diff options
author | Kenny Root <kroot@google.com> | 2013-12-11 16:35:05 -0800 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2013-12-12 16:48:48 -0800 |
commit | 5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96 (patch) | |
tree | ba9d9a42f9ed5478b4205c83c13a0e94b55a8c6c /bcpkix | |
parent | c0444a1be12b67cbad8b4858f0d65a0d75db15a9 (diff) | |
download | android_external_bouncycastle-5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96.tar.gz android_external_bouncycastle-5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96.tar.bz2 android_external_bouncycastle-5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96.zip |
Upgrade to Bouncycastle 1.50
SHA256 sums of source packages:
0be5bb948ec481b3d1f30ee80ef593b298b3782697f9eeee5c74cf270689b520 bcpkix-jdk15on-150.tar.gz
468259c9166fbcf87ad284ae46fae45408cb7cfc9c406862ea75d5b8696f4f2a bcprov-jdk15on-150.tar.gz
Change-Id: Id566e9137f85d8328e9f0cb0472ff2f6ae7a71d3
Diffstat (limited to 'bcpkix')
10 files changed, 116 insertions, 1349 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java index ae71f31..0c52082 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java @@ -3,11 +3,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; @@ -25,15 +20,10 @@ import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.SignedData; import org.bouncycastle.asn1.cms.SignerInfo; -// BEGIN android-removed -// import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; -// END android-removed import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; import org.bouncycastle.util.Store; -import org.bouncycastle.x509.NoSuchStoreException; -import org.bouncycastle.x509.X509Store; /** * general class for handling a pkcs7-signature message. @@ -71,9 +61,7 @@ public class CMSSignedData ContentInfo contentInfo; CMSTypedData signedContent; SignerInformationStore signerInfoStore; - X509Store attributeStore; - X509Store certificateStore; - X509Store crlStore; + private Map hashes; private CMSSignedData( @@ -268,194 +256,6 @@ public class CMSSignedData } /** - * return a X509Store containing the attribute certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of attribute certificates - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getAttributeCertificates( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getAttributeCertificates(type, CMSUtils.getProvider(provider)); - } - - /** - * return a X509Store containing the attribute certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of attribute certificates - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getAttributeCertificates( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (attributeStore == null) - { - attributeStore = HELPER.createAttributeStore(type, provider, this.getAttributeCertificates()); - } - - return attributeStore; - } - - // BEGIN android-removed - // /** - // * return a X509Store containing the public key certificates, if any, contained - // * in this message. - // * - // * @param type type of store to create - // * @param provider name of provider to use - // * @return a store of public key certificates - // * @exception NoSuchProviderException if the provider requested isn't available. - // * @exception NoSuchStoreException if the store type isn't available. - // * @exception CMSException if a general exception prevents creation of the X509Store - // * @deprecated use base Store returning method - // */ - // public X509Store getCertificates( - // String type, - // String provider) - // throws NoSuchStoreException, NoSuchProviderException, CMSException - // { - // return getCertificates(type, CMSUtils.getProvider(provider)); - // } - // - // /** - // * return a X509Store containing the public key certificates, if any, contained - // * in this message. - // * - // * @param type type of store to create - // * @param provider provider to use - // * @return a store of public key certificates - // * @exception NoSuchStoreException if the store type isn't available. - // * @exception CMSException if a general exception prevents creation of the X509Store - // * @deprecated use base Store returning method - // */ - // public X509Store getCertificates( - // String type, - // Provider provider) - // throws NoSuchStoreException, CMSException - // { - // if (certificateStore == null) - // { - // certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); - // } - // - // return certificateStore; - // } - // - // /** - // * return a X509Store containing CRLs, if any, contained - // * in this message. - // * - // * @param type type of store to create - // * @param provider name of provider to use - // * @return a store of CRLs - // * @exception NoSuchProviderException if the provider requested isn't available. - // * @exception NoSuchStoreException if the store type isn't available. - // * @exception CMSException if a general exception prevents creation of the X509Store - // * @deprecated use base Store returning method - // */ - // public X509Store getCRLs( - // String type, - // String provider) - // throws NoSuchStoreException, NoSuchProviderException, CMSException - // { - // return getCRLs(type, CMSUtils.getProvider(provider)); - // } - // - // /** - // * return a X509Store containing CRLs, if any, contained - // * in this message. - // * - // * @param type type of store to create - // * @param provider provider to use - // * @return a store of CRLs - // * @exception NoSuchStoreException if the store type isn't available. - // * @exception CMSException if a general exception prevents creation of the X509Store - // * @deprecated use base Store returning method - // */ - // public X509Store getCRLs( - // String type, - // Provider provider) - // throws NoSuchStoreException, CMSException - // { - // if (crlStore == null) - // { - // crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); - // } - // - // return crlStore; - // } - // - // /** - // * return a CertStore containing the certificates and CRLs associated with - // * this message. - // * - // * @exception NoSuchProviderException if the provider requested isn't available. - // * @exception NoSuchAlgorithmException if the cert store isn't available. - // * @exception CMSException if a general exception prevents creation of the CertStore - // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder - // */ - // public CertStore getCertificatesAndCRLs( - // String type, - // String provider) - // throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - // { - // return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); - // } - // - // /** - // * return a CertStore containing the certificates and CRLs associated with - // * this message. - // * - // * @exception NoSuchAlgorithmException if the cert store isn't available. - // * @exception CMSException if a general exception prevents creation of the CertStore - // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder - // */ - // public CertStore getCertificatesAndCRLs( - // String type, - // Provider provider) - // throws NoSuchAlgorithmException, CMSException - // { - // try - // { - // JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); - // - // if (provider != null) - // { - // certStoreBuilder.setProvider(provider); - // } - // - // certStoreBuilder.addCertificates(this.getCertificates()); - // certStoreBuilder.addCRLs(this.getCRLs()); - // - // return certStoreBuilder.build(); - // } - // catch (NoSuchAlgorithmException e) - // { - // throw e; - // } - // catch (Exception e) - // { - // throw new CMSException("exception creating CertStore: " + e.getMessage(), e); - // } - // } - // END android-removed - - /** * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. * * @return a Store of X509CertificateHolder objects. @@ -518,15 +318,6 @@ public class CMSSignedData /** * return the ContentInfo - * @deprecated use toASN1Structure() - */ - public ContentInfo getContentInfo() - { - return contentInfo; - } - - /** - * return the ContentInfo */ public ContentInfo toASN1Structure() { @@ -680,77 +471,6 @@ public class CMSSignedData /** * Replace the certificate and CRL information associated with this * CMSSignedData object with the new one passed in. - * - * @param signedData the signed data object to be used as a base. - * @param certsAndCrls the new certificates and CRLs to be used. - * @return a new signed data object. - * @exception CMSException if there is an error processing the CertStore - * @deprecated use method taking Store arguments. - */ - public static CMSSignedData replaceCertificatesAndCRLs( - CMSSignedData signedData, - CertStore certsAndCrls) - throws CMSException - { - // - // copy - // - CMSSignedData cms = new CMSSignedData(signedData); - - // - // replace the certs and crls in the SignedData object - // - ASN1Set certs = null; - ASN1Set crls = null; - - try - { - ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls)); - - if (set.size() != 0) - { - certs = set; - } - } - catch (CertStoreException e) - { - throw new CMSException("error getting certs from certStore", e); - } - - try - { - ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls)); - - if (set.size() != 0) - { - crls = set; - } - } - catch (CertStoreException e) - { - throw new CMSException("error getting crls from certStore", e); - } - - // - // replace the CMS structure. - // - cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), - signedData.signedData.getEncapContentInfo(), - certs, - crls, - signedData.signedData.getSignerInfos()); - - // - // replace the contentInfo with the new one - // - cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData); - - return cms; - } - - /** - * Replace the certificate and CRL information associated with this - * CMSSignedData object with the new one passed in. * * @param signedData the signed data object to be used as a base. * @param certificates the new certificates to be used. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java index 9692e15..eea8a1a 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java @@ -3,13 +3,6 @@ package org.bouncycastle.cms; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Iterator; import java.util.List; @@ -20,16 +13,10 @@ import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BEROctetString; import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.SignedData; import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcDigestCalculatorProvider; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; /** * general class for generating a pkcs7-signature message. @@ -62,80 +49,6 @@ public class CMSSignedDataGenerator { private List signerInfs = new ArrayList(); - private class SignerInf - { - final PrivateKey key; - final Object signerIdentifier; - final String digestOID; - final String encOID; - final CMSAttributeTableGenerator sAttr; - final CMSAttributeTableGenerator unsAttr; - final AttributeTable baseSignedTable; - - SignerInf( - PrivateKey key, - Object signerIdentifier, - String digestOID, - String encOID, - CMSAttributeTableGenerator sAttr, - CMSAttributeTableGenerator unsAttr, - AttributeTable baseSignedTable) - { - this.key = key; - this.signerIdentifier = signerIdentifier; - this.digestOID = digestOID; - this.encOID = encOID; - this.sAttr = sAttr; - this.unsAttr = unsAttr; - this.baseSignedTable = baseSignedTable; - } - - SignerInfoGenerator toSignerInfoGenerator( - SecureRandom random, - Provider sigProvider, - boolean addDefaultAttributes) - throws IOException, CertificateEncodingException, CMSException, OperatorCreationException, NoSuchAlgorithmException - { - String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID); - String signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encOID); - - JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider()); - - if (addDefaultAttributes) - { - builder.setSignedAttributeGenerator(sAttr); - } - builder.setDirectSignature(!addDefaultAttributes); - - builder.setUnsignedAttributeGenerator(unsAttr); - - JcaContentSignerBuilder signerBuilder; - - try - { - signerBuilder = new JcaContentSignerBuilder(signatureName).setSecureRandom(random); - } - catch (IllegalArgumentException e) - { - throw new NoSuchAlgorithmException(e.getMessage()); - } - - if (sigProvider != null) - { - signerBuilder.setProvider(sigProvider); - } - - ContentSigner contentSigner = signerBuilder.build(key); - if (signerIdentifier instanceof X509Certificate) - { - return builder.build(contentSigner, (X509Certificate)signerIdentifier); - } - else - { - return builder.build(contentSigner, (byte[])signerIdentifier); - } - } - } /** * base constructor */ @@ -144,463 +57,24 @@ public class CMSSignedDataGenerator } /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - * @deprecated rand ignored in new API, use base constructor. - */ - public CMSSignedDataGenerator( - SecureRandom rand) - { - super(rand); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param digestOID digest algorithm OID - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID) - throws IllegalArgumentException - { - addSigner(key, cert, getEncOID(key, digestOID), digestOID); - } - - /** - * add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be - * provided here. - * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param encryptionOID digest encryption algorithm OID - * @param digestOID digest algorithm OID - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID) - throws IllegalArgumentException - { - doAddSigner(key, cert, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(), null, null); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID) - throws IllegalArgumentException - { - addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID); - } - - /** - * add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be - * provided here. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID) - throws IllegalArgumentException - { - doAddSigner(key, subjectKeyID, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(), null, null); - } - - /** - * add a signer with extra signed/unsigned attributes. + * Generate a CMS Signed Data object carrying a detached CMS signature. * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttr, unsignedAttr); - } - - /** - * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. - * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param encryptionOID digest encryption algorithm OID - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - doAddSigner(key, cert, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(signedAttr), - new SimpleAttributeTableGenerator(unsignedAttr), signedAttr); - } - - /** - * add a signer with extra signed/unsigned attributes. - * - * @param key signing key to use - * @param subjectKeyID subjectKeyID of corresponding public key - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttr, - unsignedAttr); - } - - /** - * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. - * - * @param key signing key to use - * @param subjectKeyID subjectKeyID of corresponding public key - * @param encryptionOID digest encryption algorithm OID - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - doAddSigner(key, subjectKeyID, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(signedAttr), - new SimpleAttributeTableGenerator(unsignedAttr), signedAttr); - } - - /** - * add a signer with extra signed/unsigned attributes based on generators. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen) - throws IllegalArgumentException - { - addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttrGen, unsignedAttrGen); - } - - /** - * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes based on generators. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen) - throws IllegalArgumentException - { - doAddSigner(key, cert, encryptionOID, digestOID, signedAttrGen, - unsignedAttrGen, null); - } - - /** - * add a signer with extra signed/unsigned attributes based on generators. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen) - throws IllegalArgumentException - { - addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttrGen, - unsignedAttrGen); - } - - /** - * add a signer, including digest encryption algorithm, with extra signed/unsigned attributes based on generators. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen) - throws IllegalArgumentException - { - doAddSigner(key, subjectKeyID, encryptionOID, digestOID, - signedAttrGen, unsignedAttrGen, null); - } - - private void doAddSigner( - PrivateKey key, - Object signerIdentifier, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen, - AttributeTable baseSignedTable) - throws IllegalArgumentException - { - signerInfs.add(new SignerInf(key, signerIdentifier, digestOID, encryptionOID, - signedAttrGen, unsignedAttrGen, baseSignedTable)); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider. - * @deprecated use generate() method not taking provider. + * @param content the content to be signed. */ public CMSSignedData generate( - CMSProcessable content, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(content, CMSUtils.getProvider(sigProvider)); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider. - * @deprecated use generate() method not taking provider. - */ - public CMSSignedData generate( - CMSProcessable content, - Provider sigProvider) - throws NoSuchAlgorithmException, CMSException - { - return generate(content, false, sigProvider); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature. The content type - * is set according to the OID represented by the string signedContentType. - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - String eContentType, - CMSProcessable content, - boolean encapsulate, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(eContentType, content, encapsulate, CMSUtils.getProvider(sigProvider), - true); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature. The content type - * is set according to the OID represented by the string signedContentType. - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - String eContentType, - CMSProcessable content, - boolean encapsulate, - Provider sigProvider) - throws NoSuchAlgorithmException, CMSException - { - return generate(eContentType, content, encapsulate, sigProvider, true); - } - - /** - * Similar method to the other generate methods. The additional argument - * addDefaultAttributes indicates whether or not a default set of signed attributes - * need to be added automatically. If the argument is set to false, no - * attributes will get added at all. - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - String eContentType, - CMSProcessable content, - boolean encapsulate, - String sigProvider, - boolean addDefaultAttributes) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(eContentType, content, encapsulate, CMSUtils.getProvider(sigProvider), - addDefaultAttributes); - } - - /** - * Similar method to the other generate methods. The additional argument - * addDefaultAttributes indicates whether or not a default set of signed attributes - * need to be added automatically. If the argument is set to false, no - * attributes will get added at all. - * @deprecated use setDirectSignature() on SignerInformationGenerator. - */ - public CMSSignedData generate( - String eContentType, - final CMSProcessable content, - boolean encapsulate, - Provider sigProvider, - boolean addDefaultAttributes) - throws NoSuchAlgorithmException, CMSException - { - boolean isCounterSignature = (eContentType == null); - - final ASN1ObjectIdentifier contentTypeOID = isCounterSignature - ? null - : new ASN1ObjectIdentifier(eContentType); - - for (Iterator it = signerInfs.iterator(); it.hasNext();) - { - SignerInf signer = (SignerInf)it.next(); - - try - { - signerGens.add(signer.toSignerInfoGenerator(rand, sigProvider, - addDefaultAttributes)); - } - catch (OperatorCreationException e) - { - throw new CMSException("exception creating signerInf", e); - } - catch (IOException e) - { - throw new CMSException("exception encoding attributes", e); - } - catch (CertificateEncodingException e) - { - throw new CMSException("error creating sid.", e); - } - } - - signerInfs.clear(); - - if (content != null) - { - return generate(new CMSTypedData() - { - public ASN1ObjectIdentifier getContentType() - { - return contentTypeOID; - } - - public void write(OutputStream out) - throws IOException, CMSException - { - content.write(out); - } - - public Object getContent() - { - return content.getContent(); - } - }, encapsulate); - } - else - { - return generate(new CMSAbsentContent(contentTypeOID), encapsulate); - } - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature with the - * default content type "data". - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - CMSProcessable content, - boolean encapsulate, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - if (content instanceof CMSTypedData) - { - return this.generate(((CMSTypedData)content).getContentType().getId(), content, encapsulate, sigProvider); - } - else - { - return this.generate(DATA, content, encapsulate, sigProvider); - } - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature with the - * default content type "data". - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - CMSProcessable content, - boolean encapsulate, - Provider sigProvider) - throws NoSuchAlgorithmException, CMSException - { - if (content instanceof CMSTypedData) - { - return this.generate(((CMSTypedData)content).getContentType().getId(), content, encapsulate, sigProvider); - } - else - { - return this.generate(DATA, content, encapsulate, sigProvider); - } - } - - public CMSSignedData generate( CMSTypedData content) throws CMSException { return generate(content, false); } + /** + * Generate a CMS Signed Data object which can be carrying a detached CMS signature, or have encapsulated data, depending on the value + * of the encapsulated parameter. + * + * @param content the content to be signed. + * @param encapsulate true if the content should be encapsulated in the signature, false otherwise. + */ public CMSSignedData generate( // FIXME Avoid accessing more than once to support CMSProcessableInputStream CMSTypedData content, @@ -747,36 +221,6 @@ public class CMSSignedDataGenerator * the passed in SignerInformation object. * * @param signer the signer to be countersigned - * @param sigProvider the provider to be used for counter signing. - * @return a store containing the signers. - * @deprecated use generateCounterSigners(SignerInformation) - */ - public SignerInformationStore generateCounterSigners(SignerInformation signer, Provider sigProvider) - throws NoSuchAlgorithmException, CMSException - { - return this.generate(null, new CMSProcessableByteArray(signer.getSignature()), false, sigProvider).getSignerInfos(); - } - - /** - * generate a set of one or more SignerInformation objects representing counter signatures on - * the passed in SignerInformation object. - * - * @param signer the signer to be countersigned - * @param sigProvider the provider to be used for counter signing. - * @return a store containing the signers. - * @deprecated use generateCounterSigners(SignerInformation) - */ - public SignerInformationStore generateCounterSigners(SignerInformation signer, String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return this.generate(null, new CMSProcessableByteArray(signer.getSignature()), false, CMSUtils.getProvider(sigProvider)).getSignerInfos(); - } - - /** - * generate a set of one or more SignerInformation objects representing counter signatures on - * the passed in SignerInformation object. - * - * @param signer the signer to be countersigned * @return a store containing the signers. */ public SignerInformationStore generateCounterSigners(SignerInformation signer) diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java index da6b4d5..f180c09 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java @@ -1,12 +1,5 @@ package org.bouncycastle.cms; -import java.io.IOException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.RSAPrivateKey; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -17,11 +10,7 @@ import java.util.Set; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; // BEGIN android-removed // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; @@ -32,18 +21,12 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AttributeCertificate; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; -// BEGIN android-removed -// import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; -// END android-removed import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Store; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509Store; public class CMSSignedGenerator { @@ -106,64 +89,11 @@ public class CMSSignedGenerator protected List signerGens = new ArrayList(); protected Map digests = new HashMap(); - protected final SecureRandom rand; - /** * base constructor */ protected CMSSignedGenerator() { - this(new SecureRandom()); - } - - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - */ - protected CMSSignedGenerator( - SecureRandom rand) - { - this.rand = rand; - } - - protected String getEncOID( - PrivateKey key, - String digestOID) - { - String encOID = null; - - if (key instanceof RSAPrivateKey || "RSA".equalsIgnoreCase(key.getAlgorithm())) - { - encOID = ENCRYPTION_RSA; - } - else if (key instanceof DSAPrivateKey || "DSA".equalsIgnoreCase(key.getAlgorithm())) - { - encOID = ENCRYPTION_DSA; - if (!digestOID.equals(DIGEST_SHA1)) - { - throw new IllegalArgumentException("can't mix DSA with anything but SHA1"); - } - } - else if ("ECDSA".equalsIgnoreCase(key.getAlgorithm()) || "EC".equalsIgnoreCase(key.getAlgorithm())) - { - encOID = (String)EC_ALGORITHMS.get(digestOID); - if (encOID == null) - { - throw new IllegalArgumentException("can't mix ECDSA with anything but SHA family digests"); - } - } - // BEGIN android-removed - // else if (key instanceof GOST3410PrivateKey || "GOST3410".equalsIgnoreCase(key.getAlgorithm())) - // { - // encOID = ENCRYPTION_GOST3410; - // } - // else if ("ECGOST3410".equalsIgnoreCase(key.getAlgorithm())) - // { - // encOID = ENCRYPTION_ECGOST3410; - // } - // END android-removed - - return encOID; } protected Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) @@ -175,36 +105,6 @@ public class CMSSignedGenerator return param; } - protected ASN1Set getAttributeSet( - AttributeTable attr) - { - if (attr != null) - { - return new DERSet(attr.toASN1EncodableVector()); - } - - return null; - } - - /** - * add the certificates and CRLs contained in the given CertStore - * to the pool that will be included in the encoded signature block. - * <p> - * Note: this assumes the CertStore will support null in the get - * methods. - * @param certStore CertStore containing the public key certificates and CRLs - * @throws java.security.cert.CertStoreException if an issue occurs processing the CertStore - * @throws CMSException if an issue occurse transforming data from the CertStore into the message - * @deprecated use addCertificates and addCRLs - */ - public void addCertificatesAndCRLs( - CertStore certStore) - throws CertStoreException, CMSException - { - certs.addAll(CMSUtils.getCertificatesFromStore(certStore)); - crls.addAll(CMSUtils.getCRLsFromStore(certStore)); - } - /** * Add a certificate to the certificate set to be included with the generated SignedData message. * @@ -309,40 +209,7 @@ public class CMSSignedGenerator // END android-removed /** - * Add the attribute certificates contained in the passed in store to the - * generator. - * - * @param store a store of Version 2 attribute certificates - * @throws CMSException if an error occurse processing the store. - * @deprecated use basic Store method - */ - public void addAttributeCertificates( - X509Store store) - throws CMSException - { - try - { - for (Iterator it = store.getMatches(null).iterator(); it.hasNext();) - { - X509AttributeCertificate attrCert = (X509AttributeCertificate)it.next(); - - certs.add(new DERTaggedObject(false, 2, - AttributeCertificate.getInstance(ASN1Primitive.fromByteArray(attrCert.getEncoded())))); - } - } - catch (IllegalArgumentException e) - { - throw new CMSException("error processing attribute certs", e); - } - catch (IOException e) - { - throw new CMSException("error processing attribute certs", e); - } - } - - - /** - * Add a store of precalculated signers to the generator. + * Add a store of pre-calculated signers to the generator. * * @param signerStore store of signers */ @@ -357,6 +224,11 @@ public class CMSSignedGenerator } } + /** + * Add a generator for a particular signer to this CMS SignedData generator. + * + * @param infoGen the generator representing the particular signer. + */ public void addSignerInfoGenerator(SignerInfoGenerator infoGen) { signerGens.add(infoGen); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java index dfc8dc5..11a927c 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java @@ -1,14 +1,8 @@ package org.bouncycastle.cms; -import java.io.IOException; -import java.security.Provider; -import java.security.cert.CRLException; -import java.security.cert.CertificateException; import java.util.ArrayList; -import java.util.Collection; import java.util.Enumeration; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import java.util.Map; @@ -37,16 +31,8 @@ import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; -// BEGIN android-removed -// import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; -// import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -// END android-removed import org.bouncycastle.util.CollectionStore; import org.bouncycastle.util.Store; -import org.bouncycastle.x509.NoSuchStoreException; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509Store; -import org.bouncycastle.x509.X509V2AttributeCertificate; class CMSSignedHelper { @@ -137,23 +123,7 @@ class CMSSignedHelper digestAliases.put("SHA384", new String[] { "SHA-384" }); digestAliases.put("SHA512", new String[] { "SHA-512" }); } - - /** - * Return the digest algorithm using one of the standard JCA string - * representations rather than the algorithm identifier (if possible). - */ - String getDigestAlgName( - String digestAlgOID) - { - String algName = (String)digestAlgs.get(digestAlgOID); - if (algName != null) - { - return algName; - } - - return digestAlgOID; - } /** * Return the digest encryption algorithm using one of the standard @@ -173,97 +143,6 @@ class CMSSignedHelper return encryptionAlgOID; } - X509Store createAttributeStore( - String type, - Provider provider, - Store certStore) - throws NoSuchStoreException, CMSException - { - try - { - Collection certHldrs = certStore.getMatches(null); - List certs = new ArrayList(certHldrs.size()); - - for (Iterator it = certHldrs.iterator(); it.hasNext();) - { - certs.add(new X509V2AttributeCertificate(((X509AttributeCertificateHolder)it.next()).getEncoded())); - } - - return X509Store.getInstance( - "AttributeCertificate/" +type, new X509CollectionStoreParameters(certs), provider); - } - catch (IllegalArgumentException e) - { - throw new CMSException("can't setup the X509Store", e); - } - catch (IOException e) - { - throw new CMSException("can't setup the X509Store", e); - } - } - - // BEGIN android-removed - // X509Store createCertificateStore( - // String type, - // Provider provider, - // Store certStore) - // throws NoSuchStoreException, CMSException - // { - // try - // { - // JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider); - // Collection certHldrs = certStore.getMatches(null); - // List certs = new ArrayList(certHldrs.size()); - // - // for (Iterator it = certHldrs.iterator(); it.hasNext();) - // { - // certs.add(converter.getCertificate((X509CertificateHolder)it.next())); - // } - // - // return X509Store.getInstance( - // "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); - // } - // catch (IllegalArgumentException e) - // { - // throw new CMSException("can't setup the X509Store", e); - // } - // catch (CertificateException e) - // { - // throw new CMSException("can't setup the X509Store", e); - // } - // } - // - // X509Store createCRLsStore( - // String type, - // Provider provider, - // Store crlStore) - // throws NoSuchStoreException, CMSException - // { - // try - // { - // JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider); - // Collection crlHldrs = crlStore.getMatches(null); - // List crls = new ArrayList(crlHldrs.size()); - // - // for (Iterator it = crlHldrs.iterator(); it.hasNext();) - // { - // crls.add(converter.getCRL((X509CRLHolder)it.next())); - // } - // - // return X509Store.getInstance( - // "CRL/" +type, new X509CollectionStoreParameters(crls), provider); - // } - // catch (IllegalArgumentException e) - // { - // throw new CMSException("can't setup the X509Store", e); - // } - // catch (CRLException e) - // { - // throw new CMSException("can't setup the X509Store", e); - // } - // } - // END android-removed - AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) { if (algId.getParameters() == null) diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index ccfab32..d6126b6 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -3,15 +3,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.Security; -import java.security.cert.CRLException; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; @@ -21,7 +12,6 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BEROctetStringGenerator; import org.bouncycastle.asn1.BERSet; @@ -29,15 +19,11 @@ import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; // BEGIN android-removed // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; // import org.bouncycastle.asn1.ocsp.OCSPResponse; // import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; // END android-removed -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; @@ -65,36 +51,6 @@ class CMSUtils return readContentInfo(new ASN1InputStream(input)); } - static List getCertificatesFromStore(CertStore certStore) - throws CertStoreException, CMSException - { - List certs = new ArrayList(); - - try - { - for (Iterator it = certStore.getCertificates(null).iterator(); it.hasNext();) - { - X509Certificate c = (X509Certificate)it.next(); - - certs.add(Certificate.getInstance(ASN1Primitive.fromByteArray(c.getEncoded()))); - } - - return certs; - } - catch (IllegalArgumentException e) - { - throw new CMSException("error processing certs", e); - } - catch (IOException e) - { - throw new CMSException("error processing certs", e); - } - catch (CertificateEncodingException e) - { - throw new CMSException("error encoding certs", e); - } - } - static List getCertificatesFromStore(Store certStore) throws CMSException { @@ -139,35 +95,6 @@ class CMSUtils } } - static List getCRLsFromStore(CertStore certStore) - throws CertStoreException, CMSException - { - List crls = new ArrayList(); - - try - { - for (Iterator it = certStore.getCRLs(null).iterator(); it.hasNext();) - { - X509CRL c = (X509CRL)it.next(); - - crls.add(CertificateList.getInstance(ASN1Primitive.fromByteArray(c.getEncoded()))); - } - - return crls; - } - catch (IllegalArgumentException e) - { - throw new CMSException("error processing crls", e); - } - catch (IOException e) - { - throw new CMSException("error processing crls", e); - } - catch (CRLException e) - { - throw new CMSException("error encoding crls", e); - } - } static List getCRLsFromStore(Store crlStore) throws CMSException @@ -254,27 +181,6 @@ class CMSUtils return octGen.getOctetOutputStream(); } - static TBSCertificate getTBSCertificateStructure( - X509Certificate cert) - { - try - { - return TBSCertificate.getInstance( - ASN1Primitive.fromByteArray(cert.getTBSCertificate())); - } - catch (Exception e) - { - throw new IllegalArgumentException( - "can't extract TBS structure from this cert"); - } - } - - static IssuerAndSerialNumber getIssuerAndSerialNumber(X509Certificate cert) - { - TBSCertificate tbsCert = getTBSCertificateStructure(cert); - return new IssuerAndSerialNumber(tbsCert.getIssuer(), tbsCert.getSerialNumber().getValue()); - } - private static ContentInfo readContentInfo( ASN1InputStream in) throws CMSException @@ -312,24 +218,6 @@ class CMSUtils return Streams.readAllLimited(in, limit); } - public static Provider getProvider(String providerName) - throws NoSuchProviderException - { - if (providerName != null) - { - Provider prov = Security.getProvider(providerName); - - if (prov != null) - { - return prov; - } - - throw new NoSuchProviderException("provider " + providerName + " not found."); - } - - return null; - } - static InputStream attachDigestsToInputStream(Collection digests, InputStream s) { InputStream result = s; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java index 8ba3686..837edd8 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java @@ -1,6 +1,7 @@ package org.bouncycastle.cms; import java.util.Date; +import java.util.Enumeration; import java.util.Hashtable; import java.util.Map; @@ -59,7 +60,7 @@ public class DefaultSignedAttributeTableGenerator protected Hashtable createStandardAttributeTable( Map parameters) { - Hashtable std = (Hashtable)table.clone(); + Hashtable std = copyHashTable(table); if (!std.containsKey(CMSAttributes.contentType)) { @@ -103,4 +104,18 @@ public class DefaultSignedAttributeTableGenerator { return new AttributeTable(createStandardAttributeTable(parameters)); } + + private static Hashtable copyHashTable(Hashtable paramsMap) + { + Hashtable newTable = new Hashtable(); + + Enumeration keys = paramsMap.keys(); + while (keys.hasMoreElements()) + { + Object key = keys.nextElement(); + newTable.put(key, paramsMap.get(key)); + } + + return newTable; + } } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java index e378629..f264729 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java @@ -7,7 +7,6 @@ import java.util.HashMap; import java.util.Map; import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.DEROctetString; @@ -23,6 +22,7 @@ import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.util.Arrays; import org.bouncycastle.util.io.TeeOutputStream; public class SignerInfoGenerator @@ -126,9 +126,9 @@ public class SignerInfoGenerator return signerIdentifier; } - public ASN1Integer getGeneratedVersion() + public int getGeneratedVersion() { - return new ASN1Integer(signerIdentifier.isTagged() ? 3 : 1); + return signerIdentifier.isTagged() ? 3 : 1; } public boolean hasAssociatedCertificate() @@ -221,7 +221,7 @@ public class SignerInfoGenerator if (unsAttrGen != null) { Map parameters = getBaseParameters(contentType, digestAlg, calculatedDigest); - parameters.put(CMSAttributeTableGenerator.SIGNATURE, sigBytes.clone()); + parameters.put(CMSAttributeTableGenerator.SIGNATURE, Arrays.clone(sigBytes)); AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); @@ -265,7 +265,7 @@ public class SignerInfoGenerator } param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, hash.clone()); + param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); return param; } @@ -273,7 +273,7 @@ public class SignerInfoGenerator { if (calculatedDigest != null) { - return (byte[])calculatedDigest.clone(); + return Arrays.clone(calculatedDigest); } return null; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java index bd9703a..7e178d6 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java @@ -2,13 +2,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.PublicKey; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Enumeration; import java.util.Iterator; @@ -33,13 +26,10 @@ import org.bouncycastle.asn1.cms.Time; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DigestInfo; import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder; -import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.operator.ContentVerifier; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.RawContentVerifier; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.io.TeeOutputStream; @@ -172,7 +162,7 @@ public class SignerInformation throw new IllegalStateException("method can only be called after verify."); } - return (byte[])resultDigest.clone(); + return Arrays.clone(resultDigest); } /** @@ -232,7 +222,7 @@ public class SignerInformation */ public byte[] getSignature() { - return (byte[])signature.clone(); + return Arrays.clone(signature); } /** @@ -318,42 +308,6 @@ public class SignerInformation return null; } - /** - * @deprecated - */ - private boolean doVerify( - PublicKey key, - Provider sigProvider) - throws CMSException, NoSuchAlgorithmException - { - try - { - SignerInformationVerifier verifier; - - if (sigProvider != null) - { - if (!sigProvider.getName().equalsIgnoreCase("BC")) - { - verifier = new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build()).setProvider(sigProvider).build(key); - } - else - { - verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(sigProvider).build(key); - } - } - else - { - verifier = new JcaSimpleSignerInfoVerifierBuilder().build(key); - } - - return doVerify(verifier); - } - catch (OperatorCreationException e) - { - throw new CMSException("unable to create verifier: " + e.getMessage(), e); - } - } - private boolean doVerify( SignerInformationVerifier verifier) throws CMSException @@ -555,75 +509,6 @@ public class SignerInformation } /** - * verify that the given public key successfully handles and confirms the - * signature associated with this signer. - * @deprecated use verify(ContentVerifierProvider) - */ - public boolean verify( - PublicKey key, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return verify(key, CMSUtils.getProvider(sigProvider)); - } - - /** - * verify that the given public key successfully handles and confirms the - * signature associated with this signer - * @deprecated use verify(ContentVerifierProvider) - */ - public boolean verify( - PublicKey key, - Provider sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - // Optional, but still need to validate if present - getSigningTime(); - - return doVerify(key, sigProvider); - } - - /** - * verify that the given certificate successfully handles and confirms - * the signature associated with this signer and, if a signingTime - * attribute is available, that the certificate was valid at the time the - * signature was generated. - * @deprecated use verify(ContentVerifierProvider) - */ - public boolean verify( - X509Certificate cert, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, - CertificateExpiredException, CertificateNotYetValidException, - CMSException - { - return verify(cert, CMSUtils.getProvider(sigProvider)); - } - - /** - * verify that the given certificate successfully handles and confirms - * the signature associated with this signer and, if a signingTime - * attribute is available, that the certificate was valid at the time the - * signature was generated. - * @deprecated use verify(ContentVerifierProvider) - */ - public boolean verify( - X509Certificate cert, - Provider sigProvider) - throws NoSuchAlgorithmException, - CertificateExpiredException, CertificateNotYetValidException, - CMSException - { - Time signingTime = getSigningTime(); - if (signingTime != null) - { - cert.checkValidity(signingTime.getDate()); - } - - return doVerify(cert.getPublicKey(), sigProvider); - } - - /** * Verify that the given verifier can successfully verify the signature on * this SignerInformation object. * @@ -654,17 +539,6 @@ public class SignerInformation } /** - * Return the base ASN.1 CMS structure that this object contains. - * - * @return an object containing a CMS SignerInfo structure. - * @deprecated use toASN1Structure() - */ - public SignerInfo toSignerInfo() - { - return info; - } - - /** * Return the underlying ASN.1 object defining this SignerInformation object. * * @return a SignerInfo. diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java index 56c3771..87a6699 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java @@ -12,6 +12,7 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.jcajce.DefaultJcaJceHelper; @@ -144,6 +145,12 @@ public class JcaContentVerifierProviderBuilder }; } + public ContentVerifierProvider build(SubjectPublicKeyInfo publicKey) + throws OperatorCreationException + { + return this.build(helper.convertPublicKey(publicKey)); + } + private SignatureOutputStream createSignatureStream(AlgorithmIdentifier algorithm, PublicKey publicKey) throws OperatorCreationException { diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java index 9a8ac54..74c1b28 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java @@ -4,14 +4,18 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.AlgorithmParameters; import java.security.GeneralSecurityException; +import java.security.KeyFactory; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; +import java.security.PublicKey; import java.security.Signature; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; import java.security.spec.PSSParameterSpec; +import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; @@ -31,9 +35,11 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.jcajce.JcaJceHelper; +import org.bouncycastle.jcajce.JcaJceUtils; import org.bouncycastle.operator.OperatorCreationException; class OperatorHelper @@ -187,6 +193,41 @@ class OperatorHelper } } + AlgorithmParameters createAlgorithmParameters(AlgorithmIdentifier cipherAlgId) + throws OperatorCreationException + { + AlgorithmParameters parameters; + + if (cipherAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) + { + return null; + } + + try + { + parameters = helper.createAlgorithmParameters(cipherAlgId.getAlgorithm().getId()); + } + catch (NoSuchAlgorithmException e) + { + return null; // There's a good chance there aren't any! + } + catch (NoSuchProviderException e) + { + throw new OperatorCreationException("cannot create algorithm parameters: " + e.getMessage(), e); + } + + try + { + parameters.init(cipherAlgId.getParameters().toASN1Primitive().getEncoded()); + } + catch (IOException e) + { + throw new OperatorCreationException("cannot initialise algorithm parameters: " + e.getMessage(), e); + } + + return parameters; + } + MessageDigest createDigest(AlgorithmIdentifier digAlgId) throws GeneralSecurityException { @@ -264,7 +305,7 @@ class OperatorHelper { AlgorithmParameters params = helper.createAlgorithmParameters(algName); - params.init(algorithm.getParameters().toASN1Primitive().getEncoded(), "ASN.1"); + JcaJceUtils.loadParameters(params, algorithm.getParameters()); PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class); sig.setParameter(spec); @@ -375,6 +416,33 @@ class OperatorHelper } } + public PublicKey convertPublicKey(SubjectPublicKeyInfo publicKeyInfo) + throws OperatorCreationException + { + try + { + KeyFactory keyFact = helper.createKeyFactory(publicKeyInfo.getAlgorithm().getAlgorithm().getId()); + + return keyFact.generatePublic(new X509EncodedKeySpec(publicKeyInfo.getEncoded())); + } + catch (IOException e) + { + throw new OperatorCreationException("cannot get encoded form of key: " + e.getMessage(), e); + } + catch (NoSuchAlgorithmException e) + { + throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e); + } + catch (NoSuchProviderException e) + { + throw new OperatorCreationException("cannot find factory provider: " + e.getMessage(), e); + } + catch (InvalidKeySpecException e) + { + throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e); + } + } + // TODO: put somewhere public so cause easily accessed private static class OpCertificateException extends CertificateException |