Examples with EncryptedContentInfo org.mozilla.jss.pkcs7.EncryptedContentInfo used on opensource projects

Example 1 with EncryptedContentInfo

use of org.mozilla.jss.pkcs7.EncryptedContentInfo in project jss by dogtagpki.

the class AuthenticatedSafes method getSafeContentsAt.

/**
 * Returns the SafeContents at the given index in the AuthenticatedSafes,
 * decrypting it if necessary.
 *
 * <p>The algorithm used to extract encrypted SafeContents does not
 *  conform to version 1.0 of the spec. Instead, it conforms to the
 *  draft 1.0 spec, because this is what Communicator and MSIE seem
 *  to conform to.  This looks like an implementation error that has
 *  become firmly entrenched to preserve interoperability. The draft
 *  spec dictates that the encrypted content in the EncryptedContentInfo
 *  is the DER encoding of a SafeContents.  This is simple enough.  The
 *  1.0 final spec says that the SafeContents is wrapped in a ContentInfo,
 *  then the ContentInfo is BER encoded, then the value octets (not the
 *  tag or length) are encrypted. No wonder people stayed with the old way.
 *
 * @param password The password to use to decrypt the SafeContents if
 *  it is encrypted.  If the SafeContents is known to not be encrypted,
 *  this parameter can be null. If the password is incorrect, the
 *  decoding will fail somehow, probably with an InvalidBERException,
 *  BadPaddingException, or IllegalBlockSizeException.
 * @param index The index of the SafeContents to extract.
 * @return A SafeContents object, which is merely a
 *      SEQUENCE of SafeBags.
 * @exception IllegalArgumentException If no password was provided,
 *      but the SafeContents is encrypted.
 */
public SEQUENCE getSafeContentsAt(Password password, int index) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    ContentInfo ci = (ContentInfo) sequence.elementAt(index);
    if (ci.getContentType().equals(ContentInfo.ENCRYPTED_DATA)) {
        if (password == null) {
            // can't decrypt if we don't have a password
            throw new IllegalStateException("No password to decode " + "encrypted SafeContents");
        }
        EncryptedContentInfo encCI = ((EncryptedData) ci.getInterpretedContent()).getEncryptedContentInfo();
        // this should be a BER-encoded SafeContents
        byte[] decrypted = encCI.decrypt(password, new PasswordConverter());
        try {
            SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
            return (SEQUENCE) ASN1Util.decode(seqt, decrypted);
        } catch (InvalidBERException e) {
            if (ACCEPT_SECURITY_DYNAMICS) {
                // try the security dynamics approach
                ContentInfo.Template cit = ContentInfo.getTemplate();
                ci = (ContentInfo) ASN1Util.decode(cit, decrypted);
                if (!ci.getContentType().equals(ContentInfo.DATA)) {
                    throw new InvalidBERException("");
                }
                OCTET_STRING os = (OCTET_STRING) ci.getInterpretedContent();
                SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
                return (SEQUENCE) ASN1Util.decode(seqt, os.toByteArray());
            } else {
                throw e;
            }
        }
    } else if (ci.getContentType().equals(ContentInfo.DATA)) {
        // This SafeContents is not encrypted
        SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(SafeBag.getTemplate());
        return (SEQUENCE) ASN1Util.decode(seqt, ((OCTET_STRING) ci.getInterpretedContent()).toByteArray());
    } else {
        throw new InvalidBERException("AuthenticatedSafes element is" + " neither a Data or an EncryptedData");
    }
}

Example 2 with EncryptedContentInfo

use of org.mozilla.jss.pkcs7.EncryptedContentInfo in project jss by dogtagpki.

the class AuthenticatedSafes method addEncryptedSafeContents.

/**
 * Encrypts a SafeContents and adds it to the AuthenticatedSafes.
 *
 * @param keyGenAlg The algorithm used to generate a key from the password.
 *      Must be a PBE algorithm. <code>DEFAULT_KEY_GEN_ALG</code> is
 *      usually fine here. It only provides 40-bit security, but if the
 *      private key material is packaged in its own
 *      <i>EncryptedPrivateKeyInfo</i>, the security of the SafeContents
 *      is not as important.
 * @param password The password to use to generate the encryption key
 *      and IV.
 * @param salt The salt to use to generate the key and IV. If null is
 *      passed in, the salt will be generated randomly, which is usually
 *      the right thing to do.
 * @param iterationCount The number of hash iterations to perform when
 *      generating the key and IV.  Use DEFAULT_ITERATIONS unless
 *      you want to be clever.
 * @param safeContents A SafeContents, which is a SEQUENCE of SafeBags.
 *      Each element of the sequence must in fact be an instance of
 *      <code>SafeBag</code>.
 */
public void addEncryptedSafeContents(PBEAlgorithm keyGenAlg, Password password, byte[] salt, int iterationCount, SEQUENCE safeContents) throws NotInitializedException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException {
    try {
        // generate salt if necessary
        if (salt == null) {
            // generate random salt
            JSSSecureRandom rand = CryptoManager.getInstance().createPseudoRandomNumberGenerator();
            salt = new byte[SALT_LENGTH];
            rand.nextBytes(salt);
        }
        EncryptedContentInfo encCI = EncryptedContentInfo.createPBE(keyGenAlg, password, salt, iterationCount, new PasswordConverter(), ASN1Util.encode(safeContents));
        EncryptedData encData = new EncryptedData(encCI);
        ContentInfo ci = new ContentInfo(encData);
        sequence.addElement(ci);
    } catch (CharConversionException e) {
        throw new RuntimeException("Unable to convert password: " + e.getMessage(), e);
    }
}

Example 3 with EncryptedContentInfo

use of org.mozilla.jss.pkcs7.EncryptedContentInfo in project jss by dogtagpki.

the class AuthenticatedSafes method addSafeContents.

/**
 * Returns the decrypted content from the encrypted content info.
 *    private static byte[]
 *    decryptEncryptedContentInfo(EncryptedContentInfo eci, Password pass)
 *        throws IllegalStateException,CryptoManager.NotInitializedException,
 *        NoSuchAlgorithmException, InvalidBERException, IOException,
 *        InvalidKeyException, InvalidAlgorithmParameterException, TokenException,
 *        IllegalBlockSizeException, BadPaddingException
 *    {
 *        OCTET_STRING encryptedContent = eci.getEncryptedContent();
 *        if( encryptedContent == null ) {
 *            return null;
 *        }
 *
 *        // get the key gen parameters
 *        AlgorithmIdentifier algid = eci.getContentEncryptionAlgorithm();
 *        KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID( algid.getOID() );
 *        ASN1Value params = algid.getParameters();
 *        if( params == null ) {
 *            throw new InvalidAlgorithmParameterException(
 *                "PBE algorithms require parameters");
 *        }
 *        byte[] encodedParams = ASN1Util.encode(params);
 *        PBEParameter pbeParams = (PBEParameter)
 *                ASN1Util.decode( PBEParameter.getTemplate(), encodedParams );
 *        PBEKeyGenParams kgp = new PBEKeyGenParams(pass,
 *                    pbeParams.getSalt(), pbeParams.getIterations() );
 *
 *        // compute the key and IV
 *        CryptoToken token =
 *            CryptoManager.getInstance().getInternalCryptoToken();
 *        KeyGenerator kg = token.getKeyGenerator( kgAlg );
 *        kg.setCharToByteConverter( new PasswordConverter() );
 *        kg.initialize( kgp );
 *        SymmetricKey key = kg.generate();
 *
 *        // compute algorithm parameters
 *        EncryptionAlgorithm encAlg = keyGenAlgToEncryptionAlg(kgAlg);
 *        AlgorithmParameterSpec algParams;
 *        if( encAlg.getParameterClass().equals( IVParameterSpec.class ) ) {
 *            algParams = new IVParameterSpec( kg.generatePBE_IV() );
 *        } else {
 *            algParams = null;
 *        }
 *
 *        // perform the decryption
 *        Cipher cipher = token.getCipherContext( encAlg );
 *        cipher.initDecrypt(key,  algParams );
 *        return cipher.doFinal( encryptedContent.toByteArray() );
 *    }
 */
/**
 * Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.
 */
public void addSafeContents(SEQUENCE safeContents) {
    checkSafeContents(safeContents);
    ContentInfo ci = new ContentInfo(ASN1Util.encode(safeContents));
    sequence.addElement(ci);
}