Search in sources :

Example 1 with SMIMECapabilityVector

use of org.bouncycastle.asn1.smime.SMIMECapabilityVector in project ats-framework by Axway.

the class SMimePackageEncryptor method sign.

@PublicAtsApi
public Package sign(Package sourcePackage) throws ActionException {
    try {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        KeyStore ks = getKeystore();
        // TODO wrap exception with possible causes and add some hint
        PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray());
        // Get whole certificate chain
        Certificate[] certArr = ks.getCertificateChain(aliasOrCN);
        // Pre 4.0.6 behavior was not to attach full cert. chain X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN);
        if (certArr.length >= 1) {
            LOG.debug("Found certificate of alias: " + aliasOrCN + ". Lenght of cert chain: " + certArr.length + ", child cert:" + certArr[0].toString());
        }
        X509Certificate childCert = (X509Certificate) certArr[0];
        /* Create the SMIMESignedGenerator */
        ASN1EncodableVector attributes = new ASN1EncodableVector();
        attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name(childCert.getIssuerDN().getName()), childCert.getSerialNumber())));
        SMIMECapabilityVector capabilities = new SMIMECapabilityVector();
        capabilities.addCapability(SMIMECapability.aES128_CBC);
        capabilities.addCapability(SMIMECapability.dES_EDE3_CBC);
        capabilities.addCapability(SMIMECapability.rC2_CBC, 128);
        capabilities.addCapability(SMIMECapability.dES_CBC);
        attributes.add(new SMIMECapabilitiesAttribute(capabilities));
        if (signatureAlgorithm == null) {
            // not specified explicitly
            // TODO check defaults to be used
            signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
        }
        SMIMESignedGenerator signer = new SMIMESignedGenerator();
        JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder();
        signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
        signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes));
        signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey, childCert));
        /* Add the list of certs to the generator */
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        for (int i = 0; i < certArr.length; i++) {
            // first add child cert, and CAs
            certList.add((X509Certificate) certArr[i]);
        }
        Store<?> certs = new JcaCertStore(certList);
        signer.addCertificates(certs);
        /* Sign the message */
        Session session = Session.getDefaultInstance(System.getProperties(), null);
        MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage));
        MimeMessage signedMessage = new MimeMessage(session);
        /* Set all original MIME headers in the signed message */
        Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines();
        while (headers.hasMoreElements()) {
            signedMessage.addHeaderLine((String) headers.nextElement());
        }
        /* Set the content of the signed message */
        signedMessage.setContent(mm);
        signedMessage.saveChanges();
        return new MimePackage(signedMessage);
    } catch (Exception e) {
        throw new ActionException(EXCEPTION_WHILE_SIGNING, e);
    }
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber) PrivateKey(java.security.PrivateKey) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ArrayList(java.util.ArrayList) SMIMESignedGenerator(org.bouncycastle.mail.smime.SMIMESignedGenerator) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) X500Name(org.bouncycastle.asn1.x500.X500Name) MimePackage(com.axway.ats.action.objects.MimePackage) SMIMEEncryptionKeyPreferenceAttribute(org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute) SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector) MimeMultipart(javax.mail.internet.MimeMultipart) MimeMessage(javax.mail.internet.MimeMessage) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) JcaSimpleSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) ActionException(com.axway.ats.action.model.ActionException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) MessagingException(javax.mail.MessagingException) ActionException(com.axway.ats.action.model.ActionException) SMIMEException(org.bouncycastle.mail.smime.SMIMEException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Session(javax.mail.Session) PublicAtsApi(com.axway.ats.common.PublicAtsApi)

Example 2 with SMIMECapabilityVector

use of org.bouncycastle.asn1.smime.SMIMECapabilityVector in project nhin-d by DirectProject.

the class SMIMECryptographerImpl method createSignatureEntity.

protected MimeMultipart createSignatureEntity(byte[] entity, Collection<X509Certificate> signingCertificates) {
    MimeMultipart retVal = null;
    try {
        final MimeBodyPart signedContent = new MimeBodyPart(new ByteArrayInputStream(entity));
        final ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
        final SMIMECapabilityVector caps = new SMIMECapabilityVector();
        caps.addCapability(SMIMECapability.dES_EDE3_CBC);
        caps.addCapability(SMIMECapability.rC2_CBC, 128);
        caps.addCapability(SMIMECapability.dES_CBC);
        caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
        caps.addCapability(x509CertificateObjectsIdent);
        signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
        final List<X509Certificate> certList = new ArrayList<X509Certificate>();
        final DirectSignedDataGenerator generator = sigFactory.createInstance();
        for (X509Certificate signer : signingCertificates) {
            if (signer instanceof X509CertificateEx) {
                generator.addSigner(((X509CertificateEx) signer).getPrivateKey(), signer, this.m_digestAlgorithm.getOID(), createAttributeTable(signedAttrs), null);
                certList.add(signer);
            }
        }
        final CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertStore", "Collection"));
        generator.addCertificatesAndCRLs(certsAndcrls);
        final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
        final CMSSignedData signedData = generator.generate(content);
        final String header = "signed; protocol=\"application/pkcs7-signature\"; micalg=" + CryptoAlgorithmsHelper.toDigestAlgorithmMicalg(this.m_digestAlgorithm);
        //String encodedSig = Base64.encodeBase64String(signedData.getEncoded());
        final String encodedSig = StringUtils.newStringUtf8(Base64.encodeBase64(signedData.getEncoded(), true));
        retVal = new MimeMultipart(header.toString());
        final MimeBodyPart sig = new MimeBodyPart(new InternetHeaders(), encodedSig.getBytes("ASCII"));
        sig.addHeader("Content-Type", "application/pkcs7-signature; name=smime.p7s; smime-type=signed-data");
        sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\"");
        sig.addHeader("Content-Description", "S/MIME Cryptographic Signature");
        sig.addHeader("Content-Transfer-Encoding", "base64");
        retVal.addBodyPart(signedContent);
        retVal.addBodyPart(sig);
    } catch (MessagingException e) {
        throw new MimeException(MimeError.InvalidMimeEntity, e);
    } catch (IOException e) {
        throw new SignatureException(SignatureError.InvalidMultipartSigned, e);
    } catch (Exception e) {
        throw new NHINDException(MimeError.Unexpected, e);
    }
    return retVal;
}
Also used : InternetHeaders(javax.mail.internet.InternetHeaders) MessagingException(javax.mail.MessagingException) ArrayList(java.util.ArrayList) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) IOException(java.io.IOException) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) CMSSignedData(org.bouncycastle.cms.CMSSignedData) NHINDException(org.nhindirect.stagent.NHINDException) X509Certificate(java.security.cert.X509Certificate) MessagingException(javax.mail.MessagingException) MimeException(org.nhindirect.stagent.mail.MimeException) NHINDException(org.nhindirect.stagent.NHINDException) ParseException(javax.mail.internet.ParseException) IOException(java.io.IOException) SignatureValidationException(org.nhindirect.stagent.SignatureValidationException) CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) MimeMultipart(javax.mail.internet.MimeMultipart) ByteArrayInputStream(java.io.ByteArrayInputStream) SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector) X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) MimeException(org.nhindirect.stagent.mail.MimeException) MimeBodyPart(javax.mail.internet.MimeBodyPart) DirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.DirectSignedDataGenerator) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) CertStore(java.security.cert.CertStore)

Example 3 with SMIMECapabilityVector

use of org.bouncycastle.asn1.smime.SMIMECapabilityVector in project nhin-d by DirectProject.

the class SplitProviderDirectSignedDataGenerator_generateTest method setupSigningInfo.

protected void setupSigningInfo(DirectSignedDataGenerator gen) throws Exception {
    final ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
    final SMIMECapabilityVector caps = new SMIMECapabilityVector();
    caps.addCapability(SMIMECapability.dES_EDE3_CBC);
    caps.addCapability(SMIMECapability.rC2_CBC, 128);
    caps.addCapability(SMIMECapability.dES_CBC);
    caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
    caps.addCapability(SMIMECryptographerImpl.x509CertificateObjectsIdent);
    signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
    // setup the certificates
    if (signerCert == null)
        signerCert = TestUtils.getInternalCert("user1");
    final List<X509Certificate> certList = new ArrayList<X509Certificate>();
    // add certificate
    gen.addSigner(((X509CertificateEx) signerCert).getPrivateKey(), signerCert, DigestAlgorithm.SHA256.getOID(), SMIMECryptographerImpl.createAttributeTable(signedAttrs), null);
    certList.add(signerCert);
    final CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderNameForTypeAndAlgorithm("CertStore", "Collection"));
    gen.addCertificatesAndCRLs(certsAndcrls);
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector) ArrayList(java.util.ArrayList) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate)

Example 4 with SMIMECapabilityVector

use of org.bouncycastle.asn1.smime.SMIMECapabilityVector in project nhin-d by DirectProject.

the class SigTest method testCreateVerifySig.

public void testCreateVerifySig() throws Exception {
    X509CertificateEx internalCert = TestUtils.getInternalCert("user1");
    X509Certificate caCert = TestUtils.getExternalCert("cacert");
    String testMessage = TestUtils.readResource("MultipartMimeMessage.txt");
    MimeMessage entity = EntitySerializer.Default.deserialize(testMessage);
    Message message = new Message(entity);
    MimeEntity entityToSig = message.extractEntityForSignature(true);
    // Serialize message out as ASCII encoded...
    byte[] messageBytes = EntitySerializer.Default.serializeToBytes(entityToSig);
    MimeBodyPart partToSign = null;
    try {
        partToSign = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
    } catch (Exception e) {
    }
    SMIMESignedGenerator gen = new SMIMESignedGenerator();
    ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
    SMIMECapabilityVector caps = new SMIMECapabilityVector();
    caps.addCapability(SMIMECapability.dES_EDE3_CBC);
    caps.addCapability(SMIMECapability.rC2_CBC, 128);
    caps.addCapability(SMIMECapability.dES_CBC);
    caps.addCapability(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
    caps.addCapability(PKCSObjectIdentifiers.x509Certificate);
    signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
    List certList = new ArrayList();
    gen.addSigner(internalCert.getPrivateKey(), internalCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null);
    //SMIMESignedGenerator.DIGEST_SHA1, null, null);
    certList.add(internalCert);
    MimeMultipart retVal = null;
    CertStore certsAndcrls = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), CryptoExtensions.getJCEProviderName());
    gen.addCertificatesAndCRLs(certsAndcrls);
    _certStores.add(certsAndcrls);
    _signers.add(new Signer(internalCert.getPrivateKey(), internalCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null));
    retVal = generate(partToSign, CryptoExtensions.getJCEProviderName());
    for (int i = 0; i < 10; ++i) {
        ByteArrayOutputStream oStream = new ByteArrayOutputStream();
        retVal.writeTo(oStream);
        oStream.flush();
        byte[] serialzedBytes = oStream.toByteArray();
        //System.out.println(new String(serialzedBytes, "ASCII") + "\r\n\r\n\r\n\r\n\r\n");
        ByteArrayDataSource dataSource = new ByteArrayDataSource(serialzedBytes, retVal.getContentType());
        MimeMultipart verifyMM = new MimeMultipart(dataSource);
        CMSSignedData signed = null;
        //CMSSignedData signeddata = new CMSSignedData(new CMSProcessableBodyPartInbound(verifyMM.getBodyPart(0)), verifyMM.getBodyPart(1).getInputStream());			
        CMSSignedData signeddata = new CMSSignedData(new CMSProcessableBodyPartInbound(partToSign), verifyMM.getBodyPart(1).getInputStream());
        int verified = 0;
        CertStore certs = signeddata.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
        SignerInformationStore signers = signeddata.getSignerInfos();
        Collection c = signers.getSigners();
        Iterator it = c.iterator();
        while (it.hasNext()) {
            SignerInformation signer = (SignerInformation) it.next();
            Collection certCollection = certs.getCertificates(signer.getSID());
            Attribute dig = signer.getSignedAttributes().get(CMSAttributes.messageDigest);
            DERObject hashObj = dig.getAttrValues().getObjectAt(0).getDERObject();
            byte[] signedHash = ((ASN1OctetString) hashObj).getOctets();
            System.out.print("value of signedHash: \r\n\tvalue: ");
            for (byte bt : signedHash) {
                System.out.print(bt + " ");
            }
            System.out.println();
            Iterator certIt = certCollection.iterator();
            try {
                assertTrue(signer.verify(internalCert, CryptoExtensions.getJCEProviderName()));
            } catch (Exception e) {
                e.printStackTrace();
            }
            byte[] bytes = signer.getContentDigest();
            /*
	    		  X509Certificate cert = (X509Certificate)certIt.next();
	    		  
    		      if (signer.verify(cert.getPublicKey()))
    		      {
    		          verified++;
    		      }
	    		  */
            verified++;
        }
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CMSProcessableBodyPartInbound(org.bouncycastle.mail.smime.CMSProcessableBodyPartInbound) Message(org.nhindirect.stagent.mail.Message) MimeMessage(javax.mail.internet.MimeMessage) Attribute(org.bouncycastle.asn1.cms.Attribute) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) ArrayList(java.util.ArrayList) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) SMIMESignedGenerator(org.bouncycastle.mail.smime.SMIMESignedGenerator) SignerInformation(org.bouncycastle.cms.SignerInformation) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) DERObject(org.bouncycastle.asn1.DERObject) MimeMessage(javax.mail.internet.MimeMessage) SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector) MimeMultipart(javax.mail.internet.MimeMultipart) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) Iterator(java.util.Iterator) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) ArrayList(java.util.ArrayList) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) ByteArrayDataSource(javax.mail.util.ByteArrayDataSource) ByteArrayOutputStream(java.io.ByteArrayOutputStream) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) MessagingException(javax.mail.MessagingException) CertStoreException(java.security.cert.CertStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CMSException(org.bouncycastle.cms.CMSException) IOException(java.io.IOException) SMIMEException(org.bouncycastle.mail.smime.SMIMEException) NoSuchProviderException(java.security.NoSuchProviderException) X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) ByteArrayInputStream(java.io.ByteArrayInputStream) MimeEntity(org.nhindirect.stagent.mail.MimeEntity) Collection(java.util.Collection) MimeBodyPart(javax.mail.internet.MimeBodyPart) CertStore(java.security.cert.CertStore)

Aggregations

X509Certificate (java.security.cert.X509Certificate)4 ArrayList (java.util.ArrayList)4 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4 SMIMECapabilitiesAttribute (org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)4 SMIMECapabilityVector (org.bouncycastle.asn1.smime.SMIMECapabilityVector)4 CertStore (java.security.cert.CertStore)3 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)3 MessagingException (javax.mail.MessagingException)3 MimeMultipart (javax.mail.internet.MimeMultipart)3 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2 MimeBodyPart (javax.mail.internet.MimeBodyPart)2 MimeMessage (javax.mail.internet.MimeMessage)2 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2 AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)2 CMSSignedData (org.bouncycastle.cms.CMSSignedData)2 SMIMEException (org.bouncycastle.mail.smime.SMIMEException)2 SMIMESignedGenerator (org.bouncycastle.mail.smime.SMIMESignedGenerator)2 X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)2