Example 1 with CMSProcessableBodyPart
use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.
the class SMIMECryptographerImpl method deserializeSignatureEnvelope.
/**
* Extracts the ASN1 encoded signature data from the signed entity.
* @param entity The entity containing the original signed part and the message signature.
* @return A CMSSignedData object that contains the ASN1 encoded signature data of the message.
*/
public CMSSignedData deserializeSignatureEnvelope(SignedEntity entity) {
if (entity == null) {
throw new NHINDException();
}
CMSSignedData signed = null;
try {
//signed = new SMIMESigned(entity.getMimeMultipart());
byte[] messageBytes = EntitySerializer.Default.serializeToBytes(entity.getContent());
MimeBodyPart signedContent = null;
signedContent = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
signed = new CMSSignedData(new CMSProcessableBodyPart(signedContent), entity.getMimeMultipart().getBodyPart(1).getInputStream());
} catch (Exception e) {
e.printStackTrace();
throw new MimeException(MimeError.Unexpected, e);
}
return signed;
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
MimeException(org.nhindirect.stagent.mail.MimeException)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
NHINDException(org.nhindirect.stagent.NHINDException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
MessagingException(javax.mail.MessagingException)
MimeException(org.nhindirect.stagent.mail.MimeException)
NHINDException(org.nhindirect.stagent.NHINDException)
ParseException(javax.mail.internet.ParseException)
IOException(java.io.IOException)
SignatureValidationException(org.nhindirect.stagent.SignatureValidationException)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
Example 2 with CMSProcessableBodyPart
use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.
the class MessageSigInspector method main.
public static void main(String[] args) {
if (args.length == 0) {
//printUsage();
System.exit(-1);
}
String messgefile = null;
for (int i = 0; i < args.length; i++) {
String arg = args[i];
// Options
if (!arg.startsWith("-")) {
System.err.println("Error: Unexpected argument [" + arg + "]\n");
//printUsage();
System.exit(-1);
} else if (arg.equalsIgnoreCase("-msgFile")) {
if (i == args.length - 1 || args[i + 1].startsWith("-")) {
System.err.println("Error: Missing message file");
System.exit(-1);
}
messgefile = args[++i];
} else if (arg.equals("-help")) {
//printUsage();
System.exit(-1);
} else {
System.err.println("Error: Unknown argument " + arg + "\n");
//printUsage();
System.exit(-1);
}
}
if (messgefile == null) {
System.err.println("Error: missing message file\n");
}
InputStream inStream = null;
try {
inStream = FileUtils.openInputStream(new File(messgefile));
MimeMessage message = new MimeMessage(null, inStream);
MimeMultipart mm = (MimeMultipart) message.getContent();
//byte[] messageBytes = EntitySerializer.Default.serializeToBytes(mm.getBodyPart(0).getContent());
//MimeBodyPart signedContent = null;
//signedContent = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
final CMSSignedData signed = new CMSSignedData(new CMSProcessableBodyPart(mm.getBodyPart(0)), mm.getBodyPart(1).getInputStream());
CertStore certs = signed.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
SignerInformationStore signers = signed.getSignerInfos();
@SuppressWarnings("unchecked") Collection<SignerInformation> c = signers.getSigners();
System.out.println("Found " + c.size() + " signers");
int cnt = 1;
for (SignerInformation signer : c) {
Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
if (certCollection != null && certCollection.size() > 0) {
X509Certificate cert = (X509Certificate) certCollection.iterator().next();
System.out.println("\r\nInfo for certificate " + cnt++);
System.out.println("\tSubject " + cert.getSubjectDN());
FileUtils.writeByteArrayToFile(new File("SigCert.der"), cert.getEncoded());
byte[] bytes = cert.getExtensionValue("2.5.29.15");
if (bytes != null) {
final DERObject obj = getObject(bytes);
final KeyUsage keyUsage = new KeyUsage((DERBitString) obj);
final byte[] data = keyUsage.getBytes();
final int intValue = (data.length == 1) ? data[0] & 0xff : (data[1] & 0xff) << 8 | (data[0] & 0xff);
System.out.println("\tKey Usage: " + intValue);
} else
System.out.println("\tKey Usage: NONE");
//verify and get the digests
final Attribute digAttr = signer.getSignedAttributes().get(CMSAttributes.messageDigest);
final DERObject hashObj = digAttr.getAttrValues().getObjectAt(0).getDERObject();
final byte[] signedDigest = ((ASN1OctetString) hashObj).getOctets();
final String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest);
System.out.println("\r\nSigned Message Digest: " + signedDigestHex);
try {
signer.verify(cert, "BC");
System.out.println("Signature verified.");
} catch (CMSException e) {
System.out.println("Signature failed to verify.");
}
// should have the computed digest now
final byte[] digest = signer.getContentDigest();
final String digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest);
System.out.println("\r\nComputed Message Digest: " + digestHex);
}
}
} catch (Exception e) {
e.printStackTrace();
} finally {
IOUtils.closeQuietly(inStream);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
Attribute(org.bouncycastle.asn1.cms.Attribute)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
InputStream(java.io.InputStream)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
SignerInformation(org.bouncycastle.cms.SignerInformation)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
DERObject(org.bouncycastle.asn1.DERObject)
MimeMessage(javax.mail.internet.MimeMessage)
MimeMultipart(javax.mail.internet.MimeMultipart)
SignerInformationStore(org.bouncycastle.cms.SignerInformationStore)
File(java.io.File)
CertStore(java.security.cert.CertStore)
CMSException(org.bouncycastle.cms.CMSException)
Example 3 with CMSProcessableBodyPart
use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.
the class SplitProviderDirectSignedDataGenerator_generateTest method testGenerate_safeNetHSMSignatureProvider_assertGenerated.
public void testGenerate_safeNetHSMSignatureProvider_assertGenerated() throws Exception {
/**
* This test is only run if a specific SafeNet eToken Pro HSM is connected to the testing
* system. This can be modified for another specific machine and/or token.
*/
pkcs11ProvName = TestUtils.setupSafeNetToken();
if (!StringUtils.isEmpty(pkcs11ProvName)) {
// get a certificate from the key store
final KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, "1Kingpuff".toCharArray());
final Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
final String alias = aliases.nextElement();
final KeyStore.Entry entry = ks.getEntry(alias, null);
if (entry instanceof KeyStore.PrivateKeyEntry) {
KeyStore.PrivateKeyEntry ent = (KeyStore.PrivateKeyEntry) entry;
signerCert = X509CertificateEx.fromX509Certificate((X509Certificate) ent.getCertificate(), ent.getPrivateKey());
break;
}
}
final SplitProviderDirectSignedDataGenerator gen = new SplitProviderDirectSignedDataGenerator(pkcs11ProvName, "BC");
setupSigningInfo(gen);
// create the content
final MimeBodyPart signedContent = new MimeBodyPart();
signedContent.addHeader("To:", "me@you.com");
signedContent.addHeader("From", "test.test.com");
signedContent.setText("Some Text To Sign");
final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
final CMSSignedData signedData = gen.generate(content);
validateSignature(signedData);
}
}
Also used :
SplitProviderDirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
KeyStore(java.security.KeyStore)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
Example 4 with CMSProcessableBodyPart
use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.
the class SplitProviderDirectSignedDataGenerator_generateTest method testGenerate_differentDefaultSigAndDigestProvider_assertGenerated.
public void testGenerate_differentDefaultSigAndDigestProvider_assertGenerated() throws Exception {
final SplitProviderDirectSignedDataGenerator gen = new SplitProviderDirectSignedDataGenerator("SunRsaSign", "BC");
setupSigningInfo(gen);
// create the content
final MimeBodyPart signedContent = new MimeBodyPart();
signedContent.addHeader("To:", "me@you.com");
signedContent.addHeader("From", "test.test.com");
signedContent.setText("Some Text To Sign");
final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
final CMSSignedData signedData = gen.generate(content);
validateSignature(signedData);
}
Also used :
SplitProviderDirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
Example 5 with CMSProcessableBodyPart
use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.
the class SplitProviderDirectSignedDataGenerator_generateTest method testGenerate_sameDefaultSigAndDigestProvider_assertGenerated.
public void testGenerate_sameDefaultSigAndDigestProvider_assertGenerated() throws Exception {
final SplitProviderDirectSignedDataGenerator gen = new SplitProviderDirectSignedDataGenerator("", "");
setupSigningInfo(gen);
// create the content
final MimeBodyPart signedContent = new MimeBodyPart();
signedContent.addHeader("To:", "me@you.com");
signedContent.addHeader("From", "test.test.com");
signedContent.setText("Some Text To Sign");
final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
final CMSSignedData signedData = gen.generate(content);
validateSignature(signedData);
}
Also used :
SplitProviderDirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator)
MimeBodyPart(javax.mail.internet.MimeBodyPart)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)
Aggregations
CMSSignedData (org.bouncycastle.cms.CMSSignedData)7
CMSProcessableBodyPart (org.bouncycastle.mail.smime.CMSProcessableBodyPart)7
MimeBodyPart (javax.mail.internet.MimeBodyPart)6
ByteArrayInputStream (java.io.ByteArrayInputStream)3
X509Certificate (java.security.cert.X509Certificate)3
SplitProviderDirectSignedDataGenerator (org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator)3
IOException (java.io.IOException)2
CertStore (java.security.cert.CertStore)2
MessagingException (javax.mail.MessagingException)2
MimeMultipart (javax.mail.internet.MimeMultipart)2
ParseException (javax.mail.internet.ParseException)2
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2
NHINDException (org.nhindirect.stagent.NHINDException)2
SignatureValidationException (org.nhindirect.stagent.SignatureValidationException)2
MimeException (org.nhindirect.stagent.mail.MimeException)2
File (java.io.File)1
InputStream (java.io.InputStream)1
KeyStore (java.security.KeyStore)1
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)1
ArrayList (java.util.ArrayList)1
