Search in sources :

Example 1 with CMSProcessableBodyPart

use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.

the class SMIMECryptographerImpl method deserializeSignatureEnvelope.

/**
     * Extracts the ASN1 encoded signature data from the signed entity.
     * @param entity The entity containing the original signed part and the message signature.
     * @return A CMSSignedData object that contains the ASN1 encoded signature data of the message.
     */
public CMSSignedData deserializeSignatureEnvelope(SignedEntity entity) {
    if (entity == null) {
        throw new NHINDException();
    }
    CMSSignedData signed = null;
    try {
        //signed = new SMIMESigned(entity.getMimeMultipart());
        byte[] messageBytes = EntitySerializer.Default.serializeToBytes(entity.getContent());
        MimeBodyPart signedContent = null;
        signedContent = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
        signed = new CMSSignedData(new CMSProcessableBodyPart(signedContent), entity.getMimeMultipart().getBodyPart(1).getInputStream());
    } catch (Exception e) {
        e.printStackTrace();
        throw new MimeException(MimeError.Unexpected, e);
    }
    return signed;
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) MimeException(org.nhindirect.stagent.mail.MimeException) MimeBodyPart(javax.mail.internet.MimeBodyPart) NHINDException(org.nhindirect.stagent.NHINDException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) MessagingException(javax.mail.MessagingException) MimeException(org.nhindirect.stagent.mail.MimeException) NHINDException(org.nhindirect.stagent.NHINDException) ParseException(javax.mail.internet.ParseException) IOException(java.io.IOException) SignatureValidationException(org.nhindirect.stagent.SignatureValidationException) CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)

Example 2 with CMSProcessableBodyPart

use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.

the class MessageSigInspector method main.

public static void main(String[] args) {
    if (args.length == 0) {
        //printUsage();
        System.exit(-1);
    }
    String messgefile = null;
    for (int i = 0; i < args.length; i++) {
        String arg = args[i];
        // Options
        if (!arg.startsWith("-")) {
            System.err.println("Error: Unexpected argument [" + arg + "]\n");
            //printUsage();
            System.exit(-1);
        } else if (arg.equalsIgnoreCase("-msgFile")) {
            if (i == args.length - 1 || args[i + 1].startsWith("-")) {
                System.err.println("Error: Missing message file");
                System.exit(-1);
            }
            messgefile = args[++i];
        } else if (arg.equals("-help")) {
            //printUsage();
            System.exit(-1);
        } else {
            System.err.println("Error: Unknown argument " + arg + "\n");
            //printUsage();
            System.exit(-1);
        }
    }
    if (messgefile == null) {
        System.err.println("Error: missing message file\n");
    }
    InputStream inStream = null;
    try {
        inStream = FileUtils.openInputStream(new File(messgefile));
        MimeMessage message = new MimeMessage(null, inStream);
        MimeMultipart mm = (MimeMultipart) message.getContent();
        //byte[] messageBytes = EntitySerializer.Default.serializeToBytes(mm.getBodyPart(0).getContent());
        //MimeBodyPart signedContent = null;
        //signedContent = new MimeBodyPart(new ByteArrayInputStream(messageBytes));
        final CMSSignedData signed = new CMSSignedData(new CMSProcessableBodyPart(mm.getBodyPart(0)), mm.getBodyPart(1).getInputStream());
        CertStore certs = signed.getCertificatesAndCRLs("Collection", CryptoExtensions.getJCEProviderName());
        SignerInformationStore signers = signed.getSignerInfos();
        @SuppressWarnings("unchecked") Collection<SignerInformation> c = signers.getSigners();
        System.out.println("Found " + c.size() + " signers");
        int cnt = 1;
        for (SignerInformation signer : c) {
            Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
            if (certCollection != null && certCollection.size() > 0) {
                X509Certificate cert = (X509Certificate) certCollection.iterator().next();
                System.out.println("\r\nInfo for certificate " + cnt++);
                System.out.println("\tSubject " + cert.getSubjectDN());
                FileUtils.writeByteArrayToFile(new File("SigCert.der"), cert.getEncoded());
                byte[] bytes = cert.getExtensionValue("2.5.29.15");
                if (bytes != null) {
                    final DERObject obj = getObject(bytes);
                    final KeyUsage keyUsage = new KeyUsage((DERBitString) obj);
                    final byte[] data = keyUsage.getBytes();
                    final int intValue = (data.length == 1) ? data[0] & 0xff : (data[1] & 0xff) << 8 | (data[0] & 0xff);
                    System.out.println("\tKey Usage: " + intValue);
                } else
                    System.out.println("\tKey Usage: NONE");
                //verify and get the digests
                final Attribute digAttr = signer.getSignedAttributes().get(CMSAttributes.messageDigest);
                final DERObject hashObj = digAttr.getAttrValues().getObjectAt(0).getDERObject();
                final byte[] signedDigest = ((ASN1OctetString) hashObj).getOctets();
                final String signedDigestHex = org.apache.commons.codec.binary.Hex.encodeHexString(signedDigest);
                System.out.println("\r\nSigned Message Digest: " + signedDigestHex);
                try {
                    signer.verify(cert, "BC");
                    System.out.println("Signature verified.");
                } catch (CMSException e) {
                    System.out.println("Signature failed to verify.");
                }
                // should have the computed digest now
                final byte[] digest = signer.getContentDigest();
                final String digestHex = org.apache.commons.codec.binary.Hex.encodeHexString(digest);
                System.out.println("\r\nComputed Message Digest: " + digestHex);
            }
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        IOUtils.closeQuietly(inStream);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Attribute(org.bouncycastle.asn1.cms.Attribute) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) InputStream(java.io.InputStream) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) SignerInformation(org.bouncycastle.cms.SignerInformation) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) CMSException(org.bouncycastle.cms.CMSException) PolicyProcessException(org.nhindirect.policy.PolicyProcessException) CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart) DERObject(org.bouncycastle.asn1.DERObject) MimeMessage(javax.mail.internet.MimeMessage) MimeMultipart(javax.mail.internet.MimeMultipart) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) File(java.io.File) CertStore(java.security.cert.CertStore) CMSException(org.bouncycastle.cms.CMSException)

Example 3 with CMSProcessableBodyPart

use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.

the class SplitProviderDirectSignedDataGenerator_generateTest method testGenerate_safeNetHSMSignatureProvider_assertGenerated.

public void testGenerate_safeNetHSMSignatureProvider_assertGenerated() throws Exception {
    /**
         * This test is only run if a specific SafeNet eToken Pro HSM is connected to the testing 
         * system.  This can be modified for another specific machine and/or token.
         */
    pkcs11ProvName = TestUtils.setupSafeNetToken();
    if (!StringUtils.isEmpty(pkcs11ProvName)) {
        // get a certificate from the key store
        final KeyStore ks = KeyStore.getInstance("PKCS11");
        ks.load(null, "1Kingpuff".toCharArray());
        final Enumeration<String> aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            final String alias = aliases.nextElement();
            final KeyStore.Entry entry = ks.getEntry(alias, null);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                KeyStore.PrivateKeyEntry ent = (KeyStore.PrivateKeyEntry) entry;
                signerCert = X509CertificateEx.fromX509Certificate((X509Certificate) ent.getCertificate(), ent.getPrivateKey());
                break;
            }
        }
        final SplitProviderDirectSignedDataGenerator gen = new SplitProviderDirectSignedDataGenerator(pkcs11ProvName, "BC");
        setupSigningInfo(gen);
        // create the content 
        final MimeBodyPart signedContent = new MimeBodyPart();
        signedContent.addHeader("To:", "me@you.com");
        signedContent.addHeader("From", "test.test.com");
        signedContent.setText("Some Text To Sign");
        final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
        final CMSSignedData signedData = gen.generate(content);
        validateSignature(signedData);
    }
}
Also used : SplitProviderDirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator) MimeBodyPart(javax.mail.internet.MimeBodyPart) KeyStore(java.security.KeyStore) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)

Example 4 with CMSProcessableBodyPart

use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.

the class SplitProviderDirectSignedDataGenerator_generateTest method testGenerate_differentDefaultSigAndDigestProvider_assertGenerated.

public void testGenerate_differentDefaultSigAndDigestProvider_assertGenerated() throws Exception {
    final SplitProviderDirectSignedDataGenerator gen = new SplitProviderDirectSignedDataGenerator("SunRsaSign", "BC");
    setupSigningInfo(gen);
    // create the content 
    final MimeBodyPart signedContent = new MimeBodyPart();
    signedContent.addHeader("To:", "me@you.com");
    signedContent.addHeader("From", "test.test.com");
    signedContent.setText("Some Text To Sign");
    final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
    final CMSSignedData signedData = gen.generate(content);
    validateSignature(signedData);
}
Also used : SplitProviderDirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator) MimeBodyPart(javax.mail.internet.MimeBodyPart) CMSSignedData(org.bouncycastle.cms.CMSSignedData) CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)

Example 5 with CMSProcessableBodyPart

use of org.bouncycastle.mail.smime.CMSProcessableBodyPart in project nhin-d by DirectProject.

the class SplitProviderDirectSignedDataGenerator_generateTest method testGenerate_sameDefaultSigAndDigestProvider_assertGenerated.

public void testGenerate_sameDefaultSigAndDigestProvider_assertGenerated() throws Exception {
    final SplitProviderDirectSignedDataGenerator gen = new SplitProviderDirectSignedDataGenerator("", "");
    setupSigningInfo(gen);
    // create the content 
    final MimeBodyPart signedContent = new MimeBodyPart();
    signedContent.addHeader("To:", "me@you.com");
    signedContent.addHeader("From", "test.test.com");
    signedContent.setText("Some Text To Sign");
    final CMSProcessableBodyPart content = new CMSProcessableBodyPart(signedContent);
    final CMSSignedData signedData = gen.generate(content);
    validateSignature(signedData);
}
Also used : SplitProviderDirectSignedDataGenerator(org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator) MimeBodyPart(javax.mail.internet.MimeBodyPart) CMSSignedData(org.bouncycastle.cms.CMSSignedData) CMSProcessableBodyPart(org.bouncycastle.mail.smime.CMSProcessableBodyPart)

Aggregations

CMSSignedData (org.bouncycastle.cms.CMSSignedData)7 CMSProcessableBodyPart (org.bouncycastle.mail.smime.CMSProcessableBodyPart)7 MimeBodyPart (javax.mail.internet.MimeBodyPart)6 ByteArrayInputStream (java.io.ByteArrayInputStream)3 X509Certificate (java.security.cert.X509Certificate)3 SplitProviderDirectSignedDataGenerator (org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator)3 IOException (java.io.IOException)2 CertStore (java.security.cert.CertStore)2 MessagingException (javax.mail.MessagingException)2 MimeMultipart (javax.mail.internet.MimeMultipart)2 ParseException (javax.mail.internet.ParseException)2 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2 NHINDException (org.nhindirect.stagent.NHINDException)2 SignatureValidationException (org.nhindirect.stagent.SignatureValidationException)2 MimeException (org.nhindirect.stagent.mail.MimeException)2 File (java.io.File)1 InputStream (java.io.InputStream)1 KeyStore (java.security.KeyStore)1 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)1 ArrayList (java.util.ArrayList)1