SignerInfoWithPkey.java

/src/java/org/jruby/ext/openssl/impl/SignerInfoWithPkey.java

https://github.com/duncanmak/jruby-ossl
Java | 364 lines | 231 code | 48 blank | 85 comment | 36 complexity | a36b1b54d9a1576a54e03312608fe8b2 MD5 | raw file

/***** BEGIN LICENSE BLOCK *****
 * Version: CPL 1.0/GPL 2.0/LGPL 2.1
 *
 * The contents of this file are subject to the Common Public
 * License Version 1.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.eclipse.org/legal/cpl-v10.html
 *
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * Copyright (C) 2008 Ola Bini <ola.bini@gmail.com>
 * 
 * Alternatively, the contents of this file may be used under the terms of
 * either of the GNU General Public License Version 2 or later (the "GPL"),
 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 * in which case the provisions of the GPL or the LGPL are applicable instead
 * of those above. If you wish to allow use of your version of this file only
 * under the terms of either the GPL or the LGPL, and not to allow others to
 * use your version of this file under the terms of the CPL, indicate your
 * decision by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL or the LGPL. If you do not delete
 * the provisions above, a recipient may use your version of this file under
 * the terms of any one of the CPL, the GPL or the LGPL.
 ***** END LICENSE BLOCK *****/
package org.jruby.ext.openssl.impl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Enumeration;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import org.bouncycastle.asn1.pkcs.SignerInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.X509Name;
import org.jruby.ext.openssl.x509store.X509AuxCertificate;

/**
 *
 * @author <a href="mailto:ola.bini@gmail.com">Ola Bini</a>
 */
public class SignerInfoWithPkey extends ASN1Encodable {
    private DERInteger              version;
    private IssuerAndSerialNumber   issuerAndSerialNumber;
    private AlgorithmIdentifier     digAlgorithm;
    private ASN1Set                 authenticatedAttributes;
    private AlgorithmIdentifier     digEncryptionAlgorithm;
    private ASN1OctetString         encryptedDigest;
    private ASN1Set                 unauthenticatedAttributes;

    public static SignerInfoWithPkey getInstance(Object o) {
        if(o instanceof SignerInfo) {
            return (SignerInfoWithPkey)o;
        } else if (o instanceof ASN1Sequence) {
            return new SignerInfoWithPkey((ASN1Sequence)o);
        }

        throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName());
    }

    public SignerInfoWithPkey dup() {
        SignerInfoWithPkey copy = new SignerInfoWithPkey(version, 
                                                         issuerAndSerialNumber,
                                                         digAlgorithm,
                                                         authenticatedAttributes,
                                                         digEncryptionAlgorithm,
                                                         encryptedDigest,
                                                         unauthenticatedAttributes);
        copy.pkey = pkey;
        return copy;
    }

    SignerInfoWithPkey() {        
    }

    public SignerInfoWithPkey(DERInteger              version,
        IssuerAndSerialNumber   issuerAndSerialNumber,
        AlgorithmIdentifier     digAlgorithm,
        ASN1Set                 authenticatedAttributes,
        AlgorithmIdentifier     digEncryptionAlgorithm,
        ASN1OctetString         encryptedDigest,
        ASN1Set                 unauthenticatedAttributes) {
        this.version = version;
        this.issuerAndSerialNumber = issuerAndSerialNumber;
        this.digAlgorithm = digAlgorithm;
        this.authenticatedAttributes = authenticatedAttributes;
        this.digEncryptionAlgorithm = digEncryptionAlgorithm;
        this.encryptedDigest = encryptedDigest;
        this.unauthenticatedAttributes = unauthenticatedAttributes;
    }

    public SignerInfoWithPkey(ASN1Sequence seq) {
        Enumeration     e = seq.getObjects();

        version = (DERInteger)e.nextElement();
        issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(e.nextElement());
        digAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement());

        Object obj = e.nextElement();

        if(obj instanceof ASN1TaggedObject) {
            authenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)obj, false);

            digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement());
        }
        else {
            authenticatedAttributes = null;
            digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(obj);
        }

        encryptedDigest = ASN1OctetString.getInstance(e.nextElement());

        if(e.hasMoreElements()) {
            unauthenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)e.nextElement(), false);
        }
        else {
            unauthenticatedAttributes = null;
        }
    }

    public DERInteger getVersion() {
        return version;
    }

    public IssuerAndSerialNumber getIssuerAndSerialNumber() {
        return issuerAndSerialNumber;
    }

    public ASN1Set getAuthenticatedAttributes() {
        return authenticatedAttributes;
    }

    public AlgorithmIdentifier getDigestAlgorithm() {
        return digAlgorithm;
    }

    public ASN1OctetString getEncryptedDigest() {
        return encryptedDigest;
    }

    public AlgorithmIdentifier getDigestEncryptionAlgorithm() {
        return digEncryptionAlgorithm;
    }

    public ASN1Set getUnauthenticatedAttributes() {
        return unauthenticatedAttributes;
    }

    /* c: PKCS7_SIGNER_INFO_set
     *
     */
    public void set(X509AuxCertificate x509, PrivateKey pkey, MessageDigest dgst) throws PKCS7Exception {
        boolean dsa = 
            (pkey instanceof DSAPrivateKey) || 
            (pkey instanceof ECPrivateKey);

        version = new DERInteger(1);

        try {
            X509Name issuer = X509Name.getInstance(new ASN1InputStream(new ByteArrayInputStream(x509.getIssuerX500Principal().getEncoded())).readObject());
            BigInteger serial = x509.getSerialNumber();
            issuerAndSerialNumber = new IssuerAndSerialNumber(issuer, serial);
        } catch(IOException e) {
            throw new PKCS7Exception(-1, -1, e);
        }

        this.pkey = pkey;
        
        if(dsa) {
            digAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_sha1));
        } else {
            digAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(EVP.type(dgst)));
        }
        
        if(pkey instanceof RSAPrivateKey) {
            digEncryptionAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_rsaEncryption));
        } else if(pkey instanceof DSAPrivateKey) {
            digEncryptionAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_dsa));
        } else if(pkey instanceof ECPrivateKey) {
            digEncryptionAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_ecdsa_with_SHA1));
        }
    }

    /**
     * Produce an object suitable for an ASN1OutputStream.
     * <pre>
     *  SignerInfo ::= SEQUENCE {
     *      version Version,
     *      issuerAndSerialNumber IssuerAndSerialNumber,
     *      digestAlgorithm DigestAlgorithmIdentifier,
     *      authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
     *      digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
     *      encryptedDigest EncryptedDigest,
     *      unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
     *  }
     *
     *  EncryptedDigest ::= OCTET STRING
     *
     *  DigestAlgorithmIdentifier ::= AlgorithmIdentifier
     *
     *  DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
     * </pre>
     */
    public DERObject toASN1Object() {
        ASN1EncodableVector v = new ASN1EncodableVector();

        v.add(version);
        v.add(issuerAndSerialNumber);
        v.add(digAlgorithm);

        if (authenticatedAttributes != null) {
            v.add(new DERTaggedObject(false, 0, authenticatedAttributes));
        }

        v.add(digEncryptionAlgorithm);
        v.add(encryptedDigest);

        if (unauthenticatedAttributes != null) {
            v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes));
        }

        return new DERSequence(v);
    }

    /**
     * Describe pkey here.
     */
    private PrivateKey pkey;

    /**
     * Get the <code>Pkey</code> value.
     *
     * @return a <code>PrivateKey</code> value
     */
    public final PrivateKey getPkey() {
        return pkey;
    }

    /**
     * Set the <code>Pkey</code> value.
     *
     * @param newPkey The new Pkey value.
     */
    public final void setPkey(final PrivateKey newPkey) {
        this.pkey = newPkey;
    }

    public void setAuthenticatedAttributes(ASN1Set authAttr) {
        this.authenticatedAttributes = authAttr;
    }

    public void setUnauthenticatedAttributes(ASN1Set unauthAttr) {
        this.unauthenticatedAttributes = unauthAttr;
    }

    public void setEncryptedDigest(ASN1OctetString encryptedDigest) {
        this.encryptedDigest = encryptedDigest;
    }

    /** c: PKCS7_get_signed_attribute
     *
     */
    public DEREncodable getSignedAttribute(int nid) {
        return getAttribute(this.authenticatedAttributes, nid);
    }

    /** c: PKCS7_get_attribute
     *
     */
    public DEREncodable getAttribute(int nid) {
        return getAttribute(this.unauthenticatedAttributes, nid);
    }

    /** c: static get_attribute
     *
     */
    public static DEREncodable getAttribute(ASN1Set sk, int nid) {
        Attribute xa = null;
        DERObjectIdentifier o = ASN1Registry.nid2obj(nid);

        if(null == o || null == sk) {
            return null;
        }

        for(Enumeration e = sk.getObjects(); e.hasMoreElements();) {
            Object val = e.nextElement();
            if(val instanceof Attribute) {
                xa = (Attribute)val;
            } else {
                xa = Attribute.getInstance(val);
            }

            if(o.equals(xa.getAttrType())) {
                if(xa.getAttrValues().size() > 0) {
                    return xa.getAttrValues().getObjectAt(0);
                } else {
                    return null;
                }
            }
        }
        return null;
    }

    /** c: PKCS7_add_signed_attribute
     *
     */
    public void addSignedAttribute(int atrType, DEREncodable value) {
        this.authenticatedAttributes = addAttribute(this.authenticatedAttributes, atrType, value);
    }

    /** c: PKCS7_add_attribute
     *
     */
    public void addAttribute(int atrType, DEREncodable value) {
        this.unauthenticatedAttributes = addAttribute(this.unauthenticatedAttributes, atrType, value);
    }

    /** c: static add_attribute
     *
     */
    private ASN1Set addAttribute(ASN1Set base, int atrType, DEREncodable value) {
        ASN1EncodableVector vector = new ASN1EncodableVector();
        if(base == null) {
            base = new DERSet();
        }
        Attribute attr = null;
        for(Enumeration e = base.getObjects(); e.hasMoreElements();) {
            Object val = e.nextElement();
            if(val instanceof Attribute) {
                attr = (Attribute)val;
            } else {
                attr = Attribute.getInstance(val);
            }
            if(ASN1Registry.obj2nid(attr.getAttrType()) != atrType) {
                vector.add(attr);
            }
        }
        attr = new Attribute(ASN1Registry.nid2obj(atrType), new DERSet(value));
        vector.add(attr);
        return new DERSet(vector);
    }
}// SignerInfoWithPkey