Example 1 with CMSProcessableByteArray
use of org.bouncycastle.cms.CMSProcessableByteArray in project nhin-d by DirectProject.
the class ViewTrustBundlePKCS7 method viewBundle.
@SuppressWarnings({ "rawtypes" })
public boolean viewBundle(File trustDir) {
try {
//System.out.println("File:"+trustDir.getName());
if (!trustDir.getName().endsWith(".p7m")) {
byte[] trustBundleByte = loadFileData(trustDir);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
ContentInfo contentInfo = dataParser.getContentInfo();
SignedData signedData = SignedData.getInstance(contentInfo.getContent());
Enumeration certificates = signedData.getCertificates().getObjects();
StringBuffer output = new StringBuffer();
int counter = 1;
String chk = "Absent";
while (certificates.hasMoreElements()) {
DERObject certObj = (DERObject) certificates.nextElement();
InputStream in = new ByteArrayInputStream(certObj.getDEREncoded());
X509Certificate cert = (X509Certificate) cf.generateCertificate(in);
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
output.append("Trust Anchor :" + counter + "\n");
output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
counter++;
}
if (signedData.getEncapContentInfo().getContent() != null) {
//chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
}
output.append("Meta Data :\n" + chk);
error = output.toString();
} else //end of if check of file type
{
StringBuffer output = new StringBuffer();
int counter = 1;
String chk = "Absent";
byte[] trustBundleByte = loadFileData(trustDir);
CMSSignedData dataParser = new CMSSignedData(trustBundleByte);
ContentInfo contentInfo = dataParser.getContentInfo();
SignedData signedData = SignedData.getInstance(contentInfo.getContent());
CMSSignedData encapInfoBundle = new CMSSignedData(new CMSProcessableByteArray(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded()), contentInfo);
SignedData encapMetaData = SignedData.getInstance(encapInfoBundle.getContentInfo().getContent());
//System.out.println("ENCAP META DATA"+new String(encapMetaData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8"));
CMSProcessableByteArray cin = new CMSProcessableByteArray(((ASN1OctetString) encapMetaData.getEncapContentInfo().getContent()).getOctets());
CertificateFactory ucf = CertificateFactory.getInstance("X.509");
CMSSignedData unsignedParser = new CMSSignedData(cin.getInputStream());
ContentInfo unsginedEncapInfo = unsignedParser.getContentInfo();
SignedData metaData = SignedData.getInstance(unsginedEncapInfo.getContent());
Enumeration certificates = metaData.getCertificates().getObjects();
while (certificates.hasMoreElements()) {
DERObject certObj = (DERObject) certificates.nextElement();
InputStream bin = new ByteArrayInputStream(certObj.getDEREncoded());
X509Certificate cert = (X509Certificate) ucf.generateCertificate(bin);
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
output.append("Trust Anchor :" + counter + "\n");
output.append("Common Name :" + IETFUtils.valueToString(cn.getFirst().getValue()) + "\n");
output.append("DN :" + cert.getSubjectDN().getName() + "\n\n");
counter++;
}
if (metaData.getEncapContentInfo().getContent() != null) {
//chk = new String(signedData.getEncapContentInfo().getContent().getDERObject().getEncoded(),"UTF-8");
chk = new String(metaData.getEncapContentInfo().getContent().getDERObject().getDEREncoded(), "UTF-8");
}
output.append("Meta Data :\n" + chk);
error = output.toString();
}
//end of .p7m check if
}//end of try
catch (IOException io) {
//io.printStackTrace(System.err);
return false;
} catch (CMSException cm) {
//cm.printStackTrace(System.err);
return false;
} catch (Exception e) {
//e.printStackTrace(System.err);
return false;
}
return true;
}
Also used :
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
Enumeration(java.util.Enumeration)
SignedData(org.bouncycastle.asn1.cms.SignedData)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
IOException(java.io.IOException)
DERObject(org.bouncycastle.asn1.DERObject)
EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
ByteArrayInputStream(java.io.ByteArrayInputStream)
RDN(org.bouncycastle.asn1.x500.RDN)
CMSException(org.bouncycastle.cms.CMSException)
Example 2 with CMSProcessableByteArray
use of org.bouncycastle.cms.CMSProcessableByteArray in project walle by Meituan-Dianping.
the class V1SchemeSigner method generateSignatureBlock.
private static byte[] generateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException {
JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
X509Certificate signerCert = signerConfig.certificates.get(0);
String jcaSignatureAlgorithm = getJcaSignatureAlgorithm(signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
try {
ContentSigner signer = new JcaContentSignerBuilder(jcaSignatureAlgorithm).build(signerConfig.privateKey);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), SignerInfoSignatureAlgorithmFinder.INSTANCE).setDirectSignature(true).build(signer, new JcaX509CertificateHolder(signerCert)));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
ByteArrayOutputStream out = new ByteArrayOutputStream();
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
return out.toByteArray();
} catch (OperatorCreationException | CMSException | IOException e) {
throw new SignatureException("Failed to generate signature", e);
}
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
SignatureException(java.security.SignatureException)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
SignerInfoGeneratorBuilder(org.bouncycastle.cms.SignerInfoGeneratorBuilder)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
CMSException(org.bouncycastle.cms.CMSException)
Example 3 with CMSProcessableByteArray
use of org.bouncycastle.cms.CMSProcessableByteArray in project atlas by alibaba.
the class LocalSignedJarBuilder method close.
/**
* Closes the Jar archive by creating the manifest, and signing the archive.
*
* @throws IOException
* @throws SigningException
*/
public void close() throws IOException, SigningException {
if (mManifest != null) {
// write the manifest to the jar file
mOutputJar.putNextEntry(new JarEntry(JarFile.MANIFEST_NAME));
mManifest.write(mOutputJar);
try {
// CERT.SF
Signature signature = Signature.getInstance("SHA1with" + mKey.getAlgorithm());
signature.initSign(mKey);
if (StringUtils.isBlank(mSignFile)) {
mOutputJar.putNextEntry(new JarEntry("META-INF/CERT.SF"));
} else {
mOutputJar.putNextEntry(new JarEntry("META-INF/" + mSignFile + ".SF"));
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
writeSignatureFile(baos);
byte[] signedData = baos.toByteArray();
mOutputJar.write(signedData);
if (StringUtils.isBlank(mSignFile)) {
mOutputJar.putNextEntry(new JarEntry("META-INF/CERT." + mKey.getAlgorithm()));
} else {
mOutputJar.putNextEntry(new JarEntry("META-INF/" + mSignFile + "." + mKey.getAlgorithm()));
}
// CERT.*
writeSignatureBlock(new CMSProcessableByteArray(signedData), mCertificate, mKey);
} catch (Exception e) {
throw new SigningException(e);
}
}
mOutputJar.close();
mOutputJar = null;
}
Also used :
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
Signature(java.security.Signature)
SigningException(com.android.builder.signing.SigningException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
JarEntry(java.util.jar.JarEntry)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
GeneralSecurityException(java.security.GeneralSecurityException)
SigningException(com.android.builder.signing.SigningException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Example 4 with CMSProcessableByteArray
use of org.bouncycastle.cms.CMSProcessableByteArray in project nhin-d by DirectProject.
the class CreateSignedPKCS7 method create.
/**
* Creates a pcks7 file from the certificate and key files.
* @param anchorDir :The Directory where the .der files are present.
* @param createFile : The .p7m File name.
* @param metaFile :One XML file as per required specification of TrustBundle metadata schema.
* @param p12certiFile : The .p12 file.
* @param passkey :Pass Key for the .p12 file if present or else it should be blank.
* @param destDir : The Destination folder where the output .p7m files will be created.
* * @return File : Returns the created SignedBundle as a .p7m file.
*/
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists, File p12certiFile, String passKey) {
File pkcs7File = null;
FileOutputStream outStr = null;
InputStream inStr = null;
try {
// Create the unsigned Trust Bundle
CreateUnSignedPKCS7 unSignedPKCS7 = new CreateUnSignedPKCS7();
File unsigned = unSignedPKCS7.create(anchorDir, createFile, metaFile, metaExists);
byte[] unsignedByte = loadFileData(unsigned);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
CMSSignedData unsignedData = new CMSSignedData(unsignedByte);
// Create the certificate array
KeyStore ks = java.security.KeyStore.getInstance("PKCS12", "BC");
ks.load(new FileInputStream(p12certiFile), defaultPwd.toCharArray());
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
if (ks.getKey(alias, defaultPwd.toCharArray()) != null && ks.getKey(alias, defaultPwd.toCharArray()) instanceof PrivateKey) {
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build((PrivateKey) ks.getKey(alias, defaultPwd.toCharArray()));
X509CertificateHolder holder = new X509CertificateHolder(ks.getCertificate(alias).getEncoded());
certList.add((X509Certificate) ks.getCertificate(alias));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, holder));
}
}
Store certStores = new JcaCertStore(certList);
gen.addCertificates(certStores);
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(unsignedData.getEncoded()), true);
//SignedData encapInfo = SignedData.getInstance(sigData.getContentInfo().getContent());
pkcs7File = getPKCS7OutFile(createFile);
outStr = new FileOutputStream(pkcs7File);
outStr.write(sigData.getEncoded());
} catch (CMSException e) {
// e.printStackTrace(System.err);
return null;
} catch (IOException e) {
// e.printStackTrace(System.err);
return null;
} catch (KeyStoreException e) {
// e.printStackTrace(System.err);
return null;
} catch (NoSuchProviderException e) {
// e.printStackTrace(System.err);
return null;
} catch (NoSuchAlgorithmException e) {
// e.printStackTrace(System.err);
return null;
} catch (CertificateException e) {
// e.printStackTrace(System.err);
return null;
} catch (UnrecoverableKeyException e) {
// e.printStackTrace(System.err);
return null;
} catch (OperatorCreationException e) {
// e.printStackTrace(System.err);
return null;
} catch (Exception e) {
// e.printStackTrace(System.err);
return null;
} finally {
IOUtils.closeQuietly(outStr);
IOUtils.closeQuietly(inStr);
}
return pkcs7File;
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
PrivateKey(java.security.PrivateKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
Store(org.bouncycastle.util.Store)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
KeyStore(java.security.KeyStore)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
FileOutputStream(java.io.FileOutputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
NoSuchProviderException(java.security.NoSuchProviderException)
File(java.io.File)
CMSException(org.bouncycastle.cms.CMSException)
Example 5 with CMSProcessableByteArray
use of org.bouncycastle.cms.CMSProcessableByteArray in project nhin-d by DirectProject.
the class CreateUnSignedPKCS7 method create.
/**
* Creates a pcks7 file from the certificate and key files.
* @param certFile The X509 DER encoded certificate file.
* @param keyFile The PCKS8 DER encoded private key file.
* @param password Option password for the private key file. This is required if the private key file is encrypted. Should be null or empty
* if the private key file is not encrypted.
* @param createFile Optional file descriptor for the output file of the pkcs12 file. If this is null, the file name is based on the
* certificate file name.
* @return File descriptor of the created pcks7 file. Null if an error occurred.
*/
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists) {
File pkcs7File = null;
FileOutputStream outStr = null;
InputStream inStr = null;
// load cert file
try {
File userDir = new File(anchorDir);
File[] files = userDir.listFiles();
X509Certificate[] certs = new X509Certificate[files.length];
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
int counter = 0;
for (File certFile : files) {
if (certFile.isFile() && !certFile.isHidden()) {
if (certFile.getName().endsWith(".der")) {
byte[] certData = loadFileData(certFile);
certs[counter] = getX509Certificate(certData);
certList.add(certs[counter]);
counter++;
}
}
}
if (counter == 0) {
error = "Trust Anchors are not available in specified folder!";
return null;
}
byte[] metaDataByte;
if (metaExists) {
metaDataByte = loadFileData(metaFile);
} else {
metaDataByte = "Absent".getBytes();
}
CMSTypedData msg = new CMSProcessableByteArray(metaDataByte);
Store certStores = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
//SignedData data = new SignedData(arg0, arg1, arg2, arg3, arg4)
gen.addCertificates(certStores);
CMSSignedData sigData = gen.generate(msg, metaExists);
//System.out.println("Inside Unsigned area: Create File:"+createFile);
pkcs7File = getPKCS7OutFile(createFile);
outStr = new FileOutputStream(pkcs7File);
outStr.write(sigData.getEncoded());
} catch (CMSException e) {
//e.printStackTrace(System.err);
return null;
} catch (IOException e) {
//e.printStackTrace(System.err);
return null;
} catch (KeyStoreException e) {
//e.printStackTrace(System.err);
return null;
} catch (NoSuchProviderException e) {
//e.printStackTrace(System.err);
return null;
} catch (NoSuchAlgorithmException e) {
//e.printStackTrace(System.err);
return null;
} catch (CertificateException e) {
//e.printStackTrace(System.err);
return null;
} catch (UnrecoverableKeyException e) {
//e.printStackTrace(System.err);
return null;
} catch (OperatorCreationException e) {
//e.printStackTrace(System.err);
return null;
} catch (Exception e) {
//e.printStackTrace(System.err);
return null;
} finally {
IOUtils.closeQuietly(outStr);
IOUtils.closeQuietly(inStr);
}
return pkcs7File;
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
ArrayList(java.util.ArrayList)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
Store(org.bouncycastle.util.Store)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
CMSTypedData(org.bouncycastle.cms.CMSTypedData)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
FileOutputStream(java.io.FileOutputStream)
NoSuchProviderException(java.security.NoSuchProviderException)
File(java.io.File)
CMSException(org.bouncycastle.cms.CMSException)
Aggregations
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)7
IOException (java.io.IOException)6
X509Certificate (java.security.cert.X509Certificate)6
CMSException (org.bouncycastle.cms.CMSException)6
CMSSignedData (org.bouncycastle.cms.CMSSignedData)6
InputStream (java.io.InputStream)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
CMSSignedDataGenerator (org.bouncycastle.cms.CMSSignedDataGenerator)4
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
KeyStoreException (java.security.KeyStoreException)3
NoSuchProviderException (java.security.NoSuchProviderException)3
UnrecoverableKeyException (java.security.UnrecoverableKeyException)3
CertificateException (java.security.cert.CertificateException)3
ArrayList (java.util.ArrayList)3
JcaCertStore (org.bouncycastle.cert.jcajce.JcaCertStore)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
File (java.io.File)2
FileOutputStream (java.io.FileOutputStream)2
KeyStore (java.security.KeyStore)2
