Search in sources :

Example 1 with SMIMEEncryptionKeyPreferenceAttribute

use of org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute in project ats-framework by Axway.

the class SMimePackageEncryptor method sign.

@PublicAtsApi
public Package sign(Package sourcePackage) throws ActionException {
    try {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        KeyStore ks = getKeystore();
        // TODO wrap exception with possible causes and add some hint
        PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray());
        // Get whole certificate chain
        Certificate[] certArr = ks.getCertificateChain(aliasOrCN);
        // Pre 4.0.6 behavior was not to attach full cert. chain X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN);
        if (certArr.length >= 1) {
            LOG.debug("Found certificate of alias: " + aliasOrCN + ". Lenght of cert chain: " + certArr.length + ", child cert:" + certArr[0].toString());
        }
        X509Certificate childCert = (X509Certificate) certArr[0];
        /* Create the SMIMESignedGenerator */
        ASN1EncodableVector attributes = new ASN1EncodableVector();
        attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name(childCert.getIssuerDN().getName()), childCert.getSerialNumber())));
        SMIMECapabilityVector capabilities = new SMIMECapabilityVector();
        capabilities.addCapability(SMIMECapability.aES128_CBC);
        capabilities.addCapability(SMIMECapability.dES_EDE3_CBC);
        capabilities.addCapability(SMIMECapability.rC2_CBC, 128);
        capabilities.addCapability(SMIMECapability.dES_CBC);
        attributes.add(new SMIMECapabilitiesAttribute(capabilities));
        if (signatureAlgorithm == null) {
            // not specified explicitly
            // TODO check defaults to be used
            signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
        }
        SMIMESignedGenerator signer = new SMIMESignedGenerator();
        JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder();
        signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
        signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes));
        signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey, childCert));
        /* Add the list of certs to the generator */
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        for (int i = 0; i < certArr.length; i++) {
            // first add child cert, and CAs
            certList.add((X509Certificate) certArr[i]);
        }
        Store<?> certs = new JcaCertStore(certList);
        signer.addCertificates(certs);
        /* Sign the message */
        Session session = Session.getDefaultInstance(System.getProperties(), null);
        MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage));
        MimeMessage signedMessage = new MimeMessage(session);
        /* Set all original MIME headers in the signed message */
        Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines();
        while (headers.hasMoreElements()) {
            signedMessage.addHeaderLine((String) headers.nextElement());
        }
        /* Set the content of the signed message */
        signedMessage.setContent(mm);
        signedMessage.saveChanges();
        return new MimePackage(signedMessage);
    } catch (Exception e) {
        throw new ActionException(EXCEPTION_WHILE_SIGNING, e);
    }
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber) PrivateKey(java.security.PrivateKey) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) ArrayList(java.util.ArrayList) SMIMESignedGenerator(org.bouncycastle.mail.smime.SMIMESignedGenerator) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) X500Name(org.bouncycastle.asn1.x500.X500Name) MimePackage(com.axway.ats.action.objects.MimePackage) SMIMEEncryptionKeyPreferenceAttribute(org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute) SMIMECapabilityVector(org.bouncycastle.asn1.smime.SMIMECapabilityVector) MimeMultipart(javax.mail.internet.MimeMultipart) MimeMessage(javax.mail.internet.MimeMessage) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) SMIMECapabilitiesAttribute(org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute) JcaSimpleSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) ActionException(com.axway.ats.action.model.ActionException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) MessagingException(javax.mail.MessagingException) ActionException(com.axway.ats.action.model.ActionException) SMIMEException(org.bouncycastle.mail.smime.SMIMEException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Session(javax.mail.Session) PublicAtsApi(com.axway.ats.common.PublicAtsApi)

Aggregations

ActionException (com.axway.ats.action.model.ActionException)1 MimePackage (com.axway.ats.action.objects.MimePackage)1 PublicAtsApi (com.axway.ats.common.PublicAtsApi)1 KeyStore (java.security.KeyStore)1 PrivateKey (java.security.PrivateKey)1 Certificate (java.security.cert.Certificate)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 MessagingException (javax.mail.MessagingException)1 Session (javax.mail.Session)1 MimeMessage (javax.mail.internet.MimeMessage)1 MimeMultipart (javax.mail.internet.MimeMultipart)1 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)1 AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)1 IssuerAndSerialNumber (org.bouncycastle.asn1.cms.IssuerAndSerialNumber)1 SMIMECapabilitiesAttribute (org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute)1 SMIMECapabilityVector (org.bouncycastle.asn1.smime.SMIMECapabilityVector)1 SMIMEEncryptionKeyPreferenceAttribute (org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 JcaCertStore (org.bouncycastle.cert.jcajce.JcaCertStore)1