diff options
Diffstat (limited to 'bcpkix/src/main/java/org/bouncycastle/cms')
60 files changed, 879 insertions, 9292 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java index ec5fcfb..bd9d544 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java @@ -2,9 +2,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.InputStream; -import java.security.AlgorithmParameters; -import java.security.NoSuchProviderException; -import java.security.Provider; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1OctetString; @@ -14,7 +11,6 @@ import org.bouncycastle.asn1.cms.AuthenticatedData; import org.bouncycastle.asn1.cms.CMSAttributes; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceAlgorithmIdentifierConverter; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.util.Arrays; @@ -180,7 +176,7 @@ public class CMSAuthenticatedData */ public String getMacAlgOID() { - return macAlg.getObjectId().getId(); + return macAlg.getAlgorithm().getId(); } /** @@ -200,39 +196,6 @@ public class CMSAuthenticatedData } /** - * Return an AlgorithmParameters object giving the MAC parameters - * used to digest the message content. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @throws java.security.NoSuchProviderException if the provider cannot be found. - * @deprecated use getMacAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getMacAlgorithmParameters( - String provider) - throws CMSException, NoSuchProviderException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(macAlg); - } - - /** - * Return an AlgorithmParameters object giving the MAC parameters - * used to digest the message content. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @deprecated use getMacAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getMacAlgorithmParameters( - Provider provider) - throws CMSException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(macAlg); - } - - /** * return a store of the intended recipients for this message */ public RecipientInformationStore getRecipientInfos() diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java index 3c3185f..82f8294 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java @@ -3,20 +3,13 @@ package org.bouncycastle.cms; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.SecureRandom; import java.util.Collections; import java.util.HashMap; import java.util.Iterator; import java.util.Map; -import javax.crypto.KeyGenerator; - import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BEROctetString; @@ -27,7 +20,6 @@ import org.bouncycastle.asn1.cms.AuthenticatedData; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceCMSMacCalculatorBuilder; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.MacCalculator; @@ -186,81 +178,4 @@ public class CMSAuthenticatedDataGenerator } }); } - - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - * @deprecated no longer required, use simple constructor. - */ - public CMSAuthenticatedDataGenerator( - SecureRandom rand) - { - super(rand); - } - - /** - * generate an authenticated object that contains an CMS Authenticated Data - * object using the given provider and the passed in key generator. - * @deprecated - */ - private CMSAuthenticatedData generate( - final CMSProcessable content, - String macOID, - KeyGenerator keyGen, - Provider provider) - throws NoSuchAlgorithmException, CMSException - { - Provider encProvider = keyGen.getProvider(); - - convertOldRecipients(rand, provider); - - return generate(new CMSTypedData() - { - public ASN1ObjectIdentifier getContentType() - { - return CMSObjectIdentifiers.data; - } - - public void write(OutputStream out) - throws IOException, CMSException - { - content.write(out); - } - - public Object getContent() - { - return content; - } - }, new JceCMSMacCalculatorBuilder(new ASN1ObjectIdentifier(macOID)).setProvider(encProvider).setSecureRandom(rand).build()); - } - - /** - * generate an authenticated object that contains an CMS Authenticated Data - * object using the given provider. - * @deprecated use addRecipientInfoGenerator method. - */ - public CMSAuthenticatedData generate( - CMSProcessable content, - String macOID, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(content, macOID, CMSUtils.getProvider(provider)); - } - - /** - * generate an authenticated object that contains an CMS Authenticated Data - * object using the given provider - * @deprecated use addRecipientInfoGenerator method.. - */ - public CMSAuthenticatedData generate( - CMSProcessable content, - String encryptionOID, - Provider provider) - throws NoSuchAlgorithmException, CMSException - { - KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider); - - return generate(content, encryptionOID, keyGen, provider); - } }
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java index cae9988..57ea305 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java @@ -3,9 +3,6 @@ package org.bouncycastle.cms; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.security.AlgorithmParameters; -import java.security.NoSuchProviderException; -import java.security.Provider; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; @@ -22,7 +19,6 @@ import org.bouncycastle.asn1.cms.CMSAttributes; import org.bouncycastle.asn1.cms.ContentInfoParser; import org.bouncycastle.asn1.cms.OriginatorInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceAlgorithmIdentifierConverter; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.util.Arrays; @@ -143,7 +139,7 @@ public class CMSAuthenticatedDataParser // // read the authenticated content info // - ContentInfoParser data = authData.getEnapsulatedContentInfo(); + ContentInfoParser data = authData.getEncapsulatedContentInfo(); CMSReadable readable = new CMSProcessableInputStream( ((ASN1OctetStringParser)data.getContent(BERTags.OCTET_STRING)).getOctetStream()); @@ -176,7 +172,7 @@ public class CMSAuthenticatedDataParser // // read the authenticated content info // - ContentInfoParser data = authData.getEnapsulatedContentInfo(); + ContentInfoParser data = authData.getEncapsulatedContentInfo(); CMSReadable readable = new CMSProcessableInputStream( ((ASN1OctetStringParser)data.getContent(BERTags.OCTET_STRING)).getOctetStream()); @@ -233,39 +229,6 @@ public class CMSAuthenticatedDataParser } /** - * Return an AlgorithmParameters object giving the encryption parameters - * used to encrypt the message content. - * - * @param provider the name of the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @throws java.security.NoSuchProviderException if the provider cannot be found. - * @deprecated use getMacAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getMacAlgorithmParameters( - String provider) - throws CMSException, NoSuchProviderException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(macAlg); - } - - /** - * Return an AlgorithmParameters object giving the encryption parameters - * used to encrypt the message content. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @deprecated use getMacAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getMacAlgorithmParameters( - Provider provider) - throws CMSException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(macAlg); - } - - /** * return a store of the intended recipients for this message */ public RecipientInformationStore getRecipientInfos() diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java index 3bdd450..87afd70 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java @@ -2,10 +2,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.SecureRandom; import java.util.Collections; import java.util.HashMap; import java.util.Iterator; @@ -24,7 +20,6 @@ import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.AuthenticatedData; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceCMSMacCalculatorBuilder; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.MacCalculator; import org.bouncycastle.util.io.TeeOutputStream; @@ -312,81 +307,4 @@ public class CMSAuthenticatedDataStreamGenerator cGen.close(); } } - - - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - * @deprecated no longer of any use, use basic constructor. - */ - public CMSAuthenticatedDataStreamGenerator( - SecureRandom rand) - { - super(rand); - } - - /** - * generate an authenticated object that contains an CMS Authenticated Data - * object using the given provider. - * @throws java.io.IOException - * @deprecated use open(out, MacCalculator) - */ - public OutputStream open( - OutputStream out, - String encryptionOID, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException - { - convertOldRecipients(rand, CMSUtils.getProvider(provider)); - - return open(out, new JceCMSMacCalculatorBuilder(new ASN1ObjectIdentifier(encryptionOID)).setSecureRandom(rand).setProvider(provider).build()); - } - - /** - * @deprecated use open(out, MacCalculator) - */ - public OutputStream open( - OutputStream out, - String encryptionOID, - Provider provider) - throws NoSuchAlgorithmException, CMSException, IOException - { - convertOldRecipients(rand, provider); - - return open(out, new JceCMSMacCalculatorBuilder(new ASN1ObjectIdentifier(encryptionOID)).setSecureRandom(rand).setProvider(provider).build()); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * @deprecated use open(out, MacCalculator) - */ - public OutputStream open( - OutputStream out, - String encryptionOID, - int keySize, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException - { - convertOldRecipients(rand, CMSUtils.getProvider(provider)); - - return open(out, new JceCMSMacCalculatorBuilder(new ASN1ObjectIdentifier(encryptionOID), keySize).setSecureRandom(rand).setProvider(provider).build()); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * @deprecated use open(out, MacCalculator) - */ - public OutputStream open( - OutputStream out, - String encryptionOID, - int keySize, - Provider provider) - throws NoSuchAlgorithmException, CMSException, IOException - { - convertOldRecipients(rand, provider); - - return open(out, new JceCMSMacCalculatorBuilder(new ASN1ObjectIdentifier(encryptionOID), keySize).setSecureRandom(rand).setProvider(provider).build()); - } }
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java index 064f996..4022c8e 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java @@ -1,6 +1,5 @@ package org.bouncycastle.cms; -import java.security.SecureRandom; import java.util.HashMap; import java.util.Map; @@ -20,17 +19,6 @@ public class CMSAuthenticatedGenerator { } - /** - * constructor allowing specific source of randomness - * - * @param rand instance of SecureRandom to use - */ - public CMSAuthenticatedGenerator( - SecureRandom rand) - { - super(rand); - } - public void setAuthenticatedAttributeGenerator(CMSAttributeTableGenerator authGen) { this.authGen = authGen; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedData.java index 5a02ea9..3e44908 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedData.java @@ -2,7 +2,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.InputStream; -import java.util.zip.InflaterInputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; @@ -58,61 +57,6 @@ public class CMSCompressedData } } - /** - * Return the uncompressed content. - * - * @return the uncompressed content - * @throws CMSException if there is an exception uncompressing the data. - * @deprecated use getContent(InputExpanderProvider) - */ - public byte[] getContent() - throws CMSException - { - ContentInfo content = comData.getEncapContentInfo(); - - ASN1OctetString bytes = (ASN1OctetString)content.getContent(); - - InflaterInputStream zIn = new InflaterInputStream(bytes.getOctetStream()); - - try - { - return CMSUtils.streamToByteArray(zIn); - } - catch (IOException e) - { - throw new CMSException("exception reading compressed stream.", e); - } - } - - /** - * Return the uncompressed content, throwing an exception if the data size - * is greater than the passed in limit. If the content is exceeded getCause() - * on the CMSException will contain a StreamOverflowException - * - * @param limit maximum number of bytes to read - * @return the content read - * @throws CMSException if there is an exception uncompressing the data. - * @deprecated use getContent(InputExpanderProvider) - */ - public byte[] getContent(int limit) - throws CMSException - { - ContentInfo content = comData.getEncapContentInfo(); - - ASN1OctetString bytes = (ASN1OctetString)content.getContent(); - - InflaterInputStream zIn = new InflaterInputStream(bytes.getOctetStream()); - - try - { - return CMSUtils.streamToByteArray(zIn, limit); - } - catch (IOException e) - { - throw new CMSException("exception reading compressed stream.", e); - } - } - public ASN1ObjectIdentifier getContentType() { return contentInfo.getContentType(); @@ -145,15 +89,6 @@ public class CMSCompressedData } /** - * return the ContentInfo - * @deprecated use toASN1Structure() - */ - public ContentInfo getContentInfo() - { - return contentInfo; - } - - /** * return the ContentInfo */ public ContentInfo toASN1Structure() diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java index d2b497b..d50391a 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java @@ -3,9 +3,7 @@ package org.bouncycastle.cms; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; -import java.util.zip.DeflaterOutputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.BEROctetString; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; @@ -38,45 +36,6 @@ public class CMSCompressedDataGenerator /** * generate an object that contains an CMS Compressed Data - * @deprecated use generate(CMSTypedData, OutputCompressor) - */ - public CMSCompressedData generate( - CMSProcessable content, - String compressionOID) - throws CMSException - { - AlgorithmIdentifier comAlgId; - ASN1OctetString comOcts; - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DeflaterOutputStream zOut = new DeflaterOutputStream(bOut); - - content.write(zOut); - - zOut.close(); - - comAlgId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(compressionOID)); - comOcts = new BEROctetString(bOut.toByteArray()); - } - catch (IOException e) - { - throw new CMSException("exception encoding data.", e); - } - - ContentInfo comContent = new ContentInfo( - CMSObjectIdentifiers.data, comOcts); - - ContentInfo contentInfo = new ContentInfo( - CMSObjectIdentifiers.compressedData, - new CompressedData(comAlgId, comContent)); - - return new CMSCompressedData(contentInfo); - } - - /** - * generate an object that contains an CMS Compressed Data */ public CMSCompressedData generate( CMSTypedData content, diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java index 910b3f0..c3da87b 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java @@ -3,7 +3,6 @@ package org.bouncycastle.cms; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.util.zip.InflaterInputStream; import org.bouncycastle.asn1.ASN1OctetStringParser; import org.bouncycastle.asn1.ASN1SequenceParser; @@ -45,27 +44,6 @@ public class CMSCompressedDataParser } /** - * @deprecated use getContent(InputExpandedProvider) - */ - public CMSTypedStream getContent() - throws CMSException - { - try - { - CompressedDataParser comData = new CompressedDataParser((ASN1SequenceParser)_contentInfo.getContent(BERTags.SEQUENCE)); - ContentInfoParser content = comData.getEncapContentInfo(); - - ASN1OctetStringParser bytes = (ASN1OctetStringParser)content.getContent(BERTags.OCTET_STRING); - - return new CMSTypedStream(content.getContentType().toString(), new InflaterInputStream(bytes.getOctetStream())); - } - catch (IOException e) - { - throw new CMSException("IOException reading compressed content.", e); - } - } - - /** * Return a typed stream which will allow the reading of the compressed content in * expanded form. * diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java index bb917d0..8a34eb0 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java @@ -2,12 +2,10 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.OutputStream; -import java.util.zip.DeflaterOutputStream; import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.DERSequenceGenerator; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.operator.OutputCompressor; @@ -51,60 +49,14 @@ public class CMSCompressedDataStreamGenerator } /** - * @deprecated use open(OutputStream, ContentCompressor) - */ - public OutputStream open( - OutputStream out, - String compressionOID) - throws IOException - { - return open(out, CMSObjectIdentifiers.data.getId(), compressionOID); - } - - /** - * @deprecated use open(OutputStream, ASN1ObjectIdentifier, ContentCompressor) + * Open a compressing output stream with the PKCS#7 content type OID of "data". + * + * @param out the stream to encode to. + * @param compressor the type of compressor to use. + * @return an output stream to write the data be compressed to. + * @throws IOException */ public OutputStream open( - OutputStream out, - String contentOID, - String compressionOID) - throws IOException - { - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.compressedData); - - // - // Compressed Data - // - BERSequenceGenerator cGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - cGen.addObject(new ASN1Integer(0)); - - // - // AlgorithmIdentifier - // - DERSequenceGenerator algGen = new DERSequenceGenerator(cGen.getRawOutputStream()); - - algGen.addObject(new ASN1ObjectIdentifier(ZLIB)); - - algGen.close(); - - // - // Encapsulated ContentInfo - // - BERSequenceGenerator eiGen = new BERSequenceGenerator(cGen.getRawOutputStream()); - - eiGen.addObject(new ASN1ObjectIdentifier(contentOID)); - - OutputStream octetStream = CMSUtils.createBEROctetOutputStream( - eiGen.getRawOutputStream(), 0, true, _bufferSize); - - return new CmsCompressedOutputStream( - new DeflaterOutputStream(octetStream), sGen, cGen, eiGen); - } - - public OutputStream open( OutputStream out, OutputCompressor compressor) throws IOException @@ -115,10 +67,10 @@ public class CMSCompressedDataStreamGenerator /** * Open a compressing output stream. * - * @param contentOID - * @param out - * @param compressor - * @return + * @param contentOID the content type OID. + * @param out the stream to encode to. + * @param compressor the type of compressor to use. + * @return an output stream to write the data be compressed to. * @throws IOException */ public OutputStream open( diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java index 131faec..56b9663 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java @@ -2,9 +2,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.InputStream; -import java.security.AlgorithmParameters; -import java.security.NoSuchProviderException; -import java.security.Provider; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Set; @@ -13,7 +10,6 @@ import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.EncryptedContentInfo; import org.bouncycastle.asn1.cms.EnvelopedData; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceAlgorithmIdentifierConverter; /** * containing class for an CMS Enveloped Data object @@ -170,39 +166,6 @@ public class CMSEnvelopedData } /** - * Return an AlgorithmParameters object giving the encryption parameters - * used to encrypt the message content. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @throws NoSuchProviderException if the provider cannot be found. - * @deprecated use getContentEncryptionAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getEncryptionAlgorithmParameters( - String provider) - throws CMSException, NoSuchProviderException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(encAlg); - } - - /** - * Return an AlgorithmParameters object giving the encryption parameters - * used to encrypt the message content. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @deprecated use getContentEncryptionAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getEncryptionAlgorithmParameters( - Provider provider) - throws CMSException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(encAlg); - } - - /** * return a store of the intended recipients for this message */ public RecipientInformationStore getRecipientInfos() @@ -212,15 +175,6 @@ public class CMSEnvelopedData /** * return the ContentInfo - * @deprecated use toASN1Structure() - */ - public ContentInfo getContentInfo() - { - return contentInfo; - } - - /** - * return the ContentInfo */ public ContentInfo toASN1Structure() { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java index 135367e..0038f90 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java @@ -3,17 +3,10 @@ package org.bouncycastle.cms; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.SecureRandom; import java.util.HashMap; import java.util.Iterator; -import javax.crypto.KeyGenerator; - import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BEROctetString; @@ -25,7 +18,6 @@ import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.EncryptedContentInfo; import org.bouncycastle.asn1.cms.EnvelopedData; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; import org.bouncycastle.operator.GenericKey; import org.bouncycastle.operator.OutputEncryptor; @@ -58,65 +50,6 @@ public class CMSEnvelopedDataGenerator { } - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - * @deprecated use no args constructor. - */ - public CMSEnvelopedDataGenerator( - SecureRandom rand) - { - super(rand); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider and the passed in key generator. - */ - private CMSEnvelopedData generate( - final CMSProcessable content, - String encryptionOID, - int keySize, - Provider encProvider, - Provider provider) - throws NoSuchAlgorithmException, CMSException - { - convertOldRecipients(rand, provider); - - JceCMSContentEncryptorBuilder builder; - - if (keySize != -1) - { - builder = new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(encryptionOID), keySize); - } - else - { - builder = new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(encryptionOID)); - } - - builder.setProvider(encProvider); - builder.setSecureRandom(rand); - - return doGenerate(new CMSTypedData() - { - public ASN1ObjectIdentifier getContentType() - { - return CMSObjectIdentifiers.data; - } - - public void write(OutputStream out) - throws IOException, CMSException - { - content.write(out); - } - - public Object getContent() - { - return content; - } - }, builder.build()); - } - private CMSEnvelopedData doGenerate( CMSTypedData content, OutputEncryptor contentEncryptor) @@ -184,68 +117,6 @@ public class CMSEnvelopedDataGenerator /** * generate an enveloped object that contains an CMS Enveloped Data * object using the given provider. - * @deprecated use OutputEncryptor method. - */ - public CMSEnvelopedData generate( - CMSProcessable content, - String encryptionOID, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(content, encryptionOID, CMSUtils.getProvider(provider)); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * @deprecated use OutputEncryptor method. - */ - public CMSEnvelopedData generate( - CMSProcessable content, - String encryptionOID, - Provider provider) - throws NoSuchAlgorithmException, CMSException - { - KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider); - - return generate(content, encryptionOID, -1, keyGen.getProvider(), provider); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * @deprecated use OutputEncryptor method. - */ - public CMSEnvelopedData generate( - CMSProcessable content, - String encryptionOID, - int keySize, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(content, encryptionOID, keySize, CMSUtils.getProvider(provider)); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * @deprecated use OutputEncryptor method. - */ - public CMSEnvelopedData generate( - CMSProcessable content, - String encryptionOID, - int keySize, - Provider provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider); - - return generate(content, encryptionOID, keySize, keyGen.getProvider(), provider); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. * * @param content the content to be encrypted * @param contentEncryptor the symmetric key based encryptor to encrypt the content with. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java index 627b0ca..defd2f7 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java @@ -3,9 +3,6 @@ package org.bouncycastle.cms; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.security.AlgorithmParameters; -import java.security.NoSuchProviderException; -import java.security.Provider; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; @@ -20,7 +17,6 @@ import org.bouncycastle.asn1.cms.EncryptedContentInfoParser; import org.bouncycastle.asn1.cms.EnvelopedDataParser; import org.bouncycastle.asn1.cms.OriginatorInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceAlgorithmIdentifierConverter; /** * Parsing class for an CMS Enveloped Data object from an input stream. @@ -148,39 +144,6 @@ public class CMSEnvelopedDataParser } /** - * Return an AlgorithmParameters object giving the encryption parameters - * used to encrypt the message content. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @throws NoSuchProviderException if the provider cannot be found. - * @deprecated use getContentEncryptionAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getEncryptionAlgorithmParameters( - String provider) - throws CMSException, NoSuchProviderException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(encAlg); - } - - /** - * Return an AlgorithmParameters object giving the encryption parameters - * used to encrypt the message content. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @deprecated use getContentEncryptionAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getEncryptionAlgorithmParameters( - Provider provider) - throws CMSException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(encAlg); - } - - /** * Return the originator information associated with this message if present. * * @return OriginatorInformation, null if not present. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java index 072a1da..92abca0 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java @@ -2,15 +2,9 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.SecureRandom; import java.util.HashMap; import java.util.Iterator; -import javax.crypto.KeyGenerator; - import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; @@ -23,7 +17,6 @@ import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.EnvelopedData; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; import org.bouncycastle.operator.GenericKey; import org.bouncycastle.operator.OutputEncryptor; @@ -61,17 +54,6 @@ public class CMSEnvelopedDataStreamGenerator } /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - * @deprecated no longer required - specify randomness via RecipientInfoGenerator or ContentEncryptor. - */ - public CMSEnvelopedDataStreamGenerator( - SecureRandom rand) - { - super(rand); - } - - /** * Set the underlying string size for encapsulated data * * @param bufferSize length of octet strings to buffer the data. @@ -102,39 +84,6 @@ public class CMSEnvelopedDataStreamGenerator return new ASN1Integer(0); } } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider and the passed in key generator. - * @throws IOException - * @deprecated - */ - private OutputStream open( - OutputStream out, - String encryptionOID, - int keySize, - Provider encProvider, - Provider provider) - throws NoSuchAlgorithmException, CMSException, IOException - { - convertOldRecipients(rand, provider); - - JceCMSContentEncryptorBuilder builder; - - if (keySize != -1) - { - builder = new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(encryptionOID), keySize); - } - else - { - builder = new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(encryptionOID)); - } - - builder.setProvider(encProvider); - builder.setSecureRandom(rand); - - return doOpen(CMSObjectIdentifiers.data, out, builder.build()); - } private OutputStream doOpen( ASN1ObjectIdentifier dataType, @@ -267,71 +216,6 @@ public class CMSEnvelopedDataStreamGenerator /** * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * @throws IOException - * @deprecated - */ - public OutputStream open( - OutputStream out, - String encryptionOID, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException - { - return open(out, encryptionOID, CMSUtils.getProvider(provider)); - } - - /** - * @deprecated - */ - public OutputStream open( - OutputStream out, - String encryptionOID, - Provider provider) - throws NoSuchAlgorithmException, CMSException, IOException - { - KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider); - - keyGen.init(rand); - - return open(out, encryptionOID, -1, keyGen.getProvider(), provider); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * @deprecated - */ - public OutputStream open( - OutputStream out, - String encryptionOID, - int keySize, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException - { - return open(out, encryptionOID, keySize, CMSUtils.getProvider(provider)); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * @deprecated - */ - public OutputStream open( - OutputStream out, - String encryptionOID, - int keySize, - Provider provider) - throws NoSuchAlgorithmException, CMSException, IOException - { - KeyGenerator keyGen = CMSEnvelopedHelper.INSTANCE.createSymmetricKeyGenerator(encryptionOID, provider); - - keyGen.init(keySize, rand); - - return open(out, encryptionOID, -1, keyGen.getProvider(), provider); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data * object using the given encryptor. */ public OutputStream open( diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java index aeda9a1..012b440 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java @@ -1,39 +1,14 @@ package org.bouncycastle.cms; -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; import java.util.List; -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cms.KEKIdentifier; import org.bouncycastle.asn1.cms.OriginatorInfo; import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator; -import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator; -import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; -import org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator; /** * General class for generating a CMS enveloped-data message. @@ -69,7 +44,6 @@ public class CMSEnvelopedGenerator protected CMSAttributeTableGenerator unprotectedAttributeGenerator = null; - final SecureRandom rand; protected OriginatorInfo originatorInfo; /** @@ -77,17 +51,6 @@ public class CMSEnvelopedGenerator */ public CMSEnvelopedGenerator() { - this(new SecureRandom()); - } - - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - */ - public CMSEnvelopedGenerator( - SecureRandom rand) - { - this.rand = rand; } public void setUnprotectedAttributeGenerator(CMSAttributeTableGenerator unprotectedAttributeGenerator) @@ -95,212 +58,12 @@ public class CMSEnvelopedGenerator this.unprotectedAttributeGenerator = unprotectedAttributeGenerator; } - public void setOriginatorInfo(OriginatorInformation originatorInfo) { this.originatorInfo = originatorInfo.toASN1Structure(); } /** - * add a recipient. - * - * @deprecated use the addRecipientGenerator and JceKeyTransRecipientInfoGenerator - * @param cert recipient's public key certificate - * @exception IllegalArgumentException if there is a problem with the certificate - */ - public void addKeyTransRecipient( - X509Certificate cert) - throws IllegalArgumentException - { - try - { - oldRecipientInfoGenerators.add(new JceKeyTransRecipientInfoGenerator(cert)); - } - catch (CertificateEncodingException e) - { - throw new IllegalArgumentException("unable to encode certificate: " + e.getMessage()); - } - } - - /** - * add a recipient - * - * @deprecated use the addRecipientGenerator and JceKeyTransRecipientInfoGenerator - * @param key the public key used by the recipient - * @param subKeyId the identifier for the recipient's public key - * @exception IllegalArgumentException if there is a problem with the key - */ - public void addKeyTransRecipient( - PublicKey key, - byte[] subKeyId) - throws IllegalArgumentException - { - oldRecipientInfoGenerators.add(new JceKeyTransRecipientInfoGenerator(subKeyId, key)); - } - - /** - * add a KEK recipient. - * - * @deprecated use the addRecipientGenerator and JceKEKRecipientInfoGenerator - * @param key the secret key to use for wrapping - * @param keyIdentifier the byte string that identifies the key - */ - public void addKEKRecipient( - SecretKey key, - byte[] keyIdentifier) - { - addKEKRecipient(key, new KEKIdentifier(keyIdentifier, null, null)); - } - - /** - * add a KEK recipient. - * - * @deprecated use the addRecipientGenerator and JceKEKRecipientInfoGenerator - * @param key the secret key to use for wrapping - * @param kekIdentifier a KEKIdentifier structure (identifies the key) - */ - public void addKEKRecipient( - SecretKey key, - KEKIdentifier kekIdentifier) - { - oldRecipientInfoGenerators.add(new JceKEKRecipientInfoGenerator(kekIdentifier, key)); - } - - /** - * @deprecated use addRecipientGenerator and JcePasswordRecipientInfoGenerator - * @param pbeKey PBE key - * @param kekAlgorithmOid key encryption algorithm to use. - */ - public void addPasswordRecipient( - CMSPBEKey pbeKey, - String kekAlgorithmOid) - { - oldRecipientInfoGenerators.add(new JcePasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(kekAlgorithmOid), pbeKey.getPassword()) - .setSaltAndIterationCount(pbeKey.getSalt(), pbeKey.getIterationCount()) - .setPasswordConversionScheme((pbeKey instanceof PKCS5Scheme2UTF8PBEKey) ? PasswordRecipient.PKCS5_SCHEME2_UTF8 : PasswordRecipient.PKCS5_SCHEME2)); - } - - /** - * Add a key agreement based recipient. - * - * @deprecated use the addRecipientGenerator and JceKeyAgreeRecipientInfoGenerator - * @param agreementAlgorithm key agreement algorithm to use. - * @param senderPrivateKey private key to initialise sender side of agreement with. - * @param senderPublicKey sender public key to include with message. - * @param recipientCert recipient's public key certificate. - * @param cekWrapAlgorithm OID for key wrapping algorithm to use. - * @param provider provider to use for the agreement calculation. - * @exception NoSuchProviderException if the specified provider cannot be found - * @exception NoSuchAlgorithmException if the algorithm requested cannot be found - * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified - */ - public void addKeyAgreementRecipient( - String agreementAlgorithm, - PrivateKey senderPrivateKey, - PublicKey senderPublicKey, - X509Certificate recipientCert, - String cekWrapAlgorithm, - String provider) - throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException - { - addKeyAgreementRecipient(agreementAlgorithm, senderPrivateKey, senderPublicKey, recipientCert, cekWrapAlgorithm, CMSUtils.getProvider(provider)); - } - - /** - * Add a key agreement based recipient. - * - * @deprecated use the addRecipientGenerator and JceKeyAgreeRecipientInfoGenerator - * @param agreementAlgorithm key agreement algorithm to use. - * @param senderPrivateKey private key to initialise sender side of agreement with. - * @param senderPublicKey sender public key to include with message. - * @param recipientCert recipient's public key certificate. - * @param cekWrapAlgorithm OID for key wrapping algorithm to use. - * @param provider provider to use for the agreement calculation. - * @exception NoSuchAlgorithmException if the algorithm requested cannot be found - * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified - */ - public void addKeyAgreementRecipient( - String agreementAlgorithm, - PrivateKey senderPrivateKey, - PublicKey senderPublicKey, - X509Certificate recipientCert, - String cekWrapAlgorithm, - Provider provider) - throws NoSuchAlgorithmException, InvalidKeyException - { - List recipients = new ArrayList(); - - recipients.add(recipientCert); - - addKeyAgreementRecipients(agreementAlgorithm, senderPrivateKey, senderPublicKey, - recipients, cekWrapAlgorithm, provider); - } - - /** - * Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure). - * - * @deprecated use the addRecipientGenerator and JceKeyAgreeRecipientInfoGenerator - * @param agreementAlgorithm key agreement algorithm to use. - * @param senderPrivateKey private key to initialise sender side of agreement with. - * @param senderPublicKey sender public key to include with message. - * @param recipientCerts recipients' public key certificates. - * @param cekWrapAlgorithm OID for key wrapping algorithm to use. - * @param provider provider to use for the agreement calculation. - * @exception NoSuchAlgorithmException if the algorithm requested cannot be found - * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified - */ - public void addKeyAgreementRecipients( - String agreementAlgorithm, - PrivateKey senderPrivateKey, - PublicKey senderPublicKey, - Collection recipientCerts, - String cekWrapAlgorithm, - String provider) - throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException - { - addKeyAgreementRecipients(agreementAlgorithm, senderPrivateKey, senderPublicKey, recipientCerts, cekWrapAlgorithm, CMSUtils.getProvider(provider)); - } - - /** - * Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure). - * - * @deprecated use the addRecipientGenerator and JceKeyAgreeRecipientInfoGenerator - * @param agreementAlgorithm key agreement algorithm to use. - * @param senderPrivateKey private key to initialise sender side of agreement with. - * @param senderPublicKey sender public key to include with message. - * @param recipientCerts recipients' public key certificates. - * @param cekWrapAlgorithm OID for key wrapping algorithm to use. - * @param provider provider to use for the agreement calculation. - * @exception NoSuchAlgorithmException if the algorithm requested cannot be found - * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified - */ - public void addKeyAgreementRecipients( - String agreementAlgorithm, - PrivateKey senderPrivateKey, - PublicKey senderPublicKey, - Collection recipientCerts, - String cekWrapAlgorithm, - Provider provider) - throws NoSuchAlgorithmException, InvalidKeyException - { - JceKeyAgreeRecipientInfoGenerator recipientInfoGenerator = new JceKeyAgreeRecipientInfoGenerator(new ASN1ObjectIdentifier(agreementAlgorithm), senderPrivateKey, senderPublicKey, new ASN1ObjectIdentifier(cekWrapAlgorithm)).setProvider(provider); - - for (Iterator it = recipientCerts.iterator(); it.hasNext();) - { - try - { - recipientInfoGenerator.addRecipient((X509Certificate)it.next()); - } - catch (CertificateEncodingException e) - { - throw new IllegalArgumentException("unable to encode certificate: " + e.getMessage()); - } - } - - oldRecipientInfoGenerators.add(recipientInfoGenerator); - } - - /** * Add a generator to produce the recipient info required. * * @param recipientGenerator a generator of a recipient info object. @@ -309,82 +72,4 @@ public class CMSEnvelopedGenerator { recipientInfoGenerators.add(recipientGenerator); } - - protected AlgorithmIdentifier getAlgorithmIdentifier(String encryptionOID, AlgorithmParameters params) throws IOException - { - ASN1Encodable asn1Params; - if (params != null) - { - asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1")); - } - else - { - asn1Params = DERNull.INSTANCE; - } - - return new AlgorithmIdentifier( - new ASN1ObjectIdentifier(encryptionOID), - asn1Params); - } - - protected void convertOldRecipients(SecureRandom rand, Provider provider) - { - for (Iterator it = oldRecipientInfoGenerators.iterator(); it.hasNext();) - { - Object recipient = it.next(); - - if (recipient instanceof JceKeyTransRecipientInfoGenerator) - { - JceKeyTransRecipientInfoGenerator recip = (JceKeyTransRecipientInfoGenerator)recipient; - - if (provider != null) - { - recip.setProvider(provider); - } - - recipientInfoGenerators.add(recip); - } - else if (recipient instanceof KEKRecipientInfoGenerator) - { - JceKEKRecipientInfoGenerator recip = (JceKEKRecipientInfoGenerator)recipient; - - if (provider != null) - { - recip.setProvider(provider); - } - - recip.setSecureRandom(rand); - - recipientInfoGenerators.add(recip); - } - else if (recipient instanceof JcePasswordRecipientInfoGenerator) - { - JcePasswordRecipientInfoGenerator recip = (JcePasswordRecipientInfoGenerator)recipient; - - if (provider != null) - { - recip.setProvider(provider); - } - - recip.setSecureRandom(rand); - - recipientInfoGenerators.add(recip); - } - else if (recipient instanceof JceKeyAgreeRecipientInfoGenerator) - { - JceKeyAgreeRecipientInfoGenerator recip = (JceKeyAgreeRecipientInfoGenerator)recipient; - - if (provider != null) - { - recip.setProvider(provider); - } - - recip.setSecureRandom(rand); - - recipientInfoGenerators.add(recip); - } - } - - oldRecipientInfoGenerators.clear(); - } } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java index fcb662b..9172706 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java @@ -3,15 +3,11 @@ package org.bouncycastle.cms; import java.io.FilterInputStream; import java.io.IOException; import java.io.InputStream; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.crypto.KeyGenerator; - import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.cms.KEKRecipientInfo; @@ -55,36 +51,7 @@ class CMSEnvelopedHelper MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES256_CBC, "AESMac"); } - KeyGenerator createSymmetricKeyGenerator( - String encryptionOID, - Provider provider) - throws NoSuchAlgorithmException - { - try - { - return createKeyGenerator(encryptionOID, provider); - } - catch (NoSuchAlgorithmException e) - { - try - { - String algName = (String)BASE_CIPHER_NAMES.get(encryptionOID); - if (algName != null) - { - return createKeyGenerator(algName, provider); - } - } - catch (NoSuchAlgorithmException ex) - { - // ignore - } - if (provider != null) - { - return createSymmetricKeyGenerator(encryptionOID, null); - } - throw e; - } - } + int getKeySize(String oid) { @@ -98,20 +65,7 @@ class CMSEnvelopedHelper return keySize.intValue(); } - private KeyGenerator createKeyGenerator( - String algName, - Provider provider) - throws NoSuchAlgorithmException - { - if (provider != null) - { - return KeyGenerator.getInstance(algName, provider); - } - else - { - return KeyGenerator.getInstance(algName); - } - } + static RecipientInformationStore buildRecipientInformationStore( ASN1Set recipientInfos, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable) diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSPBEKey.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSPBEKey.java deleted file mode 100644 index d37bb31..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSPBEKey.java +++ /dev/null @@ -1,73 +0,0 @@ -package org.bouncycastle.cms; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.interfaces.PBEKey; -import javax.crypto.spec.PBEParameterSpec; - -public abstract class CMSPBEKey - implements PBEKey -{ - private char[] password; - private byte[] salt; - private int iterationCount; - - protected static PBEParameterSpec getParamSpec(AlgorithmParameters algParams) - throws InvalidAlgorithmParameterException - { - try - { - return (PBEParameterSpec)algParams.getParameterSpec(PBEParameterSpec.class); - } - catch (InvalidParameterSpecException e) - { - throw new InvalidAlgorithmParameterException("cannot process PBE spec: " + e.getMessage()); - } - } - - public CMSPBEKey(char[] password, byte[] salt, int iterationCount) - { - this.password = password; - this.salt = salt; - this.iterationCount = iterationCount; - } - - public CMSPBEKey(char[] password, PBEParameterSpec pbeSpec) - { - this(password, pbeSpec.getSalt(), pbeSpec.getIterationCount()); - } - - public char[] getPassword() - { - return password; - } - - public byte[] getSalt() - { - return salt; - } - - public int getIterationCount() - { - return iterationCount; - } - - public String getAlgorithm() - { - return "PKCS5S2"; - } - - public String getFormat() - { - return "RAW"; - } - - public byte[] getEncoded() - { - return null; - } - - abstract byte[] getEncoded(String algorithmOid); -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java index 7a3cb4b..0465b77 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java @@ -3,11 +3,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; @@ -25,13 +20,10 @@ import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.SignedData; import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; import org.bouncycastle.util.Store; -import org.bouncycastle.x509.NoSuchStoreException; -import org.bouncycastle.x509.X509Store; /** * general class for handling a pkcs7-signature message. @@ -69,9 +61,7 @@ public class CMSSignedData ContentInfo contentInfo; CMSTypedData signedContent; SignerInformationStore signerInfoStore; - X509Store attributeStore; - X509Store certificateStore; - X509Store crlStore; + private Map hashes; private CMSSignedData( @@ -266,192 +256,6 @@ public class CMSSignedData } /** - * return a X509Store containing the attribute certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of attribute certificates - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getAttributeCertificates( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getAttributeCertificates(type, CMSUtils.getProvider(provider)); - } - - /** - * return a X509Store containing the attribute certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of attribute certificates - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getAttributeCertificates( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (attributeStore == null) - { - attributeStore = HELPER.createAttributeStore(type, provider, this.getAttributeCertificates()); - } - - return attributeStore; - } - - /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of public key certificates - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCertificates( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getCertificates(type, CMSUtils.getProvider(provider)); - } - - /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of public key certificates - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCertificates( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (certificateStore == null) - { - certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); - } - - return certificateStore; - } - - /** - * return a X509Store containing CRLs, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of CRLs - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCRLs( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getCRLs(type, CMSUtils.getProvider(provider)); - } - - /** - * return a X509Store containing CRLs, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of CRLs - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCRLs( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (crlStore == null) - { - crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); - } - - return crlStore; - } - - /** - * return a CertStore containing the certificates and CRLs associated with - * this message. - * - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchAlgorithmException if the cert store isn't available. - * @exception CMSException if a general exception prevents creation of the CertStore - * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder - */ - public CertStore getCertificatesAndCRLs( - String type, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); - } - - /** - * return a CertStore containing the certificates and CRLs associated with - * this message. - * - * @exception NoSuchAlgorithmException if the cert store isn't available. - * @exception CMSException if a general exception prevents creation of the CertStore - * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder - */ - public CertStore getCertificatesAndCRLs( - String type, - Provider provider) - throws NoSuchAlgorithmException, CMSException - { - try - { - JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); - - if (provider != null) - { - certStoreBuilder.setProvider(provider); - } - - certStoreBuilder.addCertificates(this.getCertificates()); - certStoreBuilder.addCRLs(this.getCRLs()); - - return certStoreBuilder.build(); - } - catch (NoSuchAlgorithmException e) - { - throw e; - } - catch (Exception e) - { - throw new CMSException("exception creating CertStore: " + e.getMessage(), e); - } - } - - /** * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. * * @return a Store of X509CertificateHolder objects. @@ -512,15 +316,6 @@ public class CMSSignedData /** * return the ContentInfo - * @deprecated use toASN1Structure() - */ - public ContentInfo getContentInfo() - { - return contentInfo; - } - - /** - * return the ContentInfo */ public ContentInfo toASN1Structure() { @@ -672,77 +467,6 @@ public class CMSSignedData /** * Replace the certificate and CRL information associated with this * CMSSignedData object with the new one passed in. - * - * @param signedData the signed data object to be used as a base. - * @param certsAndCrls the new certificates and CRLs to be used. - * @return a new signed data object. - * @exception CMSException if there is an error processing the CertStore - * @deprecated use method taking Store arguments. - */ - public static CMSSignedData replaceCertificatesAndCRLs( - CMSSignedData signedData, - CertStore certsAndCrls) - throws CMSException - { - // - // copy - // - CMSSignedData cms = new CMSSignedData(signedData); - - // - // replace the certs and crls in the SignedData object - // - ASN1Set certs = null; - ASN1Set crls = null; - - try - { - ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls)); - - if (set.size() != 0) - { - certs = set; - } - } - catch (CertStoreException e) - { - throw new CMSException("error getting certs from certStore", e); - } - - try - { - ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls)); - - if (set.size() != 0) - { - crls = set; - } - } - catch (CertStoreException e) - { - throw new CMSException("error getting crls from certStore", e); - } - - // - // replace the CMS structure. - // - cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), - signedData.signedData.getEncapContentInfo(), - certs, - crls, - signedData.signedData.getSignerInfos()); - - // - // replace the contentInfo with the new one - // - cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData); - - return cms; - } - - /** - * Replace the certificate and CRL information associated with this - * CMSSignedData object with the new one passed in. * * @param signedData the signed data object to be used as a base. * @param certificates the new certificates to be used. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java index 9692e15..eea8a1a 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java @@ -3,13 +3,6 @@ package org.bouncycastle.cms; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Iterator; import java.util.List; @@ -20,16 +13,10 @@ import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BEROctetString; import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.SignedData; import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcDigestCalculatorProvider; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; /** * general class for generating a pkcs7-signature message. @@ -62,80 +49,6 @@ public class CMSSignedDataGenerator { private List signerInfs = new ArrayList(); - private class SignerInf - { - final PrivateKey key; - final Object signerIdentifier; - final String digestOID; - final String encOID; - final CMSAttributeTableGenerator sAttr; - final CMSAttributeTableGenerator unsAttr; - final AttributeTable baseSignedTable; - - SignerInf( - PrivateKey key, - Object signerIdentifier, - String digestOID, - String encOID, - CMSAttributeTableGenerator sAttr, - CMSAttributeTableGenerator unsAttr, - AttributeTable baseSignedTable) - { - this.key = key; - this.signerIdentifier = signerIdentifier; - this.digestOID = digestOID; - this.encOID = encOID; - this.sAttr = sAttr; - this.unsAttr = unsAttr; - this.baseSignedTable = baseSignedTable; - } - - SignerInfoGenerator toSignerInfoGenerator( - SecureRandom random, - Provider sigProvider, - boolean addDefaultAttributes) - throws IOException, CertificateEncodingException, CMSException, OperatorCreationException, NoSuchAlgorithmException - { - String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID); - String signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encOID); - - JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider()); - - if (addDefaultAttributes) - { - builder.setSignedAttributeGenerator(sAttr); - } - builder.setDirectSignature(!addDefaultAttributes); - - builder.setUnsignedAttributeGenerator(unsAttr); - - JcaContentSignerBuilder signerBuilder; - - try - { - signerBuilder = new JcaContentSignerBuilder(signatureName).setSecureRandom(random); - } - catch (IllegalArgumentException e) - { - throw new NoSuchAlgorithmException(e.getMessage()); - } - - if (sigProvider != null) - { - signerBuilder.setProvider(sigProvider); - } - - ContentSigner contentSigner = signerBuilder.build(key); - if (signerIdentifier instanceof X509Certificate) - { - return builder.build(contentSigner, (X509Certificate)signerIdentifier); - } - else - { - return builder.build(contentSigner, (byte[])signerIdentifier); - } - } - } /** * base constructor */ @@ -144,463 +57,24 @@ public class CMSSignedDataGenerator } /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - * @deprecated rand ignored in new API, use base constructor. - */ - public CMSSignedDataGenerator( - SecureRandom rand) - { - super(rand); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param digestOID digest algorithm OID - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID) - throws IllegalArgumentException - { - addSigner(key, cert, getEncOID(key, digestOID), digestOID); - } - - /** - * add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be - * provided here. - * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param encryptionOID digest encryption algorithm OID - * @param digestOID digest algorithm OID - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID) - throws IllegalArgumentException - { - doAddSigner(key, cert, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(), null, null); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID) - throws IllegalArgumentException - { - addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID); - } - - /** - * add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be - * provided here. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID) - throws IllegalArgumentException - { - doAddSigner(key, subjectKeyID, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(), null, null); - } - - /** - * add a signer with extra signed/unsigned attributes. + * Generate a CMS Signed Data object carrying a detached CMS signature. * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttr, unsignedAttr); - } - - /** - * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. - * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param encryptionOID digest encryption algorithm OID - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - doAddSigner(key, cert, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(signedAttr), - new SimpleAttributeTableGenerator(unsignedAttr), signedAttr); - } - - /** - * add a signer with extra signed/unsigned attributes. - * - * @param key signing key to use - * @param subjectKeyID subjectKeyID of corresponding public key - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttr, - unsignedAttr); - } - - /** - * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. - * - * @param key signing key to use - * @param subjectKeyID subjectKeyID of corresponding public key - * @param encryptionOID digest encryption algorithm OID - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - doAddSigner(key, subjectKeyID, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(signedAttr), - new SimpleAttributeTableGenerator(unsignedAttr), signedAttr); - } - - /** - * add a signer with extra signed/unsigned attributes based on generators. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen) - throws IllegalArgumentException - { - addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttrGen, unsignedAttrGen); - } - - /** - * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes based on generators. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen) - throws IllegalArgumentException - { - doAddSigner(key, cert, encryptionOID, digestOID, signedAttrGen, - unsignedAttrGen, null); - } - - /** - * add a signer with extra signed/unsigned attributes based on generators. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen) - throws IllegalArgumentException - { - addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttrGen, - unsignedAttrGen); - } - - /** - * add a signer, including digest encryption algorithm, with extra signed/unsigned attributes based on generators. - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen) - throws IllegalArgumentException - { - doAddSigner(key, subjectKeyID, encryptionOID, digestOID, - signedAttrGen, unsignedAttrGen, null); - } - - private void doAddSigner( - PrivateKey key, - Object signerIdentifier, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGen, - CMSAttributeTableGenerator unsignedAttrGen, - AttributeTable baseSignedTable) - throws IllegalArgumentException - { - signerInfs.add(new SignerInf(key, signerIdentifier, digestOID, encryptionOID, - signedAttrGen, unsignedAttrGen, baseSignedTable)); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider. - * @deprecated use generate() method not taking provider. + * @param content the content to be signed. */ public CMSSignedData generate( - CMSProcessable content, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(content, CMSUtils.getProvider(sigProvider)); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider. - * @deprecated use generate() method not taking provider. - */ - public CMSSignedData generate( - CMSProcessable content, - Provider sigProvider) - throws NoSuchAlgorithmException, CMSException - { - return generate(content, false, sigProvider); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature. The content type - * is set according to the OID represented by the string signedContentType. - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - String eContentType, - CMSProcessable content, - boolean encapsulate, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(eContentType, content, encapsulate, CMSUtils.getProvider(sigProvider), - true); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature. The content type - * is set according to the OID represented by the string signedContentType. - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - String eContentType, - CMSProcessable content, - boolean encapsulate, - Provider sigProvider) - throws NoSuchAlgorithmException, CMSException - { - return generate(eContentType, content, encapsulate, sigProvider, true); - } - - /** - * Similar method to the other generate methods. The additional argument - * addDefaultAttributes indicates whether or not a default set of signed attributes - * need to be added automatically. If the argument is set to false, no - * attributes will get added at all. - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - String eContentType, - CMSProcessable content, - boolean encapsulate, - String sigProvider, - boolean addDefaultAttributes) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return generate(eContentType, content, encapsulate, CMSUtils.getProvider(sigProvider), - addDefaultAttributes); - } - - /** - * Similar method to the other generate methods. The additional argument - * addDefaultAttributes indicates whether or not a default set of signed attributes - * need to be added automatically. If the argument is set to false, no - * attributes will get added at all. - * @deprecated use setDirectSignature() on SignerInformationGenerator. - */ - public CMSSignedData generate( - String eContentType, - final CMSProcessable content, - boolean encapsulate, - Provider sigProvider, - boolean addDefaultAttributes) - throws NoSuchAlgorithmException, CMSException - { - boolean isCounterSignature = (eContentType == null); - - final ASN1ObjectIdentifier contentTypeOID = isCounterSignature - ? null - : new ASN1ObjectIdentifier(eContentType); - - for (Iterator it = signerInfs.iterator(); it.hasNext();) - { - SignerInf signer = (SignerInf)it.next(); - - try - { - signerGens.add(signer.toSignerInfoGenerator(rand, sigProvider, - addDefaultAttributes)); - } - catch (OperatorCreationException e) - { - throw new CMSException("exception creating signerInf", e); - } - catch (IOException e) - { - throw new CMSException("exception encoding attributes", e); - } - catch (CertificateEncodingException e) - { - throw new CMSException("error creating sid.", e); - } - } - - signerInfs.clear(); - - if (content != null) - { - return generate(new CMSTypedData() - { - public ASN1ObjectIdentifier getContentType() - { - return contentTypeOID; - } - - public void write(OutputStream out) - throws IOException, CMSException - { - content.write(out); - } - - public Object getContent() - { - return content.getContent(); - } - }, encapsulate); - } - else - { - return generate(new CMSAbsentContent(contentTypeOID), encapsulate); - } - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature with the - * default content type "data". - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - CMSProcessable content, - boolean encapsulate, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - if (content instanceof CMSTypedData) - { - return this.generate(((CMSTypedData)content).getContentType().getId(), content, encapsulate, sigProvider); - } - else - { - return this.generate(DATA, content, encapsulate, sigProvider); - } - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature with the - * default content type "data". - * @deprecated use generate(CMSTypedData, boolean) - */ - public CMSSignedData generate( - CMSProcessable content, - boolean encapsulate, - Provider sigProvider) - throws NoSuchAlgorithmException, CMSException - { - if (content instanceof CMSTypedData) - { - return this.generate(((CMSTypedData)content).getContentType().getId(), content, encapsulate, sigProvider); - } - else - { - return this.generate(DATA, content, encapsulate, sigProvider); - } - } - - public CMSSignedData generate( CMSTypedData content) throws CMSException { return generate(content, false); } + /** + * Generate a CMS Signed Data object which can be carrying a detached CMS signature, or have encapsulated data, depending on the value + * of the encapsulated parameter. + * + * @param content the content to be signed. + * @param encapsulate true if the content should be encapsulated in the signature, false otherwise. + */ public CMSSignedData generate( // FIXME Avoid accessing more than once to support CMSProcessableInputStream CMSTypedData content, @@ -747,36 +221,6 @@ public class CMSSignedDataGenerator * the passed in SignerInformation object. * * @param signer the signer to be countersigned - * @param sigProvider the provider to be used for counter signing. - * @return a store containing the signers. - * @deprecated use generateCounterSigners(SignerInformation) - */ - public SignerInformationStore generateCounterSigners(SignerInformation signer, Provider sigProvider) - throws NoSuchAlgorithmException, CMSException - { - return this.generate(null, new CMSProcessableByteArray(signer.getSignature()), false, sigProvider).getSignerInfos(); - } - - /** - * generate a set of one or more SignerInformation objects representing counter signatures on - * the passed in SignerInformation object. - * - * @param signer the signer to be countersigned - * @param sigProvider the provider to be used for counter signing. - * @return a store containing the signers. - * @deprecated use generateCounterSigners(SignerInformation) - */ - public SignerInformationStore generateCounterSigners(SignerInformation signer, String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return this.generate(null, new CMSProcessableByteArray(signer.getSignature()), false, CMSUtils.getProvider(sigProvider)).getSignerInfos(); - } - - /** - * generate a set of one or more SignerInformation objects representing counter signatures on - * the passed in SignerInformation object. - * - * @param signer the signer to be countersigned * @return a store containing the signers. */ public SignerInformationStore generateCounterSigners(SignerInformation signer) diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java index 6c80bb4..329f089 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java @@ -4,11 +4,6 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; @@ -35,15 +30,11 @@ import org.bouncycastle.asn1.cms.ContentInfoParser; import org.bouncycastle.asn1.cms.SignedDataParser; import org.bouncycastle.asn1.cms.SignerInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcDigestCalculatorProvider; import org.bouncycastle.util.Store; import org.bouncycastle.util.io.Streams; -import org.bouncycastle.x509.NoSuchStoreException; -import org.bouncycastle.x509.X509Store; /** * Parsing class for an CMS Signed Data object from an input stream. @@ -100,22 +91,8 @@ public class CMSSignedDataParser private Map digests; private SignerInformationStore _signerInfoStore; - private X509Store _attributeStore; private ASN1Set _certSet, _crlSet; private boolean _isCertCrlParsed; - private X509Store _certificateStore; - private X509Store _crlStore; - - /** - * @deprecated use method taking a DigestCalculatorProvider - */ - public CMSSignedDataParser( - byte[] sigBlock) - throws CMSException - { - this(createDefaultDigestProvider(), new ByteArrayInputStream(sigBlock)); - } - public CMSSignedDataParser( DigestCalculatorProvider digestCalculatorProvider, @@ -125,20 +102,6 @@ public class CMSSignedDataParser this(digestCalculatorProvider, new ByteArrayInputStream(sigBlock)); } - /** - * @deprecated use method taking digest calculator provider. - * @param signedContent - * @param sigBlock - * @throws CMSException - */ - public CMSSignedDataParser( - CMSTypedStream signedContent, - byte[] sigBlock) - throws CMSException - { - this(createDefaultDigestProvider(), signedContent, new ByteArrayInputStream(sigBlock)); - } - public CMSSignedDataParser( DigestCalculatorProvider digestCalculatorProvider, CMSTypedStream signedContent, @@ -148,26 +111,8 @@ public class CMSSignedDataParser this(digestCalculatorProvider, signedContent, new ByteArrayInputStream(sigBlock)); } - private static DigestCalculatorProvider createDefaultDigestProvider() - throws CMSException - { - return new BcDigestCalculatorProvider(); - } - /** * base constructor - with encapsulated content - * - * @deprecated use method taking a DigestCalculatorProvider - */ - public CMSSignedDataParser( - InputStream sigData) - throws CMSException - { - this(createDefaultDigestProvider(), null, sigData); - } - - /** - * base constructor - with encapsulated content */ public CMSSignedDataParser( DigestCalculatorProvider digestCalculatorProvider, @@ -180,22 +125,6 @@ public class CMSSignedDataParser /** * base constructor * - * @param signedContent the content that was signed. - * @param sigData the signature object stream. - * * - * @deprecated use method taking a DigestCalculatorProvider - */ - public CMSSignedDataParser( - CMSTypedStream signedContent, - InputStream sigData) - throws CMSException - { - this(createDefaultDigestProvider(), signedContent, sigData); - } - - /** - * base constructor - * * @param digestCalculatorProvider for generating accumulating digests * @param signedContent the content that was signed. * @param sigData the signature object stream. @@ -273,11 +202,6 @@ public class CMSSignedDataParser { throw new CMSException("io exception: " + e.getMessage(), e); } - - if (digests.isEmpty()) - { - throw new CMSException("no digests could be created for message."); - } } /** @@ -339,201 +263,6 @@ public class CMSSignedDataParser } /** - * return a X509Store containing the attribute certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of attribute certificates - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use getAttributeCertificates() - */ - public X509Store getAttributeCertificates( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getAttributeCertificates(type, CMSUtils.getProvider(provider)); - } - - /** - * return a X509Store containing the attribute certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of attribute certificates - * @exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use getAttributeCertificates() - */ - public X509Store getAttributeCertificates( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (_attributeStore == null) - { - populateCertCrlSets(); - - _attributeStore = HELPER.createAttributeStore(type, provider, this.getAttributeCertificates()); - } - - return _attributeStore; - } - - /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of public key certificates - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use getCertificates() - */ - public X509Store getCertificates( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getCertificates(type, CMSUtils.getProvider(provider)); - } - - /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of public key certificates - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use getCertificates() - */ - public X509Store getCertificates( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (_certificateStore == null) - { - populateCertCrlSets(); - - _certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); - } - - return _certificateStore; - } - - /** - * return a X509Store containing CRLs, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of CRLs - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use getCRLs() - */ - public X509Store getCRLs( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getCRLs(type, CMSUtils.getProvider(provider)); - } - - /** - * return a X509Store containing CRLs, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of CRLs - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use getCRLs() - */ - public X509Store getCRLs( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (_crlStore == null) - { - populateCertCrlSets(); - - _crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); - } - - return _crlStore; - } - - /** - * return a CertStore containing the certificates and CRLs associated with - * this message. - * - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchAlgorithmException if the cert store isn't available. - * @exception CMSException if a general exception prevents creation of the CertStore - * @deprecated use getCertificates() and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder - */ - public CertStore getCertificatesAndCRLs( - String type, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); - } - - /** - * return a CertStore containing the certificates and CRLs associated with - * this message. - * - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchAlgorithmException if the cert store isn't available. - * @exception CMSException if a general exception prevents creation of the CertStore - * @deprecated use getCertificates() and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder - */ - public CertStore getCertificatesAndCRLs( - String type, - Provider provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - populateCertCrlSets(); - - try - { - JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); - - if (provider != null) - { - certStoreBuilder.setProvider(provider); - } - - certStoreBuilder.addCertificates(this.getCertificates()); - certStoreBuilder.addCRLs(this.getCRLs()); - - return certStoreBuilder.build(); - } - catch (NoSuchAlgorithmException e) - { - throw e; - } - catch (Exception e) - { - throw new CMSException("exception creating CertStore: " + e.getMessage(), e); - } - } - - /** * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. * * @return a Store of X509CertificateHolder objects. @@ -719,102 +448,6 @@ public class CMSSignedDataParser * The output stream is returned unclosed. * </p> * @param original the signed data stream to be used as a base. - * @param certsAndCrls the new certificates and CRLs to be used. - * @param out the stream to write the new signed data object to. - * @return out. - * @exception CMSException if there is an error processing the CertStore - * @deprecated use method that takes Store objects. - */ - public static OutputStream replaceCertificatesAndCRLs( - InputStream original, - CertStore certsAndCrls, - OutputStream out) - throws CMSException, IOException - { - ASN1StreamParser in = new ASN1StreamParser(original); - ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject()); - SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE)); - - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.signedData); - - BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - // version number - sigGen.addObject(signedData.getVersion()); - - // digests - sigGen.getRawOutputStream().write(signedData.getDigestAlgorithms().toASN1Primitive().getEncoded()); - - // encap content info - ContentInfoParser encapContentInfo = signedData.getEncapContentInfo(); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream()); - - eiGen.addObject(encapContentInfo.getContentType()); - - pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream()); - - eiGen.close(); - - // - // skip existing certs and CRLs - // - getASN1Set(signedData.getCertificates()); - getASN1Set(signedData.getCrls()); - - // - // replace the certs and crls in the SignedData object - // - ASN1Set certs; - - try - { - certs = CMSUtils.createBerSetFromList(CMSUtils.getCertificatesFromStore(certsAndCrls)); - } - catch (CertStoreException e) - { - throw new CMSException("error getting certs from certStore", e); - } - - if (certs.size() > 0) - { - sigGen.getRawOutputStream().write(new DERTaggedObject(false, 0, certs).getEncoded()); - } - - ASN1Set crls; - - try - { - crls = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(certsAndCrls)); - } - catch (CertStoreException e) - { - throw new CMSException("error getting crls from certStore", e); - } - - if (crls.size() > 0) - { - sigGen.getRawOutputStream().write(new DERTaggedObject(false, 1, crls).getEncoded()); - } - - sigGen.getRawOutputStream().write(signedData.getSignerInfos().toASN1Primitive().getEncoded()); - - sigGen.close(); - - sGen.close(); - - return out; - } - - /** - * Replace the certificate and CRL information associated with this - * CMSSignedData object with the new one passed in. - * <p> - * The output stream is returned unclosed. - * </p> - * @param original the signed data stream to be used as a base. * @param certs new certificates to be used, if any. * @param crls new CRLs to be used, if any. * @param attrCerts new attribute certificates to be used, if any. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java index cbd1c50..1e09b48 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java @@ -2,14 +2,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.OutputStream; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; import java.util.Iterator; import java.util.List; @@ -21,14 +13,8 @@ import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BERSequenceGenerator; import org.bouncycastle.asn1.BERTaggedObject; import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; /** * General class for generating a pkcs7-signature message stream. @@ -71,17 +57,6 @@ public class CMSSignedDataStreamGenerator } /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - * @deprecated no longer required if the addSignerInfoGenerator method is used. - */ - public CMSSignedDataStreamGenerator( - SecureRandom rand) - { - super(rand); - } - - /** * Set the underlying string size for encapsulated data * * @param bufferSize length of octet strings to buffer the data. @@ -91,514 +66,6 @@ public class CMSSignedDataStreamGenerator { _bufferSize = bufferSize; } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * @throws NoSuchProviderException - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, cert, digestOID, CMSUtils.getProvider(sigProvider)); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - Provider sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, cert, digestOID, new DefaultSignedAttributeTableGenerator(), - (CMSAttributeTableGenerator)null, sigProvider); - } - - /** - * add a signer, specifying the digest encryption algorithm - no attributes other than the default ones will be - * provided here. - * @throws NoSuchProviderException - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, cert, encryptionOID, digestOID, CMSUtils.getProvider(sigProvider)); - } - - /** - * add a signer, specifying digest encryptionOID - no attributes other than the default ones will be - * provided here. - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - Provider sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, cert, encryptionOID, digestOID, new DefaultSignedAttributeTableGenerator(), - (CMSAttributeTableGenerator)null, sigProvider); - } - - /** - * add a signer with extra signed/unsigned attributes. - * @throws NoSuchProviderException - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, cert, digestOID, signedAttr, unsignedAttr, - CMSUtils.getProvider(sigProvider)); - } - - /** - * add a signer with extra signed/unsigned attributes. - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr, - Provider sigProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - addSigner(key, cert, digestOID, new DefaultSignedAttributeTableGenerator(signedAttr), - new SimpleAttributeTableGenerator(unsignedAttr), sigProvider); - } - - /** - * add a signer with extra signed/unsigned attributes - specifying digest - * encryption algorithm. - * @throws NoSuchProviderException - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, cert, encryptionOID, digestOID, signedAttr, unsignedAttr, - CMSUtils.getProvider(sigProvider)); - } - - /** - * add a signer with extra signed/unsigned attributes and the digest encryption algorithm. - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr, - Provider sigProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - addSigner(key, cert, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(signedAttr), - new SimpleAttributeTableGenerator(unsignedAttr), sigProvider); - } - - /** - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, cert, digestOID, signedAttrGenerator, unsignedAttrGenerator, - CMSUtils.getProvider(sigProvider)); - } - - /** - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - Provider sigProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - addSigner(key, cert, getEncOID(key, digestOID), digestOID, signedAttrGenerator, - unsignedAttrGenerator, sigProvider); - } - - /** - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, cert, encryptionOID, digestOID, signedAttrGenerator, unsignedAttrGenerator, - CMSUtils.getProvider(sigProvider)); - } - - /** - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - Provider sigProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - addSigner(key, cert, encryptionOID, digestOID, signedAttrGenerator, unsignedAttrGenerator, sigProvider, sigProvider); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * @throws NoSuchProviderException - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, subjectKeyID, digestOID, CMSUtils.getProvider(sigProvider)); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - Provider sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, subjectKeyID, digestOID, new DefaultSignedAttributeTableGenerator(), - (CMSAttributeTableGenerator)null, sigProvider); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * @throws NoSuchProviderException - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignedInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, subjectKeyID, encryptionOID, digestOID, CMSUtils.getProvider(sigProvider)); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here, specifying the digest encryption algorithm. - * - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - Provider sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, subjectKeyID, encryptionOID, digestOID, - new DefaultSignedAttributeTableGenerator(), (CMSAttributeTableGenerator)null, - sigProvider); - } - - /** - * add a signer with extra signed/unsigned attributes. - * @throws NoSuchProviderException - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, subjectKeyID, digestOID, signedAttr, unsignedAttr, - CMSUtils.getProvider(sigProvider)); - } - - /** - * add a signer with extra signed/unsigned attributes. - * @throws NoSuchAlgorithmException - * @throws InvalidKeyException - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr, - Provider sigProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - addSigner(key, subjectKeyID, digestOID, - new DefaultSignedAttributeTableGenerator(signedAttr), - new SimpleAttributeTableGenerator(unsignedAttr), sigProvider); - } - - /** - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, subjectKeyID, digestOID, signedAttrGenerator, unsignedAttrGenerator, - CMSUtils.getProvider(sigProvider)); - } - - /** - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - Provider sigProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - addSigner(key, subjectKeyID, getEncOID(key, digestOID), digestOID, signedAttrGenerator, - unsignedAttrGenerator, sigProvider); - } - - /** - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - addSigner(key, subjectKeyID, encryptionOID, digestOID, signedAttrGenerator, - unsignedAttrGenerator, CMSUtils.getProvider(sigProvider)); - } - - /** - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - Provider sigProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - addSigner(key, subjectKeyID, encryptionOID, digestOID, signedAttrGenerator, unsignedAttrGenerator, sigProvider, sigProvider); - } - - /** - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - Provider sigProvider, - Provider digProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - doAddSigner(key, cert, encryptionOID, digestOID, signedAttrGenerator, unsignedAttrGenerator, sigProvider, digProvider); - } - - private void doAddSigner(PrivateKey key, Object signerId, String encryptionOID, String digestOID, CMSAttributeTableGenerator signedAttrGenerator, CMSAttributeTableGenerator unsignedAttrGenerator, Provider sigProvider, Provider digProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID); - String signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encryptionOID); - - JcaContentSignerBuilder signerBuilder; - - try - { - signerBuilder = new JcaContentSignerBuilder(signatureName).setSecureRandom(rand); - } - catch (IllegalArgumentException e) - { - throw new NoSuchAlgorithmException(e.getMessage()); - } - - if (sigProvider != null) - { - signerBuilder.setProvider(sigProvider); - } - - try - { - JcaDigestCalculatorProviderBuilder calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder(); - - if (digProvider != null && !digProvider.getName().equalsIgnoreCase("SunRsaSign")) - { - calculatorProviderBuilder.setProvider(digProvider); - } - - JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(calculatorProviderBuilder.build()); - - builder.setSignedAttributeGenerator(signedAttrGenerator); - - builder.setUnsignedAttributeGenerator(unsignedAttrGenerator); - - try - { - ContentSigner contentSigner = signerBuilder.build(key); - - if (signerId instanceof X509Certificate) - { - addSignerInfoGenerator(builder.build(contentSigner, (X509Certificate)signerId)); - } - else - { - addSignerInfoGenerator(builder.build(contentSigner, (byte[])signerId)); - } - } - catch (OperatorCreationException e) - { - if (e.getCause() instanceof NoSuchAlgorithmException) - { - throw (NoSuchAlgorithmException)e.getCause(); - } - if (e.getCause() instanceof InvalidKeyException) - { - throw (InvalidKeyException)e.getCause(); - } - } - } - catch (OperatorCreationException e) - { - throw new NoSuchAlgorithmException("unable to create operators: " + e.getMessage()); - } - catch (CertificateEncodingException e) - { - throw new IllegalStateException("unable to encode certificate"); - } - } - - /** - * @deprecated use addSignerInfoGenerator - */ - public void addSigner( - PrivateKey key, - byte[] subjectKeyID, - String encryptionOID, - String digestOID, - CMSAttributeTableGenerator signedAttrGenerator, - CMSAttributeTableGenerator unsignedAttrGenerator, - Provider sigProvider, - Provider digProvider) - throws NoSuchAlgorithmException, InvalidKeyException - { - doAddSigner(key, subjectKeyID, encryptionOID, digestOID, signedAttrGenerator, unsignedAttrGenerator, sigProvider, digProvider); - } /** * generate a signed object that for a CMS Signed Data @@ -645,18 +112,6 @@ public class CMSSignedDataStreamGenerator } /** - * @deprecated use open(ASN1ObjectIdentifier, OutputStream, boolean) - */ - public OutputStream open( - OutputStream out, - String eContentType, - boolean encapsulate) - throws IOException - { - return open(out, eContentType, encapsulate, null); - } - - /** * generate a signed object that for a CMS Signed Data * object using the given provider - if encapsulate is true a copy * of the message will be included in the signature. The content type @@ -672,19 +127,6 @@ public class CMSSignedDataStreamGenerator } /** - * @deprecated use open(ASN1ObjectIdenfier, OutputStream, boolean, OutputStream) - */ - public OutputStream open( - OutputStream out, - String eContentType, - boolean encapsulate, - OutputStream dataOutputStream) - throws IOException - { - return open(new ASN1ObjectIdentifier(eContentType), out, encapsulate, dataOutputStream); - } - - /** * generate a signed object that for a CMS Signed Data * object using the given provider - if encapsulate is true a copy * of the message will be included in the signature. The content type @@ -786,23 +228,6 @@ public class CMSSignedDataStreamGenerator return new CmsSignedDataOutputStream(sigStream, eContentType, sGen, sigGen, eiGen); } - // TODO Make public? - void generate( - OutputStream out, - String eContentType, - boolean encapsulate, - OutputStream dataOutputStream, - CMSProcessable content) - throws CMSException, IOException - { - OutputStream signedOut = open(out, eContentType, encapsulate, dataOutputStream); - if (content != null) - { - content.write(signedOut); - } - signedOut.close(); - } - // RFC3852, section 5.1: // IF ((certificates is present) AND // (any certificates with a type of other are present)) OR @@ -915,7 +340,7 @@ public class CMSSignedDataStreamGenerator { SignerInfoGenerator s = (SignerInfoGenerator)it.next(); - if (s.getGeneratedVersion().getValue().intValue() == 3) + if (s.getGeneratedVersion() == 3) { return true; } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java index 84369e7..9fe6779 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java @@ -1,12 +1,5 @@ package org.bouncycastle.cms; -import java.io.IOException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.RSAPrivateKey; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -17,11 +10,7 @@ import java.util.Set; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; @@ -30,16 +19,12 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AttributeCertificate; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Store; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509Store; public class CMSSignedGenerator { @@ -98,62 +83,11 @@ public class CMSSignedGenerator protected List signerGens = new ArrayList(); protected Map digests = new HashMap(); - protected final SecureRandom rand; - /** * base constructor */ protected CMSSignedGenerator() { - this(new SecureRandom()); - } - - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - */ - protected CMSSignedGenerator( - SecureRandom rand) - { - this.rand = rand; - } - - protected String getEncOID( - PrivateKey key, - String digestOID) - { - String encOID = null; - - if (key instanceof RSAPrivateKey || "RSA".equalsIgnoreCase(key.getAlgorithm())) - { - encOID = ENCRYPTION_RSA; - } - else if (key instanceof DSAPrivateKey || "DSA".equalsIgnoreCase(key.getAlgorithm())) - { - encOID = ENCRYPTION_DSA; - if (!digestOID.equals(DIGEST_SHA1)) - { - throw new IllegalArgumentException("can't mix DSA with anything but SHA1"); - } - } - else if ("ECDSA".equalsIgnoreCase(key.getAlgorithm()) || "EC".equalsIgnoreCase(key.getAlgorithm())) - { - encOID = (String)EC_ALGORITHMS.get(digestOID); - if (encOID == null) - { - throw new IllegalArgumentException("can't mix ECDSA with anything but SHA family digests"); - } - } - else if (key instanceof GOST3410PrivateKey || "GOST3410".equalsIgnoreCase(key.getAlgorithm())) - { - encOID = ENCRYPTION_GOST3410; - } - else if ("ECGOST3410".equalsIgnoreCase(key.getAlgorithm())) - { - encOID = ENCRYPTION_ECGOST3410; - } - - return encOID; } protected Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) @@ -165,36 +99,6 @@ public class CMSSignedGenerator return param; } - protected ASN1Set getAttributeSet( - AttributeTable attr) - { - if (attr != null) - { - return new DERSet(attr.toASN1EncodableVector()); - } - - return null; - } - - /** - * add the certificates and CRLs contained in the given CertStore - * to the pool that will be included in the encoded signature block. - * <p> - * Note: this assumes the CertStore will support null in the get - * methods. - * @param certStore CertStore containing the public key certificates and CRLs - * @throws java.security.cert.CertStoreException if an issue occurs processing the CertStore - * @throws CMSException if an issue occurse transforming data from the CertStore into the message - * @deprecated use addCertificates and addCRLs - */ - public void addCertificatesAndCRLs( - CertStore certStore) - throws CertStoreException, CMSException - { - certs.addAll(CMSUtils.getCertificatesFromStore(certStore)); - crls.addAll(CMSUtils.getCRLsFromStore(certStore)); - } - /** * Add a certificate to the certificate set to be included with the generated SignedData message. * @@ -297,40 +201,7 @@ public class CMSSignedGenerator } /** - * Add the attribute certificates contained in the passed in store to the - * generator. - * - * @param store a store of Version 2 attribute certificates - * @throws CMSException if an error occurse processing the store. - * @deprecated use basic Store method - */ - public void addAttributeCertificates( - X509Store store) - throws CMSException - { - try - { - for (Iterator it = store.getMatches(null).iterator(); it.hasNext();) - { - X509AttributeCertificate attrCert = (X509AttributeCertificate)it.next(); - - certs.add(new DERTaggedObject(false, 2, - AttributeCertificate.getInstance(ASN1Primitive.fromByteArray(attrCert.getEncoded())))); - } - } - catch (IllegalArgumentException e) - { - throw new CMSException("error processing attribute certs", e); - } - catch (IOException e) - { - throw new CMSException("error processing attribute certs", e); - } - } - - - /** - * Add a store of precalculated signers to the generator. + * Add a store of pre-calculated signers to the generator. * * @param signerStore store of signers */ @@ -345,6 +216,11 @@ public class CMSSignedGenerator } } + /** + * Add a generator for a particular signer to this CMS SignedData generator. + * + * @param infoGen the generator representing the particular signer. + */ public void addSignerInfoGenerator(SignerInfoGenerator infoGen) { signerGens.add(infoGen); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java index ce20884..2f98e69 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java @@ -1,14 +1,8 @@ package org.bouncycastle.cms; -import java.io.IOException; -import java.security.Provider; -import java.security.cert.CRLException; -import java.security.cert.CertificateException; import java.util.ArrayList; -import java.util.Collection; import java.util.Enumeration; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import java.util.Map; @@ -35,14 +29,8 @@ import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.util.CollectionStore; import org.bouncycastle.util.Store; -import org.bouncycastle.x509.NoSuchStoreException; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509Store; -import org.bouncycastle.x509.X509V2AttributeCertificate; class CMSSignedHelper { @@ -125,23 +113,7 @@ class CMSSignedHelper digestAliases.put("SHA384", new String[] { "SHA-384" }); digestAliases.put("SHA512", new String[] { "SHA-512" }); } - - /** - * Return the digest algorithm using one of the standard JCA string - * representations rather than the algorithm identifier (if possible). - */ - String getDigestAlgName( - String digestAlgOID) - { - String algName = (String)digestAlgs.get(digestAlgOID); - - if (algName != null) - { - return algName; - } - return digestAlgOID; - } /** * Return the digest encryption algorithm using one of the standard @@ -161,95 +133,6 @@ class CMSSignedHelper return encryptionAlgOID; } - X509Store createAttributeStore( - String type, - Provider provider, - Store certStore) - throws NoSuchStoreException, CMSException - { - try - { - Collection certHldrs = certStore.getMatches(null); - List certs = new ArrayList(certHldrs.size()); - - for (Iterator it = certHldrs.iterator(); it.hasNext();) - { - certs.add(new X509V2AttributeCertificate(((X509AttributeCertificateHolder)it.next()).getEncoded())); - } - - return X509Store.getInstance( - "AttributeCertificate/" +type, new X509CollectionStoreParameters(certs), provider); - } - catch (IllegalArgumentException e) - { - throw new CMSException("can't setup the X509Store", e); - } - catch (IOException e) - { - throw new CMSException("can't setup the X509Store", e); - } - } - - X509Store createCertificateStore( - String type, - Provider provider, - Store certStore) - throws NoSuchStoreException, CMSException - { - try - { - JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider); - Collection certHldrs = certStore.getMatches(null); - List certs = new ArrayList(certHldrs.size()); - - for (Iterator it = certHldrs.iterator(); it.hasNext();) - { - certs.add(converter.getCertificate((X509CertificateHolder)it.next())); - } - - return X509Store.getInstance( - "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); - } - catch (IllegalArgumentException e) - { - throw new CMSException("can't setup the X509Store", e); - } - catch (CertificateException e) - { - throw new CMSException("can't setup the X509Store", e); - } - } - - X509Store createCRLsStore( - String type, - Provider provider, - Store crlStore) - throws NoSuchStoreException, CMSException - { - try - { - JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider); - Collection crlHldrs = crlStore.getMatches(null); - List crls = new ArrayList(crlHldrs.size()); - - for (Iterator it = crlHldrs.iterator(); it.hasNext();) - { - crls.add(converter.getCRL((X509CRLHolder)it.next())); - } - - return X509Store.getInstance( - "CRL/" +type, new X509CollectionStoreParameters(crls), provider); - } - catch (IllegalArgumentException e) - { - throw new CMSException("can't setup the X509Store", e); - } - catch (CRLException e) - { - throw new CMSException("can't setup the X509Store", e); - } - } - AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) { if (algId.getParameters() == null) diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index 743ab8e..dc9c2ee 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -3,15 +3,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.Security; -import java.security.cert.CRLException; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; @@ -21,7 +12,6 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BEROctetStringGenerator; import org.bouncycastle.asn1.BERSet; @@ -29,13 +19,9 @@ import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; import org.bouncycastle.asn1.ocsp.OCSPResponse; import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; @@ -63,36 +49,6 @@ class CMSUtils return readContentInfo(new ASN1InputStream(input)); } - static List getCertificatesFromStore(CertStore certStore) - throws CertStoreException, CMSException - { - List certs = new ArrayList(); - - try - { - for (Iterator it = certStore.getCertificates(null).iterator(); it.hasNext();) - { - X509Certificate c = (X509Certificate)it.next(); - - certs.add(Certificate.getInstance(ASN1Primitive.fromByteArray(c.getEncoded()))); - } - - return certs; - } - catch (IllegalArgumentException e) - { - throw new CMSException("error processing certs", e); - } - catch (IOException e) - { - throw new CMSException("error processing certs", e); - } - catch (CertificateEncodingException e) - { - throw new CMSException("error encoding certs", e); - } - } - static List getCertificatesFromStore(Store certStore) throws CMSException { @@ -137,35 +93,6 @@ class CMSUtils } } - static List getCRLsFromStore(CertStore certStore) - throws CertStoreException, CMSException - { - List crls = new ArrayList(); - - try - { - for (Iterator it = certStore.getCRLs(null).iterator(); it.hasNext();) - { - X509CRL c = (X509CRL)it.next(); - - crls.add(CertificateList.getInstance(ASN1Primitive.fromByteArray(c.getEncoded()))); - } - - return crls; - } - catch (IllegalArgumentException e) - { - throw new CMSException("error processing crls", e); - } - catch (IOException e) - { - throw new CMSException("error processing crls", e); - } - catch (CRLException e) - { - throw new CMSException("error encoding crls", e); - } - } static List getCRLsFromStore(Store crlStore) throws CMSException @@ -250,27 +177,6 @@ class CMSUtils return octGen.getOctetOutputStream(); } - static TBSCertificate getTBSCertificateStructure( - X509Certificate cert) - { - try - { - return TBSCertificate.getInstance( - ASN1Primitive.fromByteArray(cert.getTBSCertificate())); - } - catch (Exception e) - { - throw new IllegalArgumentException( - "can't extract TBS structure from this cert"); - } - } - - static IssuerAndSerialNumber getIssuerAndSerialNumber(X509Certificate cert) - { - TBSCertificate tbsCert = getTBSCertificateStructure(cert); - return new IssuerAndSerialNumber(tbsCert.getIssuer(), tbsCert.getSerialNumber().getValue()); - } - private static ContentInfo readContentInfo( ASN1InputStream in) throws CMSException @@ -308,24 +214,6 @@ class CMSUtils return Streams.readAllLimited(in, limit); } - public static Provider getProvider(String providerName) - throws NoSuchProviderException - { - if (providerName != null) - { - Provider prov = Security.getProvider(providerName); - - if (prov != null) - { - return prov; - } - - throw new NoSuchProviderException("provider " + providerName + " not found."); - } - - return null; - } - static InputStream attachDigestsToInputStream(Collection digests, InputStream s) { InputStream result = s; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java index 8ba3686..837edd8 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java @@ -1,6 +1,7 @@ package org.bouncycastle.cms; import java.util.Date; +import java.util.Enumeration; import java.util.Hashtable; import java.util.Map; @@ -59,7 +60,7 @@ public class DefaultSignedAttributeTableGenerator protected Hashtable createStandardAttributeTable( Map parameters) { - Hashtable std = (Hashtable)table.clone(); + Hashtable std = copyHashTable(table); if (!std.containsKey(CMSAttributes.contentType)) { @@ -103,4 +104,18 @@ public class DefaultSignedAttributeTableGenerator { return new AttributeTable(createStandardAttributeTable(parameters)); } + + private static Hashtable copyHashTable(Hashtable paramsMap) + { + Hashtable newTable = new Hashtable(); + + Enumeration keys = paramsMap.keys(); + while (keys.hasMoreElements()) + { + Object key = keys.nextElement(); + newTable.put(key, paramsMap.get(key)); + } + + return newTable; + } } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java index 4e1b8cd..62c6529 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java @@ -1,18 +1,10 @@ package org.bouncycastle.cms; import java.io.IOException; -import java.security.Key; -import java.security.NoSuchProviderException; -import java.security.Provider; - -import javax.crypto.SecretKey; import org.bouncycastle.asn1.cms.KEKIdentifier; import org.bouncycastle.asn1.cms.KEKRecipientInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceKEKAuthenticatedRecipient; -import org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient; -import org.bouncycastle.cms.jcajce.JceKEKRecipient; /** * the RecipientInfo class for a recipient who has been sent a message @@ -38,52 +30,6 @@ public class KEKRecipientInformation this.rid = new KEKRecipientId(kekId.getKeyIdentifier().getOctets()); } - /** - * decrypt the content and return an input stream. - */ - public CMSTypedStream getContentStream( - Key key, - String prov) - throws CMSException, NoSuchProviderException - { - return getContentStream(key, CMSUtils.getProvider(prov)); - } - - /** - * decrypt the content and return an input stream. - * @deprecated use getContentStream(Recipient) - */ - public CMSTypedStream getContentStream( - Key key, - Provider prov) - throws CMSException - { - try - { - JceKEKRecipient recipient; - - if (secureReadable instanceof CMSEnvelopedHelper.CMSEnvelopedSecureReadable) - { - recipient = new JceKEKEnvelopedRecipient((SecretKey)key); - } - else - { - recipient = new JceKEKAuthenticatedRecipient((SecretKey)key); - } - - if (prov != null) - { - recipient.setProvider(prov); - } - - return getContentStream(recipient); - } - catch (IOException e) - { - throw new CMSException("encoding error: " + e.getMessage(), e); - } - } - protected RecipientOperator getRecipientOperator(Recipient recipient) throws CMSException, IOException { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java index 51917da..16c26bd 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java @@ -1,10 +1,6 @@ package org.bouncycastle.cms; import java.io.IOException; -import java.security.Key; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; import java.util.List; import org.bouncycastle.asn1.ASN1OctetString; @@ -19,9 +15,6 @@ import org.bouncycastle.asn1.cms.RecipientKeyIdentifier; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cms.jcajce.JceKeyAgreeAuthenticatedRecipient; -import org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient; -import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipient; /** * the RecipientInfo class for a recipient who has been sent a message @@ -126,57 +119,6 @@ public class KeyAgreeRecipientInformation throw new CMSException("No support for 'originator' as IssuerAndSerialNumber or SubjectKeyIdentifier"); } - /** - * decrypt the content and return it - * @deprecated use getContentStream(Recipient) method - */ - public CMSTypedStream getContentStream( - Key key, - String prov) - throws CMSException, NoSuchProviderException - { - return getContentStream(key, CMSUtils.getProvider(prov)); - } - - /** - * decrypt the content and return it - * @deprecated use getContentStream(Recipient) method - */ - public CMSTypedStream getContentStream( - Key key, - Provider prov) - throws CMSException - { - try - { - JceKeyAgreeRecipient recipient; - - if (secureReadable instanceof CMSEnvelopedHelper.CMSEnvelopedSecureReadable) - { - recipient = new JceKeyAgreeEnvelopedRecipient((PrivateKey)key); - } - else - { - recipient = new JceKeyAgreeAuthenticatedRecipient((PrivateKey)key); - } - - if (prov != null) - { - recipient.setProvider(prov); - if (prov.getName().equalsIgnoreCase("SunJCE")) - { - recipient.setContentProvider((String)null); // need to fall back to generic search - } - } - - return getContentStream(recipient); - } - catch (IOException e) - { - throw new CMSException("encoding error: " + e.getMessage(), e); - } - } - protected RecipientOperator getRecipientOperator(Recipient recipient) throws CMSException, IOException { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java index a1180b4..d59f4b3 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java @@ -1,20 +1,10 @@ package org.bouncycastle.cms; -import java.io.IOException; -import java.security.Key; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; - import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; import org.bouncycastle.asn1.cms.RecipientIdentifier; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceKeyTransAuthenticatedRecipient; -import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; -import org.bouncycastle.cms.jcajce.JceKeyTransRecipient; - /** * the KeyTransRecipientInformation class for a recipient who has been sent a secret @@ -52,57 +42,6 @@ public class KeyTransRecipientInformation } } - /** - * decrypt the content and return it - * @deprecated use getContentStream(Recipient) method - */ - public CMSTypedStream getContentStream( - Key key, - String prov) - throws CMSException, NoSuchProviderException - { - return getContentStream(key, CMSUtils.getProvider(prov)); - } - - /** - * decrypt the content and return it - * @deprecated use getContentStream(Recipient) method - */ - public CMSTypedStream getContentStream( - Key key, - Provider prov) - throws CMSException - { - try - { - JceKeyTransRecipient recipient; - - if (secureReadable instanceof CMSEnvelopedHelper.CMSEnvelopedSecureReadable) - { - recipient = new JceKeyTransEnvelopedRecipient((PrivateKey)key); - } - else - { - recipient = new JceKeyTransAuthenticatedRecipient((PrivateKey)key); - } - - if (prov != null) - { - recipient.setProvider(prov); - if (prov.getName().equalsIgnoreCase("SunJCE")) - { - recipient.setContentProvider((String)null); // need to fall back to generic search - } - } - - return getContentStream(recipient); - } - catch (IOException e) - { - throw new CMSException("encoding error: " + e.getMessage(), e); - } - } - protected RecipientOperator getRecipientOperator(Recipient recipient) throws CMSException { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/PKCS5Scheme2PBEKey.java b/bcpkix/src/main/java/org/bouncycastle/cms/PKCS5Scheme2PBEKey.java deleted file mode 100644 index b5be483..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/PKCS5Scheme2PBEKey.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.bouncycastle.cms; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; - -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * PKCS5 scheme-2 - password converted to bytes assuming ASCII. - */ -public class PKCS5Scheme2PBEKey - extends CMSPBEKey -{ - public PKCS5Scheme2PBEKey(char[] password, byte[] salt, int iterationCount) - { - super(password, salt, iterationCount); - } - - public PKCS5Scheme2PBEKey(char[] password, AlgorithmParameters pbeParams) - throws InvalidAlgorithmParameterException - { - super(password, getParamSpec(pbeParams)); - } - - byte[] getEncoded(String algorithmOid) - { - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(PBEParametersGenerator.PKCS5PasswordToBytes(this.getPassword()), this.getSalt(), this.getIterationCount()); - - return ((KeyParameter)gen.generateDerivedParameters(CMSEnvelopedHelper.INSTANCE.getKeySize(algorithmOid))).getKey(); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/PKCS5Scheme2UTF8PBEKey.java b/bcpkix/src/main/java/org/bouncycastle/cms/PKCS5Scheme2UTF8PBEKey.java deleted file mode 100644 index 436ba66..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/PKCS5Scheme2UTF8PBEKey.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.bouncycastle.cms; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; - -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * PKCS5 scheme-2 - password converted to bytes using UTF-8. - */ -public class PKCS5Scheme2UTF8PBEKey - extends CMSPBEKey -{ - public PKCS5Scheme2UTF8PBEKey(char[] password, byte[] salt, int iterationCount) - { - super(password, salt, iterationCount); - } - - public PKCS5Scheme2UTF8PBEKey(char[] password, AlgorithmParameters pbeParams) - throws InvalidAlgorithmParameterException - { - super(password, getParamSpec(pbeParams)); - } - - byte[] getEncoded(String algorithmOid) - { - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(this.getPassword()), this.getSalt(), this.getIterationCount()); - - return ((KeyParameter)gen.generateDerivedParameters(CMSEnvelopedHelper.INSTANCE.getKeySize(algorithmOid))).getKey(); - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java index 4517ad6..d7639e9 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java @@ -1,10 +1,6 @@ package org.bouncycastle.cms; import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.Key; -import java.security.NoSuchProviderException; -import java.security.Provider; import java.util.HashMap; import java.util.Map; @@ -12,10 +8,6 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.cms.PasswordRecipientInfo; import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceAlgorithmIdentifierConverter; -import org.bouncycastle.cms.jcajce.JcePasswordAuthenticatedRecipient; -import org.bouncycastle.cms.jcajce.JcePasswordEnvelopedRecipient; -import org.bouncycastle.cms.jcajce.JcePasswordRecipient; import org.bouncycastle.crypto.PBEParametersGenerator; import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; import org.bouncycastle.crypto.params.KeyParameter; @@ -110,88 +102,6 @@ public class PasswordRecipientInformation return info.getKeyDerivationAlgorithm(); } - /** - * return an AlgorithmParameters object representing the parameters to the - * key derivation algorithm to the recipient. - * - * @return AlgorithmParameters object, null if there aren't any. - * @deprecated use getKeyDerivationAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getKeyDerivationAlgParameters(String provider) - throws NoSuchProviderException - { - return getKeyDerivationAlgParameters(CMSUtils.getProvider(provider)); - } - - /** - * return an AlgorithmParameters object representing the parameters to the - * key derivation algorithm to the recipient. - * - * @return AlgorithmParameters object, null if there aren't any. - * @deprecated use getKeyDerivationAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getKeyDerivationAlgParameters(Provider provider) - { - try - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(info.getKeyDerivationAlgorithm()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * decrypt the content and return an input stream. - * @deprecated use getContentStream(Recipient) - */ - public CMSTypedStream getContentStream( - Key key, - String prov) - throws CMSException, NoSuchProviderException - { - return getContentStream(key, CMSUtils.getProvider(prov)); - } - - /** - * decrypt the content and return an input stream. - * @deprecated use getContentStream(Recipient) - */ - public CMSTypedStream getContentStream( - Key key, - Provider prov) - throws CMSException - { - try - { - CMSPBEKey pbeKey = (CMSPBEKey)key; - JcePasswordRecipient recipient; - - if (secureReadable instanceof CMSEnvelopedHelper.CMSEnvelopedSecureReadable) - { - recipient = new JcePasswordEnvelopedRecipient(pbeKey.getPassword()); - } - else - { - recipient = new JcePasswordAuthenticatedRecipient(pbeKey.getPassword()); - } - - recipient.setPasswordConversionScheme((pbeKey instanceof PKCS5Scheme2UTF8PBEKey) ? PasswordRecipient.PKCS5_SCHEME2_UTF8 : PasswordRecipient.PKCS5_SCHEME2); - - if (prov != null) - { - recipient.setProvider(prov); - } - - return getContentStream(recipient); - } - catch (IOException e) - { - throw new CMSException("encoding error: " + e.getMessage(), e); - } - } - protected RecipientOperator getRecipientOperator(Recipient recipient) throws CMSException, IOException { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/RecipientInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/RecipientInformation.java index 5129881..86f9fa3 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/RecipientInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/RecipientInformation.java @@ -2,15 +2,10 @@ package org.bouncycastle.cms; import java.io.ByteArrayInputStream; import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.Key; -import java.security.NoSuchProviderException; -import java.security.Provider; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.jcajce.JceAlgorithmIdentifierConverter; import org.bouncycastle.util.io.Streams; public abstract class RecipientInformation @@ -71,7 +66,7 @@ public abstract class RecipientInformation */ public String getKeyEncryptionAlgOID() { - return keyEncAlg.getObjectId().getId(); + return keyEncAlg.getAlgorithm().getId(); } /** @@ -93,68 +88,6 @@ public abstract class RecipientInformation } /** - * Return an AlgorithmParameters object giving the encryption parameters - * used to encrypt the key this recipient holds. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @throws NoSuchProviderException if the provider cannot be found. - * @deprecated use getKeyEncryptionAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getKeyEncryptionAlgorithmParameters( - String provider) - throws CMSException, NoSuchProviderException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(keyEncAlg); - } - - /** - * Return an AlgorithmParameters object giving the encryption parameters - * used to encrypt the key this recipient holds. - * - * @param provider the provider to generate the parameters for. - * @return the parameters object, null if there is not one. - * @throws CMSException if the algorithm cannot be found, or the parameters can't be parsed. - * @deprecated use getKeyEncryptionAlgorithm and JceAlgorithmIdentifierConverter(). - */ - public AlgorithmParameters getKeyEncryptionAlgorithmParameters( - Provider provider) - throws CMSException - { - return new JceAlgorithmIdentifierConverter().setProvider(provider).getAlgorithmParameters(keyEncAlg); - } - - /** - * @deprecated use getContent(Recipient) - */ - public byte[] getContent( - Key key, - String provider) - throws CMSException, NoSuchProviderException - { - return getContent(key, CMSUtils.getProvider(provider)); - } - - /** - * @deprecated use getContent(Recipient) - */ - public byte[] getContent( - Key key, - Provider provider) - throws CMSException - { - try - { - return CMSUtils.streamToByteArray(getContentStream(key, provider).getContentStream()); - } - catch (IOException e) - { - throw new RuntimeException("unable to parse internal stream: " + e); - } - } - - /** * Return the content digest calculated during the read of the content if one has been generated. This will * only happen if we are dealing with authenticated data and authenticated attributes are present. * @@ -223,24 +156,6 @@ public abstract class RecipientInformation } /** - * decrypt the content and return it - * @deprecated use getContentStream(Recipient) method - */ - public CMSTypedStream getContentStream(Key key, String provider) - throws CMSException, NoSuchProviderException - { - return getContentStream(key, CMSUtils.getProvider(provider)); - } - - /** - * decrypt the content and return it - * @deprecated use getContentStream(Recipient) method - */ - public abstract CMSTypedStream getContentStream(Key key, Provider provider) - throws CMSException; - - - /** * Return a CMSTypedStream representing the content in the EnvelopedData after recovering the content * encryption/MAC key using the passed in Recipient. * diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java index e378629..f264729 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java @@ -7,7 +7,6 @@ import java.util.HashMap; import java.util.Map; import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.DEROctetString; @@ -23,6 +22,7 @@ import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.util.Arrays; import org.bouncycastle.util.io.TeeOutputStream; public class SignerInfoGenerator @@ -126,9 +126,9 @@ public class SignerInfoGenerator return signerIdentifier; } - public ASN1Integer getGeneratedVersion() + public int getGeneratedVersion() { - return new ASN1Integer(signerIdentifier.isTagged() ? 3 : 1); + return signerIdentifier.isTagged() ? 3 : 1; } public boolean hasAssociatedCertificate() @@ -221,7 +221,7 @@ public class SignerInfoGenerator if (unsAttrGen != null) { Map parameters = getBaseParameters(contentType, digestAlg, calculatedDigest); - parameters.put(CMSAttributeTableGenerator.SIGNATURE, sigBytes.clone()); + parameters.put(CMSAttributeTableGenerator.SIGNATURE, Arrays.clone(sigBytes)); AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); @@ -265,7 +265,7 @@ public class SignerInfoGenerator } param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, hash.clone()); + param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); return param; } @@ -273,7 +273,7 @@ public class SignerInfoGenerator { if (calculatedDigest != null) { - return (byte[])calculatedDigest.clone(); + return Arrays.clone(calculatedDigest); } return null; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java index bd9703a..7e178d6 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java @@ -2,13 +2,6 @@ package org.bouncycastle.cms; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.PublicKey; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Enumeration; import java.util.Iterator; @@ -33,13 +26,10 @@ import org.bouncycastle.asn1.cms.Time; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DigestInfo; import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder; -import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.operator.ContentVerifier; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.RawContentVerifier; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.io.TeeOutputStream; @@ -172,7 +162,7 @@ public class SignerInformation throw new IllegalStateException("method can only be called after verify."); } - return (byte[])resultDigest.clone(); + return Arrays.clone(resultDigest); } /** @@ -232,7 +222,7 @@ public class SignerInformation */ public byte[] getSignature() { - return (byte[])signature.clone(); + return Arrays.clone(signature); } /** @@ -318,42 +308,6 @@ public class SignerInformation return null; } - /** - * @deprecated - */ - private boolean doVerify( - PublicKey key, - Provider sigProvider) - throws CMSException, NoSuchAlgorithmException - { - try - { - SignerInformationVerifier verifier; - - if (sigProvider != null) - { - if (!sigProvider.getName().equalsIgnoreCase("BC")) - { - verifier = new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build()).setProvider(sigProvider).build(key); - } - else - { - verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider(sigProvider).build(key); - } - } - else - { - verifier = new JcaSimpleSignerInfoVerifierBuilder().build(key); - } - - return doVerify(verifier); - } - catch (OperatorCreationException e) - { - throw new CMSException("unable to create verifier: " + e.getMessage(), e); - } - } - private boolean doVerify( SignerInformationVerifier verifier) throws CMSException @@ -555,75 +509,6 @@ public class SignerInformation } /** - * verify that the given public key successfully handles and confirms the - * signature associated with this signer. - * @deprecated use verify(ContentVerifierProvider) - */ - public boolean verify( - PublicKey key, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - return verify(key, CMSUtils.getProvider(sigProvider)); - } - - /** - * verify that the given public key successfully handles and confirms the - * signature associated with this signer - * @deprecated use verify(ContentVerifierProvider) - */ - public boolean verify( - PublicKey key, - Provider sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - // Optional, but still need to validate if present - getSigningTime(); - - return doVerify(key, sigProvider); - } - - /** - * verify that the given certificate successfully handles and confirms - * the signature associated with this signer and, if a signingTime - * attribute is available, that the certificate was valid at the time the - * signature was generated. - * @deprecated use verify(ContentVerifierProvider) - */ - public boolean verify( - X509Certificate cert, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, - CertificateExpiredException, CertificateNotYetValidException, - CMSException - { - return verify(cert, CMSUtils.getProvider(sigProvider)); - } - - /** - * verify that the given certificate successfully handles and confirms - * the signature associated with this signer and, if a signingTime - * attribute is available, that the certificate was valid at the time the - * signature was generated. - * @deprecated use verify(ContentVerifierProvider) - */ - public boolean verify( - X509Certificate cert, - Provider sigProvider) - throws NoSuchAlgorithmException, - CertificateExpiredException, CertificateNotYetValidException, - CMSException - { - Time signingTime = getSigningTime(); - if (signingTime != null) - { - cert.checkValidity(signingTime.getDate()); - } - - return doVerify(cert.getPublicKey(), sigProvider); - } - - /** * Verify that the given verifier can successfully verify the signature on * this SignerInformation object. * @@ -654,17 +539,6 @@ public class SignerInformation } /** - * Return the base ASN.1 CMS structure that this object contains. - * - * @return an object containing a CMS SignerInfo structure. - * @deprecated use toASN1Structure() - */ - public SignerInfo toSignerInfo() - { - return info; - } - - /** * Return the underlying ASN.1 object defining this SignerInformation object. * * @return a SignerInfo. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java index bd36b73..104b16f 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java @@ -1,14 +1,19 @@ package org.bouncycastle.cms.jcajce; +import java.io.IOException; +import java.security.AlgorithmParameters; import java.security.Provider; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.asn1.x509.X509Extension; +import org.bouncycastle.cms.CMSException; +import org.bouncycastle.jcajce.JcaJceUtils; class CMSUtils { @@ -30,7 +35,7 @@ class CMSUtils static byte[] getSubjectKeyId(X509Certificate cert) { - byte[] ext = cert.getExtensionValue(X509Extension.subjectKeyIdentifier.getId()); + byte[] ext = cert.getExtensionValue(Extension.subjectKeyIdentifier.getId()); if (ext != null) { @@ -66,4 +71,29 @@ class CMSUtils } } + static ASN1Encodable extractParameters(AlgorithmParameters params) + throws CMSException + { + try + { + return JcaJceUtils.extractParameters(params); + } + catch (IOException e) + { + throw new CMSException("cannot extract parameters: " + e.getMessage(), e); + } + } + + static void loadParameters(AlgorithmParameters params, ASN1Encodable sParams) + throws CMSException + { + try + { + JcaJceUtils.loadParameters(params, sParams); + } + catch (IOException e) + { + throw new CMSException("error encoding algorithm parameters.", e); + } + } }
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java index 5f3958f..b081051 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java @@ -1,6 +1,5 @@ package org.bouncycastle.cms.jcajce; -import java.io.IOException; import java.security.AlgorithmParameterGenerator; import java.security.AlgorithmParameters; import java.security.GeneralSecurityException; @@ -32,7 +31,6 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Null; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -41,12 +39,16 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSAlgorithm; import org.bouncycastle.cms.CMSEnvelopedDataGenerator; import org.bouncycastle.cms.CMSException; +import org.bouncycastle.operator.DefaultSecretKeySizeProvider; import org.bouncycastle.operator.GenericKey; +import org.bouncycastle.operator.SecretKeySizeProvider; import org.bouncycastle.operator.SymmetricKeyUnwrapper; import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; -class EnvelopedDataHelper +public class EnvelopedDataHelper { + protected static final SecretKeySizeProvider KEY_SIZE_PROVIDER = DefaultSecretKeySizeProvider.INSTANCE; + protected static final Map BASE_CIPHER_NAMES = new HashMap(); protected static final Map CIPHER_ALG_NAMES = new HashMap(); protected static final Map MAC_ALG_NAMES = new HashMap(); @@ -64,8 +66,10 @@ class EnvelopedDataHelper BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia"); BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia"); BASE_CIPHER_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED"); + BASE_CIPHER_NAMES.put(PKCSObjectIdentifiers.rc4, "RC4"); CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_CBC, "DES/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2/CBC/PKCS5Padding"); CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AES/CBC/PKCS5Padding"); CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AES/CBC/PKCS5Padding"); @@ -76,6 +80,7 @@ class EnvelopedDataHelper CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia/CBC/PKCS5Padding"); CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia/CBC/PKCS5Padding"); CIPHER_ALG_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(PKCSObjectIdentifiers.rc4, "RC4"); MAC_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDEMac"); MAC_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AESMac"); @@ -156,7 +161,7 @@ class EnvelopedDataHelper throw new IllegalArgumentException("unknown generic key type"); } - Key getJceKey(ASN1ObjectIdentifier algorithm, GenericKey key) + public Key getJceKey(ASN1ObjectIdentifier algorithm, GenericKey key) { if (key.getRepresentation() instanceof Key) { @@ -171,6 +176,33 @@ class EnvelopedDataHelper throw new IllegalArgumentException("unknown generic key type"); } + public void keySizeCheck(AlgorithmIdentifier keyAlgorithm, Key key) + throws CMSException + { + int expectedKeySize = EnvelopedDataHelper.KEY_SIZE_PROVIDER.getKeySize(keyAlgorithm); + if (expectedKeySize > 0) + { + byte[] keyEnc = null; + + try + { + keyEnc = key.getEncoded(); + } + catch (Exception e) + { + // ignore - we're using a HSM... + } + + if (keyEnc != null) + { + if (keyEnc.length * 8 != expectedKeySize) + { + throw new CMSException("Expected key size for algorithm OID not found in recipient."); + } + } + } + } + Cipher createCipher(ASN1ObjectIdentifier algorithm) throws CMSException { @@ -294,7 +326,7 @@ class EnvelopedDataHelper return helper.createAlgorithmParameterGenerator(algorithm.getId()); } - Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID) + public Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID) throws CMSException { return (Cipher)execute(new JCECallback() @@ -314,14 +346,7 @@ class EnvelopedDataHelper { AlgorithmParameters params = createAlgorithmParameters(encryptionAlgID.getAlgorithm()); - try - { - params.init(sParams.toASN1Primitive().getEncoded(), "ASN.1"); - } - catch (IOException e) - { - throw new CMSException("error decoding algorithm parameters.", e); - } + CMSUtils.loadParameters(params, sParams); cipher.init(Cipher.DECRYPT_MODE, sKey, params); } @@ -383,14 +408,7 @@ class EnvelopedDataHelper { AlgorithmParameters params = createAlgorithmParameters(macAlgId.getAlgorithm()); - try - { - params.init(sParams.toASN1Primitive().getEncoded(), "ASN.1"); - } - catch (IOException e) - { - throw new CMSException("error decoding algorithm parameters.", e); - } + CMSUtils.loadParameters(params, sParams); mac.init(sKey, params.getParameterSpec(IvParameterSpec.class)); } @@ -491,7 +509,7 @@ class EnvelopedDataHelper { AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID); - if (encryptionOID.equals(CMSEnvelopedDataGenerator.RC2_CBC)) + if (encryptionOID.equals(CMSAlgorithm.RC2_CBC)) { byte[] iv = new byte[8]; @@ -525,14 +543,7 @@ class EnvelopedDataHelper ASN1Encodable asn1Params; if (params != null) { - try - { - asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1")); - } - catch (IOException e) - { - throw new CMSException("cannot encode parameters: " + e.getMessage(), e); - } + asn1Params = CMSUtils.extractParameters(params); } else { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceAlgorithmIdentifierConverter.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceAlgorithmIdentifierConverter.java index bb9e064..59928f4 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceAlgorithmIdentifierConverter.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceAlgorithmIdentifierConverter.java @@ -1,7 +1,6 @@ package org.bouncycastle.cms.jcajce; -import java.io.IOException; import java.security.AlgorithmParameters; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; @@ -49,7 +48,7 @@ public class JceAlgorithmIdentifierConverter { AlgorithmParameters params = helper.createAlgorithmParameters(algorithmIdentifier.getAlgorithm()); - params.init(parameters.toASN1Primitive().getEncoded(), "ASN.1"); + CMSUtils.loadParameters(params, algorithmIdentifier.getParameters()); return params; } @@ -57,10 +56,6 @@ public class JceAlgorithmIdentifierConverter { throw new CMSException("can't find parameters for algorithm", e); } - catch (IOException e) - { - throw new CMSException("can't parse parameters", e); - } catch (NoSuchProviderException e) { throw new CMSException("can't find provider for algorithm", e); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java index 89d2c65..93d8b72 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java @@ -5,8 +5,6 @@ import java.security.AlgorithmParameters; import java.security.GeneralSecurityException; import java.security.Provider; import java.security.SecureRandom; -import java.util.HashMap; -import java.util.Map; import javax.crypto.Cipher; import javax.crypto.CipherOutputStream; @@ -14,40 +12,19 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSAlgorithm; import org.bouncycastle.cms.CMSException; +import org.bouncycastle.operator.DefaultSecretKeySizeProvider; import org.bouncycastle.operator.GenericKey; import org.bouncycastle.operator.OutputEncryptor; +import org.bouncycastle.operator.SecretKeySizeProvider; import org.bouncycastle.operator.jcajce.JceGenericKey; -import org.bouncycastle.util.Integers; public class JceCMSContentEncryptorBuilder { - private static Map keySizes = new HashMap(); + private static final SecretKeySizeProvider KEY_SIZE_PROVIDER = DefaultSecretKeySizeProvider.INSTANCE; - static - { - keySizes.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(128)); - keySizes.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(192)); - keySizes.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(256)); - - keySizes.put(CMSAlgorithm.CAMELLIA128_CBC, Integers.valueOf(128)); - keySizes.put(CMSAlgorithm.CAMELLIA192_CBC, Integers.valueOf(192)); - keySizes.put(CMSAlgorithm.CAMELLIA256_CBC, Integers.valueOf(256)); - } - - private static int getKeySize(ASN1ObjectIdentifier oid) - { - Integer size = (Integer)keySizes.get(oid); - - if (size != null) - { - return size.intValue(); - } - - return -1; - } private final ASN1ObjectIdentifier encryptionOID; private final int keySize; @@ -57,13 +34,30 @@ public class JceCMSContentEncryptorBuilder public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID) { - this(encryptionOID, getKeySize(encryptionOID)); + this(encryptionOID, KEY_SIZE_PROVIDER.getKeySize(encryptionOID)); } public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize) { this.encryptionOID = encryptionOID; this.keySize = keySize; + + int fixedSize = KEY_SIZE_PROVIDER.getKeySize(encryptionOID); + + if (encryptionOID.equals(PKCSObjectIdentifiers.des_EDE3_CBC)) + { + if (keySize != 168 && keySize != fixedSize) + { + throw new IllegalArgumentException("incorrect keySize for encryptionOID passed to builder."); + } + } + else + { + if (fixedSize > 0 && fixedSize != keySize) + { + throw new IllegalArgumentException("incorrect keySize for encryptionOID passed to builder."); + } + } } public JceCMSContentEncryptorBuilder setProvider(Provider provider) @@ -116,6 +110,10 @@ public class JceCMSContentEncryptorBuilder } else { + if (encryptionOID.equals(PKCSObjectIdentifiers.des_EDE3_CBC) && keySize == 192) + { + keySize = 168; + } keyGen.init(keySize, random); } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java index a01e279..d0e4164 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java @@ -18,6 +18,7 @@ public abstract class JceKEKRecipient protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); protected EnvelopedDataHelper contentHelper = helper; + protected boolean validateKeySize = false; public JceKEKRecipient(SecretKey recipientKey) { @@ -78,14 +79,37 @@ public abstract class JceKEKRecipient return this; } - protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) + /** + * Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off. + * <p> + * This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or + * if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available. + * </p> + * @param doValidate true if unwrapped key's should be validated against the content encryption algorithm, false otherwise. + * @return this recipient. + */ + public JceKEKRecipient setKeySizeValidation(boolean doValidate) + { + this.validateKeySize = doValidate; + + return this; + } + + protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedContentEncryptionKey) throws CMSException { SymmetricKeyUnwrapper unwrapper = helper.createSymmetricUnwrapper(keyEncryptionAlgorithm, recipientKey); try { - return helper.getJceKey(contentEncryptionAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(contentEncryptionAlgorithm, encryptedContentEncryptionKey)); + Key key = helper.getJceKey(encryptedKeyAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedContentEncryptionKey)); + + if (validateKeySize) + { + helper.keySizeCheck(encryptedKeyAlgorithm, key); + } + + return key; } catch (OperatorException e) { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java index 788af8d..a457ede 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java @@ -22,6 +22,7 @@ public abstract class JceKeyTransRecipient protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); protected EnvelopedDataHelper contentHelper = helper; protected Map extraMappings = new HashMap(); + protected boolean validateKeySize = false; public JceKeyTransRecipient(PrivateKey recipientKey) { @@ -105,6 +106,22 @@ public abstract class JceKeyTransRecipient return this; } + /** + * Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off. + * <p> + * This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or + * if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available. + * </p> + * @param doValidate true if unwrapped key's should be validated against the content encryption algorithm, false otherwise. + * @return this recipient. + */ + public JceKeyTransRecipient setKeySizeValidation(boolean doValidate) + { + this.validateKeySize = doValidate; + + return this; + } + protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey) throws CMSException { @@ -122,7 +139,14 @@ public abstract class JceKeyTransRecipient try { - return helper.getJceKey(encryptedKeyAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedEncryptionKey)); + Key key = helper.getJceKey(encryptedKeyAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedEncryptionKey)); + + if (validateKeySize) + { + helper.keySizeCheck(encryptedKeyAlgorithm, key); + } + + return key; } catch (OperatorException e) { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java index 73733c7..60a2ff2 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java @@ -7,6 +7,7 @@ import java.security.cert.X509Certificate; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.cms.KeyTransRecipientInfoGenerator; import org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper; @@ -17,7 +18,7 @@ public class JceKeyTransRecipientInfoGenerator public JceKeyTransRecipientInfoGenerator(X509Certificate recipientCert) throws CertificateEncodingException { - super(new IssuerAndSerialNumber(new JcaX509CertificateHolder(recipientCert).toASN1Structure()), new JceAsymmetricKeyWrapper(recipientCert.getPublicKey())); + super(new IssuerAndSerialNumber(new JcaX509CertificateHolder(recipientCert).toASN1Structure()), new JceAsymmetricKeyWrapper(recipientCert)); } public JceKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, PublicKey publicKey) @@ -25,6 +26,30 @@ public class JceKeyTransRecipientInfoGenerator super(subjectKeyIdentifier, new JceAsymmetricKeyWrapper(publicKey)); } + /** + * Create a generator overriding the algorithm type implied by the public key in the certificate passed in. + * + * @param recipientCert certificate carrying the public key. + * @param algorithmIdentifier the identifier and parameters for the encryption algorithm to be used. + */ + public JceKeyTransRecipientInfoGenerator(X509Certificate recipientCert, AlgorithmIdentifier algorithmIdentifier) + throws CertificateEncodingException + { + super(new IssuerAndSerialNumber(new JcaX509CertificateHolder(recipientCert).toASN1Structure()), new JceAsymmetricKeyWrapper(algorithmIdentifier, recipientCert.getPublicKey())); + } + + /** + * Create a generator overriding the algorithm type implied by the public key passed in. + * + * @param subjectKeyIdentifier the subject key identifier value to associate with the public key. + * @param algorithmIdentifier the identifier and parameters for the encryption algorithm to be used. + * @param publicKey the public key to use. + */ + public JceKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey) + { + super(subjectKeyIdentifier, new JceAsymmetricKeyWrapper(algorithmIdentifier, publicKey)); + } + public JceKeyTransRecipientInfoGenerator setProvider(String providerName) { ((JceAsymmetricKeyWrapper)this.wrapper).setProvider(providerName); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java index 107a0ef..15729a7 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java @@ -15,6 +15,9 @@ public class ZlibExpanderProvider { private final long limit; + /** + * Base constructor. Create an expander which will not limit the size of any objects expanded in the stream. + */ public ZlibExpanderProvider() { this.limit = -1; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/package.html b/bcpkix/src/main/java/org/bouncycastle/cms/package.html deleted file mode 100644 index 644e862..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/package.html +++ /dev/null @@ -1,5 +0,0 @@ -<html> -<body bgcolor="#ffffff"> -A package for processing RFC 3852 Cryptographic Message Syntax (CMS) objects - also referred to as PKCS#7 (formerly RFC 2630, 3369). -</body> -</html> diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/AllTests.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/AllTests.java index dc81f5a..9cc2b0e 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/AllTests.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/AllTests.java @@ -18,21 +18,13 @@ public class AllTests { TestSuite suite = new TestSuite("CMS tests"); - suite.addTest(AuthenticatedDataTest.suite()); - suite.addTest(AuthenticatedDataStreamTest.suite()); - suite.addTest(CompressedDataTest.suite()); suite.addTest(NewCompressedDataTest.suite()); - suite.addTest(SignedDataTest.suite()); suite.addTest(NewSignedDataTest.suite()); - suite.addTest(EnvelopedDataTest.suite()); suite.addTest(NewEnvelopedDataTest.suite()); suite.addTest(NewAuthenticatedDataTest.suite()); suite.addTest(NewAuthenticatedDataStreamTest.suite()); - suite.addTest(CompressedDataStreamTest.suite()); suite.addTest(NewCompressedDataStreamTest.suite()); - suite.addTest(SignedDataStreamTest.suite()); suite.addTest(NewSignedDataStreamTest.suite()); - suite.addTest(EnvelopedDataStreamTest.suite()); suite.addTest(NewEnvelopedDataStreamTest.suite()); suite.addTest(MiscDataStreamTest.suite()); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/AuthenticatedDataStreamTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/AuthenticatedDataStreamTest.java deleted file mode 100644 index fe056e6..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/AuthenticatedDataStreamTest.java +++ /dev/null @@ -1,142 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; -import java.security.KeyPair; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.Collection; -import java.util.Iterator; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.cms.CMSAuthenticatedDataGenerator; -import org.bouncycastle.cms.CMSAuthenticatedDataParser; -import org.bouncycastle.cms.CMSAuthenticatedDataStreamGenerator; -import org.bouncycastle.cms.RecipientInformation; -import org.bouncycastle.cms.RecipientInformationStore; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class AuthenticatedDataStreamTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _reciDN; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static KeyPair _origEcKP; - private static KeyPair _reciEcKP; - private static X509Certificate _reciEcCert; - - private static boolean _initialised = false; - - public boolean DEBUG = true; - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - _signDN = "O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN); - - _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _origEcKP = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcKP = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN); - } - } - - public void setUp() - throws Exception - { - init(); - } - - public AuthenticatedDataStreamTest(String name) - { - super(name); - } - - public static void main(String args[]) - { - junit.textui.TestRunner.run(AuthenticatedDataStreamTest.class); - } - - public static Test suite() - throws Exception - { - init(); - - return new CMSTestSetup(new TestSuite(AuthenticatedDataStreamTest.class)); - } - - public void testKeyTransDESede() - throws Exception - { - tryKeyTrans(CMSAuthenticatedDataGenerator.DES_EDE3_CBC); - } - - private void tryKeyTrans(String macAlg) - throws Exception - { - byte[] data = "Eric H. Echidna".getBytes(); - - CMSAuthenticatedDataStreamGenerator adGen = new CMSAuthenticatedDataStreamGenerator(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - adGen.addKeyTransRecipient(_reciCert); - - OutputStream aOut = adGen.open(bOut, macAlg, BC); - - aOut.write(data); - - aOut.close(); - - CMSAuthenticatedDataParser ad = new CMSAuthenticatedDataParser(bOut.toByteArray()); - - RecipientInformationStore recipients = ad.getRecipientInfos(); - - assertEquals(ad.getMacAlgOID(), macAlg); - - Collection c = recipients.getRecipients(); - - assertEquals(1, c.size()); - - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - - assertTrue(Arrays.equals(data, recData)); - assertTrue(Arrays.equals(ad.getMac(), recipient.getMac())); - } - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/AuthenticatedDataTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/AuthenticatedDataTest.java deleted file mode 100644 index 454b369..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/AuthenticatedDataTest.java +++ /dev/null @@ -1,308 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.Collection; -import java.util.Iterator; - -import javax.crypto.SecretKey; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.cms.CMSAuthenticatedData; -import org.bouncycastle.cms.CMSAuthenticatedDataGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSPBEKey; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.PKCS5Scheme2PBEKey; -import org.bouncycastle.cms.PasswordRecipientInformation; -import org.bouncycastle.cms.RecipientInformation; -import org.bouncycastle.cms.RecipientInformationStore; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Hex; - -public class AuthenticatedDataTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _reciDN; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static KeyPair _origEcKP; - private static KeyPair _reciEcKP; - private static X509Certificate _reciEcCert; - - private static boolean _initialised = false; - - public boolean DEBUG = true; - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - _signDN = "O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN); - - _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _origEcKP = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcKP = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN); - } - } - - public void setUp() - throws Exception - { - init(); - } - - public AuthenticatedDataTest(String name) - { - super(name); - } - - public static void main(String args[]) - { - junit.textui.TestRunner.run(AuthenticatedDataTest.class); - } - - public static Test suite() - throws Exception - { - init(); - - return new CMSTestSetup(new TestSuite(AuthenticatedDataTest.class)); - } - - public void testKeyTransDESede() - throws Exception - { - tryKeyTrans(CMSAuthenticatedDataGenerator.DES_EDE3_CBC); - } - - public void testKEKDESede() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeDesede192Key(), new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6")); - } - - public void testPasswordAES256() - throws Exception - { - passwordTest(CMSAuthenticatedDataGenerator.AES256_CBC); - } - - public void testECKeyAgree() - throws Exception - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator(); - - adGen.addKeyAgreementRecipient(CMSAuthenticatedDataGenerator.ECDH_SHA1KDF, _origEcKP.getPrivate(), _origEcKP.getPublic(), _reciEcCert, CMSAuthenticatedDataGenerator.AES128_WRAP, BC); - - CMSAuthenticatedData ad = adGen.generate( - new CMSProcessableByteArray(data), - CMSAuthenticatedDataGenerator.DES_EDE3_CBC, BC); - - RecipientInformationStore recipients = ad.getRecipientInfos(); - - assertEquals(ad.getMacAlgOID(), - CMSAuthenticatedDataGenerator.DES_EDE3_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(_reciEcKP.getPrivate(), BC); - assertTrue(Arrays.equals(data, recData)); - assertTrue(Arrays.equals(ad.getMac(), recipient.getMac())); - } - else - { - fail("no recipient found"); - } - } - - public void testEncoding() - throws Exception - { - byte[] data = "Eric H. Echidna".getBytes(); - - CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator(); - - adGen.addKeyTransRecipient(_reciCert); - - CMSAuthenticatedData ad = adGen.generate( - new CMSProcessableByteArray(data), - CMSAuthenticatedDataGenerator.DES_EDE3_CBC, BC); - - ad = new CMSAuthenticatedData(ad.getEncoded()); - - RecipientInformationStore recipients = ad.getRecipientInfos(); - - assertEquals(CMSAuthenticatedDataGenerator.DES_EDE3_CBC, ad.getMacAlgOID()); - - Collection c = recipients.getRecipients(); - - assertEquals(1, c.size()); - - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - - assertTrue(Arrays.equals(data, recData)); - assertTrue(Arrays.equals(ad.getMac(), recipient.getMac())); - } - } - - private void tryKeyTrans(String macAlg) - throws Exception - { - byte[] data = "Eric H. Echidna".getBytes(); - - CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator(); - - adGen.addKeyTransRecipient(_reciCert); - - CMSAuthenticatedData ad = adGen.generate( - new CMSProcessableByteArray(data), - macAlg, BC); - - RecipientInformationStore recipients = ad.getRecipientInfos(); - - assertEquals(ad.getMacAlgOID(), macAlg); - - Collection c = recipients.getRecipients(); - - assertEquals(1, c.size()); - - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - - assertTrue(Arrays.equals(data, recData)); - assertTrue(Arrays.equals(ad.getMac(), recipient.getMac())); - } - } - - private void tryKekAlgorithm(SecretKey kek, DERObjectIdentifier algOid) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - byte[] data = "Eric H. Echidna".getBytes(); - - CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator(); - - byte[] kekId = new byte[] { 1, 2, 3, 4, 5 }; - - adGen.addKEKRecipient(kek, kekId); - - CMSAuthenticatedData ad = adGen.generate( - new CMSProcessableByteArray(data), - CMSAuthenticatedDataGenerator.DES_EDE3_CBC, BC); - - RecipientInformationStore recipients = ad.getRecipientInfos(); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - assertEquals(ad.getMacAlgOID(), CMSAuthenticatedDataGenerator.DES_EDE3_CBC); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), algOid.getId()); - - byte[] recData = recipient.getContent(kek, BC); - - assertTrue(Arrays.equals(data, recData)); - assertTrue(Arrays.equals(ad.getMac(), recipient.getMac())); - } - else - { - fail("no recipient found"); - } - } - - private void passwordTest(String algorithm) - throws Exception - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator(); - - adGen.addPasswordRecipient(new PKCS5Scheme2PBEKey("password".toCharArray(), new byte[20], 5), algorithm); - - CMSAuthenticatedData ad = adGen.generate( - new CMSProcessableByteArray(data), - CMSAuthenticatedDataGenerator.DES_EDE3_CBC, BC); - - RecipientInformationStore recipients = ad.getRecipientInfos(); - - assertEquals(ad.getMacAlgOID(), - CMSAuthenticatedDataGenerator.DES_EDE3_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next(); - - CMSPBEKey key = new PKCS5Scheme2PBEKey("password".toCharArray(), - recipient.getKeyDerivationAlgParameters(BC)); - - byte[] recData = recipient.getContent(key, BC); - - assertTrue(Arrays.equals(data, recData)); - assertTrue(Arrays.equals(ad.getMac(), recipient.getMac())); - } - else - { - fail("no recipient found"); - } - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/BcSignedDataTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/BcSignedDataTest.java index 299f68d..1c4ccc0 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/BcSignedDataTest.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/BcSignedDataTest.java @@ -61,6 +61,7 @@ import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.util.PrivateKeyFactory; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.BufferingContentSigner; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; @@ -572,6 +573,46 @@ public class BcSignedDataTest verifySignatures(s, null); } + public void testDetachedVerificationWithBufferingContentSigner() + throws Exception + { + byte[] data = "Hello World!".getBytes(); + List certList = new ArrayList(); + CMSTypedData msg = new CMSProcessableByteArray(data); + + certList.add(_origCert); + certList.add(_signCert); + + Store certs = new JcaCertStore(certList); + + CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); + + DigestCalculatorProvider digProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(); + JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digProvider); + ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); + ContentSigner md5Signer = new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(_origKP.getPrivate()); + + gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(new BufferingContentSigner(sha1Signer), _origCert)); + gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(new BufferingContentSigner(md5Signer), _origCert)); + + gen.addCertificates(certs); + + CMSSignedData s = gen.generate(msg); + + MessageDigest sha1 = MessageDigest.getInstance("SHA1", BC); + MessageDigest md5 = MessageDigest.getInstance("MD5", BC); + Map hashes = new HashMap(); + byte[] sha1Hash = sha1.digest(data); + byte[] md5Hash = md5.digest(data); + + hashes.put(CMSAlgorithm.SHA1, sha1Hash); + hashes.put(CMSAlgorithm.MD5, md5Hash); + + s = new CMSSignedData(hashes, s.getEncoded()); + + verifySignatures(s, null); + } + public void testSHA1AndMD5WithRSAEncapsulatedRepeated() throws Exception { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/CMSTestUtil.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/CMSTestUtil.java index 4eb9841..3a1517a 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/CMSTestUtil.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/CMSTestUtil.java @@ -20,32 +20,38 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.RSAESOAEPparams; import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.CRLReason; +import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Name; +import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509ExtensionUtils; +import org.bouncycastle.cert.X509v1CertificateBuilder; import org.bouncycastle.cert.X509v2CRLBuilder; +import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; +import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder; +import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; import org.bouncycastle.jce.ECGOST3410NamedCurveTable; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.GOST3410ParameterSpec; +import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509StreamParser; -import org.bouncycastle.x509.X509V1CertificateGenerator; -import org.bouncycastle.x509.X509V3CertificateGenerator; -import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure; public class CMSTestUtil { public static SecureRandom rand; public static KeyPairGenerator kpg; + public static KeyPairGenerator gostKpg; public static KeyPairGenerator dsaKpg; public static KeyPairGenerator ecGostKpg; @@ -114,7 +120,10 @@ public class CMSTestUtil kpg = KeyPairGenerator.getInstance("RSA", "BC"); kpg.initialize(1024, rand); - + + kpg = KeyPairGenerator.getInstance("RSA", "BC"); + kpg.initialize(1024, rand); + gostKpg = KeyPairGenerator.getInstance("GOST3410", "BC"); GOST3410ParameterSpec gost3410P = new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()); @@ -189,14 +198,10 @@ public class CMSTestUtil return buf.toString(); } - public static X509AttributeCertificate getAttributeCertificate() + public static X509AttributeCertificateHolder getAttributeCertificate() throws Exception { - X509StreamParser parser = X509StreamParser.getInstance("AttributeCertificate", "BC"); - - parser.init(CMSTestUtil.attrCert); - - return (X509AttributeCertificate)parser.read(); + return new X509AttributeCertificateHolder(CMSTestUtil.attrCert); } public static KeyPair makeKeyPair() @@ -273,60 +278,44 @@ public class CMSTestUtil public static X509Certificate makeCertificate(KeyPair _subKP, String _subDN, KeyPair _issKP, String _issDN) - throws GeneralSecurityException, IOException + throws GeneralSecurityException, IOException, OperatorCreationException { - return makeCertificate(_subKP, _subDN, _issKP, _issDN, false); } - public static X509Certificate makeCACertificate(KeyPair _subKP, + public static X509Certificate makeOaepCertificate(KeyPair _subKP, String _subDN, KeyPair _issKP, String _issDN) - throws GeneralSecurityException, IOException + throws GeneralSecurityException, IOException, OperatorCreationException { + return makeOaepCertificate(_subKP, _subDN, _issKP, _issDN, false); + } + public static X509Certificate makeCACertificate(KeyPair _subKP, + String _subDN, KeyPair _issKP, String _issDN) + throws GeneralSecurityException, IOException, OperatorCreationException + { return makeCertificate(_subKP, _subDN, _issKP, _issDN, true); } public static X509Certificate makeV1Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN) - throws GeneralSecurityException, IOException + throws GeneralSecurityException, IOException, OperatorCreationException { PublicKey subPub = subKP.getPublic(); PrivateKey issPriv = issKP.getPrivate(); PublicKey issPub = issKP.getPublic(); - X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator(); + X509v1CertificateBuilder v1CertGen = new JcaX509v1CertificateBuilder( + new X500Name(_issDN), + allocateSerialNumber(), + new Date(System.currentTimeMillis()), + new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), + new X500Name(_subDN), + subPub); - v1CertGen.reset(); - v1CertGen.setSerialNumber(allocateSerialNumber()); - v1CertGen.setIssuerDN(new X509Name(_issDN)); - v1CertGen.setNotBefore(new Date(System.currentTimeMillis())); - v1CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100))); - v1CertGen.setSubjectDN(new X509Name(_subDN)); - v1CertGen.setPublicKey(subPub); + JcaContentSignerBuilder contentSignerBuilder = makeContentSignerBuilder(issPub); - if (issPub instanceof RSAPublicKey) - { - v1CertGen.setSignatureAlgorithm("SHA1WithRSA"); - } - else if (issPub.getAlgorithm().equals("DSA")) - { - v1CertGen.setSignatureAlgorithm("SHA1withDSA"); - } - else if (issPub.getAlgorithm().equals("ECDSA")) - { - v1CertGen.setSignatureAlgorithm("SHA1withECDSA"); - } - else if (issPub.getAlgorithm().equals("ECGOST3410")) - { - v1CertGen.setSignatureAlgorithm("GOST3411withECGOST3410"); - } - else - { - v1CertGen.setSignatureAlgorithm("GOST3411WithGOST3410"); - } - - X509Certificate _cert = v1CertGen.generate(issPriv); + X509Certificate _cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v1CertGen.build(contentSignerBuilder.build(issPriv))); _cert.checkValidity(new Date()); _cert.verify(issPub); @@ -335,78 +324,128 @@ public class CMSTestUtil } public static X509Certificate makeCertificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN, boolean _ca) - throws GeneralSecurityException, IOException + throws GeneralSecurityException, IOException, OperatorCreationException { PublicKey subPub = subKP.getPublic(); PrivateKey issPriv = issKP.getPrivate(); PublicKey issPub = issKP.getPublic(); - X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); - - v3CertGen.reset(); - v3CertGen.setSerialNumber(allocateSerialNumber()); - v3CertGen.setIssuerDN(new X509Name(_issDN)); - v3CertGen.setNotBefore(new Date(System.currentTimeMillis())); - v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100))); - v3CertGen.setSubjectDN(new X509Name(_subDN)); - v3CertGen.setPublicKey(subPub); - - if (issPub instanceof RSAPublicKey) - { - v3CertGen.setSignatureAlgorithm("SHA1WithRSA"); - } - else if (issPub.getAlgorithm().equals("DSA")) - { - v3CertGen.setSignatureAlgorithm("SHA1withDSA"); - } - else if (issPub.getAlgorithm().equals("ECDSA")) - { - v3CertGen.setSignatureAlgorithm("SHA1withECDSA"); - } - else if (issPub.getAlgorithm().equals("ECGOST3410")) - { - v3CertGen.setSignatureAlgorithm("GOST3411withECGOST3410"); - } - else - { - v3CertGen.setSignatureAlgorithm("GOST3411WithGOST3410"); - } + X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder( + new X500Name(_issDN), + allocateSerialNumber(), + new Date(System.currentTimeMillis()), + new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), + new X500Name(_subDN), + subPub); + + JcaContentSignerBuilder contentSignerBuilder = makeContentSignerBuilder(issPub); v3CertGen.addExtension( - X509Extension.subjectKeyIdentifier, + Extension.subjectKeyIdentifier, false, createSubjectKeyId(subPub)); v3CertGen.addExtension( - X509Extension.authorityKeyIdentifier, + Extension.authorityKeyIdentifier, false, createAuthorityKeyId(issPub)); v3CertGen.addExtension( - X509Extension.basicConstraints, + Extension.basicConstraints, false, new BasicConstraints(_ca)); - X509Certificate _cert = v3CertGen.generate(issPriv); + X509Certificate _cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(contentSignerBuilder.build(issPriv))); _cert.checkValidity(new Date()); _cert.verify(issPub); return _cert; } - + + public static X509Certificate makeOaepCertificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN, boolean _ca) + throws GeneralSecurityException, IOException, OperatorCreationException + { + + SubjectPublicKeyInfo subPub = SubjectPublicKeyInfo.getInstance(subKP.getPublic().getEncoded()); + PrivateKey issPriv = issKP.getPrivate(); + PublicKey issPub = issKP.getPublic(); + + X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder( + new X500Name(_issDN), + allocateSerialNumber(), + new Date(System.currentTimeMillis()), + new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), + new X500Name(_subDN), + new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, new RSAESOAEPparams()), subPub.parsePublicKey())); + + JcaContentSignerBuilder contentSignerBuilder = makeContentSignerBuilder(issPub); + + v3CertGen.addExtension( + Extension.subjectKeyIdentifier, + false, + createSubjectKeyId(subPub)); + + v3CertGen.addExtension( + Extension.authorityKeyIdentifier, + false, + createAuthorityKeyId(issPub)); + + v3CertGen.addExtension( + Extension.basicConstraints, + false, + new BasicConstraints(_ca)); + + X509Certificate _cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(contentSignerBuilder.build(issPriv))); + + _cert.checkValidity(new Date()); + _cert.verify(issPub); + + return _cert; + } + + private static JcaContentSignerBuilder makeContentSignerBuilder(PublicKey issPub) + { + JcaContentSignerBuilder contentSignerBuilder; + if (issPub instanceof RSAPublicKey) + { + contentSignerBuilder = new JcaContentSignerBuilder("SHA1WithRSA"); + } + else if (issPub.getAlgorithm().equals("DSA")) + { + contentSignerBuilder = new JcaContentSignerBuilder("SHA1withDSA"); + } + else if (issPub.getAlgorithm().equals("ECDSA")) + { + contentSignerBuilder = new JcaContentSignerBuilder("SHA1withECDSA"); + } + else if (issPub.getAlgorithm().equals("ECGOST3410")) + { + contentSignerBuilder = new JcaContentSignerBuilder("GOST3411withECGOST3410"); + } + else + { + contentSignerBuilder = new JcaContentSignerBuilder("GOST3411WithGOST3410"); + } + + contentSignerBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME); + + return contentSignerBuilder; + } + public static X509CRL makeCrl(KeyPair pair) throws Exception { Date now = new Date(); X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now); + JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); crlGen.setNextUpdate(new Date(now.getTime() + 100000)); crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn); - crlGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic())); + crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic())); return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate()))); } @@ -427,6 +466,13 @@ public class CMSTestUtil } static SubjectKeyIdentifier createSubjectKeyId( + SubjectPublicKeyInfo _pubKey) + throws IOException + { + return extUtils.createSubjectKeyIdentifier(_pubKey); + } + + static SubjectKeyIdentifier createSubjectKeyId( PublicKey _pubKey) throws IOException { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/CompressedDataStreamTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/CompressedDataStreamTest.java deleted file mode 100644 index f9e5d62..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/CompressedDataStreamTest.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; -import java.util.Arrays; -import java.util.Random; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; - -import org.bouncycastle.cms.CMSCompressedDataParser; -import org.bouncycastle.cms.CMSCompressedDataStreamGenerator; -import org.bouncycastle.util.encoders.Base64; - -public class CompressedDataStreamTest - extends TestCase -{ - public CompressedDataStreamTest(String name) - { - super(name); - } - - public void testWorkingData() - throws Exception - { - byte[] compData = Base64.decode( - "MIAGCyqGSIb3DQEJEAEJoIAwgAIBADANBgsqhkiG9w0BCRADCDCABgkqhkiG9w0BBwGggCSABIIC" - + "Hnic7ZRdb9owFIbvK/k/5PqVYPFXGK12YYyboVFASSp1vQtZGiLRACZE49/XHoUW7S/0tXP8Efux" - + "fU5ivWnasml72XFb3gb5druui7ytN803M570nii7C5r8tfwR281hy/p/KSM3+jzH5s3+pbQ90xSb" - + "P3VT3QbLusnt8WPIuN5vN/vaA2+DulnXTXkXvNTr8j8ouZmkCmGI/UW+ZS/C8zP0bz2dz0zwLt+1" - + "UEk2M8mlaxjRMByAhZTj0RGYg4TvogiRASROsZgjpVcJCb1KV6QzQeDJ1XkoQ5Jm+C5PbOHZZGRi" - + "v+ORAcshOGeCcdFJyfgFxdtCdEcmOrbinc/+BBMzRThEYpwl+jEBpciSGWQkI0TSlREmD/eOHb2D" - + "SGLuESm/iKUFt1y4XHBO2a5oq0IKJKWLS9kUZTA7vC5LSxYmgVL46SIWxIfWBQd6AdrnjLmH94UT" - + "vGxVibLqRCtIpp4g2qpdtqK1LiOeolpVK5wVQ5P7+QjZAlrh0cePYTx/gNZuB9Vhndtgujl9T/tg" - + "W9ogK+3rnmg3YWygnTuF5GDS+Q/jIVLnCcYZFc6Kk/+c80wKwZjwdZIqDYWRH68MuBQSXLgXYXj2" - + "3CAaYOBNJMliTl0X7eV5DnoKIFSKYdj3cRpD/cK/JWTHJRe76MUXnfBW8m7Hd5zhQ4ri2NrVF/WL" - + "+kV1/3AGSlJ32bFPd2BsQD8uSzIx6lObkjdz95c0AAAAAAAAAAAAAAAA"); - - byte[] uncompData = Base64.decode( - "Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9FREktWDEyOyBuYW1lPUdyb3VwMi54MTINCkNvbnRl" - + "bnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJpbmFyeQ0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l" - + "OyBmaWxlbmFtZT1Hcm91cDIueDEyDQoNCklTQSowMCpzc3Nzc3Nzc3NzKjAwKnJycnJycnJycnIqW" - + "loqQ1lDTE9ORSAgICAgICAgKlpaKlBBUlRORVIgICAgICAgICo5NjEwMDcqMjAxMypVKjAwMjAwKj" - + "AwMDAwMDAwMSowKlQqKg1HUypQTypTMVMxUzFTMVMxUzFTMVMqUjFSMVIxUjFSMVIxUjFSKjk2MTA" - + "wNyoyMDEzKjAwMDAwMDAwNCpYKjAwMzA1MA1TVCo4NTAqMDAwMDQwMDAxDUJFRyowMCpCRSoyYSo0" - + "MzMyNDIzNHY1NTIzKjk2MTAwNyoyM3RjNHZ5MjR2MmgzdmgzdmgqWloqSUVMKjA5KlJFKjA5DUNVU" - + "ioxMSpUUk4qNTY1Nio2NSo1NjYqSU1GKjAwNio5NjEwMDcNUkVGKjZBKjQzM3IxYzNyMzRyMzRjMz" - + "MxMnFjdGdjNTQqUmVmZXJlbmNlIE51bWJlcg1QRVIqQUEqSGFucyBHdXR0ZW4qQ1AqMS4zMjIuMzI" - + "zLjQ0NDQqKioqKnJnZzRlZ3Y0dDQNVEFYKjR0Z3RidDR0cjR0cipHTCpnaGdoKioqKioqKioqRypD" - + "DUZPQipUUCpDQSpVU0EqMDIqRE9NKkNDKlJlZ3VsYXIgTG9jYXRpb25zIHBlciBUZXJtcw1DVFAqR" - + "EUqQzA0KjQ1MyoyNTAwMCpEOSpTRUwqMjMyMTQqMjM0MzI0MjM0MjMqRVMqNDIyNDM0MjMNU0FDKk" - + "EqQjAwMCpBRSozNTQ1KjM0NDIzMDANQ1VSKjExKjc2Nyo3NzY3KjY1DVBPMSoxMTEtYWFhKjEwMDA" - + "wMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioq" - + "KioqKkExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwMCpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzN" - + "HE2ZjM1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKioqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMD" - + "AwKkFTKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZmMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKio" - + "qKipBMSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRx" - + "NmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqKkExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwM" - + "CpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzNHE2ZjM1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKi" - + "oqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMDAwKkFTKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZ" - + "mMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKioqKipBMSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAq" - + "QVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqK" - + "kExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwMCpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzNHE2Zj" - + "M1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKioqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMDAwKkF" - + "TKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZmMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKioqKipB" - + "MSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzN" - + "TM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqKkExKnl0cmgNQ1RUKjENU0UqMjIqMDAwMDQwMDAxDU" - + "dFKjEqMDAwMDAwMDA0DUlFQSoxKjAwMDAwMDAwMQ0="); - - CMSCompressedDataParser ed = new CMSCompressedDataParser(compData); - - assertEquals(true, Arrays.equals(uncompData, CMSTestUtil.streamToByteArray(ed.getContent().getContentStream()))); - } - - public void testEach() - throws Exception - { - byte[] testData = "Hello world!".getBytes(); - - CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream cOut = gen.open(bOut, CMSCompressedDataStreamGenerator.ZLIB); - - cOut.write(testData); - - cOut.close(); - - CMSCompressedDataParser ed = new CMSCompressedDataParser(bOut.toByteArray()); - - assertEquals(true, Arrays.equals(testData, CMSTestUtil.streamToByteArray(ed.getContent().getContentStream()))); - } - - public void test1000() - throws Exception - { - byte[] testData = new byte[10000]; - Random rand = new Random(); - - rand.setSeed(0); - - for (int i = 0; i != 10; i++) - { - CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream cOut = gen.open(bOut, CMSCompressedDataStreamGenerator.ZLIB); - - rand.nextBytes(testData); - - cOut.write(testData); - - cOut.close(); - - CMSCompressedDataParser ed = new CMSCompressedDataParser(bOut.toByteArray()); - - assertEquals(true, Arrays.equals(testData, CMSTestUtil.streamToByteArray(ed.getContent().getContentStream()))); - } - } - - public static Test suite() - { - return new TestSuite(CompressedDataStreamTest.class); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/CompressedDataTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/CompressedDataTest.java deleted file mode 100644 index 6fd06b3..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/CompressedDataTest.java +++ /dev/null @@ -1,150 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.util.Arrays; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.cms.CMSCompressedData; -import org.bouncycastle.cms.CMSCompressedDataGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.io.StreamOverflowException; - -public class CompressedDataTest - extends TestCase -{ - private static final byte[] TEST_DATA = "Hello world!".getBytes(); - - /* - * - * INFRASTRUCTURE - * - */ - - public CompressedDataTest(String name) - { - super(name); - } - - public static void main(String args[]) - { - junit.textui.TestRunner.run(CompressedDataTest.class); - } - - public static Test suite() - { - return new CMSTestSetup(new TestSuite(CompressedDataTest.class)); - } - - public void setUp() - { - - } - - public void tearDown() - { - - } - - public void testWorkingData() - throws Exception - { - byte[] compData = Base64 - .decode("MIAGCyqGSIb3DQEJEAEJoIAwgAIBADANBgsqhkiG9w0BCRADCDCABgkqhkiG9w0BBwGggCSABIIC" - + "Hnic7ZRdb9owFIbvK/k/5PqVYPFXGK12YYyboVFASSp1vQtZGiLRACZE49/XHoUW7S/0tXP8Efux" - + "fU5ivWnasml72XFb3gb5druui7ytN803M570nii7C5r8tfwR281hy/p/KSM3+jzH5s3+pbQ90xSb" - + "P3VT3QbLusnt8WPIuN5vN/vaA2+DulnXTXkXvNTr8j8ouZmkCmGI/UW+ZS/C8zP0bz2dz0zwLt+1" - + "UEk2M8mlaxjRMByAhZTj0RGYg4TvogiRASROsZgjpVcJCb1KV6QzQeDJ1XkoQ5Jm+C5PbOHZZGRi" - + "v+ORAcshOGeCcdFJyfgFxdtCdEcmOrbinc/+BBMzRThEYpwl+jEBpciSGWQkI0TSlREmD/eOHb2D" - + "SGLuESm/iKUFt1y4XHBO2a5oq0IKJKWLS9kUZTA7vC5LSxYmgVL46SIWxIfWBQd6AdrnjLmH94UT" - + "vGxVibLqRCtIpp4g2qpdtqK1LiOeolpVK5wVQ5P7+QjZAlrh0cePYTx/gNZuB9Vhndtgujl9T/tg" - + "W9ogK+3rnmg3YWygnTuF5GDS+Q/jIVLnCcYZFc6Kk/+c80wKwZjwdZIqDYWRH68MuBQSXLgXYXj2" - + "3CAaYOBNJMliTl0X7eV5DnoKIFSKYdj3cRpD/cK/JWTHJRe76MUXnfBW8m7Hd5zhQ4ri2NrVF/WL" - + "+kV1/3AGSlJ32bFPd2BsQD8uSzIx6lObkjdz95c0AAAAAAAAAAAAAAAA"); - - byte[] uncompData = Base64 - .decode("Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9FREktWDEyOyBuYW1lPUdyb3VwMi54MTINCkNvbnRl" - + "bnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJpbmFyeQ0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l" - + "OyBmaWxlbmFtZT1Hcm91cDIueDEyDQoNCklTQSowMCpzc3Nzc3Nzc3NzKjAwKnJycnJycnJycnIqW" - + "loqQ1lDTE9ORSAgICAgICAgKlpaKlBBUlRORVIgICAgICAgICo5NjEwMDcqMjAxMypVKjAwMjAwKj" - + "AwMDAwMDAwMSowKlQqKg1HUypQTypTMVMxUzFTMVMxUzFTMVMqUjFSMVIxUjFSMVIxUjFSKjk2MTA" - + "wNyoyMDEzKjAwMDAwMDAwNCpYKjAwMzA1MA1TVCo4NTAqMDAwMDQwMDAxDUJFRyowMCpCRSoyYSo0" - + "MzMyNDIzNHY1NTIzKjk2MTAwNyoyM3RjNHZ5MjR2MmgzdmgzdmgqWloqSUVMKjA5KlJFKjA5DUNVU" - + "ioxMSpUUk4qNTY1Nio2NSo1NjYqSU1GKjAwNio5NjEwMDcNUkVGKjZBKjQzM3IxYzNyMzRyMzRjMz" - + "MxMnFjdGdjNTQqUmVmZXJlbmNlIE51bWJlcg1QRVIqQUEqSGFucyBHdXR0ZW4qQ1AqMS4zMjIuMzI" - + "zLjQ0NDQqKioqKnJnZzRlZ3Y0dDQNVEFYKjR0Z3RidDR0cjR0cipHTCpnaGdoKioqKioqKioqRypD" - + "DUZPQipUUCpDQSpVU0EqMDIqRE9NKkNDKlJlZ3VsYXIgTG9jYXRpb25zIHBlciBUZXJtcw1DVFAqR" - + "EUqQzA0KjQ1MyoyNTAwMCpEOSpTRUwqMjMyMTQqMjM0MzI0MjM0MjMqRVMqNDIyNDM0MjMNU0FDKk" - + "EqQjAwMCpBRSozNTQ1KjM0NDIzMDANQ1VSKjExKjc2Nyo3NzY3KjY1DVBPMSoxMTEtYWFhKjEwMDA" - + "wMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioq" - + "KioqKkExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwMCpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzN" - + "HE2ZjM1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKioqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMD" - + "AwKkFTKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZmMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKio" - + "qKipBMSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRx" - + "NmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqKkExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwM" - + "CpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzNHE2ZjM1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKi" - + "oqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMDAwKkFTKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZ" - + "mMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKioqKipBMSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAq" - + "QVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqK" - + "kExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwMCpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzNHE2Zj" - + "M1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKioqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMDAwKkF" - + "TKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZmMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKioqKipB" - + "MSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzN" - + "TM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqKkExKnl0cmgNQ1RUKjENU0UqMjIqMDAwMDQwMDAxDUdFKjEqMDAwMDAwMDA0DUlFQSoxKjAwMDAwMDAwMQ0="); - - CMSCompressedData ed = new CMSCompressedData(compData); - - assertEquals(true, Arrays.equals(uncompData, ed.getContent())); - } - - public void testEach() - throws Exception - { - CMSCompressedData cd = getStdData(); - - assertEquals(true, Arrays.equals(TEST_DATA, cd.getContent())); - } - - public void testLimitUnder() - throws Exception - { - CMSCompressedData cd = getStdData(); - - try - { - cd.getContent(TEST_DATA.length / 2); - } - catch (CMSException e) - { - assertEquals(true, e.getCause() instanceof StreamOverflowException); - } - } - - public void testLimitOver() - throws Exception - { - CMSCompressedData cd = getStdData(); - - assertEquals(true, Arrays.equals(TEST_DATA, cd.getContent(TEST_DATA.length * 2))); - } - - public void testLimitEqual() - throws Exception - { - CMSCompressedData cd = getStdData(); - - assertEquals(true, Arrays.equals(TEST_DATA, cd.getContent(TEST_DATA.length))); - } - - private CMSCompressedData getStdData() - throws CMSException - { - CMSProcessableByteArray testData = new CMSProcessableByteArray(TEST_DATA); - CMSCompressedDataGenerator gen = new CMSCompressedDataGenerator(); - - return gen.generate(testData, - CMSCompressedDataGenerator.ZLIB); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/EnvelopedDataStreamTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/EnvelopedDataStreamTest.java deleted file mode 100644 index 046db10..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/EnvelopedDataStreamTest.java +++ /dev/null @@ -1,631 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.BufferedOutputStream; -import java.io.ByteArrayOutputStream; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.security.spec.PKCS8EncodedKeySpec; -import java.util.Arrays; -import java.util.Collection; -import java.util.Iterator; - -import javax.crypto.SecretKey; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.cms.CMSEnvelopedDataGenerator; -import org.bouncycastle.cms.CMSEnvelopedDataParser; -import org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator; -import org.bouncycastle.cms.CMSTypedStream; -import org.bouncycastle.cms.KEKRecipientId; -import org.bouncycastle.cms.RecipientId; -import org.bouncycastle.cms.RecipientInformation; -import org.bouncycastle.cms.RecipientInformationStore; -import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientId; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.encoders.Hex; - -public class EnvelopedDataStreamTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - private static final int BUFFER_SIZE = 4000; - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _reciDN; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static KeyPair _origEcKP; - private static KeyPair _reciEcKP; - private static X509Certificate _reciEcCert; - - private static boolean _initialised = false; - - public EnvelopedDataStreamTest() - { - } - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - _signDN = "O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN); - - _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _origEcKP = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcKP = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN); - } - } - - public void setUp() - throws Exception - { - init(); - } - - public void testWorkingData() - throws Exception - { - byte[] keyData = Base64.decode( - "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKrAz/SQKrcQ" + - "nj9IxHIfKDbuXsMqUpI06s2gps6fp7RDNvtUDDMOciWGFhD45YSy8GO0mPx3" + - "Nkc7vKBqX4TLcqLUz7kXGOHGOwiPZoNF+9jBMPNROe/B0My0PkWg9tuq+nxN" + - "64oD47+JvDwrpNOS5wsYavXeAW8Anv9ZzHLU7KwZAgMBAAECgYA/fqdVt+5K" + - "WKGfwr1Z+oAHvSf7xtchiw/tGtosZ24DOCNP3fcTXUHQ9kVqVkNyzt9ZFCT3" + - "bJUAdBQ2SpfuV4DusVeQZVzcROKeA09nPkxBpTefWbSDQGhb+eZq9L8JDRSW" + - "HyYqs+MBoUpLw7GKtZiJkZyY6CsYkAnQ+uYVWq/TIQJBAP5zafO4HUV/w4KD" + - "VJi+ua+GYF1Sg1t/dYL1kXO9GP1p75YAmtm6LdnOCas7wj70/G1YlPGkOP0V" + - "GFzeG5KAmAUCQQCryvKU9nwWA+kypcQT9Yr1P4vGS0APYoBThnZq7jEPc5Cm" + - "ZI82yseSxSeea0+8KQbZ5mvh1p3qImDLEH/iNSQFAkAghS+tboKPN10NeSt+" + - "uiGRRWNbiggv0YJ7Uldcq3ZeLQPp7/naiekCRUsHD4Qr97OrZf7jQ1HlRqTu" + - "eZScjMLhAkBNUMZCQnhwFAyEzdPkQ7LpU1MdyEopYmRssuxijZao5JLqQAGw" + - "YCzXokGFa7hz72b09F4DQurJL/WuDlvvu4jdAkEAxwT9lylvfSfEQw4/qQgZ" + - "MFB26gqB6Gqs1pHIZCzdliKx5BO3VDeUGfXMI8yOkbXoWbYx5xPid/+N8R//" + - "+sxLBw=="); - - byte[] envData = Base64.decode( - "MIAGCSqGSIb3DQEHA6CAMIACAQAxgcQwgcECAQAwKjAlMRYwFAYDVQQKEw1C" + - "b3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVQIBHjANBgkqhkiG9w0BAQEFAASB" + - "gDmnaDZ0vDJNlaUSYyEXsgbaUH+itNTjCOgv77QTX2ImXj+kTctM19PQF2I1" + - "0/NL0fjakvCgBTHKmk13a7jqB6cX3bysenHNrglHsgNGgeXQ7ggAq5fV/JQQ" + - "T7rSxEtuwpbuHQnoVUZahOHVKy/a0uLr9iIh1A3y+yZTZaG505ZJMIAGCSqG" + - "SIb3DQEHATAdBglghkgBZQMEAQIEENmkYNbDXiZxJWtq82qIRZKggAQgkOGr" + - "1JcTsADStez1eY4+rO4DtyBIyUYQ3pilnbirfPkAAAAAAAAAAAAA"); - - - CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(envData); - - RecipientInformationStore recipients = ep.getRecipientInfos(); - - assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyData); - KeyFactory keyFact = KeyFactory.getInstance("RSA", BC); - Key priKey = keyFact.generatePrivate(keySpec); - byte[] data = Hex.decode("57616c6c6157616c6c6157617368696e67746f6e"); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - CMSTypedStream recData = recipient.getContentStream(priKey, BC); - - assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream()))); - } - } - - private void verifyData( - ByteArrayOutputStream encodedStream, - String expectedOid, - byte[] expectedData) - throws Exception - { - CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(encodedStream.toByteArray()); - RecipientInformationStore recipients = ep.getRecipientInfos(); - - assertEquals(ep.getEncryptionAlgOID(), expectedOid); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - CMSTypedStream recData = recipient.getContentStream(_reciKP.getPrivate(), BC); - - assertEquals(true, Arrays.equals(expectedData, CMSTestUtil.streamToByteArray(recData.getContentStream()))); - } - } - - public void testKeyTransAES128BufferedStream() - throws Exception - { - byte[] data = new byte[2000]; - - for (int i = 0; i != 2000; i++) - { - data[i] = (byte)(i & 0xff); - } - - // - // unbuffered - // - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open( - bOut, CMSEnvelopedDataGenerator.AES128_CBC, BC); - - for (int i = 0; i != 2000; i++) - { - out.write(data[i]); - } - - out.close(); - - verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data); - - int unbufferedLength = bOut.toByteArray().length; - - // - // Using buffered output - should be == to unbuffered - // - edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - bOut = new ByteArrayOutputStream(); - - out = edGen.open(bOut, CMSEnvelopedDataGenerator.AES128_CBC, BC); - - BufferedOutputStream bfOut = new BufferedOutputStream(out, 300); - - for (int i = 0; i != 2000; i++) - { - bfOut.write(data[i]); - } - - bfOut.close(); - - verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data); - - assertTrue(bOut.toByteArray().length == unbufferedLength); - } - - public void testKeyTransAES128Buffered() - throws Exception - { - byte[] data = new byte[2000]; - - for (int i = 0; i != 2000; i++) - { - data[i] = (byte)(i & 0xff); - } - - // - // unbuffered - // - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open( - bOut, CMSEnvelopedDataGenerator.AES128_CBC, BC); - - for (int i = 0; i != 2000; i++) - { - out.write(data[i]); - } - - out.close(); - - verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data); - - int unbufferedLength = bOut.toByteArray().length; - - // - // buffered - less than default of 1000 - // - edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.setBufferSize(300); - - edGen.addKeyTransRecipient(_reciCert); - - bOut = new ByteArrayOutputStream(); - - out = edGen.open(bOut, CMSEnvelopedDataGenerator.AES128_CBC, BC); - - for (int i = 0; i != 2000; i++) - { - out.write(data[i]); - } - - out.close(); - - verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data); - - assertTrue(bOut.toByteArray().length > unbufferedLength); - } - - public void testKeyTransAES128Der() - throws Exception - { - byte[] data = new byte[2000]; - - for (int i = 0; i != 2000; i++) - { - data[i] = (byte)(i & 0xff); - } - - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open( - bOut, CMSEnvelopedDataGenerator.AES128_CBC, BC); - - for (int i = 0; i != 2000; i++) - { - out.write(data[i]); - } - - out.close(); - - // convert to DER - ASN1InputStream aIn = new ASN1InputStream(bOut.toByteArray()); - - bOut.reset(); - - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(aIn.readObject()); - - verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data); - } - - public void testKeyTransAES128Throughput() - throws Exception - { - byte[] data = new byte[40001]; - - for (int i = 0; i != data.length; i++) - { - data[i] = (byte)(i & 0xff); - } - - // - // buffered - // - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.setBufferSize(BUFFER_SIZE); - - edGen.addKeyTransRecipient(_reciCert); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open(bOut, CMSEnvelopedDataGenerator.AES128_CBC, BC); - - for (int i = 0; i != data.length; i++) - { - out.write(data[i]); - } - - out.close(); - - CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray()); - RecipientInformationStore recipients = ep.getRecipientInfos(); - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - CMSTypedStream recData = recipient.getContentStream(_reciKP.getPrivate(), BC); - - InputStream dataStream = recData.getContentStream(); - ByteArrayOutputStream dataOut = new ByteArrayOutputStream(); - int len; - byte[] buf = new byte[BUFFER_SIZE]; - int count = 0; - - while (count != 10 && (len = dataStream.read(buf)) > 0) - { - assertEquals(buf.length, len); - - dataOut.write(buf); - count++; - } - - len = dataStream.read(buf); - dataOut.write(buf, 0, len); - - assertEquals(true, Arrays.equals(data, dataOut.toByteArray())); - } - else - { - fail("recipient not found."); - } - } - - public void testKeyTransAES128() - throws Exception - { - byte[] data = "WallaWallaWashington".getBytes(); - - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open( - bOut, CMSEnvelopedDataGenerator.AES128_CBC, BC); - - out.write(data); - - out.close(); - - CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray()); - - RecipientInformationStore recipients = ep.getRecipientInfos(); - - assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - CMSTypedStream recData = recipient.getContentStream(_reciKP.getPrivate(), BC); - - assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream()))); - } - - ep.close(); - } - - public void testKeyTransCAST5SunJCE() - throws Exception - { - if (Security.getProvider("SunJCE") == null) - { - return; - } - - String version = System.getProperty("java.version"); - if (version.startsWith("1.4") || version.startsWith("1.3")) - { - return; - } - - byte[] data = "WallaWallaWashington".getBytes(); - - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open( - bOut, CMSEnvelopedDataGenerator.CAST5_CBC, "SunJCE"); - - out.write(data); - - out.close(); - - CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray()); - - RecipientInformationStore recipients = ep.getRecipientInfos(); - - assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.CAST5_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - CMSTypedStream recData = recipient.getContentStream(_reciKP.getPrivate(), "SunJCE"); - - assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream()))); - } - - ep.close(); - } - - public void testAESKEK() - throws Exception - { - byte[] data = "WallaWallaWashington".getBytes(); - SecretKey kek = CMSTestUtil.makeAES192Key(); - - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - byte[] kekId = new byte[] { 1, 2, 3, 4, 5 }; - - edGen.addKEKRecipient(kek, kekId); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open( - bOut, - CMSEnvelopedDataGenerator.DES_EDE3_CBC, BC); - out.write(data); - - out.close(); - - CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray()); - - RecipientInformationStore recipients = ep.getRecipientInfos(); - - assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), "2.16.840.1.101.3.4.1.25"); - - CMSTypedStream recData = recipient.getContentStream(kek, BC); - - assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream()))); - } - - ep.close(); - } - - public void testTwoAESKEK() - throws Exception - { - byte[] data = "WallaWallaWashington".getBytes(); - SecretKey kek1 = CMSTestUtil.makeAES192Key(); - SecretKey kek2 = CMSTestUtil.makeAES192Key(); - - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - byte[] kekId1 = new byte[] { 1, 2, 3, 4, 5 }; - byte[] kekId2 = new byte[] { 5, 4, 3, 2, 1 }; - - edGen.addKEKRecipient(kek1, kekId1); - edGen.addKEKRecipient(kek2, kekId2); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open( - bOut, - CMSEnvelopedDataGenerator.DES_EDE3_CBC, BC); - out.write(data); - - out.close(); - - CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray()); - - RecipientInformationStore recipients = ep.getRecipientInfos(); - - assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); - - RecipientId recSel = new KEKRecipientId(kekId2); - - RecipientInformation recipient = recipients.get(recSel); - - assertEquals(recipient.getKeyEncryptionAlgOID(), "2.16.840.1.101.3.4.1.25"); - - CMSTypedStream recData = recipient.getContentStream(kek2, BC); - - assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream()))); - - ep.close(); - } - - public void testECKeyAgree() - throws Exception - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - - edGen.addKeyAgreementRecipient(CMSEnvelopedDataGenerator.ECDH_SHA1KDF, _origEcKP.getPrivate(), _origEcKP.getPublic(), _reciEcCert, CMSEnvelopedDataGenerator.AES128_WRAP, BC); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream out = edGen.open( - bOut, - CMSEnvelopedDataGenerator.AES128_CBC, BC); - out.write(data); - - out.close(); - - CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray()); - - RecipientInformationStore recipients = ep.getRecipientInfos(); - - assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); - - RecipientId recSel = new JceKeyAgreeRecipientId(_reciEcCert); - - RecipientInformation recipient = recipients.get(recSel); - - CMSTypedStream recData = recipient.getContentStream(_reciEcKP.getPrivate(), BC); - - assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream()))); - - ep.close(); - } - - public void testOriginatorInfo() - throws Exception - { - CMSEnvelopedDataParser env = new CMSEnvelopedDataParser(CMSSampleMessages.originatorMessage); - - env.getRecipientInfos(); - - assertEquals(CMSEnvelopedDataGenerator.DES_EDE3_CBC, env.getEncryptionAlgOID()); - } - - public static Test suite() - throws Exception - { - return new CMSTestSetup(new TestSuite(EnvelopedDataStreamTest.class)); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/EnvelopedDataTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/EnvelopedDataTest.java deleted file mode 100644 index dea5d92..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/EnvelopedDataTest.java +++ /dev/null @@ -1,1002 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Security; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.security.spec.PKCS8EncodedKeySpec; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Iterator; - -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.cms.CMSEnvelopedData; -import org.bouncycastle.cms.CMSEnvelopedDataGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSPBEKey; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.KeyTransRecipientInformation; -import org.bouncycastle.cms.PKCS5Scheme2PBEKey; -import org.bouncycastle.cms.PKCS5Scheme2UTF8PBEKey; -import org.bouncycastle.cms.PasswordRecipientInformation; -import org.bouncycastle.cms.RecipientId; -import org.bouncycastle.cms.RecipientInformation; -import org.bouncycastle.cms.RecipientInformationStore; -import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientId; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.encoders.Hex; - -public class EnvelopedDataTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _reciDN; - private static String _reciDN2; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static KeyPair _origEcKP; - private static KeyPair _reciEcKP; - private static X509Certificate _reciEcCert; - private static KeyPair _reciEcKP2; - private static X509Certificate _reciEcCert2; - - private static boolean _initialised = false; - - private byte[] oldKEK = Base64.decode( - "MIAGCSqGSIb3DQEHA6CAMIACAQIxQaI/MD0CAQQwBwQFAQIDBAUwDQYJYIZIAWUDBAEFBQAEI" - + "Fi2eHTPM4bQSjP4DUeDzJZLpfemW2gF1SPq7ZPHJi1mMIAGCSqGSIb3DQEHATAUBggqhkiG9w" - + "0DBwQImtdGyUdGGt6ggAQYk9X9z01YFBkU7IlS3wmsKpm/zpZClTceAAAAAAAAAAAAAA=="); - - private byte[] ecKeyAgreeMsgAES256 = Base64.decode( - "MIAGCSqGSIb3DQEHA6CAMIACAQIxgcShgcECAQOgQ6FBMAsGByqGSM49AgEF" - + "AAMyAAPdXlSTpub+qqno9hUGkUDl+S3/ABhPziIB5yGU4678tgOgU5CiKG9Z" - + "kfnabIJ3nZYwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBLQUAMFswWTAtMCgx" - + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBCi/" - + "rJRLbFwEVW6PcLLmojjW9lI/xGD7CfZzXrqXFw8iHaf3hTRau1gYMIAGCSqG" - + "SIb3DQEHATAdBglghkgBZQMEASoEEMtCnKKPwccmyrbgeSIlA3qggAQQDLw8" - + "pNJR97bPpj6baG99bQQQwhEDsoj5Xg1oOxojHVcYzAAAAAAAAAAAAAA="); - - private byte[] ecKeyAgreeMsgAES128 = Base64.decode( - "MIAGCSqGSIb3DQEHA6CAMIACAQIxgbShgbECAQOgQ6FBMAsGByqGSM49AgEF" - + "AAMyAAL01JLEgKvKh5rbxI/hOxs/9WEezMIsAbUaZM4l5tn3CzXAN505nr5d" - + "LhrcurMK+tAwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBBQUAMEswSTAtMCgx" - + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBBhi" - + "FLjc5g6aqDT3f8LomljOwl1WTrplUT8wgAYJKoZIhvcNAQcBMB0GCWCGSAFl" - + "AwQBAgQQzXjms16Y69S/rB0EbHqRMaCABBAFmc/QdVW6LTKdEy97kaZzBBBa" - + "fQuviUS03NycpojELx0bAAAAAAAAAAAAAA=="); - - private byte[] ecKeyAgreeMsgDESEDE = Base64.decode( - "MIAGCSqGSIb3DQEHA6CAMIACAQIxgcahgcMCAQOgQ6FBMAsGByqGSM49AgEF" - + "AAMyAALIici6Nx1WN5f0ThH2A8ht9ovm0thpC5JK54t73E1RDzCifePaoQo0" - + "xd6sUqoyGaYwHAYJK4EFEIZIPwACMA8GCyqGSIb3DQEJEAMGBQAwWzBZMC0w" - + "KDETMBEGA1UEAxMKQWRtaW4tTURTRTERMA8GA1UEChMINEJDVC0ySUQCAQEE" - + "KJuqZQ1NB1vXrKPOnb4TCpYOsdm6GscWdwAAZlm2EHMp444j0s55J9wwgAYJ" - + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAjwnsDMsafCrKCABBjyPvqFOVMKxxut" - + "VfTx4fQlNGJN8S2ATRgECMcTQ/dsmeViAAAAAAAAAAAAAA=="); - - private byte[] ecMQVKeyAgreeMsgAES128 = Base64.decode( - "MIAGCSqGSIb3DQEHA6CAMIACAQIxgf2hgfoCAQOgQ6FBMAsGByqGSM49AgEF" - + "AAMyAAPDKU+0H58tsjpoYmYCInMr/FayvCCkupebgsnpaGEB7qS9vzcNVUj6" - + "mrnmiC2grpmhRwRFMEMwQTALBgcqhkjOPQIBBQADMgACZpD13z9c7DzRWx6S" - + "0xdbq3S+EJ7vWO+YcHVjTD8NcQDcZcWASW899l1PkL936zsuMBoGCSuBBRCG" - + "SD8AEDANBglghkgBZQMEAQUFADBLMEkwLTAoMRMwEQYDVQQDEwpBZG1pbi1N" - + "RFNFMREwDwYDVQQKEwg0QkNULTJJRAIBAQQYFq58L71nyMK/70w3nc6zkkRy" - + "RL7DHmpZMIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDzRUpreBsZXWHBe" - + "onxOtSmggAQQ7csAZXwT1lHUqoazoy8bhAQQq+9Zjj8iGdOWgyebbfj67QAA" - + "AAAAAAAAAAA="); - - - private byte[] ecKeyAgreeKey = Base64.decode( - "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC8vp7xVTbKSgYVU5Wc" - + "hGkWbzaj+yUFETIWP1Dt7+WSpq3ikSPdl7PpHPqnPVZfoIWhZANiAgSYHTgxf+Dd" - + "Tt84dUvuSKkFy3RhjxJmjwIscK6zbEUzKhcPQG2GHzXhWK5x1kov0I74XpGhVkya" - + "ElH5K6SaOXiXAzcyNGggTOk4+ZFnz5Xl0pBje3zKxPhYu0SnCw7Pcqw="); - - private byte[] bobPrivRsaEncrypt = Base64.decode( - "MIIChQIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKnhZ5g/OdVf" - + "8qCTQV6meYmFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmR" - + "uBlpN235ZR572akzJKN/O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtd" - + "YMTgXB9T039T2GkB8QX4enDRvoPGXzjPHCyqaqfrAgMBAAECgYBnzUhMmg2P" - + "mMIbZf8ig5xt8KYGHbztpwOIlPIcaw+LNd4Ogngwy+e6alatd8brUXlweQqg" - + "9P5F4Kmy9Bnah5jWMIR05PxZbMHGd9ypkdB8MKCixQheIXFD/A0HPfD6bRSe" - + "TmPwF1h5HEuYHD09sBvf+iU7o8AsmAX2EAnYh9sDGQJBANDDIsbeopkYdo+N" - + "vKZ11mY/1I1FUox29XLE6/BGmvE+XKpVC5va3Wtt+Pw7PAhDk7Vb/s7q/WiE" - + "I2Kv8zHCueUCQQDQUfweIrdb7bWOAcjXq/JY1PeClPNTqBlFy2bKKBlf4hAr" - + "84/sajB0+E0R9KfEILVHIdxJAfkKICnwJAiEYH2PAkA0umTJSChXdNdVUN5q" - + "SO8bKlocSHseIVnDYDubl6nA7xhmqU5iUjiEzuUJiEiUacUgFJlaV/4jbOSn" - + "I3vQgLeFAkEAni+zN5r7CwZdV+EJBqRd2ZCWBgVfJAZAcpw6iIWchw+dYhKI" - + "FmioNRobQ+g4wJhprwMKSDIETukPj3d9NDAlBwJAVxhn1grStavCunrnVNqc" - + "BU+B1O8BiR4yPWnLMcRSyFRVJQA7HCp8JlDV6abXd8vPFfXuC9WN7rOvTKF8" - + "Y0ZB9qANMAsGA1UdDzEEAwIAEA=="); - - private byte[] rfc4134ex5_1 = Base64.decode( - "MIIBHgYJKoZIhvcNAQcDoIIBDzCCAQsCAQAxgcAwgb0CAQAwJjASMRAwDgYD" - + "VQQDEwdDYXJsUlNBAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUA" - + "BIGAC3EN5nGIiJi2lsGPcP2iJ97a4e8kbKQz36zg6Z2i0yx6zYC4mZ7mX7FB" - + "s3IWg+f6KgCLx3M1eCbWx8+MDFbbpXadCDgO8/nUkUNYeNxJtuzubGgzoyEd" - + "8Ch4H/dd9gdzTd+taTEgS0ipdSJuNnkVY4/M652jKKHRLFf02hosdR8wQwYJ" - + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgtaMXpRwZRNYAgDsiSf8Z9P43LrY4O" - + "xUk660cu1lXeCSFOSOpOJ7FuVyU="); - - private byte[] rfc4134ex5_2 = Base64.decode( - "MIIBZQYJKoZIhvcNAQcDoIIBVjCCAVICAQIxggEAMIG9AgEAMCYwEjEQMA4G" - + "A1UEAxMHQ2FybFJTQQIQRjRrx4AAVrwR024uzV1x0DANBgkqhkiG9w0BAQEF" - + "AASBgJQmQojGi7Z4IP+CVypBmNFoCDoEp87khtgyff2N4SmqD3RxPx+8hbLQ" - + "t9i3YcMwcap+aiOkyqjMalT03VUC0XBOGv+HYI3HBZm/aFzxoq+YOXAWs5xl" - + "GerZwTOc9j6AYlK4qXvnztR5SQ8TBjlzytm4V7zg+TGrnGVNQBNw47Ewoj4C" - + "AQQwDQQLTWFpbExpc3RSQzIwEAYLKoZIhvcNAQkQAwcCAToEGHcUr5MSJ/g9" - + "HnJVHsQ6X56VcwYb+OfojTBJBgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgIC" - + "AKAECJwE0hkuKlWhgCBeKNXhojuej3org9Lt7n+wWxOhnky5V50vSpoYRfRR" - + "yw=="); - - public EnvelopedDataTest() - { - } - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - _signDN = "O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN); - - _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciDN2 = "CN=Fred, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _origEcKP = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcKP = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN); - _reciEcKP2 = CMSTestUtil.makeEcDsaKeyPair(); - _reciEcCert2 = CMSTestUtil.makeCertificate(_reciEcKP2, _reciDN2, _signKP, _signDN); - } - } - - public static void main( - String args[]) - throws Exception - { - junit.textui.TestRunner.run(EnvelopedDataTest.suite()); - } - - public static Test suite() - throws Exception - { - init(); - - return new CMSTestSetup(new TestSuite(EnvelopedDataTest.class)); - } - - public void testKeyTrans() - throws Exception - { - byte[] data = "WallaWallaWashington".getBytes(); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.DES_EDE3_CBC, BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - - assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); - - Collection c = recipients.getRecipients(); - - assertEquals(1, c.size()); - - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - } - - public void testKeyTransCAST5SunJCE() - throws Exception - { - if (Security.getProvider("SunJCE") == null) - { - return; - } - - String version = System.getProperty("java.version"); - if (version.startsWith("1.4") || version.startsWith("1.3")) - { - return; - } - - byte[] data = "WallaWallaWashington".getBytes(); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.CAST5_CBC, "SunJCE"); - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.CAST5_CBC); - - Collection c = recipients.getRecipients(); - - assertEquals(1, c.size()); - - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), "SunJCE"); - - assertEquals(true, Arrays.equals(data, recData)); - } - } - - public void testKeyTransRC4() - throws Exception - { - byte[] data = "WallaWallaBouncyCastle".getBytes(); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - "1.2.840.113549.3.4", BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4"); - - Collection c = recipients.getRecipients(); - - assertEquals(1, c.size()); - - Iterator it = c.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - } - - public void testKeyTrans128RC4() - throws Exception - { - byte[] data = "WallaWallaBouncyCastle".getBytes(); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - "1.2.840.113549.3.4", 128, BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4"); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - } - - public void testKeyTransODES() - throws Exception - { - byte[] data = "WallaWallaBouncyCastle".getBytes(); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - "1.3.14.3.2.7", BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(ed.getEncryptionAlgOID(), "1.3.14.3.2.7"); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - } - - public void testKeyTransSmallAES() - throws Exception - { - byte[] data = new byte[] { 0, 1, 2, 3 }; - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.AES128_CBC, BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(ed.getEncryptionAlgOID(), - CMSEnvelopedDataGenerator.AES128_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - assertEquals(true, Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - } - - public void testKeyTransCAST5() - throws Exception - { - tryKeyTrans(CMSEnvelopedDataGenerator.CAST5_CBC, new DERObjectIdentifier(CMSEnvelopedDataGenerator.CAST5_CBC), ASN1Sequence.class); - } - - public void testKeyTransAES128() - throws Exception - { - tryKeyTrans(CMSEnvelopedDataGenerator.AES128_CBC, NISTObjectIdentifiers.id_aes128_CBC, DEROctetString.class); - } - - public void testKeyTransAES192() - throws Exception - { - tryKeyTrans(CMSEnvelopedDataGenerator.AES192_CBC, NISTObjectIdentifiers.id_aes192_CBC, DEROctetString.class); - } - - public void testKeyTransAES256() - throws Exception - { - tryKeyTrans(CMSEnvelopedDataGenerator.AES256_CBC, NISTObjectIdentifiers.id_aes256_CBC, DEROctetString.class); - } - - public void testKeyTransSEED() - throws Exception - { - tryKeyTrans(CMSEnvelopedDataGenerator.SEED_CBC, KISAObjectIdentifiers.id_seedCBC, DEROctetString.class); - } - - public void testKeyTransCamellia128() - throws Exception - { - tryKeyTrans(CMSEnvelopedDataGenerator.CAMELLIA128_CBC, NTTObjectIdentifiers.id_camellia128_cbc, DEROctetString.class); - } - - public void testKeyTransCamellia192() - throws Exception - { - tryKeyTrans(CMSEnvelopedDataGenerator.CAMELLIA192_CBC, NTTObjectIdentifiers.id_camellia192_cbc, DEROctetString.class); - } - - public void testKeyTransCamellia256() - throws Exception - { - tryKeyTrans(CMSEnvelopedDataGenerator.CAMELLIA256_CBC, NTTObjectIdentifiers.id_camellia256_cbc, DEROctetString.class); - } - - private void tryKeyTrans(String generatorOID, DERObjectIdentifier checkOID, Class asn1Params) - throws Exception - { - byte[] data = "WallaWallaWashington".getBytes(); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyTransRecipient(_reciCert); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - generatorOID, BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(checkOID.getId(), ed.getEncryptionAlgOID()); - - if (asn1Params != null) - { - ASN1InputStream aIn = new ASN1InputStream(ed.getEncryptionAlgParams()); - - assertTrue(asn1Params.isAssignableFrom(aIn.readObject().getClass())); - } - - Collection c = recipients.getRecipients(); - - assertEquals(1, c.size()); - - Iterator it = c.iterator(); - - if (!it.hasNext()) - { - fail("no recipients found"); - } - - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - byte[] recData = recipient.getContent(_reciKP.getPrivate(), BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - } - - public void testErrorneousKEK() - throws Exception - { - byte[] data = "WallaWallaWashington".getBytes(); - SecretKey kek = new SecretKeySpec(new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 }, "AES"); - - CMSEnvelopedData ed = new CMSEnvelopedData(oldKEK); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(recipient.getKeyEncryptionAlgOID(), NISTObjectIdentifiers.id_aes128_wrap.getId()); - - byte[] recData = recipient.getContent(kek, BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - } - - public void testDESKEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeDesede192Key(), new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6")); - } - public void testRC2128KEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeRC2128Key(), new DERObjectIdentifier("1.2.840.113549.1.9.16.3.7")); - } - - public void testAES128KEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap); - } - - public void testAES192KEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeAESKey(192), NISTObjectIdentifiers.id_aes192_wrap); - } - - public void testAES256KEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeAESKey(256), NISTObjectIdentifiers.id_aes256_wrap); - } - - public void testSEED128KEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeSEEDKey(), KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap); - } - - public void testCamellia128KEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(128), NTTObjectIdentifiers.id_camellia128_wrap); - } - - public void testCamellia192KEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(192), NTTObjectIdentifiers.id_camellia192_wrap); - } - - public void testCamellia256KEK() - throws Exception - { - tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(256), NTTObjectIdentifiers.id_camellia256_wrap); - } - - private void tryKekAlgorithm(SecretKey kek, DERObjectIdentifier algOid) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException - { - byte[] data = "WallaWallaWashington".getBytes(); - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - byte[] kekId = new byte[] { 1, 2, 3, 4, 5 }; - - edGen.addKEKRecipient(kek, kekId); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.DES_EDE3_CBC, BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals(algOid.getId(), recipient.getKeyEncryptionAlgOID()); - - byte[] recData = recipient.getContent(kek, BC); - - assertTrue(Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - } - - public void testECKeyAgree() - throws Exception - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyAgreementRecipient(CMSEnvelopedDataGenerator.ECDH_SHA1KDF, - _origEcKP.getPrivate(), _origEcKP.getPublic(), - _reciEcCert, CMSEnvelopedDataGenerator.AES128_WRAP, BC); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.AES128_CBC, BC); - - assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC); - confirmNumberRecipients(recipients, 1); - } - - public void testECMQVKeyAgree() - throws Exception - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addKeyAgreementRecipient(CMSEnvelopedDataGenerator.ECMQV_SHA1KDF, - _origEcKP.getPrivate(), _origEcKP.getPublic(), - _reciEcCert, CMSEnvelopedDataGenerator.AES128_WRAP, BC); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.AES128_CBC, BC); - - assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC); - confirmNumberRecipients(recipients, 1); - } - - public void testECMQVKeyAgreeMultiple() - throws Exception - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - ArrayList recipientCerts = new ArrayList(); - recipientCerts.add(_reciEcCert); - recipientCerts.add(_reciEcCert2); - - edGen.addKeyAgreementRecipients(CMSEnvelopedDataGenerator.ECMQV_SHA1KDF, - _origEcKP.getPrivate(), _origEcKP.getPublic(), - recipientCerts, CMSEnvelopedDataGenerator.AES128_WRAP, BC); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.AES128_CBC, BC); - - assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC); - confirmDataReceived(recipients, data, _reciEcCert2, _reciEcKP2.getPrivate(), BC); - confirmNumberRecipients(recipients, 2); - } - - private static void confirmDataReceived(RecipientInformationStore recipients, - byte[] expectedData, X509Certificate reciCert, PrivateKey reciPrivKey, String provider) - throws CMSException, NoSuchProviderException, CertificateEncodingException, IOException - { - RecipientId rid = new JceKeyAgreeRecipientId(reciCert); - - RecipientInformation recipient = recipients.get(rid); - assertNotNull(recipient); - - byte[] actualData = recipient.getContent(reciPrivKey, provider); - assertEquals(true, Arrays.equals(expectedData, actualData)); - } - - private static void confirmNumberRecipients(RecipientInformationStore recipients, int count) - { - assertEquals(count, recipients.getRecipients().size()); - } - - public void testECKeyAgreeVectors() - throws Exception - { - PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey); - KeyFactory fact = KeyFactory.getInstance("ECDH", BC); - PrivateKey privKey = fact.generatePrivate(privSpec); - - verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.42", ecKeyAgreeMsgAES256); - verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecKeyAgreeMsgAES128); - verifyECKeyAgreeVectors(privKey, "1.2.840.113549.3.7", ecKeyAgreeMsgDESEDE); - } - - public void testECMQVKeyAgreeVectors() - throws Exception - { - PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey); - KeyFactory fact = KeyFactory.getInstance("ECDH", BC); - PrivateKey privKey = fact.generatePrivate(privSpec); - - verifyECMQVKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecMQVKeyAgreeMsgAES128); - } - - public void testPasswordAES256() - throws Exception - { - passwordTest(CMSEnvelopedDataGenerator.AES256_CBC); - passwordUTF8Test(CMSEnvelopedDataGenerator.AES256_CBC); - } - - public void testPasswordDESEDE() - throws Exception - { - passwordTest(CMSEnvelopedDataGenerator.DES_EDE3_CBC); - passwordUTF8Test(CMSEnvelopedDataGenerator.DES_EDE3_CBC); - } - - public void testRFC4134ex5_1() - throws Exception - { - byte[] data = Hex.decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e"); - - KeyFactory kFact = KeyFactory.getInstance("RSA", BC); - Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt)); - - CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_1); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals("1.2.840.113549.3.7", ed.getEncryptionAlgOID()); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(key, BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - } - - public void testRFC4134ex5_2() - throws Exception - { - byte[] data = Hex.decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e"); - - KeyFactory kFact = KeyFactory.getInstance("RSA", BC); - Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt)); - - CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_2); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals("1.2.840.113549.3.2", ed.getEncryptionAlgOID()); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - while (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - byte[] recData; - - if (recipient instanceof KeyTransRecipientInformation) - { - recData = recipient.getContent(key, BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - } - } - else - { - fail("no recipient found"); - } - } - - public void testOriginatorInfo() - throws Exception - { - CMSEnvelopedData env = new CMSEnvelopedData(CMSSampleMessages.originatorMessage); - - RecipientInformationStore recipients = env.getRecipientInfos(); - - assertEquals(CMSEnvelopedDataGenerator.DES_EDE3_CBC, env.getEncryptionAlgOID()); - - } - - private void passwordTest(String algorithm) - throws Exception - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addPasswordRecipient(new PKCS5Scheme2PBEKey("password".toCharArray(), new byte[20], 5), algorithm); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.AES128_CBC, BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(ed.getEncryptionAlgOID(), - CMSEnvelopedDataGenerator.AES128_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next(); - - CMSPBEKey key = new PKCS5Scheme2PBEKey("password".toCharArray(), - recipient.getKeyDerivationAlgParameters(BC)); - - byte[] recData = recipient.getContent(key, BC); - - assertEquals(true, Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - - // - // try algorithm parameters constructor - // - it = c.iterator(); - - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(new PKCS5Scheme2PBEKey("password".toCharArray(), ((PasswordRecipientInformation)recipient).getKeyDerivationAlgParameters(BC)), BC); - assertEquals(true, Arrays.equals(data, recData)); - } - - private void passwordUTF8Test(String algorithm) - throws Exception - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - - edGen.addPasswordRecipient(new PKCS5Scheme2UTF8PBEKey("abc\u5639\u563b".toCharArray(), new byte[20], 5), algorithm); - - CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - CMSEnvelopedDataGenerator.AES128_CBC, BC); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - assertEquals(ed.getEncryptionAlgOID(), - CMSEnvelopedDataGenerator.AES128_CBC); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(new PKCS5Scheme2UTF8PBEKey("abc\u5639\u563b".toCharArray(), new byte[20], 5), BC); - assertEquals(true, Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - - // - // try algorithm parameters constructor - // - it = c.iterator(); - - RecipientInformation recipient = (RecipientInformation)it.next(); - - byte[] recData = recipient.getContent(new PKCS5Scheme2UTF8PBEKey("abc\u5639\u563b".toCharArray(), ((PasswordRecipientInformation)recipient).getKeyDerivationAlgParameters(BC)), BC); - assertEquals(true, Arrays.equals(data, recData)); - } - - private void verifyECKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message) - throws CMSException, GeneralSecurityException - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSEnvelopedData ed = new CMSEnvelopedData(message); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - assertEquals(wrapAlg, ed.getEncryptionAlgOID()); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals("1.3.133.16.840.63.0.2", recipient.getKeyEncryptionAlgOID()); - - byte[] recData = recipient.getContent(privKey, BC); - - assertTrue(Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - } - - private void verifyECMQVKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message) - throws CMSException, GeneralSecurityException - { - byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); - - CMSEnvelopedData ed = new CMSEnvelopedData(message); - - RecipientInformationStore recipients = ed.getRecipientInfos(); - - Collection c = recipients.getRecipients(); - Iterator it = c.iterator(); - - assertEquals(wrapAlg, ed.getEncryptionAlgOID()); - - if (it.hasNext()) - { - RecipientInformation recipient = (RecipientInformation)it.next(); - - assertEquals("1.3.133.16.840.63.0.16", recipient.getKeyEncryptionAlgOID()); - - byte[] recData = recipient.getContent(privKey, BC); - - assertTrue(Arrays.equals(data, recData)); - } - else - { - fail("no recipient found"); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/MiscDataStreamTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/MiscDataStreamTest.java index 7efaec7..4a86cac 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/MiscDataStreamTest.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/MiscDataStreamTest.java @@ -5,8 +5,6 @@ import java.io.ByteArrayOutputStream; import java.io.OutputStream; import java.security.KeyPair; import java.security.MessageDigest; -import java.security.cert.CertStore; -import java.security.cert.CollectionCertStoreParameters; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -17,6 +15,9 @@ import java.util.List; import junit.framework.Test; import junit.framework.TestCase; import junit.framework.TestSuite; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaCRLStore; +import org.bouncycastle.cert.jcajce.JcaCertStore; import org.bouncycastle.cms.CMSCompressedDataStreamGenerator; import org.bouncycastle.cms.CMSDigestedData; import org.bouncycastle.cms.CMSSignedDataParser; @@ -24,10 +25,16 @@ import org.bouncycastle.cms.CMSSignedDataStreamGenerator; import org.bouncycastle.cms.CMSTypedStream; import org.bouncycastle.cms.SignerInformation; import org.bouncycastle.cms.SignerInformationStore; +import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder; +import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder; import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; +import org.bouncycastle.cms.jcajce.ZlibCompressor; import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.DigestCalculatorProvider; +import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Store; import org.bouncycastle.util.encoders.Base64; public class MiscDataStreamTest @@ -74,6 +81,20 @@ public class MiscDataStreamTest private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter(); + private static final DigestCalculatorProvider digCalcProv; + + static + { + try + { + digCalcProv = new JcaDigestCalculatorProviderBuilder().build(); + } + catch (OperatorCreationException e) + { + throw new IllegalStateException("can't create default provider!!!"); + } + } + public MiscDataStreamTest(String name) { super(name); @@ -109,7 +130,7 @@ public class MiscDataStreamTest private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest) throws Exception { - CertStore certStore = sp.getCertificatesAndCRLs("Collection", BC); + Store certStore = sp.getCertificates(); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); @@ -118,24 +139,18 @@ public class MiscDataStreamTest while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); + Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); + X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - assertEquals(true, signer.verify(cert, BC)); + assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(cert))); if (contentDigest != null) { assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest())); } } - - Collection certColl = certStore.getCertificates(null); - Collection crlColl = certStore.getCRLs(null); - - assertEquals(certColl.size(), sp.getCertificates("Collection", BC).getMatches(null).size()); - assertEquals(crlColl.size(), sp.getCRLs("Collection", BC).getMatches(null).size()); } private void verifySignatures(CMSSignedDataParser sp) @@ -148,7 +163,7 @@ public class MiscDataStreamTest throws Exception { CMSSignedDataParser sp; - sp = new CMSSignedDataParser(bOut.toByteArray()); + sp = new CMSSignedDataParser(digCalcProv, bOut.toByteArray()); sp.getSignedContent().drain(); @@ -160,14 +175,14 @@ public class MiscDataStreamTest private void checkSigParseable(byte[] sig) throws Exception { - CMSSignedDataParser sp = new CMSSignedDataParser(sig); + CMSSignedDataParser sp = new CMSSignedDataParser(digCalcProv, sig); sp.getVersion(); CMSTypedStream sc = sp.getSignedContent(); if (sc != null) { sc.drain(); } - sp.getCertificatesAndCRLs("Collection", BC); + sp.getCertificates(); sp.getSignerInfos(); sp.close(); } @@ -176,28 +191,27 @@ public class MiscDataStreamTest throws Exception { List certList = new ArrayList(); + List crlList = new ArrayList(); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); certList.add(_origCert); certList.add(_signCert); - certList.add(_signCrl); - certList.add(_origCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); + crlList.add(_signCrl); + crlList.add(_origCrl); CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); + gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert)); - gen.addCertificatesAndCRLs(certsAndCrls); + gen.addCertificates(new JcaCertStore(certList)); + gen.addCRLs(new JcaCRLStore(crlList)); OutputStream sigOut = gen.open(bOut); CMSCompressedDataStreamGenerator cGen = new CMSCompressedDataStreamGenerator(); - OutputStream cOut = cGen.open(sigOut, CMSCompressedDataStreamGenerator.ZLIB); + OutputStream cOut = cGen.open(sigOut, new ZlibCompressor()); cOut.write(TEST_MESSAGE.getBytes()); @@ -210,13 +224,13 @@ public class MiscDataStreamTest // generate compressed stream ByteArrayOutputStream cDataOut = new ByteArrayOutputStream(); - cOut = cGen.open(cDataOut, CMSCompressedDataStreamGenerator.ZLIB); + cOut = cGen.open(cDataOut, new ZlibCompressor()); cOut.write(TEST_MESSAGE.getBytes()); cOut.close(); - CMSSignedDataParser sp = new CMSSignedDataParser( + CMSSignedDataParser sp = new CMSSignedDataParser(digCalcProv, new CMSTypedStream(new ByteArrayInputStream(cDataOut.toByteArray())), bOut.toByteArray()); sp.getSignedContent().drain(); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java index c29293a..d95499d 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java @@ -10,6 +10,7 @@ import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; +import java.security.spec.MGF1ParameterSpec; import java.security.spec.PKCS8EncodedKeySpec; import java.util.Arrays; import java.util.Collection; @@ -17,6 +18,8 @@ import java.util.Hashtable; import java.util.Iterator; import javax.crypto.SecretKey; +import javax.crypto.spec.OAEPParameterSpec; +import javax.crypto.spec.PSource; import javax.crypto.spec.SecretKeySpec; import junit.framework.Test; @@ -26,7 +29,6 @@ import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERUTF8String; @@ -36,8 +38,10 @@ import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.RC2CBCParameter; import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.X509Extension; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.cms.CMSAlgorithm; @@ -69,6 +73,7 @@ import org.bouncycastle.cms.jcajce.JcePasswordEnvelopedRecipient; import org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.OutputEncryptor; +import org.bouncycastle.operator.jcajce.JcaAlgorithmParametersConverter; import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.util.encoders.Hex; @@ -88,7 +93,9 @@ public class NewEnvelopedDataTest private static String _reciDN; private static String _reciDN2; private static KeyPair _reciKP; + private static KeyPair _reciOaepKP; private static X509Certificate _reciCert; + private static X509Certificate _reciCertOaep; private static KeyPair _origEcKP; private static KeyPair _reciEcKP; @@ -185,6 +192,32 @@ public class NewEnvelopedDataTest + "AKAECJwE0hkuKlWhgCBeKNXhojuej3org9Lt7n+wWxOhnky5V50vSpoYRfRR" + "yw=="); + private byte[] tooShort3DES = Base64.decode( + "MIAGCSqGSIb3DQEHA6CAMIACAQAxgcQwgcECAQAwKjAlMRYwFAYDVQQKDA1C" + + "b3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVQIBCjANBgkqhkiG9w0BAQEFAASB" + + "gJIM2QN0o6iv8Ux018pVCJ8js+ROV4t6+KoMwLJ4DzRKLU8XCAb9BS+crP+F" + + "ghNTxTpTX8TaxPrO4wV0USgVHu2SvFnxNaWZjBDVIyZI2HR4QkSTqFMhsUB2" + + "6CuZIWBZkhqQ6ruDfvn9UuBWVnfsBD4iryZ1idr713sDeVo5TyvTMIAGCSqG" + + "SIb3DQEHATAUBggqhkiG9w0DBwQIQq9e4+WB3CqggAQIwU4cOlmkWUcAAAAA" + + "AAAAAAAA"); + + private byte[] tooShort3DESKey = Base64.decode( + "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAODZDCj0nQdV" + + "f0GGeFsPjjvPx1Vem0V6IkJ4SzazGKfddk0pX58ZDCnG+S+OPiXmPDqValiu" + + "9FtNy2/r9rrf/6qtcVQJkfSJv9E5Y7HgI98L/Y9lKxZWsfRqu/SlYO5zx0Dc" + + "2rzDvvZRtrtaq0uuHXWJlbWda2L9S65sv/Le/zvjAgMBAAECgYEAnn+iGMTG" + + "ZMMaH6Cg+t/uTa9cPougPMuplt2hd3+sY7izihUeONK5RkHiqmlE2gaAcnOd" + + "McKysiIWxGC73mPEnsOObPkaFlneVb5CtjTaTMdptuLNEQkwvtKhuW2HnMra" + + "4afEgFZdll3FyRpvW/CDooe4Bppjd4aGn/Sr/o9nOzECQQD4QKLwZssuclji" + + "nD/8gU1CqGMMnGNogTMpHm1269HUOE7r1y3MuapUqSWsVhpuEQ8P/Tko0haJ" + + "jeZn2eWTbZu/AkEA591snui8FMeGvkRgvyMFNvXZWDEjsh+N74XEL1lykTgZ" + + "FQJ+cmThnrdM/8yj1dKkdASYrk5kFJ4PVE6CzDI43QJAFS22eNncJZc9u/9m" + + "eg0x4SjqYk4JMQYsripZXlbZ7Mfs+7O8xYVlYZmYjC5ATPmJlmyc7r2VjKCd" + + "cmilbEFikwJBAMh7yf8BaBdjitubzjeW9VxXaa37F01eQWD5PfBfHFP6uJ1V" + + "AbayCfAtuHN6I7OwJih3DPmyqJC3NrQECs67IjUCQAb4TfVE/2G1s66SGnb4" + + "no34BspoV/i4f0uLhJap84bTHcF/ZRSXCmQOCRGdSvQkXHeNPI5Lus6lOHuU" + + "vUDbQC8="); + public NewEnvelopedDataTest() { } @@ -208,6 +241,7 @@ public class NewEnvelopedDataTest _reciDN2 = "CN=Fred, OU=Sales, O=Bouncy Castle, C=AU"; _reciKP = CMSTestUtil.makeKeyPair(); _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); + _reciCertOaep = CMSTestUtil.makeOaepCertificate(_reciKP, _reciDN, _signKP, _signDN); _origEcKP = CMSTestUtil.makeEcDsaKeyPair(); _reciEcKP = CMSTestUtil.makeEcDsaKeyPair(); @@ -291,7 +325,7 @@ public class NewEnvelopedDataTest CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); - edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(X509Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCert.getPublicKey()).setProvider(BC)); + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCert.getPublicKey()).setProvider(BC)); CMSEnvelopedData ed = edGen.generate( new CMSProcessableByteArray(data), @@ -329,6 +363,179 @@ public class NewEnvelopedDataTest assertTrue(collection.iterator().next() instanceof RecipientInformation); } + public void testKeyTransOAEPDefault() + throws Exception + { + byte[] data = "WallaWallaWashington".getBytes(); + + CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); + JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter(); + + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert, paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, OAEPParameterSpec.DEFAULT)).setProvider(BC)); + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, OAEPParameterSpec.DEFAULT), _reciCert.getPublicKey()).setProvider(BC)); + + CMSEnvelopedData ed = edGen.generate( + new CMSProcessableByteArray(data), + new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); + + RecipientInformationStore recipients = ed.getRecipientInfos(); + + + assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); + + Collection c = recipients.getRecipients(); + + assertEquals(2, c.size()); + + Iterator it = c.iterator(); + + while (it.hasNext()) + { + RecipientInformation recipient = (RecipientInformation)it.next(); + + assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm()); + + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); + + assertEquals(true, Arrays.equals(data, recData)); + } + + RecipientId id = new JceKeyTransRecipientId(_reciCert); + + Collection collection = recipients.getRecipients(id); + if (collection.size() != 2) + { + fail("recipients not matched using general recipient ID."); + } + assertTrue(collection.iterator().next() instanceof RecipientInformation); + } + + public void testKeyTransOAEPSHA1() + throws Exception + { + doTestKeyTransOAEPDefaultNamed("SHA-1"); + } + + public void testKeyTransOAEPSHA224() + throws Exception + { + doTestKeyTransOAEPDefaultNamed("SHA-224"); + } + + public void testKeyTransOAEPSHA256() + throws Exception + { + doTestKeyTransOAEPDefaultNamed("SHA-256"); + } + + public void testKeyTransOAEPSHA1AndSHA256() + throws Exception + { + doTestKeyTransOAEPDefaultNamed("SHA-1", "SHA-256"); + } + + private void doTestKeyTransOAEPDefaultNamed(String digest) + throws Exception + { + doTestKeyTransOAEPDefaultNamed(digest, digest); + } + + private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest) + throws Exception + { + byte[] data = "WallaWallaWashington".getBytes(); + + CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); + JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter(); + + OAEPParameterSpec oaepSpec = new OAEPParameterSpec(digest, "MGF1", new MGF1ParameterSpec(mgfDigest), new PSource.PSpecified(new byte[]{1, 2, 3, 4, 5})); + AlgorithmIdentifier oaepAlgId = paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, oaepSpec); + + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert, oaepAlgId).setProvider(BC)); + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), oaepAlgId, _reciCert.getPublicKey()).setProvider(BC)); + + CMSEnvelopedData ed = edGen.generate( + new CMSProcessableByteArray(data), + new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); + + RecipientInformationStore recipients = ed.getRecipientInfos(); + + + assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); + + Collection c = recipients.getRecipients(); + + assertEquals(2, c.size()); + + Iterator it = c.iterator(); + + while (it.hasNext()) + { + RecipientInformation recipient = (RecipientInformation)it.next(); + + assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm()); + + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); + + assertEquals(true, Arrays.equals(data, recData)); + } + + RecipientId id = new JceKeyTransRecipientId(_reciCert); + + Collection collection = recipients.getRecipients(id); + if (collection.size() != 2) + { + fail("recipients not matched using general recipient ID."); + } + assertTrue(collection.iterator().next() instanceof RecipientInformation); + } + + public void testKeyTransOAEPInCert() + throws Exception + { + byte[] data = "WallaWallaWashington".getBytes(); + + CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); + + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCertOaep).setProvider(BC)); + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCertOaep.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCertOaep.getPublicKey()).setProvider(BC)); + + CMSEnvelopedData ed = edGen.generate( + new CMSProcessableByteArray(data), + new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); + + RecipientInformationStore recipients = ed.getRecipientInfos(); + + + assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); + + Collection c = recipients.getRecipients(); + + assertEquals(2, c.size()); + + Iterator it = c.iterator(); + + while (it.hasNext()) + { + RecipientInformation recipient = (RecipientInformation)it.next(); + + assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm()); + + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); + + assertEquals(true, Arrays.equals(data, recData)); + } + + RecipientId id = new JceKeyTransRecipientId(_reciCertOaep); + + Collection collection = recipients.getRecipients(id); + if (collection.size() != 2) + { + fail("recipients not matched using general recipient ID."); + } + assertTrue(collection.iterator().next() instanceof RecipientInformation); + } + public void testKeyTransWithAlgMapping() throws Exception { @@ -385,7 +592,7 @@ public class NewEnvelopedDataTest edGen.setOriginatorInfo(new OriginatorInfoGenerator(origCert).generate()); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); - edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(X509Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCert.getPublicKey()).setProvider(BC)); + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCert.getPublicKey()).setProvider(BC)); CMSEnvelopedData ed = edGen.generate( new CMSProcessableByteArray(data), @@ -425,6 +632,42 @@ public class NewEnvelopedDataTest assertTrue(collection.iterator().next() instanceof RecipientInformation); } + public void testKeyTransRC2bit40() + throws Exception + { + byte[] data = "WallaWallaBouncyCastle".getBytes(); + + CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); + + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); + + CMSEnvelopedData ed = edGen.generate( + new CMSProcessableByteArray(data), + new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC, 40).setProvider(BC).build()); + + RecipientInformationStore recipients = ed.getRecipientInfos(); + + assertEquals(ed.getContentEncryptionAlgorithm().getAlgorithm(), CMSAlgorithm.RC2_CBC); + + RC2CBCParameter rc2P = RC2CBCParameter.getInstance(ed.getContentEncryptionAlgorithm().getParameters()); + assertEquals(160, rc2P.getRC2ParameterVersion().intValue()); + + Collection c = recipients.getRecipients(); + + assertEquals(1, c.size()); + + Iterator it = c.iterator(); + + while (it.hasNext()) + { + RecipientInformation recipient = (RecipientInformation)it.next(); + + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); + + assertEquals(true, Arrays.equals(data, recData)); + } + } + public void testKeyTransRC4() throws Exception { @@ -594,6 +837,44 @@ public class NewEnvelopedDataTest } } + public void testKeyTransDESEDE3Short() + throws Exception + { + byte[] data = new byte[] { 0, 1, 2, 3 }; + KeyFactory kf = KeyFactory.getInstance("RSA", BC); + PrivateKey kPriv = kf.generatePrivate(new PKCS8EncodedKeySpec(tooShort3DESKey)); + + CMSEnvelopedData ed = new CMSEnvelopedData(tooShort3DES); + + RecipientInformationStore recipients = ed.getRecipientInfos(); + + assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); + + Collection c = recipients.getRecipients(); + Iterator it = c.iterator(); + + if (it.hasNext()) + { + RecipientInformation recipient = (RecipientInformation)it.next(); + try + { + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(kPriv).setKeySizeValidation(true).setProvider(BC)); + fail("invalid 3DES-EDE key not picked up"); + } + catch (CMSException e) + { + assertEquals("Expected key size for algorithm OID not found in recipient.", e.getMessage()); + } + + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(kPriv).setKeySizeValidation(false).setProvider(BC)); + assertEquals(true, Arrays.equals(data, recData)); + } + else + { + fail("no recipient found"); + } + } + public void testKeyTransDESEDE3Light() throws Exception { @@ -609,8 +890,7 @@ public class NewEnvelopedDataTest RecipientInformationStore recipients = ed.getRecipientInfos(); - assertEquals(ed.getEncryptionAlgOID(), - CMSEnvelopedDataGenerator.DES_EDE3_CBC); + assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); Collection c = recipients.getRecipients(); Iterator it = c.iterator(); @@ -619,7 +899,7 @@ public class NewEnvelopedDataTest { RecipientInformation recipient = (RecipientInformation)it.next(); - byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setKeySizeValidation(true).setProvider(BC)); assertEquals(true, Arrays.equals(data, recData)); } else @@ -725,7 +1005,7 @@ public class NewEnvelopedDataTest assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setKeySizeValidation(true).setProvider(BC)); assertEquals(true, Arrays.equals(data, recData)); } @@ -765,12 +1045,12 @@ public class NewEnvelopedDataTest public void testDESKEK() throws Exception { - tryKekAlgorithm(CMSTestUtil.makeDesede192Key(), new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6")); + tryKekAlgorithm(CMSTestUtil.makeDesede192Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6")); } public void testRC2128KEK() throws Exception { - tryKekAlgorithm(CMSTestUtil.makeRC2128Key(), new DERObjectIdentifier("1.2.840.113549.1.9.16.3.7")); + tryKekAlgorithm(CMSTestUtil.makeRC2128Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.7")); } public void testAES128KEK() @@ -815,7 +1095,7 @@ public class NewEnvelopedDataTest tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(256), NTTObjectIdentifiers.id_camellia256_wrap); } - private void tryKekAlgorithm(SecretKey kek, DERObjectIdentifier algOid) + private void tryKekAlgorithm(SecretKey kek, ASN1ObjectIdentifier algOid) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException { byte[] data = "WallaWallaWashington".getBytes(); @@ -842,7 +1122,7 @@ public class NewEnvelopedDataTest assertEquals(algOid.getId(), recipient.getKeyEncryptionAlgOID()); - byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setProvider(BC)); + byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setKeySizeValidation(true).setProvider(BC)); assertTrue(Arrays.equals(data, recData)); } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java index 9d9e645..8a92cae 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java @@ -33,7 +33,6 @@ import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaCRLStore; import org.bouncycastle.cert.jcajce.JcaCertStore; -import org.bouncycastle.cert.jcajce.JcaX509AttributeCertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CRLHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.cert.ocsp.OCSPResp; @@ -957,7 +956,7 @@ public class NewSignedDataStreamTest gen.addCertificates(certs); - X509AttributeCertificateHolder attrCert = new JcaX509AttributeCertificateHolder(CMSTestUtil.getAttributeCertificate()); + X509AttributeCertificateHolder attrCert = CMSTestUtil.getAttributeCertificate(); Store store = new CollectionStore(Collections.singleton(attrCert)); @@ -1283,6 +1282,25 @@ public class NewSignedDataStreamTest assertEquals(new JcaX509CertificateHolder(_origCert), it.next()); } + public void testCertsOnly() + throws Exception + { + List certList = new ArrayList(); + certList.add(_origCert); + certList.add(_signCert); + + Store certs = new JcaCertStore(certList); + + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + + CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); + gen.addCertificates(certs); + + gen.open(bOut).close(); + + checkSigParseable(bOut.toByteArray()); + } + public static Test suite() throws Exception { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/NewSignedDataTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/NewSignedDataTest.java index 9317b18..7df2c13 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/NewSignedDataTest.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/NewSignedDataTest.java @@ -6,7 +6,6 @@ import java.security.KeyFactory; import java.security.KeyPair; import java.security.MessageDigest; import java.security.Security; -import java.security.cert.CertificateException; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.security.spec.PKCS8EncodedKeySpec; @@ -39,7 +38,6 @@ import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaCRLStore; import org.bouncycastle.cert.jcajce.JcaCertStore; -import org.bouncycastle.cert.jcajce.JcaX509AttributeCertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CRLHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.cert.ocsp.OCSPResp; @@ -57,6 +55,7 @@ import org.bouncycastle.cms.SignerInfoGeneratorBuilder; import org.bouncycastle.cms.SignerInformation; import org.bouncycastle.cms.SignerInformationStore; import org.bouncycastle.cms.SignerInformationVerifier; +import org.bouncycastle.cms.SignerInformationVerifierProvider; import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder; import org.bouncycastle.cms.jcajce.JcaSignerId; import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; @@ -64,7 +63,6 @@ import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder; import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.util.PrivateKeyFactory; -import org.bouncycastle.cms.SignerInformationVerifierProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; @@ -1663,7 +1661,7 @@ public class NewSignedDataTest gen.addCertificates(certs); - X509AttributeCertificateHolder attrCert = new JcaX509AttributeCertificateHolder(CMSTestUtil.getAttributeCertificate()); + X509AttributeCertificateHolder attrCert = CMSTestUtil.getAttributeCertificate(); List attrList = new ArrayList(); attrList.add(new X509AttributeCertificateHolder(attrCert.getEncoded())); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/NullProviderTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/NullProviderTest.java index 4cfc498..a97b21c 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/NullProviderTest.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/NullProviderTest.java @@ -12,11 +12,8 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; -import java.security.Provider; import java.security.PublicKey; import java.security.SecureRandom; -import java.security.cert.CertStore; -import java.security.cert.CollectionCertStoreParameters; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; @@ -29,23 +26,35 @@ import junit.framework.Test; import junit.framework.TestCase; import junit.framework.TestSuite; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.X509Name; +import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cms.CMSEnvelopedData; import org.bouncycastle.cms.CMSEnvelopedDataGenerator; -import org.bouncycastle.cms.CMSProcessable; import org.bouncycastle.cms.CMSProcessableByteArray; import org.bouncycastle.cms.CMSSignedData; import org.bouncycastle.cms.CMSSignedDataGenerator; import org.bouncycastle.cms.CMSSignedDataParser; import org.bouncycastle.cms.CMSSignedDataStreamGenerator; +import org.bouncycastle.cms.CMSTypedData; import org.bouncycastle.cms.CMSTypedStream; import org.bouncycastle.cms.RecipientInformation; import org.bouncycastle.cms.RecipientInformationStore; import org.bouncycastle.cms.SignerInformation; import org.bouncycastle.cms.SignerInformationStore; +import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; +import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; +import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; +import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; +import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; +import org.bouncycastle.operator.DigestCalculatorProvider; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; +import org.bouncycastle.util.CollectionStore; +import org.bouncycastle.util.Store; import org.bouncycastle.x509.X509V3CertificateGenerator; public class NullProviderTest @@ -75,27 +84,26 @@ public class NullProviderTest throws Exception { List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); + CMSTypedData msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); - certList.add(keyCert); + certList.add(new X509CertificateHolder(keyCert.getEncoded())); - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList)); + DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().build(); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - gen.addSigner(keyPair.getPrivate(), keyCert, CMSSignedDataGenerator.DIGEST_SHA1); + gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()), keyCert)); - gen.addCertificatesAndCRLs(certsAndCrls); + gen.addCertificates(new CollectionStore(certList)); - CMSSignedData s = gen.generate(msg, true, (Provider)null); + CMSSignedData s = gen.generate(msg, true); ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); ASN1InputStream aIn = new ASN1InputStream(bIn); s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - certsAndCrls = s.getCertificatesAndCRLs("Collection", (String)null); // make sure String works as well + Store certsAndCrls = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); @@ -103,13 +111,12 @@ public class NullProviderTest while (it.hasNext()) { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); + SignerInformation signer = (SignerInformation)it.next(); + Collection certCollection = certsAndCrls.getMatches(signer.getSID()); + Iterator certIt = certCollection.iterator(); + X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, (Provider)null)); + assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))); } } @@ -119,16 +126,15 @@ public class NullProviderTest List certList = new ArrayList(); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - certList.add(keyCert); + certList.add(new X509CertificateHolder(keyCert.getEncoded())); - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList)); + DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().build(); CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - gen.addSigner(keyPair.getPrivate(), keyCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, (String)null); + gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()), keyCert)); - gen.addCertificatesAndCRLs(certsAndCrls); + gen.addCertificates(new CollectionStore(certList)); OutputStream sigOut = gen.open(bOut); @@ -136,7 +142,7 @@ public class NullProviderTest sigOut.close(); - CMSSignedDataParser sp = new CMSSignedDataParser( + CMSSignedDataParser sp = new CMSSignedDataParser(digCalcProv, new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray()); sp.getSignedContent().drain(); @@ -147,7 +153,7 @@ public class NullProviderTest MessageDigest md = MessageDigest.getInstance("SHA1"); byte[] contentDigest = md.digest(TEST_MESSAGE.getBytes()); - CertStore certStore = sp.getCertificatesAndCRLs("Collection", (String)null); + Store certStore = sp.getCertificates(); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); @@ -156,12 +162,12 @@ public class NullProviderTest while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); + Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); + X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - assertEquals(true, signer.verify(cert, (Provider)null)); + assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert))); if (contentDigest != null) { @@ -201,15 +207,14 @@ public class NullProviderTest CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - edGen.addKeyTransRecipient(keyCert); + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyCert)); CMSEnvelopedData ed = edGen.generate( - new CMSProcessableByteArray(data), - algorithm, (String)null); + new CMSProcessableByteArray(data), + new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(algorithm)).build()); RecipientInformationStore recipients = ed.getRecipientInfos(); - assertEquals(ed.getEncryptionAlgOID(), algorithm); Collection c = recipients.getRecipients(); @@ -224,7 +229,7 @@ public class NullProviderTest assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - byte[] recData = recipient.getContent(keyPair.getPrivate(), (String)null); + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(keyPair.getPrivate())); assertEquals(true, Arrays.equals(data, recData)); } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/Rfc4134Test.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/Rfc4134Test.java index f36b7b7..2f59702 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/Rfc4134Test.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/Rfc4134Test.java @@ -10,7 +10,6 @@ import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Security; -import java.security.cert.CertStore; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.interfaces.DSAParams; @@ -33,6 +32,8 @@ import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSAttributes; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cms.CMSEnvelopedData; import org.bouncycastle.cms.CMSEnvelopedDataGenerator; import org.bouncycastle.cms.CMSEnvelopedDataParser; @@ -45,8 +46,14 @@ import org.bouncycastle.cms.RecipientInformation; import org.bouncycastle.cms.RecipientInformationStore; import org.bouncycastle.cms.SignerInformation; import org.bouncycastle.cms.SignerInformationStore; +import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder; import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; +import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.DigestCalculatorProvider; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; +import org.bouncycastle.util.Store; import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.io.Streams; @@ -60,6 +67,19 @@ public class Rfc4134Test private static byte[] sha1 = Hex.decode("406aec085279ba6e16022d9e0629c0229687dd48"); private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter(); + private static final DigestCalculatorProvider digCalcProv; + + static + { + try + { + digCalcProv = new JcaDigestCalculatorProviderBuilder().build(); + } + catch (OperatorCreationException e) + { + throw new IllegalStateException("can't create default provider!!!"); + } + } public Rfc4134Test(String name) { @@ -87,7 +107,7 @@ public class Rfc4134Test verifySignatures(signedData); - CMSSignedDataParser parser = new CMSSignedDataParser(data); + CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data); verifySignatures(parser); } @@ -100,7 +120,7 @@ public class Rfc4134Test verifySignatures(signedData); - CMSSignedDataParser parser = new CMSSignedDataParser(data); + CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data); verifySignatures(parser); } @@ -113,7 +133,7 @@ public class Rfc4134Test verifySignatures(signedData, sha1); - CMSSignedDataParser parser = new CMSSignedDataParser( + CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, new CMSTypedStream(new ByteArrayInputStream(exContent)), data); @@ -131,7 +151,7 @@ public class Rfc4134Test verifySignerInfo4_4(getFirstSignerInfo(signedData.getSignerInfos()), counterSigCert); - CMSSignedDataParser parser = new CMSSignedDataParser(data); + CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data); verifySignatures(parser); @@ -146,7 +166,7 @@ public class Rfc4134Test verifySignatures(signedData); - CMSSignedDataParser parser = new CMSSignedDataParser(data); + CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data); verifySignatures(parser); } @@ -159,7 +179,7 @@ public class Rfc4134Test verifySignatures(signedData); - CMSSignedDataParser parser = new CMSSignedDataParser(data); + CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data); verifySignatures(parser); } @@ -172,7 +192,7 @@ public class Rfc4134Test verifySignatures(signedData); - CMSSignedDataParser parser = new CMSSignedDataParser(data); + CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data); verifySignatures(parser); } @@ -260,7 +280,7 @@ public class Rfc4134Test { assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - byte[] recData = recipient.getContent(privKey, BC); + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privKey).setProvider(BC)); assertEquals(true, Arrays.equals(exContent, recData)); } @@ -286,7 +306,7 @@ public class Rfc4134Test CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); X509Certificate cert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(certificate)); - assertTrue(csi.verify(cert, BC)); + assertTrue(csi.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(cert))); } private void verifyContentHint(SignerInformation signInfo) @@ -308,7 +328,7 @@ public class Rfc4134Test private void verifySignatures(CMSSignedData s, byte[] contentDigest) throws Exception { - CertStore certStore = s.getCertificatesAndCRLs("Collection", BC); + Store certStore = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); @@ -317,10 +337,10 @@ public class Rfc4134Test while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); + Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); + X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); verifySigner(signer, cert); @@ -329,12 +349,6 @@ public class Rfc4134Test assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest())); } } - - Collection certColl = certStore.getCertificates(null); - Collection crlColl = certStore.getCRLs(null); - - assertEquals(certColl.size(), s.getCertificates("Collection", BC).getMatches(null).size()); - assertEquals(crlColl.size(), s.getCRLs("Collection", BC).getMatches(null).size()); } private void verifySignatures(CMSSignedData s) @@ -352,7 +366,7 @@ public class Rfc4134Test sc.drain(); } - CertStore certs = sp.getCertificatesAndCRLs("Collection", BC); + Store certs = sp.getCertificates(); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); @@ -361,34 +375,35 @@ public class Rfc4134Test while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); + Collection certCollection = certs.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); + X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); verifySigner(signer, cert); } } - private void verifySigner(SignerInformation signer, X509Certificate cert) + private void verifySigner(SignerInformation signer, X509CertificateHolder certHolder) throws Exception { + X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder); if (cert.getPublicKey() instanceof DSAPublicKey) { DSAPublicKey key = (DSAPublicKey)cert.getPublicKey(); if (key.getParams() == null) { - assertEquals(true, signer.verify(getInheritedKey(key), BC)); + assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(getInheritedKey(key)))); } else { - assertEquals(true, signer.verify(cert, BC)); + assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(cert))); } } else { - assertEquals(true, signer.verify(cert, BC)); + assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(cert))); } } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/SignedDataStreamTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/SignedDataStreamTest.java deleted file mode 100644 index 39b50da..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/SignedDataStreamTest.java +++ /dev/null @@ -1,1158 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.BufferedOutputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; -import java.security.InvalidKeyException; -import java.security.KeyPair; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertStore; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.cms.CMSAttributeTableGenerator; -import org.bouncycastle.cms.CMSProcessable; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.cms.CMSSignedDataGenerator; -import org.bouncycastle.cms.CMSSignedDataParser; -import org.bouncycastle.cms.CMSSignedDataStreamGenerator; -import org.bouncycastle.cms.CMSSignedGenerator; -import org.bouncycastle.cms.CMSTypedStream; -import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.cms.SignerInformationStore; -import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509Store; - -public class SignedDataStreamTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - private static final String TEST_MESSAGE = "Hello World!"; - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _reciDN; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static KeyPair _origDsaKP; - private static X509Certificate _origDsaCert; - - private static X509CRL _signCrl; - private static X509CRL _origCrl; - - private static boolean _initialised = false; - - private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter(); - - public SignedDataStreamTest(String name) - { - super(name); - } - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - _signDN = "O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN); - - _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN); - - _origDsaKP = CMSTestUtil.makeDsaKeyPair(); - _origDsaCert = CMSTestUtil.makeCertificate(_origDsaKP, _origDN, _signKP, _signDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _signCrl = CMSTestUtil.makeCrl(_signKP); - _origCrl = CMSTestUtil.makeCrl(_origKP); - } - } - - private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest) - throws Exception - { - CertStore certStore = sp.getCertificatesAndCRLs("Collection", BC); - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - - if (contentDigest != null) - { - assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest())); - } - } - - Collection certColl = certStore.getCertificates(null); - Collection crlColl = certStore.getCRLs(null); - - assertEquals(certColl.size(), sp.getCertificates("Collection", BC).getMatches(null).size()); - assertEquals(crlColl.size(), sp.getCRLs("Collection", BC).getMatches(null).size()); - } - - private void verifySignatures(CMSSignedDataParser sp) - throws Exception - { - verifySignatures(sp, null); - } - - private void verifyEncodedData(ByteArrayOutputStream bOut) - throws Exception - { - CMSSignedDataParser sp; - sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - sp.close(); - } - - private void checkSigParseable(byte[] sig) - throws Exception - { - CMSSignedDataParser sp = new CMSSignedDataParser(sig); - sp.getVersion(); - CMSTypedStream sc = sp.getSignedContent(); - if (sc != null) - { - sc.drain(); - } - sp.getCertificatesAndCRLs("Collection", BC); - sp.getSignerInfos(); - sp.close(); - } - - public void testEarlyInvalidKeyException() throws Exception - { - try - { - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - gen.addSigner( _origKP.getPrivate(), _origCert, - "DSA", // DOESN'T MATCH KEY ALG - CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - fail("Expected InvalidKeyException in addSigner"); - } - catch (InvalidKeyException e) - { - // Ignore - } - } - - public void testEarlyNoSuchAlgorithmException() throws Exception - { - try - { - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - gen.addSigner( _origKP.getPrivate(), _origCert, - CMSSignedDataStreamGenerator.DIGEST_SHA1, // BAD OID! - CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - fail("Expected NoSuchAlgorithmException in addSigner"); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - - public void testSha1EncapsulatedSignature() - throws Exception - { - byte[] encapSigData = Base64.decode( - "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH" - + "AaCAJIAEDEhlbGxvIFdvcmxkIQAAAAAAAKCCBGIwggINMIIBdqADAgECAgEF" - + "MA0GCSqGSIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJ" - + "BgNVBAYTAkFVMB4XDTA1MDgwNzA2MjU1OVoXDTA1MTExNTA2MjU1OVowJTEW" - + "MBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZI" - + "hvcNAQEBBQADgY0AMIGJAoGBAI1fZGgH9wgC3QiK6yluH6DlLDkXkxYYL+Qf" - + "nVRszJVYl0LIxZdpb7WEbVpO8fwtEgFtoDsOdxyqh3dTBv+L7NVD/v46kdPt" - + "xVkSNHRbutJVY8Xn4/TC/CDngqtbpbniMO8n0GiB6vs94gBT20M34j96O2IF" - + "73feNHP+x8PkJ+dNAgMBAAGjTTBLMB0GA1UdDgQWBBQ3XUfEE6+D+t+LIJgK" - + "ESSUE58eyzAfBgNVHSMEGDAWgBQ3XUfEE6+D+t+LIJgKESSUE58eyzAJBgNV" - + "HRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFK3r1stYOeXYJOlOyNGDTWEhZ+a" - + "OYdFeFaS6c+InjotHuFLAy+QsS8PslE48zYNFEqYygGfLhZDLlSnJ/LAUTqF" - + "01vlp+Bgn/JYiJazwi5WiiOTf7Th6eNjHFKXS3hfSGPNPIOjvicAp3ce3ehs" - + "uK0MxgLAaxievzhFfJcGSUMDMIICTTCCAbagAwIBAgIBBzANBgkqhkiG9w0B" - + "AQQFADAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTAe" - + "Fw0wNTA4MDcwNjI1NTlaFw0wNTExMTUwNjI1NTlaMGUxGDAWBgNVBAMTD0Vy" - + "aWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0" - + "bGUub3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTCB" - + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgHCJyfwV6/V3kqSu2SOU2E/K" - + "I+N0XohCMUaxPLLNtNBZ3ijxwaV6JGFz7siTgZD/OGfzir/eZimkt+L1iXQn" - + "OAB+ZChivKvHtX+dFFC7Vq+E4Uy0Ftqc/wrGxE6DHb5BR0hprKH8wlDS8wSP" - + "zxovgk4nH0ffUZOoDSuUgjh3gG8CAwEAAaNNMEswHQYDVR0OBBYEFLfY/4EG" - + "mYrvJa7Cky+K9BJ7YmERMB8GA1UdIwQYMBaAFDddR8QTr4P634sgmAoRJJQT" - + "nx7LMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEEBQADgYEADIOmpMd6UHdMjkyc" - + "mIE1yiwfClCsGhCK9FigTg6U1G2FmkBwJIMWBlkeH15uvepsAncsgK+Cn3Zr" - + "dZMb022mwtTJDtcaOM+SNeuCnjdowZ4i71Hf68siPm6sMlZkhz49rA0Yidoo" - + "WuzYOO+dggzwDsMldSsvsDo/ARyCGOulDOAxggEvMIIBKwIBATAqMCUxFjAU" - + "BgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYTAkFVAgEHMAkGBSsOAwIa" - + "BQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP" - + "Fw0wNTA4MDcwNjI1NTlaMCMGCSqGSIb3DQEJBDEWBBQu973mCM5UBOl9XwQv" - + "lfifHCMocTANBgkqhkiG9w0BAQEFAASBgGxnBl2qozYKLgZ0ygqSFgWcRGl1" - + "LgNuE587LtO+EKkgoc3aFqEdjXlAyP8K7naRsvWnFrsB6pUpnrgI9Z8ZSKv8" - + "98IlpsSSJ0jBlEb4gzzavwcBpYbr2ryOtDcF+kYmKIpScglyyoLzm+KPXOoT" - + "n7MsJMoKN3Kd2Vzh6s10PFgeAAAAAAAA"); - - CMSSignedDataParser sp = new CMSSignedDataParser(encapSigData); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testSHA1WithRSANoAttributes() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - CMSSignedDataParser sp = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testDSANoAttributes() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); - - certList.add(_origDsaCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origDsaKP.getPrivate(), _origDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - CMSSignedDataParser sp = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testSHA1WithRSA() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - certList.add(_signCrl); - certList.add(_origCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certsAndCrls); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedDataParser sp = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC)); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - verifyEncodedData(bOut); - - // - // look for the CRLs - // - Collection col = certsAndCrls.getCRLs(null); - - assertEquals(2, col.size()); - assertTrue(col.contains(_signCrl)); - assertTrue(col.contains(_origCrl)); - } - - public void testSHA1WithRSANonData() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - certList.add(_signCrl); - certList.add(_origCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certsAndCrls); - - OutputStream sigOut = gen.open(bOut, "1.2.3.4", true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - CMSTypedStream stream = sp.getSignedContent(); - - assertEquals(new ASN1ObjectIdentifier("1.2.3.4"), stream.getContentType()); - - stream.drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testSHA1AndMD5WithRSA() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_MD5, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedDataParser sp = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testSHA1WithRSAEncapsulatedBufferedStream() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // find unbuffered length - // - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - int unbufferedLength = bOut.toByteArray().length; - - // - // find buffered length with buffered stream - should be equal - // - bOut = new ByteArrayOutputStream(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - sigOut = gen.open(bOut, true); - - BufferedOutputStream bfOut = new BufferedOutputStream(sigOut, 300); - - for (int i = 0; i != 2000; i++) - { - bfOut.write(i & 0xff); - } - - bfOut.close(); - - verifyEncodedData(bOut); - - assertTrue(bOut.toByteArray().length == unbufferedLength); - } - - public void testSHA1WithRSAEncapsulatedBuffered() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // find unbuffered length - // - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - int unbufferedLength = bOut.toByteArray().length; - - // - // find buffered length - buffer size less than default - // - bOut = new ByteArrayOutputStream(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.setBufferSize(300); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - verifyEncodedData(bOut); - - assertTrue(bOut.toByteArray().length > unbufferedLength); - } - - public void testSHA1WithRSAEncapsulated() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSSignedGenerator.DIGEST_SHA1); - - AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes(); - Attribute hash = table.get(CMSAttributes.messageDigest); - - assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC)); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray()); - - assertEquals(1, sd.getSignerInfos().getSigners().size()); - - verifyEncodedData(bOut); - } - - public void testSHA1WithRSAEncapsulatedSubjectKeyID() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), CMSTestUtil.createSubjectKeyId(_origCert.getPublicKey()).getKeyIdentifier(), CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSSignedGenerator.DIGEST_SHA1); - - AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes(); - Attribute hash = table.get(CMSAttributes.messageDigest); - - assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC)); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray()); - - assertEquals(1, sd.getSignerInfos().getSigners().size()); - - verifyEncodedData(bOut); - } - - public void testAttributeGenerators() - throws Exception - { - final ASN1ObjectIdentifier dummyOid1 = new ASN1ObjectIdentifier("1.2.3"); - final ASN1ObjectIdentifier dummyOid2 = new ASN1ObjectIdentifier("1.2.3.4"); - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - CMSAttributeTableGenerator signedGen = new DefaultSignedAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - { - Hashtable table = createStandardAttributeTable(parameters); - - DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.DIGEST)); - Attribute attr = new Attribute(dummyOid1, new DERSet(val)); - - table.put(attr.getAttrType(), attr); - - return new AttributeTable(table); - } - }; - - CMSAttributeTableGenerator unsignedGen = new CMSAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - { - DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.SIGNATURE)); - Attribute attr = new Attribute(dummyOid2, new DERSet(val)); - - return new AttributeTable(new DERSet(attr)); - } - }; - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, signedGen, unsignedGen, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - // - // check attributes - // - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - checkAttribute(signer.getContentDigest(), signer.getSignedAttributes().get(dummyOid1)); - checkAttribute(signer.getSignature(), signer.getUnsignedAttributes().get(dummyOid2)); - } - } - - private void checkAttribute(byte[] expected, Attribute attr) - { - DEROctetString value = (DEROctetString)attr.getAttrValues().getObjectAt(0); - - assertEquals(new DEROctetString(expected), value); - } - - public void testWithAttributeCertificate() - throws Exception - { - List certList = new ArrayList(); - - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - X509AttributeCertificate attrCert = CMSTestUtil.getAttributeCertificate(); - - X509Store store = X509Store.getInstance("AttributeCertificate/Collection", - new X509CollectionStoreParameters(Collections.singleton(attrCert)), BC); - - gen.addAttributeCertificates(store); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - assertEquals(4, sp.getVersion()); - - store = sp.getAttributeCertificates("Collection", BC); - - Collection coll = store.getMatches(null); - - assertEquals(1, coll.size()); - - assertTrue(coll.contains(attrCert)); - } - - public void testSignerStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - byte[] data = TEST_MESSAGE.getBytes(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, false); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - // - // create new Signer - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - - bOut.reset(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA224, BC); - - gen.addCertificatesAndCRLs(certs); - - sigOut = gen.open(bOut); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedData sd = new CMSSignedData(bOut.toByteArray()); - - // - // replace signer - // - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut); - - sd = new CMSSignedData(new CMSProcessableByteArray(data), newOut.toByteArray()); - SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next(); - - assertEquals(signer.getDigestAlgOID(), CMSSignedDataStreamGenerator.DIGEST_SHA224); - - CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testEncapsulatedSignerStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - // - // create new Signer - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - - bOut.reset(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA224, BC); - - gen.addCertificatesAndCRLs(certs); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(bOut.toByteArray()); - - // - // replace signer - // - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut); - - sd = new CMSSignedData(newOut.toByteArray()); - SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next(); - - assertEquals(signer.getDigestAlgOID(), CMSSignedDataStreamGenerator.DIGEST_SHA224); - - CMSSignedDataParser sp = new CMSSignedDataParser(newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - byte[] data = TEST_MESSAGE.getBytes(); - - certList.add(_origDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - // - // create new certstore with the right certificates - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // replace certs - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, newOut); - - CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testEncapsulatedCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - // - // create new certstore with the right certificates - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // replace certs - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, newOut); - - CMSSignedDataParser sp = new CMSSignedDataParser(newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testCertOrdering1() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - certs = sp.getCertificatesAndCRLs("Collection", BC); - Iterator it = certs.getCertificates(null).iterator(); - - assertEquals(_origCert, it.next()); - assertEquals(_signCert, it.next()); - } - - public void testCertOrdering2() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_signCert); - certList.add(_origCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - certs = sp.getCertificatesAndCRLs("Collection", BC); - Iterator it = certs.getCertificates(null).iterator(); - - assertEquals(_signCert, it.next()); - assertEquals(_origCert, it.next()); - } - - public static Test suite() - throws Exception - { - init(); - - return new CMSTestSetup(new TestSuite(SignedDataStreamTest.class)); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/SignedDataTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/SignedDataTest.java deleted file mode 100644 index 160669b..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/SignedDataTest.java +++ /dev/null @@ -1,1573 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertStore; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.cms.CMSConfig; -import org.bouncycastle.cms.CMSProcessable; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.cms.CMSSignedDataGenerator; -import org.bouncycastle.cms.CMSSignedDataParser; -import org.bouncycastle.cms.SignerId; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.cms.SignerInformationStore; -import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.io.Streams; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509Store; - -public class SignedDataTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - boolean DEBUG = true; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static KeyPair _signGostKP; - private static X509Certificate _signGostCert; - - private static KeyPair _signEcDsaKP; - private static X509Certificate _signEcDsaCert; - - private static KeyPair _signEcGostKP; - private static X509Certificate _signEcGostCert; - - private static KeyPair _signDsaKP; - private static X509Certificate _signDsaCert; - - private static String _reciDN; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static X509CRL _signCrl; - - private static boolean _initialised = false; - - private byte[] disorderedMessage = Base64.decode( - "SU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBnZXRob3N0aWQAX19n" - + "bW9uX3M="); - - private byte[] disorderedSet = Base64.decode( - "MIIYXQYJKoZIhvcNAQcCoIIYTjCCGEoCAQExCzAJBgUrDgMCGgUAMAsGCSqG" - + "SIb3DQEHAaCCFqswggJUMIIBwKADAgECAgMMg6wwCgYGKyQDAwECBQAwbzEL" - + "MAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbI" - + "dXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwEx" - + "MBEGA1UEAxQKNFItQ0EgMTpQTjAiGA8yMDAwMDMyMjA5NDM1MFoYDzIwMDQw" - + "MTIxMTYwNDUzWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1" - + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh" - + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3" - + "DQEBAQUAA4GPADCBiwKBgQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0I" - + "fe3QMqeGMoCUnyJxwW0k2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg" - + "19e9JPv061wyADOucOIaNAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKaj" - + "LMAw0bu1J0FadQIFAMAAAAEwCgYGKyQDAwECBQADgYEAgFauXpoTLh3Z3pT/" - + "3bhgrxO/2gKGZopWGSWSJPNwq/U3x2EuctOJurj+y2inTcJjespThflpN+7Q" - + "nvsUhXU+jL2MtPlObU0GmLvWbi47cBShJ7KElcZAaxgWMBzdRGqTOdtMv+ev" - + "2t4igGF/q71xf6J2c3pTLWr6P8s6tzLfOCMwggJDMIIBr6ADAgECAgQAuzyu" - + "MAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGll" - + "cnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0" - + "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4wIhgPMjAwMTA4" - + "MjAwODA4MjBaGA8yMDA1MDgyMDA4MDgyMFowSzELMAkGA1UEBhMCREUxEjAQ" - + "BgNVBAoUCVNpZ250cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBT" - + "SUdOVFJVU1QgMTpQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhV12" - + "N2WhlR6f+3CXP57GrBM9la5Vnsu2b92zv5MZqQOPeEsYbZqDCFkYg1bSwsDE" - + "XsGVQqXdQNAGUaapr/EUVVN+hNZ07GcmC1sPeQECgUkxDYjGi4ihbvzxlahj" - + "L4nX+UTzJVBfJwXoIvJ+lMHOSpnOLIuEL3SRhBItvRECxN0CAwEAAaMSMBAw" - + "DgYDVR0PAQH/BAQDAgEGMAoGBiskAwMBAgUAA4GBACDc9Pc6X8sK1cerphiV" - + "LfFv4kpZb9ev4WPy/C6987Qw1SOTElhZAmxaJQBqmDHWlQ63wj1DEqswk7hG" - + "LrvQk/iX6KXIn8e64uit7kx6DHGRKNvNGofPjr1WelGeGW/T2ZJKgmPDjCkf" - + "sIKt2c3gwa2pDn4mmCz/DStUIqcPDbqLMIICVTCCAcGgAwIBAgIEAJ16STAK" - + "BgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1" - + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh" - + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMCIYDzIwMDEwMjAx" - + "MTM0NDI1WhgPMjAwNTAzMjIwODU1NTFaMG8xCzAJBgNVBAYTAkRFMT0wOwYD" - + "VQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0" - + "aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6" - + "UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvthihnl" - + "tsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wdbPvg" - + "JyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCAOXFw" - + "VWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIFAAOB" - + "gQBpSRdnDb6AcNVaXSmGo6+kVPIBhot1LzJOGaPyDNpGXxd7LV4tMBF1U7gr" - + "4k1g9BO6YiMWvw9uiTZmn0CfV8+k4fWEuG/nmafRoGIuay2f+ILuT+C0rnp1" - + "4FgMsEhuVNJJAmb12QV0PZII+UneyhAneZuQQzVUkTcVgYxogxdSOzCCAlUw" - + "ggHBoAMCAQICBACdekowCgYGKyQDAwECBQAwbzELMAkGA1UEBhMCREUxPTA7" - + "BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlr" - + "YXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg" - + "MTpQTjAiGA8yMDAxMDIwMTEzNDcwN1oYDzIwMDUwMzIyMDg1NTUxWjBvMQsw" - + "CQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1" - + "ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEw" - + "EQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKB" - + "gQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0Ife3QMqeGMoCUnyJxwW0k" - + "2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg19e9JPv061wyADOucOIa" - + "NAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKajLMAw0bu1J0FadQIFAMAA" - + "AAEwCgYGKyQDAwECBQADgYEAV1yTi+2gyB7sUhn4PXmi/tmBxAfe5oBjDW8m" - + "gxtfudxKGZ6l/FUPNcrSc5oqBYxKWtLmf3XX87LcblYsch617jtNTkMzhx9e" - + "qxiD02ufcrxz2EVt0Akdqiz8mdVeqp3oLcNU/IttpSrcA91CAnoUXtDZYwb/" - + "gdQ4FI9l3+qo/0UwggJVMIIBwaADAgECAgQAxIymMAoGBiskAwMBAgUAMG8x" - + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm" - + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB" - + "MTARBgNVBAMUCjZSLUNhIDE6UE4wIhgPMjAwMTEwMTUxMzMxNThaGA8yMDA1" - + "MDYwMTA5NTIxN1owbzELMAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVy" - + "dW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3Qx" - + "ITAMBgcCggYBCgcUEwExMBEGA1UEAxQKN1ItQ0EgMTpQTjCBoTANBgkqhkiG" - + "9w0BAQEFAAOBjwAwgYsCgYEAiokD/j6lEP4FexF356OpU5teUpGGfUKjIrFX" - + "BHc79G0TUzgVxqMoN1PWnWktQvKo8ETaugxLkP9/zfX3aAQzDW4Zki6x6GDq" - + "fy09Agk+RJvhfbbIzRkV4sBBco0n73x7TfG/9NTgVr/96U+I+z/1j30aboM6" - + "9OkLEhjxAr0/GbsCBQDAAAABMAoGBiskAwMBAgUAA4GBAHWRqRixt+EuqHhR" - + "K1kIxKGZL2vZuakYV0R24Gv/0ZR52FE4ECr+I49o8FP1qiGSwnXB0SwjuH2S" - + "iGiSJi+iH/MeY85IHwW1P5e+bOMvEOFhZhQXQixOD7totIoFtdyaj1XGYRef" - + "0f2cPOjNJorXHGV8wuBk+/j++sxbd/Net3FtMIICVTCCAcGgAwIBAgIEAMSM" - + "pzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp" - + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z" - + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBOMCIYDzIwMDEx" - + "MDE1MTMzNDE0WhgPMjAwNTA2MDEwOTUyMTdaMG8xCzAJBgNVBAYTAkRFMT0w" - + "OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5p" - + "a2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNh" - + "IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvth" - + "ihnltsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wd" - + "bPvgJyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCA" - + "OXFwVWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIF" - + "AAOBgQBi5W96UVDoNIRkCncqr1LLG9vF9SGBIkvFpLDIIbcvp+CXhlvsdCJl" - + "0pt2QEPSDl4cmpOet+CxJTdTuMeBNXxhb7Dvualog69w/+K2JbPhZYxuVFZs" - + "Zh5BkPn2FnbNu3YbJhE60aIkikr72J4XZsI5DxpZCGh6xyV/YPRdKSljFjCC" - + "AlQwggHAoAMCAQICAwyDqzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9" - + "MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVu" - + "aWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1D" - + "QSAxOlBOMCIYDzIwMDAwMzIyMDk0MTI3WhgPMjAwNDAxMjExNjA0NTNaMG8x" - + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm" - + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB" - + "MTARBgNVBAMUCjRSLUNBIDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGL" - + "AoGBAI8x26tmrFJanlm100B7KGlRemCD1R93PwdnG7svRyf5ZxOsdGrDszNg" - + "xg6ouO8ZHQMT3NC2dH8TvO65Js+8bIyTm51azF6clEg0qeWNMKiiXbBXa+ph" - + "hTkGbXiLYvACZ6/MTJMJ1lcrjpRF7BXtYeYMcEF6znD4pxOqrtbf9z5hAgUA" - + "wAAAATAKBgYrJAMDAQIFAAOBgQB99BjSKlGPbMLQAgXlvA9jUsDNhpnVm3a1" - + "YkfxSqS/dbQlYkbOKvCxkPGA9NBxisBM8l1zFynVjJoy++aysRmcnLY/sHaz" - + "23BF2iU7WERy18H3lMBfYB6sXkfYiZtvQZcWaO48m73ZBySuiV3iXpb2wgs/" - + "Cs20iqroAWxwq/W/9jCCAlMwggG/oAMCAQICBDsFZ9UwCgYGKyQDAwECBQAw" - + "bzELMAkGA1UEBhMCREUxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNFItQ0Eg" - + "MTpQTjE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxl" - + "a29tbXVuaWthdGlvbiB1bmQgUG9zdDAiGA8xOTk5MDEyMTE3MzUzNFoYDzIw" - + "MDQwMTIxMTYwMDAyWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp" - + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z" - + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAozUi1DQSAxOlBOMIGfMA0GCSqG" - + "SIb3DQEBAQUAA4GNADCBiQKBgI4B557mbKQg/AqWBXNJhaT/6lwV93HUl4U8" - + "u35udLq2+u9phns1WZkdM3gDfEpL002PeLfHr1ID/96dDYf04lAXQfombils" - + "of1C1k32xOvxjlcrDOuPEMxz9/HDAQZA5MjmmYHAIulGI8Qg4Tc7ERRtg/hd" - + "0QX0/zoOeXoDSEOBAgTAAAABMAoGBiskAwMBAgUAA4GBAIyzwfT3keHI/n2P" - + "LrarRJv96mCohmDZNpUQdZTVjGu5VQjVJwk3hpagU0o/t/FkdzAjOdfEw8Ql" - + "3WXhfIbNLv1YafMm2eWSdeYbLcbB5yJ1od+SYyf9+tm7cwfDAcr22jNRBqx8" - + "wkWKtKDjWKkevaSdy99sAI8jebHtWz7jzydKMIID9TCCA16gAwIBAgICbMcw" - + "DQYJKoZIhvcNAQEFBQAwSzELMAkGA1UEBhMCREUxEjAQBgNVBAoUCVNpZ250" - + "cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBTSUdOVFJVU1QgMTpQ" - + "TjAeFw0wNDA3MzAxMzAyNDZaFw0wNzA3MzAxMzAyNDZaMDwxETAPBgNVBAMM" - + "CFlhY29tOlBOMQ4wDAYDVQRBDAVZYWNvbTELMAkGA1UEBhMCREUxCjAIBgNV" - + "BAUTATEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIWzLlYLQApocXIp" - + "pgCCpkkOUVLgcLYKeOd6/bXAnI2dTHQqT2bv7qzfUnYvOqiNgYdF13pOYtKg" - + "XwXMTNFL4ZOI6GoBdNs9TQiZ7KEWnqnr2945HYx7UpgTBclbOK/wGHuCdcwO" - + "x7juZs1ZQPFG0Lv8RoiV9s6HP7POqh1sO0P/AgMBAAGjggH1MIIB8TCBnAYD" - + "VR0jBIGUMIGRgBQcZzNghfnXoXRm8h1+VITC5caNRqFzpHEwbzELMAkGA1UE" - + "BhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVs" - + "ZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UE" - + "AxQKNVItQ0EgMTpQToIEALs8rjAdBgNVHQ4EFgQU2e5KAzkVuKaM9I5heXkz" - + "bcAIuR8wDgYDVR0PAQH/BAQDAgZAMBIGA1UdIAQLMAkwBwYFKyQIAQEwfwYD" - + "VR0fBHgwdjB0oCygKoYobGRhcDovL2Rpci5zaWdudHJ1c3QuZGUvbz1TaWdu" - + "dHJ1c3QsYz1kZaJEpEIwQDEdMBsGA1UEAxMUQ1JMU2lnblNpZ250cnVzdDE6" - + "UE4xEjAQBgNVBAoTCVNpZ250cnVzdDELMAkGA1UEBhMCREUwYgYIKwYBBQUH" - + "AQEEVjBUMFIGCCsGAQUFBzABhkZodHRwOi8vZGlyLnNpZ250cnVzdC5kZS9T" - + "aWdudHJ1c3QvT0NTUC9zZXJ2bGV0L2h0dHBHYXRld2F5LlBvc3RIYW5kbGVy" - + "MBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwDgYHAoIGAQoMAAQDAQH/MA0G" - + "CSqGSIb3DQEBBQUAA4GBAHn1m3GcoyD5GBkKUY/OdtD6Sj38LYqYCF+qDbJR" - + "6pqUBjY2wsvXepUppEler+stH8mwpDDSJXrJyuzf7xroDs4dkLl+Rs2x+2tg" - + "BjU+ABkBDMsym2WpwgA8LCdymmXmjdv9tULxY+ec2pjSEzql6nEZNEfrU8nt" - + "ZCSCavgqW4TtMYIBejCCAXYCAQEwUTBLMQswCQYDVQQGEwJERTESMBAGA1UE" - + "ChQJU2lnbnRydXN0MSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEUNBIFNJR05U" - + "UlVTVCAxOlBOAgJsxzAJBgUrDgMCGgUAoIGAMBgGCSqGSIb3DQEJAzELBgkq" - + "hkiG9w0BBwEwIwYJKoZIhvcNAQkEMRYEFIYfhPoyfGzkLWWSSLjaHb4HQmaK" - + "MBwGCSqGSIb3DQEJBTEPFw0wNTAzMjQwNzM4MzVaMCEGBSskCAYFMRgWFi92" - + "YXIvZmlsZXMvdG1wXzEvdGVzdDEwDQYJKoZIhvcNAQEFBQAEgYA2IvA8lhVz" - + "VD5e/itUxbFboKxeKnqJ5n/KuO/uBCl1N14+7Z2vtw1sfkIG+bJdp3OY2Cmn" - + "mrQcwsN99Vjal4cXVj8t+DJzFG9tK9dSLvD3q9zT/GQ0kJXfimLVwCa4NaSf" - + "Qsu4xtG0Rav6bCcnzabAkKuNNvKtH8amSRzk870DBg=="); - - public static byte[] xtraCounterSig = Base64.decode( - "MIIR/AYJKoZIhvcNAQcCoIIR7TCCEekCAQExCzAJBgUrDgMCGgUAMBoGCSqG" - + "SIb3DQEHAaANBAtIZWxsbyB3b3JsZKCCDnkwggTPMIIDt6ADAgECAgRDnYD3" - + "MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5U" - + "ZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmlj" - + "YXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxMjExNDMxMloXDTEwMDkxMjExNDMx" - + "MlowgdgxCzAJBgNVBAYTAklUMSIwIAYDVQQKDBlJbnRlc2EgUy5wLkEuLzA1" - + "MjYyODkwMDE0MSowKAYDVQQLDCFCdXNpbmVzcyBDb2xsYWJvcmF0aW9uICYg" - + "U2VjdXJpdHkxHjAcBgNVBAMMFU1BU1NJTUlMSUFOTyBaSUNDQVJESTERMA8G" - + "A1UEBAwIWklDQ0FSREkxFTATBgNVBCoMDE1BU1NJTUlMSUFOTzEcMBoGA1UE" - + "BRMTSVQ6WkNDTVNNNzZIMTRMMjE5WTERMA8GA1UELhMIMDAwMDI1ODUwgaAw" - + "DQYJKoZIhvcNAQEBBQADgY4AMIGKAoGBALeJTjmyFgx1SIP6c2AuB/kuyHo5" - + "j/prKELTALsFDimre/Hxr3wOSet1TdQfFzU8Lu+EJqgfV9cV+cI1yeH1rZs7" - + "lei7L3tX/VR565IywnguX5xwvteASgWZr537Fkws50bvTEMyYOj1Tf3FZvZU" - + "z4n4OD39KI4mfR9i1eEVIxR3AgQAizpNo4IBoTCCAZ0wHQYDVR0RBBYwFIES" - + "emljY2FyZGlAaW50ZXNhLml0MC8GCCsGAQUFBwEDBCMwITAIBgYEAI5GAQEw" - + "CwYGBACORgEDAgEUMAgGBgQAjkYBBDBZBgNVHSAEUjBQME4GBgQAizABATBE" - + "MEIGCCsGAQUFBwIBFjZodHRwOi8vZS10cnVzdGNvbS5pbnRlc2EuaXQvY2Ff" - + "cHViYmxpY2EvQ1BTX0lOVEVTQS5odG0wDgYDVR0PAQH/BAQDAgZAMIGDBgNV" - + "HSMEfDB6gBQZCQOW0bjFWBt+EORuxPagEgkQqKFcpFowWDELMAkGA1UEBhMC" - + "SVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJbi5U" - + "ZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCBDzRARMwOwYDVR0f" - + "BDQwMjAwoC6gLIYqaHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L0NSTC9J" - + "TlRFU0EuY3JsMB0GA1UdDgQWBBTf5ItL8KmQh541Dxt7YxcWI1254TANBgkq" - + "hkiG9w0BAQUFAAOCAQEAgW+uL1CVWQepbC/wfCmR6PN37Sueb4xiKQj2mTD5" - + "UZ5KQjpivy/Hbuf0NrfKNiDEhAvoHSPC31ebGiKuTMFNyZPHfPEUnyYGSxea" - + "2w837aXJFr6utPNQGBRi89kH90sZDlXtOSrZI+AzJJn5QK3F9gjcayU2NZXQ" - + "MJgRwYmFyn2w4jtox+CwXPQ9E5XgxiMZ4WDL03cWVXDLX00EOJwnDDMUNTRI" - + "m9Zv+4SKTNlfFbi9UTBqWBySkDzAelsfB2U61oqc2h1xKmCtkGMmN9iZT+Qz" - + "ZC/vaaT+hLEBFGAH2gwFrYc4/jTBKyBYeU1vsAxsibIoTs1Apgl6MH75qPDL" - + "BzCCBM8wggO3oAMCAQICBEOdgPcwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE" - + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ" - + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwOTEy" - + "MTE0MzEyWhcNMTAwOTEyMTE0MzEyWjCB2DELMAkGA1UEBhMCSVQxIjAgBgNV" - + "BAoMGUludGVzYSBTLnAuQS4vMDUyNjI4OTAwMTQxKjAoBgNVBAsMIUJ1c2lu" - + "ZXNzIENvbGxhYm9yYXRpb24gJiBTZWN1cml0eTEeMBwGA1UEAwwVTUFTU0lN" - + "SUxJQU5PIFpJQ0NBUkRJMREwDwYDVQQEDAhaSUNDQVJESTEVMBMGA1UEKgwM" - + "TUFTU0lNSUxJQU5PMRwwGgYDVQQFExNJVDpaQ0NNU003NkgxNEwyMTlZMREw" - + "DwYDVQQuEwgwMDAwMjU4NTCBoDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEA" - + "t4lOObIWDHVIg/pzYC4H+S7IejmP+msoQtMAuwUOKat78fGvfA5J63VN1B8X" - + "NTwu74QmqB9X1xX5wjXJ4fWtmzuV6Lsve1f9VHnrkjLCeC5fnHC+14BKBZmv" - + "nfsWTCznRu9MQzJg6PVN/cVm9lTPifg4Pf0ojiZ9H2LV4RUjFHcCBACLOk2j" - + "ggGhMIIBnTAdBgNVHREEFjAUgRJ6aWNjYXJkaUBpbnRlc2EuaXQwLwYIKwYB" - + "BQUHAQMEIzAhMAgGBgQAjkYBATALBgYEAI5GAQMCARQwCAYGBACORgEEMFkG" - + "A1UdIARSMFAwTgYGBACLMAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9lLXRy" - + "dXN0Y29tLmludGVzYS5pdC9jYV9wdWJibGljYS9DUFNfSU5URVNBLmh0bTAO" - + "BgNVHQ8BAf8EBAMCBkAwgYMGA1UdIwR8MHqAFBkJA5bRuMVYG34Q5G7E9qAS" - + "CRCooVykWjBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5BLiBT" - + "LnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9uIEF1" - + "dGhvcml0eYIEPNEBEzA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vZS10cnVz" - + "dGNvbS5pbnRlc2EuaXQvQ1JML0lOVEVTQS5jcmwwHQYDVR0OBBYEFN/ki0vw" - + "qZCHnjUPG3tjFxYjXbnhMA0GCSqGSIb3DQEBBQUAA4IBAQCBb64vUJVZB6ls" - + "L/B8KZHo83ftK55vjGIpCPaZMPlRnkpCOmK/L8du5/Q2t8o2IMSEC+gdI8Lf" - + "V5saIq5MwU3Jk8d88RSfJgZLF5rbDzftpckWvq6081AYFGLz2Qf3SxkOVe05" - + "Ktkj4DMkmflArcX2CNxrJTY1ldAwmBHBiYXKfbDiO2jH4LBc9D0TleDGIxnh" - + "YMvTdxZVcMtfTQQ4nCcMMxQ1NEib1m/7hIpM2V8VuL1RMGpYHJKQPMB6Wx8H" - + "ZTrWipzaHXEqYK2QYyY32JlP5DNkL+9ppP6EsQEUYAfaDAWthzj+NMErIFh5" - + "TW+wDGyJsihOzUCmCXowfvmo8MsHMIIEzzCCA7egAwIBAgIEQ52A9zANBgkq" - + "hkiG9w0BAQUFADBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5B" - + "LiBTLnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9u" - + "IEF1dGhvcml0eTAeFw0wODA5MTIxMTQzMTJaFw0xMDA5MTIxMTQzMTJaMIHY" - + "MQswCQYDVQQGEwJJVDEiMCAGA1UECgwZSW50ZXNhIFMucC5BLi8wNTI2Mjg5" - + "MDAxNDEqMCgGA1UECwwhQnVzaW5lc3MgQ29sbGFib3JhdGlvbiAmIFNlY3Vy" - + "aXR5MR4wHAYDVQQDDBVNQVNTSU1JTElBTk8gWklDQ0FSREkxETAPBgNVBAQM" - + "CFpJQ0NBUkRJMRUwEwYDVQQqDAxNQVNTSU1JTElBTk8xHDAaBgNVBAUTE0lU" - + "OlpDQ01TTTc2SDE0TDIxOVkxETAPBgNVBC4TCDAwMDAyNTg1MIGgMA0GCSqG" - + "SIb3DQEBAQUAA4GOADCBigKBgQC3iU45shYMdUiD+nNgLgf5Lsh6OY/6ayhC" - + "0wC7BQ4pq3vx8a98DknrdU3UHxc1PC7vhCaoH1fXFfnCNcnh9a2bO5Xouy97" - + "V/1UeeuSMsJ4Ll+ccL7XgEoFma+d+xZMLOdG70xDMmDo9U39xWb2VM+J+Dg9" - + "/SiOJn0fYtXhFSMUdwIEAIs6TaOCAaEwggGdMB0GA1UdEQQWMBSBEnppY2Nh" - + "cmRpQGludGVzYS5pdDAvBggrBgEFBQcBAwQjMCEwCAYGBACORgEBMAsGBgQA" - + "jkYBAwIBFDAIBgYEAI5GAQQwWQYDVR0gBFIwUDBOBgYEAIswAQEwRDBCBggr" - + "BgEFBQcCARY2aHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L2NhX3B1YmJs" - + "aWNhL0NQU19JTlRFU0EuaHRtMA4GA1UdDwEB/wQEAwIGQDCBgwYDVR0jBHww" - + "eoAUGQkDltG4xVgbfhDkbsT2oBIJEKihXKRaMFgxCzAJBgNVBAYTAklUMRow" - + "GAYDVQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5B" - + "LiAtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ80QETMDsGA1UdHwQ0MDIw" - + "MKAuoCyGKmh0dHA6Ly9lLXRydXN0Y29tLmludGVzYS5pdC9DUkwvSU5URVNB" - + "LmNybDAdBgNVHQ4EFgQU3+SLS/CpkIeeNQ8be2MXFiNdueEwDQYJKoZIhvcN" - + "AQEFBQADggEBAIFvri9QlVkHqWwv8Hwpkejzd+0rnm+MYikI9pkw+VGeSkI6" - + "Yr8vx27n9Da3yjYgxIQL6B0jwt9XmxoirkzBTcmTx3zxFJ8mBksXmtsPN+2l" - + "yRa+rrTzUBgUYvPZB/dLGQ5V7Tkq2SPgMySZ+UCtxfYI3GslNjWV0DCYEcGJ" - + "hcp9sOI7aMfgsFz0PROV4MYjGeFgy9N3FlVwy19NBDicJwwzFDU0SJvWb/uE" - + "ikzZXxW4vVEwalgckpA8wHpbHwdlOtaKnNodcSpgrZBjJjfYmU/kM2Qv72mk" - + "/oSxARRgB9oMBa2HOP40wSsgWHlNb7AMbImyKE7NQKYJejB++ajwywcxggM8" - + "MIIDOAIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5UZS5TLkEu" - + "IFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmljYXRpb24g" - + "QXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYB+" - + "lH2cwLqc91mP8prvgSV+RRzk13dJdZvdoVjgQoFrPhBiZCNIEoHvIhMMA/sM" - + "X6euSRZk7EjD24FasCEGYyd0mJVLEy6TSPmuW+wWz/28w3a6IWXBGrbb/ild" - + "/CJMkPgLPGgOVD1WDwiNKwfasiQSFtySf5DPn3jFevdLeMmEY6GCAjIwggEV" - + "BgkqhkiG9w0BCQYxggEGMIIBAgIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYD" - + "VQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAt" - + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJ" - + "KoZIhvcNAQEBBQAEgYBHlOULfT5GDigIvxP0qZOy8VbpntmzaPF55VV4buKV" - + "35J+uHp98gXKp0LrHM69V5IRKuyuQzHHFBqsXxsRI9o6KoOfgliD9Xc+BeMg" - + "dKzQhBhBYoFREq8hQM0nSbqDNHYAQyNHMzUA/ZQUO5dlFuH8Dw3iDYAhNtfd" - + "PrlchKJthDCCARUGCSqGSIb3DQEJBjGCAQYwggECAgEBMGAwWDELMAkGA1UE" - + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ" - + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCBEOdgPcwCQYF" - + "Kw4DAhoFADANBgkqhkiG9w0BAQEFAASBgEeU5Qt9PkYOKAi/E/Spk7LxVume" - + "2bNo8XnlVXhu4pXfkn64en3yBcqnQusczr1XkhEq7K5DMccUGqxfGxEj2joq" - + "g5+CWIP1dz4F4yB0rNCEGEFigVESryFAzSdJuoM0dgBDI0czNQD9lBQ7l2UW" - + "4fwPDeINgCE2190+uVyEom2E"); - - byte[] noSignedAttrSample2 = Base64.decode( - "MIIIlAYJKoZIhvcNAQcCoIIIhTCCCIECAQExCzAJBgUrDgMCGgUAMAsGCSqG" - + "SIb3DQEHAaCCB3UwggOtMIIDa6ADAgECAgEzMAsGByqGSM44BAMFADCBkDEL" - + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x" - + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh" - + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln" - + "bmluZyBDQTAeFw0wMTA1MjkxNjQ3MTFaFw0wNjA1MjgxNjQ3MTFaMG4xHTAb" - + "BgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZhIFNv" - + "ZnR3YXJlIENvZGUgU2lnbmluZzEoMCYGA1UEAxMfVGhlIExlZ2lvbiBvZiB0" - + "aGUgQm91bmN5IENhc3RsZTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB" - + "HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2" - + "y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUP" - + "BPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM" - + "spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9" - + "B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj" - + "rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtV" - + "JWQBTDv+z0kqA4GEAAKBgBWry/FCAZ6miyy39+ftsa+h9lxoL+JtV0MJcUyQ" - + "E4VAhpAwWb8vyjba9AwOylYQTktHX5sAkFvjBiU0LOYDbFSTVZSHMRJgfjxB" - + "SHtICjOEvr1BJrrOrdzqdxcOUge5n7El124BCrv91x5Ol8UTwtiO9LrRXF/d" - + "SyK+RT5n1klRo3YwdDARBglghkgBhvhCAQEEBAMCAIcwDgYDVR0PAQH/BAQD" - + "AgHGMB0GA1UdDgQWBBQwMY4NRcco1AO3w1YsokfDLVseEjAPBgNVHRMBAf8E" - + "BTADAQH/MB8GA1UdIwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMAsGByqG" - + "SM44BAMFAAMvADAsAhRmigTu6QV0sTfEkVljgij/hhdVfAIUQZvMxAnIHc30" - + "y/u0C1T5UEG9glUwggPAMIIDfqADAgECAgEQMAsGByqGSM44BAMFADCBkDEL" - + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x" - + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh" - + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln" - + "bmluZyBDQTAeFw0wMTA0MjUwNzAwMDBaFw0yMDA0MjUwNzAwMDBaMIGQMQsw" - + "CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEd" - + "MBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEg" - + "U29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBTaWdu" - + "aW5nIENBMIIBtzCCASwGByqGSM44BAEwggEfAoGBAOuvNwQeylEeaV2w8o/2" - + "tUkfxqSZBdcpv3S3avUZ2B7kG/gKAZqY/3Cr4kpWhmxTs/zhyIGMMfDE87CL" - + "5nAG7PdpaNuDTHIpiSk2F1w7SgegIAIqRpdRHXDICBgLzgxum3b3BePn+9Nh" - + "eeFgmiSNBpWDPFEg4TDPOFeCphpyDc7TAhUAhCVF4bq5qWKreehbMLiJaxv/" - + "e3UCgYEAq8l0e3Tv7kK1alNNO92QBnJokQ8LpCl2LlU71a5NZVx+KjoEpmem" - + "0HGqpde34sFyDaTRqh6SVEwgAAmisAlBGTMAssNcrkL4sYvKfJbYEH83RFuq" - + "zHjI13J2N2tAmahVZvqoAx6LShECactMuCUGHKB30sms0j3pChD6dnC3+9wD" - + "gYQAAoGALQmYXKy4nMeZfu4gGSo0kPnXq6uu3WtylQ1m+O8nj0Sy7ShEx/6v" - + "sKYnbwBnRYJbB6hWVjvSKVFhXmk51y50dxLPGUr1LcjLcmHETm/6R0M/FLv6" - + "vBhmKMLZZot6LS/CYJJLFP5YPiF/aGK+bEhJ+aBLXoWdGRD5FUVRG3HU9wuj" - + "ZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1Ud" - + "IwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMB0GA1UdDgQWBBRl4vSGydNO" - + "8JFOWKJq9dh4WprBpjALBgcqhkjOOAQDBQADLwAwLAIUKvfPPJdd+Xi2CNdB" - + "tNkNRUzktJwCFEXNdWkOIfod1rMpsun3Mx0z/fxJMYHoMIHlAgEBMIGWMIGQ" - + "MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0" - + "bzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkph" - + "dmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBT" - + "aWduaW5nIENBAgEzMAkGBSsOAwIaBQAwCwYHKoZIzjgEAQUABC8wLQIVAIGV" - + "khm+kbV4a/+EP45PHcq0hIViAhR4M9os6IrJnoEDS3Y3l7O6zrSosA=="); - - private JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter(); - - /* - * - * INFRASTRUCTURE - * - */ - - public SignedDataTest(String name) - { - super(name); - } - - public static void main(String args[]) - { - - junit.textui.TestRunner.run(SignedDataTest.class); - } - - public static Test suite() - throws Exception - { - init(); - - return new CMSTestSetup(new TestSuite(SignedDataTest.class)); - } - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - _origDN = "O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _origKP, _origDN); - - _signDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _origKP, _origDN); - - _signGostKP = CMSTestUtil.makeGostKeyPair(); - _signGostCert = CMSTestUtil.makeCertificate(_signGostKP, _signDN, _origKP, _origDN); - - _signDsaKP = CMSTestUtil.makeDsaKeyPair(); - _signDsaCert = CMSTestUtil.makeCertificate(_signDsaKP, _signDN, _origKP, _origDN); - - _signEcDsaKP = CMSTestUtil.makeEcDsaKeyPair(); - _signEcDsaCert = CMSTestUtil.makeCertificate(_signEcDsaKP, _signDN, _origKP, _origDN); - - _signEcGostKP = CMSTestUtil.makeEcGostKeyPair(); - _signEcGostCert = CMSTestUtil.makeCertificate(_signEcGostKP, _signDN, _origKP, _origDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _signCrl = CMSTestUtil.makeCrl(_signKP); - } - } - - private void verifySignatures(CMSSignedData s, byte[] contentDigest) - throws Exception - { - CertStore certStore = s.getCertificatesAndCRLs("Collection", BC); - SignerInformationStore signers = s.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - - if (contentDigest != null) - { - assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest())); - } - } - - Collection certColl = certStore.getCertificates(null); - Collection crlColl = certStore.getCRLs(null); - - assertEquals(certColl.size(), s.getCertificates("Collection", BC).getMatches(null).size()); - assertEquals(crlColl.size(), s.getCRLs("Collection", BC).getMatches(null).size()); - } - - private void verifySignatures(CMSSignedData s) - throws Exception - { - verifySignatures(s, null); - } - - public void testDetachedVerification() - throws Exception - { - byte[] data = "Hello World!".getBytes(); - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray(data); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_MD5); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(msg, BC); - - MessageDigest sha1 = MessageDigest.getInstance("SHA1", BC); - MessageDigest md5 = MessageDigest.getInstance("MD5", BC); - Map hashes = new HashMap(); - byte[] sha1Hash = sha1.digest(data); - byte[] md5Hash = md5.digest(data); - - hashes.put(CMSSignedDataGenerator.DIGEST_SHA1, sha1Hash); - hashes.put(CMSSignedDataGenerator.DIGEST_MD5, md5Hash); - - s = new CMSSignedData(hashes, s.getEncoded()); - - verifySignatures(s, null); - } - - public void testSHA1AndMD5WithRSAEncapsulatedRepeated() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_MD5); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(msg, true, BC); - - ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certs = s.getCertificatesAndCRLs("Collection", BC); - - SignerInformationStore signers = s.getSignerInfos(); - - assertEquals(2, signers.size()); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - SignerId sid = null; - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - sid = signer.getSID(); - - assertEquals(true, signer.verify(cert, BC)); - - // - // check content digest - // - - byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(signer.getDigestAlgOID()); - - AttributeTable table = signer.getSignedAttributes(); - Attribute hash = table.get(CMSAttributes.messageDigest); - - assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets())); - } - - c = signers.getSigners(sid); - - assertEquals(2, c.size()); - - - // - // try using existing signer - // - - gen = new CMSSignedDataGenerator(); - - gen.addSigners(s.getSignerInfos()); - - gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC)); - - s = gen.generate(msg, true, BC); - - bIn = new ByteArrayInputStream(s.getEncoded()); - aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certs = s.getCertificatesAndCRLs("Collection", BC); - - signers = s.getSignerInfos(); - c = signers.getSigners(); - it = c.iterator(); - - assertEquals(2, c.size()); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - checkSignerStoreReplacement(s, signers); - } - - public void testSHA1WithRSANoAttributes() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(s, md.digest("Hello world!".getBytes())); - } - - public void testSHA1WithRSAViaConfig() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // set some bogus mappings. - CMSConfig.setSigningEncryptionAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption.getId(), "XXXX"); - CMSConfig.setSigningDigestAlgorithmMapping(OIWObjectIdentifiers.idSHA1.getId(), "YYYY"); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s; - - try - { - // try the bogus mappings - s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - } - catch (NoSuchAlgorithmException e) - { - if (!e.getMessage().startsWith("Unknown signature type requested: YYYYWITHXXXX")) - { - throw e; - } - } - finally - { - // reset to the real ones - CMSConfig.setSigningEncryptionAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA"); - CMSConfig.setSigningDigestAlgorithmMapping(OIWObjectIdentifiers.idSHA1.getId(), "SHA1"); - } - - s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(s, md.digest("Hello world!".getBytes())); - } - - public void testSHA1WithRSAAndAttributeTable() - throws Exception - { - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - Attribute attr = new Attribute(CMSAttributes.messageDigest, - new DERSet( - new DEROctetString( - md.digest("Hello world!".getBytes())))); - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(attr); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1, new AttributeTable(v), null); - - gen.addCertificatesAndCRLs(certs); - - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, null, false, BC); - - // - // the signature is detached, so need to add msg before passing on - // - s = new CMSSignedData(msg, s.getEncoded()); - // - // compute expected content digest - // - - verifySignatures(s, md.digest("Hello world!".getBytes())); - } - - public void testSHA1WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testSHA1WithRSAEncapsulatedSubjectKeyID() - throws Exception - { - subjectKeyIDTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testSHA1WithRSAPSS() - throws Exception - { - rsaPSSTest("SHA1", CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testSHA224WithRSAPSS() - throws Exception - { - rsaPSSTest("SHA224", CMSSignedDataGenerator.DIGEST_SHA224); - } - - public void testSHA256WithRSAPSS() - throws Exception - { - rsaPSSTest("SHA256", CMSSignedDataGenerator.DIGEST_SHA256); - } - - public void testSHA384WithRSAPSS() - throws Exception - { - rsaPSSTest("SHA384", CMSSignedDataGenerator.DIGEST_SHA384); - } - - public void testSHA224WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA224); - } - - public void testSHA256WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA256); - } - - public void testRIPEMD128WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD128); - } - - public void testRIPEMD160WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD160); - } - - public void testRIPEMD256WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD256); - } - - public void testECDSAEncapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testECDSAEncapsulatedSubjectKeyID() - throws Exception - { - subjectKeyIDTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testECDSASHA224Encapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA224); - } - - public void testECDSASHA256Encapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA256); - } - - public void testECDSASHA384Encapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA384); - } - - public void testECDSASHA512Encapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA512); - } - - public void testECDSASHA512EncapsulatedWithKeyFactoryAsEC() - throws Exception - { - X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(_signEcDsaKP.getPublic().getEncoded()); - PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(_signEcDsaKP.getPrivate().getEncoded()); - KeyFactory keyFact = KeyFactory.getInstance("EC", BC); - KeyPair kp = new KeyPair(keyFact.generatePublic(pubSpec), keyFact.generatePrivate(privSpec)); - - encapsulatedTest(kp, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA512); - } - - public void testDSAEncapsulated() - throws Exception - { - encapsulatedTest(_signDsaKP, _signDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testDSAEncapsulatedSubjectKeyID() - throws Exception - { - subjectKeyIDTest(_signDsaKP, _signDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testGOST3411WithGOST3410Encapsulated() - throws Exception - { - encapsulatedTest(_signGostKP, _signGostCert, CMSSignedDataGenerator.DIGEST_GOST3411); - } - - public void testGOST3411WithECGOST3410Encapsulated() - throws Exception - { - encapsulatedTest(_signEcGostKP, _signEcGostCert, CMSSignedDataGenerator.DIGEST_GOST3411); - } - - public void testSHA1WithRSACounterSignature() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_signCert); - certList.add(_origCert); - - certList.add(_signCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_signKP.getPrivate(), _signCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certsAndCrls); - - CMSSignedData s = gen.generate(msg, true, BC); - SignerInformation origSigner = (SignerInformation)s.getSignerInfos().getSigners().toArray()[0]; - SignerInformationStore counterSigners1 = gen.generateCounterSigners(origSigner, BC); - SignerInformationStore counterSigners2 = gen.generateCounterSigners(origSigner, BC); - - SignerInformation signer1 = SignerInformation.addCounterSigners(origSigner, counterSigners1); - SignerInformation signer2 = SignerInformation.addCounterSigners(signer1, counterSigners2); - - SignerInformationStore cs = signer2.getCounterSignatures(); - Collection csSigners = cs.getSigners(); - assertEquals(2, csSigners.size()); - - Iterator it = csSigners.iterator(); - while (it.hasNext()) - { - SignerInformation cSigner = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(cSigner.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType)); - assertEquals(true, cSigner.verify(cert, BC)); - } - } - - private void rsaPSSTest(String digestName, String digestOID) - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, digestOID); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance(digestName, BC); - - verifySignatures(s, md.digest("Hello world!".getBytes())); - } - - private void subjectKeyIDTest( - KeyPair signaturePair, - X509Certificate signatureCert, - String digestAlgorithm) - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(signatureCert); - certList.add(_origCert); - - certList.add(_signCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(signaturePair.getPrivate(), CMSTestUtil.createSubjectKeyId(signatureCert.getPublicKey()).getKeyIdentifier(), digestAlgorithm); - - gen.addCertificatesAndCRLs(certsAndCrls); - - CMSSignedData s = gen.generate(msg, true, BC); - - assertEquals(3, s.getVersion()); - - ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certsAndCrls = s.getCertificatesAndCRLs("Collection", BC); - - SignerInformationStore signers = s.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - // - // check for CRLs - // - Collection crls = certsAndCrls.getCRLs(null); - - assertEquals(1, crls.size()); - - assertTrue(crls.contains(_signCrl)); - - // - // try using existing signer - // - - gen = new CMSSignedDataGenerator(); - - gen.addSigners(s.getSignerInfos()); - - gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC)); - - s = gen.generate(msg, true, BC); - - bIn = new ByteArrayInputStream(s.getEncoded()); - aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certsAndCrls = s.getCertificatesAndCRLs("Collection", BC); - - signers = s.getSignerInfos(); - c = signers.getSigners(); - it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - checkSignerStoreReplacement(s, signers); - } - - private void encapsulatedTest( - KeyPair signaturePair, - X509Certificate signatureCert, - String digestAlgorithm) - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(signatureCert); - certList.add(_origCert); - - certList.add(_signCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(signaturePair.getPrivate(), signatureCert, digestAlgorithm); - - gen.addCertificatesAndCRLs(certsAndCrls); - - CMSSignedData s = gen.generate(msg, true, BC); - - ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certsAndCrls = s.getCertificatesAndCRLs("Collection", BC); - - SignerInformationStore signers = s.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - // - // check for CRLs - // - Collection crls = certsAndCrls.getCRLs(null); - - assertEquals(1, crls.size()); - - assertTrue(crls.contains(_signCrl)); - - // - // try using existing signer - // - - gen = new CMSSignedDataGenerator(); - - gen.addSigners(s.getSignerInfos()); - - gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC)); - - s = gen.generate(msg, true, BC); - - bIn = new ByteArrayInputStream(s.getEncoded()); - aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certsAndCrls = s.getCertificatesAndCRLs("Collection", BC); - - signers = s.getSignerInfos(); - c = signers.getSigners(); - it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - checkSignerStoreReplacement(s, signers); - } - - // - // signerInformation store replacement test. - // - private void checkSignerStoreReplacement( - CMSSignedData orig, - SignerInformationStore signers) - throws Exception - { - CMSSignedData s = CMSSignedData.replaceSigners(orig, signers); - - CertStore certs = s.getCertificatesAndCRLs("Collection", BC); - - signers = s.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - } - - public void testUnsortedAttributes() - throws Exception - { - CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(disorderedMessage), disorderedSet); - - CertStore certs = s.getCertificatesAndCRLs("Collection", BC); - - SignerInformationStore signers = s.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - } - - public void testNullContentWithSigner() - throws Exception - { - List certList = new ArrayList(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(null, false, BC); - - ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - verifySignatures(s); - } - - public void testWithAttributeCertificate() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - - certList.add(_signDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - X509AttributeCertificate attrCert = CMSTestUtil.getAttributeCertificate(); - - X509Store store = X509Store.getInstance("AttributeCertificate/Collection", - new X509CollectionStoreParameters(Collections.singleton(attrCert)), BC); - - gen.addAttributeCertificates(store); - - CMSSignedData sd = gen.generate(msg, BC); - - assertEquals(4, sd.getVersion()); - - store = sd.getAttributeCertificates("Collection", BC); - - Collection coll = store.getMatches(null); - - assertEquals(1, coll.size()); - - assertTrue(coll.contains(attrCert)); - - // - // create new certstore - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - - // - // replace certs - // - sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs); - - verifySignatures(sd); - } - - public void testCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - - certList.add(_signDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData sd = gen.generate(msg, BC); - - // - // create new certstore - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // replace certs - // - sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs); - - verifySignatures(sd); - } - - public void testEncapsulatedCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - - certList.add(_signDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData sd = gen.generate(msg, true, BC); - - // - // create new certstore - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // replace certs - // - sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs); - - verifySignatures(sd); - } - - public void testCertOrdering1() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - certList.add(_signDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData sd = gen.generate(msg, true, BC); - - certs = sd.getCertificatesAndCRLs("Collection", BC); - Iterator it = certs.getCertificates(null).iterator(); - - assertEquals(_origCert, it.next()); - assertEquals(_signCert, it.next()); - assertEquals(_signDsaCert, it.next()); - } - - public void testCertOrdering2() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_signCert); - certList.add(_signDsaCert); - certList.add(_origCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData sd = gen.generate(msg, true, BC); - - certs = sd.getCertificatesAndCRLs("Collection", BC); - Iterator it = certs.getCertificates(null).iterator(); - - assertEquals(_signCert, it.next()); - assertEquals(_signDsaCert, it.next()); - assertEquals(_origCert, it.next()); - } - - public void testSignerStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData original = gen.generate(msg, true, BC); - - // - // create new Signer - // - gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA224); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData newSD = gen.generate(msg, true, BC); - - // - // replace signer - // - CMSSignedData sd = CMSSignedData.replaceSigners(original, newSD.getSignerInfos()); - - SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next(); - - assertEquals(CMSSignedDataGenerator.DIGEST_SHA224, signer.getDigestAlgOID()); - - // we use a parser here as it requires the digests to be correct in the digest set, if it - // isn't we'll get a NullPointerException - CMSSignedDataParser sp = new CMSSignedDataParser(sd.getEncoded()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testEncapsulatedSamples() - throws Exception - { - testSample("PSSSignDataSHA1Enc.sig"); - testSample("PSSSignDataSHA256Enc.sig"); - testSample("PSSSignDataSHA512Enc.sig"); - } - - public void testSamples() - throws Exception - { - testSample("PSSSignData.data", "PSSSignDataSHA1.sig"); - testSample("PSSSignData.data", "PSSSignDataSHA256.sig"); - testSample("PSSSignData.data", "PSSSignDataSHA512.sig"); - } - - public void testCounterSig() - throws Exception - { - CMSSignedData sig = new CMSSignedData(getInput("counterSig.p7m")); - - SignerInformationStore ss = sig.getSignerInfos(); - Collection signers = ss.getSigners(); - - SignerInformationStore cs = ((SignerInformation)signers.iterator().next()).getCounterSignatures(); - Collection csSigners = cs.getSigners(); - assertEquals(1, csSigners.size()); - - Iterator it = csSigners.iterator(); - while (it.hasNext()) - { - SignerInformation cSigner = (SignerInformation)it.next(); - Collection certCollection = sig.getCertificatesAndCRLs("Collection", BC).getCertificates(selectorConverter.getCertSelector(cSigner.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType)); - assertEquals(true, cSigner.verify(cert, BC)); - } - - verifySignatures(sig); - } - - private void testSample(String sigName) - throws Exception - { - CMSSignedData sig = new CMSSignedData(getInput(sigName)); - - verifySignatures(sig); - } - - private void testSample(String messageName, String sigName) - throws Exception - { - CMSSignedData sig = new CMSSignedData(new CMSProcessableByteArray(getInput(messageName)), getInput(sigName)); - - verifySignatures(sig); - } - - private byte[] getInput(String name) - throws IOException - { - return Streams.readAll(getClass().getResourceAsStream(name)); - } - - public void testForMultipleCounterSignatures() - throws Exception - { - CMSSignedData sd = new CMSSignedData(xtraCounterSig); - - for (Iterator sI = sd.getSignerInfos().getSigners().iterator(); sI.hasNext();) - { - SignerInformation sigI = (SignerInformation)sI.next(); - - SignerInformationStore counter = sigI.getCounterSignatures(); - List sigs = new ArrayList(counter.getSigners()); - - assertEquals(2, sigs.size()); - } - } - - private void verifySignatures(CMSSignedDataParser sp) - throws Exception - { - CertStore certs = sp.getCertificatesAndCRLs("Collection", BC); - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/test/SunProviderTest.java b/bcpkix/src/main/java/org/bouncycastle/cms/test/SunProviderTest.java index 9412b99..3ec8c5a 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/test/SunProviderTest.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/test/SunProviderTest.java @@ -14,8 +14,6 @@ import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; -import java.security.cert.CertStore; -import java.security.cert.CollectionCertStoreParameters; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; @@ -28,23 +26,37 @@ import junit.framework.Test; import junit.framework.TestCase; import junit.framework.TestSuite; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.X509Name; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cms.CMSEnvelopedData; import org.bouncycastle.cms.CMSEnvelopedDataGenerator; -import org.bouncycastle.cms.CMSProcessable; import org.bouncycastle.cms.CMSProcessableByteArray; import org.bouncycastle.cms.CMSSignedData; import org.bouncycastle.cms.CMSSignedDataGenerator; import org.bouncycastle.cms.CMSSignedDataParser; import org.bouncycastle.cms.CMSSignedDataStreamGenerator; +import org.bouncycastle.cms.CMSTypedData; import org.bouncycastle.cms.CMSTypedStream; import org.bouncycastle.cms.RecipientInformation; import org.bouncycastle.cms.RecipientInformationStore; import org.bouncycastle.cms.SignerInformation; import org.bouncycastle.cms.SignerInformationStore; +import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; +import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder; +import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; +import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; +import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; +import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; +import org.bouncycastle.operator.DigestCalculatorProvider; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; +import org.bouncycastle.util.CollectionStore; +import org.bouncycastle.util.Store; import org.bouncycastle.x509.X509V3CertificateGenerator; public class SunProviderTest @@ -73,27 +85,26 @@ public class SunProviderTest throws Exception { List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); + CMSTypedData msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); - certList.add(keyCert); + certList.add(new X509CertificateHolder(keyCert.getEncoded())); - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), "SUN"); + DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().build(); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - gen.addSigner(keyPair.getPrivate(), keyCert, CMSSignedDataGenerator.DIGEST_SHA1); + gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("SunRsaSign").build(keyPair.getPrivate()), keyCert)); - gen.addCertificatesAndCRLs(certsAndCrls); + gen.addCertificates(new CollectionStore(certList)); - CMSSignedData s = gen.generate(msg, true, "SunRsaSign"); + CMSSignedData s = gen.generate(msg, true); ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); ASN1InputStream aIn = new ASN1InputStream(bIn); s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - certsAndCrls = s.getCertificatesAndCRLs("Collection", "SUN"); + Store certsAndCrls = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); @@ -102,12 +113,12 @@ public class SunProviderTest while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); + Collection certCollection = certsAndCrls.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); + X509Certificate cert = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder)certIt.next()); - assertEquals(true, signer.verify(cert, "SunRsaSign")); + assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build()).setProvider("SunRsaSign").build(cert))); } } @@ -117,16 +128,15 @@ public class SunProviderTest List certList = new ArrayList(); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - certList.add(keyCert); + certList.add(new X509CertificateHolder(keyCert.getEncoded())); - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), "SUN"); + DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().build(); CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - gen.addSigner(keyPair.getPrivate(), keyCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, "SunRsaSign"); + gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("SunRsaSign").build(keyPair.getPrivate()), keyCert)); - gen.addCertificatesAndCRLs(certsAndCrls); + gen.addCertificates(new CollectionStore(certList)); OutputStream sigOut = gen.open(bOut); @@ -134,7 +144,7 @@ public class SunProviderTest sigOut.close(); - CMSSignedDataParser sp = new CMSSignedDataParser( + CMSSignedDataParser sp = new CMSSignedDataParser(digCalcProv, new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray()); sp.getSignedContent().drain(); @@ -145,7 +155,7 @@ public class SunProviderTest MessageDigest md = MessageDigest.getInstance("SHA1", "SUN"); byte[] contentDigest = md.digest(TEST_MESSAGE.getBytes()); - CertStore certStore = sp.getCertificatesAndCRLs("Collection", "SUN"); + Store certStore = sp.getCertificates(); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); @@ -154,12 +164,12 @@ public class SunProviderTest while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); + Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); + X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - assertEquals(true, signer.verify(cert, "SunRsaSign")); + assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SunRsaSign").build(new JcaX509CertificateConverter().getCertificate(cert)))); if (contentDigest != null) { @@ -199,11 +209,11 @@ public class SunProviderTest CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - edGen.addKeyTransRecipient(keyCert); + edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyCert).setProvider("SunJCE")); CMSEnvelopedData ed = edGen.generate( new CMSProcessableByteArray(data), - algorithm, "SunJCE"); + new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(algorithm)).setProvider("SunJCE").build()); RecipientInformationStore recipients = ed.getRecipientInfos(); @@ -222,7 +232,7 @@ public class SunProviderTest assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - byte[] recData = recipient.getContent(keyPair.getPrivate(), "SunJCE"); + byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(keyPair.getPrivate()).setProvider("SunJCE")); assertEquals(true, Arrays.equals(data, recData)); } |