diff options
author | Roberto Tyley <roberto.tyley@gmail.com> | 2014-07-15 01:38:01 +0400 |
---|---|---|
committer | Roberto Tyley <roberto.tyley@gmail.com> | 2014-07-26 11:23:17 +0400 |
commit | 7cb752aaf746dc0b473afeb9e892b7fbc12666c5 (patch) | |
tree | cc4f91ddc18332b5adbe82e3fcb040d976c90105 /pkix/src/main/java/org/bouncycastle/cms | |
parent | 551830f8ea5177042af2c7dd1fc90888bc67387d (diff) |
Execute become-spongy.sh
https://github.com/rtyley/spongycastle/blob/3040af/become-spongy.sh
Diffstat (limited to 'pkix/src/main/java/org/bouncycastle/cms')
138 files changed, 0 insertions, 14587 deletions
diff --git a/pkix/src/main/java/org/bouncycastle/cms/AuthAttributesProvider.java b/pkix/src/main/java/org/bouncycastle/cms/AuthAttributesProvider.java deleted file mode 100644 index a17325bd..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/AuthAttributesProvider.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.ASN1Set; - -interface AuthAttributesProvider -{ - ASN1Set getAuthAttributes(); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java deleted file mode 100644 index f256e2a2..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; - -/** - * a class representing null or absent content. - */ -public class CMSAbsentContent - implements CMSTypedData, CMSReadable -{ - private final ASN1ObjectIdentifier type; - - public CMSAbsentContent() - { - this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId())); - } - - public CMSAbsentContent( - ASN1ObjectIdentifier type) - { - this.type = type; - } - - public InputStream getInputStream() - { - return null; - } - - public void write(OutputStream zOut) - throws IOException, CMSException - { - // do nothing - } - - public Object getContent() - { - return null; - } - - public ASN1ObjectIdentifier getContentType() - { - return type; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java deleted file mode 100644 index 70484c87..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - -public class CMSAlgorithm -{ - public static final ASN1ObjectIdentifier DES_CBC = OIWObjectIdentifiers.desCBC; - public static final ASN1ObjectIdentifier DES_EDE3_CBC = PKCSObjectIdentifiers.des_EDE3_CBC; - public static final ASN1ObjectIdentifier RC2_CBC = PKCSObjectIdentifiers.RC2_CBC; - public static final ASN1ObjectIdentifier IDEA_CBC = new ASN1ObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2"); - public static final ASN1ObjectIdentifier CAST5_CBC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.10"); - public static final ASN1ObjectIdentifier AES128_CBC = NISTObjectIdentifiers.id_aes128_CBC; - public static final ASN1ObjectIdentifier AES192_CBC = NISTObjectIdentifiers.id_aes192_CBC; - public static final ASN1ObjectIdentifier AES256_CBC = NISTObjectIdentifiers.id_aes256_CBC; - public static final ASN1ObjectIdentifier CAMELLIA128_CBC = NTTObjectIdentifiers.id_camellia128_cbc; - public static final ASN1ObjectIdentifier CAMELLIA192_CBC = NTTObjectIdentifiers.id_camellia192_cbc; - public static final ASN1ObjectIdentifier CAMELLIA256_CBC = NTTObjectIdentifiers.id_camellia256_cbc; - public static final ASN1ObjectIdentifier SEED_CBC = KISAObjectIdentifiers.id_seedCBC; - - public static final ASN1ObjectIdentifier DES_EDE3_WRAP = PKCSObjectIdentifiers.id_alg_CMS3DESwrap; - public static final ASN1ObjectIdentifier AES128_WRAP = NISTObjectIdentifiers.id_aes128_wrap; - public static final ASN1ObjectIdentifier AES192_WRAP = NISTObjectIdentifiers.id_aes192_wrap; - public static final ASN1ObjectIdentifier AES256_WRAP = NISTObjectIdentifiers.id_aes256_wrap; - public static final ASN1ObjectIdentifier CAMELLIA128_WRAP = NTTObjectIdentifiers.id_camellia128_wrap; - public static final ASN1ObjectIdentifier CAMELLIA192_WRAP = NTTObjectIdentifiers.id_camellia192_wrap; - public static final ASN1ObjectIdentifier CAMELLIA256_WRAP = NTTObjectIdentifiers.id_camellia256_wrap; - public static final ASN1ObjectIdentifier SEED_WRAP = KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap; - - public static final ASN1ObjectIdentifier ECDH_SHA1KDF = X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme; - public static final ASN1ObjectIdentifier ECMQV_SHA1KDF = X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme; - - public static final ASN1ObjectIdentifier SHA1 = OIWObjectIdentifiers.idSHA1; - public static final ASN1ObjectIdentifier SHA224 = NISTObjectIdentifiers.id_sha224; - public static final ASN1ObjectIdentifier SHA256 = NISTObjectIdentifiers.id_sha256; - public static final ASN1ObjectIdentifier SHA384 = NISTObjectIdentifiers.id_sha384; - public static final ASN1ObjectIdentifier SHA512 = NISTObjectIdentifiers.id_sha512; - public static final ASN1ObjectIdentifier MD5 = PKCSObjectIdentifiers.md5; - public static final ASN1ObjectIdentifier GOST3411 = CryptoProObjectIdentifiers.gostR3411; - public static final ASN1ObjectIdentifier RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128; - public static final ASN1ObjectIdentifier RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160; - public static final ASN1ObjectIdentifier RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256; - -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerationException.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerationException.java deleted file mode 100644 index e3cab8a5..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerationException.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.cms; - -public class CMSAttributeTableGenerationException - extends CMSRuntimeException -{ - Exception e; - - public CMSAttributeTableGenerationException( - String name) - { - super(name); - } - - public CMSAttributeTableGenerationException( - String name, - Exception e) - { - super(name); - - this.e = e; - } - - public Exception getUnderlyingException() - { - return e; - } - - public Throwable getCause() - { - return e; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerator.java deleted file mode 100644 index 528c738b..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAttributeTableGenerator.java +++ /dev/null @@ -1,19 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.cms.AttributeTable; - -import java.util.Map; - -/** - * Note: The SIGNATURE parameter is only available when generating unsigned attributes. - */ -public interface CMSAttributeTableGenerator -{ - static final String CONTENT_TYPE = "contentType"; - static final String DIGEST = "digest"; - static final String SIGNATURE = "encryptedDigest"; - static final String DIGEST_ALGORITHM_IDENTIFIER = "digestAlgID"; - - AttributeTable getAttributes(Map parameters) - throws CMSAttributeTableGenerationException; -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java deleted file mode 100644 index 010e12c2..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.cms.AuthEnvelopedData; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.OriginatorInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * containing class for an CMS AuthEnveloped Data object - */ -class CMSAuthEnvelopedData -{ - RecipientInformationStore recipientInfoStore; - ContentInfo contentInfo; - - private OriginatorInfo originator; - private AlgorithmIdentifier authEncAlg; - private ASN1Set authAttrs; - private byte[] mac; - private ASN1Set unauthAttrs; - - public CMSAuthEnvelopedData(byte[] authEnvData) throws CMSException - { - this(CMSUtils.readContentInfo(authEnvData)); - } - - public CMSAuthEnvelopedData(InputStream authEnvData) throws CMSException - { - this(CMSUtils.readContentInfo(authEnvData)); - } - - public CMSAuthEnvelopedData(ContentInfo contentInfo) throws CMSException - { - this.contentInfo = contentInfo; - - AuthEnvelopedData authEnvData = AuthEnvelopedData.getInstance(contentInfo.getContent()); - - this.originator = authEnvData.getOriginatorInfo(); - - // - // read the recipients - // - ASN1Set recipientInfos = authEnvData.getRecipientInfos(); - - // - // read the auth-encrypted content info - // - EncryptedContentInfo authEncInfo = authEnvData.getAuthEncryptedContentInfo(); - this.authEncAlg = authEncInfo.getContentEncryptionAlgorithm(); -// final CMSProcessable processable = new CMSProcessableByteArray( -// authEncInfo.getEncryptedContent().getOctets()); - CMSSecureReadable secureReadable = new CMSSecureReadable() - { - - public InputStream getInputStream() - throws IOException, CMSException - { - return null; - } - }; - - // - // build the RecipientInformationStore - // - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore( - recipientInfos, this.authEncAlg, secureReadable); - - // FIXME These need to be passed to the AEAD cipher as AAD (Additional Authenticated Data) - this.authAttrs = authEnvData.getAuthAttrs(); - this.mac = authEnvData.getMac().getOctets(); - this.unauthAttrs = authEnvData.getUnauthAttrs(); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedGenerator.java deleted file mode 100644 index 90658574..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedGenerator.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; - -class CMSAuthEnvelopedGenerator -{ - public static final String AES128_CCM = NISTObjectIdentifiers.id_aes128_CCM.getId(); - public static final String AES192_CCM = NISTObjectIdentifiers.id_aes192_CCM.getId(); - public static final String AES256_CCM = NISTObjectIdentifiers.id_aes256_CCM.getId(); - public static final String AES128_GCM = NISTObjectIdentifiers.id_aes128_GCM.getId(); - public static final String AES192_GCM = NISTObjectIdentifiers.id_aes192_GCM.getId(); - public static final String AES256_GCM = NISTObjectIdentifiers.id_aes256_GCM.getId(); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java deleted file mode 100644 index bd9d5444..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedData.java +++ /dev/null @@ -1,260 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.AuthenticatedData; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Arrays; - -/** - * containing class for an CMS Authenticated Data object - */ -public class CMSAuthenticatedData -{ - RecipientInformationStore recipientInfoStore; - ContentInfo contentInfo; - - private AlgorithmIdentifier macAlg; - private ASN1Set authAttrs; - private ASN1Set unauthAttrs; - private byte[] mac; - private OriginatorInformation originatorInfo; - - public CMSAuthenticatedData( - byte[] authData) - throws CMSException - { - this(CMSUtils.readContentInfo(authData)); - } - - public CMSAuthenticatedData( - byte[] authData, - DigestCalculatorProvider digestCalculatorProvider) - throws CMSException - { - this(CMSUtils.readContentInfo(authData), digestCalculatorProvider); - } - - public CMSAuthenticatedData( - InputStream authData) - throws CMSException - { - this(CMSUtils.readContentInfo(authData)); - } - - public CMSAuthenticatedData( - InputStream authData, - DigestCalculatorProvider digestCalculatorProvider) - throws CMSException - { - this(CMSUtils.readContentInfo(authData), digestCalculatorProvider); - } - - public CMSAuthenticatedData( - ContentInfo contentInfo) - throws CMSException - { - this(contentInfo, null); - } - - public CMSAuthenticatedData( - ContentInfo contentInfo, - DigestCalculatorProvider digestCalculatorProvider) - throws CMSException - { - this.contentInfo = contentInfo; - - AuthenticatedData authData = AuthenticatedData.getInstance(contentInfo.getContent()); - - if (authData.getOriginatorInfo() != null) - { - this.originatorInfo = new OriginatorInformation(authData.getOriginatorInfo()); - } - - // - // read the recipients - // - ASN1Set recipientInfos = authData.getRecipientInfos(); - - this.macAlg = authData.getMacAlgorithm(); - - - this.authAttrs = authData.getAuthAttrs(); - this.mac = authData.getMac().getOctets(); - this.unauthAttrs = authData.getUnauthAttrs(); - - // - // read the authenticated content info - // - ContentInfo encInfo = authData.getEncapsulatedContentInfo(); - CMSReadable readable = new CMSProcessableByteArray( - ASN1OctetString.getInstance(encInfo.getContent()).getOctets()); - - // - // build the RecipientInformationStore - // - if (authAttrs != null) - { - if (digestCalculatorProvider == null) - { - throw new CMSException("a digest calculator provider is required if authenticated attributes are present"); - } - - try - { - CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable(digestCalculatorProvider.get(authData.getDigestAlgorithm()), readable); - - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(recipientInfos, this.macAlg, secureReadable, new AuthAttributesProvider() - { - public ASN1Set getAuthAttributes() - { - return authAttrs; - } - }); - } - catch (OperatorCreationException e) - { - throw new CMSException("unable to create digest calculator: " + e.getMessage(), e); - } - } - else - { - CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSAuthenticatedSecureReadable(this.macAlg, readable); - - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(recipientInfos, this.macAlg, secureReadable); - } - } - - /** - * Return the originator information associated with this message if present. - * - * @return OriginatorInformation, null if not present. - */ - public OriginatorInformation getOriginatorInfo() - { - return originatorInfo; - } - - public byte[] getMac() - { - return Arrays.clone(mac); - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } - - /** - * Return the MAC algorithm details for the MAC associated with the data in this object. - * - * @return AlgorithmIdentifier representing the MAC algorithm. - */ - public AlgorithmIdentifier getMacAlgorithm() - { - return macAlg; - } - - /** - * return the object identifier for the content MAC algorithm. - */ - public String getMacAlgOID() - { - return macAlg.getAlgorithm().getId(); - } - - /** - * return the ASN.1 encoded MAC algorithm parameters, or null if - * there aren't any. - */ - public byte[] getMacAlgParams() - { - try - { - return encodeObj(macAlg.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * return a store of the intended recipients for this message - */ - public RecipientInformationStore getRecipientInfos() - { - return recipientInfoStore; - } - - /** - * return the ContentInfo - */ - public ContentInfo getContentInfo() - { - return contentInfo; - } - - /** - * return a table of the digested attributes indexed by - * the OID of the attribute. - */ - public AttributeTable getAuthAttrs() - { - if (authAttrs == null) - { - return null; - } - - return new AttributeTable(authAttrs); - } - - /** - * return a table of the undigested attributes indexed by - * the OID of the attribute. - */ - public AttributeTable getUnauthAttrs() - { - if (unauthAttrs == null) - { - return null; - } - - return new AttributeTable(unauthAttrs); - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return contentInfo.getEncoded(); - } - - public byte[] getContentDigest() - { - if (authAttrs != null) - { - return ASN1OctetString.getInstance(getAuthAttrs().get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0)).getOctets(); - } - - return null; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java deleted file mode 100644 index 82f8294c..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java +++ /dev/null @@ -1,181 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AuthenticatedData; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.io.TeeOutputStream; - -/** - * General class for generating a CMS authenticated-data message. - * - * A simple example of usage. - * - * <pre> - * CMSAuthenticatedDataGenerator fact = new CMSAuthenticatedDataGenerator(); - * - * adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC")); - * - * CMSAuthenticatedData data = fact.generate(new CMSProcessableByteArray(data), - * new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build())); - * </pre> - */ -public class CMSAuthenticatedDataGenerator - extends CMSAuthenticatedGenerator -{ - /** - * base constructor - */ - public CMSAuthenticatedDataGenerator() - { - } - - /** - * Generate an authenticated data object from the passed in typedData and MacCalculator. - * - * @param typedData the data to have a MAC attached. - * @param macCalculator the calculator of the MAC to be attached. - * @return the resulting CMSAuthenticatedData object. - * @throws CMSException on failure in encoding data or processing recipients. - */ - public CMSAuthenticatedData generate(CMSTypedData typedData, MacCalculator macCalculator) - throws CMSException - { - return generate(typedData, macCalculator, null); - } - - /** - * Generate an authenticated data object from the passed in typedData and MacCalculator. - * - * @param typedData the data to have a MAC attached. - * @param macCalculator the calculator of the MAC to be attached. - * @param digestCalculator calculator for computing digest of the encapsulated data. - * @return the resulting CMSAuthenticatedData object. - * @throws CMSException on failure in encoding data or processing recipients. - */ - public CMSAuthenticatedData generate(CMSTypedData typedData, MacCalculator macCalculator, final DigestCalculator digestCalculator) - throws CMSException - { - ASN1EncodableVector recipientInfos = new ASN1EncodableVector(); - ASN1OctetString encContent; - ASN1OctetString macResult; - - for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();) - { - RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next(); - - recipientInfos.add(recipient.generate(macCalculator.getKey())); - } - - AuthenticatedData authData; - - if (digestCalculator != null) - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - OutputStream out = new TeeOutputStream(digestCalculator.getOutputStream(), bOut); - - typedData.write(out); - - out.close(); - - encContent = new BEROctetString(bOut.toByteArray()); - } - catch (IOException e) - { - throw new CMSException("unable to perform digest calculation: " + e.getMessage(), e); - } - - Map parameters = getBaseParameters(typedData.getContentType(), digestCalculator.getAlgorithmIdentifier(), digestCalculator.getDigest()); - - if (authGen == null) - { - authGen = new DefaultAuthenticatedAttributeTableGenerator(); - } - ASN1Set authed = new DERSet(authGen.getAttributes(Collections.unmodifiableMap(parameters)).toASN1EncodableVector()); - - try - { - OutputStream mOut = macCalculator.getOutputStream(); - - mOut.write(authed.getEncoded(ASN1Encoding.DER)); - - mOut.close(); - - macResult = new DEROctetString(macCalculator.getMac()); - } - catch (IOException e) - { - throw new CMSException("exception decoding algorithm parameters.", e); - } - ASN1Set unauthed = (unauthGen != null) ? new BERSet(unauthGen.getAttributes(Collections.unmodifiableMap(parameters)).toASN1EncodableVector()) : null; - - ContentInfo eci = new ContentInfo( - CMSObjectIdentifiers.data, - encContent); - - authData = new AuthenticatedData(originatorInfo, new DERSet(recipientInfos), macCalculator.getAlgorithmIdentifier(), digestCalculator.getAlgorithmIdentifier(), eci, authed, macResult, unauthed); - } - else - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - OutputStream mOut = new TeeOutputStream(bOut, macCalculator.getOutputStream()); - - typedData.write(mOut); - - mOut.close(); - - encContent = new BEROctetString(bOut.toByteArray()); - - macResult = new DEROctetString(macCalculator.getMac()); - } - catch (IOException e) - { - throw new CMSException("exception decoding algorithm parameters.", e); - } - - ASN1Set unauthed = (unauthGen != null) ? new BERSet(unauthGen.getAttributes(new HashMap()).toASN1EncodableVector()) : null; - - ContentInfo eci = new ContentInfo( - CMSObjectIdentifiers.data, - encContent); - - authData = new AuthenticatedData(originatorInfo, new DERSet(recipientInfos), macCalculator.getAlgorithmIdentifier(), null, eci, null, macResult, unauthed); - } - - ContentInfo contentInfo = new ContentInfo( - CMSObjectIdentifiers.authenticatedData, authData); - - return new CMSAuthenticatedData(contentInfo, new DigestCalculatorProvider() - { - public DigestCalculator get(AlgorithmIdentifier digestAlgorithmIdentifier) - throws OperatorCreationException - { - return digestCalculator; - } - }); - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java deleted file mode 100644 index 11c90c67..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataParser.java +++ /dev/null @@ -1,348 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1OctetStringParser; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.BERTags; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.AuthenticatedDataParser; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.ContentInfoParser; -import org.bouncycastle.asn1.cms.OriginatorInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Arrays; - -/** - * Parsing class for an CMS Authenticated Data object from an input stream. - * <p> - * Note: that because we are in a streaming mode only one recipient can be tried and it is important - * that the methods on the parser are called in the appropriate order. - * </p> - * <p> - * Example of use - assuming the first recipient matches the private key we have. - * <pre> - * CMSAuthenticatedDataParser ad = new CMSAuthenticatedDataParser(inputStream); - * - * RecipientInformationStore recipients = ad.getRecipientInfos(); - * - * Collection c = recipients.getRecipients(); - * Iterator it = c.iterator(); - * - * if (it.hasNext()) - * { - * RecipientInformation recipient = (RecipientInformation)it.next(); - * - * CMSTypedStream recData = recipient.getContentStream(new JceKeyTransAuthenticatedRecipient(privateKey).setProvider("BC")); - * - * processDataStream(recData.getContentStream()); - * - * if (!Arrays.equals(ad.getMac(), recipient.getMac()) - * { - * System.err.println("Data corrupted!!!!"); - * } - * } - * </pre> - * Note: this class does not introduce buffering - if you are processing large files you should create - * the parser with: - * <pre> - * CMSAuthenticatedDataParser ep = new CMSAuthenticatedDataParser(new BufferedInputStream(inputStream, bufSize)); - * </pre> - * where bufSize is a suitably large buffer size. - */ -public class CMSAuthenticatedDataParser - extends CMSContentInfoParser -{ - RecipientInformationStore recipientInfoStore; - AuthenticatedDataParser authData; - - private AlgorithmIdentifier macAlg; - private byte[] mac; - private AttributeTable authAttrs; - private ASN1Set authAttrSet; - private AttributeTable unauthAttrs; - - private boolean authAttrNotRead; - private boolean unauthAttrNotRead; - private OriginatorInformation originatorInfo; - - public CMSAuthenticatedDataParser( - byte[] envelopedData) - throws CMSException, IOException - { - this(new ByteArrayInputStream(envelopedData)); - } - - public CMSAuthenticatedDataParser( - byte[] envelopedData, - DigestCalculatorProvider digestCalculatorProvider) - throws CMSException, IOException - { - this(new ByteArrayInputStream(envelopedData), digestCalculatorProvider); - } - - public CMSAuthenticatedDataParser( - InputStream envelopedData) - throws CMSException, IOException - { - this(envelopedData, null); - } - - public CMSAuthenticatedDataParser( - InputStream envelopedData, - DigestCalculatorProvider digestCalculatorProvider) - throws CMSException, IOException - { - super(envelopedData); - - this.authAttrNotRead = true; - this.authData = new AuthenticatedDataParser((ASN1SequenceParser)_contentInfo.getContent(BERTags.SEQUENCE)); - - // TODO Validate version? - //ASN1Integer version = this.authData.getVersion(); - - OriginatorInfo info = authData.getOriginatorInfo(); - - if (info != null) - { - this.originatorInfo = new OriginatorInformation(info); - } - // - // read the recipients - // - ASN1Set recipientInfos = ASN1Set.getInstance(authData.getRecipientInfos().toASN1Primitive()); - - this.macAlg = authData.getMacAlgorithm(); - - // - // build the RecipientInformationStore - // - AlgorithmIdentifier digestAlgorithm = authData.getDigestAlgorithm(); - - if (digestAlgorithm != null) - { - if (digestCalculatorProvider == null) - { - throw new CMSException("a digest calculator provider is required if authenticated attributes are present"); - } - - // - // read the authenticated content info - // - ContentInfoParser data = authData.getEncapsulatedContentInfo(); - CMSReadable readable = new CMSProcessableInputStream( - ((ASN1OctetStringParser)data.getContent(BERTags.OCTET_STRING)).getOctetStream()); - - try - { - CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable(digestCalculatorProvider.get(digestAlgorithm), readable); - - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(recipientInfos, this.macAlg, secureReadable, new AuthAttributesProvider() - { - public ASN1Set getAuthAttributes() - { - try - { - return getAuthAttrSet(); - } - catch (IOException e) - { - throw new IllegalStateException("can't parse authenticated attributes!"); - } - } - }); - } - catch (OperatorCreationException e) - { - throw new CMSException("unable to create digest calculator: " + e.getMessage(), e); - } - } - else - { - // - // read the authenticated content info - // - ContentInfoParser data = authData.getEncapsulatedContentInfo(); - CMSReadable readable = new CMSProcessableInputStream( - ((ASN1OctetStringParser)data.getContent(BERTags.OCTET_STRING)).getOctetStream()); - - CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSAuthenticatedSecureReadable(this.macAlg, readable); - - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(recipientInfos, this.macAlg, secureReadable); - } - - - } - - /** - * Return the originator information associated with this message if present. - * - * @return OriginatorInformation, null if not present. - */ - public OriginatorInformation getOriginatorInfo() - { - return originatorInfo; - } - - /** - * Return the MAC algorithm details for the MAC associated with the data in this object. - * - * @return AlgorithmIdentifier representing the MAC algorithm. - */ - public AlgorithmIdentifier getMacAlgorithm() - { - return macAlg; - } - - /** - * return the object identifier for the mac algorithm. - */ - public String getMacAlgOID() - { - return macAlg.getAlgorithm().toString(); - } - - /** - * return the ASN.1 encoded encryption algorithm parameters, or null if - * there aren't any. - */ - public byte[] getMacAlgParams() - { - try - { - return encodeObj(macAlg.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * return a store of the intended recipients for this message - */ - public RecipientInformationStore getRecipientInfos() - { - return recipientInfoStore; - } - - public byte[] getMac() - throws IOException - { - if (mac == null) - { - getAuthAttrs(); - mac = authData.getMac().getOctets(); - } - return Arrays.clone(mac); - } - - private ASN1Set getAuthAttrSet() - throws IOException - { - if (authAttrs == null && authAttrNotRead) - { - ASN1SetParser set = authData.getAuthAttrs(); - - if (set != null) - { - authAttrSet = (ASN1Set)set.toASN1Primitive(); - } - - authAttrNotRead = false; - } - - return authAttrSet; - } - - /** - * return a table of the unauthenticated attributes indexed by - * the OID of the attribute. - * @exception java.io.IOException - */ - public AttributeTable getAuthAttrs() - throws IOException - { - if (authAttrs == null && authAttrNotRead) - { - ASN1Set set = getAuthAttrSet(); - - if (set != null) - { - authAttrs = new AttributeTable(set); - } - } - - return authAttrs; - } - - /** - * return a table of the unauthenticated attributes indexed by - * the OID of the attribute. - * @exception java.io.IOException - */ - public AttributeTable getUnauthAttrs() - throws IOException - { - if (unauthAttrs == null && unauthAttrNotRead) - { - ASN1SetParser set = authData.getUnauthAttrs(); - - unauthAttrNotRead = false; - - if (set != null) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - ASN1Encodable o; - - while ((o = set.readObject()) != null) - { - ASN1SequenceParser seq = (ASN1SequenceParser)o; - - v.add(seq.toASN1Primitive()); - } - - unauthAttrs = new AttributeTable(new DERSet(v)); - } - } - - return unauthAttrs; - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } - - /** - * This will only be valid after the content has been read. - * - * @return the contents of the messageDigest attribute, if available. Null if not present. - */ - public byte[] getContentDigest() - { - if (authAttrs != null) - { - return ASN1OctetString.getInstance(authAttrs.get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0)).getOctets(); - } - - return null; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java deleted file mode 100644 index f32666d1..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java +++ /dev/null @@ -1,310 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.AuthenticatedData; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.util.io.TeeOutputStream; - -/** - * General class for generating a CMS authenticated-data message stream. - * <p> - * A simple example of usage. - * <pre> - * CMSAuthenticatedDataStreamGenerator edGen = new CMSAuthenticatedDataStreamGenerator(); - * - * edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider("BC")); - * - * ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - * - * OutputStream out = edGen.open( - * bOut, new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider("BC").build());* - * out.write(data); - * - * out.close(); - * </pre> - */ -public class CMSAuthenticatedDataStreamGenerator - extends CMSAuthenticatedGenerator -{ - // Currently not handled -// private Object _originatorInfo = null; -// private Object _unprotectedAttributes = null; - private int bufferSize; - private boolean berEncodeRecipientSet; - private MacCalculator macCalculator; - - /** - * base constructor - */ - public CMSAuthenticatedDataStreamGenerator() - { - } - - /** - * Set the underlying string size for encapsulated data - * - * @param bufferSize length of octet strings to buffer the data. - */ - public void setBufferSize( - int bufferSize) - { - this.bufferSize = bufferSize; - } - - /** - * Use a BER Set to store the recipient information. By default recipients are - * stored in a DER encoding. - * - * @param useBerEncodingForRecipients true if a BER set should be used, false if DER. - */ - public void setBEREncodeRecipients( - boolean useBerEncodingForRecipients) - { - berEncodeRecipientSet = useBerEncodingForRecipients; - } - - /** - * generate an authenticated data structure with the encapsulated bytes marked as DATA. - * - * @param out the stream to store the authenticated structure in. - * @param macCalculator calculator for the MAC to be attached to the data. - */ - public OutputStream open( - OutputStream out, - MacCalculator macCalculator) - throws CMSException - { - return open(CMSObjectIdentifiers.data, out, macCalculator); - } - - public OutputStream open( - OutputStream out, - MacCalculator macCalculator, - DigestCalculator digestCalculator) - throws CMSException - { - return open(CMSObjectIdentifiers.data, out, macCalculator, digestCalculator); - } - - /** - * generate an authenticated data structure with the encapsulated bytes marked as type dataType. - * - * @param dataType the type of the data been written to the object. - * @param out the stream to store the authenticated structure in. - * @param macCalculator calculator for the MAC to be attached to the data. - */ - public OutputStream open( - ASN1ObjectIdentifier dataType, - OutputStream out, - MacCalculator macCalculator) - throws CMSException - { - return open(dataType, out, macCalculator, null); - } - - /** - * generate an authenticated data structure with the encapsulated bytes marked as type dataType. - * - * @param dataType the type of the data been written to the object. - * @param out the stream to store the authenticated structure in. - * @param macCalculator calculator for the MAC to be attached to the data. - * @param digestCalculator calculator for computing digest of the encapsulated data. - */ - public OutputStream open( - ASN1ObjectIdentifier dataType, - OutputStream out, - MacCalculator macCalculator, - DigestCalculator digestCalculator) - throws CMSException - { - this.macCalculator = macCalculator; - - try - { - ASN1EncodableVector recipientInfos = new ASN1EncodableVector(); - - for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();) - { - RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next(); - - recipientInfos.add(recipient.generate(macCalculator.getKey())); - } - - // - // ContentInfo - // - BERSequenceGenerator cGen = new BERSequenceGenerator(out); - - cGen.addObject(CMSObjectIdentifiers.authenticatedData); - - // - // Authenticated Data - // - BERSequenceGenerator authGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true); - - authGen.addObject(new ASN1Integer(AuthenticatedData.calculateVersion(originatorInfo))); - - if (originatorInfo != null) - { - authGen.addObject(new DERTaggedObject(false, 0, originatorInfo)); - } - - if (berEncodeRecipientSet) - { - authGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded()); - } - else - { - authGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded()); - } - - AlgorithmIdentifier macAlgId = macCalculator.getAlgorithmIdentifier(); - - authGen.getRawOutputStream().write(macAlgId.getEncoded()); - - if (digestCalculator != null) - { - authGen.addObject(new DERTaggedObject(false, 1, digestCalculator.getAlgorithmIdentifier())); - } - - BERSequenceGenerator eiGen = new BERSequenceGenerator(authGen.getRawOutputStream()); - - eiGen.addObject(dataType); - - OutputStream octetStream = CMSUtils.createBEROctetOutputStream( - eiGen.getRawOutputStream(), 0, false, bufferSize); - - OutputStream mOut; - - if (digestCalculator != null) - { - mOut = new TeeOutputStream(octetStream, digestCalculator.getOutputStream()); - } - else - { - mOut = new TeeOutputStream(octetStream, macCalculator.getOutputStream()); - } - - return new CmsAuthenticatedDataOutputStream(macCalculator, digestCalculator, dataType, mOut, cGen, authGen, eiGen); - } - catch (IOException e) - { - throw new CMSException("exception decoding algorithm parameters.", e); - } - } - - private class CmsAuthenticatedDataOutputStream - extends OutputStream - { - private OutputStream dataStream; - private BERSequenceGenerator cGen; - private BERSequenceGenerator envGen; - private BERSequenceGenerator eiGen; - private MacCalculator macCalculator; - private DigestCalculator digestCalculator; - private ASN1ObjectIdentifier contentType; - - public CmsAuthenticatedDataOutputStream( - MacCalculator macCalculator, - DigestCalculator digestCalculator, - ASN1ObjectIdentifier contentType, - OutputStream dataStream, - BERSequenceGenerator cGen, - BERSequenceGenerator envGen, - BERSequenceGenerator eiGen) - { - this.macCalculator = macCalculator; - this.digestCalculator = digestCalculator; - this.contentType = contentType; - this.dataStream = dataStream; - this.cGen = cGen; - this.envGen = envGen; - this.eiGen = eiGen; - } - - public void write( - int b) - throws IOException - { - dataStream.write(b); - } - - public void write( - byte[] bytes, - int off, - int len) - throws IOException - { - dataStream.write(bytes, off, len); - } - - public void write( - byte[] bytes) - throws IOException - { - dataStream.write(bytes); - } - - public void close() - throws IOException - { - dataStream.close(); - eiGen.close(); - - Map parameters; - - if (digestCalculator != null) - { - parameters = Collections.unmodifiableMap(getBaseParameters(contentType, digestCalculator.getAlgorithmIdentifier(), digestCalculator.getDigest())); - - if (authGen == null) - { - authGen = new DefaultAuthenticatedAttributeTableGenerator(); - } - - ASN1Set authed = new DERSet(authGen.getAttributes(parameters).toASN1EncodableVector()); - - OutputStream mOut = macCalculator.getOutputStream(); - - mOut.write(authed.getEncoded(ASN1Encoding.DER)); - - mOut.close(); - - envGen.addObject(new DERTaggedObject(false, 2, authed)); - } - else - { - parameters = Collections.unmodifiableMap(new HashMap()); - } - - envGen.addObject(new DEROctetString(macCalculator.getMac())); - - if (unauthGen != null) - { - envGen.addObject(new DERTaggedObject(false, 3, new BERSet(unauthGen.getAttributes(parameters).toASN1EncodableVector()))); - } - - envGen.close(); - cGen.close(); - } - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java deleted file mode 100644 index 6aadf1ec..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthenticatedGenerator.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.util.Arrays; - -public class CMSAuthenticatedGenerator - extends CMSEnvelopedGenerator -{ - protected CMSAttributeTableGenerator authGen; - protected CMSAttributeTableGenerator unauthGen; - - /** - * base constructor - */ - public CMSAuthenticatedGenerator() - { - } - - public void setAuthenticatedAttributeGenerator(CMSAttributeTableGenerator authGen) - { - this.authGen = authGen; - } - - public void setUnauthenticatedAttributeGenerator(CMSAttributeTableGenerator unauthGen) - { - this.unauthGen = unauthGen; - } - - protected Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) - { - Map param = new HashMap(); - param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); - param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); - return param; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedData.java deleted file mode 100644 index 3e44908d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedData.java +++ /dev/null @@ -1,107 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.cms.CompressedData; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.operator.InputExpander; -import org.bouncycastle.operator.InputExpanderProvider; - -/** - * containing class for an CMS Compressed Data object - * <pre> - * CMSCompressedData cd = new CMSCompressedData(inputStream); - * - * process(cd.getContent(new ZlibExpanderProvider())); - * </pre> - */ -public class CMSCompressedData -{ - ContentInfo contentInfo; - CompressedData comData; - - public CMSCompressedData( - byte[] compressedData) - throws CMSException - { - this(CMSUtils.readContentInfo(compressedData)); - } - - public CMSCompressedData( - InputStream compressedData) - throws CMSException - { - this(CMSUtils.readContentInfo(compressedData)); - } - - public CMSCompressedData( - ContentInfo contentInfo) - throws CMSException - { - this.contentInfo = contentInfo; - - try - { - this.comData = CompressedData.getInstance(contentInfo.getContent()); - } - catch (ClassCastException e) - { - throw new CMSException("Malformed content.", e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("Malformed content.", e); - } - } - - public ASN1ObjectIdentifier getContentType() - { - return contentInfo.getContentType(); - } - - /** - * Return the uncompressed content. - * - * @param expanderProvider a provider of expander algorithm implementations. - * @return the uncompressed content - * @throws CMSException if there is an exception un-compressing the data. - */ - public byte[] getContent(InputExpanderProvider expanderProvider) - throws CMSException - { - ContentInfo content = comData.getEncapContentInfo(); - - ASN1OctetString bytes = (ASN1OctetString)content.getContent(); - InputExpander expander = expanderProvider.get(comData.getCompressionAlgorithmIdentifier()); - InputStream zIn = expander.getInputStream(bytes.getOctetStream()); - - try - { - return CMSUtils.streamToByteArray(zIn); - } - catch (IOException e) - { - throw new CMSException("exception reading compressed stream.", e); - } - } - - /** - * return the ContentInfo - */ - public ContentInfo toASN1Structure() - { - return contentInfo; - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return contentInfo.getEncoded(); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java deleted file mode 100644 index d50391a1..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataGenerator.java +++ /dev/null @@ -1,74 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.CompressedData; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.OutputCompressor; - -/** - * General class for generating a compressed CMS message. - * <p> - * A simple example of usage. - * <p> - * <pre> - * CMSCompressedDataGenerator fact = new CMSCompressedDataGenerator(); - * - * CMSCompressedData data = fact.generate(content, new ZlibCompressor()); - * </pre> - */ -public class CMSCompressedDataGenerator -{ - public static final String ZLIB = "1.2.840.113549.1.9.16.3.8"; - - /** - * base constructor - */ - public CMSCompressedDataGenerator() - { - } - - /** - * generate an object that contains an CMS Compressed Data - */ - public CMSCompressedData generate( - CMSTypedData content, - OutputCompressor compressor) - throws CMSException - { - AlgorithmIdentifier comAlgId; - ASN1OctetString comOcts; - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - OutputStream zOut = compressor.getOutputStream(bOut); - - content.write(zOut); - - zOut.close(); - - comAlgId = compressor.getAlgorithmIdentifier(); - comOcts = new BEROctetString(bOut.toByteArray()); - } - catch (IOException e) - { - throw new CMSException("exception encoding data.", e); - } - - ContentInfo comContent = new ContentInfo( - content.getContentType(), comOcts); - - ContentInfo contentInfo = new ContentInfo( - CMSObjectIdentifiers.compressedData, - new CompressedData(comAlgId, comContent)); - - return new CMSCompressedData(contentInfo); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java b/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java deleted file mode 100644 index c3da87b7..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataParser.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1OctetStringParser; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.BERTags; -import org.bouncycastle.asn1.cms.CompressedDataParser; -import org.bouncycastle.asn1.cms.ContentInfoParser; -import org.bouncycastle.operator.InputExpander; -import org.bouncycastle.operator.InputExpanderProvider; - -/** - * Class for reading a CMS Compressed Data stream. - * <pre> - * CMSCompressedDataParser cp = new CMSCompressedDataParser(inputStream); - * - * process(cp.getContent(new ZlibExpanderProvider()).getContentStream()); - * </pre> - * Note: this class does not introduce buffering - if you are processing large files you should create - * the parser with: - * <pre> - * CMSCompressedDataParser ep = new CMSCompressedDataParser(new BufferedInputStream(inputStream, bufSize)); - * </pre> - * where bufSize is a suitably large buffer size. - */ -public class CMSCompressedDataParser - extends CMSContentInfoParser -{ - public CMSCompressedDataParser( - byte[] compressedData) - throws CMSException - { - this(new ByteArrayInputStream(compressedData)); - } - - public CMSCompressedDataParser( - InputStream compressedData) - throws CMSException - { - super(compressedData); - } - - /** - * Return a typed stream which will allow the reading of the compressed content in - * expanded form. - * - * @param expanderProvider a provider of expander algorithm implementations. - * @return a type stream which will yield the un-compressed content. - * @throws CMSException if there is an exception parsing the CompressedData object. - */ - public CMSTypedStream getContent(InputExpanderProvider expanderProvider) - throws CMSException - { - try - { - CompressedDataParser comData = new CompressedDataParser((ASN1SequenceParser)_contentInfo.getContent(BERTags.SEQUENCE)); - ContentInfoParser content = comData.getEncapContentInfo(); - InputExpander expander = expanderProvider.get(comData.getCompressionAlgorithmIdentifier()); - - ASN1OctetStringParser bytes = (ASN1OctetStringParser)content.getContent(BERTags.OCTET_STRING); - - return new CMSTypedStream(content.getContentType().getId(), expander.getInputStream(bytes.getOctetStream())); - } - catch (IOException e) - { - throw new CMSException("IOException reading compressed content.", e); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java deleted file mode 100644 index 8a34eb01..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java +++ /dev/null @@ -1,165 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.operator.OutputCompressor; - -/** - * General class for generating a compressed CMS message stream. - * <p> - * A simple example of usage. - * </p> - * <pre> - * CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator(); - * - * OutputStream cOut = gen.open(outputStream, new ZlibCompressor()); - * - * cOut.write(data); - * - * cOut.close(); - * </pre> - */ -public class CMSCompressedDataStreamGenerator -{ - public static final String ZLIB = "1.2.840.113549.1.9.16.3.8"; - - private int _bufferSize; - - /** - * base constructor - */ - public CMSCompressedDataStreamGenerator() - { - } - - /** - * Set the underlying string size for encapsulated data - * - * @param bufferSize length of octet strings to buffer the data. - */ - public void setBufferSize( - int bufferSize) - { - _bufferSize = bufferSize; - } - - /** - * Open a compressing output stream with the PKCS#7 content type OID of "data". - * - * @param out the stream to encode to. - * @param compressor the type of compressor to use. - * @return an output stream to write the data be compressed to. - * @throws IOException - */ - public OutputStream open( - OutputStream out, - OutputCompressor compressor) - throws IOException - { - return open(CMSObjectIdentifiers.data, out, compressor); - } - - /** - * Open a compressing output stream. - * - * @param contentOID the content type OID. - * @param out the stream to encode to. - * @param compressor the type of compressor to use. - * @return an output stream to write the data be compressed to. - * @throws IOException - */ - public OutputStream open( - ASN1ObjectIdentifier contentOID, - OutputStream out, - OutputCompressor compressor) - throws IOException - { - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.compressedData); - - // - // Compressed Data - // - BERSequenceGenerator cGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - cGen.addObject(new ASN1Integer(0)); - - // - // AlgorithmIdentifier - // - cGen.addObject(compressor.getAlgorithmIdentifier()); - - // - // Encapsulated ContentInfo - // - BERSequenceGenerator eiGen = new BERSequenceGenerator(cGen.getRawOutputStream()); - - eiGen.addObject(contentOID); - - OutputStream octetStream = CMSUtils.createBEROctetOutputStream( - eiGen.getRawOutputStream(), 0, true, _bufferSize); - - return new CmsCompressedOutputStream( - compressor.getOutputStream(octetStream), sGen, cGen, eiGen); - } - - private class CmsCompressedOutputStream - extends OutputStream - { - private OutputStream _out; - private BERSequenceGenerator _sGen; - private BERSequenceGenerator _cGen; - private BERSequenceGenerator _eiGen; - - CmsCompressedOutputStream( - OutputStream out, - BERSequenceGenerator sGen, - BERSequenceGenerator cGen, - BERSequenceGenerator eiGen) - { - _out = out; - _sGen = sGen; - _cGen = cGen; - _eiGen = eiGen; - } - - public void write( - int b) - throws IOException - { - _out.write(b); - } - - - public void write( - byte[] bytes, - int off, - int len) - throws IOException - { - _out.write(bytes, off, len); - } - - public void write( - byte[] bytes) - throws IOException - { - _out.write(bytes); - } - - public void close() - throws IOException - { - _out.close(); - _eiGen.close(); - _cGen.close(); - _sGen.close(); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSConfig.java b/pkix/src/main/java/org/bouncycastle/cms/CMSConfig.java deleted file mode 100644 index fd6782dc..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSConfig.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public class CMSConfig -{ - /** - * Set the mapping for the encryption algorithm used in association with a SignedData generation - * or interpretation. - * - * @param oid object identifier to map. - * @param algorithmName algorithm name to use. - */ - public static void setSigningEncryptionAlgorithmMapping(String oid, String algorithmName) - { - ASN1ObjectIdentifier id = new ASN1ObjectIdentifier(oid); - - CMSSignedHelper.INSTANCE.setSigningEncryptionAlgorithmMapping(id, algorithmName); - } - - /** - * Set the mapping for the digest algorithm to use in conjunction with a SignedData generation - * or interpretation. - * - * @param oid object identifier to map. - * @param algorithmName algorithm name to use. - */ - public static void setSigningDigestAlgorithmMapping(String oid, String algorithmName) - { - ASN1ObjectIdentifier id = new ASN1ObjectIdentifier(oid); - - CMSSignedHelper.INSTANCE.setSigningDigestAlgorithmMapping(id, algorithmName); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSContentInfoParser.java b/pkix/src/main/java/org/bouncycastle/cms/CMSContentInfoParser.java deleted file mode 100644 index a8e5a8da..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSContentInfoParser.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1StreamParser; -import org.bouncycastle.asn1.cms.ContentInfoParser; - -public class CMSContentInfoParser -{ - protected ContentInfoParser _contentInfo; - protected InputStream _data; - - protected CMSContentInfoParser( - InputStream data) - throws CMSException - { - _data = data; - - try - { - ASN1StreamParser in = new ASN1StreamParser(data); - - _contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject()); - } - catch (IOException e) - { - throw new CMSException("IOException reading content.", e); - } - catch (ClassCastException e) - { - throw new CMSException("Unexpected object reading content.", e); - } - } - - /** - * Close the underlying data stream. - * @throws IOException if the close fails. - */ - public void close() throws IOException - { - _data.close(); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSDigestedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSDigestedData.java deleted file mode 100644 index af486923..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSDigestedData.java +++ /dev/null @@ -1,136 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.DigestedData; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Arrays; - -/** - * containing class for an CMS Digested Data object - * <pre> - * CMSDigestedData cd = new CMSDigestedData(inputStream); - * - * - * process(cd.getContent()); - * </pre> - */ -public class CMSDigestedData -{ - private ContentInfo contentInfo; - private DigestedData digestedData; - - public CMSDigestedData( - byte[] compressedData) - throws CMSException - { - this(CMSUtils.readContentInfo(compressedData)); - } - - public CMSDigestedData( - InputStream compressedData) - throws CMSException - { - this(CMSUtils.readContentInfo(compressedData)); - } - - public CMSDigestedData( - ContentInfo contentInfo) - throws CMSException - { - this.contentInfo = contentInfo; - - try - { - this.digestedData = DigestedData.getInstance(contentInfo.getContent()); - } - catch (ClassCastException e) - { - throw new CMSException("Malformed content.", e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("Malformed content.", e); - } - } - - public ASN1ObjectIdentifier getContentType() - { - return contentInfo.getContentType(); - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - return digestedData.getDigestAlgorithm(); - } - - /** - * Return the digested content - * - * @return the digested content - * @throws CMSException if there is an exception un-compressing the data. - */ - public CMSProcessable getDigestedContent() - throws CMSException - { - ContentInfo content = digestedData.getEncapContentInfo(); - - try - { - return new CMSProcessableByteArray(content.getContentType(), ((ASN1OctetString)content.getContent()).getOctets()); - } - catch (Exception e) - { - throw new CMSException("exception reading digested stream.", e); - } - } - - /** - * return the ContentInfo - */ - public ContentInfo toASN1Structure() - { - return contentInfo; - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return contentInfo.getEncoded(); - } - - public boolean verify(DigestCalculatorProvider calculatorProvider) - throws CMSException - { - try - { - ContentInfo content = digestedData.getEncapContentInfo(); - DigestCalculator calc = calculatorProvider.get(digestedData.getDigestAlgorithm()); - - OutputStream dOut = calc.getOutputStream(); - - dOut.write(((ASN1OctetString)content.getContent()).getOctets()); - - return Arrays.areEqual(digestedData.getDigest(), calc.getDigest()); - } - catch (OperatorCreationException e) - { - throw new CMSException("unable to create digest calculator: " + e.getMessage(), e); - } - catch (IOException e) - { - throw new CMSException("unable process content: " + e.getMessage(), e); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedData.java deleted file mode 100644 index f96e7560..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedData.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; - -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.EncryptedData; -import org.bouncycastle.operator.InputDecryptor; -import org.bouncycastle.operator.InputDecryptorProvider; - -public class CMSEncryptedData -{ - private ContentInfo contentInfo; - private EncryptedData encryptedData; - - public CMSEncryptedData(ContentInfo contentInfo) - { - this.contentInfo = contentInfo; - - this.encryptedData = EncryptedData.getInstance(contentInfo.getContent()); - } - - public byte[] getContent(InputDecryptorProvider inputDecryptorProvider) - throws CMSException - { - try - { - return CMSUtils.streamToByteArray(getContentStream(inputDecryptorProvider).getContentStream()); - } - catch (IOException e) - { - throw new CMSException("unable to parse internal stream: " + e.getMessage(), e); - } - } - - public CMSTypedStream getContentStream(InputDecryptorProvider inputDecryptorProvider) - throws CMSException - { - try - { - EncryptedContentInfo encContentInfo = encryptedData.getEncryptedContentInfo(); - InputDecryptor decrytor = inputDecryptorProvider.get(encContentInfo.getContentEncryptionAlgorithm()); - - ByteArrayInputStream encIn = new ByteArrayInputStream(encContentInfo.getEncryptedContent().getOctets()); - - return new CMSTypedStream(encContentInfo.getContentType(), decrytor.getInputStream(encIn)); - } - catch (Exception e) - { - throw new CMSException("unable to create stream: " + e.getMessage(), e); - } - } - - /** - * return the ContentInfo - */ - public ContentInfo toASN1Structure() - { - return contentInfo; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedDataGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedDataGenerator.java deleted file mode 100644 index d12097ee..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedDataGenerator.java +++ /dev/null @@ -1,109 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.util.HashMap; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.EncryptedData; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.OutputEncryptor; - -/** - * General class for generating a CMS enveloped-data message. - * - * A simple example of usage. - * - * <pre> - * CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes()); - * - * CMSEncryptedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - * - * CMSEncryptedData ed = edGen.generate( - * msg, - * new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC) - * .setProvider("BC").build()); - * - * </pre> - */ -public class CMSEncryptedDataGenerator - extends CMSEncryptedGenerator -{ - /** - * base constructor - */ - public CMSEncryptedDataGenerator() - { - } - - private CMSEncryptedData doGenerate( - CMSTypedData content, - OutputEncryptor contentEncryptor) - throws CMSException - { - AlgorithmIdentifier encAlgId; - ASN1OctetString encContent; - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - OutputStream cOut = contentEncryptor.getOutputStream(bOut); - - content.write(cOut); - - cOut.close(); - } - catch (IOException e) - { - throw new CMSException(""); - } - - byte[] encryptedContent = bOut.toByteArray(); - - encAlgId = contentEncryptor.getAlgorithmIdentifier(); - - encContent = new BEROctetString(encryptedContent); - - EncryptedContentInfo eci = new EncryptedContentInfo( - content.getContentType(), - encAlgId, - encContent); - - ASN1Set unprotectedAttrSet = null; - if (unprotectedAttributeGenerator != null) - { - AttributeTable attrTable = unprotectedAttributeGenerator.getAttributes(new HashMap()); - - unprotectedAttrSet = new BERSet(attrTable.toASN1EncodableVector()); - } - - ContentInfo contentInfo = new ContentInfo( - CMSObjectIdentifiers.encryptedData, - new EncryptedData(eci, unprotectedAttrSet)); - - return new CMSEncryptedData(contentInfo); - } - - /** - * generate an encrypted object that contains an CMS Encrypted Data structure. - * - * @param content the content to be encrypted - * @param contentEncryptor the symmetric key based encryptor to encrypt the content with. - */ - public CMSEncryptedData generate( - CMSTypedData content, - OutputEncryptor contentEncryptor) - throws CMSException - { - return doGenerate(content, contentEncryptor); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedGenerator.java deleted file mode 100644 index eece6808..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEncryptedGenerator.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.cms; - -/** - * General class for generating a CMS encrypted-data message. - */ -public class CMSEncryptedGenerator -{ - protected CMSAttributeTableGenerator unprotectedAttributeGenerator = null; - - /** - * base constructor - */ - protected CMSEncryptedGenerator() - { - } - - public void setUnprotectedAttributeGenerator(CMSAttributeTableGenerator unprotectedAttributeGenerator) - { - this.unprotectedAttributeGenerator = unprotectedAttributeGenerator; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java deleted file mode 100644 index 56b96635..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedData.java +++ /dev/null @@ -1,206 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * containing class for an CMS Enveloped Data object - * <p> - * Example of use - assuming the first recipient matches the private key we have. - * <pre> - * CMSEnvelopedData ed = new CMSEnvelopedData(inputStream); - * - * RecipientInformationStore recipients = ed.getRecipientInfos(); - * - * Collection c = recipients.getRecipients(); - * Iterator it = c.iterator(); - * - * if (it.hasNext()) - * { - * RecipientInformation recipient = (RecipientInformation)it.next(); - * - * byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC")); - * - * processData(recData); - * } - * </pre> - */ -public class CMSEnvelopedData -{ - RecipientInformationStore recipientInfoStore; - ContentInfo contentInfo; - - private AlgorithmIdentifier encAlg; - private ASN1Set unprotectedAttributes; - private OriginatorInformation originatorInfo; - - public CMSEnvelopedData( - byte[] envelopedData) - throws CMSException - { - this(CMSUtils.readContentInfo(envelopedData)); - } - - public CMSEnvelopedData( - InputStream envelopedData) - throws CMSException - { - this(CMSUtils.readContentInfo(envelopedData)); - } - - /** - * Construct a CMSEnvelopedData object from a content info object. - * - * @param contentInfo the contentInfo containing the CMS EnvelopedData object. - * @throws CMSException in the case where malformed content is encountered. - */ - public CMSEnvelopedData( - ContentInfo contentInfo) - throws CMSException - { - this.contentInfo = contentInfo; - - try - { - EnvelopedData envData = EnvelopedData.getInstance(contentInfo.getContent()); - - if (envData.getOriginatorInfo() != null) - { - originatorInfo = new OriginatorInformation(envData.getOriginatorInfo()); - } - - // - // read the recipients - // - ASN1Set recipientInfos = envData.getRecipientInfos(); - - // - // read the encrypted content info - // - EncryptedContentInfo encInfo = envData.getEncryptedContentInfo(); - this.encAlg = encInfo.getContentEncryptionAlgorithm(); - CMSReadable readable = new CMSProcessableByteArray(encInfo.getEncryptedContent().getOctets()); - CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSEnvelopedSecureReadable( - this.encAlg, readable); - - // - // build the RecipientInformationStore - // - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore( - recipientInfos, this.encAlg, secureReadable); - - this.unprotectedAttributes = envData.getUnprotectedAttrs(); - } - catch (ClassCastException e) - { - throw new CMSException("Malformed content.", e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("Malformed content.", e); - } - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } - - /** - * Return the originator information associated with this message if present. - * - * @return OriginatorInformation, null if not present. - */ - public OriginatorInformation getOriginatorInfo() - { - return originatorInfo; - } - - /** - * Return the content encryption algorithm details for the data in this object. - * - * @return AlgorithmIdentifier representing the content encryption algorithm. - */ - public AlgorithmIdentifier getContentEncryptionAlgorithm() - { - return encAlg; - } - - /** - * return the object identifier for the content encryption algorithm. - */ - public String getEncryptionAlgOID() - { - return encAlg.getAlgorithm().getId(); - } - - /** - * return the ASN.1 encoded encryption algorithm parameters, or null if - * there aren't any. - */ - public byte[] getEncryptionAlgParams() - { - try - { - return encodeObj(encAlg.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * return a store of the intended recipients for this message - */ - public RecipientInformationStore getRecipientInfos() - { - return recipientInfoStore; - } - - /** - * return the ContentInfo - */ - public ContentInfo toASN1Structure() - { - return contentInfo; - } - - /** - * return a table of the unprotected attributes indexed by - * the OID of the attribute. - */ - public AttributeTable getUnprotectedAttributes() - { - if (unprotectedAttributes == null) - { - return null; - } - - return new AttributeTable(unprotectedAttributes); - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return contentInfo.getEncoded(); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java deleted file mode 100644 index 0038f90f..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.util.HashMap; -import java.util.Iterator; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OutputEncryptor; - -/** - * General class for generating a CMS enveloped-data message. - * - * A simple example of usage. - * - * <pre> - * CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes()); - * - * CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - * - * edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC")); - * - * CMSEnvelopedData ed = edGen.generate( - * msg, - * new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC) - * .setProvider("BC").build()); - * - * </pre> - */ -public class CMSEnvelopedDataGenerator - extends CMSEnvelopedGenerator -{ - /** - * base constructor - */ - public CMSEnvelopedDataGenerator() - { - } - - private CMSEnvelopedData doGenerate( - CMSTypedData content, - OutputEncryptor contentEncryptor) - throws CMSException - { - if (!oldRecipientInfoGenerators.isEmpty()) - { - throw new IllegalStateException("can only use addRecipientGenerator() with this method"); - } - - ASN1EncodableVector recipientInfos = new ASN1EncodableVector(); - AlgorithmIdentifier encAlgId; - ASN1OctetString encContent; - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - OutputStream cOut = contentEncryptor.getOutputStream(bOut); - - content.write(cOut); - - cOut.close(); - } - catch (IOException e) - { - throw new CMSException(""); - } - - byte[] encryptedContent = bOut.toByteArray(); - - encAlgId = contentEncryptor.getAlgorithmIdentifier(); - - encContent = new BEROctetString(encryptedContent); - - GenericKey encKey = contentEncryptor.getKey(); - - for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();) - { - RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next(); - - recipientInfos.add(recipient.generate(encKey)); - } - - EncryptedContentInfo eci = new EncryptedContentInfo( - content.getContentType(), - encAlgId, - encContent); - - ASN1Set unprotectedAttrSet = null; - if (unprotectedAttributeGenerator != null) - { - AttributeTable attrTable = unprotectedAttributeGenerator.getAttributes(new HashMap()); - - unprotectedAttrSet = new BERSet(attrTable.toASN1EncodableVector()); - } - - ContentInfo contentInfo = new ContentInfo( - CMSObjectIdentifiers.envelopedData, - new EnvelopedData(originatorInfo, new DERSet(recipientInfos), eci, unprotectedAttrSet)); - - return new CMSEnvelopedData(contentInfo); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * - * @param content the content to be encrypted - * @param contentEncryptor the symmetric key based encryptor to encrypt the content with. - */ - public CMSEnvelopedData generate( - CMSTypedData content, - OutputEncryptor contentEncryptor) - throws CMSException - { - return doGenerate(content, contentEncryptor); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java deleted file mode 100644 index 67c9d913..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataParser.java +++ /dev/null @@ -1,208 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetStringParser; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.BERTags; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.EncryptedContentInfoParser; -import org.bouncycastle.asn1.cms.EnvelopedDataParser; -import org.bouncycastle.asn1.cms.OriginatorInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * Parsing class for an CMS Enveloped Data object from an input stream. - * <p> - * Note: that because we are in a streaming mode only one recipient can be tried and it is important - * that the methods on the parser are called in the appropriate order. - * </p> - * <p> - * Example of use - assuming the first recipient matches the private key we have. - * <pre> - * CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(inputStream); - * - * RecipientInformationStore recipients = ep.getRecipientInfos(); - * - * Collection c = recipients.getRecipients(); - * Iterator it = c.iterator(); - * - * if (it.hasNext()) - * { - * RecipientInformation recipient = (RecipientInformation)it.next(); - * - * CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC")); - * - * processDataStream(recData.getContentStream()); - * } - * </pre> - * Note: this class does not introduce buffering - if you are processing large files you should create - * the parser with: - * <pre> - * CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(new BufferedInputStream(inputStream, bufSize)); - * </pre> - * where bufSize is a suitably large buffer size. - */ -public class CMSEnvelopedDataParser - extends CMSContentInfoParser -{ - RecipientInformationStore recipientInfoStore; - EnvelopedDataParser envelopedData; - - private AlgorithmIdentifier encAlg; - private AttributeTable unprotectedAttributes; - private boolean attrNotRead; - private OriginatorInformation originatorInfo; - - public CMSEnvelopedDataParser( - byte[] envelopedData) - throws CMSException, IOException - { - this(new ByteArrayInputStream(envelopedData)); - } - - public CMSEnvelopedDataParser( - InputStream envelopedData) - throws CMSException, IOException - { - super(envelopedData); - - this.attrNotRead = true; - this.envelopedData = new EnvelopedDataParser((ASN1SequenceParser)_contentInfo.getContent(BERTags.SEQUENCE)); - - // TODO Validate version? - //ASN1Integer version = this._envelopedData.getVersion(); - - OriginatorInfo info = this.envelopedData.getOriginatorInfo(); - - if (info != null) - { - this.originatorInfo = new OriginatorInformation(info); - } - - // - // read the recipients - // - ASN1Set recipientInfos = ASN1Set.getInstance(this.envelopedData.getRecipientInfos().toASN1Primitive()); - - // - // read the encrypted content info - // - EncryptedContentInfoParser encInfo = this.envelopedData.getEncryptedContentInfo(); - this.encAlg = encInfo.getContentEncryptionAlgorithm(); - CMSReadable readable = new CMSProcessableInputStream( - ((ASN1OctetStringParser)encInfo.getEncryptedContent(BERTags.OCTET_STRING)).getOctetStream()); - CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSEnvelopedSecureReadable( - this.encAlg, readable); - - // - // build the RecipientInformationStore - // - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore( - recipientInfos, this.encAlg, secureReadable); - } - - /** - * return the object identifier for the content encryption algorithm. - */ - public String getEncryptionAlgOID() - { - return encAlg.getAlgorithm().toString(); - } - - /** - * return the ASN.1 encoded encryption algorithm parameters, or null if - * there aren't any. - */ - public byte[] getEncryptionAlgParams() - { - try - { - return encodeObj(encAlg.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * Return the content encryption algorithm details for the data in this object. - * - * @return AlgorithmIdentifier representing the content encryption algorithm. - */ - public AlgorithmIdentifier getContentEncryptionAlgorithm() - { - return encAlg; - } - - /** - * Return the originator information associated with this message if present. - * - * @return OriginatorInformation, null if not present. - */ - public OriginatorInformation getOriginatorInfo() - { - return originatorInfo; - } - - /** - * return a store of the intended recipients for this message - */ - public RecipientInformationStore getRecipientInfos() - { - return recipientInfoStore; - } - - /** - * return a table of the unprotected attributes indexed by - * the OID of the attribute. - * @exception IOException - */ - public AttributeTable getUnprotectedAttributes() - throws IOException - { - if (unprotectedAttributes == null && attrNotRead) - { - ASN1SetParser set = envelopedData.getUnprotectedAttrs(); - - attrNotRead = false; - - if (set != null) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - ASN1Encodable o; - - while ((o = set.readObject()) != null) - { - ASN1SequenceParser seq = (ASN1SequenceParser)o; - - v.add(seq.toASN1Primitive()); - } - - unprotectedAttributes = new AttributeTable(new DERSet(v)); - } - } - - return unprotectedAttributes; - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java deleted file mode 100644 index 92abca00..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java +++ /dev/null @@ -1,305 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.HashMap; -import java.util.Iterator; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OutputEncryptor; - -/** - * General class for generating a CMS enveloped-data message stream. - * <p> - * A simple example of usage. - * <pre> - * CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - * - * edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC")); - * - * ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - * - * OutputStream out = edGen.open( - * bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC) - * .setProvider("BC").build()); - * out.write(data); - * - * out.close(); - * </pre> - */ -public class CMSEnvelopedDataStreamGenerator - extends CMSEnvelopedGenerator -{ - private ASN1Set _unprotectedAttributes = null; - private int _bufferSize; - private boolean _berEncodeRecipientSet; - - /** - * base constructor - */ - public CMSEnvelopedDataStreamGenerator() - { - } - - /** - * Set the underlying string size for encapsulated data - * - * @param bufferSize length of octet strings to buffer the data. - */ - public void setBufferSize( - int bufferSize) - { - _bufferSize = bufferSize; - } - - /** - * Use a BER Set to store the recipient information - */ - public void setBEREncodeRecipients( - boolean berEncodeRecipientSet) - { - _berEncodeRecipientSet = berEncodeRecipientSet; - } - - private ASN1Integer getVersion() - { - if (originatorInfo != null || _unprotectedAttributes != null) - { - return new ASN1Integer(2); - } - else - { - return new ASN1Integer(0); - } - } - - private OutputStream doOpen( - ASN1ObjectIdentifier dataType, - OutputStream out, - OutputEncryptor encryptor) - throws IOException, CMSException - { - ASN1EncodableVector recipientInfos = new ASN1EncodableVector(); - GenericKey encKey = encryptor.getKey(); - Iterator it = recipientInfoGenerators.iterator(); - - while (it.hasNext()) - { - RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next(); - - recipientInfos.add(recipient.generate(encKey)); - } - - return open(dataType, out, recipientInfos, encryptor); - } - - protected OutputStream open( - ASN1ObjectIdentifier dataType, - OutputStream out, - ASN1EncodableVector recipientInfos, - OutputEncryptor encryptor) - throws IOException - { - // - // ContentInfo - // - BERSequenceGenerator cGen = new BERSequenceGenerator(out); - - cGen.addObject(CMSObjectIdentifiers.envelopedData); - - // - // Encrypted Data - // - BERSequenceGenerator envGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true); - - envGen.addObject(getVersion()); - - if (originatorInfo != null) - { - envGen.addObject(new DERTaggedObject(false, 0, originatorInfo)); - } - - if (_berEncodeRecipientSet) - { - envGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded()); - } - else - { - envGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded()); - } - - BERSequenceGenerator eiGen = new BERSequenceGenerator(envGen.getRawOutputStream()); - - eiGen.addObject(dataType); - - AlgorithmIdentifier encAlgId = encryptor.getAlgorithmIdentifier(); - - eiGen.getRawOutputStream().write(encAlgId.getEncoded()); - - OutputStream octetStream = CMSUtils.createBEROctetOutputStream( - eiGen.getRawOutputStream(), 0, false, _bufferSize); - - OutputStream cOut = encryptor.getOutputStream(octetStream); - - return new CmsEnvelopedDataOutputStream(cOut, cGen, envGen, eiGen); - } - - protected OutputStream open( - OutputStream out, - ASN1EncodableVector recipientInfos, - OutputEncryptor encryptor) - throws CMSException - { - try - { - // - // ContentInfo - // - BERSequenceGenerator cGen = new BERSequenceGenerator(out); - - cGen.addObject(CMSObjectIdentifiers.envelopedData); - - // - // Encrypted Data - // - BERSequenceGenerator envGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true); - - ASN1Set recipients; - if (_berEncodeRecipientSet) - { - recipients = new BERSet(recipientInfos); - } - else - { - recipients = new DERSet(recipientInfos); - } - - envGen.addObject(new ASN1Integer(EnvelopedData.calculateVersion(originatorInfo, recipients, _unprotectedAttributes))); - - if (originatorInfo != null) - { - envGen.addObject(new DERTaggedObject(false, 0, originatorInfo)); - } - - envGen.getRawOutputStream().write(recipients.getEncoded()); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(envGen.getRawOutputStream()); - - eiGen.addObject(CMSObjectIdentifiers.data); - - AlgorithmIdentifier encAlgId = encryptor.getAlgorithmIdentifier(); - - eiGen.getRawOutputStream().write(encAlgId.getEncoded()); - - OutputStream octetStream = CMSUtils.createBEROctetOutputStream( - eiGen.getRawOutputStream(), 0, false, _bufferSize); - - return new CmsEnvelopedDataOutputStream(encryptor.getOutputStream(octetStream), cGen, envGen, eiGen); - } - catch (IOException e) - { - throw new CMSException("exception decoding algorithm parameters.", e); - } - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given encryptor. - */ - public OutputStream open( - OutputStream out, - OutputEncryptor encryptor) - throws CMSException, IOException - { - return doOpen(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), out, encryptor); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given encryptor and marking the data as being of the passed - * in type. - */ - public OutputStream open( - ASN1ObjectIdentifier dataType, - OutputStream out, - OutputEncryptor encryptor) - throws CMSException, IOException - { - return doOpen(dataType, out, encryptor); - } - - private class CmsEnvelopedDataOutputStream - extends OutputStream - { - private OutputStream _out; - private BERSequenceGenerator _cGen; - private BERSequenceGenerator _envGen; - private BERSequenceGenerator _eiGen; - - public CmsEnvelopedDataOutputStream( - OutputStream out, - BERSequenceGenerator cGen, - BERSequenceGenerator envGen, - BERSequenceGenerator eiGen) - { - _out = out; - _cGen = cGen; - _envGen = envGen; - _eiGen = eiGen; - } - - public void write( - int b) - throws IOException - { - _out.write(b); - } - - public void write( - byte[] bytes, - int off, - int len) - throws IOException - { - _out.write(bytes, off, len); - } - - public void write( - byte[] bytes) - throws IOException - { - _out.write(bytes); - } - - public void close() - throws IOException - { - _out.close(); - _eiGen.close(); - - if (unprotectedAttributeGenerator != null) - { - AttributeTable attrTable = unprotectedAttributeGenerator.getAttributes(new HashMap()); - - ASN1Set unprotectedAttrs = new BERSet(attrTable.toASN1EncodableVector()); - - _envGen.addObject(new DERTaggedObject(false, 1, unprotectedAttrs)); - } - - _envGen.close(); - _cGen.close(); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java deleted file mode 100644 index 012b440a..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedGenerator.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.ArrayList; -import java.util.List; - -import org.bouncycastle.asn1.cms.OriginatorInfo; -import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - -/** - * General class for generating a CMS enveloped-data message. - */ -public class CMSEnvelopedGenerator -{ - public static final String DES_EDE3_CBC = PKCSObjectIdentifiers.des_EDE3_CBC.getId(); - public static final String RC2_CBC = PKCSObjectIdentifiers.RC2_CBC.getId(); - public static final String IDEA_CBC = "1.3.6.1.4.1.188.7.1.1.2"; - public static final String CAST5_CBC = "1.2.840.113533.7.66.10"; - public static final String AES128_CBC = NISTObjectIdentifiers.id_aes128_CBC.getId(); - public static final String AES192_CBC = NISTObjectIdentifiers.id_aes192_CBC.getId(); - public static final String AES256_CBC = NISTObjectIdentifiers.id_aes256_CBC.getId(); - public static final String CAMELLIA128_CBC = NTTObjectIdentifiers.id_camellia128_cbc.getId(); - public static final String CAMELLIA192_CBC = NTTObjectIdentifiers.id_camellia192_cbc.getId(); - public static final String CAMELLIA256_CBC = NTTObjectIdentifiers.id_camellia256_cbc.getId(); - public static final String SEED_CBC = KISAObjectIdentifiers.id_seedCBC.getId(); - - public static final String DES_EDE3_WRAP = PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(); - public static final String AES128_WRAP = NISTObjectIdentifiers.id_aes128_wrap.getId(); - public static final String AES192_WRAP = NISTObjectIdentifiers.id_aes192_wrap.getId(); - public static final String AES256_WRAP = NISTObjectIdentifiers.id_aes256_wrap.getId(); - public static final String CAMELLIA128_WRAP = NTTObjectIdentifiers.id_camellia128_wrap.getId(); - public static final String CAMELLIA192_WRAP = NTTObjectIdentifiers.id_camellia192_wrap.getId(); - public static final String CAMELLIA256_WRAP = NTTObjectIdentifiers.id_camellia256_wrap.getId(); - public static final String SEED_WRAP = KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap.getId(); - - public static final String ECDH_SHA1KDF = X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme.getId(); - public static final String ECMQV_SHA1KDF = X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme.getId(); - - final List oldRecipientInfoGenerators = new ArrayList(); - final List recipientInfoGenerators = new ArrayList(); - - protected CMSAttributeTableGenerator unprotectedAttributeGenerator = null; - - protected OriginatorInfo originatorInfo; - - /** - * base constructor - */ - public CMSEnvelopedGenerator() - { - } - - public void setUnprotectedAttributeGenerator(CMSAttributeTableGenerator unprotectedAttributeGenerator) - { - this.unprotectedAttributeGenerator = unprotectedAttributeGenerator; - } - - public void setOriginatorInfo(OriginatorInformation originatorInfo) - { - this.originatorInfo = originatorInfo.toASN1Structure(); - } - - /** - * Add a generator to produce the recipient info required. - * - * @param recipientGenerator a generator of a recipient info object. - */ - public void addRecipientInfoGenerator(RecipientInfoGenerator recipientGenerator) - { - recipientInfoGenerators.add(recipientGenerator); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java b/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java deleted file mode 100644 index 91727062..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSEnvelopedHelper.java +++ /dev/null @@ -1,203 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.cms.KEKRecipientInfo; -import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo; -import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; -import org.bouncycastle.asn1.cms.PasswordRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.util.Integers; - -class CMSEnvelopedHelper -{ - static final CMSEnvelopedHelper INSTANCE = new CMSEnvelopedHelper(); - - private static final Map KEYSIZES = new HashMap(); - private static final Map BASE_CIPHER_NAMES = new HashMap(); - private static final Map CIPHER_ALG_NAMES = new HashMap(); - private static final Map MAC_ALG_NAMES = new HashMap(); - - static - { - KEYSIZES.put(CMSEnvelopedGenerator.DES_EDE3_CBC, Integers.valueOf(192)); - KEYSIZES.put(CMSEnvelopedGenerator.AES128_CBC, Integers.valueOf(128)); - KEYSIZES.put(CMSEnvelopedGenerator.AES192_CBC, Integers.valueOf(192)); - KEYSIZES.put(CMSEnvelopedGenerator.AES256_CBC, Integers.valueOf(256)); - - BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC, "DESEDE"); - BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES128_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES192_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES256_CBC, "AES"); - - CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES128_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES192_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES256_CBC, "AES/CBC/PKCS5Padding"); - - MAC_ALG_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC, "DESEDEMac"); - MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES128_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES192_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES256_CBC, "AESMac"); - } - - - - int getKeySize(String oid) - { - Integer keySize = (Integer)KEYSIZES.get(oid); - - if (keySize == null) - { - throw new IllegalArgumentException("no keysize for " + oid); - } - - return keySize.intValue(); - } - - - - static RecipientInformationStore buildRecipientInformationStore( - ASN1Set recipientInfos, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable) - { - return buildRecipientInformationStore(recipientInfos, messageAlgorithm, secureReadable, null); - } - - static RecipientInformationStore buildRecipientInformationStore( - ASN1Set recipientInfos, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData) - { - List infos = new ArrayList(); - for (int i = 0; i != recipientInfos.size(); i++) - { - RecipientInfo info = RecipientInfo.getInstance(recipientInfos.getObjectAt(i)); - - readRecipientInfo(infos, info, messageAlgorithm, secureReadable, additionalData); - } - return new RecipientInformationStore(infos); - } - - private static void readRecipientInfo( - List infos, RecipientInfo info, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData) - { - ASN1Encodable recipInfo = info.getInfo(); - if (recipInfo instanceof KeyTransRecipientInfo) - { - infos.add(new KeyTransRecipientInformation( - (KeyTransRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData)); - } - else if (recipInfo instanceof KEKRecipientInfo) - { - infos.add(new KEKRecipientInformation( - (KEKRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData)); - } - else if (recipInfo instanceof KeyAgreeRecipientInfo) - { - KeyAgreeRecipientInformation.readRecipientInfo(infos, - (KeyAgreeRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData); - } - else if (recipInfo instanceof PasswordRecipientInfo) - { - infos.add(new PasswordRecipientInformation( - (PasswordRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData)); - } - } - - static class CMSDigestAuthenticatedSecureReadable - implements CMSSecureReadable - { - private DigestCalculator digestCalculator; - private CMSReadable readable; - - public CMSDigestAuthenticatedSecureReadable(DigestCalculator digestCalculator, CMSReadable readable) - { - this.digestCalculator = digestCalculator; - this.readable = readable; - } - - public InputStream getInputStream() - throws IOException, CMSException - { - return new FilterInputStream(readable.getInputStream()) - { - public int read() - throws IOException - { - int b = in.read(); - - if (b >= 0) - { - digestCalculator.getOutputStream().write(b); - } - - return b; - } - - public int read(byte[] inBuf, int inOff, int inLen) - throws IOException - { - int n = in.read(inBuf, inOff, inLen); - - if (n >= 0) - { - digestCalculator.getOutputStream().write(inBuf, inOff, n); - } - - return n; - } - }; - } - - public byte[] getDigest() - { - return digestCalculator.getDigest(); - } - } - - static class CMSAuthenticatedSecureReadable implements CMSSecureReadable - { - private AlgorithmIdentifier algorithm; - private CMSReadable readable; - - CMSAuthenticatedSecureReadable(AlgorithmIdentifier algorithm, CMSReadable readable) - { - this.algorithm = algorithm; - this.readable = readable; - } - - public InputStream getInputStream() - throws IOException, CMSException - { - return readable.getInputStream(); - } - - } - - static class CMSEnvelopedSecureReadable implements CMSSecureReadable - { - private AlgorithmIdentifier algorithm; - private CMSReadable readable; - - CMSEnvelopedSecureReadable(AlgorithmIdentifier algorithm, CMSReadable readable) - { - this.algorithm = algorithm; - this.readable = readable; - } - - public InputStream getInputStream() - throws IOException, CMSException - { - return readable.getInputStream(); - } - - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSException.java b/pkix/src/main/java/org/bouncycastle/cms/CMSException.java deleted file mode 100644 index 04bbd69c..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSException.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.cms; - -public class CMSException - extends Exception -{ - Exception e; - - public CMSException( - String msg) - { - super(msg); - } - - public CMSException( - String msg, - Exception e) - { - super(msg); - - this.e = e; - } - - public Exception getUnderlyingException() - { - return e; - } - - public Throwable getCause() - { - return e; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSProcessable.java b/pkix/src/main/java/org/bouncycastle/cms/CMSProcessable.java deleted file mode 100644 index 9f34b9a1..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSProcessable.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; - -/** - * Use CMSTypedData instead of this. See CMSProcessableFile/ByteArray for defaults. - */ -public interface CMSProcessable -{ - /** - * generic routine to copy out the data we want processed - the OutputStream - * passed in will do the handling on it's own. - * <p> - * Note: this routine may be called multiple times. - */ - public void write(OutputStream out) - throws IOException, CMSException; - - public Object getContent(); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java b/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java deleted file mode 100644 index 1c79a941..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableByteArray.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.util.Arrays; - -/** - * a holding class for a byte array of data to be processed. - */ -public class CMSProcessableByteArray - implements CMSTypedData, CMSReadable -{ - private final ASN1ObjectIdentifier type; - private final byte[] bytes; - - public CMSProcessableByteArray( - byte[] bytes) - { - this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), bytes); - } - - public CMSProcessableByteArray( - ASN1ObjectIdentifier type, - byte[] bytes) - { - this.type = type; - this.bytes = bytes; - } - - public InputStream getInputStream() - { - return new ByteArrayInputStream(bytes); - } - - public void write(OutputStream zOut) - throws IOException, CMSException - { - zOut.write(bytes); - } - - public Object getContent() - { - return Arrays.clone(bytes); - } - - public ASN1ObjectIdentifier getContentType() - { - return type; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableFile.java b/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableFile.java deleted file mode 100644 index b1e45277..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableFile.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; - -/** - * a holding class for a file of data to be processed. - */ -public class CMSProcessableFile - implements CMSTypedData, CMSReadable -{ - private static final int DEFAULT_BUF_SIZE = 32 * 1024; - - private final ASN1ObjectIdentifier type; - private final File file; - private final byte[] buf; - - public CMSProcessableFile( - File file) - { - this(file, DEFAULT_BUF_SIZE); - } - - public CMSProcessableFile( - File file, - int bufSize) - { - this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), file, bufSize); - } - - public CMSProcessableFile( - ASN1ObjectIdentifier type, - File file, - int bufSize) - { - this.type = type; - this.file = file; - buf = new byte[bufSize]; - } - - public InputStream getInputStream() - throws IOException, CMSException - { - return new BufferedInputStream(new FileInputStream(file), DEFAULT_BUF_SIZE); - } - - public void write(OutputStream zOut) - throws IOException, CMSException - { - FileInputStream fIn = new FileInputStream(file); - int len; - - while ((len = fIn.read(buf, 0, buf.length)) > 0) - { - zOut.write(buf, 0, len); - } - - fIn.close(); - } - - /** - * Return the file handle. - */ - public Object getContent() - { - return file; - } - - public ASN1ObjectIdentifier getContentType() - { - return type; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableInputStream.java b/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableInputStream.java deleted file mode 100644 index a73e2329..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSProcessableInputStream.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -import org.bouncycastle.util.io.Streams; - -class CMSProcessableInputStream implements CMSProcessable, CMSReadable -{ - private InputStream input; - private boolean used = false; - - public CMSProcessableInputStream( - InputStream input) - { - this.input = input; - } - - public InputStream getInputStream() - { - checkSingleUsage(); - - return input; - } - - public void write(OutputStream zOut) - throws IOException, CMSException - { - checkSingleUsage(); - - Streams.pipeAll(input, zOut); - input.close(); - } - - public Object getContent() - { - return getInputStream(); - } - - private synchronized void checkSingleUsage() - { - if (used) - { - throw new IllegalStateException("CMSProcessableInputStream can only be used once"); - } - - used = true; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSReadable.java b/pkix/src/main/java/org/bouncycastle/cms/CMSReadable.java deleted file mode 100644 index ca867666..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSReadable.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; - -interface CMSReadable -{ - public InputStream getInputStream() - throws IOException, CMSException; -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSRuntimeException.java b/pkix/src/main/java/org/bouncycastle/cms/CMSRuntimeException.java deleted file mode 100644 index d9f8acc0..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSRuntimeException.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.cms; - -public class CMSRuntimeException - extends RuntimeException -{ - Exception e; - - public CMSRuntimeException( - String name) - { - super(name); - } - - public CMSRuntimeException( - String name, - Exception e) - { - super(name); - - this.e = e; - } - - public Exception getUnderlyingException() - { - return e; - } - - public Throwable getCause() - { - return e; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSecureReadable.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSecureReadable.java deleted file mode 100644 index 620d1236..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSecureReadable.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; - -interface CMSSecureReadable -{ - InputStream getInputStream() - throws IOException, CMSException; -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignatureAlgorithmNameGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignatureAlgorithmNameGenerator.java deleted file mode 100644 index 59d6ce8b..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignatureAlgorithmNameGenerator.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public interface CMSSignatureAlgorithmNameGenerator -{ - /** - * Return the digest algorithm using one of the standard string - * representations rather than the algorithm object identifier (if possible). - * - * @param digestAlg the digest algorithm id. - * @param encryptionAlg the encryption, or signing, algorithm id. - */ - String getSignatureName(AlgorithmIdentifier digestAlg, AlgorithmIdentifier encryptionAlg); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignatureEncryptionAlgorithmFinder.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignatureEncryptionAlgorithmFinder.java deleted file mode 100644 index b1cd91fd..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignatureEncryptionAlgorithmFinder.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * Finder which is used to look up the algorithm identifiers representing the encryption algorithms that - * are associated with a particular signature algorithm. - */ -public interface CMSSignatureEncryptionAlgorithmFinder -{ - /** - * Return the encryption algorithm identifier associated with the passed in signatureAlgorithm - * @param signatureAlgorithm the algorithm identifier of the signature of interest - * @return the algorithm identifier to be associated with the encryption algorithm used in signature creation. - */ - AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java deleted file mode 100644 index a17d7909..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ /dev/null @@ -1,543 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.SignedData; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; -import org.bouncycastle.util.Store; - -/** - * general class for handling a pkcs7-signature message. - * - * A simple example of usage - note, in the example below the validity of - * the certificate isn't verified, just the fact that one of the certs - * matches the given signer... - * - * <pre> - * Store certStore = s.getCertificates(); - * SignerInformationStore signers = s.getSignerInfos(); - * Collection c = signers.getSigners(); - * Iterator it = c.iterator(); - * - * while (it.hasNext()) - * { - * SignerInformation signer = (SignerInformation)it.next(); - * Collection certCollection = certStore.getMatches(signer.getSID()); - * - * Iterator certIt = certCollection.iterator(); - * X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - * - * if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) - * { - * verified++; - * } - * } - * </pre> - */ -public class CMSSignedData -{ - private static final CMSSignedHelper HELPER = CMSSignedHelper.INSTANCE; - - SignedData signedData; - ContentInfo contentInfo; - CMSTypedData signedContent; - SignerInformationStore signerInfoStore; - - private Map hashes; - - private CMSSignedData( - CMSSignedData c) - { - this.signedData = c.signedData; - this.contentInfo = c.contentInfo; - this.signedContent = c.signedContent; - this.signerInfoStore = c.signerInfoStore; - } - - public CMSSignedData( - byte[] sigBlock) - throws CMSException - { - this(CMSUtils.readContentInfo(sigBlock)); - } - - public CMSSignedData( - CMSProcessable signedContent, - byte[] sigBlock) - throws CMSException - { - this(signedContent, CMSUtils.readContentInfo(sigBlock)); - } - - /** - * Content with detached signature, digests precomputed - * - * @param hashes a map of precomputed digests for content indexed by name of hash. - * @param sigBlock the signature object. - */ - public CMSSignedData( - Map hashes, - byte[] sigBlock) - throws CMSException - { - this(hashes, CMSUtils.readContentInfo(sigBlock)); - } - - /** - * base constructor - content with detached signature. - * - * @param signedContent the content that was signed. - * @param sigData the signature object. - */ - public CMSSignedData( - CMSProcessable signedContent, - InputStream sigData) - throws CMSException - { - this(signedContent, CMSUtils.readContentInfo(new ASN1InputStream(sigData))); - } - - /** - * base constructor - with encapsulated content - */ - public CMSSignedData( - InputStream sigData) - throws CMSException - { - this(CMSUtils.readContentInfo(sigData)); - } - - public CMSSignedData( - final CMSProcessable signedContent, - ContentInfo sigData) - throws CMSException - { - if (signedContent instanceof CMSTypedData) - { - this.signedContent = (CMSTypedData)signedContent; - } - else - { - this.signedContent = new CMSTypedData() - { - public ASN1ObjectIdentifier getContentType() - { - return signedData.getEncapContentInfo().getContentType(); - } - - public void write(OutputStream out) - throws IOException, CMSException - { - signedContent.write(out); - } - - public Object getContent() - { - return signedContent.getContent(); - } - }; - } - - this.contentInfo = sigData; - this.signedData = getSignedData(); - } - - public CMSSignedData( - Map hashes, - ContentInfo sigData) - throws CMSException - { - this.hashes = hashes; - this.contentInfo = sigData; - this.signedData = getSignedData(); - } - - public CMSSignedData( - ContentInfo sigData) - throws CMSException - { - this.contentInfo = sigData; - this.signedData = getSignedData(); - - // - // this can happen if the signed message is sent simply to send a - // certificate chain. - // - if (signedData.getEncapContentInfo().getContent() != null) - { - this.signedContent = new CMSProcessableByteArray(signedData.getEncapContentInfo().getContentType(), - ((ASN1OctetString)(signedData.getEncapContentInfo() - .getContent())).getOctets()); - } - else - { - this.signedContent = null; - } - } - - private SignedData getSignedData() - throws CMSException - { - try - { - return SignedData.getInstance(contentInfo.getContent()); - } - catch (ClassCastException e) - { - throw new CMSException("Malformed content.", e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("Malformed content.", e); - } - } - - /** - * Return the version number for this object - */ - public int getVersion() - { - return signedData.getVersion().getValue().intValue(); - } - - /** - * return the collection of signers that are associated with the - * signatures for the message. - */ - public SignerInformationStore getSignerInfos() - { - if (signerInfoStore == null) - { - ASN1Set s = signedData.getSignerInfos(); - List signerInfos = new ArrayList(); - SignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - - for (int i = 0; i != s.size(); i++) - { - SignerInfo info = SignerInfo.getInstance(s.getObjectAt(i)); - ASN1ObjectIdentifier contentType = signedData.getEncapContentInfo().getContentType(); - - if (hashes == null) - { - signerInfos.add(new SignerInformation(info, contentType, signedContent, null)); - } - else - { - Object obj = hashes.keySet().iterator().next(); - byte[] hash = (obj instanceof String) ? (byte[])hashes.get(info.getDigestAlgorithm().getAlgorithm().getId()) : (byte[])hashes.get(info.getDigestAlgorithm().getAlgorithm()); - - signerInfos.add(new SignerInformation(info, contentType, null, hash)); - } - } - - signerInfoStore = new SignerInformationStore(signerInfos); - } - - return signerInfoStore; - } - - /** - * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. - * - * @return a Store of X509CertificateHolder objects. - */ - public Store getCertificates() - { - return HELPER.getCertificates(signedData.getCertificates()); - } - - /** - * Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects. - * - * @return a Store of X509CRLHolder objects. - */ - public Store getCRLs() - { - return HELPER.getCRLs(signedData.getCRLs()); - } - - /** - * Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects. - * - * @return a Store of X509AttributeCertificateHolder objects. - */ - public Store getAttributeCertificates() - { - return HELPER.getAttributeCertificates(signedData.getCertificates()); - } - - /** - * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in - * this SignedData structure. - * - * @param otherRevocationInfoFormat OID of the format type been looked for. - * - * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. - */ - public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) - { - return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs()); - } - - /** - * Return the a string representation of the OID associated with the - * encapsulated content info structure carried in the signed data. - * - * @return the OID for the content type. - */ - public String getSignedContentTypeOID() - { - return signedData.getEncapContentInfo().getContentType().getId(); - } - - public CMSTypedData getSignedContent() - { - return signedContent; - } - - /** - * return the ContentInfo - */ - public ContentInfo toASN1Structure() - { - return contentInfo; - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return contentInfo.getEncoded(); - } - - /** - * Verify all the SignerInformation objects and their associated counter signatures attached - * to this CMS SignedData object. - * - * @param verifierProvider a provider of SignerInformationVerifier objects. - * @return true if all verify, false otherwise. - * @throws CMSException if an exception occurs during the verification process. - */ - public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) - throws CMSException - { - return verifySignatures(verifierProvider, false); - } - - /** - * Verify all the SignerInformation objects and optionally their associated counter signatures attached - * to this CMS SignedData object. - * - * @param verifierProvider a provider of SignerInformationVerifier objects. - * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well. - * @return true if all verify, false otherwise. - * @throws CMSException if an exception occurs during the verification process. - */ - public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) - throws CMSException - { - Collection signers = this.getSignerInfos().getSigners(); - - for (Iterator it = signers.iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - - try - { - SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); - - if (!signer.verify(verifier)) - { - return false; - } - - if (!ignoreCounterSignatures) - { - Collection counterSigners = signer.getCounterSignatures().getSigners(); - - for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) - { - SignerInformation counterSigner = (SignerInformation)cIt.next(); - SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); - - if (!counterSigner.verify(counterVerifier)) - { - return false; - } - } - } - } - catch (OperatorCreationException e) - { - throw new CMSException("failure in verifier provider: " + e.getMessage(), e); - } - } - - return true; - } - - /** - * Replace the SignerInformation store associated with this - * CMSSignedData object with the new one passed in. You would - * probably only want to do this if you wanted to change the unsigned - * attributes associated with a signer, or perhaps delete one. - * - * @param signedData the signed data object to be used as a base. - * @param signerInformationStore the new signer information store to use. - * @return a new signed data object. - */ - public static CMSSignedData replaceSigners( - CMSSignedData signedData, - SignerInformationStore signerInformationStore) - { - // - // copy - // - CMSSignedData cms = new CMSSignedData(signedData); - - // - // replace the store - // - cms.signerInfoStore = signerInformationStore; - - // - // replace the signers in the SignedData object - // - ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); - ASN1EncodableVector vec = new ASN1EncodableVector(); - - Iterator it = signerInformationStore.getSigners().iterator(); - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); - vec.add(signer.toASN1Structure()); - } - - ASN1Set digests = new DERSet(digestAlgs); - ASN1Set signers = new DERSet(vec); - ASN1Sequence sD = (ASN1Sequence)signedData.signedData.toASN1Primitive(); - - vec = new ASN1EncodableVector(); - - // - // signers are the last item in the sequence. - // - vec.add(sD.getObjectAt(0)); // version - vec.add(digests); - - for (int i = 2; i != sD.size() - 1; i++) - { - vec.add(sD.getObjectAt(i)); - } - - vec.add(signers); - - cms.signedData = SignedData.getInstance(new BERSequence(vec)); - - // - // replace the contentInfo with the new one - // - cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData); - - return cms; - } - - /** - * Replace the certificate and CRL information associated with this - * CMSSignedData object with the new one passed in. - * - * @param signedData the signed data object to be used as a base. - * @param certificates the new certificates to be used. - * @param attrCerts the new attribute certificates to be used. - * @param revocations the new CRLs to be used - a collection of X509CRLHolder objects, OtherRevocationInfoFormat, or both. - * @return a new signed data object. - * @exception CMSException if there is an error processing the CertStore - */ - public static CMSSignedData replaceCertificatesAndCRLs( - CMSSignedData signedData, - Store certificates, - Store attrCerts, - Store revocations) - throws CMSException - { - // - // copy - // - CMSSignedData cms = new CMSSignedData(signedData); - - // - // replace the certs and revocations in the SignedData object - // - ASN1Set certSet = null; - ASN1Set crlSet = null; - - if (certificates != null || attrCerts != null) - { - List certs = new ArrayList(); - - if (certificates != null) - { - certs.addAll(CMSUtils.getCertificatesFromStore(certificates)); - } - if (attrCerts != null) - { - certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts)); - } - - ASN1Set set = CMSUtils.createBerSetFromList(certs); - - if (set.size() != 0) - { - certSet = set; - } - } - - if (revocations != null) - { - ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(revocations)); - - if (set.size() != 0) - { - crlSet = set; - } - } - - // - // replace the CMS structure. - // - cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), - signedData.signedData.getEncapContentInfo(), - certSet, - crlSet, - signedData.signedData.getSignerInfos()); - - // - // replace the contentInfo with the new one - // - cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData); - - return cms; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java deleted file mode 100644 index 5417ce4d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java +++ /dev/null @@ -1,232 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.SignedData; -import org.bouncycastle.asn1.cms.SignerInfo; - -/** - * general class for generating a pkcs7-signature message. - * <p> - * A simple example of usage, generating a detached signature. - * - * <pre> - * List certList = new ArrayList(); - * CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes()); - * - * certList.add(signCert); - * - * Store certs = new JcaCertStore(certList); - * - * CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - * ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate()); - * - * gen.addSignerInfoGenerator( - * new JcaSignerInfoGeneratorBuilder( - * new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) - * .build(sha1Signer, signCert)); - * - * gen.addCertificates(certs); - * - * CMSSignedData sigData = gen.generate(msg, false); - * </pre> - */ -public class CMSSignedDataGenerator - extends CMSSignedGenerator -{ - private List signerInfs = new ArrayList(); - - /** - * base constructor - */ - public CMSSignedDataGenerator() - { - } - - /** - * Generate a CMS Signed Data object carrying a detached CMS signature. - * - * @param content the content to be signed. - */ - public CMSSignedData generate( - CMSTypedData content) - throws CMSException - { - return generate(content, false); - } - - /** - * Generate a CMS Signed Data object which can be carrying a detached CMS signature, or have encapsulated data, depending on the value - * of the encapsulated parameter. - * - * @param content the content to be signed. - * @param encapsulate true if the content should be encapsulated in the signature, false otherwise. - */ - public CMSSignedData generate( - // FIXME Avoid accessing more than once to support CMSProcessableInputStream - CMSTypedData content, - boolean encapsulate) - throws CMSException - { - if (!signerInfs.isEmpty()) - { - throw new IllegalStateException("this method can only be used with SignerInfoGenerator"); - } - - // TODO -// if (signerInfs.isEmpty()) -// { -// /* RFC 3852 5.2 -// * "In the degenerate case where there are no signers, the -// * EncapsulatedContentInfo value being "signed" is irrelevant. In this -// * case, the content type within the EncapsulatedContentInfo value being -// * "signed" MUST be id-data (as defined in section 4), and the content -// * field of the EncapsulatedContentInfo value MUST be omitted." -// */ -// if (encapsulate) -// { -// throw new IllegalArgumentException("no signers, encapsulate must be false"); -// } -// if (!DATA.equals(eContentType)) -// { -// throw new IllegalArgumentException("no signers, eContentType must be id-data"); -// } -// } -// -// if (!DATA.equals(eContentType)) -// { -// /* RFC 3852 5.3 -// * [The 'signedAttrs']... -// * field is optional, but it MUST be present if the content type of -// * the EncapsulatedContentInfo value being signed is not id-data. -// */ -// // TODO signedAttrs must be present for all signers -// } - - ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); - ASN1EncodableVector signerInfos = new ASN1EncodableVector(); - - digests.clear(); // clear the current preserved digest state - - // - // add the precalculated SignerInfo objects. - // - for (Iterator it = _signers.iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); - - // TODO Verify the content type and calculated digest match the precalculated SignerInfo - signerInfos.add(signer.toASN1Structure()); - } - - // - // add the SignerInfo objects - // - ASN1ObjectIdentifier contentTypeOID = content.getContentType(); - - ASN1OctetString octs = null; - - if (content.getContent() != null) - { - ByteArrayOutputStream bOut = null; - - if (encapsulate) - { - bOut = new ByteArrayOutputStream(); - } - - OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut); - - // Just in case it's unencapsulated and there are no signers! - cOut = CMSUtils.getSafeOutputStream(cOut); - - try - { - content.write(cOut); - - cOut.close(); - } - catch (IOException e) - { - throw new CMSException("data processing exception: " + e.getMessage(), e); - } - - if (encapsulate) - { - octs = new BEROctetString(bOut.toByteArray()); - } - } - - for (Iterator it = signerGens.iterator(); it.hasNext();) - { - SignerInfoGenerator sGen = (SignerInfoGenerator)it.next(); - SignerInfo inf = sGen.generate(contentTypeOID); - - digestAlgs.add(inf.getDigestAlgorithm()); - signerInfos.add(inf); - - byte[] calcDigest = sGen.getCalculatedDigest(); - - if (calcDigest != null) - { - digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest); - } - } - - ASN1Set certificates = null; - - if (certs.size() != 0) - { - certificates = CMSUtils.createBerSetFromList(certs); - } - - ASN1Set certrevlist = null; - - if (crls.size() != 0) - { - certrevlist = CMSUtils.createBerSetFromList(crls); - } - - ContentInfo encInfo = new ContentInfo(contentTypeOID, octs); - - SignedData sd = new SignedData( - new DERSet(digestAlgs), - encInfo, - certificates, - certrevlist, - new DERSet(signerInfos)); - - ContentInfo contentInfo = new ContentInfo( - CMSObjectIdentifiers.signedData, sd); - - return new CMSSignedData(content, contentInfo); - } - - /** - * generate a set of one or more SignerInformation objects representing counter signatures on - * the passed in SignerInformation object. - * - * @param signer the signer to be countersigned - * @return a store containing the signers. - */ - public SignerInformationStore generateCounterSigners(SignerInformation signer) - throws CMSException - { - return this.generate(new CMSProcessableByteArray(null, signer.getSignature()), false).getSignerInfos(); - } -} - diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java deleted file mode 100644 index 329f089b..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java +++ /dev/null @@ -1,624 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Generator; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetStringParser; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.ASN1StreamParser; -import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.BERSetParser; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.BERTags; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfoParser; -import org.bouncycastle.asn1.cms.SignedDataParser; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Store; -import org.bouncycastle.util.io.Streams; - -/** - * Parsing class for an CMS Signed Data object from an input stream. - * <p> - * Note: that because we are in a streaming mode only one signer can be tried and it is important - * that the methods on the parser are called in the appropriate order. - * </p> - * <p> - * A simple example of usage for an encapsulated signature. - * </p> - * <p> - * Two notes: first, in the example below the validity of - * the certificate isn't verified, just the fact that one of the certs - * matches the given signer, and, second, because we are in a streaming - * mode the order of the operations is important. - * </p> - * <pre> - * CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), encapSigData); - * - * sp.getSignedContent().drain(); - * - * Store certStore = sp.getCertificates(); - * SignerInformationStore signers = sp.getSignerInfos(); - * - * Collection c = signers.getSigners(); - * Iterator it = c.iterator(); - * - * while (it.hasNext()) - * { - * SignerInformation signer = (SignerInformation)it.next(); - * Collection certCollection = certStore.getMatches(signer.getSID()); - * - * Iterator certIt = certCollection.iterator(); - * X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - * - * System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))); - * } - * </pre> - * Note also: this class does not introduce buffering - if you are processing large files you should create - * the parser with: - * <pre> - * CMSSignedDataParser ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize)); - * </pre> - * where bufSize is a suitably large buffer size. - */ -public class CMSSignedDataParser - extends CMSContentInfoParser -{ - private static final CMSSignedHelper HELPER = CMSSignedHelper.INSTANCE; - - private SignedDataParser _signedData; - private ASN1ObjectIdentifier _signedContentType; - private CMSTypedStream _signedContent; - private Map digests; - - private SignerInformationStore _signerInfoStore; - private ASN1Set _certSet, _crlSet; - private boolean _isCertCrlParsed; - - public CMSSignedDataParser( - DigestCalculatorProvider digestCalculatorProvider, - byte[] sigBlock) - throws CMSException - { - this(digestCalculatorProvider, new ByteArrayInputStream(sigBlock)); - } - - public CMSSignedDataParser( - DigestCalculatorProvider digestCalculatorProvider, - CMSTypedStream signedContent, - byte[] sigBlock) - throws CMSException - { - this(digestCalculatorProvider, signedContent, new ByteArrayInputStream(sigBlock)); - } - - /** - * base constructor - with encapsulated content - */ - public CMSSignedDataParser( - DigestCalculatorProvider digestCalculatorProvider, - InputStream sigData) - throws CMSException - { - this(digestCalculatorProvider, null, sigData); - } - - /** - * base constructor - * - * @param digestCalculatorProvider for generating accumulating digests - * @param signedContent the content that was signed. - * @param sigData the signature object stream. - */ - public CMSSignedDataParser( - DigestCalculatorProvider digestCalculatorProvider, - CMSTypedStream signedContent, - InputStream sigData) - throws CMSException - { - super(sigData); - - try - { - _signedContent = signedContent; - _signedData = SignedDataParser.getInstance(_contentInfo.getContent(BERTags.SEQUENCE)); - digests = new HashMap(); - - ASN1SetParser digAlgs = _signedData.getDigestAlgorithms(); - ASN1Encodable o; - - while ((o = digAlgs.readObject()) != null) - { - AlgorithmIdentifier algId = AlgorithmIdentifier.getInstance(o); - try - { - DigestCalculator calculator = digestCalculatorProvider.get(algId); - - if (calculator != null) - { - this.digests.put(algId.getAlgorithm(), calculator); - } - } - catch (OperatorCreationException e) - { - // ignore - } - } - - // - // If the message is simply a certificate chain message getContent() may return null. - // - ContentInfoParser cont = _signedData.getEncapContentInfo(); - ASN1OctetStringParser octs = (ASN1OctetStringParser) - cont.getContent(BERTags.OCTET_STRING); - - if (octs != null) - { - CMSTypedStream ctStr = new CMSTypedStream( - cont.getContentType().getId(), octs.getOctetStream()); - - if (_signedContent == null) - { - _signedContent = ctStr; - } - else - { - // - // content passed in, need to read past empty encapsulated content info object if present - // - ctStr.drain(); - } - } - - if (signedContent == null) - { - _signedContentType = cont.getContentType(); - } - else - { - _signedContentType = _signedContent.getContentType(); - } - } - catch (IOException e) - { - throw new CMSException("io exception: " + e.getMessage(), e); - } - } - - /** - * Return the version number for the SignedData object - * - * @return the version number - */ - public int getVersion() - { - return _signedData.getVersion().getValue().intValue(); - } - - /** - * return the collection of signers that are associated with the - * signatures for the message. - * @throws CMSException - */ - public SignerInformationStore getSignerInfos() - throws CMSException - { - if (_signerInfoStore == null) - { - populateCertCrlSets(); - - List signerInfos = new ArrayList(); - Map hashes = new HashMap(); - - Iterator it = digests.keySet().iterator(); - while (it.hasNext()) - { - Object digestKey = it.next(); - - hashes.put(digestKey, ((DigestCalculator)digests.get(digestKey)).getDigest()); - } - - try - { - ASN1SetParser s = _signedData.getSignerInfos(); - ASN1Encodable o; - - while ((o = s.readObject()) != null) - { - SignerInfo info = SignerInfo.getInstance(o.toASN1Primitive()); - - byte[] hash = (byte[])hashes.get(info.getDigestAlgorithm().getAlgorithm()); - - signerInfos.add(new SignerInformation(info, _signedContentType, null, hash)); - } - } - catch (IOException e) - { - throw new CMSException("io exception: " + e.getMessage(), e); - } - - _signerInfoStore = new SignerInformationStore(signerInfos); - } - - return _signerInfoStore; - } - - /** - * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. - * - * @return a Store of X509CertificateHolder objects. - */ - public Store getCertificates() - throws CMSException - { - populateCertCrlSets(); - - return HELPER.getCertificates(_certSet); - } - - /** - * Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects. - * - * @return a Store of X509CRLHolder objects. - */ - public Store getCRLs() - throws CMSException - { - populateCertCrlSets(); - - return HELPER.getCRLs(_crlSet); - } - - /** - * Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects. - * - * @return a Store of X509AttributeCertificateHolder objects. - */ - public Store getAttributeCertificates() - throws CMSException - { - populateCertCrlSets(); - - return HELPER.getAttributeCertificates(_certSet); - } - - /** - * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in - * this SignedData structure. - * - * @param otherRevocationInfoFormat OID of the format type been looked for. - * - * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. - */ - public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) - throws CMSException - { - populateCertCrlSets(); - - return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, _crlSet); - } - - private void populateCertCrlSets() - throws CMSException - { - if (_isCertCrlParsed) - { - return; - } - - _isCertCrlParsed = true; - - try - { - // care! Streaming - these must be done in exactly this order. - _certSet = getASN1Set(_signedData.getCertificates()); - _crlSet = getASN1Set(_signedData.getCrls()); - } - catch (IOException e) - { - throw new CMSException("problem parsing cert/crl sets", e); - } - } - - /** - * Return the a string representation of the OID associated with the - * encapsulated content info structure carried in the signed data. - * - * @return the OID for the content type. - */ - public String getSignedContentTypeOID() - { - return _signedContentType.getId(); - } - - public CMSTypedStream getSignedContent() - { - if (_signedContent == null) - { - return null; - } - - InputStream digStream = CMSUtils.attachDigestsToInputStream( - digests.values(), _signedContent.getContentStream()); - - return new CMSTypedStream(_signedContent.getContentType(), digStream); - } - - /** - * Replace the signerinformation store associated with the passed - * in message contained in the stream original with the new one passed in. - * You would probably only want to do this if you wanted to change the unsigned - * attributes associated with a signer, or perhaps delete one. - * <p> - * The output stream is returned unclosed. - * </p> - * @param original the signed data stream to be used as a base. - * @param signerInformationStore the new signer information store to use. - * @param out the stream to write the new signed data object to. - * @return out. - */ - public static OutputStream replaceSigners( - InputStream original, - SignerInformationStore signerInformationStore, - OutputStream out) - throws CMSException, IOException - { - ASN1StreamParser in = new ASN1StreamParser(original); - ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject()); - SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE)); - - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.signedData); - - BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - // version number - sigGen.addObject(signedData.getVersion()); - - // digests - signedData.getDigestAlgorithms().toASN1Primitive(); // skip old ones - - ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); - - for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); - } - - sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded()); - - // encap content info - ContentInfoParser encapContentInfo = signedData.getEncapContentInfo(); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream()); - - eiGen.addObject(encapContentInfo.getContentType()); - - pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream()); - - eiGen.close(); - - - writeSetToGeneratorTagged(sigGen, signedData.getCertificates(), 0); - writeSetToGeneratorTagged(sigGen, signedData.getCrls(), 1); - - - ASN1EncodableVector signerInfos = new ASN1EncodableVector(); - for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - - signerInfos.add(signer.toASN1Structure()); - } - - sigGen.getRawOutputStream().write(new DERSet(signerInfos).getEncoded()); - - sigGen.close(); - - sGen.close(); - - return out; - } - - /** - * Replace the certificate and CRL information associated with this - * CMSSignedData object with the new one passed in. - * <p> - * The output stream is returned unclosed. - * </p> - * @param original the signed data stream to be used as a base. - * @param certs new certificates to be used, if any. - * @param crls new CRLs to be used, if any. - * @param attrCerts new attribute certificates to be used, if any. - * @param out the stream to write the new signed data object to. - * @return out. - * @exception CMSException if there is an error processing the CertStore - */ - public static OutputStream replaceCertificatesAndCRLs( - InputStream original, - Store certs, - Store crls, - Store attrCerts, - OutputStream out) - throws CMSException, IOException - { - ASN1StreamParser in = new ASN1StreamParser(original); - ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject()); - SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE)); - - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.signedData); - - BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - // version number - sigGen.addObject(signedData.getVersion()); - - // digests - sigGen.getRawOutputStream().write(signedData.getDigestAlgorithms().toASN1Primitive().getEncoded()); - - // encap content info - ContentInfoParser encapContentInfo = signedData.getEncapContentInfo(); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream()); - - eiGen.addObject(encapContentInfo.getContentType()); - - pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream()); - - eiGen.close(); - - // - // skip existing certs and CRLs - // - getASN1Set(signedData.getCertificates()); - getASN1Set(signedData.getCrls()); - - // - // replace the certs and crls in the SignedData object - // - if (certs != null || attrCerts != null) - { - List certificates = new ArrayList(); - - if (certs != null) - { - certificates.addAll(CMSUtils.getCertificatesFromStore(certs)); - } - if (attrCerts != null) - { - certificates.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts)); - } - - ASN1Set asn1Certs = CMSUtils.createBerSetFromList(certificates); - - if (asn1Certs.size() > 0) - { - sigGen.getRawOutputStream().write(new DERTaggedObject(false, 0, asn1Certs).getEncoded()); - } - } - - if (crls != null) - { - ASN1Set asn1Crls = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls)); - - if (asn1Crls.size() > 0) - { - sigGen.getRawOutputStream().write(new DERTaggedObject(false, 1, asn1Crls).getEncoded()); - } - } - - sigGen.getRawOutputStream().write(signedData.getSignerInfos().toASN1Primitive().getEncoded()); - - sigGen.close(); - - sGen.close(); - - return out; - } - - private static void writeSetToGeneratorTagged( - ASN1Generator asn1Gen, - ASN1SetParser asn1SetParser, - int tagNo) - throws IOException - { - ASN1Set asn1Set = getASN1Set(asn1SetParser); - - if (asn1Set != null) - { - if (asn1SetParser instanceof BERSetParser) - { - asn1Gen.getRawOutputStream().write(new BERTaggedObject(false, tagNo, asn1Set).getEncoded()); - } - else - { - asn1Gen.getRawOutputStream().write(new DERTaggedObject(false, tagNo, asn1Set).getEncoded()); - } - } - } - - private static ASN1Set getASN1Set( - ASN1SetParser asn1SetParser) - { - return asn1SetParser == null - ? null - : ASN1Set.getInstance(asn1SetParser.toASN1Primitive()); - } - - private static void pipeEncapsulatedOctetString(ContentInfoParser encapContentInfo, - OutputStream rawOutputStream) throws IOException - { - ASN1OctetStringParser octs = (ASN1OctetStringParser) - encapContentInfo.getContent(BERTags.OCTET_STRING); - - if (octs != null) - { - pipeOctetString(octs, rawOutputStream); - } - -// BERTaggedObjectParser contentObject = (BERTaggedObjectParser)encapContentInfo.getContentObject(); -// if (contentObject != null) -// { -// // Handle IndefiniteLengthInputStream safely -// InputStream input = ASN1StreamParser.getSafeRawInputStream(contentObject.getContentStream(true)); -// -// // TODO BerTaggedObjectGenerator? -// BEROutputStream berOut = new BEROutputStream(rawOutputStream); -// berOut.write(DERTags.CONSTRUCTED | DERTags.TAGGED | 0); -// berOut.write(0x80); -// -// pipeRawOctetString(input, rawOutputStream); -// -// berOut.write(0x00); -// berOut.write(0x00); -// -// input.close(); -// } - } - - private static void pipeOctetString( - ASN1OctetStringParser octs, - OutputStream output) - throws IOException - { - // TODO Allow specification of a specific fragment size? - OutputStream outOctets = CMSUtils.createBEROctetOutputStream( - output, 0, true, 0); - Streams.pipeAll(octs.getOctetStream(), outOctets); - outOctets.close(); - } - -// private static void pipeRawOctetString( -// InputStream rawInput, -// OutputStream rawOutput) -// throws IOException -// { -// InputStream tee = new TeeInputStream(rawInput, rawOutput); -// ASN1StreamParser sp = new ASN1StreamParser(tee); -// ASN1OctetStringParser octs = (ASN1OctetStringParser)sp.readObject(); -// Streams.drain(octs.getOctetStream()); -// } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java deleted file mode 100644 index 1e09b481..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java +++ /dev/null @@ -1,486 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.SignerInfo; - -/** - * General class for generating a pkcs7-signature message stream. - * <p> - * A simple example of usage. - * </p> - * <pre> - * X509Certificate signCert = ... - * certList.add(signCert); - * - * Store certs = new JcaCertStore(certList); - * ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate()); - * - * CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - * - * gen.addSignerInfoGenerator( - * new JcaSignerInfoGeneratorBuilder( - * new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) - * .build(sha1Signer, signCert)); - * - * gen.addCertificates(certs); - * - * OutputStream sigOut = gen.open(bOut); - * - * sigOut.write("Hello World!".getBytes()); - * - * sigOut.close(); - * </pre> - */ -public class CMSSignedDataStreamGenerator - extends CMSSignedGenerator -{ - private int _bufferSize; - - /** - * base constructor - */ - public CMSSignedDataStreamGenerator() - { - } - - /** - * Set the underlying string size for encapsulated data - * - * @param bufferSize length of octet strings to buffer the data. - */ - public void setBufferSize( - int bufferSize) - { - _bufferSize = bufferSize; - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider. - */ - public OutputStream open( - OutputStream out) - throws IOException - { - return open(out, false); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature with the - * default content type "data". - */ - public OutputStream open( - OutputStream out, - boolean encapsulate) - throws IOException - { - return open(CMSObjectIdentifiers.data, out, encapsulate); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature with the - * default content type "data". If dataOutputStream is non null the data - * being signed will be written to the stream as it is processed. - * @param out stream the CMS object is to be written to. - * @param encapsulate true if data should be encapsulated. - * @param dataOutputStream output stream to copy the data being signed to. - */ - public OutputStream open( - OutputStream out, - boolean encapsulate, - OutputStream dataOutputStream) - throws IOException - { - return open(CMSObjectIdentifiers.data, out, encapsulate, dataOutputStream); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature. The content type - * is set according to the OID represented by the string signedContentType. - */ - public OutputStream open( - ASN1ObjectIdentifier eContentType, - OutputStream out, - boolean encapsulate) - throws IOException - { - return open(eContentType, out, encapsulate, null); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature. The content type - * is set according to the OID represented by the string signedContentType. - * @param eContentType OID for data to be signed. - * @param out stream the CMS object is to be written to. - * @param encapsulate true if data should be encapsulated. - * @param dataOutputStream output stream to copy the data being signed to. - */ - public OutputStream open( - ASN1ObjectIdentifier eContentType, - OutputStream out, - boolean encapsulate, - OutputStream dataOutputStream) - throws IOException - { - // TODO -// if (_signerInfs.isEmpty()) -// { -// /* RFC 3852 5.2 -// * "In the degenerate case where there are no signers, the -// * EncapsulatedContentInfo value being "signed" is irrelevant. In this -// * case, the content type within the EncapsulatedContentInfo value being -// * "signed" MUST be id-data (as defined in section 4), and the content -// * field of the EncapsulatedContentInfo value MUST be omitted." -// */ -// if (encapsulate) -// { -// throw new IllegalArgumentException("no signers, encapsulate must be false"); -// } -// if (!DATA.equals(eContentType)) -// { -// throw new IllegalArgumentException("no signers, eContentType must be id-data"); -// } -// } -// -// if (!DATA.equals(eContentType)) -// { -// /* RFC 3852 5.3 -// * [The 'signedAttrs']... -// * field is optional, but it MUST be present if the content type of -// * the EncapsulatedContentInfo value being signed is not id-data. -// */ -// // TODO signedAttrs must be present for all signers -// } - - // - // ContentInfo - // - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.signedData); - - // - // Signed Data - // - BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - sigGen.addObject(calculateVersion(eContentType)); - - ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); - - // - // add the precalculated SignerInfo digest algorithms. - // - for (Iterator it = _signers.iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); - } - - // - // add the new digests - // - - for (Iterator it = signerGens.iterator(); it.hasNext();) - { - SignerInfoGenerator signerGen = (SignerInfoGenerator)it.next(); - - digestAlgs.add(signerGen.getDigestAlgorithm()); - } - - sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded()); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream()); - eiGen.addObject(eContentType); - - // If encapsulating, add the data as an octet string in the sequence - OutputStream encapStream = encapsulate - ? CMSUtils.createBEROctetOutputStream(eiGen.getRawOutputStream(), 0, true, _bufferSize) - : null; - - // Also send the data to 'dataOutputStream' if necessary - OutputStream contentStream = CMSUtils.getSafeTeeOutputStream(dataOutputStream, encapStream); - - // Let all the signers see the data as it is written - OutputStream sigStream = CMSUtils.attachSignersToOutputStream(signerGens, contentStream); - - return new CmsSignedDataOutputStream(sigStream, eContentType, sGen, sigGen, eiGen); - } - - // RFC3852, section 5.1: - // IF ((certificates is present) AND - // (any certificates with a type of other are present)) OR - // ((crls is present) AND - // (any crls with a type of other are present)) - // THEN version MUST be 5 - // ELSE - // IF (certificates is present) AND - // (any version 2 attribute certificates are present) - // THEN version MUST be 4 - // ELSE - // IF ((certificates is present) AND - // (any version 1 attribute certificates are present)) OR - // (any SignerInfo structures are version 3) OR - // (encapContentInfo eContentType is other than id-data) - // THEN version MUST be 3 - // ELSE version MUST be 1 - // - private ASN1Integer calculateVersion( - ASN1ObjectIdentifier contentOid) - { - boolean otherCert = false; - boolean otherCrl = false; - boolean attrCertV1Found = false; - boolean attrCertV2Found = false; - - if (certs != null) - { - for (Iterator it = certs.iterator(); it.hasNext();) - { - Object obj = it.next(); - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)obj; - - if (tagged.getTagNo() == 1) - { - attrCertV1Found = true; - } - else if (tagged.getTagNo() == 2) - { - attrCertV2Found = true; - } - else if (tagged.getTagNo() == 3) - { - otherCert = true; - } - } - } - } - - if (otherCert) - { - return new ASN1Integer(5); - } - - if (crls != null) // no need to check if otherCert is true - { - for (Iterator it = crls.iterator(); it.hasNext();) - { - Object obj = it.next(); - if (obj instanceof ASN1TaggedObject) - { - otherCrl = true; - } - } - } - - if (otherCrl) - { - return new ASN1Integer(5); - } - - if (attrCertV2Found) - { - return new ASN1Integer(4); - } - - if (attrCertV1Found) - { - return new ASN1Integer(3); - } - - if (checkForVersion3(_signers, signerGens)) - { - return new ASN1Integer(3); - } - - if (!CMSObjectIdentifiers.data.equals(contentOid)) - { - return new ASN1Integer(3); - } - - return new ASN1Integer(1); - } - - private boolean checkForVersion3(List signerInfos, List signerInfoGens) - { - for (Iterator it = signerInfos.iterator(); it.hasNext();) - { - SignerInfo s = SignerInfo.getInstance(((SignerInformation)it.next()).toASN1Structure()); - - if (s.getVersion().getValue().intValue() == 3) - { - return true; - } - } - - for (Iterator it = signerInfoGens.iterator(); it.hasNext();) - { - SignerInfoGenerator s = (SignerInfoGenerator)it.next(); - - if (s.getGeneratedVersion() == 3) - { - return true; - } - } - - return false; - } - - private class CmsSignedDataOutputStream - extends OutputStream - { - private OutputStream _out; - private ASN1ObjectIdentifier _contentOID; - private BERSequenceGenerator _sGen; - private BERSequenceGenerator _sigGen; - private BERSequenceGenerator _eiGen; - - public CmsSignedDataOutputStream( - OutputStream out, - ASN1ObjectIdentifier contentOID, - BERSequenceGenerator sGen, - BERSequenceGenerator sigGen, - BERSequenceGenerator eiGen) - { - _out = out; - _contentOID = contentOID; - _sGen = sGen; - _sigGen = sigGen; - _eiGen = eiGen; - } - - public void write( - int b) - throws IOException - { - _out.write(b); - } - - public void write( - byte[] bytes, - int off, - int len) - throws IOException - { - _out.write(bytes, off, len); - } - - public void write( - byte[] bytes) - throws IOException - { - _out.write(bytes); - } - - public void close() - throws IOException - { - _out.close(); - _eiGen.close(); - - digests.clear(); // clear the current preserved digest state - - if (certs.size() != 0) - { - ASN1Set certSet = CMSUtils.createBerSetFromList(certs); - - _sigGen.getRawOutputStream().write(new BERTaggedObject(false, 0, certSet).getEncoded()); - } - - if (crls.size() != 0) - { - ASN1Set crlSet = CMSUtils.createBerSetFromList(crls); - - _sigGen.getRawOutputStream().write(new BERTaggedObject(false, 1, crlSet).getEncoded()); - } - - // - // collect all the SignerInfo objects - // - ASN1EncodableVector signerInfos = new ASN1EncodableVector(); - - // - // add the generated SignerInfo objects - // - - for (Iterator it = signerGens.iterator(); it.hasNext();) - { - SignerInfoGenerator sigGen = (SignerInfoGenerator)it.next(); - - - try - { - signerInfos.add(sigGen.generate(_contentOID)); - - byte[] calculatedDigest = sigGen.getCalculatedDigest(); - - digests.put(sigGen.getDigestAlgorithm().getAlgorithm().getId(), calculatedDigest); - } - catch (CMSException e) - { - throw new CMSStreamException("exception generating signers: " + e.getMessage(), e); - } - } - - // - // add the precalculated SignerInfo objects - // - { - Iterator it = _signers.iterator(); - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - - // TODO Verify the content type and calculated digest match the precalculated SignerInfo -// if (!signer.getContentType().equals(_contentOID)) -// { -// // TODO The precalculated content type did not match - error? -// } -// -// byte[] calculatedDigest = (byte[])_digests.get(signer.getDigestAlgOID()); -// if (calculatedDigest == null) -// { -// // TODO We can't confirm this digest because we didn't calculate it - error? -// } -// else -// { -// if (!Arrays.areEqual(signer.getContentDigest(), calculatedDigest)) -// { -// // TODO The precalculated digest did not match - error? -// } -// } - - signerInfos.add(signer.toASN1Structure()); - } - } - - _sigGen.getRawOutputStream().write(new DERSet(signerInfos).getEncoded()); - - _sigGen.close(); - _sGen.close(); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java deleted file mode 100644 index 9fe67790..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java +++ /dev/null @@ -1,239 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.cert.X509AttributeCertificateHolder; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Store; - -public class CMSSignedGenerator -{ - /** - * Default type for the signed data. - */ - public static final String DATA = CMSObjectIdentifiers.data.getId(); - - public static final String DIGEST_SHA1 = OIWObjectIdentifiers.idSHA1.getId(); - public static final String DIGEST_SHA224 = NISTObjectIdentifiers.id_sha224.getId(); - public static final String DIGEST_SHA256 = NISTObjectIdentifiers.id_sha256.getId(); - public static final String DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId(); - public static final String DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId(); - public static final String DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId(); - public static final String DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId(); - public static final String DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId(); - public static final String DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId(); - public static final String DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId(); - - public static final String ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId(); - public static final String ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId(); - public static final String ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId(); - public static final String ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId(); - public static final String ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId(); - public static final String ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId(); - - private static final String ENCRYPTION_ECDSA_WITH_SHA1 = X9ObjectIdentifiers.ecdsa_with_SHA1.getId(); - private static final String ENCRYPTION_ECDSA_WITH_SHA224 = X9ObjectIdentifiers.ecdsa_with_SHA224.getId(); - private static final String ENCRYPTION_ECDSA_WITH_SHA256 = X9ObjectIdentifiers.ecdsa_with_SHA256.getId(); - private static final String ENCRYPTION_ECDSA_WITH_SHA384 = X9ObjectIdentifiers.ecdsa_with_SHA384.getId(); - private static final String ENCRYPTION_ECDSA_WITH_SHA512 = X9ObjectIdentifiers.ecdsa_with_SHA512.getId(); - - private static final Set NO_PARAMS = new HashSet(); - private static final Map EC_ALGORITHMS = new HashMap(); - - static - { - NO_PARAMS.add(ENCRYPTION_DSA); - NO_PARAMS.add(ENCRYPTION_ECDSA); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA1); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA224); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA256); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA384); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA512); - - EC_ALGORITHMS.put(DIGEST_SHA1, ENCRYPTION_ECDSA_WITH_SHA1); - EC_ALGORITHMS.put(DIGEST_SHA224, ENCRYPTION_ECDSA_WITH_SHA224); - EC_ALGORITHMS.put(DIGEST_SHA256, ENCRYPTION_ECDSA_WITH_SHA256); - EC_ALGORITHMS.put(DIGEST_SHA384, ENCRYPTION_ECDSA_WITH_SHA384); - EC_ALGORITHMS.put(DIGEST_SHA512, ENCRYPTION_ECDSA_WITH_SHA512); - } - - protected List certs = new ArrayList(); - protected List crls = new ArrayList(); - protected List _signers = new ArrayList(); - protected List signerGens = new ArrayList(); - protected Map digests = new HashMap(); - - /** - * base constructor - */ - protected CMSSignedGenerator() - { - } - - protected Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) - { - Map param = new HashMap(); - param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); - param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); - return param; - } - - /** - * Add a certificate to the certificate set to be included with the generated SignedData message. - * - * @param certificate the certificate to be included. - * @throws CMSException if the certificate cannot be encoded for adding. - */ - public void addCertificate( - X509CertificateHolder certificate) - throws CMSException - { - certs.add(certificate.toASN1Structure()); - } - - /** - * Add the certificates in certStore to the certificate set to be included with the generated SignedData message. - * - * @param certStore the store containing the certificates to be included. - * @throws CMSException if the certificates cannot be encoded for adding. - */ - public void addCertificates( - Store certStore) - throws CMSException - { - certs.addAll(CMSUtils.getCertificatesFromStore(certStore)); - } - - /** - * Add a CRL to the CRL set to be included with the generated SignedData message. - * - * @param crl the CRL to be included. - */ - public void addCRL(X509CRLHolder crl) - { - crls.add(crl.toASN1Structure()); - } - - /** - * Add the CRLs in crlStore to the CRL set to be included with the generated SignedData message. - * - * @param crlStore the store containing the CRLs to be included. - * @throws CMSException if the CRLs cannot be encoded for adding. - */ - public void addCRLs( - Store crlStore) - throws CMSException - { - crls.addAll(CMSUtils.getCRLsFromStore(crlStore)); - } - - /** - * Add the attribute certificates in attrStore to the certificate set to be included with the generated SignedData message. - * - * @param attrCert the store containing the certificates to be included. - * @throws CMSException if the attribute certificate cannot be encoded for adding. - */ - public void addAttributeCertificate( - X509AttributeCertificateHolder attrCert) - throws CMSException - { - certs.add(new DERTaggedObject(false, 2, attrCert.toASN1Structure())); - } - - /** - * Add the attribute certificates in attrStore to the certificate set to be included with the generated SignedData message. - * - * @param attrStore the store containing the certificates to be included. - * @throws CMSException if the attribute certificate cannot be encoded for adding. - */ - public void addAttributeCertificates( - Store attrStore) - throws CMSException - { - certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore)); - } - - /** - * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message. - * - * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. - * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure. - */ - public void addOtherRevocationInfo( - ASN1ObjectIdentifier otherRevocationInfoFormat, - ASN1Encodable otherRevocationInfo) - { - crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo))); - } - - /** - * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message. - * - * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. - * @param otherRevocationInfos a Store of otherRevocationInfo data to add. - */ - public void addOtherRevocationInfo( - ASN1ObjectIdentifier otherRevocationInfoFormat, - Store otherRevocationInfos) - { - crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos)); - } - - /** - * Add a store of pre-calculated signers to the generator. - * - * @param signerStore store of signers - */ - public void addSigners( - SignerInformationStore signerStore) - { - Iterator it = signerStore.getSigners().iterator(); - - while (it.hasNext()) - { - _signers.add(it.next()); - } - } - - /** - * Add a generator for a particular signer to this CMS SignedData generator. - * - * @param infoGen the generator representing the particular signer. - */ - public void addSignerInfoGenerator(SignerInfoGenerator infoGen) - { - signerGens.add(infoGen); - } - - /** - * Return a map of oids and byte arrays representing the digests calculated on the content during - * the last generate. - * - * @return a map of oids (as String objects) and byte[] representing digests. - */ - public Map getGeneratedDigests() - { - return new HashMap(digests); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java deleted file mode 100644 index 2f98e69f..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java +++ /dev/null @@ -1,253 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.eac.EACObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.cert.X509AttributeCertificateHolder; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.util.CollectionStore; -import org.bouncycastle.util.Store; - -class CMSSignedHelper -{ - static final CMSSignedHelper INSTANCE = new CMSSignedHelper(); - - private static final Map encryptionAlgs = new HashMap(); - private static final Map digestAlgs = new HashMap(); - private static final Map digestAliases = new HashMap(); - - private static void addEntries(ASN1ObjectIdentifier alias, String digest, String encryption) - { - digestAlgs.put(alias.getId(), digest); - encryptionAlgs.put(alias.getId(), encryption); - } - - static - { - addEntries(NISTObjectIdentifiers.dsa_with_sha224, "SHA224", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha256, "SHA256", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA"); - addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA"); - addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA"); - addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA"); - addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA"); - addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA"); - addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA"); - addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA"); - addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA"); - addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA"); - addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA"); - addEntries(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256", "RSA"); - addEntries(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384", "RSA"); - addEntries(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512", "RSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512", "ECDSA"); - addEntries(X9ObjectIdentifiers.id_dsa_with_sha1, "SHA1", "DSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_1, "SHA1", "RSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1"); - addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1"); - - encryptionAlgs.put(X9ObjectIdentifiers.id_dsa.getId(), "DSA"); - encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA"); - encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA"); - encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA"); - encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410"); - encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410"); - encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410"); - - digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2"); - digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4"); - digestAlgs.put(PKCSObjectIdentifiers.md5.getId(), "MD5"); - digestAlgs.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1"); - digestAlgs.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224"); - digestAlgs.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256"); - digestAlgs.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384"); - digestAlgs.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256"); - digestAlgs.put(CryptoProObjectIdentifiers.gostR3411.getId(), "GOST3411"); - digestAlgs.put("1.3.6.1.4.1.5849.1.2.1", "GOST3411"); - - digestAliases.put("SHA1", new String[] { "SHA-1" }); - digestAliases.put("SHA224", new String[] { "SHA-224" }); - digestAliases.put("SHA256", new String[] { "SHA-256" }); - digestAliases.put("SHA384", new String[] { "SHA-384" }); - digestAliases.put("SHA512", new String[] { "SHA-512" }); - } - - - /** - * Return the digest encryption algorithm using one of the standard - * JCA string representations rather the the algorithm identifier (if - * possible). - */ - String getEncryptionAlgName( - String encryptionAlgOID) - { - String algName = (String)encryptionAlgs.get(encryptionAlgOID); - - if (algName != null) - { - return algName; - } - - return encryptionAlgOID; - } - - AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) - { - if (algId.getParameters() == null) - { - return new AlgorithmIdentifier(algId.getAlgorithm(), DERNull.INSTANCE); - } - - return algId; - } - - void setSigningEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - encryptionAlgs.put(oid.getId(), algorithmName); - } - - void setSigningDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - digestAlgs.put(oid.getId(), algorithmName); - } - - Store getCertificates(ASN1Set certSet) - { - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - certList.add(new X509CertificateHolder(Certificate.getInstance(obj))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); - } - - Store getAttributeCertificates(ASN1Set certSet) - { - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1TaggedObject) - { - certList.add(new X509AttributeCertificateHolder(AttributeCertificate.getInstance(((ASN1TaggedObject)obj).getObject()))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); - } - - Store getCRLs(ASN1Set crlSet) - { - if (crlSet != null) - { - List crlList = new ArrayList(crlSet.size()); - - for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - crlList.add(new X509CRLHolder(CertificateList.getInstance(obj))); - } - } - - return new CollectionStore(crlList); - } - - return new CollectionStore(new ArrayList()); - } - - Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet) - { - if (crlSet != null) - { - List crlList = new ArrayList(crlSet.size()); - - for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj); - - if (tObj.getTagNo() == 1) - { - OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false); - - if (otherRevocationInfoFormat.equals(other.getInfoFormat())) - { - crlList.add(other.getInfo()); - } - } - } - } - - return new CollectionStore(crlList); - } - - return new CollectionStore(new ArrayList()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignerDigestMismatchException.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignerDigestMismatchException.java deleted file mode 100644 index 0db54bcb..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignerDigestMismatchException.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.bouncycastle.cms; - -public class CMSSignerDigestMismatchException - extends CMSException -{ - public CMSSignerDigestMismatchException( - String msg) - { - super(msg); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSStreamException.java b/pkix/src/main/java/org/bouncycastle/cms/CMSStreamException.java deleted file mode 100644 index fff00489..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSStreamException.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; - -public class CMSStreamException - extends IOException -{ - private final Throwable underlying; - - CMSStreamException(String msg) - { - super(msg); - this.underlying = null; - } - - CMSStreamException(String msg, Throwable underlying) - { - super(msg); - this.underlying = underlying; - } - - public Throwable getCause() - { - return underlying; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSTypedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSTypedData.java deleted file mode 100644 index f7f0a9cd..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSTypedData.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public interface CMSTypedData - extends CMSProcessable -{ - ASN1ObjectIdentifier getContentType(); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSTypedStream.java b/pkix/src/main/java/org/bouncycastle/cms/CMSTypedStream.java deleted file mode 100644 index eda3bde3..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSTypedStream.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.BufferedInputStream; -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.util.io.Streams; - -public class CMSTypedStream -{ - private static final int BUF_SIZ = 32 * 1024; - - private final ASN1ObjectIdentifier _oid; - private final InputStream _in; - - public CMSTypedStream( - InputStream in) - { - this(PKCSObjectIdentifiers.data.getId(), in, BUF_SIZ); - } - - public CMSTypedStream( - String oid, - InputStream in) - { - this(new ASN1ObjectIdentifier(oid), in, BUF_SIZ); - } - - public CMSTypedStream( - String oid, - InputStream in, - int bufSize) - { - this(new ASN1ObjectIdentifier(oid), in, bufSize); - } - - public CMSTypedStream( - ASN1ObjectIdentifier oid, - InputStream in) - { - this(oid, in, BUF_SIZ); - } - - public CMSTypedStream( - ASN1ObjectIdentifier oid, - InputStream in, - int bufSize) - { - _oid = oid; - _in = new FullReaderStream(new BufferedInputStream(in, bufSize)); - } - - public ASN1ObjectIdentifier getContentType() - { - return _oid; - } - - public InputStream getContentStream() - { - return _in; - } - - public void drain() - throws IOException - { - Streams.drain(_in); - _in.close(); - } - - private static class FullReaderStream extends FilterInputStream - { - FullReaderStream(InputStream in) - { - super(in); - } - - public int read(byte[] buf, int off, int len) throws IOException - { - int totalRead = Streams.readFully(super.in, buf, off, len); - return totalRead > 0 ? totalRead : -1; - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java deleted file mode 100644 index 41f2c001..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ /dev/null @@ -1,335 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BEROctetStringGenerator; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.ocsp.OCSPResponse; -import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; -import org.bouncycastle.cert.X509AttributeCertificateHolder; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.util.Store; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.io.Streams; -import org.bouncycastle.util.io.TeeInputStream; -import org.bouncycastle.util.io.TeeOutputStream; - -class CMSUtils -{ - static ContentInfo readContentInfo( - byte[] input) - throws CMSException - { - // enforce limit checking as from a byte array - return readContentInfo(new ASN1InputStream(input)); - } - - static ContentInfo readContentInfo( - InputStream input) - throws CMSException - { - // enforce some limit checking - return readContentInfo(new ASN1InputStream(input)); - } - - static List getCertificatesFromStore(Store certStore) - throws CMSException - { - List certs = new ArrayList(); - - try - { - for (Iterator it = certStore.getMatches(null).iterator(); it.hasNext();) - { - X509CertificateHolder c = (X509CertificateHolder)it.next(); - - certs.add(c.toASN1Structure()); - } - - return certs; - } - catch (ClassCastException e) - { - throw new CMSException("error processing certs", e); - } - } - - static List getAttributeCertificatesFromStore(Store attrStore) - throws CMSException - { - List certs = new ArrayList(); - - try - { - for (Iterator it = attrStore.getMatches(null).iterator(); it.hasNext();) - { - X509AttributeCertificateHolder attrCert = (X509AttributeCertificateHolder)it.next(); - - certs.add(new DERTaggedObject(false, 2, attrCert.toASN1Structure())); - } - - return certs; - } - catch (ClassCastException e) - { - throw new CMSException("error processing certs", e); - } - } - - - static List getCRLsFromStore(Store crlStore) - throws CMSException - { - List crls = new ArrayList(); - - try - { - for (Iterator it = crlStore.getMatches(null).iterator(); it.hasNext();) - { - Object rev = it.next(); - - if (rev instanceof X509CRLHolder) - { - X509CRLHolder c = (X509CRLHolder)rev; - - crls.add(c.toASN1Structure()); - } - else if (rev instanceof OtherRevocationInfoFormat) - { - OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev); - - validateInfoFormat(infoFormat); - - crls.add(new DERTaggedObject(false, 1, infoFormat)); - } - else if (rev instanceof ASN1TaggedObject) - { - crls.add(rev); - } - } - - return crls; - } - catch (ClassCastException e) - { - throw new CMSException("error processing certs", e); - } - } - - private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat) - { - if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat())) - { - OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo()); - - if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) - { - throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); - } - } - } - - static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) - { - List others = new ArrayList(); - - for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) - { - ASN1Encodable info = (ASN1Encodable)it.next(); - OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info); - - validateInfoFormat(infoFormat); - - others.add(new DERTaggedObject(false, 1, infoFormat)); - } - - return others; - } - - static ASN1Set createBerSetFromList(List derObjects) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (Iterator it = derObjects.iterator(); it.hasNext();) - { - v.add((ASN1Encodable)it.next()); - } - - return new BERSet(v); - } - - static ASN1Set createDerSetFromList(List derObjects) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (Iterator it = derObjects.iterator(); it.hasNext();) - { - v.add((ASN1Encodable)it.next()); - } - - return new DERSet(v); - } - - static OutputStream createBEROctetOutputStream(OutputStream s, - int tagNo, boolean isExplicit, int bufferSize) throws IOException - { - BEROctetStringGenerator octGen = new BEROctetStringGenerator(s, tagNo, isExplicit); - - if (bufferSize != 0) - { - return octGen.getOctetOutputStream(new byte[bufferSize]); - } - - return octGen.getOctetOutputStream(); - } - - private static ContentInfo readContentInfo( - ASN1InputStream in) - throws CMSException - { - try - { - return ContentInfo.getInstance(in.readObject()); - } - catch (IOException e) - { - throw new CMSException("IOException reading content.", e); - } - catch (ClassCastException e) - { - throw new CMSException("Malformed content.", e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("Malformed content.", e); - } - } - - static byte[] getPasswordBytes(int scheme, char[] password) - { - if (scheme == PasswordRecipient.PKCS5_SCHEME2) - { - return PKCS5PasswordToBytes(password); - } - - return PKCS5PasswordToUTF8Bytes(password); - } - - /** - * converts a password to a byte array according to the scheme in - * PKCS5 (ascii, no padding) - * - * @param password a character array representing the password. - * @return a byte array representing the password. - */ - private static byte[] PKCS5PasswordToBytes( - char[] password) - { - if (password != null) - { - byte[] bytes = new byte[password.length]; - - for (int i = 0; i != bytes.length; i++) - { - bytes[i] = (byte)password[i]; - } - - return bytes; - } - else - { - return new byte[0]; - } - } - - /** - * converts a password to a byte array according to the scheme in - * PKCS5 (UTF-8, no padding) - * - * @param password a character array representing the password. - * @return a byte array representing the password. - */ - private static byte[] PKCS5PasswordToUTF8Bytes( - char[] password) - { - if (password != null) - { - return Strings.toUTF8ByteArray(password); - } - else - { - return new byte[0]; - } - } - - public static byte[] streamToByteArray( - InputStream in) - throws IOException - { - return Streams.readAll(in); - } - - public static byte[] streamToByteArray( - InputStream in, - int limit) - throws IOException - { - return Streams.readAllLimited(in, limit); - } - - static InputStream attachDigestsToInputStream(Collection digests, InputStream s) - { - InputStream result = s; - Iterator it = digests.iterator(); - while (it.hasNext()) - { - DigestCalculator digest = (DigestCalculator)it.next(); - result = new TeeInputStream(result, digest.getOutputStream()); - } - return result; - } - - static OutputStream attachSignersToOutputStream(Collection signers, OutputStream s) - { - OutputStream result = s; - Iterator it = signers.iterator(); - while (it.hasNext()) - { - SignerInfoGenerator signerGen = (SignerInfoGenerator)it.next(); - result = getSafeTeeOutputStream(result, signerGen.getCalculatingOutputStream()); - } - return result; - } - - static OutputStream getSafeOutputStream(OutputStream s) - { - return s == null ? new NullOutputStream() : s; - } - - static OutputStream getSafeTeeOutputStream(OutputStream s1, - OutputStream s2) - { - return s1 == null ? getSafeOutputStream(s2) - : s2 == null ? getSafeOutputStream(s1) : new TeeOutputStream( - s1, s2); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSVerifierCertificateNotValidException.java b/pkix/src/main/java/org/bouncycastle/cms/CMSVerifierCertificateNotValidException.java deleted file mode 100644 index 6bd8c0ac..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSVerifierCertificateNotValidException.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.bouncycastle.cms; - -public class CMSVerifierCertificateNotValidException - extends CMSException -{ - public CMSVerifierCertificateNotValidException( - String msg) - { - super(msg); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/DefaultAuthenticatedAttributeTableGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/DefaultAuthenticatedAttributeTableGenerator.java deleted file mode 100644 index fb37b4d8..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/DefaultAuthenticatedAttributeTableGenerator.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; - -/** - * Default authenticated attributes generator. - */ -public class DefaultAuthenticatedAttributeTableGenerator - implements CMSAttributeTableGenerator -{ - private final Hashtable table; - - /** - * Initialise to use all defaults - */ - public DefaultAuthenticatedAttributeTableGenerator() - { - table = new Hashtable(); - } - - /** - * Initialise with some extra attributes or overrides. - * - * @param attributeTable initial attribute table to use. - */ - public DefaultAuthenticatedAttributeTableGenerator( - AttributeTable attributeTable) - { - if (attributeTable != null) - { - table = attributeTable.toHashtable(); - } - else - { - table = new Hashtable(); - } - } - - /** - * Create a standard attribute table from the passed in parameters - this will - * normally include contentType and messageDigest. If the constructor - * using an AttributeTable was used, entries in it for contentType and - * messageDigest will override the generated ones. - * - * @param parameters source parameters for table generation. - * - * @return a filled in Hashtable of attributes. - */ - protected Hashtable createStandardAttributeTable( - Map parameters) - { - Hashtable std = new Hashtable(); - - for (Enumeration en = table.keys(); en.hasMoreElements();) - { - Object key = en.nextElement(); - - std.put(key, table.get(key)); - } - - if (!std.containsKey(CMSAttributes.contentType)) - { - ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance( - parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE)); - Attribute attr = new Attribute(CMSAttributes.contentType, - new DERSet(contentType)); - std.put(attr.getAttrType(), attr); - } - - if (!std.containsKey(CMSAttributes.messageDigest)) - { - byte[] messageDigest = (byte[])parameters.get( - CMSAttributeTableGenerator.DIGEST); - Attribute attr = new Attribute(CMSAttributes.messageDigest, - new DERSet(new DEROctetString(messageDigest))); - std.put(attr.getAttrType(), attr); - } - - return std; - } - - /** - * @param parameters source parameters - * @return the populated attribute table - */ - public AttributeTable getAttributes(Map parameters) - { - return new AttributeTable(createStandardAttributeTable(parameters)); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java deleted file mode 100644 index 4a94a1f9..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java +++ /dev/null @@ -1,161 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.eac.EACObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - -public class DefaultCMSSignatureAlgorithmNameGenerator - implements CMSSignatureAlgorithmNameGenerator -{ - private final Map encryptionAlgs = new HashMap(); - private final Map digestAlgs = new HashMap(); - - private void addEntries(ASN1ObjectIdentifier alias, String digest, String encryption) - { - digestAlgs.put(alias, digest); - encryptionAlgs.put(alias, encryption); - } - - public DefaultCMSSignatureAlgorithmNameGenerator() - { - addEntries(NISTObjectIdentifiers.dsa_with_sha224, "SHA224", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha256, "SHA256", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA"); - addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA"); - addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA"); - addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA"); - addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA"); - addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA"); - addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA"); - addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA"); - addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA"); - addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA"); - addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA"); - addEntries(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256", "RSA"); - addEntries(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384", "RSA"); - addEntries(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512", "RSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512", "ECDSA"); - addEntries(X9ObjectIdentifiers.id_dsa_with_sha1, "SHA1", "DSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_1, "SHA1", "RSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1"); - addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1"); - addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1", "PLAIN-ECDSA"); - addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224", "PLAIN-ECDSA"); - addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256", "PLAIN-ECDSA"); - addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384", "PLAIN-ECDSA"); - addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512", "PLAIN-ECDSA"); - addEntries(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160", "PLAIN-ECDSA"); - - encryptionAlgs.put(X9ObjectIdentifiers.id_dsa, "DSA"); - encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA"); - encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa, "RSA"); - encryptionAlgs.put(PKCSObjectIdentifiers.id_RSASSA_PSS, "RSAandMGF1"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410"); - encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.6.2"), "ECGOST3410"); - encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.1.5"), "GOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410"); - - digestAlgs.put(PKCSObjectIdentifiers.md2, "MD2"); - digestAlgs.put(PKCSObjectIdentifiers.md4, "MD4"); - digestAlgs.put(PKCSObjectIdentifiers.md5, "MD5"); - digestAlgs.put(OIWObjectIdentifiers.idSHA1, "SHA1"); - digestAlgs.put(NISTObjectIdentifiers.id_sha224, "SHA224"); - digestAlgs.put(NISTObjectIdentifiers.id_sha256, "SHA256"); - digestAlgs.put(NISTObjectIdentifiers.id_sha384, "SHA384"); - digestAlgs.put(NISTObjectIdentifiers.id_sha512, "SHA512"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); - digestAlgs.put(CryptoProObjectIdentifiers.gostR3411, "GOST3411"); - digestAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.2.1"), "GOST3411"); - } - - /** - * Return the digest algorithm using one of the standard JCA string - * representations rather than the algorithm identifier (if possible). - */ - private String getDigestAlgName( - ASN1ObjectIdentifier digestAlgOID) - { - String algName = (String)digestAlgs.get(digestAlgOID); - - if (algName != null) - { - return algName; - } - - return digestAlgOID.getId(); - } - - /** - * Return the digest encryption algorithm using one of the standard - * JCA string representations rather the the algorithm identifier (if - * possible). - */ - private String getEncryptionAlgName( - ASN1ObjectIdentifier encryptionAlgOID) - { - String algName = (String)encryptionAlgs.get(encryptionAlgOID); - - if (algName != null) - { - return algName; - } - - return encryptionAlgOID.getId(); - } - - /** - * Set the mapping for the encryption algorithm used in association with a SignedData generation - * or interpretation. - * - * @param oid object identifier to map. - * @param algorithmName algorithm name to use. - */ - protected void setSigningEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - encryptionAlgs.put(oid, algorithmName); - } - - /** - * Set the mapping for the digest algorithm to use in conjunction with a SignedData generation - * or interpretation. - * - * @param oid object identifier to map. - * @param algorithmName algorithm name to use. - */ - protected void setSigningDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - digestAlgs.put(oid, algorithmName); - } - - public String getSignatureName(AlgorithmIdentifier digestAlg, AlgorithmIdentifier encryptionAlg) - { - return getDigestAlgName(digestAlg.getAlgorithm()) + "with" + getEncryptionAlgName(encryptionAlg.getAlgorithm()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java b/pkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java deleted file mode 100644 index 7797f79f..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java +++ /dev/null @@ -1,46 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class DefaultCMSSignatureEncryptionAlgorithmFinder - implements CMSSignatureEncryptionAlgorithmFinder -{ - private static final Set RSA_PKCS1d5 = new HashSet(); - - static - { - RSA_PKCS1d5.add(PKCSObjectIdentifiers.md2WithRSAEncryption); - RSA_PKCS1d5.add(PKCSObjectIdentifiers.md4WithRSAEncryption); - RSA_PKCS1d5.add(PKCSObjectIdentifiers.md5WithRSAEncryption); - RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha1WithRSAEncryption); - RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha224WithRSAEncryption); - RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha256WithRSAEncryption); - RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha384WithRSAEncryption); - RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha512WithRSAEncryption); - RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSAEncryption); - RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSA); - RSA_PKCS1d5.add(OIWObjectIdentifiers.md5WithRSA); - RSA_PKCS1d5.add(OIWObjectIdentifiers.sha1WithRSA); - RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - } - - public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm) - { - // RFC3370 section 3.2 - if (RSA_PKCS1d5.contains(signatureAlgorithm.getAlgorithm())) - { - return new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE); - } - - return signatureAlgorithm; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java deleted file mode 100644 index 837edd85..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.Date; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.Time; - -/** - * Default signed attributes generator. - */ -public class DefaultSignedAttributeTableGenerator - implements CMSAttributeTableGenerator -{ - private final Hashtable table; - - /** - * Initialise to use all defaults - */ - public DefaultSignedAttributeTableGenerator() - { - table = new Hashtable(); - } - - /** - * Initialise with some extra attributes or overrides. - * - * @param attributeTable initial attribute table to use. - */ - public DefaultSignedAttributeTableGenerator( - AttributeTable attributeTable) - { - if (attributeTable != null) - { - table = attributeTable.toHashtable(); - } - else - { - table = new Hashtable(); - } - } - - /** - * Create a standard attribute table from the passed in parameters - this will - * normally include contentType, signingTime, and messageDigest. If the constructor - * using an AttributeTable was used, entries in it for contentType, signingTime, and - * messageDigest will override the generated ones. - * - * @param parameters source parameters for table generation. - * - * @return a filled in Hashtable of attributes. - */ - protected Hashtable createStandardAttributeTable( - Map parameters) - { - Hashtable std = copyHashTable(table); - - if (!std.containsKey(CMSAttributes.contentType)) - { - ASN1ObjectIdentifier contentType = ASN1ObjectIdentifier.getInstance( - parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE)); - - // contentType will be null if we're trying to generate a counter signature. - if (contentType != null) - { - Attribute attr = new Attribute(CMSAttributes.contentType, - new DERSet(contentType)); - std.put(attr.getAttrType(), attr); - } - } - - if (!std.containsKey(CMSAttributes.signingTime)) - { - Date signingTime = new Date(); - Attribute attr = new Attribute(CMSAttributes.signingTime, - new DERSet(new Time(signingTime))); - std.put(attr.getAttrType(), attr); - } - - if (!std.containsKey(CMSAttributes.messageDigest)) - { - byte[] messageDigest = (byte[])parameters.get( - CMSAttributeTableGenerator.DIGEST); - Attribute attr = new Attribute(CMSAttributes.messageDigest, - new DERSet(new DEROctetString(messageDigest))); - std.put(attr.getAttrType(), attr); - } - - return std; - } - - /** - * @param parameters source parameters - * @return the populated attribute table - */ - public AttributeTable getAttributes(Map parameters) - { - return new AttributeTable(createStandardAttributeTable(parameters)); - } - - private static Hashtable copyHashTable(Hashtable paramsMap) - { - Hashtable newTable = new Hashtable(); - - Enumeration keys = paramsMap.keys(); - while (keys.hasMoreElements()) - { - Object key = keys.nextElement(); - newTable.put(key, paramsMap.get(key)); - } - - return newTable; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KEKRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/KEKRecipient.java deleted file mode 100644 index b9679b3d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KEKRecipient.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public interface KEKRecipient - extends Recipient -{ - RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentKey) - throws CMSException; -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientId.java b/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientId.java deleted file mode 100644 index daa6c7f4..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientId.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.util.Arrays; - -public class KEKRecipientId - extends RecipientId -{ - private byte[] keyIdentifier; - - /** - * Construct a recipient ID with the key identifier of a KEK recipient. - * - * @param keyIdentifier a subjectKeyId - */ - public KEKRecipientId(byte[] keyIdentifier) - { - super(kek); - - this.keyIdentifier = keyIdentifier; - } - - public int hashCode() - { - return Arrays.hashCode(keyIdentifier); - } - - public boolean equals( - Object o) - { - if (!(o instanceof KEKRecipientId)) - { - return false; - } - - KEKRecipientId id = (KEKRecipientId)o; - - return Arrays.areEqual(keyIdentifier, id.keyIdentifier); - } - - public byte[] getKeyIdentifier() - { - return Arrays.clone(keyIdentifier); - } - - public Object clone() - { - return new KEKRecipientId(keyIdentifier); - } - - public boolean match(Object obj) - { - if (obj instanceof byte[]) - { - return Arrays.areEqual(keyIdentifier, (byte[])obj); - } - else if (obj instanceof KEKRecipientInformation) - { - return ((KEKRecipientInformation)obj).getRID().equals(this); - } - - return false; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientInfoGenerator.java deleted file mode 100644 index e3bff3ca..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientInfoGenerator.java +++ /dev/null @@ -1,39 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cms.KEKIdentifier; -import org.bouncycastle.asn1.cms.KEKRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OperatorException; -import org.bouncycastle.operator.SymmetricKeyWrapper; - -public abstract class KEKRecipientInfoGenerator - implements RecipientInfoGenerator -{ - private final KEKIdentifier kekIdentifier; - - protected final SymmetricKeyWrapper wrapper; - - protected KEKRecipientInfoGenerator(KEKIdentifier kekIdentifier, SymmetricKeyWrapper wrapper) - { - this.kekIdentifier = kekIdentifier; - this.wrapper = wrapper; - } - - public final RecipientInfo generate(GenericKey contentEncryptionKey) - throws CMSException - { - try - { - ASN1OctetString encryptedKey = new DEROctetString(wrapper.generateWrappedKey(contentEncryptionKey)); - - return new RecipientInfo(new KEKRecipientInfo(kekIdentifier, wrapper.getAlgorithmIdentifier(), encryptedKey)); - } - catch (OperatorException e) - { - throw new CMSException("exception wrapping content key: " + e.getMessage(), e); - } - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java b/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java deleted file mode 100644 index 62c65294..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KEKRecipientInformation.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.cms.KEKIdentifier; -import org.bouncycastle.asn1.cms.KEKRecipientInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using a secret key known to the other side. - */ -public class KEKRecipientInformation - extends RecipientInformation -{ - private KEKRecipientInfo info; - - KEKRecipientInformation( - KEKRecipientInfo info, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); - - this.info = info; - - KEKIdentifier kekId = info.getKekid(); - - this.rid = new KEKRecipientId(kekId.getKeyIdentifier().getOctets()); - } - - protected RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException, IOException - { - return ((KEKRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, info.getEncryptedKey().getOctets()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipient.java deleted file mode 100644 index 08d83804..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipient.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -public interface KeyAgreeRecipient - extends Recipient -{ - RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey) - throws CMSException; - - AlgorithmIdentifier getPrivateKeyAlgorithmIdentifier(); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientId.java b/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientId.java deleted file mode 100644 index c64c6eab..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientId.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.cms; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.cert.selector.X509CertificateHolderSelector; - -public class KeyAgreeRecipientId - extends RecipientId -{ - private X509CertificateHolderSelector baseSelector; - - private KeyAgreeRecipientId(X509CertificateHolderSelector baseSelector) - { - super(keyAgree); - - this.baseSelector = baseSelector; - } - - /** - * Construct a key agree recipient ID with the value of a public key's subjectKeyId. - * - * @param subjectKeyId a subjectKeyId - */ - public KeyAgreeRecipientId(byte[] subjectKeyId) - { - this(null, null, subjectKeyId); - } - - /** - * Construct a key agree recipient ID based on the issuer and serial number of the recipient's associated - * certificate. - * - * @param issuer the issuer of the recipient's associated certificate. - * @param serialNumber the serial number of the recipient's associated certificate. - */ - public KeyAgreeRecipientId(X500Name issuer, BigInteger serialNumber) - { - this(issuer, serialNumber, null); - } - - public KeyAgreeRecipientId(X500Name issuer, BigInteger serialNumber, byte[] subjectKeyId) - { - this(new X509CertificateHolderSelector(issuer, serialNumber, subjectKeyId)); - } - - public BigInteger getSerialNumber() - { - return baseSelector.getSerialNumber(); - } - - public byte[] getSubjectKeyIdentifier() - { - return baseSelector.getSubjectKeyIdentifier(); - } - - public int hashCode() - { - return baseSelector.hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof KeyAgreeRecipientId)) - { - return false; - } - - KeyAgreeRecipientId id = (KeyAgreeRecipientId)o; - - return this.baseSelector.equals(id.baseSelector); - } - - public Object clone() - { - return new KeyAgreeRecipientId(baseSelector); - } - - public boolean match(Object obj) - { - if (obj instanceof KeyAgreeRecipientInformation) - { - return ((KeyAgreeRecipientInformation)obj).getRID().equals(this); - } - - return baseSelector.match(obj); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java deleted file mode 100644 index 85f5881d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo; -import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey; -import org.bouncycastle.asn1.cms.OriginatorPublicKey; -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.operator.GenericKey; - -public abstract class KeyAgreeRecipientInfoGenerator - implements RecipientInfoGenerator -{ - private ASN1ObjectIdentifier keyAgreementOID; - private ASN1ObjectIdentifier keyEncryptionOID; - private SubjectPublicKeyInfo originatorKeyInfo; - - protected KeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, SubjectPublicKeyInfo originatorKeyInfo, ASN1ObjectIdentifier keyEncryptionOID) - { - this.originatorKeyInfo = originatorKeyInfo; - this.keyAgreementOID = keyAgreementOID; - this.keyEncryptionOID = keyEncryptionOID; - } - - public RecipientInfo generate(GenericKey contentEncryptionKey) - throws CMSException - { - OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey( - createOriginatorPublicKey(originatorKeyInfo)); - - ASN1EncodableVector params = new ASN1EncodableVector(); - params.add(keyEncryptionOID); - params.add(DERNull.INSTANCE); - AlgorithmIdentifier keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, DERNull.INSTANCE); - AlgorithmIdentifier keyAgreeAlg = new AlgorithmIdentifier(keyAgreementOID, keyEncAlg); - - ASN1Sequence recipients = generateRecipientEncryptedKeys(keyAgreeAlg, keyEncAlg, contentEncryptionKey); - ASN1Encodable userKeyingMaterial = getUserKeyingMaterial(keyAgreeAlg); - - if (userKeyingMaterial != null) - { - try - { - return new RecipientInfo(new KeyAgreeRecipientInfo(originator, new DEROctetString(userKeyingMaterial), - keyAgreeAlg, recipients)); - } - catch (IOException e) - { - throw new CMSException("unable to encode userKeyingMaterial: " + e.getMessage(), e); - } - } - else - { - return new RecipientInfo(new KeyAgreeRecipientInfo(originator, null, - keyAgreeAlg, recipients)); - } - } - - protected OriginatorPublicKey createOriginatorPublicKey(SubjectPublicKeyInfo originatorKeyInfo) - { - return new OriginatorPublicKey( - new AlgorithmIdentifier(originatorKeyInfo.getAlgorithm().getAlgorithm(), DERNull.INSTANCE), - originatorKeyInfo.getPublicKeyData().getBytes()); - } - - protected abstract ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncAlgorithm, GenericKey contentEncryptionKey) - throws CMSException; - - protected abstract ASN1Encodable getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlgorithm) - throws CMSException; - -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java b/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java deleted file mode 100644 index 16c26bde..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInformation.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.util.List; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier; -import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo; -import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey; -import org.bouncycastle.asn1.cms.OriginatorPublicKey; -import org.bouncycastle.asn1.cms.RecipientEncryptedKey; -import org.bouncycastle.asn1.cms.RecipientKeyIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using key agreement. - */ -public class KeyAgreeRecipientInformation - extends RecipientInformation -{ - private KeyAgreeRecipientInfo info; - private ASN1OctetString encryptedKey; - - static void readRecipientInfo(List infos, KeyAgreeRecipientInfo info, - AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData) - { - ASN1Sequence s = info.getRecipientEncryptedKeys(); - - for (int i = 0; i < s.size(); ++i) - { - RecipientEncryptedKey id = RecipientEncryptedKey.getInstance( - s.getObjectAt(i)); - - RecipientId rid; - - KeyAgreeRecipientIdentifier karid = id.getIdentifier(); - IssuerAndSerialNumber iAndSN = karid.getIssuerAndSerialNumber(); - - if (iAndSN != null) - { - rid = new KeyAgreeRecipientId(iAndSN.getName(), iAndSN.getSerialNumber().getValue()); - } - else - { - RecipientKeyIdentifier rKeyID = karid.getRKeyID(); - - // Note: 'date' and 'other' fields of RecipientKeyIdentifier appear to be only informational - - rid = new KeyAgreeRecipientId(rKeyID.getSubjectKeyIdentifier().getOctets()); - } - - infos.add(new KeyAgreeRecipientInformation(info, rid, id.getEncryptedKey(), messageAlgorithm, - secureReadable, additionalData)); - } - } - - KeyAgreeRecipientInformation( - KeyAgreeRecipientInfo info, - RecipientId rid, - ASN1OctetString encryptedKey, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); - - this.info = info; - this.rid = rid; - this.encryptedKey = encryptedKey; - } - - private SubjectPublicKeyInfo getSenderPublicKeyInfo(AlgorithmIdentifier recKeyAlgId, - OriginatorIdentifierOrKey originator) - throws CMSException, IOException - { - OriginatorPublicKey opk = originator.getOriginatorKey(); - if (opk != null) - { - return getPublicKeyInfoFromOriginatorPublicKey(recKeyAlgId, opk); - } - - OriginatorId origID; - - IssuerAndSerialNumber iAndSN = originator.getIssuerAndSerialNumber(); - if (iAndSN != null) - { - origID = new OriginatorId(iAndSN.getName(), iAndSN.getSerialNumber().getValue()); - } - else - { - SubjectKeyIdentifier ski = originator.getSubjectKeyIdentifier(); - - origID = new OriginatorId(ski.getKeyIdentifier()); - } - - return getPublicKeyInfoFromOriginatorId(origID); - } - - private SubjectPublicKeyInfo getPublicKeyInfoFromOriginatorPublicKey(AlgorithmIdentifier recKeyAlgId, - OriginatorPublicKey originatorPublicKey) - { - SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo( - recKeyAlgId, - originatorPublicKey.getPublicKey().getBytes()); - - return pubInfo; - } - - private SubjectPublicKeyInfo getPublicKeyInfoFromOriginatorId(OriginatorId origID) - throws CMSException - { - // TODO Support all alternatives for OriginatorIdentifierOrKey - // see RFC 3852 6.2.2 - throw new CMSException("No support for 'originator' as IssuerAndSerialNumber or SubjectKeyIdentifier"); - } - - protected RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException, IOException - { - KeyAgreeRecipient agreeRecipient = (KeyAgreeRecipient)recipient; - AlgorithmIdentifier recKeyAlgId = agreeRecipient.getPrivateKeyAlgorithmIdentifier(); - - return ((KeyAgreeRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, getSenderPublicKeyInfo(recKeyAlgId, - info.getOriginator()), info.getUserKeyingMaterial(), encryptedKey.getOctets()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipient.java deleted file mode 100644 index b61fbbed..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipient.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public interface KeyTransRecipient - extends Recipient -{ - RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentKey) - throws CMSException; -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientId.java b/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientId.java deleted file mode 100644 index f850dcfa..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientId.java +++ /dev/null @@ -1,102 +0,0 @@ -package org.bouncycastle.cms; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.cert.selector.X509CertificateHolderSelector; - -public class KeyTransRecipientId - extends RecipientId -{ - private X509CertificateHolderSelector baseSelector; - - private KeyTransRecipientId(X509CertificateHolderSelector baseSelector) - { - super(keyTrans); - - this.baseSelector = baseSelector; - } - - /** - * Construct a key trans recipient ID with the value of a public key's subjectKeyId. - * - * @param subjectKeyId a subjectKeyId - */ - public KeyTransRecipientId(byte[] subjectKeyId) - { - this(null, null, subjectKeyId); - } - - /** - * Construct a key trans recipient ID based on the issuer and serial number of the recipient's associated - * certificate. - * - * @param issuer the issuer of the recipient's associated certificate. - * @param serialNumber the serial number of the recipient's associated certificate. - */ - public KeyTransRecipientId(X500Name issuer, BigInteger serialNumber) - { - this(issuer, serialNumber, null); - } - - /** - * Construct a key trans recipient ID based on the issuer and serial number of the recipient's associated - * certificate. - * - * @param issuer the issuer of the recipient's associated certificate. - * @param serialNumber the serial number of the recipient's associated certificate. - * @param subjectKeyId the subject key identifier to use to match the recipients associated certificate. - */ - public KeyTransRecipientId(X500Name issuer, BigInteger serialNumber, byte[] subjectKeyId) - { - this(new X509CertificateHolderSelector(issuer, serialNumber, subjectKeyId)); - } - - public X500Name getIssuer() - { - return baseSelector.getIssuer(); - } - - public BigInteger getSerialNumber() - { - return baseSelector.getSerialNumber(); - } - - public byte[] getSubjectKeyIdentifier() - { - return baseSelector.getSubjectKeyIdentifier(); - } - - public int hashCode() - { - return baseSelector.hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof KeyTransRecipientId)) - { - return false; - } - - KeyTransRecipientId id = (KeyTransRecipientId)o; - - return this.baseSelector.equals(id.baseSelector); - } - - public Object clone() - { - return new KeyTransRecipientId(this.baseSelector); - } - - public boolean match(Object obj) - { - if (obj instanceof KeyTransRecipientInformation) - { - return ((KeyTransRecipientInformation)obj).getRID().equals(this); - } - - return baseSelector.match(obj); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInfoGenerator.java deleted file mode 100644 index e576f03f..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInfoGenerator.java +++ /dev/null @@ -1,58 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientIdentifier; -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.operator.AsymmetricKeyWrapper; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OperatorException; - -public abstract class KeyTransRecipientInfoGenerator - implements RecipientInfoGenerator -{ - protected final AsymmetricKeyWrapper wrapper; - - private IssuerAndSerialNumber issuerAndSerial; - private byte[] subjectKeyIdentifier; - - protected KeyTransRecipientInfoGenerator(IssuerAndSerialNumber issuerAndSerial, AsymmetricKeyWrapper wrapper) - { - this.issuerAndSerial = issuerAndSerial; - this.wrapper = wrapper; - } - - protected KeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, AsymmetricKeyWrapper wrapper) - { - this.subjectKeyIdentifier = subjectKeyIdentifier; - this.wrapper = wrapper; - } - - public final RecipientInfo generate(GenericKey contentEncryptionKey) - throws CMSException - { - byte[] encryptedKeyBytes; - try - { - encryptedKeyBytes = wrapper.generateWrappedKey(contentEncryptionKey); - } - catch (OperatorException e) - { - throw new CMSException("exception wrapping content key: " + e.getMessage(), e); - } - - RecipientIdentifier recipId; - if (issuerAndSerial != null) - { - recipId = new RecipientIdentifier(issuerAndSerial); - } - else - { - recipId = new RecipientIdentifier(new DEROctetString(subjectKeyIdentifier)); - } - - return new RecipientInfo(new KeyTransRecipientInfo(recipId, wrapper.getAlgorithmIdentifier(), - new DEROctetString(encryptedKeyBytes))); - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java b/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java deleted file mode 100644 index d59f4b3e..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientInformation.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * the KeyTransRecipientInformation class for a recipient who has been sent a secret - * key encrypted using their public key that needs to be used to - * extract the message. - */ -public class KeyTransRecipientInformation - extends RecipientInformation -{ - private KeyTransRecipientInfo info; - - KeyTransRecipientInformation( - KeyTransRecipientInfo info, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); - - this.info = info; - - RecipientIdentifier r = info.getRecipientIdentifier(); - - if (r.isTagged()) - { - ASN1OctetString octs = ASN1OctetString.getInstance(r.getId()); - - rid = new KeyTransRecipientId(octs.getOctets()); - } - else - { - IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.getInstance(r.getId()); - - rid = new KeyTransRecipientId(iAnds.getName(), iAnds.getSerialNumber().getValue()); - } - } - - protected RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException - { - return ((KeyTransRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, info.getEncryptedKey().getOctets()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/NullOutputStream.java b/pkix/src/main/java/org/bouncycastle/cms/NullOutputStream.java deleted file mode 100644 index 03c058a5..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/NullOutputStream.java +++ /dev/null @@ -1,28 +0,0 @@ -/** - * - */ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; - -class NullOutputStream - extends OutputStream -{ - public void write(byte[] buf) - throws IOException - { - // do nothing - } - - public void write(byte[] buf, int off, int len) - throws IOException - { - // do nothing - } - - public void write(int b) throws IOException - { - // do nothing - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/OriginatorId.java b/pkix/src/main/java/org/bouncycastle/cms/OriginatorId.java deleted file mode 100644 index ab38105d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/OriginatorId.java +++ /dev/null @@ -1,118 +0,0 @@ -package org.bouncycastle.cms; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Selector; - -/** - * a basic index for an originator. - */ -class OriginatorId - implements Selector -{ - private byte[] subjectKeyId; - - private X500Name issuer; - private BigInteger serialNumber; - - /** - * Construct a signer ID with the value of a public key's subjectKeyId. - * - * @param subjectKeyId a subjectKeyId - */ - public OriginatorId(byte[] subjectKeyId) - { - setSubjectKeyID(subjectKeyId); - } - - private void setSubjectKeyID(byte[] subjectKeyId) - { - this.subjectKeyId = subjectKeyId; - } - - /** - * Construct a signer ID based on the issuer and serial number of the signer's associated - * certificate. - * - * @param issuer the issuer of the signer's associated certificate. - * @param serialNumber the serial number of the signer's associated certificate. - */ - public OriginatorId(X500Name issuer, BigInteger serialNumber) - { - setIssuerAndSerial(issuer, serialNumber); - } - - private void setIssuerAndSerial(X500Name issuer, BigInteger serialNumber) - { - this.issuer = issuer; - this.serialNumber = serialNumber; - } - - /** - * Construct a signer ID based on the issuer and serial number of the signer's associated - * certificate. - * - * @param issuer the issuer of the signer's associated certificate. - * @param serialNumber the serial number of the signer's associated certificate. - * @param subjectKeyId the subject key identifier to use to match the signers associated certificate. - */ - public OriginatorId(X500Name issuer, BigInteger serialNumber, byte[] subjectKeyId) - { - setIssuerAndSerial(issuer, serialNumber); - setSubjectKeyID(subjectKeyId); - } - - public X500Name getIssuer() - { - return issuer; - } - - public Object clone() - { - return new OriginatorId(this.issuer, this.serialNumber, this.subjectKeyId); - } - - public int hashCode() - { - int code = Arrays.hashCode(subjectKeyId); - - if (this.serialNumber != null) - { - code ^= this.serialNumber.hashCode(); - } - - if (this.issuer != null) - { - code ^= this.issuer.hashCode(); - } - - return code; - } - - public boolean equals( - Object o) - { - if (!(o instanceof OriginatorId)) - { - return false; - } - - OriginatorId id = (OriginatorId)o; - - return Arrays.areEqual(subjectKeyId, id.subjectKeyId) - && equalsObj(this.serialNumber, id.serialNumber) - && equalsObj(this.issuer, id.issuer); - } - - private boolean equalsObj(Object a, Object b) - { - return (a != null) ? a.equals(b) : b == null; - } - - public boolean match(Object obj) - { - return false; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/OriginatorInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/OriginatorInfoGenerator.java deleted file mode 100644 index 8ea5a920..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/OriginatorInfoGenerator.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.ArrayList; -import java.util.List; - -import org.bouncycastle.asn1.cms.OriginatorInfo; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.util.Store; - -public class OriginatorInfoGenerator -{ - private final List origCerts; - private final List origCRLs; - - public OriginatorInfoGenerator(X509CertificateHolder origCert) - { - this.origCerts = new ArrayList(1); - this.origCRLs = null; - origCerts.add(origCert.toASN1Structure()); - } - - public OriginatorInfoGenerator(Store origCerts) - throws CMSException - { - this(origCerts, null); - } - - public OriginatorInfoGenerator(Store origCerts, Store origCRLs) - throws CMSException - { - this.origCerts = CMSUtils.getCertificatesFromStore(origCerts); - - if (origCRLs != null) - { - this.origCRLs = CMSUtils.getCRLsFromStore(origCRLs); - } - else - { - this.origCRLs = null; - } - } - - public OriginatorInformation generate() - { - if (origCRLs != null) - { - return new OriginatorInformation(new OriginatorInfo(CMSUtils.createDerSetFromList(origCerts), CMSUtils.createDerSetFromList(origCRLs))); - } - else - { - return new OriginatorInformation(new OriginatorInfo(CMSUtils.createDerSetFromList(origCerts), null)); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/OriginatorInformation.java b/pkix/src/main/java/org/bouncycastle/cms/OriginatorInformation.java deleted file mode 100644 index 7e9379d6..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/OriginatorInformation.java +++ /dev/null @@ -1,95 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.List; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.cms.OriginatorInfo; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.util.CollectionStore; -import org.bouncycastle.util.Store; - -public class OriginatorInformation -{ - private OriginatorInfo originatorInfo; - - OriginatorInformation(OriginatorInfo originatorInfo) - { - this.originatorInfo = originatorInfo; - } - - /** - * Return the certificates stored in the underlying OriginatorInfo object. - * - * @return a Store of X509CertificateHolder objects. - */ - public Store getCertificates() - { - ASN1Set certSet = originatorInfo.getCertificates(); - - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - certList.add(new X509CertificateHolder(Certificate.getInstance(obj))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); - } - - /** - * Return the CRLs stored in the underlying OriginatorInfo object. - * - * @return a Store of X509CRLHolder objects. - */ - public Store getCRLs() - { - ASN1Set crlSet = originatorInfo.getCRLs(); - - if (crlSet != null) - { - List crlList = new ArrayList(crlSet.size()); - - for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - crlList.add(new X509CRLHolder(CertificateList.getInstance(obj))); - } - } - - return new CollectionStore(crlList); - } - - return new CollectionStore(new ArrayList()); - } - - /** - * Return the underlying ASN.1 object defining this SignerInformation object. - * - * @return a OriginatorInfo. - */ - public OriginatorInfo toASN1Structure() - { - return originatorInfo; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java deleted file mode 100644 index c81c3028..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public interface PasswordRecipient - extends Recipient -{ - public static final int PKCS5_SCHEME2 = 0; - public static final int PKCS5_SCHEME2_UTF8 = 1; - - byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) - throws CMSException; - - RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedEncryptedContentKey) - throws CMSException; - - int getPasswordConversionScheme(); - - char[] getPassword(); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientId.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientId.java deleted file mode 100644 index 95688d73..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientId.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.bouncycastle.cms; - -public class PasswordRecipientId - extends RecipientId -{ - /** - * Construct a recipient ID of the password type. - */ - public PasswordRecipientId() - { - super(password); - } - - public int hashCode() - { - return password; - } - - public boolean equals( - Object o) - { - if (!(o instanceof PasswordRecipientId)) - { - return false; - } - - return true; - } - - public Object clone() - { - return new PasswordRecipientId(); - } - - public boolean match(Object obj) - { - if (obj instanceof PasswordRecipientInformation) - { - return true; - } - - return false; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java deleted file mode 100644 index b570c3cf..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java +++ /dev/null @@ -1,122 +0,0 @@ -package org.bouncycastle.cms; - -import java.security.SecureRandom; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.cms.PasswordRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.GenericKey; - -public abstract class PasswordRecipientInfoGenerator - implements RecipientInfoGenerator -{ - private char[] password; - private AlgorithmIdentifier keyDerivationAlgorithm; - private ASN1ObjectIdentifier kekAlgorithm; - private SecureRandom random; - private int schemeID; - private int keySize; - private int blockSize; - - protected PasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password) - { - this(kekAlgorithm, password, getKeySize(kekAlgorithm), ((Integer)PasswordRecipientInformation.BLOCKSIZES.get(kekAlgorithm)).intValue()); - } - - protected PasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password, int keySize, int blockSize) - { - this.password = password; - this.schemeID = PasswordRecipient.PKCS5_SCHEME2_UTF8; - this.kekAlgorithm = kekAlgorithm; - this.keySize = keySize; - this.blockSize = blockSize; - } - - private static int getKeySize(ASN1ObjectIdentifier kekAlgorithm) - { - Integer size = (Integer)PasswordRecipientInformation.KEYSIZES.get(kekAlgorithm); - - if (size == null) - { - throw new IllegalArgumentException("cannot find key size for algorithm: " + kekAlgorithm); - } - - return size.intValue(); - } - - public PasswordRecipientInfoGenerator setPasswordConversionScheme(int schemeID) - { - this.schemeID = schemeID; - - return this; - } - - public PasswordRecipientInfoGenerator setSaltAndIterationCount(byte[] salt, int iterationCount) - { - this.keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount)); - - return this; - } - - public PasswordRecipientInfoGenerator setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public RecipientInfo generate(GenericKey contentEncryptionKey) - throws CMSException - { - byte[] iv = new byte[blockSize]; /// TODO: set IV size properly! - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - if (keyDerivationAlgorithm == null) - { - byte[] salt = new byte[20]; - - random.nextBytes(salt); - - keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, 1024)); - } - - byte[] encodedPassword = CMSUtils.getPasswordBytes(schemeID, password); - - byte[] derivedKey = calculateDerivedKey(encodedPassword, keyDerivationAlgorithm, keySize); - - AlgorithmIdentifier kekAlgorithmId = new AlgorithmIdentifier(kekAlgorithm, new DEROctetString(iv)); - - byte[] encryptedKeyBytes = generateEncryptedBytes(kekAlgorithmId, derivedKey, contentEncryptionKey); - - ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes); - - ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(kekAlgorithm); - v.add(new DEROctetString(iv)); - - AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_alg_PWRI_KEK, new DERSequence(v)); - - return new RecipientInfo(new PasswordRecipientInfo(keyDerivationAlgorithm, - keyEncryptionAlgorithm, encryptedKey)); - } - - protected abstract byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) - throws CMSException; - - protected abstract byte[] generateEncryptedBytes(AlgorithmIdentifier algorithm, byte[] derivedKey, GenericKey contentEncryptionKey) - throws CMSException; -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java deleted file mode 100644 index 2eef186a..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java +++ /dev/null @@ -1,116 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.cms.PasswordRecipientInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.util.Integers; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using a password. - */ -public class PasswordRecipientInformation - extends RecipientInformation -{ - static Map KEYSIZES = new HashMap(); - static Map BLOCKSIZES = new HashMap(); - - static - { - BLOCKSIZES.put(CMSAlgorithm.DES_EDE3_CBC, Integers.valueOf(8)); - BLOCKSIZES.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(16)); - BLOCKSIZES.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(16)); - BLOCKSIZES.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(16)); - - KEYSIZES.put(CMSAlgorithm.DES_EDE3_CBC, Integers.valueOf(192)); - KEYSIZES.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(128)); - KEYSIZES.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(192)); - KEYSIZES.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(256)); - } - - private PasswordRecipientInfo info; - - PasswordRecipientInformation( - PasswordRecipientInfo info, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); - - this.info = info; - this.rid = new PasswordRecipientId(); - } - - /** - * return the object identifier for the key derivation algorithm, or null - * if there is none present. - * - * @return OID for key derivation algorithm, if present. - */ - public String getKeyDerivationAlgOID() - { - if (info.getKeyDerivationAlgorithm() != null) - { - return info.getKeyDerivationAlgorithm().getAlgorithm().getId(); - } - - return null; - } - - /** - * return the ASN.1 encoded key derivation algorithm parameters, or null if - * there aren't any. - * @return ASN.1 encoding of key derivation algorithm parameters. - */ - public byte[] getKeyDerivationAlgParams() - { - try - { - if (info.getKeyDerivationAlgorithm() != null) - { - ASN1Encodable params = info.getKeyDerivationAlgorithm().getParameters(); - if (params != null) - { - return params.toASN1Primitive().getEncoded(); - } - } - - return null; - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * Return the key derivation algorithm details for the key in this recipient. - * - * @return AlgorithmIdentifier representing the key derivation algorithm. - */ - public AlgorithmIdentifier getKeyDerivationAlgorithm() - { - return info.getKeyDerivationAlgorithm(); - } - - protected RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException, IOException - { - PasswordRecipient pbeRecipient = (PasswordRecipient)recipient; - AlgorithmIdentifier kekAlg = AlgorithmIdentifier.getInstance(info.getKeyEncryptionAlgorithm()); - AlgorithmIdentifier kekAlgParams = AlgorithmIdentifier.getInstance(kekAlg.getParameters()); - - byte[] passwordBytes = CMSUtils.getPasswordBytes(pbeRecipient.getPasswordConversionScheme(), pbeRecipient.getPassword()); - - int keySize = ((Integer)KEYSIZES.get(kekAlgParams.getAlgorithm())).intValue(); - - byte[] derivedKey = pbeRecipient.calculateDerivedKey(passwordBytes, this.getKeyDerivationAlgorithm(), keySize); - - return pbeRecipient.getRecipientOperator(kekAlgParams, messageAlgorithm, derivedKey, info.getEncryptedKey().getOctets()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/Recipient.java b/pkix/src/main/java/org/bouncycastle/cms/Recipient.java deleted file mode 100644 index 88c88a61..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/Recipient.java +++ /dev/null @@ -1,5 +0,0 @@ -package org.bouncycastle.cms; - -public interface Recipient -{ -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/RecipientId.java b/pkix/src/main/java/org/bouncycastle/cms/RecipientId.java deleted file mode 100644 index fae5a100..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/RecipientId.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.util.Selector; - -public abstract class RecipientId - implements Selector -{ - public static final int keyTrans = 0; - public static final int kek = 1; - public static final int keyAgree = 2; - public static final int password = 3; - - private final int type; - - protected RecipientId(int type) - { - this.type = type; - } - - /** - * Return the type code for this recipient ID. - * - * @return one of keyTrans, kek, keyAgree, password - */ - public int getType() - { - return type; - } - - public abstract Object clone(); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/RecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/RecipientInfoGenerator.java deleted file mode 100644 index 6ab41d35..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/RecipientInfoGenerator.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.operator.GenericKey; - -public interface RecipientInfoGenerator -{ - RecipientInfo generate(GenericKey contentEncryptionKey) - throws CMSException; -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/RecipientInformation.java b/pkix/src/main/java/org/bouncycastle/cms/RecipientInformation.java deleted file mode 100644 index 86f9fa30..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/RecipientInformation.java +++ /dev/null @@ -1,181 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.util.io.Streams; - -public abstract class RecipientInformation -{ - protected RecipientId rid; - protected AlgorithmIdentifier keyEncAlg; - protected AlgorithmIdentifier messageAlgorithm; - protected CMSSecureReadable secureReadable; - - private AuthAttributesProvider additionalData; - - private byte[] resultMac; - private RecipientOperator operator; - - RecipientInformation( - AlgorithmIdentifier keyEncAlg, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - this.keyEncAlg = keyEncAlg; - this.messageAlgorithm = messageAlgorithm; - this.secureReadable = secureReadable; - this.additionalData = additionalData; - } - - public RecipientId getRID() - { - return rid; - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } - - /** - * Return the key encryption algorithm details for the key in this recipient. - * - * @return AlgorithmIdentifier representing the key encryption algorithm. - */ - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncAlg; - } - - /** - * return the object identifier for the key encryption algorithm. - * - * @return OID for key encryption algorithm. - */ - public String getKeyEncryptionAlgOID() - { - return keyEncAlg.getAlgorithm().getId(); - } - - /** - * return the ASN.1 encoded key encryption algorithm parameters, or null if - * there aren't any. - * - * @return ASN.1 encoding of key encryption algorithm parameters. - */ - public byte[] getKeyEncryptionAlgParams() - { - try - { - return encodeObj(keyEncAlg.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * Return the content digest calculated during the read of the content if one has been generated. This will - * only happen if we are dealing with authenticated data and authenticated attributes are present. - * - * @return byte array containing the digest. - */ - public byte[] getContentDigest() - { - if (secureReadable instanceof CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable) - { - return ((CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable)secureReadable).getDigest(); - } - - return null; - } - - /** - * Return the MAC calculated for the recipient. Note: this call is only meaningful once all - * the content has been read. - * - * @return byte array containing the mac. - */ - public byte[] getMac() - { - if (resultMac == null) - { - if (operator.isMacBased()) - { - if (additionalData != null) - { - try - { - Streams.drain(operator.getInputStream(new ByteArrayInputStream(additionalData.getAuthAttributes().getEncoded(ASN1Encoding.DER)))); - } - catch (IOException e) - { - throw new IllegalStateException("unable to drain input: " + e.getMessage()); - } - } - resultMac = operator.getMac(); - } - } - - return resultMac; - } - - /** - * Return the decrypted/encapsulated content in the EnvelopedData after recovering the content - * encryption/MAC key using the passed in Recipient. - * - * @param recipient recipient object to use to recover content encryption key - * @return the content inside the EnvelopedData this RecipientInformation is associated with. - * @throws CMSException if the content-encryption/MAC key cannot be recovered. - */ - public byte[] getContent( - Recipient recipient) - throws CMSException - { - try - { - return CMSUtils.streamToByteArray(getContentStream(recipient).getContentStream()); - } - catch (IOException e) - { - throw new CMSException("unable to parse internal stream: " + e.getMessage(), e); - } - } - - /** - * Return a CMSTypedStream representing the content in the EnvelopedData after recovering the content - * encryption/MAC key using the passed in Recipient. - * - * @param recipient recipient object to use to recover content encryption key - * @return the content inside the EnvelopedData this RecipientInformation is associated with. - * @throws CMSException if the content-encryption/MAC key cannot be recovered. - */ - public CMSTypedStream getContentStream(Recipient recipient) - throws CMSException, IOException - { - operator = getRecipientOperator(recipient); - - if (additionalData != null) - { - return new CMSTypedStream(secureReadable.getInputStream()); - } - - return new CMSTypedStream(operator.getInputStream(secureReadable.getInputStream())); - } - - protected abstract RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException, IOException; -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/RecipientInformationStore.java b/pkix/src/main/java/org/bouncycastle/cms/RecipientInformationStore.java deleted file mode 100644 index 5cf80e5d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/RecipientInformationStore.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.x500.X500Name; - -public class RecipientInformationStore -{ - private final List all; //ArrayList[RecipientInformation] - private final Map table = new HashMap(); // HashMap[RecipientID, ArrayList[RecipientInformation]] - - public RecipientInformationStore( - Collection recipientInfos) - { - Iterator it = recipientInfos.iterator(); - - while (it.hasNext()) - { - RecipientInformation recipientInformation = (RecipientInformation)it.next(); - RecipientId rid = recipientInformation.getRID(); - - List list = (ArrayList)table.get(rid); - if (list == null) - { - list = new ArrayList(1); - table.put(rid, list); - } - - list.add(recipientInformation); - } - - this.all = new ArrayList(recipientInfos); - } - - /** - * Return the first RecipientInformation object that matches the - * passed in selector. Null if there are no matches. - * - * @param selector to identify a recipient - * @return a single RecipientInformation object. Null if none matches. - */ - public RecipientInformation get( - RecipientId selector) - { - Collection list = getRecipients(selector); - - return list.size() == 0 ? null : (RecipientInformation)list.iterator().next(); - } - - /** - * Return the number of recipients in the collection. - * - * @return number of recipients identified. - */ - public int size() - { - return all.size(); - } - - /** - * Return all recipients in the collection - * - * @return a collection of recipients. - */ - public Collection getRecipients() - { - return new ArrayList(all); - } - - /** - * Return possible empty collection with recipients matching the passed in RecipientId - * - * @param selector a recipient id to select against. - * @return a collection of RecipientInformation objects. - */ - public Collection getRecipients( - RecipientId selector) - { - if (selector instanceof KeyTransRecipientId) - { - KeyTransRecipientId keyTrans = (KeyTransRecipientId)selector; - - X500Name issuer = keyTrans.getIssuer(); - byte[] subjectKeyId = keyTrans.getSubjectKeyIdentifier(); - - if (issuer != null && subjectKeyId != null) - { - List results = new ArrayList(); - - Collection match1 = getRecipients(new KeyTransRecipientId(issuer, keyTrans.getSerialNumber())); - if (match1 != null) - { - results.addAll(match1); - } - - Collection match2 = getRecipients(new KeyTransRecipientId(subjectKeyId)); - if (match2 != null) - { - results.addAll(match2); - } - - return results; - } - } - - List list = (ArrayList)table.get(selector); - - return list == null ? new ArrayList() : new ArrayList(list); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/RecipientOperator.java b/pkix/src/main/java/org/bouncycastle/cms/RecipientOperator.java deleted file mode 100644 index 7b3e3e58..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/RecipientOperator.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.InputStream; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.InputDecryptor; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.util.io.TeeInputStream; - -public class RecipientOperator -{ - private final AlgorithmIdentifier algorithmIdentifier; - private final Object operator; - - public RecipientOperator(InputDecryptor decryptor) - { - this.algorithmIdentifier = decryptor.getAlgorithmIdentifier(); - this.operator = decryptor; - } - - public RecipientOperator(MacCalculator macCalculator) - { - this.algorithmIdentifier = macCalculator.getAlgorithmIdentifier(); - this.operator = macCalculator; - } - - public InputStream getInputStream(InputStream dataIn) - { - if (operator instanceof InputDecryptor) - { - return ((InputDecryptor)operator).getInputStream(dataIn); - } - else - { - return new TeeInputStream(dataIn, ((MacCalculator)operator).getOutputStream()); - } - } - - public boolean isMacBased() - { - return operator instanceof MacCalculator; - } - - public byte[] getMac() - { - return ((MacCalculator)operator).getMac(); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/SignerId.java b/pkix/src/main/java/org/bouncycastle/cms/SignerId.java deleted file mode 100644 index 6b53bac7..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/SignerId.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.cms; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.cert.selector.X509CertificateHolderSelector; -import org.bouncycastle.util.Selector; - -/** - * a basic index for a signer. - */ -public class SignerId - implements Selector -{ - private X509CertificateHolderSelector baseSelector; - - private SignerId(X509CertificateHolderSelector baseSelector) - { - this.baseSelector = baseSelector; - } - - /** - * Construct a signer ID with the value of a public key's subjectKeyId. - * - * @param subjectKeyId a subjectKeyId - */ - public SignerId(byte[] subjectKeyId) - { - this(null, null, subjectKeyId); - } - - /** - * Construct a signer ID based on the issuer and serial number of the signer's associated - * certificate. - * - * @param issuer the issuer of the signer's associated certificate. - * @param serialNumber the serial number of the signer's associated certificate. - */ - public SignerId(X500Name issuer, BigInteger serialNumber) - { - this(issuer, serialNumber, null); - } - - /** - * Construct a signer ID based on the issuer and serial number of the signer's associated - * certificate. - * - * @param issuer the issuer of the signer's associated certificate. - * @param serialNumber the serial number of the signer's associated certificate. - * @param subjectKeyId the subject key identifier to use to match the signers associated certificate. - */ - public SignerId(X500Name issuer, BigInteger serialNumber, byte[] subjectKeyId) - { - this(new X509CertificateHolderSelector(issuer, serialNumber, subjectKeyId)); - } - - public X500Name getIssuer() - { - return baseSelector.getIssuer(); - } - - public BigInteger getSerialNumber() - { - return baseSelector.getSerialNumber(); - } - - public byte[] getSubjectKeyIdentifier() - { - return baseSelector.getSubjectKeyIdentifier(); - } - - public int hashCode() - { - return baseSelector.hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof SignerId)) - { - return false; - } - - SignerId id = (SignerId)o; - - return this.baseSelector.equals(id.baseSelector); - } - - public boolean match(Object obj) - { - if (obj instanceof SignerInformation) - { - return ((SignerInformation)obj).getSID().equals(this); - } - - return baseSelector.match(obj); - } - - public Object clone() - { - return new SignerId(this.baseSelector); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java deleted file mode 100644 index f264729c..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java +++ /dev/null @@ -1,291 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.SignerIdentifier; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; -import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.io.TeeOutputStream; - -public class SignerInfoGenerator -{ - private final SignerIdentifier signerIdentifier; - private final CMSAttributeTableGenerator sAttrGen; - private final CMSAttributeTableGenerator unsAttrGen; - private final ContentSigner signer; - private final DigestCalculator digester; - private final DigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); - private final CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder; - - private byte[] calculatedDigest = null; - private X509CertificateHolder certHolder; - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder) - throws OperatorCreationException - { - this(signerIdentifier, signer, digesterProvider, sigEncAlgFinder, false); - } - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder, - boolean isDirectSignature) - throws OperatorCreationException - { - this.signerIdentifier = signerIdentifier; - this.signer = signer; - - if (digesterProvider != null) - { - this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier())); - } - else - { - this.digester = null; - } - - if (isDirectSignature) - { - this.sAttrGen = null; - this.unsAttrGen = null; - } - else - { - this.sAttrGen = new DefaultSignedAttributeTableGenerator(); - this.unsAttrGen = null; - } - - this.sigEncAlgFinder = sigEncAlgFinder; - } - - public SignerInfoGenerator( - SignerInfoGenerator original, - CMSAttributeTableGenerator sAttrGen, - CMSAttributeTableGenerator unsAttrGen) - { - this.signerIdentifier = original.signerIdentifier; - this.signer = original.signer; - this.digester = original.digester; - this.sigEncAlgFinder = original.sigEncAlgFinder; - this.sAttrGen = sAttrGen; - this.unsAttrGen = unsAttrGen; - } - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder, - CMSAttributeTableGenerator sAttrGen, - CMSAttributeTableGenerator unsAttrGen) - throws OperatorCreationException - { - this.signerIdentifier = signerIdentifier; - this.signer = signer; - - if (digesterProvider != null) - { - this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier())); - } - else - { - this.digester = null; - } - - this.sAttrGen = sAttrGen; - this.unsAttrGen = unsAttrGen; - this.sigEncAlgFinder = sigEncAlgFinder; - } - - public SignerIdentifier getSID() - { - return signerIdentifier; - } - - public int getGeneratedVersion() - { - return signerIdentifier.isTagged() ? 3 : 1; - } - - public boolean hasAssociatedCertificate() - { - return certHolder != null; - } - - public X509CertificateHolder getAssociatedCertificate() - { - return certHolder; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - if (digester != null) - { - return digester.getAlgorithmIdentifier(); - } - - return digAlgFinder.find(signer.getAlgorithmIdentifier()); - } - - public OutputStream getCalculatingOutputStream() - { - if (digester != null) - { - if (sAttrGen == null) - { - return new TeeOutputStream(digester.getOutputStream(), signer.getOutputStream()); - } - return digester.getOutputStream(); - } - else - { - return signer.getOutputStream(); - } - } - - public SignerInfo generate(ASN1ObjectIdentifier contentType) - throws CMSException - { - try - { - /* RFC 3852 5.4 - * The result of the message digest calculation process depends on - * whether the signedAttrs field is present. When the field is absent, - * the result is just the message digest of the content as described - * - * above. When the field is present, however, the result is the message - * digest of the complete DER encoding of the SignedAttrs value - * contained in the signedAttrs field. - */ - ASN1Set signedAttr = null; - - AlgorithmIdentifier digestAlg = null; - - if (sAttrGen != null) - { - digestAlg = digester.getAlgorithmIdentifier(); - calculatedDigest = digester.getDigest(); - Map parameters = getBaseParameters(contentType, digester.getAlgorithmIdentifier(), calculatedDigest); - AttributeTable signed = sAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); - - signedAttr = getAttributeSet(signed); - - // sig must be composed from the DER encoding. - OutputStream sOut = signer.getOutputStream(); - - sOut.write(signedAttr.getEncoded(ASN1Encoding.DER)); - - sOut.close(); - } - else - { - if (digester != null) - { - digestAlg = digester.getAlgorithmIdentifier(); - calculatedDigest = digester.getDigest(); - } - else - { - digestAlg = digAlgFinder.find(signer.getAlgorithmIdentifier()); - calculatedDigest = null; - } - } - - byte[] sigBytes = signer.getSignature(); - - ASN1Set unsignedAttr = null; - if (unsAttrGen != null) - { - Map parameters = getBaseParameters(contentType, digestAlg, calculatedDigest); - parameters.put(CMSAttributeTableGenerator.SIGNATURE, Arrays.clone(sigBytes)); - - AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); - - unsignedAttr = getAttributeSet(unsigned); - } - - AlgorithmIdentifier digestEncryptionAlgorithm = sigEncAlgFinder.findEncryptionAlgorithm(signer.getAlgorithmIdentifier()); - - return new SignerInfo(signerIdentifier, digestAlg, - signedAttr, digestEncryptionAlgorithm, new DEROctetString(sigBytes), unsignedAttr); - } - catch (IOException e) - { - throw new CMSException("encoding error.", e); - } - } - - void setAssociatedCertificate(X509CertificateHolder certHolder) - { - this.certHolder = certHolder; - } - - private ASN1Set getAttributeSet( - AttributeTable attr) - { - if (attr != null) - { - return new DERSet(attr.toASN1EncodableVector()); - } - - return null; - } - - private Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) - { - Map param = new HashMap(); - - if (contentType != null) - { - param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); - } - - param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); - return param; - } - - public byte[] getCalculatedDigest() - { - if (calculatedDigest != null) - { - return Arrays.clone(calculatedDigest); - } - - return null; - } - - public CMSAttributeTableGenerator getSignedAttributeTableGenerator() - { - return sAttrGen; - } - - public CMSAttributeTableGenerator getUnsignedAttributeTableGenerator() - { - return unsAttrGen; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java deleted file mode 100644 index 7a47a2f8..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java +++ /dev/null @@ -1,139 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.SignerIdentifier; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; - -/** - * Builder for SignerInfo generator objects. - */ -public class SignerInfoGeneratorBuilder -{ - private DigestCalculatorProvider digestProvider; - private boolean directSignature; - private CMSAttributeTableGenerator signedGen; - private CMSAttributeTableGenerator unsignedGen; - private CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder; - - /** - * Base constructor. - * - * @param digestProvider a provider of digest calculators for the algorithms required in the signature and attribute calculations. - */ - public SignerInfoGeneratorBuilder(DigestCalculatorProvider digestProvider) - { - this(digestProvider, new DefaultCMSSignatureEncryptionAlgorithmFinder()); - } - - /** - * Base constructor. - * - * @param digestProvider a provider of digest calculators for the algorithms required in the signature and attribute calculations. - */ - public SignerInfoGeneratorBuilder(DigestCalculatorProvider digestProvider, CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder) - { - this.digestProvider = digestProvider; - this.sigEncAlgFinder = sigEncAlgFinder; - } - - /** - * If the passed in flag is true, the signer signature will be based on the data, not - * a collection of signed attributes, and no signed attributes will be included. - * - * @return the builder object - */ - public SignerInfoGeneratorBuilder setDirectSignature(boolean hasNoSignedAttributes) - { - this.directSignature = hasNoSignedAttributes; - - return this; - } - - /** - * Provide a custom signed attribute generator. - * - * @param signedGen a generator of signed attributes. - * @return the builder object - */ - public SignerInfoGeneratorBuilder setSignedAttributeGenerator(CMSAttributeTableGenerator signedGen) - { - this.signedGen = signedGen; - - return this; - } - - /** - * Provide a generator of unsigned attributes. - * - * @param unsignedGen a generator for signed attributes. - * @return the builder object - */ - public SignerInfoGeneratorBuilder setUnsignedAttributeGenerator(CMSAttributeTableGenerator unsignedGen) - { - this.unsignedGen = unsignedGen; - - return this; - } - - /** - * Build a generator with the passed in certHolder issuer and serial number as the signerIdentifier. - * - * @param contentSigner operator for generating the final signature in the SignerInfo with. - * @param certHolder carrier for the X.509 certificate related to the contentSigner. - * @return a SignerInfoGenerator - * @throws OperatorCreationException if the generator cannot be built. - */ - public SignerInfoGenerator build(ContentSigner contentSigner, X509CertificateHolder certHolder) - throws OperatorCreationException - { - SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certHolder.toASN1Structure())); - - SignerInfoGenerator sigInfoGen = createGenerator(contentSigner, sigId); - - sigInfoGen.setAssociatedCertificate(certHolder); - - return sigInfoGen; - } - - /** - * Build a generator with the passed in subjectKeyIdentifier as the signerIdentifier. If used you should - * try to follow the calculation described in RFC 5280 section 4.2.1.2. - * - * @param contentSigner operator for generating the final signature in the SignerInfo with. - * @param subjectKeyIdentifier key identifier to identify the public key for verifying the signature. - * @return a SignerInfoGenerator - * @throws OperatorCreationException if the generator cannot be built. - */ - public SignerInfoGenerator build(ContentSigner contentSigner, byte[] subjectKeyIdentifier) - throws OperatorCreationException - { - SignerIdentifier sigId = new SignerIdentifier(new DEROctetString(subjectKeyIdentifier)); - - return createGenerator(contentSigner, sigId); - } - - private SignerInfoGenerator createGenerator(ContentSigner contentSigner, SignerIdentifier sigId) - throws OperatorCreationException - { - if (directSignature) - { - return new SignerInfoGenerator(sigId, contentSigner, digestProvider, sigEncAlgFinder, true); - } - - if (signedGen != null || unsignedGen != null) - { - if (signedGen == null) - { - signedGen = new DefaultSignedAttributeTableGenerator(); - } - - return new SignerInfoGenerator(sigId, contentSigner, digestProvider, sigEncAlgFinder, signedGen, unsignedGen); - } - - return new SignerInfoGenerator(sigId, contentSigner, digestProvider, sigEncAlgFinder); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/SignerInformation.java b/pkix/src/main/java/org/bouncycastle/cms/SignerInformation.java deleted file mode 100644 index 7e178d6c..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/SignerInformation.java +++ /dev/null @@ -1,680 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.SignerIdentifier; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.asn1.cms.Time; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.ContentVerifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.RawContentVerifier; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.io.TeeOutputStream; - -/** - * an expanded SignerInfo block from a CMS Signed message - */ -public class SignerInformation -{ - private SignerId sid; - private SignerInfo info; - private AlgorithmIdentifier digestAlgorithm; - private AlgorithmIdentifier encryptionAlgorithm; - private final ASN1Set signedAttributeSet; - private final ASN1Set unsignedAttributeSet; - private CMSProcessable content; - private byte[] signature; - private ASN1ObjectIdentifier contentType; - private byte[] resultDigest; - - // Derived - private AttributeTable signedAttributeValues; - private AttributeTable unsignedAttributeValues; - private boolean isCounterSignature; - - SignerInformation( - SignerInfo info, - ASN1ObjectIdentifier contentType, - CMSProcessable content, - byte[] resultDigest) - { - this.info = info; - this.contentType = contentType; - this.isCounterSignature = contentType == null; - - SignerIdentifier s = info.getSID(); - - if (s.isTagged()) - { - ASN1OctetString octs = ASN1OctetString.getInstance(s.getId()); - - sid = new SignerId(octs.getOctets()); - } - else - { - IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.getInstance(s.getId()); - - sid = new SignerId(iAnds.getName(), iAnds.getSerialNumber().getValue()); - } - - this.digestAlgorithm = info.getDigestAlgorithm(); - this.signedAttributeSet = info.getAuthenticatedAttributes(); - this.unsignedAttributeSet = info.getUnauthenticatedAttributes(); - this.encryptionAlgorithm = info.getDigestEncryptionAlgorithm(); - this.signature = info.getEncryptedDigest().getOctets(); - - this.content = content; - this.resultDigest = resultDigest; - } - - public boolean isCounterSignature() - { - return isCounterSignature; - } - - public ASN1ObjectIdentifier getContentType() - { - return this.contentType; - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } - - public SignerId getSID() - { - return sid; - } - - /** - * return the version number for this objects underlying SignerInfo structure. - */ - public int getVersion() - { - return info.getVersion().getValue().intValue(); - } - - public AlgorithmIdentifier getDigestAlgorithmID() - { - return digestAlgorithm; - } - - /** - * return the object identifier for the signature. - */ - public String getDigestAlgOID() - { - return digestAlgorithm.getAlgorithm().getId(); - } - - /** - * return the signature parameters, or null if there aren't any. - */ - public byte[] getDigestAlgParams() - { - try - { - return encodeObj(digestAlgorithm.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting digest parameters " + e); - } - } - - /** - * return the content digest that was calculated during verification. - */ - public byte[] getContentDigest() - { - if (resultDigest == null) - { - throw new IllegalStateException("method can only be called after verify."); - } - - return Arrays.clone(resultDigest); - } - - /** - * return the object identifier for the signature. - */ - public String getEncryptionAlgOID() - { - return encryptionAlgorithm.getAlgorithm().getId(); - } - - /** - * return the signature/encryption algorithm parameters, or null if - * there aren't any. - */ - public byte[] getEncryptionAlgParams() - { - try - { - return encodeObj(encryptionAlgorithm.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * return a table of the signed attributes - indexed by - * the OID of the attribute. - */ - public AttributeTable getSignedAttributes() - { - if (signedAttributeSet != null && signedAttributeValues == null) - { - signedAttributeValues = new AttributeTable(signedAttributeSet); - } - - return signedAttributeValues; - } - - /** - * return a table of the unsigned attributes indexed by - * the OID of the attribute. - */ - public AttributeTable getUnsignedAttributes() - { - if (unsignedAttributeSet != null && unsignedAttributeValues == null) - { - unsignedAttributeValues = new AttributeTable(unsignedAttributeSet); - } - - return unsignedAttributeValues; - } - - /** - * return the encoded signature - */ - public byte[] getSignature() - { - return Arrays.clone(signature); - } - - /** - * Return a SignerInformationStore containing the counter signatures attached to this - * signer. If no counter signatures are present an empty store is returned. - */ - public SignerInformationStore getCounterSignatures() - { - // TODO There are several checks implied by the RFC3852 comments that are missing - - /* - The countersignature attribute MUST be an unsigned attribute; it MUST - NOT be a signed attribute, an authenticated attribute, an - unauthenticated attribute, or an unprotected attribute. - */ - AttributeTable unsignedAttributeTable = getUnsignedAttributes(); - if (unsignedAttributeTable == null) - { - return new SignerInformationStore(new ArrayList(0)); - } - - List counterSignatures = new ArrayList(); - - /* - The UnsignedAttributes syntax is defined as a SET OF Attributes. The - UnsignedAttributes in a signerInfo may include multiple instances of - the countersignature attribute. - */ - ASN1EncodableVector allCSAttrs = unsignedAttributeTable.getAll(CMSAttributes.counterSignature); - - for (int i = 0; i < allCSAttrs.size(); ++i) - { - Attribute counterSignatureAttribute = (Attribute)allCSAttrs.get(i); - - /* - A countersignature attribute can have multiple attribute values. The - syntax is defined as a SET OF AttributeValue, and there MUST be one - or more instances of AttributeValue present. - */ - ASN1Set values = counterSignatureAttribute.getAttrValues(); - if (values.size() < 1) - { - // TODO Throw an appropriate exception? - } - - for (Enumeration en = values.getObjects(); en.hasMoreElements();) - { - /* - Countersignature values have the same meaning as SignerInfo values - for ordinary signatures, except that: - - 1. The signedAttributes field MUST NOT contain a content-type - attribute; there is no content type for countersignatures. - - 2. The signedAttributes field MUST contain a message-digest - attribute if it contains any other attributes. - - 3. The input to the message-digesting process is the contents - octets of the DER encoding of the signatureValue field of the - SignerInfo value with which the attribute is associated. - */ - SignerInfo si = SignerInfo.getInstance(en.nextElement()); - - counterSignatures.add(new SignerInformation(si, null, new CMSProcessableByteArray(getSignature()), null)); - } - } - - return new SignerInformationStore(counterSignatures); - } - - /** - * return the DER encoding of the signed attributes. - * @throws IOException if an encoding error occurs. - */ - public byte[] getEncodedSignedAttributes() - throws IOException - { - if (signedAttributeSet != null) - { - return signedAttributeSet.getEncoded(); - } - - return null; - } - - private boolean doVerify( - SignerInformationVerifier verifier) - throws CMSException - { - String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID()); - ContentVerifier contentVerifier; - - try - { - contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm()); - } - catch (OperatorCreationException e) - { - throw new CMSException("can't create content verifier: " + e.getMessage(), e); - } - - try - { - OutputStream sigOut = contentVerifier.getOutputStream(); - - if (resultDigest == null) - { - DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID()); - if (content != null) - { - OutputStream digOut = calc.getOutputStream(); - - if (signedAttributeSet == null) - { - if (contentVerifier instanceof RawContentVerifier) - { - content.write(digOut); - } - else - { - OutputStream cOut = new TeeOutputStream(digOut, sigOut); - - content.write(cOut); - - cOut.close(); - } - } - else - { - content.write(digOut); - sigOut.write(this.getEncodedSignedAttributes()); - } - - digOut.close(); - } - else if (signedAttributeSet != null) - { - sigOut.write(this.getEncodedSignedAttributes()); - } - else - { - // TODO Get rid of this exception and just treat content==null as empty not missing? - throw new CMSException("data not encapsulated in signature - use detached constructor."); - } - - resultDigest = calc.getDigest(); - } - else - { - if (signedAttributeSet == null) - { - if (content != null) - { - content.write(sigOut); - } - } - else - { - sigOut.write(this.getEncodedSignedAttributes()); - } - } - - sigOut.close(); - } - catch (IOException e) - { - throw new CMSException("can't process mime object to create signature.", e); - } - catch (OperatorCreationException e) - { - throw new CMSException("can't create digest calculator: " + e.getMessage(), e); - } - - // RFC 3852 11.1 Check the content-type attribute is correct - { - ASN1Primitive validContentType = getSingleValuedSignedAttribute( - CMSAttributes.contentType, "content-type"); - if (validContentType == null) - { - if (!isCounterSignature && signedAttributeSet != null) - { - throw new CMSException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data"); - } - } - else - { - if (isCounterSignature) - { - throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute"); - } - - if (!(validContentType instanceof ASN1ObjectIdentifier)) - { - throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'"); - } - - ASN1ObjectIdentifier signedContentType = (ASN1ObjectIdentifier)validContentType; - - if (!signedContentType.equals(contentType)) - { - throw new CMSException("content-type attribute value does not match eContentType"); - } - } - } - - // RFC 3852 11.2 Check the message-digest attribute is correct - { - ASN1Primitive validMessageDigest = getSingleValuedSignedAttribute( - CMSAttributes.messageDigest, "message-digest"); - if (validMessageDigest == null) - { - if (signedAttributeSet != null) - { - throw new CMSException("the message-digest signed attribute type MUST be present when there are any signed attributes present"); - } - } - else - { - if (!(validMessageDigest instanceof ASN1OctetString)) - { - throw new CMSException("message-digest attribute value not of ASN.1 type 'OCTET STRING'"); - } - - ASN1OctetString signedMessageDigest = (ASN1OctetString)validMessageDigest; - - if (!Arrays.constantTimeAreEqual(resultDigest, signedMessageDigest.getOctets())) - { - throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value"); - } - } - } - - // RFC 3852 11.4 Validate countersignature attribute(s) - { - AttributeTable signedAttrTable = this.getSignedAttributes(); - if (signedAttrTable != null - && signedAttrTable.getAll(CMSAttributes.counterSignature).size() > 0) - { - throw new CMSException("A countersignature attribute MUST NOT be a signed attribute"); - } - - AttributeTable unsignedAttrTable = this.getUnsignedAttributes(); - if (unsignedAttrTable != null) - { - ASN1EncodableVector csAttrs = unsignedAttrTable.getAll(CMSAttributes.counterSignature); - for (int i = 0; i < csAttrs.size(); ++i) - { - Attribute csAttr = (Attribute)csAttrs.get(i); - if (csAttr.getAttrValues().size() < 1) - { - throw new CMSException("A countersignature attribute MUST contain at least one AttributeValue"); - } - - // Note: We don't recursively validate the countersignature value - } - } - } - - try - { - if (signedAttributeSet == null && resultDigest != null) - { - if (contentVerifier instanceof RawContentVerifier) - { - RawContentVerifier rawVerifier = (RawContentVerifier)contentVerifier; - - if (encName.equals("RSA")) - { - DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.getAlgorithm(), DERNull.INSTANCE), resultDigest); - - return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature()); - } - - return rawVerifier.verify(resultDigest, this.getSignature()); - } - } - - return contentVerifier.verify(this.getSignature()); - } - catch (IOException e) - { - throw new CMSException("can't process mime object to create signature.", e); - } - } - - /** - * Verify that the given verifier can successfully verify the signature on - * this SignerInformation object. - * - * @param verifier a suitably configured SignerInformationVerifier. - * @return true if the signer information is verified, false otherwise. - * @throws org.bouncycastle.cms.CMSVerifierCertificateNotValidException if the provider has an associated certificate and the certificate is not valid at the time given as the SignerInfo's signing time. - * @throws org.bouncycastle.cms.CMSException if the verifier is unable to create a ContentVerifiers or DigestCalculators. - */ - public boolean verify(SignerInformationVerifier verifier) - throws CMSException - { - Time signingTime = getSigningTime(); // has to be validated if present. - - if (verifier.hasAssociatedCertificate()) - { - if (signingTime != null) - { - X509CertificateHolder dcv = verifier.getAssociatedCertificate(); - - if (!dcv.isValidOn(signingTime.getDate())) - { - throw new CMSVerifierCertificateNotValidException("verifier not valid at signingTime"); - } - } - } - - return doVerify(verifier); - } - - /** - * Return the underlying ASN.1 object defining this SignerInformation object. - * - * @return a SignerInfo. - */ - public SignerInfo toASN1Structure() - { - return info; - } - - private ASN1Primitive getSingleValuedSignedAttribute( - ASN1ObjectIdentifier attrOID, String printableName) - throws CMSException - { - AttributeTable unsignedAttrTable = this.getUnsignedAttributes(); - if (unsignedAttrTable != null - && unsignedAttrTable.getAll(attrOID).size() > 0) - { - throw new CMSException("The " + printableName - + " attribute MUST NOT be an unsigned attribute"); - } - - AttributeTable signedAttrTable = this.getSignedAttributes(); - if (signedAttrTable == null) - { - return null; - } - - ASN1EncodableVector v = signedAttrTable.getAll(attrOID); - switch (v.size()) - { - case 0: - return null; - case 1: - { - Attribute t = (Attribute)v.get(0); - ASN1Set attrValues = t.getAttrValues(); - if (attrValues.size() != 1) - { - throw new CMSException("A " + printableName - + " attribute MUST have a single attribute value"); - } - - return attrValues.getObjectAt(0).toASN1Primitive(); - } - default: - throw new CMSException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the " - + printableName + " attribute"); - } - } - - private Time getSigningTime() throws CMSException - { - ASN1Primitive validSigningTime = getSingleValuedSignedAttribute( - CMSAttributes.signingTime, "signing-time"); - - if (validSigningTime == null) - { - return null; - } - - try - { - return Time.getInstance(validSigningTime); - } - catch (IllegalArgumentException e) - { - throw new CMSException("signing-time attribute value not a valid 'Time' structure"); - } - } - - /** - * Return a signer information object with the passed in unsigned - * attributes replacing the ones that are current associated with - * the object passed in. - * - * @param signerInformation the signerInfo to be used as the basis. - * @param unsignedAttributes the unsigned attributes to add. - * @return a copy of the original SignerInformationObject with the changed attributes. - */ - public static SignerInformation replaceUnsignedAttributes( - SignerInformation signerInformation, - AttributeTable unsignedAttributes) - { - SignerInfo sInfo = signerInformation.info; - ASN1Set unsignedAttr = null; - - if (unsignedAttributes != null) - { - unsignedAttr = new DERSet(unsignedAttributes.toASN1EncodableVector()); - } - - return new SignerInformation( - new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(), - sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), unsignedAttr), - signerInformation.contentType, signerInformation.content, null); - } - - /** - * Return a signer information object with passed in SignerInformationStore representing counter - * signatures attached as an unsigned attribute. - * - * @param signerInformation the signerInfo to be used as the basis. - * @param counterSigners signer info objects carrying counter signature. - * @return a copy of the original SignerInformationObject with the changed attributes. - */ - public static SignerInformation addCounterSigners( - SignerInformation signerInformation, - SignerInformationStore counterSigners) - { - // TODO Perform checks from RFC 3852 11.4 - - SignerInfo sInfo = signerInformation.info; - AttributeTable unsignedAttr = signerInformation.getUnsignedAttributes(); - ASN1EncodableVector v; - - if (unsignedAttr != null) - { - v = unsignedAttr.toASN1EncodableVector(); - } - else - { - v = new ASN1EncodableVector(); - } - - ASN1EncodableVector sigs = new ASN1EncodableVector(); - - for (Iterator it = counterSigners.getSigners().iterator(); it.hasNext();) - { - sigs.add(((SignerInformation)it.next()).toASN1Structure()); - } - - v.add(new Attribute(CMSAttributes.counterSignature, new DERSet(sigs))); - - return new SignerInformation( - new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(), - sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), new DERSet(v)), - signerInformation.contentType, signerInformation.content, null); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java b/pkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java deleted file mode 100644 index b65ab5ea..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java +++ /dev/null @@ -1,109 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -public class SignerInformationStore -{ - private List all = new ArrayList(); - private Map table = new HashMap(); - - public SignerInformationStore( - Collection signerInfos) - { - Iterator it = signerInfos.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - SignerId sid = signer.getSID(); - - List list = (ArrayList)table.get(sid); - if (list == null) - { - list = new ArrayList(1); - table.put(sid, list); - } - - list.add(signer); - } - - this.all = new ArrayList(signerInfos); - } - - /** - * Return the first SignerInformation object that matches the - * passed in selector. Null if there are no matches. - * - * @param selector to identify a signer - * @return a single SignerInformation object. Null if none matches. - */ - public SignerInformation get( - SignerId selector) - { - Collection list = getSigners(selector); - - return list.size() == 0 ? null : (SignerInformation) list.iterator().next(); - } - - /** - * Return the number of signers in the collection. - * - * @return number of signers identified. - */ - public int size() - { - return all.size(); - } - - /** - * Return all signers in the collection - * - * @return a collection of signers. - */ - public Collection getSigners() - { - return new ArrayList(all); - } - - /** - * Return possible empty collection with signers matching the passed in SignerId - * - * @param selector a signer id to select against. - * @return a collection of SignerInformation objects. - */ - public Collection getSigners( - SignerId selector) - { - if (selector.getIssuer() != null && selector.getSubjectKeyIdentifier() != null) - { - List results = new ArrayList(); - - Collection match1 = getSigners(new SignerId(selector.getIssuer(), selector.getSerialNumber())); - - if (match1 != null) - { - results.addAll(match1); - } - - Collection match2 = getSigners(new SignerId(selector.getSubjectKeyIdentifier())); - - if (match2 != null) - { - results.addAll(match2); - } - - return results; - } - else - { - List list = (ArrayList)table.get(selector); - - return list == null ? new ArrayList() : new ArrayList(list); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/SignerInformationVerifier.java b/pkix/src/main/java/org/bouncycastle/cms/SignerInformationVerifier.java deleted file mode 100644 index ada4d0ea..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/SignerInformationVerifier.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.ContentVerifier; -import org.bouncycastle.operator.ContentVerifierProvider; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; - -public class SignerInformationVerifier -{ - private ContentVerifierProvider verifierProvider; - private DigestCalculatorProvider digestProvider; - private SignatureAlgorithmIdentifierFinder sigAlgorithmFinder; - private CMSSignatureAlgorithmNameGenerator sigNameGenerator; - - public SignerInformationVerifier(CMSSignatureAlgorithmNameGenerator sigNameGenerator, SignatureAlgorithmIdentifierFinder sigAlgorithmFinder, ContentVerifierProvider verifierProvider, DigestCalculatorProvider digestProvider) - { - this.sigNameGenerator = sigNameGenerator; - this.sigAlgorithmFinder = sigAlgorithmFinder; - this.verifierProvider = verifierProvider; - this.digestProvider = digestProvider; - } - - public boolean hasAssociatedCertificate() - { - return verifierProvider.hasAssociatedCertificate(); - } - - public X509CertificateHolder getAssociatedCertificate() - { - return verifierProvider.getAssociatedCertificate(); - } - - public ContentVerifier getContentVerifier(AlgorithmIdentifier signingAlgorithm, AlgorithmIdentifier digestAlgorithm) - throws OperatorCreationException - { - String signatureName = sigNameGenerator.getSignatureName(digestAlgorithm, signingAlgorithm); - - return verifierProvider.get(sigAlgorithmFinder.find(signatureName)); - } - - public DigestCalculator getDigestCalculator(AlgorithmIdentifier algorithmIdentifier) - throws OperatorCreationException - { - return digestProvider.get(algorithmIdentifier); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/SignerInformationVerifierProvider.java b/pkix/src/main/java/org/bouncycastle/cms/SignerInformationVerifierProvider.java deleted file mode 100644 index 5568b0ec..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/SignerInformationVerifierProvider.java +++ /dev/null @@ -1,16 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.operator.OperatorCreationException; - -public interface SignerInformationVerifierProvider -{ - /** - * Return a SignerInformationVerifierProvider suitable for the passed in SID. - * - * @param sid the SignerId we are trying to match for. - * @return a verifier if one is available, null otherwise. - * @throws OperatorCreationException if creation of the verifier fails when it should suceed. - */ - public SignerInformationVerifier get(SignerId sid) - throws OperatorCreationException; -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/SimpleAttributeTableGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/SimpleAttributeTableGenerator.java deleted file mode 100644 index f182431f..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/SimpleAttributeTableGenerator.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.cms.AttributeTable; - -import java.util.Map; - -/** - * Basic generator that just returns a preconstructed attribute table - */ -public class SimpleAttributeTableGenerator - implements CMSAttributeTableGenerator -{ - private final AttributeTable attributes; - - public SimpleAttributeTableGenerator( - AttributeTable attributes) - { - this.attributes = attributes; - } - - public AttributeTable getAttributes(Map parameters) - { - return attributes; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcCMSContentEncryptorBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcCMSContentEncryptorBuilder.java deleted file mode 100644 index a12c66b3..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcCMSContentEncryptorBuilder.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.cms.bc; - -import java.io.OutputStream; -import java.security.SecureRandom; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSAlgorithm; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.StreamCipher; -import org.bouncycastle.crypto.io.CipherOutputStream; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OutputEncryptor; -import org.bouncycastle.util.Integers; - -public class BcCMSContentEncryptorBuilder -{ - private static Map keySizes = new HashMap(); - - static - { - keySizes.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(128)); - keySizes.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(192)); - keySizes.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(256)); - - keySizes.put(CMSAlgorithm.CAMELLIA128_CBC, Integers.valueOf(128)); - keySizes.put(CMSAlgorithm.CAMELLIA192_CBC, Integers.valueOf(192)); - keySizes.put(CMSAlgorithm.CAMELLIA256_CBC, Integers.valueOf(256)); - } - - private static int getKeySize(ASN1ObjectIdentifier oid) - { - Integer size = (Integer)keySizes.get(oid); - - if (size != null) - { - return size.intValue(); - } - - return -1; - } - - private final ASN1ObjectIdentifier encryptionOID; - private final int keySize; - - private EnvelopedDataHelper helper = new EnvelopedDataHelper(); - private SecureRandom random; - - public BcCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID) - { - this(encryptionOID, getKeySize(encryptionOID)); - } - - public BcCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize) - { - this.encryptionOID = encryptionOID; - this.keySize = keySize; - } - - public BcCMSContentEncryptorBuilder setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public OutputEncryptor build() - throws CMSException - { - return new CMSOutputEncryptor(encryptionOID, keySize, random); - } - - private class CMSOutputEncryptor - implements OutputEncryptor - { - private KeyParameter encKey; - private AlgorithmIdentifier algorithmIdentifier; - private Object cipher; - - CMSOutputEncryptor(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) - throws CMSException - { - if (random == null) - { - random = new SecureRandom(); - } - - CipherKeyGenerator keyGen = helper.createKeyGenerator(encryptionOID, random); - - encKey = new KeyParameter(keyGen.generateKey()); - - algorithmIdentifier = helper.generateAlgorithmIdentifier(encryptionOID, encKey, random); - - cipher = helper.createContentCipher(true, encKey, algorithmIdentifier); - } - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithmIdentifier; - } - - public OutputStream getOutputStream(OutputStream dOut) - { - if (cipher instanceof BufferedBlockCipher) - { - return new CipherOutputStream(dOut, (BufferedBlockCipher)cipher); - } - else - { - return new CipherOutputStream(dOut, (StreamCipher)cipher); - } - } - - public GenericKey getKey() - { - return new GenericKey(algorithmIdentifier, encKey.getKey()); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKEnvelopedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKEnvelopedRecipient.java deleted file mode 100644 index 5641d82b..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKEnvelopedRecipient.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.cms.bc; - -import java.io.InputStream; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.StreamCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.operator.InputDecryptor; -import org.bouncycastle.operator.bc.BcSymmetricKeyUnwrapper; - -public class BcKEKEnvelopedRecipient - extends BcKEKRecipient -{ - public BcKEKEnvelopedRecipient(BcSymmetricKeyUnwrapper unwrapper) - { - super(unwrapper); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException - { - KeyParameter secretKey = (KeyParameter)extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey); - - final Object dataCipher = EnvelopedDataHelper.createContentCipher(false, secretKey, contentEncryptionAlgorithm); - - return new RecipientOperator(new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataOut) - { - if (dataCipher instanceof BufferedBlockCipher) - { - return new org.bouncycastle.crypto.io.CipherInputStream(dataOut, (BufferedBlockCipher)dataCipher); - } - else - { - return new org.bouncycastle.crypto.io.CipherInputStream(dataOut, (StreamCipher)dataCipher); - } - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKRecipient.java deleted file mode 100644 index a7d5eb76..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKRecipient.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.bouncycastle.cms.bc; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.KEKRecipient; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.operator.OperatorException; -import org.bouncycastle.operator.SymmetricKeyUnwrapper; -import org.bouncycastle.operator.bc.BcSymmetricKeyUnwrapper; - -public abstract class BcKEKRecipient - implements KEKRecipient -{ - private SymmetricKeyUnwrapper unwrapper; - - public BcKEKRecipient(BcSymmetricKeyUnwrapper unwrapper) - { - this.unwrapper = unwrapper; - } - - protected CipherParameters extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException - { - try - { - return CMSUtils.getBcKey(unwrapper.generateUnwrappedKey(contentEncryptionAlgorithm, encryptedContentEncryptionKey)); - } - catch (OperatorException e) - { - throw new CMSException("exception unwrapping key: " + e.getMessage(), e); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKRecipientInfoGenerator.java deleted file mode 100644 index 309ad64b..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKEKRecipientInfoGenerator.java +++ /dev/null @@ -1,19 +0,0 @@ -package org.bouncycastle.cms.bc; - -import org.bouncycastle.asn1.cms.KEKIdentifier; -import org.bouncycastle.cms.KEKRecipientInfoGenerator; -import org.bouncycastle.operator.bc.BcSymmetricKeyWrapper; - -public class BcKEKRecipientInfoGenerator - extends KEKRecipientInfoGenerator -{ - public BcKEKRecipientInfoGenerator(KEKIdentifier kekIdentifier, BcSymmetricKeyWrapper kekWrapper) - { - super(kekIdentifier, kekWrapper); - } - - public BcKEKRecipientInfoGenerator(byte[] keyIdentifier, BcSymmetricKeyWrapper kekWrapper) - { - this(new KEKIdentifier(keyIdentifier, null, null), kekWrapper); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipient.java deleted file mode 100644 index 8c698853..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipient.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.cms.bc; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.KeyTransRecipient; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.operator.AsymmetricKeyUnwrapper; -import org.bouncycastle.operator.OperatorException; -import org.bouncycastle.operator.bc.BcRSAAsymmetricKeyUnwrapper; - -public abstract class BcKeyTransRecipient - implements KeyTransRecipient -{ - private AsymmetricKeyParameter recipientKey; - - public BcKeyTransRecipient(AsymmetricKeyParameter recipientKey) - { - this.recipientKey = recipientKey; - } - - protected CipherParameters extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey) - throws CMSException - { - AsymmetricKeyUnwrapper unwrapper = new BcRSAAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, recipientKey); - - try - { - return CMSUtils.getBcKey(unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedEncryptionKey)); - } - catch (OperatorException e) - { - throw new CMSException("exception unwrapping key: " + e.getMessage(), e); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipientInfoGenerator.java deleted file mode 100644 index eebbbda4..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcKeyTransRecipientInfoGenerator.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.cms.bc; - -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.KeyTransRecipientInfoGenerator; -import org.bouncycastle.operator.bc.BcAsymmetricKeyWrapper; - -public abstract class BcKeyTransRecipientInfoGenerator - extends KeyTransRecipientInfoGenerator -{ - public BcKeyTransRecipientInfoGenerator(X509CertificateHolder recipientCert, BcAsymmetricKeyWrapper wrapper) - { - super(new IssuerAndSerialNumber(recipientCert.toASN1Structure()), wrapper); - } - - public BcKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, BcAsymmetricKeyWrapper wrapper) - { - super(subjectKeyIdentifier, wrapper); - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordEnvelopedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordEnvelopedRecipient.java deleted file mode 100644 index d3d38cf6..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordEnvelopedRecipient.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.cms.bc; - -import java.io.InputStream; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.StreamCipher; -import org.bouncycastle.crypto.io.CipherInputStream; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.operator.InputDecryptor; - -public class BcPasswordEnvelopedRecipient - extends BcPasswordRecipient -{ - public BcPasswordEnvelopedRecipient(char[] password) - { - super(password); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) - throws CMSException - { - KeyParameter secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, derivedKey, encryptedContentEncryptionKey); - - final Object dataCipher = EnvelopedDataHelper.createContentCipher(false, secretKey, contentEncryptionAlgorithm); - - return new RecipientOperator(new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataOut) - { - if (dataCipher instanceof BufferedBlockCipher) - { - return new CipherInputStream(dataOut, (BufferedBlockCipher)dataCipher); - } - else - { - return new CipherInputStream(dataOut, (StreamCipher)dataCipher); - } - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java deleted file mode 100644 index 50f9c6c0..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.cms.bc; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.PasswordRecipient; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using a password. - */ -public abstract class BcPasswordRecipient - implements PasswordRecipient -{ - private int schemeID = PasswordRecipient.PKCS5_SCHEME2_UTF8; - private char[] password; - - BcPasswordRecipient( - char[] password) - { - this.password = password; - } - - public BcPasswordRecipient setPasswordConversionScheme(int schemeID) - { - this.schemeID = schemeID; - - return this; - } - - protected KeyParameter extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) - throws CMSException - { - Wrapper keyEncryptionCipher = EnvelopedDataHelper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); - - keyEncryptionCipher.init(false, new ParametersWithIV(new KeyParameter(derivedKey), ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets())); - - try - { - return new KeyParameter(keyEncryptionCipher.unwrap(encryptedContentEncryptionKey, 0, encryptedContentEncryptionKey.length)); - } - catch (InvalidCipherTextException e) - { - throw new CMSException("unable to unwrap key: " + e.getMessage(), e); - } - } - - public byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) - throws CMSException - { - PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); - - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); - - return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - } - - public int getPasswordConversionScheme() - { - return schemeID; - } - - public char[] getPassword() - { - return password; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java deleted file mode 100644 index 6e1bfdb7..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.cms.bc; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.PasswordRecipientInfoGenerator; -import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.operator.GenericKey; - -public class BcPasswordRecipientInfoGenerator - extends PasswordRecipientInfoGenerator -{ - public BcPasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password) - { - super(kekAlgorithm, password); - } - - protected byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) - throws CMSException - { - PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); - - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); - - return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - } - - public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) - throws CMSException - { - byte[] contentEncryptionKeySpec = ((KeyParameter)CMSUtils.getBcKey(contentEncryptionKey)).getKey(); - Wrapper keyEncryptionCipher = EnvelopedDataHelper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); - - keyEncryptionCipher.init(true, new ParametersWithIV(new KeyParameter(derivedKey), ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets())); - - return keyEncryptionCipher.wrap(contentEncryptionKeySpec, 0, contentEncryptionKeySpec.length); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransEnvelopedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransEnvelopedRecipient.java deleted file mode 100644 index ed933fe6..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransEnvelopedRecipient.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.cms.bc; - -import java.io.InputStream; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.StreamCipher; -import org.bouncycastle.crypto.io.CipherInputStream; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.operator.InputDecryptor; - -public class BcRSAKeyTransEnvelopedRecipient - extends BcKeyTransRecipient -{ - public BcRSAKeyTransEnvelopedRecipient(AsymmetricKeyParameter key) - { - super(key); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException - { - CipherParameters secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey); - - final Object dataCipher = EnvelopedDataHelper.createContentCipher(false, secretKey, contentEncryptionAlgorithm); - - return new RecipientOperator(new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataIn) - { - if (dataCipher instanceof BufferedBlockCipher) - { - return new CipherInputStream(dataIn, (BufferedBlockCipher)dataCipher); - } - else - { - return new CipherInputStream(dataIn, (StreamCipher)dataCipher); - } - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransRecipientInfoGenerator.java deleted file mode 100644 index b571b9ae..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSAKeyTransRecipientInfoGenerator.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.cms.bc; - -import java.io.IOException; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.operator.bc.BcRSAAsymmetricKeyWrapper; - -public class BcRSAKeyTransRecipientInfoGenerator - extends BcKeyTransRecipientInfoGenerator -{ - public BcRSAKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, AlgorithmIdentifier encAlgId, AsymmetricKeyParameter publicKey) - { - super(subjectKeyIdentifier, new BcRSAAsymmetricKeyWrapper(encAlgId, publicKey)); - } - - public BcRSAKeyTransRecipientInfoGenerator(X509CertificateHolder recipientCert) - throws IOException - { - super(recipientCert, new BcRSAAsymmetricKeyWrapper(recipientCert.getSubjectPublicKeyInfo().getAlgorithmId(), recipientCert.getSubjectPublicKeyInfo())); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSASignerInfoVerifierBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSASignerInfoVerifierBuilder.java deleted file mode 100644 index 93abd65e..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcRSASignerInfoVerifierBuilder.java +++ /dev/null @@ -1,39 +0,0 @@ -package org.bouncycastle.cms.bc; - -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.CMSSignatureAlgorithmNameGenerator; -import org.bouncycastle.cms.SignerInformationVerifier; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; -import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder; - -public class BcRSASignerInfoVerifierBuilder -{ - private BcRSAContentVerifierProviderBuilder contentVerifierProviderBuilder; - private DigestCalculatorProvider digestCalculatorProvider; - private CMSSignatureAlgorithmNameGenerator sigAlgNameGen; - private SignatureAlgorithmIdentifierFinder sigAlgIdFinder; - - public BcRSASignerInfoVerifierBuilder(CMSSignatureAlgorithmNameGenerator sigAlgNameGen, SignatureAlgorithmIdentifierFinder sigAlgIdFinder, DigestAlgorithmIdentifierFinder digestAlgorithmFinder, DigestCalculatorProvider digestCalculatorProvider) - { - this.sigAlgNameGen = sigAlgNameGen; - this.sigAlgIdFinder = sigAlgIdFinder; - this.contentVerifierProviderBuilder = new BcRSAContentVerifierProviderBuilder(digestAlgorithmFinder); - this.digestCalculatorProvider = digestCalculatorProvider; - } - - public SignerInformationVerifier build(X509CertificateHolder certHolder) - throws OperatorCreationException - { - return new SignerInformationVerifier(sigAlgNameGen, sigAlgIdFinder, contentVerifierProviderBuilder.build(certHolder), digestCalculatorProvider); - } - - public SignerInformationVerifier build(AsymmetricKeyParameter pubKey) - throws OperatorCreationException - { - return new SignerInformationVerifier(sigAlgNameGen, sigAlgIdFinder, contentVerifierProviderBuilder.build(pubKey), digestCalculatorProvider); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/CMSUtils.java b/pkix/src/main/java/org/bouncycastle/cms/bc/CMSUtils.java deleted file mode 100644 index 8beb36a1..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/CMSUtils.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.cms.bc; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.operator.GenericKey; - -class CMSUtils -{ - static CipherParameters getBcKey(GenericKey key) - { - if (key.getRepresentation() instanceof CipherParameters) - { - return (CipherParameters)key.getRepresentation(); - } - - if (key.getRepresentation() instanceof byte[]) - { - return new KeyParameter((byte[])key.getRepresentation()); - } - - throw new IllegalArgumentException("unknown generic key type"); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/EnvelopedDataHelper.java b/pkix/src/main/java/org/bouncycastle/cms/bc/EnvelopedDataHelper.java deleted file mode 100644 index bb7c3cd6..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/EnvelopedDataHelper.java +++ /dev/null @@ -1,378 +0,0 @@ -package org.bouncycastle.cms.bc; - -import java.security.SecureRandom; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; -import org.bouncycastle.asn1.misc.CAST5CBCParameters; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSAlgorithm; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.StreamCipher; -import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.engines.AESEngine; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.engines.RC4Engine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -import org.bouncycastle.crypto.generators.DESKeyGenerator; -import org.bouncycastle.crypto.generators.DESedeKeyGenerator; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.PKCS7Padding; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.RC2Parameters; - -class EnvelopedDataHelper -{ - protected static final Map BASE_CIPHER_NAMES = new HashMap(); - protected static final Map CIPHER_ALG_NAMES = new HashMap(); - protected static final Map MAC_ALG_NAMES = new HashMap(); - - static - { - BASE_CIPHER_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES128_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES192_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES256_CBC, "AES"); - - CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.rsaEncryption.getId()), "RSA/ECB/PKCS1Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAST5_CBC, "CAST5/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA128_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED/CBC/PKCS5Padding"); - - MAC_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDEMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2Mac"); - } - - private static final short[] rc2Table = { - 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - }; - - private static final short[] rc2Ekb = { - 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - }; - - EnvelopedDataHelper() - { - } - - String getBaseCipherName(ASN1ObjectIdentifier algorithm) - { - String name = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (name == null) - { - return algorithm.getId(); - } - - return name; - } - - static BufferedBlockCipher createCipher(ASN1ObjectIdentifier algorithm) - throws CMSException - { - BlockCipher cipher; - - if (NISTObjectIdentifiers.id_aes128_CBC.equals(algorithm) - || NISTObjectIdentifiers.id_aes192_CBC.equals(algorithm) - || NISTObjectIdentifiers.id_aes256_CBC.equals(algorithm)) - { - cipher = new CBCBlockCipher(new AESEngine()); - } - else if (PKCSObjectIdentifiers.des_EDE3_CBC.equals(algorithm)) - { - cipher = new CBCBlockCipher(new DESedeEngine()); - } - else if (OIWObjectIdentifiers.desCBC.equals(algorithm)) - { - cipher = new CBCBlockCipher(new DESEngine()); - } - else if (PKCSObjectIdentifiers.RC2_CBC.equals(algorithm)) - { - cipher = new CBCBlockCipher(new RC2Engine()); - } - else - { - throw new CMSException("cannot recognise cipher: " + algorithm); - } - - return new PaddedBufferedBlockCipher(cipher, new PKCS7Padding()); - } - - static Wrapper createRFC3211Wrapper(ASN1ObjectIdentifier algorithm) - throws CMSException - { - if (NISTObjectIdentifiers.id_aes128_CBC.equals(algorithm) - || NISTObjectIdentifiers.id_aes192_CBC.equals(algorithm) - || NISTObjectIdentifiers.id_aes256_CBC.equals(algorithm)) - { - return new RFC3211WrapEngine(new AESEngine()); - } - else if (PKCSObjectIdentifiers.des_EDE3_CBC.equals(algorithm)) - { - return new RFC3211WrapEngine(new DESedeEngine()); - } - else if (OIWObjectIdentifiers.desCBC.equals(algorithm)) - { - return new RFC3211WrapEngine(new DESEngine()); - } - else if (PKCSObjectIdentifiers.RC2_CBC.equals(algorithm)) - { - return new RFC3211WrapEngine(new RC2Engine()); - } - else - { - throw new CMSException("cannot recognise wrapper: " + algorithm); - } - } - - static Object createContentCipher(boolean forEncryption, CipherParameters encKey, AlgorithmIdentifier encryptionAlgID) - throws CMSException - { - ASN1ObjectIdentifier encAlg = encryptionAlgID.getAlgorithm(); - - if (encAlg.equals(PKCSObjectIdentifiers.rc4)) - { - StreamCipher cipher = new RC4Engine(); - - cipher.init(forEncryption, encKey); - - return cipher; - } - else - { - BufferedBlockCipher cipher = createCipher(encryptionAlgID.getAlgorithm()); - ASN1Primitive sParams = encryptionAlgID.getParameters().toASN1Primitive(); - - if (sParams != null && !(sParams instanceof ASN1Null)) - { - if (encAlg.equals(CMSAlgorithm.DES_EDE3_CBC) - || encAlg.equals(CMSAlgorithm.IDEA_CBC) - || encAlg.equals(CMSAlgorithm.AES128_CBC) - || encAlg.equals(CMSAlgorithm.AES192_CBC) - || encAlg.equals(CMSAlgorithm.AES256_CBC) - || encAlg.equals(CMSAlgorithm.CAMELLIA128_CBC) - || encAlg.equals(CMSAlgorithm.CAMELLIA192_CBC) - || encAlg.equals(CMSAlgorithm.CAMELLIA256_CBC) - || encAlg.equals(CMSAlgorithm.SEED_CBC) - || encAlg.equals(OIWObjectIdentifiers.desCBC)) - { - cipher.init(forEncryption, new ParametersWithIV(encKey, - ASN1OctetString.getInstance(sParams).getOctets())); - } - else if (encAlg.equals(CMSAlgorithm.CAST5_CBC)) - { - CAST5CBCParameters cbcParams = CAST5CBCParameters.getInstance(sParams); - - cipher.init(forEncryption, new ParametersWithIV(encKey, cbcParams.getIV())); - } - else if (encAlg.equals(CMSAlgorithm.RC2_CBC)) - { - RC2CBCParameter cbcParams = RC2CBCParameter.getInstance(sParams); - - cipher.init(forEncryption, new ParametersWithIV(new RC2Parameters(((KeyParameter)encKey).getKey(), rc2Ekb[cbcParams.getRC2ParameterVersion().intValue()]), cbcParams.getIV())); - } - else - { - throw new CMSException("cannot match parameters"); - } - } - else - { - if (encAlg.equals(CMSAlgorithm.DES_EDE3_CBC) - || encAlg.equals(CMSAlgorithm.IDEA_CBC) - || encAlg.equals(CMSAlgorithm.CAST5_CBC)) - { - cipher.init(forEncryption, new ParametersWithIV(encKey, new byte[8])); - } - else - { - cipher.init(forEncryption, encKey); - } - } - - return cipher; - } - } - - AlgorithmIdentifier generateAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, CipherParameters encKey, SecureRandom random) - throws CMSException - { - if (encryptionOID.equals(CMSAlgorithm.AES128_CBC) - || encryptionOID.equals(CMSAlgorithm.AES192_CBC) - || encryptionOID.equals(CMSAlgorithm.AES256_CBC) - || encryptionOID.equals(CMSAlgorithm.CAMELLIA128_CBC) - || encryptionOID.equals(CMSAlgorithm.CAMELLIA192_CBC) - || encryptionOID.equals(CMSAlgorithm.CAMELLIA256_CBC) - || encryptionOID.equals(CMSAlgorithm.SEED_CBC)) - { - byte[] iv = new byte[16]; - - random.nextBytes(iv); - - return new AlgorithmIdentifier(encryptionOID, new DEROctetString(iv)); - } - else if (encryptionOID.equals(CMSAlgorithm.DES_EDE3_CBC) - || encryptionOID.equals(CMSAlgorithm.IDEA_CBC) - || encryptionOID.equals(OIWObjectIdentifiers.desCBC)) - { - byte[] iv = new byte[8]; - - random.nextBytes(iv); - - return new AlgorithmIdentifier(encryptionOID, new DEROctetString(iv)); - } - else if (encryptionOID.equals(CMSAlgorithm.CAST5_CBC)) - { - byte[] iv = new byte[8]; - - random.nextBytes(iv); - - CAST5CBCParameters cbcParams = new CAST5CBCParameters(iv, ((KeyParameter)encKey).getKey().length * 8); - - return new AlgorithmIdentifier(encryptionOID, cbcParams); - } - else if (encryptionOID.equals(PKCSObjectIdentifiers.rc4)) - { - return new AlgorithmIdentifier(encryptionOID, DERNull.INSTANCE); - } - else - { - throw new CMSException("unable to match algorithm"); - } - } - - CipherKeyGenerator createKeyGenerator(ASN1ObjectIdentifier algorithm, SecureRandom random) - throws CMSException - { - if (NISTObjectIdentifiers.id_aes128_CBC.equals(algorithm)) - { - return createCipherKeyGenerator(random, 128); - } - else if (NISTObjectIdentifiers.id_aes192_CBC.equals(algorithm)) - { - return createCipherKeyGenerator(random, 192); - } - else if (NISTObjectIdentifiers.id_aes256_CBC.equals(algorithm)) - { - return createCipherKeyGenerator(random, 256); - } - else if (PKCSObjectIdentifiers.des_EDE3_CBC.equals(algorithm)) - { - DESedeKeyGenerator keyGen = new DESedeKeyGenerator(); - - keyGen.init(new KeyGenerationParameters(random, 192)); - - return keyGen; - } - else if (NTTObjectIdentifiers.id_camellia128_cbc.equals(algorithm)) - { - return createCipherKeyGenerator(random, 128); - } - else if (NTTObjectIdentifiers.id_camellia192_cbc.equals(algorithm)) - { - return createCipherKeyGenerator(random, 192); - } - else if (NTTObjectIdentifiers.id_camellia256_cbc.equals(algorithm)) - { - return createCipherKeyGenerator(random, 256); - } - else if (KISAObjectIdentifiers.id_seedCBC.equals(algorithm)) - { - return createCipherKeyGenerator(random, 128); - } - else if (CMSAlgorithm.CAST5_CBC.equals(algorithm)) - { - return createCipherKeyGenerator(random, 128); - } - else if (OIWObjectIdentifiers.desCBC.equals(algorithm)) - { - DESKeyGenerator keyGen = new DESKeyGenerator(); - - keyGen.init(new KeyGenerationParameters(random, 64)); - - return keyGen; - } - else if (PKCSObjectIdentifiers.rc4.equals(algorithm)) - { - return createCipherKeyGenerator(random, 128); - } -// else if (PKCSObjectIdentifiers.RC2_CBC.equals(algorithm)) -// { -// cipher = new CBCBlockCipher(new RC2Engine()); -// } - else - { - throw new CMSException("cannot recognise cipher: " + algorithm); - } - - } - - private CipherKeyGenerator createCipherKeyGenerator(SecureRandom random, int keySize) - { - CipherKeyGenerator keyGen = new CipherKeyGenerator(); - - keyGen.init(new KeyGenerationParameters(random, keySize)); - - return keyGen; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java deleted file mode 100644 index 1596caee..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.Provider; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.jcajce.util.JcaJceUtils; - -class CMSUtils -{ - static TBSCertificateStructure getTBSCertificateStructure( - X509Certificate cert) - throws CertificateEncodingException - { - return TBSCertificateStructure.getInstance(cert.getTBSCertificate()); - } - - static IssuerAndSerialNumber getIssuerAndSerialNumber(X509Certificate cert) - throws CertificateEncodingException - { - Certificate certStruct = Certificate.getInstance(cert.getEncoded()); - - return new IssuerAndSerialNumber(certStruct.getIssuer(), cert.getSerialNumber()); - } - - - static byte[] getSubjectKeyId(X509Certificate cert) - { - byte[] ext = cert.getExtensionValue(Extension.subjectKeyIdentifier.getId()); - - if (ext != null) - { - return ASN1OctetString.getInstance(ASN1OctetString.getInstance(ext).getOctets()).getOctets(); - } - else - { - return null; - } - } - - static EnvelopedDataHelper createContentHelper(Provider provider) - { - if (provider != null) - { - return new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - } - else - { - return new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - } - } - - static EnvelopedDataHelper createContentHelper(String providerName) - { - if (providerName != null) - { - return new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - } - else - { - return new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - } - } - - static ASN1Encodable extractParameters(AlgorithmParameters params) - throws CMSException - { - try - { - return JcaJceUtils.extractParameters(params); - } - catch (IOException e) - { - throw new CMSException("cannot extract parameters: " + e.getMessage(), e); - } - } - - static void loadParameters(AlgorithmParameters params, ASN1Encodable sParams) - throws CMSException - { - try - { - JcaJceUtils.loadParameters(params, sParams); - } - catch (IOException e) - { - throw new CMSException("error encoding algorithm parameters.", e); - } - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/DefaultJcaJceExtHelper.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/DefaultJcaJceExtHelper.java deleted file mode 100644 index c6cd8257..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/DefaultJcaJceExtHelper.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.PrivateKey; - -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.operator.SymmetricKeyUnwrapper; -import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; -import org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper; - -class DefaultJcaJceExtHelper - extends DefaultJcaJceHelper - implements JcaJceExtHelper -{ - public JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey) - { - return new JceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey); - } - - public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey) - { - return new JceSymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java deleted file mode 100644 index b0810515..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java +++ /dev/null @@ -1,668 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.util.HashMap; -import java.util.Map; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSAlgorithm; -import org.bouncycastle.cms.CMSEnvelopedDataGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.operator.DefaultSecretKeySizeProvider; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.SecretKeySizeProvider; -import org.bouncycastle.operator.SymmetricKeyUnwrapper; -import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; - -public class EnvelopedDataHelper -{ - protected static final SecretKeySizeProvider KEY_SIZE_PROVIDER = DefaultSecretKeySizeProvider.INSTANCE; - - protected static final Map BASE_CIPHER_NAMES = new HashMap(); - protected static final Map CIPHER_ALG_NAMES = new HashMap(); - protected static final Map MAC_ALG_NAMES = new HashMap(); - - static - { - BASE_CIPHER_NAMES.put(CMSAlgorithm.DES_CBC, "DES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES128_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES192_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES256_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.CAST5_CBC, "CAST5"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA128_CBC, "Camellia"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED"); - BASE_CIPHER_NAMES.put(PKCSObjectIdentifiers.rc4, "RC4"); - - CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_CBC, "DES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(PKCSObjectIdentifiers.rsaEncryption, "RSA/ECB/PKCS1Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAST5_CBC, "CAST5/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA128_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(PKCSObjectIdentifiers.rc4, "RC4"); - - MAC_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDEMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2Mac"); - } - - private static final short[] rc2Table = { - 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - }; - - private static final short[] rc2Ekb = { - 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - }; - - private JcaJceExtHelper helper; - - EnvelopedDataHelper(JcaJceExtHelper helper) - { - this.helper = helper; - } - - String getBaseCipherName(ASN1ObjectIdentifier algorithm) - { - String name = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (name == null) - { - return algorithm.getId(); - } - - return name; - } - - Key getJceKey(GenericKey key) - { - if (key.getRepresentation() instanceof Key) - { - return (Key)key.getRepresentation(); - } - - if (key.getRepresentation() instanceof byte[]) - { - return new SecretKeySpec((byte[])key.getRepresentation(), "ENC"); - } - - throw new IllegalArgumentException("unknown generic key type"); - } - - public Key getJceKey(ASN1ObjectIdentifier algorithm, GenericKey key) - { - if (key.getRepresentation() instanceof Key) - { - return (Key)key.getRepresentation(); - } - - if (key.getRepresentation() instanceof byte[]) - { - return new SecretKeySpec((byte[])key.getRepresentation(), getBaseCipherName(algorithm)); - } - - throw new IllegalArgumentException("unknown generic key type"); - } - - public void keySizeCheck(AlgorithmIdentifier keyAlgorithm, Key key) - throws CMSException - { - int expectedKeySize = EnvelopedDataHelper.KEY_SIZE_PROVIDER.getKeySize(keyAlgorithm); - if (expectedKeySize > 0) - { - byte[] keyEnc = null; - - try - { - keyEnc = key.getEncoded(); - } - catch (Exception e) - { - // ignore - we're using a HSM... - } - - if (keyEnc != null) - { - if (keyEnc.length * 8 != expectedKeySize) - { - throw new CMSException("Expected key size for algorithm OID not found in recipient."); - } - } - } - } - - Cipher createCipher(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String cipherName = (String)CIPHER_ALG_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createCipher(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createCipher(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot create cipher: " + e.getMessage(), e); - } - } - - Mac createMac(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String macName = (String)MAC_ALG_NAMES.get(algorithm); - - if (macName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createMac(macName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createMac(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot create mac: " + e.getMessage(), e); - } - } - - Cipher createRFC3211Wrapper(ASN1ObjectIdentifier algorithm) - throws CMSException - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName == null) - { - throw new CMSException("no name for " + algorithm); - } - - cipherName += "RFC3211Wrap"; - - try - { - return helper.createCipher(cipherName); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot create cipher: " + e.getMessage(), e); - } - } - - KeyAgreement createKeyAgreement(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String agreementName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (agreementName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyAgreement(agreementName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyAgreement(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot create key pair generator: " + e.getMessage(), e); - } - } - - AlgorithmParameterGenerator createAlgorithmParameterGenerator(ASN1ObjectIdentifier algorithm) - throws GeneralSecurityException - { - String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (algorithmName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createAlgorithmParameterGenerator(algorithmName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createAlgorithmParameterGenerator(algorithm.getId()); - } - - public Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID) - throws CMSException - { - return (Cipher)execute(new JCECallback() - { - public Object doInJCE() - throws CMSException, InvalidAlgorithmParameterException, - InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException, - NoSuchPaddingException, NoSuchProviderException - { - Cipher cipher = createCipher(encryptionAlgID.getAlgorithm()); - ASN1Encodable sParams = encryptionAlgID.getParameters(); - String encAlg = encryptionAlgID.getAlgorithm().getId(); - - if (sParams != null && !(sParams instanceof ASN1Null)) - { - try - { - AlgorithmParameters params = createAlgorithmParameters(encryptionAlgID.getAlgorithm()); - - CMSUtils.loadParameters(params, sParams); - - cipher.init(Cipher.DECRYPT_MODE, sKey, params); - } - catch (NoSuchAlgorithmException e) - { - if (encAlg.equals(CMSAlgorithm.DES_CBC.getId()) - || encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES128_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES192_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES256_CBC)) - { - cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec( - ASN1OctetString.getInstance(sParams).getOctets())); - } - else - { - throw e; - } - } - } - else - { - if (encAlg.equals(CMSAlgorithm.DES_CBC.getId()) - || encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.CAST5_CBC)) - { - cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(new byte[8])); - } - else - { - cipher.init(Cipher.DECRYPT_MODE, sKey); - } - } - - return cipher; - } - }); - } - - Mac createContentMac(final Key sKey, final AlgorithmIdentifier macAlgId) - throws CMSException - { - return (Mac)execute(new JCECallback() - { - public Object doInJCE() - throws CMSException, InvalidAlgorithmParameterException, - InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException, - NoSuchPaddingException, NoSuchProviderException - { - Mac mac = createMac(macAlgId.getAlgorithm()); - ASN1Encodable sParams = macAlgId.getParameters(); - String macAlg = macAlgId.getAlgorithm().getId(); - - if (sParams != null && !(sParams instanceof ASN1Null)) - { - try - { - AlgorithmParameters params = createAlgorithmParameters(macAlgId.getAlgorithm()); - - CMSUtils.loadParameters(params, sParams); - - mac.init(sKey, params.getParameterSpec(IvParameterSpec.class)); - } - catch (NoSuchAlgorithmException e) - { - throw e; - } - } - else - { - mac.init(sKey); - } - - return mac; - } - }); - } - - AlgorithmParameters createAlgorithmParameters(ASN1ObjectIdentifier algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (algorithmName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createAlgorithmParameters(algorithmName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createAlgorithmParameters(algorithm.getId()); - } - - - KeyPairGenerator createKeyPairGenerator(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyPairGenerator(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyPairGenerator(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot create key pair generator: " + e.getMessage(), e); - } - } - - public KeyGenerator createKeyGenerator(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyGenerator(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyGenerator(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot create key generator: " + e.getMessage(), e); - } - } - - AlgorithmParameters generateParameters(ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand) - throws CMSException - { - try - { - AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID); - - if (encryptionOID.equals(CMSAlgorithm.RC2_CBC)) - { - byte[] iv = new byte[8]; - - rand.nextBytes(iv); - - try - { - pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CMSException("parameters generation error: " + e, e); - } - } - - return pGen.generateParameters(); - } - catch (NoSuchAlgorithmException e) - { - return null; - } - catch (GeneralSecurityException e) - { - throw new CMSException("exception creating algorithm parameter generator: " + e, e); - } - } - - AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, AlgorithmParameters params) - throws CMSException - { - ASN1Encodable asn1Params; - if (params != null) - { - asn1Params = CMSUtils.extractParameters(params); - } - else - { - asn1Params = DERNull.INSTANCE; - } - - return new AlgorithmIdentifier( - encryptionOID, - asn1Params); - } - - static Object execute(JCECallback callback) throws CMSException - { - try - { - return callback.doInJCE(); - } - catch (NoSuchAlgorithmException e) - { - throw new CMSException("can't find algorithm.", e); - } - catch (InvalidKeyException e) - { - throw new CMSException("key invalid in message.", e); - } - catch (NoSuchProviderException e) - { - throw new CMSException("can't find provider.", e); - } - catch (NoSuchPaddingException e) - { - throw new CMSException("required padding not supported.", e); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CMSException("algorithm parameters invalid.", e); - } - catch (InvalidParameterSpecException e) - { - throw new CMSException("MAC algorithm parameter spec invalid.", e); - } - } - - public KeyFactory createKeyFactory(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyFactory(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyFactory(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot create key factory: " + e.getMessage(), e); - } - } - - public JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey) - { - return helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey); - } - - public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey) - { - return helper.createSymmetricUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey); - } - - public AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier macOID, AlgorithmParameterSpec paramSpec) - { - if (paramSpec instanceof IvParameterSpec) - { - return new AlgorithmIdentifier(macOID, new DEROctetString(((IvParameterSpec)paramSpec).getIV())); - } - - if (paramSpec instanceof RC2ParameterSpec) - { - RC2ParameterSpec rc2Spec = (RC2ParameterSpec)paramSpec; - - int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); - - if (effKeyBits != -1) - { - int parameterVersion; - - if (effKeyBits < 256) - { - parameterVersion = rc2Table[effKeyBits]; - } - else - { - parameterVersion = effKeyBits; - } - - return new AlgorithmIdentifier(macOID, new RC2CBCParameter(parameterVersion, rc2Spec.getIV())); - } - - return new AlgorithmIdentifier(macOID, new RC2CBCParameter(rc2Spec.getIV())); - } - - throw new IllegalStateException("unknown parameter spec: " + paramSpec); - } - - static interface JCECallback - { - Object doInJCE() - throws CMSException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidParameterSpecException, - NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaJceExtHelper.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaJceExtHelper.java deleted file mode 100644 index 3eb54a10..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaJceExtHelper.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.PrivateKey; - -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jcajce.util.JcaJceHelper; -import org.bouncycastle.operator.SymmetricKeyUnwrapper; -import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; - -public interface JcaJceExtHelper - extends JcaJceHelper -{ - JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey); - - SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey); -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSelectorConverter.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSelectorConverter.java deleted file mode 100644 index a26cbe70..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSelectorConverter.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.IOException; -import java.security.cert.X509CertSelector; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.cms.KeyTransRecipientId; -import org.bouncycastle.cms.SignerId; - -public class JcaSelectorConverter -{ - public JcaSelectorConverter() - { - - } - - public SignerId getSignerId(X509CertSelector certSelector) - { - try - { - if (certSelector.getSubjectKeyIdentifier() != null) - { - return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); - } - else - { - return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); - } - } - catch (IOException e) - { - throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage()); - } - } - - public KeyTransRecipientId getKeyTransRecipientId(X509CertSelector certSelector) - { - try - { - if (certSelector.getSubjectKeyIdentifier() != null) - { - return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); - } - else - { - return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); - } - } - catch (IOException e) - { - throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage()); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerId.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerId.java deleted file mode 100644 index 056f7c06..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerId.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.math.BigInteger; -import java.security.cert.X509Certificate; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.cms.SignerId; - -public class JcaSignerId - extends SignerId -{ - /** - * Construct a signer identifier based on the issuer, serial number and subject key identifier (if present) of the passed in - * certificate. - * - * @param certificate certificate providing the issue and serial number and subject key identifier. - */ - public JcaSignerId(X509Certificate certificate) - { - super(convertPrincipal(certificate.getIssuerX500Principal()), certificate.getSerialNumber(), CMSUtils.getSubjectKeyId(certificate)); - } - - /** - * Construct a signer identifier based on the provided issuer and serial number.. - * - * @param issuer the issuer to use. - * @param serialNumber the serial number to use. - */ - public JcaSignerId(X500Principal issuer, BigInteger serialNumber) - { - super(convertPrincipal(issuer), serialNumber); - } - - /** - * Construct a signer identifier based on the provided issuer, serial number, and subjectKeyId.. - * - * @param issuer the issuer to use. - * @param serialNumber the serial number to use. - * @param subjectKeyId the subject key ID to use. - */ - public JcaSignerId(X500Principal issuer, BigInteger serialNumber, byte[] subjectKeyId) - { - super(convertPrincipal(issuer), serialNumber, subjectKeyId); - } - - private static X500Name convertPrincipal(X500Principal issuer) - { - if (issuer == null) - { - return null; - } - return X500Name.getInstance(issuer.getEncoded()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java deleted file mode 100644 index 4a0e7ca4..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; -import org.bouncycastle.cms.CMSAttributeTableGenerator; -import org.bouncycastle.cms.SignerInfoGenerator; -import org.bouncycastle.cms.SignerInfoGeneratorBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; - -public class JcaSignerInfoGeneratorBuilder -{ - private SignerInfoGeneratorBuilder builder; - - public JcaSignerInfoGeneratorBuilder(DigestCalculatorProvider digestProvider) - { - builder = new SignerInfoGeneratorBuilder(digestProvider); - } - - /** - * If the passed in flag is true, the signer signature will be based on the data, not - * a collection of signed attributes, and no signed attributes will be included. - * - * @return the builder object - */ - public JcaSignerInfoGeneratorBuilder setDirectSignature(boolean hasNoSignedAttributes) - { - builder.setDirectSignature(hasNoSignedAttributes); - - return this; - } - - public JcaSignerInfoGeneratorBuilder setSignedAttributeGenerator(CMSAttributeTableGenerator signedGen) - { - builder.setSignedAttributeGenerator(signedGen); - - return this; - } - - public JcaSignerInfoGeneratorBuilder setUnsignedAttributeGenerator(CMSAttributeTableGenerator unsignedGen) - { - builder.setUnsignedAttributeGenerator(unsignedGen); - - return this; - } - - public SignerInfoGenerator build(ContentSigner contentSigner, X509CertificateHolder certHolder) - throws OperatorCreationException - { - return builder.build(contentSigner, certHolder); - } - - public SignerInfoGenerator build(ContentSigner contentSigner, byte[] keyIdentifier) - throws OperatorCreationException - { - return builder.build(contentSigner, keyIdentifier); - } - - public SignerInfoGenerator build(ContentSigner contentSigner, X509Certificate certificate) - throws OperatorCreationException, CertificateEncodingException - { - return this.build(contentSigner, new JcaX509CertificateHolder(certificate)); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoVerifierBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoVerifierBuilder.java deleted file mode 100644 index a8058398..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoVerifierBuilder.java +++ /dev/null @@ -1,180 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.Provider; -import java.security.PublicKey; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.CMSSignatureAlgorithmNameGenerator; -import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator; -import org.bouncycastle.cms.SignerInformationVerifier; -import org.bouncycastle.operator.ContentVerifierProvider; -import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; -import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; - -public class JcaSignerInfoVerifierBuilder -{ - private Helper helper = new Helper(); - private DigestCalculatorProvider digestProvider; - private CMSSignatureAlgorithmNameGenerator sigAlgNameGen = new DefaultCMSSignatureAlgorithmNameGenerator(); - private SignatureAlgorithmIdentifierFinder sigAlgIDFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - - public JcaSignerInfoVerifierBuilder(DigestCalculatorProvider digestProvider) - { - this.digestProvider = digestProvider; - } - - public JcaSignerInfoVerifierBuilder setProvider(Provider provider) - { - this.helper = new ProviderHelper(provider); - - return this; - } - - public JcaSignerInfoVerifierBuilder setProvider(String providerName) - { - this.helper = new NamedHelper(providerName); - - return this; - } - - /** - * Override the default signature algorithm name generator. - * - * @param sigAlgNameGen the algorithm name generator to use. - * @return the current builder. - */ - public JcaSignerInfoVerifierBuilder setSignatureAlgorithmNameGenerator(CMSSignatureAlgorithmNameGenerator sigAlgNameGen) - { - this.sigAlgNameGen = sigAlgNameGen; - - return this; - } - - public JcaSignerInfoVerifierBuilder setSignatureAlgorithmFinder(SignatureAlgorithmIdentifierFinder sigAlgIDFinder) - { - this.sigAlgIDFinder = sigAlgIDFinder; - - return this; - } - - public SignerInformationVerifier build(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return new SignerInformationVerifier(sigAlgNameGen, sigAlgIDFinder, helper.createContentVerifierProvider(certHolder), digestProvider); - } - - public SignerInformationVerifier build(X509Certificate certificate) - throws OperatorCreationException - { - return new SignerInformationVerifier(sigAlgNameGen, sigAlgIDFinder, helper.createContentVerifierProvider(certificate), digestProvider); - } - - public SignerInformationVerifier build(PublicKey pubKey) - throws OperatorCreationException - { - return new SignerInformationVerifier(sigAlgNameGen, sigAlgIDFinder, helper.createContentVerifierProvider(pubKey), digestProvider); - } - - private class Helper - { - ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().build(publicKey); - } - - ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().build(certificate); - } - - ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return new JcaContentVerifierProviderBuilder().build(certHolder); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().build(); - } - } - - private class NamedHelper - extends Helper - { - private final String providerName; - - public NamedHelper(String providerName) - { - this.providerName = providerName; - } - - ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(publicKey); - } - - ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(certificate); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().setProvider(providerName).build(); - } - - ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(certHolder); - } - } - - private class ProviderHelper - extends Helper - { - private final Provider provider; - - public ProviderHelper(Provider provider) - { - this.provider = provider; - } - - ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().setProvider(provider).build(publicKey); - } - - ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().setProvider(provider).build(certificate); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().setProvider(provider).build(); - } - - ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return new JcaContentVerifierProviderBuilder().setProvider(provider).build(certHolder); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoGeneratorBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoGeneratorBuilder.java deleted file mode 100644 index 0de417aa..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoGeneratorBuilder.java +++ /dev/null @@ -1,202 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.PrivateKey; -import java.security.Provider; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; -import org.bouncycastle.cms.CMSAttributeTableGenerator; -import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator; -import org.bouncycastle.cms.SignerInfoGenerator; -import org.bouncycastle.cms.SignerInfoGeneratorBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; - -/** - * Use this class if you are using a provider that has all the facilities you - * need. - * <p> - * For example: - * <pre> - * CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - * ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate()); - * - * gen.addSignerInfoGenerator( - * new JcaSignerInfoGeneratorBuilder( - * new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) - * .build(sha1Signer, signCert)); - * </pre> - * becomes: - * <pre> - * CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - * - * gen.addSignerInfoGenerator( - * new JcaSimpleSignerInfoGeneratorBuilder() - * .setProvider("BC") - * .build("SHA1withRSA", signKP.getPrivate(), signCert)); - * </pre> - */ -public class JcaSimpleSignerInfoGeneratorBuilder -{ - private Helper helper; - - private boolean hasNoSignedAttributes; - private CMSAttributeTableGenerator signedGen; - private CMSAttributeTableGenerator unsignedGen; - - public JcaSimpleSignerInfoGeneratorBuilder() - throws OperatorCreationException - { - this.helper = new Helper(); - } - - public JcaSimpleSignerInfoGeneratorBuilder setProvider(String providerName) - throws OperatorCreationException - { - this.helper = new NamedHelper(providerName); - - return this; - } - - public JcaSimpleSignerInfoGeneratorBuilder setProvider(Provider provider) - throws OperatorCreationException - { - this.helper = new ProviderHelper(provider); - - return this; - } - - /** - * If the passed in flag is true, the signer signature will be based on the data, not - * a collection of signed attributes, and no signed attributes will be included. - * - * @return the builder object - */ - public JcaSimpleSignerInfoGeneratorBuilder setDirectSignature(boolean hasNoSignedAttributes) - { - this.hasNoSignedAttributes = hasNoSignedAttributes; - - return this; - } - - public JcaSimpleSignerInfoGeneratorBuilder setSignedAttributeGenerator(CMSAttributeTableGenerator signedGen) - { - this.signedGen = signedGen; - - return this; - } - - /** - * set up a DefaultSignedAttributeTableGenerator primed with the passed in AttributeTable. - * - * @param attrTable table of attributes for priming generator - * @return this. - */ - public JcaSimpleSignerInfoGeneratorBuilder setSignedAttributeGenerator(AttributeTable attrTable) - { - this.signedGen = new DefaultSignedAttributeTableGenerator(attrTable); - - return this; - } - - public JcaSimpleSignerInfoGeneratorBuilder setUnsignedAttributeGenerator(CMSAttributeTableGenerator unsignedGen) - { - this.unsignedGen = unsignedGen; - - return this; - } - - public SignerInfoGenerator build(String algorithmName, PrivateKey privateKey, X509Certificate certificate) - throws OperatorCreationException, CertificateEncodingException - { - ContentSigner contentSigner = helper.createContentSigner(algorithmName, privateKey); - - return configureAndBuild().build(contentSigner, new JcaX509CertificateHolder(certificate)); - } - - public SignerInfoGenerator build(String algorithmName, PrivateKey privateKey, byte[] keyIdentifier) - throws OperatorCreationException, CertificateEncodingException - { - ContentSigner contentSigner = helper.createContentSigner(algorithmName, privateKey); - - return configureAndBuild().build(contentSigner, keyIdentifier); - } - - private SignerInfoGeneratorBuilder configureAndBuild() - throws OperatorCreationException - { - SignerInfoGeneratorBuilder infoGeneratorBuilder = new SignerInfoGeneratorBuilder(helper.createDigestCalculatorProvider()); - - infoGeneratorBuilder.setDirectSignature(hasNoSignedAttributes); - infoGeneratorBuilder.setSignedAttributeGenerator(signedGen); - infoGeneratorBuilder.setUnsignedAttributeGenerator(unsignedGen); - - return infoGeneratorBuilder; - } - - private class Helper - { - ContentSigner createContentSigner(String algorithm, PrivateKey privateKey) - throws OperatorCreationException - { - return new JcaContentSignerBuilder(algorithm).build(privateKey); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().build(); - } - } - - private class NamedHelper - extends Helper - { - private final String providerName; - - public NamedHelper(String providerName) - { - this.providerName = providerName; - } - - ContentSigner createContentSigner(String algorithm, PrivateKey privateKey) - throws OperatorCreationException - { - return new JcaContentSignerBuilder(algorithm).setProvider(providerName).build(privateKey); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().setProvider(providerName).build(); - } - } - - private class ProviderHelper - extends Helper - { - private final Provider provider; - - public ProviderHelper(Provider provider) - { - this.provider = provider; - } - - ContentSigner createContentSigner(String algorithm, PrivateKey privateKey) - throws OperatorCreationException - { - return new JcaContentSignerBuilder(algorithm).setProvider(provider).build(privateKey); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().setProvider(provider).build(); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoVerifierBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoVerifierBuilder.java deleted file mode 100644 index 441f27d2..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoVerifierBuilder.java +++ /dev/null @@ -1,150 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.Provider; -import java.security.PublicKey; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator; -import org.bouncycastle.cms.SignerInformationVerifier; -import org.bouncycastle.operator.ContentVerifierProvider; -import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; - -public class JcaSimpleSignerInfoVerifierBuilder -{ - private Helper helper = new Helper(); - - public JcaSimpleSignerInfoVerifierBuilder setProvider(Provider provider) - { - this.helper = new ProviderHelper(provider); - - return this; - } - - public JcaSimpleSignerInfoVerifierBuilder setProvider(String providerName) - { - this.helper = new NamedHelper(providerName); - - return this; - } - - public SignerInformationVerifier build(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(certHolder), helper.createDigestCalculatorProvider()); - } - - public SignerInformationVerifier build(X509Certificate certificate) - throws OperatorCreationException - { - return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(certificate), helper.createDigestCalculatorProvider()); - } - - public SignerInformationVerifier build(PublicKey pubKey) - throws OperatorCreationException - { - return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), helper.createContentVerifierProvider(pubKey), helper.createDigestCalculatorProvider()); - } - - private class Helper - { - ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().build(publicKey); - } - - ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().build(certificate); - } - - ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return new JcaContentVerifierProviderBuilder().build(certHolder); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().build(); - } - } - - private class NamedHelper - extends Helper - { - private final String providerName; - - public NamedHelper(String providerName) - { - this.providerName = providerName; - } - - ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(publicKey); - } - - ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(certificate); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().setProvider(providerName).build(); - } - - ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return new JcaContentVerifierProviderBuilder().setProvider(providerName).build(certHolder); - } - } - - private class ProviderHelper - extends Helper - { - private final Provider provider; - - public ProviderHelper(Provider provider) - { - this.provider = provider; - } - - ContentVerifierProvider createContentVerifierProvider(PublicKey publicKey) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().setProvider(provider).build(publicKey); - } - - ContentVerifierProvider createContentVerifierProvider(X509Certificate certificate) - throws OperatorCreationException - { - return new JcaContentVerifierProviderBuilder().setProvider(provider).build(certificate); - } - - DigestCalculatorProvider createDigestCalculatorProvider() - throws OperatorCreationException - { - return new JcaDigestCalculatorProviderBuilder().setProvider(provider).build(); - } - - ContentVerifierProvider createContentVerifierProvider(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return new JcaContentVerifierProviderBuilder().setProvider(provider).build(certHolder); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaX509CertSelectorConverter.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaX509CertSelectorConverter.java deleted file mode 100644 index 86f59f69..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcaX509CertSelectorConverter.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.cert.X509CertSelector; - -import org.bouncycastle.cms.KeyTransRecipientId; -import org.bouncycastle.cms.SignerId; - -public class JcaX509CertSelectorConverter - extends org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter -{ - public JcaX509CertSelectorConverter() - { - } - - public X509CertSelector getCertSelector(KeyTransRecipientId recipientId) - { - return doConversion(recipientId.getIssuer(), recipientId.getSerialNumber(), recipientId.getSubjectKeyIdentifier()); - } - - public X509CertSelector getCertSelector(SignerId signerId) - { - return doConversion(signerId.getIssuer(), signerId.getSerialNumber(), signerId.getSubjectKeyIdentifier()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceAlgorithmIdentifierConverter.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceAlgorithmIdentifierConverter.java deleted file mode 100644 index 59928f45..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceAlgorithmIdentifierConverter.java +++ /dev/null @@ -1,64 +0,0 @@ -package org.bouncycastle.cms.jcajce; - - -import java.security.AlgorithmParameters; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.SecureRandom; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; - -public class JceAlgorithmIdentifierConverter -{ - private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - private SecureRandom random; - - public JceAlgorithmIdentifierConverter() - { - } - - public JceAlgorithmIdentifierConverter setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JceAlgorithmIdentifierConverter setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - public AlgorithmParameters getAlgorithmParameters(AlgorithmIdentifier algorithmIdentifier) - throws CMSException - { - ASN1Encodable parameters = algorithmIdentifier.getParameters(); - - if (parameters == null) - { - return null; - } - - try - { - AlgorithmParameters params = helper.createAlgorithmParameters(algorithmIdentifier.getAlgorithm()); - - CMSUtils.loadParameters(params, algorithmIdentifier.getParameters()); - - return params; - } - catch (NoSuchAlgorithmException e) - { - throw new CMSException("can't find parameters for algorithm", e); - } - catch (NoSuchProviderException e) - { - throw new CMSException("can't find provider for algorithm", e); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java deleted file mode 100644 index 93d8b72c..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java +++ /dev/null @@ -1,160 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.OutputStream; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.Provider; -import java.security.SecureRandom; - -import javax.crypto.Cipher; -import javax.crypto.CipherOutputStream; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.operator.DefaultSecretKeySizeProvider; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OutputEncryptor; -import org.bouncycastle.operator.SecretKeySizeProvider; -import org.bouncycastle.operator.jcajce.JceGenericKey; - -public class JceCMSContentEncryptorBuilder -{ - private static final SecretKeySizeProvider KEY_SIZE_PROVIDER = DefaultSecretKeySizeProvider.INSTANCE; - - - private final ASN1ObjectIdentifier encryptionOID; - private final int keySize; - - private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - private SecureRandom random; - - public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID) - { - this(encryptionOID, KEY_SIZE_PROVIDER.getKeySize(encryptionOID)); - } - - public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize) - { - this.encryptionOID = encryptionOID; - this.keySize = keySize; - - int fixedSize = KEY_SIZE_PROVIDER.getKeySize(encryptionOID); - - if (encryptionOID.equals(PKCSObjectIdentifiers.des_EDE3_CBC)) - { - if (keySize != 168 && keySize != fixedSize) - { - throw new IllegalArgumentException("incorrect keySize for encryptionOID passed to builder."); - } - } - else - { - if (fixedSize > 0 && fixedSize != keySize) - { - throw new IllegalArgumentException("incorrect keySize for encryptionOID passed to builder."); - } - } - } - - public JceCMSContentEncryptorBuilder setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JceCMSContentEncryptorBuilder setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - public JceCMSContentEncryptorBuilder setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public OutputEncryptor build() - throws CMSException - { - return new CMSOutputEncryptor(encryptionOID, keySize, random); - } - - private class CMSOutputEncryptor - implements OutputEncryptor - { - private SecretKey encKey; - private AlgorithmIdentifier algorithmIdentifier; - private Cipher cipher; - - CMSOutputEncryptor(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) - throws CMSException - { - KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID); - - if (random == null) - { - random = new SecureRandom(); - } - - if (keySize < 0) - { - keyGen.init(random); - } - else - { - if (encryptionOID.equals(PKCSObjectIdentifiers.des_EDE3_CBC) && keySize == 192) - { - keySize = 168; - } - keyGen.init(keySize, random); - } - - cipher = helper.createCipher(encryptionOID); - encKey = keyGen.generateKey(); - AlgorithmParameters params = helper.generateParameters(encryptionOID, encKey, random); - - try - { - cipher.init(Cipher.ENCRYPT_MODE, encKey, params, random); - } - catch (GeneralSecurityException e) - { - throw new CMSException("unable to initialize cipher: " + e.getMessage(), e); - } - - // - // If params are null we try and second guess on them as some providers don't provide - // algorithm parameter generation explicity but instead generate them under the hood. - // - if (params == null) - { - params = cipher.getParameters(); - } - - algorithmIdentifier = helper.getAlgorithmIdentifier(encryptionOID, params); - } - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithmIdentifier; - } - - public OutputStream getOutputStream(OutputStream dOut) - { - return new CipherOutputStream(dOut, cipher); - } - - public GenericKey getKey() - { - return new JceGenericKey(algorithmIdentifier, encKey); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSMacCalculatorBuilder.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSMacCalculatorBuilder.java deleted file mode 100644 index d6ba1609..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSMacCalculatorBuilder.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.OutputStream; -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.jcajce.io.MacOutputStream; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.jcajce.JceGenericKey; - -public class JceCMSMacCalculatorBuilder -{ - private final ASN1ObjectIdentifier macOID; - private final int keySize; - - private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - private SecureRandom random; - - public JceCMSMacCalculatorBuilder(ASN1ObjectIdentifier macOID) - { - this(macOID, -1); - } - - public JceCMSMacCalculatorBuilder(ASN1ObjectIdentifier macOID, int keySize) - { - this.macOID = macOID; - this.keySize = keySize; - } - - public JceCMSMacCalculatorBuilder setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JceCMSMacCalculatorBuilder setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - public JceCMSMacCalculatorBuilder setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public MacCalculator build() - throws CMSException - { - return new CMSMacCalculator(macOID, keySize, random); - } - - private class CMSMacCalculator - implements MacCalculator - { - private SecretKey encKey; - private AlgorithmIdentifier algorithmIdentifier; - private Mac mac; - private SecureRandom random; - - CMSMacCalculator(ASN1ObjectIdentifier macOID, int keySize, SecureRandom random) - throws CMSException - { - KeyGenerator keyGen = helper.createKeyGenerator(macOID); - - if (random == null) - { - random = new SecureRandom(); - } - - this.random = random; - - if (keySize < 0) - { - keyGen.init(random); - } - else - { - keyGen.init(keySize, random); - } - - encKey = keyGen.generateKey(); - - AlgorithmParameterSpec paramSpec = generateParameterSpec(macOID, encKey); - - algorithmIdentifier = helper.getAlgorithmIdentifier(macOID, paramSpec); - mac = helper.createContentMac(encKey, algorithmIdentifier); - } - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithmIdentifier; - } - - public OutputStream getOutputStream() - { - return new MacOutputStream(mac); - } - - public byte[] getMac() - { - return mac.doFinal(); - } - - public GenericKey getKey() - { - return new JceGenericKey(algorithmIdentifier, encKey); - } - - protected AlgorithmParameterSpec generateParameterSpec(ASN1ObjectIdentifier macOID, SecretKey encKey) - throws CMSException - { - try - { - if (macOID.equals(PKCSObjectIdentifiers.RC2_CBC)) - { - byte[] iv = new byte[8]; - - random.nextBytes(iv); - - return new RC2ParameterSpec(encKey.getEncoded().length * 8, iv); - } - - AlgorithmParameterGenerator pGen = helper.createAlgorithmParameterGenerator(macOID); - - AlgorithmParameters p = pGen.generateParameters(); - - return p.getParameterSpec(IvParameterSpec.class); - } - catch (GeneralSecurityException e) - { - return null; - } - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthenticatedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthenticatedRecipient.java deleted file mode 100644 index eb73555d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthenticatedRecipient.java +++ /dev/null @@ -1,61 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.OutputStream; -import java.security.Key; - -import javax.crypto.Mac; -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.jcajce.io.MacOutputStream; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.jcajce.JceGenericKey; - - -/** - * the KeyTransRecipientInformation class for a recipient who has been sent a secret - * key encrypted using their public key that needs to be used to - * extract the message. - */ -public class JceKEKAuthenticatedRecipient - extends JceKEKRecipient -{ - public JceKEKAuthenticatedRecipient(SecretKey recipientKey) - { - super(recipientKey); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException - { - final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, encryptedContentEncryptionKey); - - final Mac dataMac = contentHelper.createContentMac(secretKey, contentMacAlgorithm); - - return new RecipientOperator(new MacCalculator() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentMacAlgorithm; - } - - public GenericKey getKey() - { - return new JceGenericKey(contentMacAlgorithm, secretKey); - } - - public OutputStream getOutputStream() - { - return new MacOutputStream(dataMac); - } - - public byte[] getMac() - { - return dataMac.doFinal(); - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKEnvelopedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKEnvelopedRecipient.java deleted file mode 100644 index a7293794..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKEnvelopedRecipient.java +++ /dev/null @@ -1,43 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.InputStream; -import java.security.Key; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.operator.InputDecryptor; - -public class JceKEKEnvelopedRecipient - extends JceKEKRecipient -{ - public JceKEKEnvelopedRecipient(SecretKey recipientKey) - { - super(recipientKey); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException - { - Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey); - - final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm); - - return new RecipientOperator(new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataOut) - { - return new CipherInputStream(dataOut, dataCipher); - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java deleted file mode 100644 index d0e41644..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipient.java +++ /dev/null @@ -1,119 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.Key; -import java.security.Provider; - -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.KEKRecipient; -import org.bouncycastle.operator.OperatorException; -import org.bouncycastle.operator.SymmetricKeyUnwrapper; - -public abstract class JceKEKRecipient - implements KEKRecipient -{ - private SecretKey recipientKey; - - protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - protected EnvelopedDataHelper contentHelper = helper; - protected boolean validateKeySize = false; - - public JceKEKRecipient(SecretKey recipientKey) - { - this.recipientKey = recipientKey; - } - - /** - * Set the provider to use for key recovery and content processing. - * - * @param provider provider to use. - * @return this recipient. - */ - public JceKEKRecipient setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - this.contentHelper = helper; - - return this; - } - - /** - * Set the provider to use for key recovery and content processing. - * - * @param providerName the name of the provider to use. - * @return this recipient. - */ - public JceKEKRecipient setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - this.contentHelper = helper; - - return this; - } - - /** - * Set the provider to use for content processing. - * - * @param provider the provider to use. - * @return this recipient. - */ - public JceKEKRecipient setContentProvider(Provider provider) - { - this.contentHelper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - /** - * Set the provider to use for content processing. - * - * @param providerName the name of the provider to use. - * @return this recipient. - */ - public JceKEKRecipient setContentProvider(String providerName) - { - this.contentHelper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - /** - * Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off. - * <p> - * This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or - * if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available. - * </p> - * @param doValidate true if unwrapped key's should be validated against the content encryption algorithm, false otherwise. - * @return this recipient. - */ - public JceKEKRecipient setKeySizeValidation(boolean doValidate) - { - this.validateKeySize = doValidate; - - return this; - } - - protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException - { - SymmetricKeyUnwrapper unwrapper = helper.createSymmetricUnwrapper(keyEncryptionAlgorithm, recipientKey); - - try - { - Key key = helper.getJceKey(encryptedKeyAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedContentEncryptionKey)); - - if (validateKeySize) - { - helper.keySizeCheck(encryptedKeyAlgorithm, key); - } - - return key; - } - catch (OperatorException e) - { - throw new CMSException("exception unwrapping key: " + e.getMessage(), e); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipientInfoGenerator.java deleted file mode 100644 index 15ec8ffd..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKRecipientInfoGenerator.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.Provider; -import java.security.SecureRandom; - -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.cms.KEKIdentifier; -import org.bouncycastle.cms.KEKRecipientInfoGenerator; -import org.bouncycastle.operator.jcajce.JceSymmetricKeyWrapper; - -public class JceKEKRecipientInfoGenerator - extends KEKRecipientInfoGenerator -{ - public JceKEKRecipientInfoGenerator(KEKIdentifier kekIdentifier, SecretKey keyEncryptionKey) - { - super(kekIdentifier, new JceSymmetricKeyWrapper(keyEncryptionKey)); - } - - public JceKEKRecipientInfoGenerator(byte[] keyIdentifier, SecretKey keyEncryptionKey) - { - this(new KEKIdentifier(keyIdentifier, null, null), keyEncryptionKey); - } - - public JceKEKRecipientInfoGenerator setProvider(Provider provider) - { - ((JceSymmetricKeyWrapper)this.wrapper).setProvider(provider); - - return this; - } - - public JceKEKRecipientInfoGenerator setProvider(String providerName) - { - ((JceSymmetricKeyWrapper)this.wrapper).setProvider(providerName); - - return this; - } - - public JceKEKRecipientInfoGenerator setSecureRandom(SecureRandom random) - { - ((JceSymmetricKeyWrapper)this.wrapper).setSecureRandom(random); - - return this; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthenticatedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthenticatedRecipient.java deleted file mode 100644 index d231f56f..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthenticatedRecipient.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.OutputStream; -import java.security.Key; -import java.security.PrivateKey; - -import javax.crypto.Mac; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.jcajce.io.MacOutputStream; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.jcajce.JceGenericKey; - -public class JceKeyAgreeAuthenticatedRecipient - extends JceKeyAgreeRecipient -{ - public JceKeyAgreeAuthenticatedRecipient(PrivateKey recipientKey) - { - super(recipientKey); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey) - throws CMSException - { - final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, senderPublicKey, userKeyingMaterial, encryptedContentKey); - - final Mac dataMac = contentHelper.createContentMac(secretKey, contentMacAlgorithm); - - return new RecipientOperator(new MacCalculator() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentMacAlgorithm; - } - - public GenericKey getKey() - { - return new JceGenericKey(contentMacAlgorithm, secretKey); - } - - public OutputStream getOutputStream() - { - return new MacOutputStream(dataMac); - } - - public byte[] getMac() - { - return dataMac.doFinal(); - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeEnvelopedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeEnvelopedRecipient.java deleted file mode 100644 index fe647d7d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeEnvelopedRecipient.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.InputStream; -import java.security.Key; -import java.security.PrivateKey; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.operator.InputDecryptor; - -public class JceKeyAgreeEnvelopedRecipient - extends JceKeyAgreeRecipient -{ - public JceKeyAgreeEnvelopedRecipient(PrivateKey recipientKey) - { - super(recipientKey); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey) - throws CMSException - { - Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, senderPublicKey, userKeyingMaterial, encryptedContentKey); - - final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm); - - return new RecipientOperator(new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataOut) - { - return new CipherInputStream(dataOut, dataCipher); - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java deleted file mode 100644 index 8c41f914..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java +++ /dev/null @@ -1,184 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cms.CMSEnvelopedGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.KeyAgreeRecipient; -import org.bouncycastle.jce.spec.MQVPrivateKeySpec; -import org.bouncycastle.jce.spec.MQVPublicKeySpec; - -public abstract class JceKeyAgreeRecipient - implements KeyAgreeRecipient -{ - private PrivateKey recipientKey; - protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - protected EnvelopedDataHelper contentHelper = helper; - - public JceKeyAgreeRecipient(PrivateKey recipientKey) - { - this.recipientKey = recipientKey; - } - - /** - * Set the provider to use for key recovery and content processing. - * - * @param provider provider to use. - * @return this recipient. - */ - public JceKeyAgreeRecipient setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - this.contentHelper = helper; - - return this; - } - - /** - * Set the provider to use for key recovery and content processing. - * - * @param providerName the name of the provider to use. - * @return this recipient. - */ - public JceKeyAgreeRecipient setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - this.contentHelper = helper; - - return this; - } - - /** - * Set the provider to use for content processing. If providerName is null a "no provider" search will be - * used to satisfy getInstance calls. - * - * @param provider the provider to use. - * @return this recipient. - */ - public JceKeyAgreeRecipient setContentProvider(Provider provider) - { - this.contentHelper = CMSUtils.createContentHelper(provider); - - return this; - } - - /** - * Set the provider to use for content processing. If providerName is null a "no provider" search will be - * used to satisfy getInstance calls. - * - * @param providerName the name of the provider to use. - * @return this recipient. - */ - public JceKeyAgreeRecipient setContentProvider(String providerName) - { - this.contentHelper = CMSUtils.createContentHelper(providerName); - - return this; - } - - private SecretKey calculateAgreedWrapKey(AlgorithmIdentifier keyEncAlg, ASN1ObjectIdentifier wrapAlg, - PublicKey senderPublicKey, ASN1OctetString userKeyingMaterial, PrivateKey receiverPrivateKey) - throws CMSException, GeneralSecurityException, IOException - { - String agreeAlg = keyEncAlg.getAlgorithm().getId(); - - if (agreeAlg.equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) - { - byte[] ukmEncoding = userKeyingMaterial.getOctets(); - MQVuserKeyingMaterial ukm = MQVuserKeyingMaterial.getInstance( - ASN1Primitive.fromByteArray(ukmEncoding)); - - SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo( - getPrivateKeyAlgorithmIdentifier(), - ukm.getEphemeralPublicKey().getPublicKey().getBytes()); - - X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded()); - KeyFactory fact = helper.createKeyFactory(keyEncAlg.getAlgorithm()); - PublicKey ephemeralKey = fact.generatePublic(pubSpec); - - senderPublicKey = new MQVPublicKeySpec(senderPublicKey, ephemeralKey); - receiverPrivateKey = new MQVPrivateKeySpec(receiverPrivateKey, receiverPrivateKey); - } - - KeyAgreement agreement = helper.createKeyAgreement(keyEncAlg.getAlgorithm()); - - agreement.init(receiverPrivateKey); - agreement.doPhase(senderPublicKey, true); - - return agreement.generateSecret(wrapAlg.getId()); - } - - private Key unwrapSessionKey(ASN1ObjectIdentifier wrapAlg, SecretKey agreedKey, ASN1ObjectIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException, InvalidKeyException, NoSuchAlgorithmException - { - Cipher keyCipher = helper.createCipher(wrapAlg); - keyCipher.init(Cipher.UNWRAP_MODE, agreedKey); - return keyCipher.unwrap(encryptedContentEncryptionKey, helper.getBaseCipherName(contentEncryptionAlgorithm), Cipher.SECRET_KEY); - } - - protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentEncryptionKey) - throws CMSException - { - try - { - ASN1ObjectIdentifier wrapAlg = - AlgorithmIdentifier.getInstance(keyEncryptionAlgorithm.getParameters()).getAlgorithm(); - - X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(senderKey.getEncoded()); - KeyFactory fact = helper.createKeyFactory(keyEncryptionAlgorithm.getAlgorithm()); - PublicKey senderPublicKey = fact.generatePublic(pubSpec); - - SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, - senderPublicKey, userKeyingMaterial, recipientKey); - - return unwrapSessionKey(wrapAlg, agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey); - } - catch (NoSuchAlgorithmException e) - { - throw new CMSException("can't find algorithm.", e); - } - catch (InvalidKeyException e) - { - throw new CMSException("key invalid in message.", e); - } - catch (InvalidKeySpecException e) - { - throw new CMSException("originator key spec invalid.", e); - } - catch (NoSuchPaddingException e) - { - throw new CMSException("required padding not supported.", e); - } - catch (Exception e) - { - throw new CMSException("originator key invalid.", e); - } - } - - public AlgorithmIdentifier getPrivateKeyAlgorithmIdentifier() - { - return PrivateKeyInfo.getInstance(recipientKey.getEncoded()).getPrivateKeyAlgorithm(); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientId.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientId.java deleted file mode 100644 index 56911bec..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientId.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.math.BigInteger; -import java.security.cert.X509Certificate; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.cms.KeyAgreeRecipientId; - -public class JceKeyAgreeRecipientId - extends KeyAgreeRecipientId -{ - public JceKeyAgreeRecipientId(X509Certificate certificate) - { - this(certificate.getIssuerX500Principal(), certificate.getSerialNumber()); - } - - public JceKeyAgreeRecipientId(X500Principal issuer, BigInteger serialNumber) - { - super(X500Name.getInstance(issuer.getEncoded()), serialNumber); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java deleted file mode 100644 index 583ede2d..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java +++ /dev/null @@ -1,215 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECParameterSpec; -import java.util.ArrayList; -import java.util.List; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier; -import org.bouncycastle.asn1.cms.RecipientEncryptedKey; -import org.bouncycastle.asn1.cms.RecipientKeyIdentifier; -import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cms.CMSAlgorithm; -import org.bouncycastle.cms.CMSEnvelopedGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator; -import org.bouncycastle.jce.spec.MQVPrivateKeySpec; -import org.bouncycastle.jce.spec.MQVPublicKeySpec; -import org.bouncycastle.operator.GenericKey; - -public class JceKeyAgreeRecipientInfoGenerator - extends KeyAgreeRecipientInfoGenerator -{ - private List recipientIDs = new ArrayList(); - private List recipientKeys = new ArrayList(); - private PublicKey senderPublicKey; - private PrivateKey senderPrivateKey; - - private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - private SecureRandom random; - private KeyPair ephemeralKP; - - public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, PrivateKey senderPrivateKey, PublicKey senderPublicKey, ASN1ObjectIdentifier keyEncryptionOID) - { - super(keyAgreementOID, SubjectPublicKeyInfo.getInstance(senderPublicKey.getEncoded()), keyEncryptionOID); - - this.senderPublicKey = senderPublicKey; - this.senderPrivateKey = senderPrivateKey; - } - - public JceKeyAgreeRecipientInfoGenerator setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JceKeyAgreeRecipientInfoGenerator setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - public JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - /** - * Add a recipient based on the passed in certificate's public key and its issuer and serial number. - * - * @param recipientCert recipient's certificate - * @return the current instance. - * @throws CertificateEncodingException if the necessary data cannot be extracted from the certificate. - */ - public JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate recipientCert) - throws CertificateEncodingException - { - recipientIDs.add(new KeyAgreeRecipientIdentifier(CMSUtils.getIssuerAndSerialNumber(recipientCert))); - recipientKeys.add(recipientCert.getPublicKey()); - - return this; - } - - /** - * Add a recipient identified by the passed in subjectKeyID and the for the passed in public key. - * - * @param subjectKeyID identifier actual recipient will use to match the private key. - * @param publicKey the public key for encrypting the secret key. - * @return the current instance. - * @throws CertificateEncodingException - */ - public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] subjectKeyID, PublicKey publicKey) - throws CertificateEncodingException - { - recipientIDs.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(subjectKeyID))); - recipientKeys.add(publicKey); - - return this; - } - - public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey) - throws CMSException - { - init(keyAgreeAlgorithm.getAlgorithm()); - - PrivateKey senderPrivateKey = this.senderPrivateKey; - - ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm(); - - if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) - { - senderPrivateKey = new MQVPrivateKeySpec( - senderPrivateKey, ephemeralKP.getPrivate(), ephemeralKP.getPublic()); - } - - ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector(); - for (int i = 0; i != recipientIDs.size(); i++) - { - PublicKey recipientPublicKey = (PublicKey)recipientKeys.get(i); - KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier)recipientIDs.get(i); - - if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) - { - recipientPublicKey = new MQVPublicKeySpec(recipientPublicKey, recipientPublicKey); - } - - try - { - // Use key agreement to choose a wrap key for this recipient - KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID); - keyAgreement.init(senderPrivateKey, random); - keyAgreement.doPhase(recipientPublicKey, true); - SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncryptionAlgorithm.getAlgorithm().getId()); - - // Wrap the content encryption key with the agreement key - Cipher keyEncryptionCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm()); - - keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random); - - byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey)); - - ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes); - - recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey)); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot perform agreement step: " + e.getMessage(), e); - } - } - - return new DERSequence(recipientEncryptedKeys); - } - - protected ASN1Encodable getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlg) - throws CMSException - { - init(keyAgreeAlg.getAlgorithm()); - - if (ephemeralKP != null) - { - return new MQVuserKeyingMaterial( - createOriginatorPublicKey(SubjectPublicKeyInfo.getInstance(ephemeralKP.getPublic().getEncoded())), null); - } - - return null; - } - - private void init(ASN1ObjectIdentifier keyAgreementOID) - throws CMSException - { - if (random == null) - { - random = new SecureRandom(); - } - - if (keyAgreementOID.equals(CMSAlgorithm.ECMQV_SHA1KDF)) - { - if (ephemeralKP == null) - { - try - { - ECParameterSpec ecParamSpec = ((ECPublicKey)senderPublicKey).getParams(); - - KeyPairGenerator ephemKPG = helper.createKeyPairGenerator(keyAgreementOID); - - ephemKPG.initialize(ecParamSpec, random); - - ephemeralKP = ephemKPG.generateKeyPair(); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CMSException( - "cannot determine MQV ephemeral key pair parameters from public key: " + e); - } - } - } - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthenticatedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthenticatedRecipient.java deleted file mode 100644 index f15aadb0..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthenticatedRecipient.java +++ /dev/null @@ -1,60 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.OutputStream; -import java.security.Key; -import java.security.PrivateKey; - -import javax.crypto.Mac; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.jcajce.io.MacOutputStream; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; - - -/** - * the KeyTransRecipientInformation class for a recipient who has been sent a secret - * key encrypted using their public key that needs to be used to - * extract the message. - */ -public class JceKeyTransAuthenticatedRecipient - extends JceKeyTransRecipient -{ - public JceKeyTransAuthenticatedRecipient(PrivateKey recipientKey) - { - super(recipientKey); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException - { - final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, encryptedContentEncryptionKey); - - final Mac dataMac = contentHelper.createContentMac(secretKey, contentMacAlgorithm); - - return new RecipientOperator(new MacCalculator() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentMacAlgorithm; - } - - public GenericKey getKey() - { - return new GenericKey(secretKey); - } - - public OutputStream getOutputStream() - { - return new MacOutputStream(dataMac); - } - - public byte[] getMac() - { - return dataMac.doFinal(); - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransEnvelopedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransEnvelopedRecipient.java deleted file mode 100644 index 1bc0188f..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransEnvelopedRecipient.java +++ /dev/null @@ -1,43 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.InputStream; -import java.security.Key; -import java.security.PrivateKey; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.operator.InputDecryptor; - -public class JceKeyTransEnvelopedRecipient - extends JceKeyTransRecipient -{ - public JceKeyTransEnvelopedRecipient(PrivateKey recipientKey) - { - super(recipientKey); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException - { - Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey); - - final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm); - - return new RecipientOperator(new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataIn) - { - return new CipherInputStream(dataIn, dataCipher); - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java deleted file mode 100644 index a457ede4..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java +++ /dev/null @@ -1,156 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.Key; -import java.security.PrivateKey; -import java.security.Provider; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.KeyTransRecipient; -import org.bouncycastle.operator.OperatorException; -import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; - -public abstract class JceKeyTransRecipient - implements KeyTransRecipient -{ - private PrivateKey recipientKey; - - protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - protected EnvelopedDataHelper contentHelper = helper; - protected Map extraMappings = new HashMap(); - protected boolean validateKeySize = false; - - public JceKeyTransRecipient(PrivateKey recipientKey) - { - this.recipientKey = recipientKey; - } - - /** - * Set the provider to use for key recovery and content processing. - * - * @param provider provider to use. - * @return this recipient. - */ - public JceKeyTransRecipient setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - this.contentHelper = helper; - - return this; - } - - /** - * Set the provider to use for key recovery and content processing. - * - * @param providerName the name of the provider to use. - * @return this recipient. - */ - public JceKeyTransRecipient setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - this.contentHelper = helper; - - return this; - } - - /** - * Internally algorithm ids are converted into cipher names using a lookup table. For some providers - * the standard lookup table won't work. Use this method to establish a specific mapping from an - * algorithm identifier to a specific algorithm. - * <p> - * For example: - * <pre> - * unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - * </pre> - * </p> - * @param algorithm OID of algorithm in recipient. - * @param algorithmName JCE algorithm name to use. - * @return the current Recipient. - */ - public JceKeyTransRecipient setAlgorithmMapping(ASN1ObjectIdentifier algorithm, String algorithmName) - { - extraMappings.put(algorithm, algorithmName); - - return this; - } - - /** - * Set the provider to use for content processing. If providerName is null a "no provider" search will be - * used to satisfy getInstance calls. - * - * @param provider the provider to use. - * @return this recipient. - */ - public JceKeyTransRecipient setContentProvider(Provider provider) - { - this.contentHelper = CMSUtils.createContentHelper(provider); - - return this; - } - - /** - * Set the provider to use for content processing. If providerName is null a "no provider" search will be - * used to satisfy getInstance calls. - * - * @param providerName the name of the provider to use. - * @return this recipient. - */ - public JceKeyTransRecipient setContentProvider(String providerName) - { - this.contentHelper = CMSUtils.createContentHelper(providerName); - - return this; - } - - /** - * Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off. - * <p> - * This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or - * if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available. - * </p> - * @param doValidate true if unwrapped key's should be validated against the content encryption algorithm, false otherwise. - * @return this recipient. - */ - public JceKeyTransRecipient setKeySizeValidation(boolean doValidate) - { - this.validateKeySize = doValidate; - - return this; - } - - protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey) - throws CMSException - { - JceAsymmetricKeyUnwrapper unwrapper = helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, recipientKey); - - if (!extraMappings.isEmpty()) - { - for (Iterator it = extraMappings.keySet().iterator(); it.hasNext();) - { - ASN1ObjectIdentifier algorithm = (ASN1ObjectIdentifier)it.next(); - - unwrapper.setAlgorithmMapping(algorithm, (String)extraMappings.get(algorithm)); - } - } - - try - { - Key key = helper.getJceKey(encryptedKeyAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedEncryptionKey)); - - if (validateKeySize) - { - helper.keySizeCheck(encryptedKeyAlgorithm, key); - } - - return key; - } - catch (OperatorException e) - { - throw new CMSException("exception unwrapping key: " + e.getMessage(), e); - } - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientId.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientId.java deleted file mode 100644 index 8b44817b..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientId.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.math.BigInteger; -import java.security.cert.X509Certificate; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.cms.KeyTransRecipientId; - -public class JceKeyTransRecipientId - extends KeyTransRecipientId -{ - /** - * Construct a recipient id based on the issuer, serial number and subject key identifier (if present) of the passed in - * certificate. - * - * @param certificate certificate providing the issue and serial number and subject key identifier. - */ - public JceKeyTransRecipientId(X509Certificate certificate) - { - super(convertPrincipal(certificate.getIssuerX500Principal()), certificate.getSerialNumber(), CMSUtils.getSubjectKeyId(certificate)); - } - - /** - * Construct a recipient id based on the provided issuer and serial number.. - * - * @param issuer the issuer to use. - * @param serialNumber the serial number to use. - */ - public JceKeyTransRecipientId(X500Principal issuer, BigInteger serialNumber) - { - super(convertPrincipal(issuer), serialNumber); - } - - /** - * Construct a recipient id based on the provided issuer, serial number, and subjectKeyId.. - * - * @param issuer the issuer to use. - * @param serialNumber the serial number to use. - * @param subjectKeyId the subject key ID to use. - */ - public JceKeyTransRecipientId(X500Principal issuer, BigInteger serialNumber, byte[] subjectKeyId) - { - super(convertPrincipal(issuer), serialNumber, subjectKeyId); - } - - private static X500Name convertPrincipal(X500Principal issuer) - { - if (issuer == null) - { - return null; - } - - return X500Name.getInstance(issuer.getEncoded()); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java deleted file mode 100644 index 60a2ff20..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.Provider; -import java.security.PublicKey; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; -import org.bouncycastle.cms.KeyTransRecipientInfoGenerator; -import org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper; - -public class JceKeyTransRecipientInfoGenerator - extends KeyTransRecipientInfoGenerator -{ - public JceKeyTransRecipientInfoGenerator(X509Certificate recipientCert) - throws CertificateEncodingException - { - super(new IssuerAndSerialNumber(new JcaX509CertificateHolder(recipientCert).toASN1Structure()), new JceAsymmetricKeyWrapper(recipientCert)); - } - - public JceKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, PublicKey publicKey) - { - super(subjectKeyIdentifier, new JceAsymmetricKeyWrapper(publicKey)); - } - - /** - * Create a generator overriding the algorithm type implied by the public key in the certificate passed in. - * - * @param recipientCert certificate carrying the public key. - * @param algorithmIdentifier the identifier and parameters for the encryption algorithm to be used. - */ - public JceKeyTransRecipientInfoGenerator(X509Certificate recipientCert, AlgorithmIdentifier algorithmIdentifier) - throws CertificateEncodingException - { - super(new IssuerAndSerialNumber(new JcaX509CertificateHolder(recipientCert).toASN1Structure()), new JceAsymmetricKeyWrapper(algorithmIdentifier, recipientCert.getPublicKey())); - } - - /** - * Create a generator overriding the algorithm type implied by the public key passed in. - * - * @param subjectKeyIdentifier the subject key identifier value to associate with the public key. - * @param algorithmIdentifier the identifier and parameters for the encryption algorithm to be used. - * @param publicKey the public key to use. - */ - public JceKeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier, AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey) - { - super(subjectKeyIdentifier, new JceAsymmetricKeyWrapper(algorithmIdentifier, publicKey)); - } - - public JceKeyTransRecipientInfoGenerator setProvider(String providerName) - { - ((JceAsymmetricKeyWrapper)this.wrapper).setProvider(providerName); - - return this; - } - - public JceKeyTransRecipientInfoGenerator setProvider(Provider provider) - { - ((JceAsymmetricKeyWrapper)this.wrapper).setProvider(provider); - - return this; - } - - /** - * Internally algorithm ids are converted into cipher names using a lookup table. For some providers - * the standard lookup table won't work. Use this method to establish a specific mapping from an - * algorithm identifier to a specific algorithm. - * <p> - * For example: - * <pre> - * unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - * </pre> - * </p> - * @param algorithm OID of algorithm in recipient. - * @param algorithmName JCE algorithm name to use. - * @return the current RecipientInfoGenerator. - */ - public JceKeyTransRecipientInfoGenerator setAlgorithmMapping(ASN1ObjectIdentifier algorithm, String algorithmName) - { - ((JceAsymmetricKeyWrapper)this.wrapper).setAlgorithmMapping(algorithm, algorithmName); - - return this; - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordAuthenticatedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordAuthenticatedRecipient.java deleted file mode 100644 index ba873d25..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordAuthenticatedRecipient.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.OutputStream; -import java.security.Key; - -import javax.crypto.Mac; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.jcajce.io.MacOutputStream; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.jcajce.JceGenericKey; - -public class JcePasswordAuthenticatedRecipient - extends JcePasswordRecipient -{ - public JcePasswordAuthenticatedRecipient(char[] password) - { - super(password); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentMacAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) - throws CMSException - { - final Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentMacAlgorithm, derivedKey, encryptedContentEncryptionKey); - - final Mac dataMac = helper.createContentMac(secretKey, contentMacAlgorithm); - - return new RecipientOperator(new MacCalculator() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentMacAlgorithm; - } - - public GenericKey getKey() - { - return new JceGenericKey(contentMacAlgorithm, secretKey); - } - - public OutputStream getOutputStream() - { - return new MacOutputStream(dataMac); - } - - public byte[] getMac() - { - return dataMac.doFinal(); - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordEnvelopedRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordEnvelopedRecipient.java deleted file mode 100644 index be741db4..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordEnvelopedRecipient.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.InputStream; -import java.security.Key; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.RecipientOperator; -import org.bouncycastle.operator.InputDecryptor; - -public class JcePasswordEnvelopedRecipient - extends JcePasswordRecipient -{ - public JcePasswordEnvelopedRecipient(char[] password) - { - super(password); - } - - public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) - throws CMSException - { - Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, derivedKey, encryptedContentEncryptionKey); - - final Cipher dataCipher = helper.createContentCipher(secretKey, contentEncryptionAlgorithm); - - return new RecipientOperator(new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataOut) - { - return new CipherInputStream(dataOut, dataCipher); - } - }); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java deleted file mode 100644 index 3c00b5ef..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.Provider; - -import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.PasswordRecipient; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using a password. - */ -public abstract class JcePasswordRecipient - implements PasswordRecipient -{ - private int schemeID = PasswordRecipient.PKCS5_SCHEME2_UTF8; - protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - private char[] password; - - JcePasswordRecipient( - char[] password) - { - this.password = password; - } - - public JcePasswordRecipient setPasswordConversionScheme(int schemeID) - { - this.schemeID = schemeID; - - return this; - } - - public JcePasswordRecipient setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JcePasswordRecipient setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) - throws CMSException - { - Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); - - try - { - IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets()); - - keyEncryptionCipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec); - - return keyEncryptionCipher.unwrap(encryptedContentEncryptionKey, contentEncryptionAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); - } - } - - public byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) - throws CMSException - { - PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); - - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); - - return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - } - - public int getPasswordConversionScheme() - { - return schemeID; - } - - public char[] getPassword() - { - return password; - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java deleted file mode 100644 index fefe016e..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.Provider; - -import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.PasswordRecipientInfoGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.operator.GenericKey; - -public class JcePasswordRecipientInfoGenerator - extends PasswordRecipientInfoGenerator -{ - private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - - public JcePasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password) - { - super(kekAlgorithm, password); - } - - public JcePasswordRecipientInfoGenerator setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JcePasswordRecipientInfoGenerator setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - protected byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) - throws CMSException - { - PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); - - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); - - return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - } - - public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) - throws CMSException - { - Key contentEncryptionKeySpec = helper.getJceKey(contentEncryptionKey); - Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); - - try - { - IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets()); - - keyEncryptionCipher.init(Cipher.WRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec); - - return keyEncryptionCipher.wrap(contentEncryptionKeySpec); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); - } - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/NamedJcaJceExtHelper.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/NamedJcaJceExtHelper.java deleted file mode 100644 index fba72dc7..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/NamedJcaJceExtHelper.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.PrivateKey; - -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.operator.SymmetricKeyUnwrapper; -import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; -import org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper; - -class NamedJcaJceExtHelper - extends NamedJcaJceHelper - implements JcaJceExtHelper -{ - public NamedJcaJceExtHelper(String providerName) - { - super(providerName); - } - - public JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey) - { - return new JceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(providerName); - } - - public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey) - { - return new JceSymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(providerName); - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/ProviderJcaJceExtHelper.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/ProviderJcaJceExtHelper.java deleted file mode 100644 index f6991a89..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/ProviderJcaJceExtHelper.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.security.PrivateKey; -import java.security.Provider; - -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; -import org.bouncycastle.operator.SymmetricKeyUnwrapper; -import org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; -import org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper; - -class ProviderJcaJceExtHelper - extends ProviderJcaJceHelper - implements JcaJceExtHelper -{ - public ProviderJcaJceExtHelper(Provider provider) - { - super(provider); - } - - public JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey) - { - return new JceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(provider); - } - - public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey) - { - return new JceSymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(provider); - } -}
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibCompressor.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibCompressor.java deleted file mode 100644 index 53da722b..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibCompressor.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.OutputStream; -import java.util.zip.DeflaterOutputStream; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.OutputCompressor; - -public class ZlibCompressor - implements OutputCompressor -{ - private static final String ZLIB = "1.2.840.113549.1.9.16.3.8"; - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return new AlgorithmIdentifier(new ASN1ObjectIdentifier(ZLIB)); - } - - public OutputStream getOutputStream(OutputStream comOut) - { - return new DeflaterOutputStream(comOut); - } -} diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java deleted file mode 100644 index 15729a73..00000000 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java +++ /dev/null @@ -1,116 +0,0 @@ -package org.bouncycastle.cms.jcajce; - -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.zip.InflaterInputStream; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.InputExpander; -import org.bouncycastle.operator.InputExpanderProvider; -import org.bouncycastle.util.io.StreamOverflowException; - -public class ZlibExpanderProvider - implements InputExpanderProvider -{ - private final long limit; - - /** - * Base constructor. Create an expander which will not limit the size of any objects expanded in the stream. - */ - public ZlibExpanderProvider() - { - this.limit = -1; - } - - /** - * Create a provider which caps the number of expanded bytes that can be produced when the - * compressed stream is parsed. - * - * @param limit max number of bytes allowed in an expanded stream. - */ - public ZlibExpanderProvider(long limit) - { - this.limit = limit; - } - - public InputExpander get(final AlgorithmIdentifier algorithm) - { - return new InputExpander() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithm; - } - - public InputStream getInputStream(InputStream comIn) - { - InputStream s = new InflaterInputStream(comIn); - if (limit >= 0) - { - s = new LimitedInputStream(s, limit); - } - return s; - } - }; - } - - private static class LimitedInputStream - extends FilterInputStream - { - private long remaining; - - public LimitedInputStream(InputStream input, long limit) - { - super(input); - - this.remaining = limit; - } - - public int read() - throws IOException - { - // Only a single 'extra' byte will ever be read - if (remaining >= 0) - { - int b = super.in.read(); - if (b < 0 || --remaining >= 0) - { - return b; - } - } - - throw new StreamOverflowException("expanded byte limit exceeded"); - } - - public int read(byte[] buf, int off, int len) - throws IOException - { - if (len < 1) - { - // This will give correct exceptions/returns for strange lengths - return super.read(buf, off, len); - } - - if (remaining < 1) - { - // Will either return EOF or throw exception - read(); - return -1; - } - - /* - * Limit the underlying request to 'remaining' bytes. This ensures the - * caller will see the full 'limit' bytes before getting an exception. - * Also, only one extra byte will ever be read. - */ - int actualLen = (remaining > len ? len : (int)remaining); - int numRead = super.in.read(buf, off, actualLen); - if (numRead > 0) - { - remaining -= numRead; - } - return numRead; - } - } -} |