Search in sources :

Example 1 with ContentInfo

use of org.bouncycastle.asn1.pkcs.ContentInfo in project XobotOS by xamarin.

the class PKIXCertPath method getEncoded.

/**
     * Returns the encoded form of this certification path, using
     * the specified encoding.
     *
     * @param encoding the name of the encoding to use
     * @return the encoded bytes
     * @exception CertificateEncodingException if an encoding error
     * occurs or the encoding requested is not supported
     *
     **/
public byte[] getEncoded(String encoding) throws CertificateEncodingException {
    if (encoding.equalsIgnoreCase("PkiPath")) {
        ASN1EncodableVector v = new ASN1EncodableVector();
        ListIterator iter = certificates.listIterator(certificates.size());
        while (iter.hasPrevious()) {
            v.add(toASN1Object((X509Certificate) iter.previous()));
        }
        return toDEREncoded(new DERSequence(v));
    } else if (encoding.equalsIgnoreCase("PKCS7")) {
        ContentInfo encInfo = new ContentInfo(PKCSObjectIdentifiers.data, null);
        ASN1EncodableVector v = new ASN1EncodableVector();
        for (int i = 0; i != certificates.size(); i++) {
            v.add(toASN1Object((X509Certificate) certificates.get(i)));
        }
        SignedData sd = new SignedData(new DERInteger(1), new DERSet(), encInfo, new DERSet(v), null, new DERSet());
        return toDEREncoded(new ContentInfo(PKCSObjectIdentifiers.signedData, sd));
    } else // BEGIN android-removed
    // else if (encoding.equalsIgnoreCase("PEM"))
    // {
    //     ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    //     PEMWriter             pWrt = new PEMWriter(new OutputStreamWriter(bOut));
    //
    //     try
    //     {
    //         for (int i = 0; i != certificates.size(); i++)
    //         {
    //             pWrt.writeObject(certificates.get(i));
    //         }
    //     
    //         pWrt.close();
    //     }
    //     catch (Exception e)
    //     {
    //         throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
    //     }
    //
    //     return bOut.toByteArray();
    // }
    // END android-removed
    {
        throw new CertificateEncodingException("unsupported encoding: " + encoding);
    }
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) SignedData(org.bouncycastle.asn1.pkcs.SignedData) ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) CertificateEncodingException(java.security.cert.CertificateEncodingException) ListIterator(java.util.ListIterator) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) DERInteger(org.bouncycastle.asn1.DERInteger)

Example 2 with ContentInfo

use of org.bouncycastle.asn1.pkcs.ContentInfo in project XobotOS by xamarin.

the class JDKPKCS12KeyStore method doStore.

private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException {
    if (password == null) {
        throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
    }
    //
    // handle the key
    //
    ASN1EncodableVector keyS = new ASN1EncodableVector();
    Enumeration ks = keys.keys();
    while (ks.hasMoreElements()) {
        byte[] kSalt = new byte[SALT_SIZE];
        random.nextBytes(kSalt);
        String name = (String) ks.nextElement();
        PrivateKey privKey = (PrivateKey) keys.get(name);
        PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS);
        byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password);
        AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.getDERObject());
        org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes);
        boolean attrSet = false;
        ASN1EncodableVector kName = new ASN1EncodableVector();
        if (privKey instanceof PKCS12BagAttributeCarrier) {
            PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) privKey;
            //
            // make sure we are using the local alias on store
            //
            DERBMPString nm = (DERBMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
            if (nm == null || !nm.getString().equals(name)) {
                bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
            }
            //
            if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
                Certificate ct = engineGetCertificate(name);
                bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey()));
            }
            Enumeration e = bagAttrs.getBagAttributeKeys();
            while (e.hasMoreElements()) {
                DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
                ASN1EncodableVector kSeq = new ASN1EncodableVector();
                kSeq.add(oid);
                kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
                attrSet = true;
                kName.add(new DERSequence(kSeq));
            }
        }
        if (!attrSet) {
            //
            // set a default friendly name (from the key id) and local id
            //
            ASN1EncodableVector kSeq = new ASN1EncodableVector();
            Certificate ct = engineGetCertificate(name);
            kSeq.add(pkcs_9_at_localKeyId);
            kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey())));
            kName.add(new DERSequence(kSeq));
            kSeq = new ASN1EncodableVector();
            kSeq.add(pkcs_9_at_friendlyName);
            kSeq.add(new DERSet(new DERBMPString(name)));
            kName.add(new DERSequence(kSeq));
        }
        SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.getDERObject(), new DERSet(kName));
        keyS.add(kBag);
    }
    byte[] keySEncoded = new DERSequence(keyS).getDEREncoded();
    BERConstructedOctetString keyString = new BERConstructedOctetString(keySEncoded);
    //
    // certificate processing
    //
    byte[] cSalt = new byte[SALT_SIZE];
    random.nextBytes(cSalt);
    ASN1EncodableVector certSeq = new ASN1EncodableVector();
    PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS);
    AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.getDERObject());
    Hashtable doneCerts = new Hashtable();
    Enumeration cs = keys.keys();
    while (cs.hasMoreElements()) {
        try {
            String name = (String) cs.nextElement();
            Certificate cert = engineGetCertificate(name);
            boolean cAttrSet = false;
            CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
            ASN1EncodableVector fName = new ASN1EncodableVector();
            if (cert instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
                //
                // make sure we are using the local alias on store
                //
                DERBMPString nm = (DERBMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
                if (nm == null || !nm.getString().equals(name)) {
                    bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
                }
                //
                if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
                    bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey()));
                }
                Enumeration e = bagAttrs.getBagAttributeKeys();
                while (e.hasMoreElements()) {
                    DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
                    ASN1EncodableVector fSeq = new ASN1EncodableVector();
                    fSeq.add(oid);
                    fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
                    fName.add(new DERSequence(fSeq));
                    cAttrSet = true;
                }
            }
            if (!cAttrSet) {
                ASN1EncodableVector fSeq = new ASN1EncodableVector();
                fSeq.add(pkcs_9_at_localKeyId);
                fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey())));
                fName.add(new DERSequence(fSeq));
                fSeq = new ASN1EncodableVector();
                fSeq.add(pkcs_9_at_friendlyName);
                fSeq.add(new DERSet(new DERBMPString(name)));
                fName.add(new DERSequence(fSeq));
            }
            SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName));
            certSeq.add(sBag);
            doneCerts.put(cert, cert);
        } catch (CertificateEncodingException e) {
            throw new IOException("Error encoding certificate: " + e.toString());
        }
    }
    cs = certs.keys();
    while (cs.hasMoreElements()) {
        try {
            String certId = (String) cs.nextElement();
            Certificate cert = (Certificate) certs.get(certId);
            boolean cAttrSet = false;
            if (keys.get(certId) != null) {
                continue;
            }
            CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
            ASN1EncodableVector fName = new ASN1EncodableVector();
            if (cert instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
                //
                // make sure we are using the local alias on store
                //
                DERBMPString nm = (DERBMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
                if (nm == null || !nm.getString().equals(certId)) {
                    bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId));
                }
                Enumeration e = bagAttrs.getBagAttributeKeys();
                while (e.hasMoreElements()) {
                    DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
                    // If we find one, we'll prune it out.
                    if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
                        continue;
                    }
                    ASN1EncodableVector fSeq = new ASN1EncodableVector();
                    fSeq.add(oid);
                    fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
                    fName.add(new DERSequence(fSeq));
                    cAttrSet = true;
                }
            }
            if (!cAttrSet) {
                ASN1EncodableVector fSeq = new ASN1EncodableVector();
                fSeq.add(pkcs_9_at_friendlyName);
                fSeq.add(new DERSet(new DERBMPString(certId)));
                fName.add(new DERSequence(fSeq));
            }
            SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName));
            certSeq.add(sBag);
            doneCerts.put(cert, cert);
        } catch (CertificateEncodingException e) {
            throw new IOException("Error encoding certificate: " + e.toString());
        }
    }
    cs = chainCerts.keys();
    while (cs.hasMoreElements()) {
        try {
            CertId certId = (CertId) cs.nextElement();
            Certificate cert = (Certificate) chainCerts.get(certId);
            if (doneCerts.get(cert) != null) {
                continue;
            }
            CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
            ASN1EncodableVector fName = new ASN1EncodableVector();
            if (cert instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
                Enumeration e = bagAttrs.getBagAttributeKeys();
                while (e.hasMoreElements()) {
                    DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
                    // If we find one, we'll prune it out.
                    if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
                        continue;
                    }
                    ASN1EncodableVector fSeq = new ASN1EncodableVector();
                    fSeq.add(oid);
                    fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
                    fName.add(new DERSequence(fSeq));
                }
            }
            SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName));
            certSeq.add(sBag);
        } catch (CertificateEncodingException e) {
            throw new IOException("Error encoding certificate: " + e.toString());
        }
    }
    byte[] certSeqEncoded = new DERSequence(certSeq).getDEREncoded();
    byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded);
    EncryptedData cInfo = new EncryptedData(data, cAlgId, new BERConstructedOctetString(certBytes));
    ContentInfo[] info = new ContentInfo[] { new ContentInfo(data, keyString), new ContentInfo(encryptedData, cInfo.getDERObject()) };
    AuthenticatedSafe auth = new AuthenticatedSafe(info);
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    DEROutputStream asn1Out;
    if (useDEREncoding) {
        asn1Out = new DEROutputStream(bOut);
    } else {
        asn1Out = new BEROutputStream(bOut);
    }
    asn1Out.writeObject(auth);
    byte[] pkg = bOut.toByteArray();
    ContentInfo mainInfo = new ContentInfo(data, new BERConstructedOctetString(pkg));
    //
    // create the mac
    //
    byte[] mSalt = new byte[20];
    int itCount = MIN_ITERATIONS;
    random.nextBytes(mSalt);
    byte[] data = ((ASN1OctetString) mainInfo.getContent()).getOctets();
    MacData mData;
    try {
        byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data);
        // BEGIN android-changed
        AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE);
        // END android-changed
        DigestInfo dInfo = new DigestInfo(algId, res);
        mData = new MacData(dInfo, mSalt, itCount);
    } catch (Exception e) {
        throw new IOException("error constructing MAC: " + e.toString());
    }
    //
    // output the Pfx
    //
    Pfx pfx = new Pfx(mainInfo, mData);
    if (useDEREncoding) {
        asn1Out = new DEROutputStream(stream);
    } else {
        asn1Out = new BEROutputStream(stream);
    }
    asn1Out.writeObject(pfx);
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) PrivateKey(java.security.PrivateKey) AuthenticatedSafe(org.bouncycastle.asn1.pkcs.AuthenticatedSafe) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) BERConstructedOctetString(org.bouncycastle.asn1.BERConstructedOctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERSet(org.bouncycastle.asn1.DERSet) PKCS12BagAttributeCarrier(org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERSequence(org.bouncycastle.asn1.DERSequence) ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) BERConstructedOctetString(org.bouncycastle.asn1.BERConstructedOctetString) EncryptedData(org.bouncycastle.asn1.pkcs.EncryptedData) MacData(org.bouncycastle.asn1.pkcs.MacData) Enumeration(java.util.Enumeration) DERBMPString(org.bouncycastle.asn1.DERBMPString) Pfx(org.bouncycastle.asn1.pkcs.Pfx) Hashtable(java.util.Hashtable) BEROutputStream(org.bouncycastle.asn1.BEROutputStream) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SafeBag(org.bouncycastle.asn1.pkcs.SafeBag) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CertBag(org.bouncycastle.asn1.pkcs.CertBag) PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams) DigestInfo(org.bouncycastle.asn1.x509.DigestInfo) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) DEROutputStream(org.bouncycastle.asn1.DEROutputStream)

Example 3 with ContentInfo

use of org.bouncycastle.asn1.pkcs.ContentInfo in project nhin-d by DirectProject.

the class ViewTrustBundlePKCS7 method viewBundle.

@SuppressWarnings({ "rawtypes" })
public boolean viewBundle(File trustDir) {
    try {
        //System.out.println("File:"+trustDir.getName());
        if (!trustDir.getName().endsWith(".p7m")) {
            byte[] trustBundleByte = loadFileData(trustDir);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
            ContentInfo contentInfo = dataParser.getContentInfo();
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            Enumeration certificates = signedData.getCertificates().getObjects();
            StringBuffer output = new StringBuffer();
            int counter = 1;
            String chk = "Absent";
            while (certificates.hasMoreElements()) {
                DERObject certObj = (DERObject) certificates.nextElement();
                InputStream in = new ByteArrayInputStream(certObj.getDEREncoded());
                X509Certificate cert = (X509Certificate) cf.generateCertificate(in);
                X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                output.append("Trust Anchor :" + counter + "\n");
                output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
                output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
                counter++;
            }
            if (signedData.getEncapContentInfo().getContent() != null) {
                //chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
                chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
            }
            output.append("Meta Data :\n" + chk);
            error = output.toString();
        } else //end of if check of file type
        {
            StringBuffer output = new StringBuffer();
            int counter = 1;
            String chk = "Absent";
            byte[] trustBundleByte = loadFileData(trustDir);
            CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
            ContentInfo contentInfo = dataParser.getContentInfo();
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            CMSSignedData encapInfoBundle = new CMSSignedData(new CMSProcessableByteArray(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded()), contentInfo);
            SignedData encapMetaData = SignedData.getInstance(encapInfoBundle.getContentInfo().getContent());
            //System.out.println("ENCAP META DATA"+new String(encapMetaData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8"));
            CMSProcessableByteArray cin = new CMSProcessableByteArray(((ASN1OctetString) encapMetaData.getEncapContentInfo().getContent()).getOctets());
            CertificateFactory ucf = CertificateFactory.getInstance("X.509");
            CMSSignedData unsignedParser = new CMSSignedData(cin.getInputStream());
            ContentInfo unsginedEncapInfo = unsignedParser.getContentInfo();
            SignedData metaData = SignedData.getInstance(unsginedEncapInfo.getContent());
            Enumeration certificates = metaData.getCertificates().getObjects();
            while (certificates.hasMoreElements()) {
                DERObject certObj = (DERObject) certificates.nextElement();
                InputStream bin = new ByteArrayInputStream(certObj.getDEREncoded());
                X509Certificate cert = (X509Certificate) ucf.generateCertificate(bin);
                X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
                RDN cn = x500name.getRDNs(BCStyle.CN)[0];
                output.append("Trust Anchor :" + counter + "\n");
                output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
                output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
                counter++;
            }
            if (metaData.getEncapContentInfo().getContent() != null) {
                //chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
                chk = new String(metaData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
            }
            output.append("Meta Data :\n" + chk);
            error = output.toString();
        }
    //end of .p7m check if
    }//end of try
     catch (IOException io) {
        //io.printStackTrace(System.err);
        return false;
    } catch (CMSException cm) {
        //cm.printStackTrace(System.err);
        return false;
    } catch (Exception e) {
        //e.printStackTrace(System.err);
        return false;
    }
    return true;
}
Also used : CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) Enumeration(java.util.Enumeration) SignedData(org.bouncycastle.asn1.cms.SignedData) CMSSignedData(org.bouncycastle.cms.CMSSignedData) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) CMSSignedData(org.bouncycastle.cms.CMSSignedData) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509Certificate(java.security.cert.X509Certificate) CMSException(org.bouncycastle.cms.CMSException) IOException(java.io.IOException) DERObject(org.bouncycastle.asn1.DERObject) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) ByteArrayInputStream(java.io.ByteArrayInputStream) RDN(org.bouncycastle.asn1.x500.RDN) CMSException(org.bouncycastle.cms.CMSException)

Example 4 with ContentInfo

use of org.bouncycastle.asn1.pkcs.ContentInfo in project robovm by robovm.

the class CMSSignedDataGenerator method generate.

public CMSSignedData generate(// FIXME Avoid accessing more than once to support CMSProcessableInputStream
CMSTypedData content, boolean encapsulate) throws CMSException {
    if (!signerInfs.isEmpty()) {
        throw new IllegalStateException("this method can only be used with SignerInfoGenerator");
    }
    // TODO
    //        if (signerInfs.isEmpty())
    //        {
    //            /* RFC 3852 5.2
    //             * "In the degenerate case where there are no signers, the
    //             * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
    //             * case, the content type within the EncapsulatedContentInfo value being
    //             * "signed" MUST be id-data (as defined in section 4), and the content
    //             * field of the EncapsulatedContentInfo value MUST be omitted."
    //             */
    //            if (encapsulate)
    //            {
    //                throw new IllegalArgumentException("no signers, encapsulate must be false");
    //            }
    //            if (!DATA.equals(eContentType))
    //            {
    //                throw new IllegalArgumentException("no signers, eContentType must be id-data");
    //            }
    //        }
    //
    //        if (!DATA.equals(eContentType))
    //        {
    //            /* RFC 3852 5.3
    //             * [The 'signedAttrs']...
    //             * field is optional, but it MUST be present if the content type of
    //             * the EncapsulatedContentInfo value being signed is not id-data.
    //             */
    //            // TODO signedAttrs must be present for all signers
    //        }
    ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
    ASN1EncodableVector signerInfos = new ASN1EncodableVector();
    // clear the current preserved digest state
    digests.clear();
    //
    for (Iterator it = _signers.iterator(); it.hasNext(); ) {
        SignerInformation signer = (SignerInformation) it.next();
        digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID()));
        // TODO Verify the content type and calculated digest match the precalculated SignerInfo
        signerInfos.add(signer.toASN1Structure());
    }
    //
    // add the SignerInfo objects
    //
    ASN1ObjectIdentifier contentTypeOID = content.getContentType();
    ASN1OctetString octs = null;
    if (content != null) {
        ByteArrayOutputStream bOut = null;
        if (encapsulate) {
            bOut = new ByteArrayOutputStream();
        }
        OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut);
        // Just in case it's unencapsulated and there are no signers!
        cOut = CMSUtils.getSafeOutputStream(cOut);
        try {
            content.write(cOut);
            cOut.close();
        } catch (IOException e) {
            throw new CMSException("data processing exception: " + e.getMessage(), e);
        }
        if (encapsulate) {
            octs = new BEROctetString(bOut.toByteArray());
        }
    }
    for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
        SignerInfoGenerator sGen = (SignerInfoGenerator) it.next();
        SignerInfo inf = sGen.generate(contentTypeOID);
        digestAlgs.add(inf.getDigestAlgorithm());
        signerInfos.add(inf);
        byte[] calcDigest = sGen.getCalculatedDigest();
        if (calcDigest != null) {
            digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest);
        }
    }
    ASN1Set certificates = null;
    if (certs.size() != 0) {
        certificates = CMSUtils.createBerSetFromList(certs);
    }
    ASN1Set certrevlist = null;
    if (crls.size() != 0) {
        certrevlist = CMSUtils.createBerSetFromList(crls);
    }
    ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
    SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
    ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
    return new CMSSignedData(content, contentInfo);
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) SignedData(org.bouncycastle.asn1.cms.SignedData) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) DERSet(org.bouncycastle.asn1.DERSet) SignerInfo(org.bouncycastle.asn1.cms.SignerInfo) BEROctetString(org.bouncycastle.asn1.BEROctetString) ASN1Set(org.bouncycastle.asn1.ASN1Set) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) Iterator(java.util.Iterator) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 5 with ContentInfo

use of org.bouncycastle.asn1.pkcs.ContentInfo in project robovm by robovm.

the class CMSSignedData method replaceCertificatesAndCRLs.

/**
     * Replace the certificate and CRL information associated with this
     * CMSSignedData object with the new one passed in.
     * 
     * @param signedData the signed data object to be used as a base.
     * @param certsAndCrls the new certificates and CRLs to be used.
     * @return a new signed data object.
     * @exception CMSException if there is an error processing the CertStore
     * @deprecated use method taking Store arguments.
     */
public static CMSSignedData replaceCertificatesAndCRLs(CMSSignedData signedData, CertStore certsAndCrls) throws CMSException {
    //
    // copy
    //
    CMSSignedData cms = new CMSSignedData(signedData);
    //
    // replace the certs and crls in the SignedData object
    //
    ASN1Set certs = null;
    ASN1Set crls = null;
    try {
        ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls));
        if (set.size() != 0) {
            certs = set;
        }
    } catch (CertStoreException e) {
        throw new CMSException("error getting certs from certStore", e);
    }
    try {
        ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls));
        if (set.size() != 0) {
            crls = set;
        }
    } catch (CertStoreException e) {
        throw new CMSException("error getting crls from certStore", e);
    }
    //
    // replace the CMS structure.
    //
    cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), signedData.signedData.getEncapContentInfo(), certs, crls, signedData.signedData.getSignerInfos());
    //
    // replace the contentInfo with the new one
    //
    cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData);
    return cms;
}
Also used : ASN1Set(org.bouncycastle.asn1.ASN1Set) SignedData(org.bouncycastle.asn1.cms.SignedData) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) CertStoreException(java.security.cert.CertStoreException)

Aggregations

ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)24 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)22 IOException (java.io.IOException)20 X509Certificate (java.security.cert.X509Certificate)18 CMSSignedData (org.bouncycastle.cms.CMSSignedData)14 CertificateException (java.security.cert.CertificateException)12 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12 BERSequence (org.bouncycastle.asn1.BERSequence)12 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)9 ASN1Set (org.bouncycastle.asn1.ASN1Set)9 SignedData (org.bouncycastle.asn1.cms.SignedData)9 CMSException (org.bouncycastle.cms.CMSException)9 PrivateKey (java.security.PrivateKey)8 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)8 DERSet (org.bouncycastle.asn1.DERSet)8 ContentInfo (org.bouncycastle.asn1.pkcs.ContentInfo)8 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)7 ByteArrayInputStream (java.io.ByteArrayInputStream)6 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6