
}
}
if (isDetached() || inBio != null) {
bio = inBio;
} else {
if (dataBody != null && dataBody.length > 0) {
bio = BIO.memBuf(dataBody);
} else {
bio = BIO.mem();
}
}
out.push(bio);
return out;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
PKCSException(org.bouncycastle.pkcs.PKCSException)
IOException(java.io.IOException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
RC2ParameterSpec(javax.crypto.spec.RC2ParameterSpec)
MessageDigest(java.security.MessageDigest)
Example 4 with RecipientInfo
use of org.bouncycastle.asn1.cms.RecipientInfo in project jruby-openssl by jruby.
the class Envelope method fromASN1.
/**
* EnvelopedData ::= SEQUENCE {
* version Version,
* recipientInfos RecipientInfos,
* encryptedContentInfo EncryptedContentInfo }
*
* Version ::= INTEGER
*
* RecipientInfos ::= SET OF RecipientInfo
*/
public static Envelope fromASN1(ASN1Encodable content) {
ASN1Sequence sequence = (ASN1Sequence) content;
ASN1Integer version = (ASN1Integer) sequence.getObjectAt(0);
ASN1Set recipients = (ASN1Set) sequence.getObjectAt(1);
ASN1Encodable encContent = sequence.getObjectAt(2);
Envelope envelope = new Envelope();
envelope.setVersion(version.getValue().intValue());
envelope.setRecipientInfo(recipientInfosFromASN1Set(recipients));
envelope.setEncData(EncContent.fromASN1(encContent));
return envelope;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Aggregations
IOException (java.io.IOException)2
Cipher (javax.crypto.Cipher)2
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)2
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)2
DEROctetString (org.bouncycastle.asn1.DEROctetString)2
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2
AlgorithmParameterGenerator (java.security.AlgorithmParameterGenerator)1
AlgorithmParameters (java.security.AlgorithmParameters)1
MessageDigest (java.security.MessageDigest)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
KeyGenerator (javax.crypto.KeyGenerator)1
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1
SecretKey (javax.crypto.SecretKey)1
IvParameterSpec (javax.crypto.spec.IvParameterSpec)1
RC2ParameterSpec (javax.crypto.spec.RC2ParameterSpec)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
COSString (org.apache.pdfbox.cos.COSString)1
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)1
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1
