Example 1 with SMIMECapabilitiesAttribute
use of org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute in project ats-framework by Axway.
the class SMimePackageEncryptor method sign.
@PublicAtsApi
public Package sign(Package sourcePackage) throws ActionException {
try {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
KeyStore ks = getKeystore();
// TODO wrap exception with possible causes and add some hint
PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray());
// Get whole certificate chain
Certificate[] certArr = ks.getCertificateChain(aliasOrCN);
// Pre 4.0.6 behavior was not to attach full cert. chain X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN);
if (certArr.length >= 1) {
LOG.debug("Found certificate of alias: " + aliasOrCN + ". Lenght of cert chain: " + certArr.length + ", child cert:" + certArr[0].toString());
}
X509Certificate childCert = (X509Certificate) certArr[0];
/* Create the SMIMESignedGenerator */
ASN1EncodableVector attributes = new ASN1EncodableVector();
attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name(childCert.getIssuerDN().getName()), childCert.getSerialNumber())));
SMIMECapabilityVector capabilities = new SMIMECapabilityVector();
capabilities.addCapability(SMIMECapability.aES128_CBC);
capabilities.addCapability(SMIMECapability.dES_EDE3_CBC);
capabilities.addCapability(SMIMECapability.rC2_CBC, 128);
capabilities.addCapability(SMIMECapability.dES_CBC);
attributes.add(new SMIMECapabilitiesAttribute(capabilities));
if (signatureAlgorithm == null) {
// not specified explicitly
// TODO check defaults to be used
signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
}
SMIMESignedGenerator signer = new SMIMESignedGenerator();
JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder();
signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes));
signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey, childCert));
/* Add the list of certs to the generator */
List<X509Certificate> certList = new ArrayList<X509Certificate>();
for (int i = 0; i < certArr.length; i++) {
// first add child cert, and CAs
certList.add((X509Certificate) certArr[i]);
}
Store<?> certs = new JcaCertStore(certList);
signer.addCertificates(certs);
/* Sign the message */
Session session = Session.getDefaultInstance(System.getProperties(), null);
MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage));
MimeMessage signedMessage = new MimeMessage(session);
/* Set all original MIME headers in the signed message */
Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines();
while (headers.hasMoreElements()) {
signedMessage.addHeaderLine((String) headers.nextElement());
}
/* Set the content of the signed message */
signedMessage.setContent(mm);
signedMessage.saveChanges();
return new MimePackage(signedMessage);
} catch (Exception e) {
throw new ActionException(EXCEPTION_WHILE_SIGNING, e);
}
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber)
PrivateKey(java.security.PrivateKey)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
ArrayList(java.util.ArrayList)
SMIMESignedGenerator(org.bouncycastle.mail.smime.SMIMESignedGenerator)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
X500Name(org.bouncycastle.asn1.x500.X500Name)
MimePackage(com.axway.ats.action.objects.MimePackage)
SMIMEEncryptionKeyPreferenceAttribute(org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute)
SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector)
MimeMultipart(javax.mail.internet.MimeMultipart)
MimeMessage(javax.mail.internet.MimeMessage)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
JcaSimpleSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
ActionException(com.axway.ats.action.model.ActionException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
MessagingException(javax.mail.MessagingException)
ActionException(com.axway.ats.action.model.ActionException)
SMIMEException(org.bouncycastle.mail.smime.SMIMEException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Session(javax.mail.Session)
PublicAtsApi(com.axway.ats.common.PublicAtsApi)
Example 2 with SMIMECapabilitiesAttribute
use of org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute in project nhin-d by DirectProject.
the class SMIMECryptographerImpl method createSignatureEntity.
protected MimeMultipart createSignatureEntity(byte[] entity, Collection<X509Certificate> signingCertificates) {
MimeMultipart retVal = null;
try {
final MimeBodyPart signedContent = new MimeBodyPart(new ByteArrayInputStream(entity));
final ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
final SMIMECapabilityVector caps = new SMIMECapabilityVector();
caps.addCapability(SMIMECapability.dES_EDE3_CBC);
caps.addCapability(SMIMECapability.rC2_CBC, 128);
caps.addCapability(SMIMECapability.dES_CBC);
caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
caps.addCapability(x509CertificateObjectsIdent);
signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
final List<X509Certificate> certList = new ArrayList<X509Certificate>();
final DirectSignedDataGenerator generator = sigFactory.createInstance();
for (X509Certificate signer : signingCertificates) {
if (signer instanceof X509CertificateEx) {
generator.addSigner(((X509CertificateEx) signer).getPrivateKey(), signer, this.m_digestAlgorithm.getOID(), createAttributeTable(signedAttrs), null);
certList.add(signer);
}
}
final CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertStore", "Collection"));
generator.addCertificatesAndCRLs(certsAndcrls);
final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
final CMSSignedData signedData = generator.generate(content);
final String header = "signed; protocol=\"application/pkcs7-signature\"; micalg=" + CryptoAlgorithmsHelper.toDigestAlgorithmMicalg(this.m_digestAlgorithm);
//String encodedSig = Base64.encodeBase64String(signedData.getEncoded());
final String encodedSig = StringUtils.newStringUtf8(Base64.encodeBase64(signedData.getEncoded(), true));
retVal = new MimeMultipart(header.toString());
final MimeBodyPart sig = new MimeBodyPart(new InternetHeaders(), encodedSig.getBytes("ASCII"));
sig.addHeader("Content-Type", "application/pkcs7-signature; name=smime.p7s; smime-type=signed-data");
sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\"");
sig.addHeader("Content-Description", "S/MIME Cryptographic Signature");
sig.addHeader("Content-Transfer-Encoding", "base64");
retVal.addBodyPart(signedContent);
retVal.addBodyPart(sig);
} catch (MessagingException e) {
throw new MimeException(MimeError.InvalidMimeEntity, e);
} catch (IOException e) {
throw new SignatureException(SignatureError.InvalidMultipartSigned, e);
} catch (Exception e) {
throw new NHINDException(MimeError.Unexpected, e);
}
return retVal;
}
Also used :
InternetHeaders(javax.mail.internet.InternetHeaders)
MessagingException(javax.mail.MessagingException)
ArrayList(java.util.ArrayList)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
IOException(java.io.IOException)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
NHINDException(org.nhindirect.stagent.NHINDException)
X509Certificate(java.security.cert.X509Certificate)
MessagingException(javax.mail.MessagingException)
MimeException(org.nhindirect.stagent.mail.MimeException)
NHINDException(org.nhindirect.stagent.NHINDException)
ParseException(javax.mail.internet.ParseException)
IOException(java.io.IOException)
SignatureValidationException(org.nhindirect.stagent.SignatureValidationException)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
MimeMultipart(javax.mail.internet.MimeMultipart)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
MimeException(org.nhindirect.stagent.mail.MimeException)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
DirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.DirectSignedDataGenerator)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
CertStore(java.security.cert.CertStore)
Example 3 with SMIMECapabilitiesAttribute
use of org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute in project nhin-d by DirectProject.
the class SplitProviderDirectSignedDataGenerator_generateTest method setupSigningInfo.
protected void setupSigningInfo(DirectSignedDataGenerator gen) throws Exception {
final ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
final SMIMECapabilityVector caps = new SMIMECapabilityVector();
caps.addCapability(SMIMECapability.dES_EDE3_CBC);
caps.addCapability(SMIMECapability.rC2_CBC, 128);
caps.addCapability(SMIMECapability.dES_CBC);
caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
caps.addCapability(SMIMECryptographerImpl.x509CertificateObjectsIdent);
signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
// setup the certificates
if (signerCert == null)
signerCert = TestUtils.getInternalCert("user1");
final List<X509Certificate> certList = new ArrayList<X509Certificate>();
// add certificate
gen.addSigner(((X509CertificateEx) signerCert).getPrivateKey(), signerCert, DigestAlgorithm.SHA256.getOID(), SMIMECryptographerImpl.createAttributeTable(signedAttrs), null);
certList.add(signerCert);
final CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertStore", "Collection"));
gen.addCertificatesAndCRLs(certsAndcrls);
}
Also used :
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector)
ArrayList(java.util.ArrayList)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
CertStore(java.security.cert.CertStore)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with SMIMECapabilitiesAttribute
use of org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute in project nhin-d by DirectProject.
the class SigTest method testCreateVerifySig.
public void testCreateVerifySig() throws Exception {
X509CertificateEx internalCert = TestUtils.getInternalCert("user1");
X509Certificate caCert = TestUtils.getExternalCert("cacert");
String testMessage = TestUtils.readResource("MultipartMimeMessage.txt");
MimeMessage entity = EntitySerializer.Default.deserialize(testMessage);
Message message = new Message(entity);
MimeEntity entityToSig = message.extractEntityForSignature(true);
// Serialize message out as ASCII encoded...
byte[] messageBytes = EntitySerializer.Default.serializeToBytes(entityToSig);
MimeBodyPart partToSign = null;
try {
partToSign = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
} catch (Exception e) {
}
SMIMESignedGenerator gen = new SMIMESignedGenerator();
ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
SMIMECapabilityVector caps = new SMIMECapabilityVector();
caps.addCapability(SMIMECapability.dES_EDE3_CBC);
caps.addCapability(SMIMECapability.rC2_CBC, 128);
caps.addCapability(SMIMECapability.dES_CBC);
caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
caps.addCapability(PKCSObjectIdentifiers.x509Certificate);
signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
List certList = new ArrayList();
gen.addSigner(internalCert.getPrivateKey(), internalCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null);
//SMIMESignedGenerator.DIGEST_SHA1, null, null);
certList.add(internalCert);
MimeMultipart retVal = null;
CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderName());
gen.addCertificatesAndCRLs(certsAndcrls);
_certStores.add(certsAndcrls);
_signers.add(new Signer(internalCert.getPrivateKey(), internalCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null));
retVal = generate(partToSign, CryptoExtensions.getJCEProviderName());
for (int i = 0; i < 10; ++i) {
ByteArrayOutputStream oStream = new ByteArrayOutputStream();
retVal.writeTo(oStream);
oStream.flush();
byte[] serialzedBytes = oStream.toByteArray();
//System.out.println(new String(serialzedBytes, "ASCII") + "\r\n\r\n\r\n\r\n\r\n");
ByteArrayDataSource dataSource = new ByteArrayDataSource(serialzedBytes, retVal.getContentType());
MimeMultipart verifyMM = new MimeMultipart(dataSource);
CMSSignedData signed = null;
//CMSSignedData signeddata = new CMSSignedData(new CMSProcessableBodyPartInbound(verifyMM.getBodyPart(0)), verifyMM.getBodyPart(1).getInputStream());
CMSSignedData signeddata = new CMSSignedData(new CMSProcessableBodyPartInbound(partToSign), verifyMM.getBodyPart(1).getInputStream());
int verified = 0;
CertStore certs = signeddata.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
SignerInformationStore signers = signeddata.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = certs.getCertificates(signer.getSID());
Attribute dig = signer.getSignedAttributes().get(CMSAttributes.messageDigest);
DERObject hashObj = dig.getAttrValues().getObjectAt(0).getDERObject();
byte[] signedHash = ((ASN1OctetString) hashObj).getOctets();
System.out.print("value of signedHash: \r\n\tvalue: ");
for (byte bt : signedHash) {
System.out.print(bt + " ");
}
System.out.println();
Iterator certIt = certCollection.iterator();
try {
assertTrue(signer.verify(internalCert, CryptoExtensions.getJCEProviderName()));
} catch (Exception e) {
e.printStackTrace();
}
byte[] bytes = signer.getContentDigest();
/*
X509Certificate cert = (X509Certificate)certIt.next();
if (signer.verify(cert.getPublicKey()))
{
verified++;
}
*/
verified++;
}
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CMSProcessableBodyPartInbound(org.bouncycastle.mail.smime.CMSProcessableBodyPartInbound)
Message(org.nhindirect.stagent.mail.Message)
MimeMessage(javax.mail.internet.MimeMessage)
Attribute(org.bouncycastle.asn1.cms.Attribute)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
ArrayList(java.util.ArrayList)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
SMIMESignedGenerator(org.bouncycastle.mail.smime.SMIMESignedGenerator)
SignerInformation(org.bouncycastle.cms.SignerInformation)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
DERObject(org.bouncycastle.asn1.DERObject)
MimeMessage(javax.mail.internet.MimeMessage)
SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector)
MimeMultipart(javax.mail.internet.MimeMultipart)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
Iterator(java.util.Iterator)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)
ByteArrayDataSource(javax.mail.util.ByteArrayDataSource)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
MessagingException(javax.mail.MessagingException)
CertStoreException(java.security.cert.CertStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CMSException(org.bouncycastle.cms.CMSException)
IOException(java.io.IOException)
SMIMEException(org.bouncycastle.mail.smime.SMIMEException)
NoSuchProviderException(java.security.NoSuchProviderException)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
ByteArrayInputStream(java.io.ByteArrayInputStream)
MimeEntity(org.nhindirect.stagent.mail.MimeEntity)
Collection(java.util.Collection)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
CertStore(java.security.cert.CertStore)
Aggregations
X509Certificate (java.security.cert.X509Certificate)4
ArrayList (java.util.ArrayList)4
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4
SMIMECapabilitiesAttribute (org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)4
SMIMECapabilityVector (org.bouncycastle.asn1.smime.SMIMECapabilityVector)4
CertStore (java.security.cert.CertStore)3
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)3
MessagingException (javax.mail.MessagingException)3
MimeMultipart (javax.mail.internet.MimeMultipart)3
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
MimeBodyPart (javax.mail.internet.MimeBodyPart)2
MimeMessage (javax.mail.internet.MimeMessage)2
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)2
CMSSignedData (org.bouncycastle.cms.CMSSignedData)2
SMIMEException (org.bouncycastle.mail.smime.SMIMEException)2
SMIMESignedGenerator (org.bouncycastle.mail.smime.SMIMESignedGenerator)2
X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)2
