Example 1 with SignerInfo
use of org.bouncycastle.asn1.cms.SignerInfo in project robovm by robovm.
the class CMSSignedDataGenerator method generate.
public CMSSignedData generate(// FIXME Avoid accessing more than once to support CMSProcessableInputStream
CMSTypedData content, boolean encapsulate) throws CMSException {
if (!signerInfs.isEmpty()) {
throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
}
// TODO
// if (signerInfs.isEmpty())
// {
// /* RFC 3852 5.2
// * "In the degenerate case where there are no signers, the
// * EncapsulatedContentInfo value being "signed" is irrelevant. In this
// * case, the content type within the EncapsulatedContentInfo value being
// * "signed" MUST be id-data (as defined in section 4), and the content
// * field of the EncapsulatedContentInfo value MUST be omitted."
// */
// if (encapsulate)
// {
// throw new IllegalArgumentException("no signers, encapsulate must be false");
// }
// if (!DATA.equals(eContentType))
// {
// throw new IllegalArgumentException("no signers, eContentType must be id-data");
// }
// }
//
// if (!DATA.equals(eContentType))
// {
// /* RFC 3852 5.3
// * [The 'signedAttrs']...
// * field is optional, but it MUST be present if the content type of
// * the EncapsulatedContentInfo value being signed is not id-data.
// */
// // TODO signedAttrs must be present for all signers
// }
ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
ASN1EncodableVector signerInfos = new ASN1EncodableVector();
// clear the current preserved digest state
digests.clear();
//
for (Iterator it = _signers.iterator(); it.hasNext(); ) {
SignerInformation signer = (SignerInformation) it.next();
digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
// TODO Verify the content type and calculated digest match the precalculated SignerInfo
signerInfos.add(signer.toASN1Structure());
}
//
// add the SignerInfo objects
//
ASN1ObjectIdentifier contentTypeOID = content.getContentType();
ASN1OctetString octs = null;
if (content != null) {
ByteArrayOutputStream bOut = null;
if (encapsulate) {
bOut = new ByteArrayOutputStream();
}
OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut);
// Just in case it's unencapsulated and there are no signers!
cOut = CMSUtils.getSafeOutputStream(cOut);
try {
content.write(cOut);
cOut.close();
} catch (IOException e) {
throw new CMSException("data processing exception: " + e.getMessage(), e);
}
if (encapsulate) {
octs = new BEROctetString(bOut.toByteArray());
}
}
for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
SignerInfoGenerator sGen = (SignerInfoGenerator) it.next();
SignerInfo inf = sGen.generate(contentTypeOID);
digestAlgs.add(inf.getDigestAlgorithm());
signerInfos.add(inf);
byte[] calcDigest = sGen.getCalculatedDigest();
if (calcDigest != null) {
digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest);
}
}
ASN1Set certificates = null;
if (certs.size() != 0) {
certificates = CMSUtils.createBerSetFromList(certs);
}
ASN1Set certrevlist = null;
if (crls.size() != 0) {
certrevlist = CMSUtils.createBerSetFromList(crls);
}
ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
return new CMSSignedData(content, contentInfo);
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
SignedData(org.bouncycastle.asn1.cms.SignedData)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
DERSet(org.bouncycastle.asn1.DERSet)
SignerInfo(org.bouncycastle.asn1.cms.SignerInfo)
BEROctetString(org.bouncycastle.asn1.BEROctetString)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
Iterator(java.util.Iterator)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 2 with SignerInfo
use of org.bouncycastle.asn1.cms.SignerInfo in project robovm by robovm.
the class SignerInfoGeneratorBuilder method build.
/**
* Build a generator with the passed in certHolder issuer and serial number as the signerIdentifier.
*
* @param contentSigner operator for generating the final signature in the SignerInfo with.
* @param certHolder carrier for the X.509 certificate related to the contentSigner.
* @return a SignerInfoGenerator
* @throws OperatorCreationException if the generator cannot be built.
*/
public SignerInfoGenerator build(ContentSigner contentSigner, X509CertificateHolder certHolder) throws OperatorCreationException {
SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certHolder.toASN1Structure()));
SignerInfoGenerator sigInfoGen = createGenerator(contentSigner, sigId);
sigInfoGen.setAssociatedCertificate(certHolder);
return sigInfoGen;
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber)
SignerIdentifier(org.bouncycastle.asn1.cms.SignerIdentifier)
Example 3 with SignerInfo
use of org.bouncycastle.asn1.cms.SignerInfo in project robovm by robovm.
the class SignerInformation method addCounterSigners.
/**
* Return a signer information object with passed in SignerInformationStore representing counter
* signatures attached as an unsigned attribute.
*
* @param signerInformation the signerInfo to be used as the basis.
* @param counterSigners signer info objects carrying counter signature.
* @return a copy of the original SignerInformationObject with the changed attributes.
*/
public static SignerInformation addCounterSigners(SignerInformation signerInformation, SignerInformationStore counterSigners) {
// TODO Perform checks from RFC 3852 11.4
SignerInfo sInfo = signerInformation.info;
AttributeTable unsignedAttr = signerInformation.getUnsignedAttributes();
ASN1EncodableVector v;
if (unsignedAttr != null) {
v = unsignedAttr.toASN1EncodableVector();
} else {
v = new ASN1EncodableVector();
}
ASN1EncodableVector sigs = new ASN1EncodableVector();
for (Iterator it = counterSigners.getSigners().iterator(); it.hasNext(); ) {
sigs.add(((SignerInformation) it.next()).toASN1Structure());
}
v.add(new Attribute(CMSAttributes.counterSignature, new DERSet(sigs)));
return new SignerInformation(new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(), sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), new DERSet(v)), signerInformation.contentType, signerInformation.content, null);
}
Also used :
SignerInfo(org.bouncycastle.asn1.cms.SignerInfo)
Attribute(org.bouncycastle.asn1.cms.Attribute)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
Iterator(java.util.Iterator)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DERSet(org.bouncycastle.asn1.DERSet)
Example 4 with SignerInfo
use of org.bouncycastle.asn1.cms.SignerInfo in project robovm by robovm.
the class SignedData method calculateVersion.
// RFC3852, section 5.1:
// IF ((certificates is present) AND
// (any certificates with a type of other are present)) OR
// ((crls is present) AND
// (any crls with a type of other are present))
// THEN version MUST be 5
// ELSE
// IF (certificates is present) AND
// (any version 2 attribute certificates are present)
// THEN version MUST be 4
// ELSE
// IF ((certificates is present) AND
// (any version 1 attribute certificates are present)) OR
// (any SignerInfo structures are version 3) OR
// (encapContentInfo eContentType is other than id-data)
// THEN version MUST be 3
// ELSE version MUST be 1
//
private ASN1Integer calculateVersion(ASN1ObjectIdentifier contentOid, ASN1Set certs, ASN1Set crls, ASN1Set signerInfs) {
boolean otherCert = false;
boolean otherCrl = false;
boolean attrCertV1Found = false;
boolean attrCertV2Found = false;
if (certs != null) {
for (Enumeration en = certs.getObjects(); en.hasMoreElements(); ) {
Object obj = en.nextElement();
if (obj instanceof ASN1TaggedObject) {
ASN1TaggedObject tagged = ASN1TaggedObject.getInstance(obj);
if (tagged.getTagNo() == 1) {
attrCertV1Found = true;
} else if (tagged.getTagNo() == 2) {
attrCertV2Found = true;
} else if (tagged.getTagNo() == 3) {
otherCert = true;
}
}
}
}
if (otherCert) {
return new ASN1Integer(5);
}
if (// no need to check if otherCert is true
crls != null) {
for (Enumeration en = crls.getObjects(); en.hasMoreElements(); ) {
Object obj = en.nextElement();
if (obj instanceof ASN1TaggedObject) {
otherCrl = true;
}
}
}
if (otherCrl) {
return VERSION_5;
}
if (attrCertV2Found) {
return VERSION_4;
}
if (attrCertV1Found) {
return VERSION_3;
}
if (checkForVersion3(signerInfs)) {
return VERSION_3;
}
if (!CMSObjectIdentifiers.data.equals(contentOid)) {
return VERSION_3;
}
return VERSION_1;
}
Also used :
Enumeration(java.util.Enumeration)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
BERTaggedObject(org.bouncycastle.asn1.BERTaggedObject)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Example 5 with SignerInfo
use of org.bouncycastle.asn1.cms.SignerInfo in project robovm by robovm.
the class SignerInfo method toASN1Primitive.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* SignerInfo ::= SEQUENCE {
* version Version,
* SignerIdentifier sid,
* digestAlgorithm DigestAlgorithmIdentifier,
* authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
* digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
* encryptedDigest EncryptedDigest,
* unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
* }
*
* EncryptedDigest ::= OCTET STRING
*
* DigestAlgorithmIdentifier ::= AlgorithmIdentifier
*
* DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
* </pre>
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(version);
v.add(sid);
v.add(digAlgorithm);
if (authenticatedAttributes != null) {
v.add(new DERTaggedObject(false, 0, authenticatedAttributes));
}
v.add(digEncryptionAlgorithm);
v.add(encryptedDigest);
if (unauthenticatedAttributes != null) {
v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes));
}
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Aggregations
ASN1Set (org.bouncycastle.asn1.ASN1Set)8
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)8
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)7
SignerInfo (org.bouncycastle.asn1.cms.SignerInfo)6
IOException (java.io.IOException)5
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5
Attribute (org.bouncycastle.asn1.cms.Attribute)5
CMSException (org.bouncycastle.cms.CMSException)5
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4
DERSet (org.bouncycastle.asn1.DERSet)4
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)4
CMSSignedData (org.bouncycastle.cms.CMSSignedData)4
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)4
X509Certificate (java.security.cert.X509Certificate)3
Date (java.util.Date)3
SignedData (org.bouncycastle.asn1.cms.SignedData)3
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
OutputStream (java.io.OutputStream)2
