diff options
| author | David Hook <dgh@cryptoworkshop.com> | 2013-11-13 02:35:14 +0400 |
|---|---|---|
| committer | David Hook <dgh@cryptoworkshop.com> | 2013-11-13 02:35:14 +0400 |
| commit | fe3e95497dad7d29244c4df212a9690d6dd17250 (patch) | |
| tree | 571a96522341291477c7dd3683d08b9883caccf3 /pkix/src | |
| parent | 624059f428eafba70ee01463935f8cda6619cb2f (diff) | |
cleanup
Diffstat (limited to 'pkix/src')
21 files changed, 0 insertions, 5466 deletions
diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedData.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedData.java deleted file mode 100644 index e1b0c05b..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedData.java +++ /dev/null @@ -1,215 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * containing class for an CMS Enveloped Data object - * <p> - * Example of use - assuming the first recipient matches the private key we have. - * <pre> - * CMSEnvelopedData ed = new CMSEnvelopedData(inputStream); - * - * RecipientInformationStore recipients = ed.getRecipientInfos(); - * - * Collection c = recipients.getRecipients(); - * Iterator it = c.iterator(); - * - * if (it.hasNext()) - * { - * RecipientInformation recipient = (RecipientInformation)it.next(); - * - * byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC")); - * - * processData(recData); - * } - * </pre> - */ -public class CMSEnvelopedData -{ - RecipientInformationStore recipientInfoStore; - ContentInfo contentInfo; - - private AlgorithmIdentifier encAlg; - private ASN1Set unprotectedAttributes; - private OriginatorInformation originatorInfo; - - public CMSEnvelopedData( - byte[] envelopedData) - throws CMSException - { - this(CMSUtils.readContentInfo(envelopedData)); - } - - public CMSEnvelopedData( - InputStream envelopedData) - throws CMSException - { - this(CMSUtils.readContentInfo(envelopedData)); - } - - /** - * Construct a CMSEnvelopedData object from a content info object. - * - * @param contentInfo the contentInfo containing the CMS EnvelopedData object. - * @throws CMSException in the case where malformed content is encountered. - */ - public CMSEnvelopedData( - ContentInfo contentInfo) - throws CMSException - { - this.contentInfo = contentInfo; - - try - { - EnvelopedData envData = EnvelopedData.getInstance(contentInfo.getContent()); - - if (envData.getOriginatorInfo() != null) - { - originatorInfo = new OriginatorInformation(envData.getOriginatorInfo()); - } - - // - // read the recipients - // - ASN1Set recipientInfos = envData.getRecipientInfos(); - - // - // read the encrypted content info - // - EncryptedContentInfo encInfo = envData.getEncryptedContentInfo(); - this.encAlg = encInfo.getContentEncryptionAlgorithm(); - CMSReadable readable = new CMSProcessableByteArray(encInfo.getEncryptedContent().getOctets()); - CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSEnvelopedSecureReadable( - this.encAlg, readable); - - // - // build the RecipientInformationStore - // - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore( - recipientInfos, this.encAlg, secureReadable); - - this.unprotectedAttributes = envData.getUnprotectedAttrs(); - } - catch (ClassCastException e) - { - throw new CMSException("Malformed content.", e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("Malformed content.", e); - } - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } - - /** - * Return the originator information associated with this message if present. - * - * @return OriginatorInformation, null if not present. - */ - public OriginatorInformation getOriginatorInfo() - { - return originatorInfo; - } - - /** - * Return the content encryption algorithm details for the data in this object. - * - * @return AlgorithmIdentifier representing the content encryption algorithm. - */ - public AlgorithmIdentifier getContentEncryptionAlgorithm() - { - return encAlg; - } - - /** - * return the object identifier for the content encryption algorithm. - */ - public String getEncryptionAlgOID() - { - return encAlg.getAlgorithm().getId(); - } - - /** - * return the ASN.1 encoded encryption algorithm parameters, or null if - * there aren't any. - */ - public byte[] getEncryptionAlgParams() - { - try - { - return encodeObj(encAlg.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * return a store of the intended recipients for this message - */ - public RecipientInformationStore getRecipientInfos() - { - return recipientInfoStore; - } - - /** - * return the ContentInfo - * @deprecated use toASN1Structure() - */ - public ContentInfo getContentInfo() - { - return contentInfo; - } - - /** - * return the ContentInfo - */ - public ContentInfo toASN1Structure() - { - return contentInfo; - } - - /** - * return a table of the unprotected attributes indexed by - * the OID of the attribute. - */ - public AttributeTable getUnprotectedAttributes() - { - if (unprotectedAttributes == null) - { - return null; - } - - return new AttributeTable(unprotectedAttributes); - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return contentInfo.getEncoded(); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java deleted file mode 100644 index 0ab400bd..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataGenerator.java +++ /dev/null @@ -1,143 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.security.SecureRandom; -import java.util.HashMap; -import java.util.Iterator; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OutputEncryptor; - -/** - * General class for generating a CMS enveloped-data message. - * - * A simple example of usage. - * - * <pre> - * CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes()); - * - * CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); - * - * edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC")); - * - * CMSEnvelopedData ed = edGen.generate( - * msg, - * new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC) - * .setProvider("BC").build()); - * - * </pre> - */ -public class CMSEnvelopedDataGenerator - extends CMSEnvelopedGenerator -{ - /** - * base constructor - */ - public CMSEnvelopedDataGenerator() - { - } - - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - * @deprecated use no args constructor. - */ - public CMSEnvelopedDataGenerator( - SecureRandom rand) - { - super(rand); - } - - private CMSEnvelopedData doGenerate( - CMSTypedData content, - OutputEncryptor contentEncryptor) - throws CMSException - { - if (!oldRecipientInfoGenerators.isEmpty()) - { - throw new IllegalStateException("can only use addRecipientGenerator() with this method"); - } - - ASN1EncodableVector recipientInfos = new ASN1EncodableVector(); - AlgorithmIdentifier encAlgId; - ASN1OctetString encContent; - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - OutputStream cOut = contentEncryptor.getOutputStream(bOut); - - content.write(cOut); - - cOut.close(); - } - catch (IOException e) - { - throw new CMSException(""); - } - - byte[] encryptedContent = bOut.toByteArray(); - - encAlgId = contentEncryptor.getAlgorithmIdentifier(); - - encContent = new BEROctetString(encryptedContent); - - GenericKey encKey = contentEncryptor.getKey(); - - for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();) - { - RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next(); - - recipientInfos.add(recipient.generate(encKey)); - } - - EncryptedContentInfo eci = new EncryptedContentInfo( - content.getContentType(), - encAlgId, - encContent); - - ASN1Set unprotectedAttrSet = null; - if (unprotectedAttributeGenerator != null) - { - AttributeTable attrTable = unprotectedAttributeGenerator.getAttributes(new HashMap()); - - unprotectedAttrSet = new BERSet(attrTable.toASN1EncodableVector()); - } - - ContentInfo contentInfo = new ContentInfo( - CMSObjectIdentifiers.envelopedData, - new EnvelopedData(originatorInfo, new DERSet(recipientInfos), eci, unprotectedAttrSet)); - - return new CMSEnvelopedData(contentInfo); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given provider. - * - * @param content the content to be encrypted - * @param contentEncryptor the symmetric key based encryptor to encrypt the content with. - */ - public CMSEnvelopedData generate( - CMSTypedData content, - OutputEncryptor contentEncryptor) - throws CMSException - { - return doGenerate(content, contentEncryptor); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataParser.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataParser.java deleted file mode 100644 index defd2f70..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataParser.java +++ /dev/null @@ -1,208 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetStringParser; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.BERTags; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.EncryptedContentInfoParser; -import org.bouncycastle.asn1.cms.EnvelopedDataParser; -import org.bouncycastle.asn1.cms.OriginatorInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * Parsing class for an CMS Enveloped Data object from an input stream. - * <p> - * Note: that because we are in a streaming mode only one recipient can be tried and it is important - * that the methods on the parser are called in the appropriate order. - * </p> - * <p> - * Example of use - assuming the first recipient matches the private key we have. - * <pre> - * CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(inputStream); - * - * RecipientInformationStore recipients = ep.getRecipientInfos(); - * - * Collection c = recipients.getRecipients(); - * Iterator it = c.iterator(); - * - * if (it.hasNext()) - * { - * RecipientInformation recipient = (RecipientInformation)it.next(); - * - * CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC")); - * - * processDataStream(recData.getContentStream()); - * } - * </pre> - * Note: this class does not introduce buffering - if you are processing large files you should create - * the parser with: - * <pre> - * CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(new BufferedInputStream(inputStream, bufSize)); - * </pre> - * where bufSize is a suitably large buffer size. - */ -public class CMSEnvelopedDataParser - extends CMSContentInfoParser -{ - RecipientInformationStore recipientInfoStore; - EnvelopedDataParser envelopedData; - - private AlgorithmIdentifier encAlg; - private AttributeTable unprotectedAttributes; - private boolean attrNotRead; - private OriginatorInformation originatorInfo; - - public CMSEnvelopedDataParser( - byte[] envelopedData) - throws CMSException, IOException - { - this(new ByteArrayInputStream(envelopedData)); - } - - public CMSEnvelopedDataParser( - InputStream envelopedData) - throws CMSException, IOException - { - super(envelopedData); - - this.attrNotRead = true; - this.envelopedData = new EnvelopedDataParser((ASN1SequenceParser)_contentInfo.getContent(BERTags.SEQUENCE)); - - // TODO Validate version? - //DERInteger version = this._envelopedData.getVersion(); - - OriginatorInfo info = this.envelopedData.getOriginatorInfo(); - - if (info != null) - { - this.originatorInfo = new OriginatorInformation(info); - } - - // - // read the recipients - // - ASN1Set recipientInfos = ASN1Set.getInstance(this.envelopedData.getRecipientInfos().toASN1Primitive()); - - // - // read the encrypted content info - // - EncryptedContentInfoParser encInfo = this.envelopedData.getEncryptedContentInfo(); - this.encAlg = encInfo.getContentEncryptionAlgorithm(); - CMSReadable readable = new CMSProcessableInputStream( - ((ASN1OctetStringParser)encInfo.getEncryptedContent(BERTags.OCTET_STRING)).getOctetStream()); - CMSSecureReadable secureReadable = new CMSEnvelopedHelper.CMSEnvelopedSecureReadable( - this.encAlg, readable); - - // - // build the RecipientInformationStore - // - this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore( - recipientInfos, this.encAlg, secureReadable); - } - - /** - * return the object identifier for the content encryption algorithm. - */ - public String getEncryptionAlgOID() - { - return encAlg.getAlgorithm().toString(); - } - - /** - * return the ASN.1 encoded encryption algorithm parameters, or null if - * there aren't any. - */ - public byte[] getEncryptionAlgParams() - { - try - { - return encodeObj(encAlg.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * Return the content encryption algorithm details for the data in this object. - * - * @return AlgorithmIdentifier representing the content encryption algorithm. - */ - public AlgorithmIdentifier getContentEncryptionAlgorithm() - { - return encAlg; - } - - /** - * Return the originator information associated with this message if present. - * - * @return OriginatorInformation, null if not present. - */ - public OriginatorInformation getOriginatorInfo() - { - return originatorInfo; - } - - /** - * return a store of the intended recipients for this message - */ - public RecipientInformationStore getRecipientInfos() - { - return recipientInfoStore; - } - - /** - * return a table of the unprotected attributes indexed by - * the OID of the attribute. - * @exception IOException - */ - public AttributeTable getUnprotectedAttributes() - throws IOException - { - if (unprotectedAttributes == null && attrNotRead) - { - ASN1SetParser set = envelopedData.getUnprotectedAttrs(); - - attrNotRead = false; - - if (set != null) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - ASN1Encodable o; - - while ((o = set.readObject()) != null) - { - ASN1SequenceParser seq = (ASN1SequenceParser)o; - - v.add(seq.toASN1Primitive()); - } - - unprotectedAttributes = new AttributeTable(new DERSet(v)); - } - } - - return unprotectedAttributes; - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java deleted file mode 100644 index 2548696f..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java +++ /dev/null @@ -1,306 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.HashMap; -import java.util.Iterator; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OutputEncryptor; - -/** - * General class for generating a CMS enveloped-data message stream. - * <p> - * A simple example of usage. - * <pre> - * CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator(); - * - * edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(recipientCert).setProvider("BC")); - * - * ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - * - * OutputStream out = edGen.open( - * bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC) - * .setProvider("BC").build()); - * out.write(data); - * - * out.close(); - * </pre> - */ -public class CMSEnvelopedDataStreamGenerator - extends CMSEnvelopedGenerator -{ - private ASN1Set _unprotectedAttributes = null; - private int _bufferSize; - private boolean _berEncodeRecipientSet; - - /** - * base constructor - */ - public CMSEnvelopedDataStreamGenerator() - { - } - - /** - * Set the underlying string size for encapsulated data - * - * @param bufferSize length of octet strings to buffer the data. - */ - public void setBufferSize( - int bufferSize) - { - _bufferSize = bufferSize; - } - - /** - * Use a BER Set to store the recipient information - */ - public void setBEREncodeRecipients( - boolean berEncodeRecipientSet) - { - _berEncodeRecipientSet = berEncodeRecipientSet; - } - - private DERInteger getVersion() - { - if (originatorInfo != null || _unprotectedAttributes != null) - { - return new DERInteger(2); - } - else - { - return new DERInteger(0); - } - } - - private OutputStream doOpen( - ASN1ObjectIdentifier dataType, - OutputStream out, - OutputEncryptor encryptor) - throws IOException, CMSException - { - ASN1EncodableVector recipientInfos = new ASN1EncodableVector(); - GenericKey encKey = encryptor.getKey(); - Iterator it = recipientInfoGenerators.iterator(); - - while (it.hasNext()) - { - RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next(); - - recipientInfos.add(recipient.generate(encKey)); - } - - return open(dataType, out, recipientInfos, encryptor); - } - - protected OutputStream open( - ASN1ObjectIdentifier dataType, - OutputStream out, - ASN1EncodableVector recipientInfos, - OutputEncryptor encryptor) - throws IOException - { - // - // ContentInfo - // - BERSequenceGenerator cGen = new BERSequenceGenerator(out); - - cGen.addObject(CMSObjectIdentifiers.envelopedData); - - // - // Encrypted Data - // - BERSequenceGenerator envGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true); - - envGen.addObject(getVersion()); - - if (originatorInfo != null) - { - envGen.addObject(new DERTaggedObject(false, 0, originatorInfo)); - } - - if (_berEncodeRecipientSet) - { - envGen.getRawOutputStream().write(new BERSet(recipientInfos).getEncoded()); - } - else - { - envGen.getRawOutputStream().write(new DERSet(recipientInfos).getEncoded()); - } - - BERSequenceGenerator eiGen = new BERSequenceGenerator(envGen.getRawOutputStream()); - - eiGen.addObject(dataType); - - AlgorithmIdentifier encAlgId = encryptor.getAlgorithmIdentifier(); - - eiGen.getRawOutputStream().write(encAlgId.getEncoded()); - - OutputStream octetStream = CMSUtils.createBEROctetOutputStream( - eiGen.getRawOutputStream(), 0, false, _bufferSize); - - OutputStream cOut = encryptor.getOutputStream(octetStream); - - return new CmsEnvelopedDataOutputStream(cOut, cGen, envGen, eiGen); - } - - protected OutputStream open( - OutputStream out, - ASN1EncodableVector recipientInfos, - OutputEncryptor encryptor) - throws CMSException - { - try - { - // - // ContentInfo - // - BERSequenceGenerator cGen = new BERSequenceGenerator(out); - - cGen.addObject(CMSObjectIdentifiers.envelopedData); - - // - // Encrypted Data - // - BERSequenceGenerator envGen = new BERSequenceGenerator(cGen.getRawOutputStream(), 0, true); - - ASN1Set recipients; - if (_berEncodeRecipientSet) - { - recipients = new BERSet(recipientInfos); - } - else - { - recipients = new DERSet(recipientInfos); - } - - envGen.addObject(new ASN1Integer(EnvelopedData.calculateVersion(originatorInfo, recipients, _unprotectedAttributes))); - - if (originatorInfo != null) - { - envGen.addObject(new DERTaggedObject(false, 0, originatorInfo)); - } - - envGen.getRawOutputStream().write(recipients.getEncoded()); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(envGen.getRawOutputStream()); - - eiGen.addObject(CMSObjectIdentifiers.data); - - AlgorithmIdentifier encAlgId = encryptor.getAlgorithmIdentifier(); - - eiGen.getRawOutputStream().write(encAlgId.getEncoded()); - - OutputStream octetStream = CMSUtils.createBEROctetOutputStream( - eiGen.getRawOutputStream(), 0, false, _bufferSize); - - return new CmsEnvelopedDataOutputStream(encryptor.getOutputStream(octetStream), cGen, envGen, eiGen); - } - catch (IOException e) - { - throw new CMSException("exception decoding algorithm parameters.", e); - } - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given encryptor. - */ - public OutputStream open( - OutputStream out, - OutputEncryptor encryptor) - throws CMSException, IOException - { - return doOpen(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), out, encryptor); - } - - /** - * generate an enveloped object that contains an CMS Enveloped Data - * object using the given encryptor and marking the data as being of the passed - * in type. - */ - public OutputStream open( - ASN1ObjectIdentifier dataType, - OutputStream out, - OutputEncryptor encryptor) - throws CMSException, IOException - { - return doOpen(dataType, out, encryptor); - } - - private class CmsEnvelopedDataOutputStream - extends OutputStream - { - private OutputStream _out; - private BERSequenceGenerator _cGen; - private BERSequenceGenerator _envGen; - private BERSequenceGenerator _eiGen; - - public CmsEnvelopedDataOutputStream( - OutputStream out, - BERSequenceGenerator cGen, - BERSequenceGenerator envGen, - BERSequenceGenerator eiGen) - { - _out = out; - _cGen = cGen; - _envGen = envGen; - _eiGen = eiGen; - } - - public void write( - int b) - throws IOException - { - _out.write(b); - } - - public void write( - byte[] bytes, - int off, - int len) - throws IOException - { - _out.write(bytes, off, len); - } - - public void write( - byte[] bytes) - throws IOException - { - _out.write(bytes); - } - - public void close() - throws IOException - { - _out.close(); - _eiGen.close(); - - if (unprotectedAttributeGenerator != null) - { - AttributeTable attrTable = unprotectedAttributeGenerator.getAttributes(new HashMap()); - - ASN1Set unprotectedAttrs = new BERSet(attrTable.toASN1EncodableVector()); - - _envGen.addObject(new DERTaggedObject(false, 1, unprotectedAttrs)); - } - - _envGen.close(); - _cGen.close(); - } - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedGenerator.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedGenerator.java deleted file mode 100644 index 3ffcf169..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedGenerator.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.cms; - -import java.security.SecureRandom; -import java.util.ArrayList; -import java.util.List; - -import org.bouncycastle.asn1.cms.OriginatorInfo; -import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - -/** - * General class for generating a CMS enveloped-data message. - */ -public class CMSEnvelopedGenerator -{ - public static final String DES_EDE3_CBC = PKCSObjectIdentifiers.des_EDE3_CBC.getId(); - public static final String RC2_CBC = PKCSObjectIdentifiers.RC2_CBC.getId(); - public static final String IDEA_CBC = "1.3.6.1.4.1.188.7.1.1.2"; - public static final String CAST5_CBC = "1.2.840.113533.7.66.10"; - public static final String AES128_CBC = NISTObjectIdentifiers.id_aes128_CBC.getId(); - public static final String AES192_CBC = NISTObjectIdentifiers.id_aes192_CBC.getId(); - public static final String AES256_CBC = NISTObjectIdentifiers.id_aes256_CBC.getId(); - public static final String CAMELLIA128_CBC = NTTObjectIdentifiers.id_camellia128_cbc.getId(); - public static final String CAMELLIA192_CBC = NTTObjectIdentifiers.id_camellia192_cbc.getId(); - public static final String CAMELLIA256_CBC = NTTObjectIdentifiers.id_camellia256_cbc.getId(); - public static final String SEED_CBC = KISAObjectIdentifiers.id_seedCBC.getId(); - - public static final String DES_EDE3_WRAP = PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(); - public static final String AES128_WRAP = NISTObjectIdentifiers.id_aes128_wrap.getId(); - public static final String AES192_WRAP = NISTObjectIdentifiers.id_aes192_wrap.getId(); - public static final String AES256_WRAP = NISTObjectIdentifiers.id_aes256_wrap.getId(); - public static final String CAMELLIA128_WRAP = NTTObjectIdentifiers.id_camellia128_wrap.getId(); - public static final String CAMELLIA192_WRAP = NTTObjectIdentifiers.id_camellia192_wrap.getId(); - public static final String CAMELLIA256_WRAP = NTTObjectIdentifiers.id_camellia256_wrap.getId(); - public static final String SEED_WRAP = KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap.getId(); - - public static final String ECDH_SHA1KDF = X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme.getId(); - public static final String ECMQV_SHA1KDF = X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme.getId(); - - final List oldRecipientInfoGenerators = new ArrayList(); - final List recipientInfoGenerators = new ArrayList(); - - protected CMSAttributeTableGenerator unprotectedAttributeGenerator = null; - - final SecureRandom rand; - protected OriginatorInfo originatorInfo; - - /** - * base constructor - */ - public CMSEnvelopedGenerator() - { - this(new SecureRandom()); - } - - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - */ - public CMSEnvelopedGenerator( - SecureRandom rand) - { - this.rand = rand; - } - - public void setUnprotectedAttributeGenerator(CMSAttributeTableGenerator unprotectedAttributeGenerator) - { - this.unprotectedAttributeGenerator = unprotectedAttributeGenerator; - } - - - public void setOriginatorInfo(OriginatorInformation originatorInfo) - { - this.originatorInfo = originatorInfo.toASN1Structure(); - } - - /** - * Add a generator to produce the recipient info required. - * - * @param recipientGenerator a generator of a recipient info object. - */ - public void addRecipientInfoGenerator(RecipientInfoGenerator recipientGenerator) - { - recipientInfoGenerators.add(recipientGenerator); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedHelper.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedHelper.java deleted file mode 100644 index 86b5b978..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSEnvelopedHelper.java +++ /dev/null @@ -1,199 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.cms.KEKRecipientInfo; -import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo; -import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; -import org.bouncycastle.asn1.cms.PasswordRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.util.Integers; - -class CMSEnvelopedHelper -{ - static final CMSEnvelopedHelper INSTANCE = new CMSEnvelopedHelper(); - - private static final Map KEYSIZES = new HashMap(); - private static final Map BASE_CIPHER_NAMES = new HashMap(); - private static final Map CIPHER_ALG_NAMES = new HashMap(); - private static final Map MAC_ALG_NAMES = new HashMap(); - - static - { - KEYSIZES.put(CMSEnvelopedGenerator.DES_EDE3_CBC, Integers.valueOf(192)); - KEYSIZES.put(CMSEnvelopedGenerator.AES128_CBC, Integers.valueOf(128)); - KEYSIZES.put(CMSEnvelopedGenerator.AES192_CBC, Integers.valueOf(192)); - KEYSIZES.put(CMSEnvelopedGenerator.AES256_CBC, Integers.valueOf(256)); - - BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC, "DESEDE"); - BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES128_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES192_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSEnvelopedGenerator.AES256_CBC, "AES"); - - CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES128_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES192_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSEnvelopedGenerator.AES256_CBC, "AES/CBC/PKCS5Padding"); - - MAC_ALG_NAMES.put(CMSEnvelopedGenerator.DES_EDE3_CBC, "DESEDEMac"); - MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES128_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES192_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSEnvelopedGenerator.AES256_CBC, "AESMac"); - } - - int getKeySize(String oid) - { - Integer keySize = (Integer)KEYSIZES.get(oid); - - if (keySize == null) - { - throw new IllegalArgumentException("no keysize for " + oid); - } - - return keySize.intValue(); - } - - static RecipientInformationStore buildRecipientInformationStore( - ASN1Set recipientInfos, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable) - { - return buildRecipientInformationStore(recipientInfos, messageAlgorithm, secureReadable, null); - } - - static RecipientInformationStore buildRecipientInformationStore( - ASN1Set recipientInfos, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData) - { - List infos = new ArrayList(); - for (int i = 0; i != recipientInfos.size(); i++) - { - RecipientInfo info = RecipientInfo.getInstance(recipientInfos.getObjectAt(i)); - - readRecipientInfo(infos, info, messageAlgorithm, secureReadable, additionalData); - } - return new RecipientInformationStore(infos); - } - - private static void readRecipientInfo( - List infos, RecipientInfo info, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData) - { - ASN1Encodable recipInfo = info.getInfo(); - if (recipInfo instanceof KeyTransRecipientInfo) - { - infos.add(new KeyTransRecipientInformation( - (KeyTransRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData)); - } - else if (recipInfo instanceof KEKRecipientInfo) - { - infos.add(new KEKRecipientInformation( - (KEKRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData)); - } - else if (recipInfo instanceof KeyAgreeRecipientInfo) - { - KeyAgreeRecipientInformation.readRecipientInfo(infos, - (KeyAgreeRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData); - } - else if (recipInfo instanceof PasswordRecipientInfo) - { - infos.add(new PasswordRecipientInformation( - (PasswordRecipientInfo)recipInfo, messageAlgorithm, secureReadable, additionalData)); - } - } - - static class CMSDigestAuthenticatedSecureReadable - implements CMSSecureReadable - { - private DigestCalculator digestCalculator; - private CMSReadable readable; - - public CMSDigestAuthenticatedSecureReadable(DigestCalculator digestCalculator, CMSReadable readable) - { - this.digestCalculator = digestCalculator; - this.readable = readable; - } - - public InputStream getInputStream() - throws IOException, CMSException - { - return new FilterInputStream(readable.getInputStream()) - { - public int read() - throws IOException - { - int b = in.read(); - - if (b >= 0) - { - digestCalculator.getOutputStream().write(b); - } - - return b; - } - - public int read(byte[] inBuf, int inOff, int inLen) - throws IOException - { - int n = in.read(inBuf, inOff, inLen); - - if (n >= 0) - { - digestCalculator.getOutputStream().write(inBuf, inOff, n); - } - - return n; - } - }; - } - - public byte[] getDigest() - { - return digestCalculator.getDigest(); - } - } - - static class CMSAuthenticatedSecureReadable implements CMSSecureReadable - { - private AlgorithmIdentifier algorithm; - private CMSReadable readable; - - CMSAuthenticatedSecureReadable(AlgorithmIdentifier algorithm, CMSReadable readable) - { - this.algorithm = algorithm; - this.readable = readable; - } - - public InputStream getInputStream() - throws IOException, CMSException - { - return readable.getInputStream(); - } - - } - - static class CMSEnvelopedSecureReadable implements CMSSecureReadable - { - private AlgorithmIdentifier algorithm; - private CMSReadable readable; - - CMSEnvelopedSecureReadable(AlgorithmIdentifier algorithm, CMSReadable readable) - { - this.algorithm = algorithm; - this.readable = readable; - } - - public InputStream getInputStream() - throws IOException, CMSException - { - return readable.getInputStream(); - } - - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedData.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedData.java deleted file mode 100644 index 083f2b40..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedData.java +++ /dev/null @@ -1,542 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.SignedData; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; -import org.bouncycastle.util.Store; - -/** - * general class for handling a pkcs7-signature message. - * - * A simple example of usage - note, in the example below the validity of - * the certificate isn't verified, just the fact that one of the certs - * matches the given signer... - * - * <pre> - * Store certStore = s.getCertificates(); - * SignerInformationStore signers = s.getSignerInfos(); - * Collection c = signers.getSigners(); - * Iterator it = c.iterator(); - * - * while (it.hasNext()) - * { - * SignerInformation signer = (SignerInformation)it.next(); - * Collection certCollection = certStore.getMatches(signer.getSID()); - * - * Iterator certIt = certCollection.iterator(); - * X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - * - * if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) - * { - * verified++; - * } - * } - * </pre> - */ -public class CMSSignedData -{ - private static final CMSSignedHelper HELPER = CMSSignedHelper.INSTANCE; - - SignedData signedData; - ContentInfo contentInfo; - CMSTypedData signedContent; - SignerInformationStore signerInfoStore; - private Map hashes; - - private CMSSignedData( - CMSSignedData c) - { - this.signedData = c.signedData; - this.contentInfo = c.contentInfo; - this.signedContent = c.signedContent; - this.signerInfoStore = c.signerInfoStore; - } - - public CMSSignedData( - byte[] sigBlock) - throws CMSException - { - this(CMSUtils.readContentInfo(sigBlock)); - } - - public CMSSignedData( - CMSProcessable signedContent, - byte[] sigBlock) - throws CMSException - { - this(signedContent, CMSUtils.readContentInfo(sigBlock)); - } - - /** - * Content with detached signature, digests precomputed - * - * @param hashes a map of precomputed digests for content indexed by name of hash. - * @param sigBlock the signature object. - */ - public CMSSignedData( - Map hashes, - byte[] sigBlock) - throws CMSException - { - this(hashes, CMSUtils.readContentInfo(sigBlock)); - } - - /** - * base constructor - content with detached signature. - * - * @param signedContent the content that was signed. - * @param sigData the signature object. - */ - public CMSSignedData( - CMSProcessable signedContent, - InputStream sigData) - throws CMSException - { - this(signedContent, CMSUtils.readContentInfo(new ASN1InputStream(sigData))); - } - - /** - * base constructor - with encapsulated content - */ - public CMSSignedData( - InputStream sigData) - throws CMSException - { - this(CMSUtils.readContentInfo(sigData)); - } - - public CMSSignedData( - final CMSProcessable signedContent, - ContentInfo sigData) - throws CMSException - { - if (signedContent instanceof CMSTypedData) - { - this.signedContent = (CMSTypedData)signedContent; - } - else - { - this.signedContent = new CMSTypedData() - { - public ASN1ObjectIdentifier getContentType() - { - return signedData.getEncapContentInfo().getContentType(); - } - - public void write(OutputStream out) - throws IOException, CMSException - { - signedContent.write(out); - } - - public Object getContent() - { - return signedContent.getContent(); - } - }; - } - - this.contentInfo = sigData; - this.signedData = getSignedData(); - } - - public CMSSignedData( - Map hashes, - ContentInfo sigData) - throws CMSException - { - this.hashes = hashes; - this.contentInfo = sigData; - this.signedData = getSignedData(); - } - - public CMSSignedData( - ContentInfo sigData) - throws CMSException - { - this.contentInfo = sigData; - this.signedData = getSignedData(); - - // - // this can happen if the signed message is sent simply to send a - // certificate chain. - // - if (signedData.getEncapContentInfo().getContent() != null) - { - this.signedContent = new CMSProcessableByteArray(signedData.getEncapContentInfo().getContentType(), - ((ASN1OctetString)(signedData.getEncapContentInfo() - .getContent())).getOctets()); - } - else - { - this.signedContent = null; - } - } - - private SignedData getSignedData() - throws CMSException - { - try - { - return SignedData.getInstance(contentInfo.getContent()); - } - catch (ClassCastException e) - { - throw new CMSException("Malformed content.", e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("Malformed content.", e); - } - } - - /** - * Return the version number for this object - */ - public int getVersion() - { - return signedData.getVersion().getValue().intValue(); - } - - /** - * return the collection of signers that are associated with the - * signatures for the message. - */ - public SignerInformationStore getSignerInfos() - { - if (signerInfoStore == null) - { - ASN1Set s = signedData.getSignerInfos(); - List signerInfos = new ArrayList(); - SignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - - for (int i = 0; i != s.size(); i++) - { - SignerInfo info = SignerInfo.getInstance(s.getObjectAt(i)); - ASN1ObjectIdentifier contentType = signedData.getEncapContentInfo().getContentType(); - - if (hashes == null) - { - signerInfos.add(new SignerInformation(info, contentType, signedContent, null)); - } - else - { - Object obj = hashes.keySet().iterator().next(); - byte[] hash = (obj instanceof String) ? (byte[])hashes.get(info.getDigestAlgorithm().getAlgorithm().getId()) : (byte[])hashes.get(info.getDigestAlgorithm().getAlgorithm()); - - signerInfos.add(new SignerInformation(info, contentType, null, hash)); - } - } - - signerInfoStore = new SignerInformationStore(signerInfos); - } - - return signerInfoStore; - } - - /** - * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. - * - * @return a Store of X509CertificateHolder objects. - */ - public Store getCertificates() - { - return HELPER.getCertificates(signedData.getCertificates()); - } - - /** - * Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects. - * - * @return a Store of X509CRLHolder objects. - */ - public Store getCRLs() - { - return HELPER.getCRLs(signedData.getCRLs()); - } - - /** - * Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects. - * - * @return a Store of X509AttributeCertificateHolder objects. - */ - public Store getAttributeCertificates() - { - return HELPER.getAttributeCertificates(signedData.getCertificates()); - } - - /** - * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in - * this SignedData structure. - * - * @param otherRevocationInfoFormat OID of the format type been looked for. - * - * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. - */ - public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) - { - return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs()); - } - - /** - * Return the a string representation of the OID associated with the - * encapsulated content info structure carried in the signed data. - * - * @return the OID for the content type. - */ - public String getSignedContentTypeOID() - { - return signedData.getEncapContentInfo().getContentType().getId(); - } - - public CMSTypedData getSignedContent() - { - return signedContent; - } - - /** - * return the ContentInfo - */ - public ContentInfo toASN1Structure() - { - return contentInfo; - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return contentInfo.getEncoded(); - } - - /** - * Verify all the SignerInformation objects and their associated counter signatures attached - * to this CMS SignedData object. - * - * @param verifierProvider a provider of SignerInformationVerifier objects. - * @return true if all verify, false otherwise. - * @throws CMSException if an exception occurs during the verification process. - */ - public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) - throws CMSException - { - return verifySignatures(verifierProvider, false); - } - - /** - * Verify all the SignerInformation objects and optionally their associated counter signatures attached - * to this CMS SignedData object. - * - * @param verifierProvider a provider of SignerInformationVerifier objects. - * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well. - * @return true if all verify, false otherwise. - * @throws CMSException if an exception occurs during the verification process. - */ - public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) - throws CMSException - { - Collection signers = this.getSignerInfos().getSigners(); - - for (Iterator it = signers.iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - - try - { - SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); - - if (!signer.verify(verifier)) - { - return false; - } - - if (!ignoreCounterSignatures) - { - Collection counterSigners = signer.getCounterSignatures().getSigners(); - - for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) - { - SignerInformation counterSigner = (SignerInformation)cIt.next(); - SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); - - if (!counterSigner.verify(counterVerifier)) - { - return false; - } - } - } - } - catch (OperatorCreationException e) - { - throw new CMSException("failure in verifier provider: " + e.getMessage(), e); - } - } - - return true; - } - - /** - * Replace the SignerInformation store associated with this - * CMSSignedData object with the new one passed in. You would - * probably only want to do this if you wanted to change the unsigned - * attributes associated with a signer, or perhaps delete one. - * - * @param signedData the signed data object to be used as a base. - * @param signerInformationStore the new signer information store to use. - * @return a new signed data object. - */ - public static CMSSignedData replaceSigners( - CMSSignedData signedData, - SignerInformationStore signerInformationStore) - { - // - // copy - // - CMSSignedData cms = new CMSSignedData(signedData); - - // - // replace the store - // - cms.signerInfoStore = signerInformationStore; - - // - // replace the signers in the SignedData object - // - ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); - ASN1EncodableVector vec = new ASN1EncodableVector(); - - Iterator it = signerInformationStore.getSigners().iterator(); - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); - vec.add(signer.toASN1Structure()); - } - - ASN1Set digests = new DERSet(digestAlgs); - ASN1Set signers = new DERSet(vec); - ASN1Sequence sD = (ASN1Sequence)signedData.signedData.toASN1Primitive(); - - vec = new ASN1EncodableVector(); - - // - // signers are the last item in the sequence. - // - vec.add(sD.getObjectAt(0)); // version - vec.add(digests); - - for (int i = 2; i != sD.size() - 1; i++) - { - vec.add(sD.getObjectAt(i)); - } - - vec.add(signers); - - cms.signedData = SignedData.getInstance(new BERSequence(vec)); - - // - // replace the contentInfo with the new one - // - cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData); - - return cms; - } - - /** - * Replace the certificate and CRL information associated with this - * CMSSignedData object with the new one passed in. - * - * @param signedData the signed data object to be used as a base. - * @param certificates the new certificates to be used. - * @param attrCerts the new attribute certificates to be used. - * @param crls the new CRLs to be used. - * @return a new signed data object. - * @exception CMSException if there is an error processing the CertStore - */ - public static CMSSignedData replaceCertificatesAndCRLs( - CMSSignedData signedData, - Store certificates, - Store attrCerts, - Store crls) - throws CMSException - { - // - // copy - // - CMSSignedData cms = new CMSSignedData(signedData); - - // - // replace the certs and crls in the SignedData object - // - ASN1Set certSet = null; - ASN1Set crlSet = null; - - if (certificates != null || attrCerts != null) - { - List certs = new ArrayList(); - - if (certificates != null) - { - certs.addAll(CMSUtils.getCertificatesFromStore(certificates)); - } - if (attrCerts != null) - { - certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts)); - } - - ASN1Set set = CMSUtils.createBerSetFromList(certs); - - if (set.size() != 0) - { - certSet = set; - } - } - - if (crls != null) - { - ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls)); - - if (set.size() != 0) - { - crlSet = set; - } - } - - // - // replace the CMS structure. - // - cms.signedData = new SignedData(signedData.signedData.getDigestAlgorithms(), - signedData.signedData.getEncapContentInfo(), - certSet, - crlSet, - signedData.signedData.getSignerInfos()); - - // - // replace the contentInfo with the new one - // - cms.contentInfo = new ContentInfo(cms.contentInfo.getContentType(), cms.signedData); - - return cms; - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataGenerator.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataGenerator.java deleted file mode 100644 index 08c27d5e..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataGenerator.java +++ /dev/null @@ -1,225 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.security.SecureRandom; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.SignedData; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcDigestCalculatorProvider; - -/** - * general class for generating a pkcs7-signature message. - * <p> - * A simple example of usage, generating a detached signature. - * - * <pre> - * List certList = new ArrayList(); - * CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes()); - * - * certList.add(signCert); - * - * Store certs = new JcaCertStore(certList); - * - * CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - * ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate()); - * - * gen.addSignerInfoGenerator( - * new JcaSignerInfoGeneratorBuilder( - * new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) - * .build(sha1Signer, signCert)); - * - * gen.addCertificates(certs); - * - * CMSSignedData sigData = gen.generate(msg, false); - * </pre> - */ -public class CMSSignedDataGenerator - extends CMSSignedGenerator -{ - private List signerInfs = new ArrayList(); - - /** - * base constructor - */ - public CMSSignedDataGenerator() - { - } - - public CMSSignedData generate( - CMSTypedData content) - throws CMSException - { - return generate(content, false); - } - - public CMSSignedData generate( - // FIXME Avoid accessing more than once to support CMSProcessableInputStream - CMSTypedData content, - boolean encapsulate) - throws CMSException - { - if (!signerInfs.isEmpty()) - { - throw new IllegalStateException("this method can only be used with SignerInfoGenerator"); - } - - // TODO -// if (signerInfs.isEmpty()) -// { -// /* RFC 3852 5.2 -// * "In the degenerate case where there are no signers, the -// * EncapsulatedContentInfo value being "signed" is irrelevant. In this -// * case, the content type within the EncapsulatedContentInfo value being -// * "signed" MUST be id-data (as defined in section 4), and the content -// * field of the EncapsulatedContentInfo value MUST be omitted." -// */ -// if (encapsulate) -// { -// throw new IllegalArgumentException("no signers, encapsulate must be false"); -// } -// if (!DATA.equals(eContentType)) -// { -// throw new IllegalArgumentException("no signers, eContentType must be id-data"); -// } -// } -// -// if (!DATA.equals(eContentType)) -// { -// /* RFC 3852 5.3 -// * [The 'signedAttrs']... -// * field is optional, but it MUST be present if the content type of -// * the EncapsulatedContentInfo value being signed is not id-data. -// */ -// // TODO signedAttrs must be present for all signers -// } - - ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); - ASN1EncodableVector signerInfos = new ASN1EncodableVector(); - - digests.clear(); // clear the current preserved digest state - - // - // add the precalculated SignerInfo objects. - // - for (Iterator it = _signers.iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); - - // TODO Verify the content type and calculated digest match the precalculated SignerInfo - signerInfos.add(signer.toASN1Structure()); - } - - // - // add the SignerInfo objects - // - ASN1ObjectIdentifier contentTypeOID = content.getContentType(); - - ASN1OctetString octs = null; - - if (content != null) - { - ByteArrayOutputStream bOut = null; - - if (encapsulate) - { - bOut = new ByteArrayOutputStream(); - } - - OutputStream cOut = CMSUtils.attachSignersToOutputStream(signerGens, bOut); - - // Just in case it's unencapsulated and there are no signers! - cOut = CMSUtils.getSafeOutputStream(cOut); - - try - { - content.write(cOut); - - cOut.close(); - } - catch (IOException e) - { - throw new CMSException("data processing exception: " + e.getMessage(), e); - } - - if (encapsulate) - { - octs = new BEROctetString(bOut.toByteArray()); - } - } - - for (Iterator it = signerGens.iterator(); it.hasNext();) - { - SignerInfoGenerator sGen = (SignerInfoGenerator)it.next(); - SignerInfo inf = sGen.generate(contentTypeOID); - - digestAlgs.add(inf.getDigestAlgorithm()); - signerInfos.add(inf); - - byte[] calcDigest = sGen.getCalculatedDigest(); - - if (calcDigest != null) - { - digests.put(inf.getDigestAlgorithm().getAlgorithm().getId(), calcDigest); - } - } - - ASN1Set certificates = null; - - if (certs.size() != 0) - { - certificates = CMSUtils.createBerSetFromList(certs); - } - - ASN1Set certrevlist = null; - - if (crls.size() != 0) - { - certrevlist = CMSUtils.createBerSetFromList(crls); - } - - ContentInfo encInfo = new ContentInfo(contentTypeOID, octs); - - SignedData sd = new SignedData( - new DERSet(digestAlgs), - encInfo, - certificates, - certrevlist, - new DERSet(signerInfos)); - - ContentInfo contentInfo = new ContentInfo( - CMSObjectIdentifiers.signedData, sd); - - return new CMSSignedData(content, contentInfo); - } - - /** - * generate a set of one or more SignerInformation objects representing counter signatures on - * the passed in SignerInformation object. - * - * @param signer the signer to be countersigned - * @return a store containing the signers. - */ - public SignerInformationStore generateCounterSigners(SignerInformation signer) - throws CMSException - { - return this.generate(new CMSProcessableByteArray(null, signer.getSignature()), false).getSignerInfos(); - } -} - diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataParser.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataParser.java deleted file mode 100644 index ca0e0c34..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataParser.java +++ /dev/null @@ -1,642 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Generator; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetStringParser; -import org.bouncycastle.asn1.ASN1SequenceParser; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1SetParser; -import org.bouncycastle.asn1.ASN1StreamParser; -import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.BERSetParser; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.BERTags; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfoParser; -import org.bouncycastle.asn1.cms.SignedDataParser; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcDigestCalculatorProvider; -import org.bouncycastle.util.Store; -import org.bouncycastle.util.io.Streams; -import org.bouncycastle.x509.NoSuchStoreException; -import org.bouncycastle.x509.X509Store; - -/** - * Parsing class for an CMS Signed Data object from an input stream. - * <p> - * Note: that because we are in a streaming mode only one signer can be tried and it is important - * that the methods on the parser are called in the appropriate order. - * </p> - * <p> - * A simple example of usage for an encapsulated signature. - * </p> - * <p> - * Two notes: first, in the example below the validity of - * the certificate isn't verified, just the fact that one of the certs - * matches the given signer, and, second, because we are in a streaming - * mode the order of the operations is important. - * </p> - * <pre> - * CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), encapSigData); - * - * sp.getSignedContent().drain(); - * - * Store certStore = sp.getCertificates(); - * SignerInformationStore signers = sp.getSignerInfos(); - * - * Collection c = signers.getSigners(); - * Iterator it = c.iterator(); - * - * while (it.hasNext()) - * { - * SignerInformation signer = (SignerInformation)it.next(); - * Collection certCollection = certStore.getMatches(signer.getSID()); - * - * Iterator certIt = certCollection.iterator(); - * X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - * - * System.out.println("verify returns: " + signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))); - * } - * </pre> - * Note also: this class does not introduce buffering - if you are processing large files you should create - * the parser with: - * <pre> - * CMSSignedDataParser ep = new CMSSignedDataParser(new BufferedInputStream(encapSigData, bufSize)); - * </pre> - * where bufSize is a suitably large buffer size. - */ -public class CMSSignedDataParser - extends CMSContentInfoParser -{ - private static final CMSSignedHelper HELPER = CMSSignedHelper.INSTANCE; - - private SignedDataParser _signedData; - private ASN1ObjectIdentifier _signedContentType; - private CMSTypedStream _signedContent; - private Map digests; - - private SignerInformationStore _signerInfoStore; - private X509Store _attributeStore; - private ASN1Set _certSet, _crlSet; - private boolean _isCertCrlParsed; - private X509Store _certificateStore; - private X509Store _crlStore; - - public CMSSignedDataParser( - DigestCalculatorProvider digestCalculatorProvider, - byte[] sigBlock) - throws CMSException - { - this(digestCalculatorProvider, new ByteArrayInputStream(sigBlock)); - } - - public CMSSignedDataParser( - DigestCalculatorProvider digestCalculatorProvider, - CMSTypedStream signedContent, - byte[] sigBlock) - throws CMSException - { - this(digestCalculatorProvider, signedContent, new ByteArrayInputStream(sigBlock)); - } - - private static DigestCalculatorProvider createDefaultDigestProvider() - throws CMSException - { - return new BcDigestCalculatorProvider(); - } - - /** - * base constructor - with encapsulated content - */ - public CMSSignedDataParser( - DigestCalculatorProvider digestCalculatorProvider, - InputStream sigData) - throws CMSException - { - this(digestCalculatorProvider, null, sigData); - } - - /** - * base constructor - * - * @param digestCalculatorProvider for generating accumulating digests - * @param signedContent the content that was signed. - * @param sigData the signature object stream. - */ - public CMSSignedDataParser( - DigestCalculatorProvider digestCalculatorProvider, - CMSTypedStream signedContent, - InputStream sigData) - throws CMSException - { - super(sigData); - - try - { - _signedContent = signedContent; - _signedData = SignedDataParser.getInstance(_contentInfo.getContent(BERTags.SEQUENCE)); - digests = new HashMap(); - - ASN1SetParser digAlgs = _signedData.getDigestAlgorithms(); - ASN1Encodable o; - - while ((o = digAlgs.readObject()) != null) - { - AlgorithmIdentifier algId = AlgorithmIdentifier.getInstance(o); - try - { - DigestCalculator calculator = digestCalculatorProvider.get(algId); - - if (calculator != null) - { - this.digests.put(algId.getAlgorithm(), calculator); - } - } - catch (OperatorCreationException e) - { - // ignore - } - } - - // - // If the message is simply a certificate chain message getContent() may return null. - // - ContentInfoParser cont = _signedData.getEncapContentInfo(); - ASN1OctetStringParser octs = (ASN1OctetStringParser) - cont.getContent(BERTags.OCTET_STRING); - - if (octs != null) - { - CMSTypedStream ctStr = new CMSTypedStream( - cont.getContentType().getId(), octs.getOctetStream()); - - if (_signedContent == null) - { - _signedContent = ctStr; - } - else - { - // - // content passed in, need to read past empty encapsulated content info object if present - // - ctStr.drain(); - } - } - - if (signedContent == null) - { - _signedContentType = cont.getContentType(); - } - else - { - _signedContentType = _signedContent.getContentType(); - } - } - catch (IOException e) - { - throw new CMSException("io exception: " + e.getMessage(), e); - } - - if (digests.isEmpty()) - { - throw new CMSException("no digests could be created for message."); - } - } - - /** - * Return the version number for the SignedData object - * - * @return the version number - */ - public int getVersion() - { - return _signedData.getVersion().getValue().intValue(); - } - - /** - * return the collection of signers that are associated with the - * signatures for the message. - * @throws CMSException - */ - public SignerInformationStore getSignerInfos() - throws CMSException - { - if (_signerInfoStore == null) - { - populateCertCrlSets(); - - List signerInfos = new ArrayList(); - Map hashes = new HashMap(); - - Iterator it = digests.keySet().iterator(); - while (it.hasNext()) - { - Object digestKey = it.next(); - - hashes.put(digestKey, ((DigestCalculator)digests.get(digestKey)).getDigest()); - } - - try - { - ASN1SetParser s = _signedData.getSignerInfos(); - ASN1Encodable o; - - while ((o = s.readObject()) != null) - { - SignerInfo info = SignerInfo.getInstance(o.toASN1Primitive()); - - byte[] hash = (byte[])hashes.get(info.getDigestAlgorithm().getAlgorithm()); - - signerInfos.add(new SignerInformation(info, _signedContentType, null, hash)); - } - } - catch (IOException e) - { - throw new CMSException("io exception: " + e.getMessage(), e); - } - - _signerInfoStore = new SignerInformationStore(signerInfos); - } - - return _signerInfoStore; - } - - /** - * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. - * - * @return a Store of X509CertificateHolder objects. - */ - public Store getCertificates() - throws CMSException - { - populateCertCrlSets(); - - return HELPER.getCertificates(_certSet); - } - - /** - * Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects. - * - * @return a Store of X509CRLHolder objects. - */ - public Store getCRLs() - throws CMSException - { - populateCertCrlSets(); - - return HELPER.getCRLs(_crlSet); - } - - /** - * Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects. - * - * @return a Store of X509AttributeCertificateHolder objects. - */ - public Store getAttributeCertificates() - throws CMSException - { - populateCertCrlSets(); - - return HELPER.getAttributeCertificates(_certSet); - } - - /** - * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in - * this SignedData structure. - * - * @param otherRevocationInfoFormat OID of the format type been looked for. - * - * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. - */ - public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) - throws CMSException - { - populateCertCrlSets(); - - return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, _crlSet); - } - - private void populateCertCrlSets() - throws CMSException - { - if (_isCertCrlParsed) - { - return; - } - - _isCertCrlParsed = true; - - try - { - // care! Streaming - these must be done in exactly this order. - _certSet = getASN1Set(_signedData.getCertificates()); - _crlSet = getASN1Set(_signedData.getCrls()); - } - catch (IOException e) - { - throw new CMSException("problem parsing cert/crl sets", e); - } - } - - /** - * Return the a string representation of the OID associated with the - * encapsulated content info structure carried in the signed data. - * - * @return the OID for the content type. - */ - public String getSignedContentTypeOID() - { - return _signedContentType.getId(); - } - - public CMSTypedStream getSignedContent() - { - if (_signedContent == null) - { - return null; - } - - InputStream digStream = CMSUtils.attachDigestsToInputStream( - digests.values(), _signedContent.getContentStream()); - - return new CMSTypedStream(_signedContent.getContentType(), digStream); - } - - /** - * Replace the signerinformation store associated with the passed - * in message contained in the stream original with the new one passed in. - * You would probably only want to do this if you wanted to change the unsigned - * attributes associated with a signer, or perhaps delete one. - * <p> - * The output stream is returned unclosed. - * </p> - * @param original the signed data stream to be used as a base. - * @param signerInformationStore the new signer information store to use. - * @param out the stream to write the new signed data object to. - * @return out. - */ - public static OutputStream replaceSigners( - InputStream original, - SignerInformationStore signerInformationStore, - OutputStream out) - throws CMSException, IOException - { - ASN1StreamParser in = new ASN1StreamParser(original); - ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject()); - SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE)); - - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.signedData); - - BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - // version number - sigGen.addObject(signedData.getVersion()); - - // digests - signedData.getDigestAlgorithms().toASN1Primitive(); // skip old ones - - ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); - - for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); - } - - sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded()); - - // encap content info - ContentInfoParser encapContentInfo = signedData.getEncapContentInfo(); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream()); - - eiGen.addObject(encapContentInfo.getContentType()); - - pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream()); - - eiGen.close(); - - - writeSetToGeneratorTagged(sigGen, signedData.getCertificates(), 0); - writeSetToGeneratorTagged(sigGen, signedData.getCrls(), 1); - - - ASN1EncodableVector signerInfos = new ASN1EncodableVector(); - for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - - signerInfos.add(signer.toASN1Structure()); - } - - sigGen.getRawOutputStream().write(new DERSet(signerInfos).getEncoded()); - - sigGen.close(); - - sGen.close(); - - return out; - } - - /** - * Replace the certificate and CRL information associated with this - * CMSSignedData object with the new one passed in. - * <p> - * The output stream is returned unclosed. - * </p> - * @param original the signed data stream to be used as a base. - * @param certs new certificates to be used, if any. - * @param crls new CRLs to be used, if any. - * @param attrCerts new attribute certificates to be used, if any. - * @param out the stream to write the new signed data object to. - * @return out. - * @exception CMSException if there is an error processing the CertStore - */ - public static OutputStream replaceCertificatesAndCRLs( - InputStream original, - Store certs, - Store crls, - Store attrCerts, - OutputStream out) - throws CMSException, IOException - { - ASN1StreamParser in = new ASN1StreamParser(original); - ContentInfoParser contentInfo = new ContentInfoParser((ASN1SequenceParser)in.readObject()); - SignedDataParser signedData = SignedDataParser.getInstance(contentInfo.getContent(BERTags.SEQUENCE)); - - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.signedData); - - BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - // version number - sigGen.addObject(signedData.getVersion()); - - // digests - sigGen.getRawOutputStream().write(signedData.getDigestAlgorithms().toASN1Primitive().getEncoded()); - - // encap content info - ContentInfoParser encapContentInfo = signedData.getEncapContentInfo(); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream()); - - eiGen.addObject(encapContentInfo.getContentType()); - - pipeEncapsulatedOctetString(encapContentInfo, eiGen.getRawOutputStream()); - - eiGen.close(); - - // - // skip existing certs and CRLs - // - getASN1Set(signedData.getCertificates()); - getASN1Set(signedData.getCrls()); - - // - // replace the certs and crls in the SignedData object - // - if (certs != null || attrCerts != null) - { - List certificates = new ArrayList(); - - if (certs != null) - { - certificates.addAll(CMSUtils.getCertificatesFromStore(certs)); - } - if (attrCerts != null) - { - certificates.addAll(CMSUtils.getAttributeCertificatesFromStore(attrCerts)); - } - - ASN1Set asn1Certs = CMSUtils.createBerSetFromList(certificates); - - if (asn1Certs.size() > 0) - { - sigGen.getRawOutputStream().write(new DERTaggedObject(false, 0, asn1Certs).getEncoded()); - } - } - - if (crls != null) - { - ASN1Set asn1Crls = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls)); - - if (asn1Crls.size() > 0) - { - sigGen.getRawOutputStream().write(new DERTaggedObject(false, 1, asn1Crls).getEncoded()); - } - } - - sigGen.getRawOutputStream().write(signedData.getSignerInfos().toASN1Primitive().getEncoded()); - - sigGen.close(); - - sGen.close(); - - return out; - } - - private static void writeSetToGeneratorTagged( - ASN1Generator asn1Gen, - ASN1SetParser asn1SetParser, - int tagNo) - throws IOException - { - ASN1Set asn1Set = getASN1Set(asn1SetParser); - - if (asn1Set != null) - { - if (asn1SetParser instanceof BERSetParser) - { - asn1Gen.getRawOutputStream().write(new BERTaggedObject(false, tagNo, asn1Set).getEncoded()); - } - else - { - asn1Gen.getRawOutputStream().write(new DERTaggedObject(false, tagNo, asn1Set).getEncoded()); - } - } - } - - private static ASN1Set getASN1Set( - ASN1SetParser asn1SetParser) - { - return asn1SetParser == null - ? null - : ASN1Set.getInstance(asn1SetParser.toASN1Primitive()); - } - - private static void pipeEncapsulatedOctetString(ContentInfoParser encapContentInfo, - OutputStream rawOutputStream) throws IOException - { - ASN1OctetStringParser octs = (ASN1OctetStringParser) - encapContentInfo.getContent(BERTags.OCTET_STRING); - - if (octs != null) - { - pipeOctetString(octs, rawOutputStream); - } - -// BERTaggedObjectParser contentObject = (BERTaggedObjectParser)encapContentInfo.getContentObject(); -// if (contentObject != null) -// { -// // Handle IndefiniteLengthInputStream safely -// InputStream input = ASN1StreamParser.getSafeRawInputStream(contentObject.getContentStream(true)); -// -// // TODO BerTaggedObjectGenerator? -// BEROutputStream berOut = new BEROutputStream(rawOutputStream); -// berOut.write(DERTags.CONSTRUCTED | DERTags.TAGGED | 0); -// berOut.write(0x80); -// -// pipeRawOctetString(input, rawOutputStream); -// -// berOut.write(0x00); -// berOut.write(0x00); -// -// input.close(); -// } - } - - private static void pipeOctetString( - ASN1OctetStringParser octs, - OutputStream output) - throws IOException - { - // TODO Allow specification of a specific fragment size? - OutputStream outOctets = CMSUtils.createBEROctetOutputStream( - output, 0, true, 0); - Streams.pipeAll(octs.getOctetStream(), outOctets); - outOctets.close(); - } - -// private static void pipeRawOctetString( -// InputStream rawInput, -// OutputStream rawOutput) -// throws IOException -// { -// InputStream tee = new TeeInputStream(rawInput, rawOutput); -// ASN1StreamParser sp = new ASN1StreamParser(tee); -// ASN1OctetStringParser octs = (ASN1OctetStringParser)sp.readObject(); -// Streams.drain(octs.getOctetStream()); -// } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java deleted file mode 100644 index c0e64158..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java +++ /dev/null @@ -1,507 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.security.SecureRandom; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequenceGenerator; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; - -/** - * General class for generating a pkcs7-signature message stream. - * <p> - * A simple example of usage. - * </p> - * <pre> - * X509Certificate signCert = ... - * certList.add(signCert); - * - * Store certs = new JcaCertStore(certList); - * ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate()); - * - * CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - * - * gen.addSignerInfoGenerator( - * new JcaSignerInfoGeneratorBuilder( - * new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) - * .build(sha1Signer, signCert)); - * - * gen.addCertificates(certs); - * - * OutputStream sigOut = gen.open(bOut); - * - * sigOut.write("Hello World!".getBytes()); - * - * sigOut.close(); - * </pre> - */ -public class CMSSignedDataStreamGenerator - extends CMSSignedGenerator -{ - private int _bufferSize; - - /** - * base constructor - */ - public CMSSignedDataStreamGenerator() - { - } - - /** - * Set the underlying string size for encapsulated data - * - * @param bufferSize length of octet strings to buffer the data. - */ - public void setBufferSize( - int bufferSize) - { - _bufferSize = bufferSize; - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider. - */ - public OutputStream open( - OutputStream out) - throws IOException - { - return open(out, false); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature with the - * default content type "data". - */ - public OutputStream open( - OutputStream out, - boolean encapsulate) - throws IOException - { - return open(CMSObjectIdentifiers.data, out, encapsulate); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature with the - * default content type "data". If dataOutputStream is non null the data - * being signed will be written to the stream as it is processed. - * @param out stream the CMS object is to be written to. - * @param encapsulate true if data should be encapsulated. - * @param dataOutputStream output stream to copy the data being signed to. - */ - public OutputStream open( - OutputStream out, - boolean encapsulate, - OutputStream dataOutputStream) - throws IOException - { - return open(CMSObjectIdentifiers.data, out, encapsulate, dataOutputStream); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature. The content type - * is set according to the OID represented by the string signedContentType. - */ - public OutputStream open( - ASN1ObjectIdentifier eContentType, - OutputStream out, - boolean encapsulate) - throws IOException - { - return open(eContentType, out, encapsulate, null); - } - - /** - * generate a signed object that for a CMS Signed Data - * object using the given provider - if encapsulate is true a copy - * of the message will be included in the signature. The content type - * is set according to the OID represented by the string signedContentType. - * @param eContentType OID for data to be signed. - * @param out stream the CMS object is to be written to. - * @param encapsulate true if data should be encapsulated. - * @param dataOutputStream output stream to copy the data being signed to. - */ - public OutputStream open( - ASN1ObjectIdentifier eContentType, - OutputStream out, - boolean encapsulate, - OutputStream dataOutputStream) - throws IOException - { - // TODO -// if (_signerInfs.isEmpty()) -// { -// /* RFC 3852 5.2 -// * "In the degenerate case where there are no signers, the -// * EncapsulatedContentInfo value being "signed" is irrelevant. In this -// * case, the content type within the EncapsulatedContentInfo value being -// * "signed" MUST be id-data (as defined in section 4), and the content -// * field of the EncapsulatedContentInfo value MUST be omitted." -// */ -// if (encapsulate) -// { -// throw new IllegalArgumentException("no signers, encapsulate must be false"); -// } -// if (!DATA.equals(eContentType)) -// { -// throw new IllegalArgumentException("no signers, eContentType must be id-data"); -// } -// } -// -// if (!DATA.equals(eContentType)) -// { -// /* RFC 3852 5.3 -// * [The 'signedAttrs']... -// * field is optional, but it MUST be present if the content type of -// * the EncapsulatedContentInfo value being signed is not id-data. -// */ -// // TODO signedAttrs must be present for all signers -// } - - // - // ContentInfo - // - BERSequenceGenerator sGen = new BERSequenceGenerator(out); - - sGen.addObject(CMSObjectIdentifiers.signedData); - - // - // Signed Data - // - BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true); - - sigGen.addObject(calculateVersion(eContentType)); - - ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); - - // - // add the precalculated SignerInfo digest algorithms. - // - for (Iterator it = _signers.iterator(); it.hasNext();) - { - SignerInformation signer = (SignerInformation)it.next(); - digestAlgs.add(CMSSignedHelper.INSTANCE.fixAlgID(signer.getDigestAlgorithmID())); - } - - // - // add the new digests - // - - for (Iterator it = signerGens.iterator(); it.hasNext();) - { - SignerInfoGenerator signerGen = (SignerInfoGenerator)it.next(); - - digestAlgs.add(signerGen.getDigestAlgorithm()); - } - - sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded()); - - BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream()); - eiGen.addObject(eContentType); - - // If encapsulating, add the data as an octet string in the sequence - OutputStream encapStream = encapsulate - ? CMSUtils.createBEROctetOutputStream(eiGen.getRawOutputStream(), 0, true, _bufferSize) - : null; - - // Also send the data to 'dataOutputStream' if necessary - OutputStream contentStream = CMSUtils.getSafeTeeOutputStream(dataOutputStream, encapStream); - - // Let all the signers see the data as it is written - OutputStream sigStream = CMSUtils.attachSignersToOutputStream(signerGens, contentStream); - - return new CmsSignedDataOutputStream(sigStream, eContentType, sGen, sigGen, eiGen); - } - - // TODO Make public? - void generate( - OutputStream out, - String eContentType, - boolean encapsulate, - OutputStream dataOutputStream, - CMSProcessable content) - throws CMSException, IOException - { - OutputStream signedOut = open(out, eContentType, encapsulate, dataOutputStream); - if (content != null) - { - content.write(signedOut); - } - signedOut.close(); - } - - // RFC3852, section 5.1: - // IF ((certificates is present) AND - // (any certificates with a type of other are present)) OR - // ((crls is present) AND - // (any crls with a type of other are present)) - // THEN version MUST be 5 - // ELSE - // IF (certificates is present) AND - // (any version 2 attribute certificates are present) - // THEN version MUST be 4 - // ELSE - // IF ((certificates is present) AND - // (any version 1 attribute certificates are present)) OR - // (any SignerInfo structures are version 3) OR - // (encapContentInfo eContentType is other than id-data) - // THEN version MUST be 3 - // ELSE version MUST be 1 - // - private ASN1Integer calculateVersion( - ASN1ObjectIdentifier contentOid) - { - boolean otherCert = false; - boolean otherCrl = false; - boolean attrCertV1Found = false; - boolean attrCertV2Found = false; - - if (certs != null) - { - for (Iterator it = certs.iterator(); it.hasNext();) - { - Object obj = it.next(); - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)obj; - - if (tagged.getTagNo() == 1) - { - attrCertV1Found = true; - } - else if (tagged.getTagNo() == 2) - { - attrCertV2Found = true; - } - else if (tagged.getTagNo() == 3) - { - otherCert = true; - } - } - } - } - - if (otherCert) - { - return new ASN1Integer(5); - } - - if (crls != null) // no need to check if otherCert is true - { - for (Iterator it = crls.iterator(); it.hasNext();) - { - Object obj = it.next(); - if (obj instanceof ASN1TaggedObject) - { - otherCrl = true; - } - } - } - - if (otherCrl) - { - return new ASN1Integer(5); - } - - if (attrCertV2Found) - { - return new ASN1Integer(4); - } - - if (attrCertV1Found) - { - return new ASN1Integer(3); - } - - if (checkForVersion3(_signers, signerGens)) - { - return new ASN1Integer(3); - } - - if (!CMSObjectIdentifiers.data.equals(contentOid)) - { - return new ASN1Integer(3); - } - - return new ASN1Integer(1); - } - - private boolean checkForVersion3(List signerInfos, List signerInfoGens) - { - for (Iterator it = signerInfos.iterator(); it.hasNext();) - { - SignerInfo s = SignerInfo.getInstance(((SignerInformation)it.next()).toASN1Structure()); - - if (s.getVersion().getValue().intValue() == 3) - { - return true; - } - } - - for (Iterator it = signerInfoGens.iterator(); it.hasNext();) - { - SignerInfoGenerator s = (SignerInfoGenerator)it.next(); - - if (s.getGeneratedVersion().getValue().intValue() == 3) - { - return true; - } - } - - return false; - } - - private class CmsSignedDataOutputStream - extends OutputStream - { - private OutputStream _out; - private ASN1ObjectIdentifier _contentOID; - private BERSequenceGenerator _sGen; - private BERSequenceGenerator _sigGen; - private BERSequenceGenerator _eiGen; - - public CmsSignedDataOutputStream( - OutputStream out, - ASN1ObjectIdentifier contentOID, - BERSequenceGenerator sGen, - BERSequenceGenerator sigGen, - BERSequenceGenerator eiGen) - { - _out = out; - _contentOID = contentOID; - _sGen = sGen; - _sigGen = sigGen; - _eiGen = eiGen; - } - - public void write( - int b) - throws IOException - { - _out.write(b); - } - - public void write( - byte[] bytes, - int off, - int len) - throws IOException - { - _out.write(bytes, off, len); - } - - public void write( - byte[] bytes) - throws IOException - { - _out.write(bytes); - } - - public void close() - throws IOException - { - _out.close(); - _eiGen.close(); - - digests.clear(); // clear the current preserved digest state - - if (certs.size() != 0) - { - ASN1Set certSet = CMSUtils.createBerSetFromList(certs); - - _sigGen.getRawOutputStream().write(new BERTaggedObject(false, 0, certSet).getEncoded()); - } - - if (crls.size() != 0) - { - ASN1Set crlSet = CMSUtils.createBerSetFromList(crls); - - _sigGen.getRawOutputStream().write(new BERTaggedObject(false, 1, crlSet).getEncoded()); - } - - // - // collect all the SignerInfo objects - // - ASN1EncodableVector signerInfos = new ASN1EncodableVector(); - - // - // add the generated SignerInfo objects - // - - for (Iterator it = signerGens.iterator(); it.hasNext();) - { - SignerInfoGenerator sigGen = (SignerInfoGenerator)it.next(); - - - try - { - signerInfos.add(sigGen.generate(_contentOID)); - - byte[] calculatedDigest = sigGen.getCalculatedDigest(); - - digests.put(sigGen.getDigestAlgorithm().getAlgorithm().getId(), calculatedDigest); - } - catch (CMSException e) - { - throw new CMSStreamException("exception generating signers: " + e.getMessage(), e); - } - } - - // - // add the precalculated SignerInfo objects - // - { - Iterator it = _signers.iterator(); - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - - // TODO Verify the content type and calculated digest match the precalculated SignerInfo -// if (!signer.getContentType().equals(_contentOID)) -// { -// // TODO The precalculated content type did not match - error? -// } -// -// byte[] calculatedDigest = (byte[])_digests.get(signer.getDigestAlgOID()); -// if (calculatedDigest == null) -// { -// // TODO We can't confirm this digest because we didn't calculate it - error? -// } -// else -// { -// if (!Arrays.areEqual(signer.getContentDigest(), calculatedDigest)) -// { -// // TODO The precalculated digest did not match - error? -// } -// } - - signerInfos.add(signer.toASN1Structure()); - } - } - - _sigGen.getRawOutputStream().write(new DERSet(signerInfos).getEncoded()); - - _sigGen.close(); - _sGen.close(); - } - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedGenerator.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedGenerator.java deleted file mode 100644 index e4710523..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedGenerator.java +++ /dev/null @@ -1,265 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.security.SecureRandom; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.cert.X509AttributeCertificateHolder; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.util.Store; -import org.bouncycastle.util.Arrays; - -public class CMSSignedGenerator -{ - /** - * Default type for the signed data. - */ - public static final String DATA = CMSObjectIdentifiers.data.getId(); - - public static final String DIGEST_SHA1 = OIWObjectIdentifiers.idSHA1.getId(); - public static final String DIGEST_SHA224 = NISTObjectIdentifiers.id_sha224.getId(); - public static final String DIGEST_SHA256 = NISTObjectIdentifiers.id_sha256.getId(); - public static final String DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId(); - public static final String DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId(); - public static final String DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId(); - public static final String DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId(); - public static final String DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId(); - public static final String DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId(); - public static final String DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId(); - - public static final String ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId(); - public static final String ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId(); - public static final String ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId(); - public static final String ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId(); - public static final String ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId(); - public static final String ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId(); - - private static final String ENCRYPTION_ECDSA_WITH_SHA1 = X9ObjectIdentifiers.ecdsa_with_SHA1.getId(); - private static final String ENCRYPTION_ECDSA_WITH_SHA224 = X9ObjectIdentifiers.ecdsa_with_SHA224.getId(); - private static final String ENCRYPTION_ECDSA_WITH_SHA256 = X9ObjectIdentifiers.ecdsa_with_SHA256.getId(); - private static final String ENCRYPTION_ECDSA_WITH_SHA384 = X9ObjectIdentifiers.ecdsa_with_SHA384.getId(); - private static final String ENCRYPTION_ECDSA_WITH_SHA512 = X9ObjectIdentifiers.ecdsa_with_SHA512.getId(); - - private static final Set NO_PARAMS = new HashSet(); - private static final Map EC_ALGORITHMS = new HashMap(); - - static - { - NO_PARAMS.add(ENCRYPTION_DSA); - NO_PARAMS.add(ENCRYPTION_ECDSA); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA1); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA224); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA256); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA384); - NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA512); - - EC_ALGORITHMS.put(DIGEST_SHA1, ENCRYPTION_ECDSA_WITH_SHA1); - EC_ALGORITHMS.put(DIGEST_SHA224, ENCRYPTION_ECDSA_WITH_SHA224); - EC_ALGORITHMS.put(DIGEST_SHA256, ENCRYPTION_ECDSA_WITH_SHA256); - EC_ALGORITHMS.put(DIGEST_SHA384, ENCRYPTION_ECDSA_WITH_SHA384); - EC_ALGORITHMS.put(DIGEST_SHA512, ENCRYPTION_ECDSA_WITH_SHA512); - } - - protected List certs = new ArrayList(); - protected List crls = new ArrayList(); - protected List _signers = new ArrayList(); - protected List signerGens = new ArrayList(); - protected Map digests = new HashMap(); - - protected final SecureRandom rand; - - /** - * base constructor - */ - protected CMSSignedGenerator() - { - this(new SecureRandom()); - } - - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - */ - protected CMSSignedGenerator( - SecureRandom rand) - { - this.rand = rand; - } - - protected Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) - { - Map param = new HashMap(); - param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); - param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); - return param; - } - - protected ASN1Set getAttributeSet( - AttributeTable attr) - { - if (attr != null) - { - return new DERSet(attr.toASN1EncodableVector()); - } - - return null; - } - - /** - * Add a certificate to the certificate set to be included with the generated SignedData message. - * - * @param certificate the certificate to be included. - * @throws CMSException if the certificate cannot be encoded for adding. - */ - public void addCertificate( - X509CertificateHolder certificate) - throws CMSException - { - certs.add(certificate.toASN1Structure()); - } - - /** - * Add the certificates in certStore to the certificate set to be included with the generated SignedData message. - * - * @param certStore the store containing the certificates to be included. - * @throws CMSException if the certificates cannot be encoded for adding. - */ - public void addCertificates( - Store certStore) - throws CMSException - { - certs.addAll(CMSUtils.getCertificatesFromStore(certStore)); - } - - /** - * Add a CRL to the CRL set to be included with the generated SignedData message. - * - * @param crl the CRL to be included. - */ - public void addCRL(X509CRLHolder crl) - { - crls.add(crl.toASN1Structure()); - } - - /** - * Add the CRLs in crlStore to the CRL set to be included with the generated SignedData message. - * - * @param crlStore the store containing the CRLs to be included. - * @throws CMSException if the CRLs cannot be encoded for adding. - */ - public void addCRLs( - Store crlStore) - throws CMSException - { - crls.addAll(CMSUtils.getCRLsFromStore(crlStore)); - } - - /** - * Add the attribute certificates in attrStore to the certificate set to be included with the generated SignedData message. - * - * @param attrCert the store containing the certificates to be included. - * @throws CMSException if the attribute certificate cannot be encoded for adding. - */ - public void addAttributeCertificate( - X509AttributeCertificateHolder attrCert) - throws CMSException - { - certs.add(new DERTaggedObject(false, 2, attrCert.toASN1Structure())); - } - - /** - * Add the attribute certificates in attrStore to the certificate set to be included with the generated SignedData message. - * - * @param attrStore the store containing the certificates to be included. - * @throws CMSException if the attribute certificate cannot be encoded for adding. - */ - public void addAttributeCertificates( - Store attrStore) - throws CMSException - { - certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore)); - } - - /** - * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message. - * - * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. - * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure. - */ - public void addOtherRevocationInfo( - ASN1ObjectIdentifier otherRevocationInfoFormat, - ASN1Encodable otherRevocationInfo) - { - crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo))); - } - - /** - * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message. - * - * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. - * @param otherRevocationInfos a Store of otherRevocationInfo data to add. - */ - public void addOtherRevocationInfo( - ASN1ObjectIdentifier otherRevocationInfoFormat, - Store otherRevocationInfos) - { - crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos)); - } - - /** - * Add a store of precalculated signers to the generator. - * - * @param signerStore store of signers - */ - public void addSigners( - SignerInformationStore signerStore) - { - Iterator it = signerStore.getSigners().iterator(); - - while (it.hasNext()) - { - _signers.add(it.next()); - } - } - - public void addSignerInfoGenerator(SignerInfoGenerator infoGen) - { - signerGens.add(infoGen); - } - - /** - * Return a map of oids and byte arrays representing the digests calculated on the content during - * the last generate. - * - * @return a map of oids (as String objects) and byte[] representing digests. - */ - public Map getGeneratedDigests() - { - return new HashMap(digests); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedHelper.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedHelper.java deleted file mode 100644 index 813cead5..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSSignedHelper.java +++ /dev/null @@ -1,272 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.eac.EACObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.cert.X509AttributeCertificateHolder; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.util.CollectionStore; -import org.bouncycastle.util.Store; - -class CMSSignedHelper -{ - static final CMSSignedHelper INSTANCE = new CMSSignedHelper(); - - private static final Map encryptionAlgs = new HashMap(); - private static final Map digestAlgs = new HashMap(); - private static final Map digestAliases = new HashMap(); - - private static void addEntries(ASN1ObjectIdentifier alias, String digest, String encryption) - { - digestAlgs.put(alias.getId(), digest); - encryptionAlgs.put(alias.getId(), encryption); - } - - static - { - addEntries(NISTObjectIdentifiers.dsa_with_sha224, "SHA224", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha256, "SHA256", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA"); - addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA"); - addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA"); - addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA"); - addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA"); - addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA"); - addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA"); - addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA"); - addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA"); - addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA"); - addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA"); - addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA"); - addEntries(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256", "RSA"); - addEntries(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384", "RSA"); - addEntries(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512", "RSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384", "ECDSA"); - addEntries(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512", "ECDSA"); - addEntries(X9ObjectIdentifiers.id_dsa_with_sha1, "SHA1", "DSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512", "ECDSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_1, "SHA1", "RSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA"); - addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1"); - addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1"); - - encryptionAlgs.put(X9ObjectIdentifiers.id_dsa.getId(), "DSA"); - encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA"); - encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA"); - encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA"); - encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410"); - encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410"); - encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410"); - encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410"); - - digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2"); - digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4"); - digestAlgs.put(PKCSObjectIdentifiers.md5.getId(), "MD5"); - digestAlgs.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1"); - digestAlgs.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224"); - digestAlgs.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256"); - digestAlgs.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384"); - digestAlgs.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160"); - digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256"); - digestAlgs.put(CryptoProObjectIdentifiers.gostR3411.getId(), "GOST3411"); - digestAlgs.put("1.3.6.1.4.1.5849.1.2.1", "GOST3411"); - - digestAliases.put("SHA1", new String[] { "SHA-1" }); - digestAliases.put("SHA224", new String[] { "SHA-224" }); - digestAliases.put("SHA256", new String[] { "SHA-256" }); - digestAliases.put("SHA384", new String[] { "SHA-384" }); - digestAliases.put("SHA512", new String[] { "SHA-512" }); - } - - /** - * Return the digest algorithm using one of the standard JCA string - * representations rather than the algorithm identifier (if possible). - */ - String getDigestAlgName( - String digestAlgOID) - { - String algName = (String)digestAlgs.get(digestAlgOID); - - if (algName != null) - { - return algName; - } - - return digestAlgOID; - } - - /** - * Return the digest encryption algorithm using one of the standard - * JCA string representations rather the the algorithm identifier (if - * possible). - */ - String getEncryptionAlgName( - String encryptionAlgOID) - { - String algName = (String)encryptionAlgs.get(encryptionAlgOID); - - if (algName != null) - { - return algName; - } - - return encryptionAlgOID; - } - - AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) - { - if (algId.getParameters() == null) - { - return new AlgorithmIdentifier(algId.getAlgorithm(), DERNull.INSTANCE); - } - - return algId; - } - - void setSigningEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - encryptionAlgs.put(oid.getId(), algorithmName); - } - - void setSigningDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - digestAlgs.put(oid.getId(), algorithmName); - } - - Store getCertificates(ASN1Set certSet) - { - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - certList.add(new X509CertificateHolder(Certificate.getInstance(obj))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); - } - - Store getAttributeCertificates(ASN1Set certSet) - { - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1TaggedObject) - { - certList.add(new X509AttributeCertificateHolder(AttributeCertificate.getInstance(((ASN1TaggedObject)obj).getObject()))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); - } - - Store getCRLs(ASN1Set crlSet) - { - if (crlSet != null) - { - List crlList = new ArrayList(crlSet.size()); - - for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - crlList.add(new X509CRLHolder(CertificateList.getInstance(obj))); - } - } - - return new CollectionStore(crlList); - } - - return new CollectionStore(new ArrayList()); - } - - Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet) - { - if (crlSet != null) - { - List crlList = new ArrayList(crlSet.size()); - - for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj); - - if (tObj.getTagNo() == 1) - { - OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false); - - if (otherRevocationInfoFormat.equals(other.getInfoFormat())) - { - crlList.add(other.getInfo()); - } - } - } - } - - return new CollectionStore(crlList); - } - - return new CollectionStore(new ArrayList()); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/CMSUtils.java b/pkix/src/main/j2me/org/bouncycastle/cms/CMSUtils.java deleted file mode 100644 index 71f5fff1..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/CMSUtils.java +++ /dev/null @@ -1,258 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetStringGenerator; -import org.bouncycastle.asn1.BERSet; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.OtherRecipientInfo; -import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.ocsp.OCSPResponse; -import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.TBSCertificate; -import org.bouncycastle.cert.X509AttributeCertificateHolder; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.util.Store; -import org.bouncycastle.util.io.Streams; -import org.bouncycastle.util.io.TeeInputStream; -import org.bouncycastle.util.io.TeeOutputStream; - -class CMSUtils -{ - static ContentInfo readContentInfo( - byte[] input) - throws CMSException - { - // enforce limit checking as from a byte array - return readContentInfo(new ASN1InputStream(input)); - } - - static ContentInfo readContentInfo( - InputStream input) - throws CMSException - { - // enforce some limit checking - return readContentInfo(new ASN1InputStream(input)); - } - - static List getCertificatesFromStore(Store certStore) - throws CMSException - { - List certs = new ArrayList(); - - try - { - for (Iterator it = certStore.getMatches(null).iterator(); it.hasNext();) - { - X509CertificateHolder c = (X509CertificateHolder)it.next(); - - certs.add(c.toASN1Structure()); - } - - return certs; - } - catch (ClassCastException e) - { - throw new CMSException("error processing certs", e); - } - } - - static List getAttributeCertificatesFromStore(Store attrStore) - throws CMSException - { - List certs = new ArrayList(); - - try - { - for (Iterator it = attrStore.getMatches(null).iterator(); it.hasNext();) - { - X509AttributeCertificateHolder attrCert = (X509AttributeCertificateHolder)it.next(); - - certs.add(new DERTaggedObject(false, 2, attrCert.toASN1Structure())); - } - - return certs; - } - catch (ClassCastException e) - { - throw new CMSException("error processing certs", e); - } - } - - static List getCRLsFromStore(Store crlStore) - throws CMSException - { - List certs = new ArrayList(); - - try - { - for (Iterator it = crlStore.getMatches(null).iterator(); it.hasNext();) - { - X509CRLHolder c = (X509CRLHolder)it.next(); - - certs.add(c.toASN1Structure()); - } - - return certs; - } - catch (ClassCastException e) - { - throw new CMSException("error processing certs", e); - } - } - - static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) - { - List others = new ArrayList(); - - for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) - { - ASN1Encodable info = (ASN1Encodable)it.next(); - - if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) - { - OCSPResponse resp = OCSPResponse.getInstance(info); - - if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) - { - throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); - } - } - - others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); - } - - return others; - } - - static ASN1Set createBerSetFromList(List derObjects) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (Iterator it = derObjects.iterator(); it.hasNext();) - { - v.add((ASN1Encodable)it.next()); - } - - return new BERSet(v); - } - - static ASN1Set createDerSetFromList(List derObjects) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (Iterator it = derObjects.iterator(); it.hasNext();) - { - v.add((ASN1Encodable)it.next()); - } - - return new DERSet(v); - } - - static OutputStream createBEROctetOutputStream(OutputStream s, - int tagNo, boolean isExplicit, int bufferSize) throws IOException - { - BEROctetStringGenerator octGen = new BEROctetStringGenerator(s, tagNo, isExplicit); - - if (bufferSize != 0) - { - return octGen.getOctetOutputStream(new byte[bufferSize]); - } - - return octGen.getOctetOutputStream(); - } - - private static ContentInfo readContentInfo( - ASN1InputStream in) - throws CMSException - { - try - { - return ContentInfo.getInstance(in.readObject()); - } - catch (IOException e) - { - throw new CMSException("IOException reading content.", e); - } - catch (ClassCastException e) - { - throw new CMSException("Malformed content.", e); - } - catch (IllegalArgumentException e) - { - throw new CMSException("Malformed content.", e); - } - } - - public static byte[] streamToByteArray( - InputStream in) - throws IOException - { - return Streams.readAll(in); - } - - public static byte[] streamToByteArray( - InputStream in, - int limit) - throws IOException - { - return Streams.readAllLimited(in, limit); - } - - static InputStream attachDigestsToInputStream(Collection digests, InputStream s) - { - InputStream result = s; - Iterator it = digests.iterator(); - while (it.hasNext()) - { - DigestCalculator digest = (DigestCalculator)it.next(); - result = new TeeInputStream(result, digest.getOutputStream()); - } - return result; - } - - static OutputStream attachSignersToOutputStream(Collection signers, OutputStream s) - { - OutputStream result = s; - Iterator it = signers.iterator(); - while (it.hasNext()) - { - SignerInfoGenerator signerGen = (SignerInfoGenerator)it.next(); - result = getSafeTeeOutputStream(result, signerGen.getCalculatingOutputStream()); - } - return result; - } - - static OutputStream getSafeOutputStream(OutputStream s) - { - return s == null ? new NullOutputStream() : s; - } - - static OutputStream getSafeTeeOutputStream(OutputStream s1, - OutputStream s2) - { - return s1 == null ? getSafeOutputStream(s2) - : s2 == null ? getSafeOutputStream(s1) : new TeeOutputStream( - s1, s2); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java b/pkix/src/main/j2me/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java deleted file mode 100644 index a7149663..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.cms; - -import java.util.Date; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.Map; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.Time; - -/** - * Default signed attributes generator. - */ -public class DefaultSignedAttributeTableGenerator - implements CMSAttributeTableGenerator -{ - private final Hashtable table; - - /** - * Initialise to use all defaults - */ - public DefaultSignedAttributeTableGenerator() - { - table = new Hashtable(); - } - - /** - * Initialise with some extra attributes or overrides. - * - * @param attributeTable initial attribute table to use. - */ - public DefaultSignedAttributeTableGenerator( - AttributeTable attributeTable) - { - if (attributeTable != null) - { - table = attributeTable.toHashtable(); - } - else - { - table = new Hashtable(); - } - } - - /** - * Create a standard attribute table from the passed in parameters - this will - * normally include contentType, signingTime, and messageDigest. If the constructor - * using an AttributeTable was used, entries in it for contentType, signingTime, and - * messageDigest will override the generated ones. - * - * @param parameters source parameters for table generation. - * - * @return a filled in Hashtable of attributes. - */ - protected Hashtable createStandardAttributeTable( - Map parameters) - { - Hashtable std = new Hashtable(); - - for (Enumeration it = table.keys(); it.hasMoreElements();) - { - Object k = it.nextElement(); - - std.put(k, table.get(k)); - } - - if (!std.containsKey(CMSAttributes.contentType)) - { - DERObjectIdentifier contentType = (DERObjectIdentifier) - parameters.get(CMSAttributeTableGenerator.CONTENT_TYPE); - - // contentType will be null if we're trying to generate a counter signature. - if (contentType != null) - { - Attribute attr = new Attribute(CMSAttributes.contentType, - new DERSet(contentType)); - std.put(attr.getAttrType(), attr); - } - } - - if (!std.containsKey(CMSAttributes.signingTime)) - { - Date signingTime = new Date(); - Attribute attr = new Attribute(CMSAttributes.signingTime, - new DERSet(new Time(signingTime))); - std.put(attr.getAttrType(), attr); - } - - if (!std.containsKey(CMSAttributes.messageDigest)) - { - byte[] messageDigest = (byte[])parameters.get( - CMSAttributeTableGenerator.DIGEST); - Attribute attr = new Attribute(CMSAttributes.messageDigest, - new DERSet(new DEROctetString(messageDigest))); - std.put(attr.getAttrType(), attr); - } - - return std; - } - - /** - * @param parameters source parameters - * @return the populated attribute table - */ - public AttributeTable getAttributes(Map parameters) - { - return new AttributeTable(createStandardAttributeTable(parameters)); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/KEKRecipientInformation.java b/pkix/src/main/j2me/org/bouncycastle/cms/KEKRecipientInformation.java deleted file mode 100644 index 62c65294..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/KEKRecipientInformation.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; - -import org.bouncycastle.asn1.cms.KEKIdentifier; -import org.bouncycastle.asn1.cms.KEKRecipientInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using a secret key known to the other side. - */ -public class KEKRecipientInformation - extends RecipientInformation -{ - private KEKRecipientInfo info; - - KEKRecipientInformation( - KEKRecipientInfo info, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); - - this.info = info; - - KEKIdentifier kekId = info.getKekid(); - - this.rid = new KEKRecipientId(kekId.getKeyIdentifier().getOctets()); - } - - protected RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException, IOException - { - return ((KEKRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, info.getEncryptedKey().getOctets()); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/KeyAgreeRecipientInformation.java b/pkix/src/main/j2me/org/bouncycastle/cms/KeyAgreeRecipientInformation.java deleted file mode 100644 index 16c26bde..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/KeyAgreeRecipientInformation.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.util.List; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier; -import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo; -import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey; -import org.bouncycastle.asn1.cms.OriginatorPublicKey; -import org.bouncycastle.asn1.cms.RecipientEncryptedKey; -import org.bouncycastle.asn1.cms.RecipientKeyIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using key agreement. - */ -public class KeyAgreeRecipientInformation - extends RecipientInformation -{ - private KeyAgreeRecipientInfo info; - private ASN1OctetString encryptedKey; - - static void readRecipientInfo(List infos, KeyAgreeRecipientInfo info, - AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData) - { - ASN1Sequence s = info.getRecipientEncryptedKeys(); - - for (int i = 0; i < s.size(); ++i) - { - RecipientEncryptedKey id = RecipientEncryptedKey.getInstance( - s.getObjectAt(i)); - - RecipientId rid; - - KeyAgreeRecipientIdentifier karid = id.getIdentifier(); - IssuerAndSerialNumber iAndSN = karid.getIssuerAndSerialNumber(); - - if (iAndSN != null) - { - rid = new KeyAgreeRecipientId(iAndSN.getName(), iAndSN.getSerialNumber().getValue()); - } - else - { - RecipientKeyIdentifier rKeyID = karid.getRKeyID(); - - // Note: 'date' and 'other' fields of RecipientKeyIdentifier appear to be only informational - - rid = new KeyAgreeRecipientId(rKeyID.getSubjectKeyIdentifier().getOctets()); - } - - infos.add(new KeyAgreeRecipientInformation(info, rid, id.getEncryptedKey(), messageAlgorithm, - secureReadable, additionalData)); - } - } - - KeyAgreeRecipientInformation( - KeyAgreeRecipientInfo info, - RecipientId rid, - ASN1OctetString encryptedKey, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); - - this.info = info; - this.rid = rid; - this.encryptedKey = encryptedKey; - } - - private SubjectPublicKeyInfo getSenderPublicKeyInfo(AlgorithmIdentifier recKeyAlgId, - OriginatorIdentifierOrKey originator) - throws CMSException, IOException - { - OriginatorPublicKey opk = originator.getOriginatorKey(); - if (opk != null) - { - return getPublicKeyInfoFromOriginatorPublicKey(recKeyAlgId, opk); - } - - OriginatorId origID; - - IssuerAndSerialNumber iAndSN = originator.getIssuerAndSerialNumber(); - if (iAndSN != null) - { - origID = new OriginatorId(iAndSN.getName(), iAndSN.getSerialNumber().getValue()); - } - else - { - SubjectKeyIdentifier ski = originator.getSubjectKeyIdentifier(); - - origID = new OriginatorId(ski.getKeyIdentifier()); - } - - return getPublicKeyInfoFromOriginatorId(origID); - } - - private SubjectPublicKeyInfo getPublicKeyInfoFromOriginatorPublicKey(AlgorithmIdentifier recKeyAlgId, - OriginatorPublicKey originatorPublicKey) - { - SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo( - recKeyAlgId, - originatorPublicKey.getPublicKey().getBytes()); - - return pubInfo; - } - - private SubjectPublicKeyInfo getPublicKeyInfoFromOriginatorId(OriginatorId origID) - throws CMSException - { - // TODO Support all alternatives for OriginatorIdentifierOrKey - // see RFC 3852 6.2.2 - throw new CMSException("No support for 'originator' as IssuerAndSerialNumber or SubjectKeyIdentifier"); - } - - protected RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException, IOException - { - KeyAgreeRecipient agreeRecipient = (KeyAgreeRecipient)recipient; - AlgorithmIdentifier recKeyAlgId = agreeRecipient.getPrivateKeyAlgorithmIdentifier(); - - return ((KeyAgreeRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, getSenderPublicKeyInfo(recKeyAlgId, - info.getOriginator()), info.getUserKeyingMaterial(), encryptedKey.getOctets()); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/KeyTransRecipientInformation.java b/pkix/src/main/j2me/org/bouncycastle/cms/KeyTransRecipientInformation.java deleted file mode 100644 index 1c319008..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/KeyTransRecipientInformation.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.cms; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - - -/** - * the KeyTransRecipientInformation class for a recipient who has been sent a secret - * key encrypted using their public key that needs to be used to - * extract the message. - */ -public class KeyTransRecipientInformation - extends RecipientInformation -{ - private KeyTransRecipientInfo info; - - KeyTransRecipientInformation( - KeyTransRecipientInfo info, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); - - this.info = info; - - RecipientIdentifier r = info.getRecipientIdentifier(); - - if (r.isTagged()) - { - ASN1OctetString octs = ASN1OctetString.getInstance(r.getId()); - - rid = new KeyTransRecipientId(octs.getOctets()); - } - else - { - IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.getInstance(r.getId()); - - rid = new KeyTransRecipientId(iAnds.getName(), iAnds.getSerialNumber().getValue()); - } - } - - protected RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException - { - return ((KeyTransRecipient)recipient).getRecipientOperator(keyEncAlg, messageAlgorithm, info.getEncryptedKey().getOctets()); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/PasswordRecipientInformation.java b/pkix/src/main/j2me/org/bouncycastle/cms/PasswordRecipientInformation.java deleted file mode 100644 index d7639e9f..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/PasswordRecipientInformation.java +++ /dev/null @@ -1,135 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.cms.PasswordRecipientInfo; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.util.Integers; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using a password. - */ -public class PasswordRecipientInformation - extends RecipientInformation -{ - static Map KEYSIZES = new HashMap(); - static Map BLOCKSIZES = new HashMap(); - - static - { - BLOCKSIZES.put(CMSAlgorithm.DES_EDE3_CBC, Integers.valueOf(8)); - BLOCKSIZES.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(16)); - BLOCKSIZES.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(16)); - BLOCKSIZES.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(16)); - - KEYSIZES.put(CMSAlgorithm.DES_EDE3_CBC, Integers.valueOf(192)); - KEYSIZES.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(128)); - KEYSIZES.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(192)); - KEYSIZES.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(256)); - } - - private PasswordRecipientInfo info; - - PasswordRecipientInformation( - PasswordRecipientInfo info, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData); - - this.info = info; - this.rid = new PasswordRecipientId(); - } - - /** - * return the object identifier for the key derivation algorithm, or null - * if there is none present. - * - * @return OID for key derivation algorithm, if present. - */ - public String getKeyDerivationAlgOID() - { - if (info.getKeyDerivationAlgorithm() != null) - { - return info.getKeyDerivationAlgorithm().getAlgorithm().getId(); - } - - return null; - } - - /** - * return the ASN.1 encoded key derivation algorithm parameters, or null if - * there aren't any. - * @return ASN.1 encoding of key derivation algorithm parameters. - */ - public byte[] getKeyDerivationAlgParams() - { - try - { - if (info.getKeyDerivationAlgorithm() != null) - { - ASN1Encodable params = info.getKeyDerivationAlgorithm().getParameters(); - if (params != null) - { - return params.toASN1Primitive().getEncoded(); - } - } - - return null; - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * Return the key derivation algorithm details for the key in this recipient. - * - * @return AlgorithmIdentifier representing the key derivation algorithm. - */ - public AlgorithmIdentifier getKeyDerivationAlgorithm() - { - return info.getKeyDerivationAlgorithm(); - } - - protected RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException, IOException - { - PasswordRecipient pbeRecipient = (PasswordRecipient)recipient; - AlgorithmIdentifier kekAlg = AlgorithmIdentifier.getInstance(info.getKeyEncryptionAlgorithm()); - AlgorithmIdentifier kekAlgParams = AlgorithmIdentifier.getInstance(kekAlg.getParameters()); - - byte[] passwordBytes = getPasswordBytes(pbeRecipient.getPasswordConversionScheme(), - pbeRecipient.getPassword()); - PBKDF2Params params = PBKDF2Params.getInstance(info.getKeyDerivationAlgorithm().getParameters()); - - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - gen.init(passwordBytes, params.getSalt(), params.getIterationCount().intValue()); - - int keySize = ((Integer)KEYSIZES.get(kekAlgParams.getAlgorithm())).intValue(); - - byte[] derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - - return pbeRecipient.getRecipientOperator(kekAlgParams, messageAlgorithm, derivedKey, info.getEncryptedKey().getOctets()); - } - - protected byte[] getPasswordBytes(int scheme, char[] password) - { - if (scheme == PasswordRecipient.PKCS5_SCHEME2) - { - return PBEParametersGenerator.PKCS5PasswordToBytes(password); - } - - return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password); - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/RecipientInformation.java b/pkix/src/main/j2me/org/bouncycastle/cms/RecipientInformation.java deleted file mode 100644 index a4e2f108..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/RecipientInformation.java +++ /dev/null @@ -1,181 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.util.io.Streams; - -public abstract class RecipientInformation -{ - protected RecipientId rid; - protected AlgorithmIdentifier keyEncAlg; - protected AlgorithmIdentifier messageAlgorithm; - protected CMSSecureReadable secureReadable; - - private AuthAttributesProvider additionalData; - - private byte[] resultMac; - private RecipientOperator operator; - - RecipientInformation( - AlgorithmIdentifier keyEncAlg, - AlgorithmIdentifier messageAlgorithm, - CMSSecureReadable secureReadable, - AuthAttributesProvider additionalData) - { - this.keyEncAlg = keyEncAlg; - this.messageAlgorithm = messageAlgorithm; - this.secureReadable = secureReadable; - this.additionalData = additionalData; - } - - public RecipientId getRID() - { - return rid; - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } - - /** - * Return the key encryption algorithm details for the key in this recipient. - * - * @return AlgorithmIdentifier representing the key encryption algorithm. - */ - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncAlg; - } - - /** - * return the object identifier for the key encryption algorithm. - * - * @return OID for key encryption algorithm. - */ - public String getKeyEncryptionAlgOID() - { - return keyEncAlg.getObjectId().getId(); - } - - /** - * return the ASN.1 encoded key encryption algorithm parameters, or null if - * there aren't any. - * - * @return ASN.1 encoding of key encryption algorithm parameters. - */ - public byte[] getKeyEncryptionAlgParams() - { - try - { - return encodeObj(keyEncAlg.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * Return the content digest calculated during the read of the content if one has been generated. This will - * only happen if we are dealing with authenticated data and authenticated attributes are present. - * - * @return byte array containing the digest. - */ - public byte[] getContentDigest() - { - if (secureReadable instanceof CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable) - { - return ((CMSEnvelopedHelper.CMSDigestAuthenticatedSecureReadable)secureReadable).getDigest(); - } - - return null; - } - - /** - * Return the MAC calculated for the recipient. Note: this call is only meaningful once all - * the content has been read. - * - * @return byte array containing the mac. - */ - public byte[] getMac() - { - if (resultMac == null) - { - if (operator.isMacBased()) - { - if (additionalData != null) - { - try - { - Streams.drain(operator.getInputStream(new ByteArrayInputStream(additionalData.getAuthAttributes().getEncoded(ASN1Encoding.DER)))); - } - catch (IOException e) - { - e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. - } - } - resultMac = operator.getMac(); - } - } - - return resultMac; - } - - /** - * Return the decrypted/encapsulated content in the EnvelopedData after recovering the content - * encryption/MAC key using the passed in Recipient. - * - * @param recipient recipient object to use to recover content encryption key - * @return the content inside the EnvelopedData this RecipientInformation is associated with. - * @throws CMSException if the content-encryption/MAC key cannot be recovered. - */ - public byte[] getContent( - Recipient recipient) - throws CMSException - { - try - { - return CMSUtils.streamToByteArray(getContentStream(recipient).getContentStream()); - } - catch (IOException e) - { - throw new CMSException("unable to parse internal stream: " + e.getMessage(), e); - } - } - - /** - * Return a CMSTypedStream representing the content in the EnvelopedData after recovering the content - * encryption/MAC key using the passed in Recipient. - * - * @param recipient recipient object to use to recover content encryption key - * @return the content inside the EnvelopedData this RecipientInformation is associated with. - * @throws CMSException if the content-encryption/MAC key cannot be recovered. - */ - public CMSTypedStream getContentStream(Recipient recipient) - throws CMSException, IOException - { - operator = getRecipientOperator(recipient); - - if (additionalData != null) - { - return new CMSTypedStream(secureReadable.getInputStream()); - } - - return new CMSTypedStream(operator.getInputStream(secureReadable.getInputStream())); - } - - protected abstract RecipientOperator getRecipientOperator(Recipient recipient) - throws CMSException, IOException; -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/SignerInfoGenerator.java b/pkix/src/main/j2me/org/bouncycastle/cms/SignerInfoGenerator.java deleted file mode 100644 index 440e3a12..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/SignerInfoGenerator.java +++ /dev/null @@ -1,282 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.SignerIdentifier; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; -import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.DigestCalculatorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.io.TeeOutputStream; - -public class SignerInfoGenerator -{ - private final SignerIdentifier signerIdentifier; - private final CMSAttributeTableGenerator sAttrGen; - private final CMSAttributeTableGenerator unsAttrGen; - private final ContentSigner signer; - private final DigestCalculator digester; - private final DigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); - private final CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder; - - private byte[] calculatedDigest = null; - private X509CertificateHolder certHolder; - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder) - throws OperatorCreationException - { - this(signerIdentifier, signer, digesterProvider, sigEncAlgFinder, false); - } - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder, - boolean isDirectSignature) - throws OperatorCreationException - { - this.signerIdentifier = signerIdentifier; - this.signer = signer; - - if (digesterProvider != null) - { - this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier())); - } - else - { - this.digester = null; - } - - if (isDirectSignature) - { - this.sAttrGen = null; - this.unsAttrGen = null; - } - else - { - this.sAttrGen = new DefaultSignedAttributeTableGenerator(); - this.unsAttrGen = null; - } - - this.sigEncAlgFinder = sigEncAlgFinder; - } - - public SignerInfoGenerator( - SignerInfoGenerator original, - CMSAttributeTableGenerator sAttrGen, - CMSAttributeTableGenerator unsAttrGen) - { - this.signerIdentifier = original.signerIdentifier; - this.signer = original.signer; - this.digester = original.digester; - this.sigEncAlgFinder = original.sigEncAlgFinder; - this.sAttrGen = sAttrGen; - this.unsAttrGen = unsAttrGen; - } - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder, - CMSAttributeTableGenerator sAttrGen, - CMSAttributeTableGenerator unsAttrGen) - throws OperatorCreationException - { - this.signerIdentifier = signerIdentifier; - this.signer = signer; - - if (digesterProvider != null) - { - this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier())); - } - else - { - this.digester = null; - } - - this.sAttrGen = sAttrGen; - this.unsAttrGen = unsAttrGen; - this.sigEncAlgFinder = sigEncAlgFinder; - } - - public boolean hasAssociatedCertificate() - { - return certHolder != null; - } - - public X509CertificateHolder getAssociatedCertificate() - { - return certHolder; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - if (digester != null) - { - return digester.getAlgorithmIdentifier(); - } - - return digAlgFinder.find(signer.getAlgorithmIdentifier()); - } - - public OutputStream getCalculatingOutputStream() - { - if (digester != null) - { - if (sAttrGen == null) - { - return new TeeOutputStream(digester.getOutputStream(), signer.getOutputStream()); - } - return digester.getOutputStream(); - } - else - { - return signer.getOutputStream(); - } - } - - public SignerInfo generate(ASN1ObjectIdentifier contentType) - throws CMSException - { - try - { - /* RFC 3852 5.4 - * The result of the message digest calculation process depends on - * whether the signedAttrs field is present. When the field is absent, - * the result is just the message digest of the content as described - * - * above. When the field is present, however, the result is the message - * digest of the complete DER encoding of the SignedAttrs value - * contained in the signedAttrs field. - */ - ASN1Set signedAttr = null; - - AlgorithmIdentifier digestAlg = null; - - if (sAttrGen != null) - { - digestAlg = digester.getAlgorithmIdentifier(); - calculatedDigest = digester.getDigest(); - Map parameters = getBaseParameters(contentType, digester.getAlgorithmIdentifier(), calculatedDigest); - AttributeTable signed = sAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); - - signedAttr = getAttributeSet(signed); - - // sig must be composed from the DER encoding. - OutputStream sOut = signer.getOutputStream(); - - sOut.write(signedAttr.getEncoded(ASN1Encoding.DER)); - - sOut.close(); - } - else - { - if (digester != null) - { - digestAlg = digester.getAlgorithmIdentifier(); - calculatedDigest = digester.getDigest(); - } - else - { - digestAlg = digAlgFinder.find(signer.getAlgorithmIdentifier()); - calculatedDigest = null; - } - } - - byte[] sigBytes = signer.getSignature(); - - ASN1Set unsignedAttr = null; - if (unsAttrGen != null) - { - Map parameters = getBaseParameters(contentType, digestAlg, calculatedDigest); - parameters.put(CMSAttributeTableGenerator.SIGNATURE, Arrays.clone(sigBytes)); - - AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); - - unsignedAttr = getAttributeSet(unsigned); - } - - AlgorithmIdentifier digestEncryptionAlgorithm = sigEncAlgFinder.findEncryptionAlgorithm(signer.getAlgorithmIdentifier()); - - return new SignerInfo(signerIdentifier, digestAlg, - signedAttr, digestEncryptionAlgorithm, new DEROctetString(sigBytes), unsignedAttr); - } - catch (IOException e) - { - throw new CMSException("encoding error.", e); - } - } - - void setAssociatedCertificate(X509CertificateHolder certHolder) - { - this.certHolder = certHolder; - } - - private ASN1Set getAttributeSet( - AttributeTable attr) - { - if (attr != null) - { - return new DERSet(attr.toASN1EncodableVector()); - } - - return null; - } - - private Map getBaseParameters(DERObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) - { - Map param = new HashMap(); - - if (contentType != null) - { - param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); - } - - param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); - return param; - } - - public byte[] getCalculatedDigest() - { - if (calculatedDigest != null) - { - return Arrays.clone(calculatedDigest); - } - - return null; - } - - public CMSAttributeTableGenerator getSignedAttributeTableGenerator() - { - return sAttrGen; - } - - public CMSAttributeTableGenerator getUnsignedAttributeTableGenerator() - { - return unsAttrGen; - } -} diff --git a/pkix/src/main/j2me/org/bouncycastle/cms/SignerInformation.java b/pkix/src/main/j2me/org/bouncycastle/cms/SignerInformation.java deleted file mode 100644 index 76bb6776..00000000 --- a/pkix/src/main/j2me/org/bouncycastle/cms/SignerInformation.java +++ /dev/null @@ -1,662 +0,0 @@ -package org.bouncycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.SignerIdentifier; -import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.asn1.cms.Time; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.ContentVerifier; -import org.bouncycastle.operator.DigestCalculator; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.RawContentVerifier; -import org.bouncycastle.util.Arrays; - -/** - * an expanded SignerInfo block from a CMS Signed message - */ -public class SignerInformation -{ - private SignerId sid; - private SignerInfo info; - private AlgorithmIdentifier digestAlgorithm; - private AlgorithmIdentifier encryptionAlgorithm; - private final ASN1Set signedAttributeSet; - private final ASN1Set unsignedAttributeSet; - private CMSProcessable content; - private byte[] signature; - private ASN1ObjectIdentifier contentType; - private byte[] resultDigest; - - // Derived - private AttributeTable signedAttributeValues; - private AttributeTable unsignedAttributeValues; - private boolean isCounterSignature; - - SignerInformation( - SignerInfo info, - ASN1ObjectIdentifier contentType, - CMSProcessable content, - byte[] resultDigest) - { - this.info = info; - this.contentType = contentType; - this.isCounterSignature = contentType == null; - - SignerIdentifier s = info.getSID(); - - if (s.isTagged()) - { - ASN1OctetString octs = ASN1OctetString.getInstance(s.getId()); - - sid = new SignerId(octs.getOctets()); - } - else - { - IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.getInstance(s.getId()); - - sid = new SignerId(iAnds.getName(), iAnds.getSerialNumber().getValue()); - } - - this.digestAlgorithm = info.getDigestAlgorithm(); - this.signedAttributeSet = info.getAuthenticatedAttributes(); - this.unsignedAttributeSet = info.getUnauthenticatedAttributes(); - this.encryptionAlgorithm = info.getDigestEncryptionAlgorithm(); - this.signature = info.getEncryptedDigest().getOctets(); - - this.content = content; - this.resultDigest = resultDigest; - } - - public boolean isCounterSignature() - { - return isCounterSignature; - } - - public ASN1ObjectIdentifier getContentType() - { - return this.contentType; - } - - private byte[] encodeObj( - ASN1Encodable obj) - throws IOException - { - if (obj != null) - { - return obj.toASN1Primitive().getEncoded(); - } - - return null; - } - - public SignerId getSID() - { - return sid; - } - - /** - * return the version number for this objects underlying SignerInfo structure. - */ - public int getVersion() - { - return info.getVersion().getValue().intValue(); - } - - public AlgorithmIdentifier getDigestAlgorithmID() - { - return digestAlgorithm; - } - - /** - * return the object identifier for the signature. - */ - public String getDigestAlgOID() - { - return digestAlgorithm.getObjectId().getId(); - } - - /** - * return the signature parameters, or null if there aren't any. - */ - public byte[] getDigestAlgParams() - { - try - { - return encodeObj(digestAlgorithm.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting digest parameters " + e); - } - } - - /** - * return the content digest that was calculated during verification. - */ - public byte[] getContentDigest() - { - if (resultDigest == null) - { - throw new IllegalStateException("method can only be called after verify."); - } - - return Arrays.clone(resultDigest); - } - - /** - * return the object identifier for the signature. - */ - public String getEncryptionAlgOID() - { - return encryptionAlgorithm.getObjectId().getId(); - } - - /** - * return the signature/encryption algorithm parameters, or null if - * there aren't any. - */ - public byte[] getEncryptionAlgParams() - { - try - { - return encodeObj(encryptionAlgorithm.getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting encryption parameters " + e); - } - } - - /** - * return a table of the signed attributes - indexed by - * the OID of the attribute. - */ - public AttributeTable getSignedAttributes() - { - if (signedAttributeSet != null && signedAttributeValues == null) - { - signedAttributeValues = new AttributeTable(signedAttributeSet); - } - - return signedAttributeValues; - } - - /** - * return a table of the unsigned attributes indexed by - * the OID of the attribute. - */ - public AttributeTable getUnsignedAttributes() - { - if (unsignedAttributeSet != null && unsignedAttributeValues == null) - { - unsignedAttributeValues = new AttributeTable(unsignedAttributeSet); - } - - return unsignedAttributeValues; - } - - /** - * return the encoded signature - */ - public byte[] getSignature() - { - return Arrays.clone(signature); - } - - /** - * Return a SignerInformationStore containing the counter signatures attached to this - * signer. If no counter signatures are present an empty store is returned. - */ - public SignerInformationStore getCounterSignatures() - { - // TODO There are several checks implied by the RFC3852 comments that are missing - - /* - The countersignature attribute MUST be an unsigned attribute; it MUST - NOT be a signed attribute, an authenticated attribute, an - unauthenticated attribute, or an unprotected attribute. - */ - AttributeTable unsignedAttributeTable = getUnsignedAttributes(); - if (unsignedAttributeTable == null) - { - return new SignerInformationStore(new ArrayList(0)); - } - - List counterSignatures = new ArrayList(); - - /* - The UnsignedAttributes syntax is defined as a SET OF Attributes. The - UnsignedAttributes in a signerInfo may include multiple instances of - the countersignature attribute. - */ - ASN1EncodableVector allCSAttrs = unsignedAttributeTable.getAll(CMSAttributes.counterSignature); - - for (int i = 0; i < allCSAttrs.size(); ++i) - { - Attribute counterSignatureAttribute = (Attribute)allCSAttrs.get(i); - - /* - A countersignature attribute can have multiple attribute values. The - syntax is defined as a SET OF AttributeValue, and there MUST be one - or more instances of AttributeValue present. - */ - ASN1Set values = counterSignatureAttribute.getAttrValues(); - if (values.size() < 1) - { - // TODO Throw an appropriate exception? - } - - for (Enumeration en = values.getObjects(); en.hasMoreElements();) - { - /* - Countersignature values have the same meaning as SignerInfo values - for ordinary signatures, except that: - - 1. The signedAttributes field MUST NOT contain a content-type - attribute; there is no content type for countersignatures. - - 2. The signedAttributes field MUST contain a message-digest - attribute if it contains any other attributes. - - 3. The input to the message-digesting process is the contents - octets of the DER encoding of the signatureValue field of the - SignerInfo value with which the attribute is associated. - */ - SignerInfo si = SignerInfo.getInstance(en.nextElement()); - - counterSignatures.add(new SignerInformation(si, null, new CMSProcessableByteArray(getSignature()), null)); - } - } - - return new SignerInformationStore(counterSignatures); - } - - /** - * return the DER encoding of the signed attributes. - * @throws IOException if an encoding error occurs. - */ - public byte[] getEncodedSignedAttributes() - throws IOException - { - if (signedAttributeSet != null) - { - return signedAttributeSet.getEncoded(); - } - - return null; - } - - private boolean doVerify( - SignerInformationVerifier verifier) - throws CMSException - { - String encName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.getEncryptionAlgOID()); - - try - { - if (resultDigest == null) - { - DigestCalculator calc = verifier.getDigestCalculator(this.getDigestAlgorithmID()); - if (content != null) - { - OutputStream digOut = calc.getOutputStream(); - - content.write(digOut); - - digOut.close(); - } - else if (signedAttributeSet == null) - { - // TODO Get rid of this exception and just treat content==null as empty not missing? - throw new CMSException("data not encapsulated in signature - use detached constructor."); - } - - resultDigest = calc.getDigest(); - } - } - catch (IOException e) - { - throw new CMSException("can't process mime object to create signature.", e); - } - catch (OperatorCreationException e) - { - throw new CMSException("can't create digest calculator: " + e.getMessage(), e); - } - - // RFC 3852 11.1 Check the content-type attribute is correct - { - ASN1Primitive validContentType = getSingleValuedSignedAttribute( - CMSAttributes.contentType, "content-type"); - if (validContentType == null) - { - if (!isCounterSignature && signedAttributeSet != null) - { - throw new CMSException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data"); - } - } - else - { - if (isCounterSignature) - { - throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute"); - } - - if (!(validContentType instanceof DERObjectIdentifier)) - { - throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'"); - } - - DERObjectIdentifier signedContentType = (DERObjectIdentifier)validContentType; - - if (!signedContentType.equals(contentType)) - { - throw new CMSException("content-type attribute value does not match eContentType"); - } - } - } - - // RFC 3852 11.2 Check the message-digest attribute is correct - { - ASN1Primitive validMessageDigest = getSingleValuedSignedAttribute( - CMSAttributes.messageDigest, "message-digest"); - if (validMessageDigest == null) - { - if (signedAttributeSet != null) - { - throw new CMSException("the message-digest signed attribute type MUST be present when there are any signed attributes present"); - } - } - else - { - if (!(validMessageDigest instanceof ASN1OctetString)) - { - throw new CMSException("message-digest attribute value not of ASN.1 type 'OCTET STRING'"); - } - - ASN1OctetString signedMessageDigest = (ASN1OctetString)validMessageDigest; - - if (!Arrays.constantTimeAreEqual(resultDigest, signedMessageDigest.getOctets())) - { - throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value"); - } - } - } - - // RFC 3852 11.4 Validate countersignature attribute(s) - { - AttributeTable signedAttrTable = this.getSignedAttributes(); - if (signedAttrTable != null - && signedAttrTable.getAll(CMSAttributes.counterSignature).size() > 0) - { - throw new CMSException("A countersignature attribute MUST NOT be a signed attribute"); - } - - AttributeTable unsignedAttrTable = this.getUnsignedAttributes(); - if (unsignedAttrTable != null) - { - ASN1EncodableVector csAttrs = unsignedAttrTable.getAll(CMSAttributes.counterSignature); - for (int i = 0; i < csAttrs.size(); ++i) - { - Attribute csAttr = (Attribute)csAttrs.get(i); - if (csAttr.getAttrValues().size() < 1) - { - throw new CMSException("A countersignature attribute MUST contain at least one AttributeValue"); - } - - // Note: We don't recursively validate the countersignature value - } - } - } - - try - { - ContentVerifier contentVerifier = verifier.getContentVerifier(encryptionAlgorithm, info.getDigestAlgorithm()); - OutputStream sigOut = contentVerifier.getOutputStream(); - - if (signedAttributeSet == null) - { - if (resultDigest != null) - { - if (contentVerifier instanceof RawContentVerifier) - { - RawContentVerifier rawVerifier = (RawContentVerifier)contentVerifier; - - if (encName.equals("RSA")) - { - DigestInfo digInfo = new DigestInfo(digestAlgorithm, resultDigest); - - return rawVerifier.verify(digInfo.getEncoded(ASN1Encoding.DER), this.getSignature()); - } - - return rawVerifier.verify(resultDigest, this.getSignature()); - } - - throw new CMSException("verifier unable to process raw signature"); - } - else if (content != null) - { - // TODO Use raw signature of the hash value instead - content.write(sigOut); - } - } - else - { - sigOut.write(this.getEncodedSignedAttributes()); - } - - sigOut.close(); - - return contentVerifier.verify(this.getSignature()); - } - catch (IOException e) - { - throw new CMSException("can't process mime object to create signature.", e); - } - catch (OperatorCreationException e) - { - throw new CMSException("can't create content verifier: " + e.getMessage(), e); - } - } - - /** - * Verify that the given verifier can successfully verify the signature on - * this SignerInformation object. - * - * @param verifier a suitably configured SignerInformationVerifier. - * @return true if the signer information is verified, false otherwise. - * @throws org.bouncycastle.cms.CMSVerifierCertificateNotValidException if the provider has an associated certificate and the certificate is not valid at the time given as the SignerInfo's signing time. - * @throws org.bouncycastle.cms.CMSException if the verifier is unable to create a ContentVerifiers or DigestCalculators. - */ - public boolean verify(SignerInformationVerifier verifier) - throws CMSException - { - Time signingTime = getSigningTime(); // has to be validated if present. - - if (verifier.hasAssociatedCertificate()) - { - if (signingTime != null) - { - X509CertificateHolder dcv = verifier.getAssociatedCertificate(); - - if (!dcv.isValidOn(signingTime.getDate())) - { - throw new CMSVerifierCertificateNotValidException("verifier not valid at signingTime"); - } - } - } - - return doVerify(verifier); - } - - /** - * Return the base ASN.1 CMS structure that this object contains. - * - * @return an object containing a CMS SignerInfo structure. - * @deprecated use toASN1Structure() - */ - public SignerInfo toSignerInfo() - { - return info; - } - - /** - * Return the underlying ASN.1 object defining this SignerInformation object. - * - * @return a SignerInfo. - */ - public SignerInfo toASN1Structure() - { - return info; - } - - private ASN1Primitive getSingleValuedSignedAttribute( - ASN1ObjectIdentifier attrOID, String printableName) - throws CMSException - { - AttributeTable unsignedAttrTable = this.getUnsignedAttributes(); - if (unsignedAttrTable != null - && unsignedAttrTable.getAll(attrOID).size() > 0) - { - throw new CMSException("The " + printableName - + " attribute MUST NOT be an unsigned attribute"); - } - - AttributeTable signedAttrTable = this.getSignedAttributes(); - if (signedAttrTable == null) - { - return null; - } - - ASN1EncodableVector v = signedAttrTable.getAll(attrOID); - switch (v.size()) - { - case 0: - return null; - case 1: - { - Attribute t = (Attribute)v.get(0); - ASN1Set attrValues = t.getAttrValues(); - if (attrValues.size() != 1) - { - throw new CMSException("A " + printableName - + " attribute MUST have a single attribute value"); - } - - return attrValues.getObjectAt(0).toASN1Primitive(); - } - default: - throw new CMSException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the " - + printableName + " attribute"); - } - } - - private Time getSigningTime() throws CMSException - { - ASN1Primitive validSigningTime = getSingleValuedSignedAttribute( - CMSAttributes.signingTime, "signing-time"); - - if (validSigningTime == null) - { - return null; - } - - try - { - return Time.getInstance(validSigningTime); - } - catch (IllegalArgumentException e) - { - throw new CMSException("signing-time attribute value not a valid 'Time' structure"); - } - } - - /** - * Return a signer information object with the passed in unsigned - * attributes replacing the ones that are current associated with - * the object passed in. - * - * @param signerInformation the signerInfo to be used as the basis. - * @param unsignedAttributes the unsigned attributes to add. - * @return a copy of the original SignerInformationObject with the changed attributes. - */ - public static SignerInformation replaceUnsignedAttributes( - SignerInformation signerInformation, - AttributeTable unsignedAttributes) - { - SignerInfo sInfo = signerInformation.info; - ASN1Set unsignedAttr = null; - - if (unsignedAttributes != null) - { - unsignedAttr = new DERSet(unsignedAttributes.toASN1EncodableVector()); - } - - return new SignerInformation( - new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(), - sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), unsignedAttr), - signerInformation.contentType, signerInformation.content, null); - } - - /** - * Return a signer information object with passed in SignerInformationStore representing counter - * signatures attached as an unsigned attribute. - * - * @param signerInformation the signerInfo to be used as the basis. - * @param counterSigners signer info objects carrying counter signature. - * @return a copy of the original SignerInformationObject with the changed attributes. - */ - public static SignerInformation addCounterSigners( - SignerInformation signerInformation, - SignerInformationStore counterSigners) - { - // TODO Perform checks from RFC 3852 11.4 - - SignerInfo sInfo = signerInformation.info; - AttributeTable unsignedAttr = signerInformation.getUnsignedAttributes(); - ASN1EncodableVector v; - - if (unsignedAttr != null) - { - v = unsignedAttr.toASN1EncodableVector(); - } - else - { - v = new ASN1EncodableVector(); - } - - ASN1EncodableVector sigs = new ASN1EncodableVector(); - - for (Iterator it = counterSigners.getSigners().iterator(); it.hasNext();) - { - sigs.add(((SignerInformation)it.next()).toSignerInfo()); - } - - v.add(new Attribute(CMSAttributes.counterSignature, new DERSet(sigs))); - - return new SignerInformation( - new SignerInfo(sInfo.getSID(), sInfo.getDigestAlgorithm(), - sInfo.getAuthenticatedAttributes(), sInfo.getDigestEncryptionAlgorithm(), sInfo.getEncryptedDigest(), new DERSet(v)), - signerInformation.contentType, signerInformation.content, null); - } -} |