/src/java/org/jruby/ext/openssl/impl/SignerInfoWithPkey.java
Java | 364 lines | 231 code | 48 blank | 85 comment | 36 complexity | a36b1b54d9a1576a54e03312608fe8b2 MD5 | raw file
- /***** BEGIN LICENSE BLOCK *****
- * Version: CPL 1.0/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Common Public
- * License Version 1.0 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.eclipse.org/legal/cpl-v10.html
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * Copyright (C) 2008 Ola Bini <ola.bini@gmail.com>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either of the GNU General Public License Version 2 or later (the "GPL"),
- * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the CPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the CPL, the GPL or the LGPL.
- ***** END LICENSE BLOCK *****/
- package org.jruby.ext.openssl.impl;
- import java.io.ByteArrayInputStream;
- import java.io.IOException;
- import java.math.BigInteger;
- import java.security.MessageDigest;
- import java.security.PrivateKey;
- import java.security.interfaces.DSAPrivateKey;
- import java.security.interfaces.ECPrivateKey;
- import java.security.interfaces.RSAPrivateKey;
- import java.util.Enumeration;
- import org.bouncycastle.asn1.ASN1Encodable;
- import org.bouncycastle.asn1.ASN1EncodableVector;
- import org.bouncycastle.asn1.ASN1InputStream;
- import org.bouncycastle.asn1.ASN1OctetString;
- import org.bouncycastle.asn1.ASN1Sequence;
- import org.bouncycastle.asn1.ASN1Set;
- import org.bouncycastle.asn1.ASN1TaggedObject;
- import org.bouncycastle.asn1.DEREncodable;
- import org.bouncycastle.asn1.DERInteger;
- import org.bouncycastle.asn1.DERObject;
- import org.bouncycastle.asn1.DERObjectIdentifier;
- import org.bouncycastle.asn1.DERSequence;
- import org.bouncycastle.asn1.DERSet;
- import org.bouncycastle.asn1.DERTaggedObject;
- import org.bouncycastle.asn1.pkcs.Attribute;
- import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
- import org.bouncycastle.asn1.pkcs.SignerInfo;
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
- import org.bouncycastle.asn1.x509.X509Name;
- import org.jruby.ext.openssl.x509store.X509AuxCertificate;
- /**
- *
- * @author <a href="mailto:ola.bini@gmail.com">Ola Bini</a>
- */
- public class SignerInfoWithPkey extends ASN1Encodable {
- private DERInteger version;
- private IssuerAndSerialNumber issuerAndSerialNumber;
- private AlgorithmIdentifier digAlgorithm;
- private ASN1Set authenticatedAttributes;
- private AlgorithmIdentifier digEncryptionAlgorithm;
- private ASN1OctetString encryptedDigest;
- private ASN1Set unauthenticatedAttributes;
- public static SignerInfoWithPkey getInstance(Object o) {
- if(o instanceof SignerInfo) {
- return (SignerInfoWithPkey)o;
- } else if (o instanceof ASN1Sequence) {
- return new SignerInfoWithPkey((ASN1Sequence)o);
- }
- throw new IllegalArgumentException("unknown object in factory: " + o.getClass().getName());
- }
- public SignerInfoWithPkey dup() {
- SignerInfoWithPkey copy = new SignerInfoWithPkey(version,
- issuerAndSerialNumber,
- digAlgorithm,
- authenticatedAttributes,
- digEncryptionAlgorithm,
- encryptedDigest,
- unauthenticatedAttributes);
- copy.pkey = pkey;
- return copy;
- }
- SignerInfoWithPkey() {
- }
- public SignerInfoWithPkey(DERInteger version,
- IssuerAndSerialNumber issuerAndSerialNumber,
- AlgorithmIdentifier digAlgorithm,
- ASN1Set authenticatedAttributes,
- AlgorithmIdentifier digEncryptionAlgorithm,
- ASN1OctetString encryptedDigest,
- ASN1Set unauthenticatedAttributes) {
- this.version = version;
- this.issuerAndSerialNumber = issuerAndSerialNumber;
- this.digAlgorithm = digAlgorithm;
- this.authenticatedAttributes = authenticatedAttributes;
- this.digEncryptionAlgorithm = digEncryptionAlgorithm;
- this.encryptedDigest = encryptedDigest;
- this.unauthenticatedAttributes = unauthenticatedAttributes;
- }
- public SignerInfoWithPkey(ASN1Sequence seq) {
- Enumeration e = seq.getObjects();
- version = (DERInteger)e.nextElement();
- issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(e.nextElement());
- digAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement());
- Object obj = e.nextElement();
- if(obj instanceof ASN1TaggedObject) {
- authenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)obj, false);
- digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement());
- }
- else {
- authenticatedAttributes = null;
- digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(obj);
- }
- encryptedDigest = ASN1OctetString.getInstance(e.nextElement());
- if(e.hasMoreElements()) {
- unauthenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)e.nextElement(), false);
- }
- else {
- unauthenticatedAttributes = null;
- }
- }
- public DERInteger getVersion() {
- return version;
- }
- public IssuerAndSerialNumber getIssuerAndSerialNumber() {
- return issuerAndSerialNumber;
- }
- public ASN1Set getAuthenticatedAttributes() {
- return authenticatedAttributes;
- }
- public AlgorithmIdentifier getDigestAlgorithm() {
- return digAlgorithm;
- }
- public ASN1OctetString getEncryptedDigest() {
- return encryptedDigest;
- }
- public AlgorithmIdentifier getDigestEncryptionAlgorithm() {
- return digEncryptionAlgorithm;
- }
- public ASN1Set getUnauthenticatedAttributes() {
- return unauthenticatedAttributes;
- }
- /* c: PKCS7_SIGNER_INFO_set
- *
- */
- public void set(X509AuxCertificate x509, PrivateKey pkey, MessageDigest dgst) throws PKCS7Exception {
- boolean dsa =
- (pkey instanceof DSAPrivateKey) ||
- (pkey instanceof ECPrivateKey);
- version = new DERInteger(1);
- try {
- X509Name issuer = X509Name.getInstance(new ASN1InputStream(new ByteArrayInputStream(x509.getIssuerX500Principal().getEncoded())).readObject());
- BigInteger serial = x509.getSerialNumber();
- issuerAndSerialNumber = new IssuerAndSerialNumber(issuer, serial);
- } catch(IOException e) {
- throw new PKCS7Exception(-1, -1, e);
- }
- this.pkey = pkey;
-
- if(dsa) {
- digAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_sha1));
- } else {
- digAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(EVP.type(dgst)));
- }
-
- if(pkey instanceof RSAPrivateKey) {
- digEncryptionAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_rsaEncryption));
- } else if(pkey instanceof DSAPrivateKey) {
- digEncryptionAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_dsa));
- } else if(pkey instanceof ECPrivateKey) {
- digEncryptionAlgorithm = new AlgorithmIdentifier(ASN1Registry.nid2obj(ASN1Registry.NID_ecdsa_with_SHA1));
- }
- }
- /**
- * Produce an object suitable for an ASN1OutputStream.
- * <pre>
- * SignerInfo ::= SEQUENCE {
- * version Version,
- * issuerAndSerialNumber IssuerAndSerialNumber,
- * digestAlgorithm DigestAlgorithmIdentifier,
- * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
- * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
- * encryptedDigest EncryptedDigest,
- * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
- * }
- *
- * EncryptedDigest ::= OCTET STRING
- *
- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
- *
- * DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
- * </pre>
- */
- public DERObject toASN1Object() {
- ASN1EncodableVector v = new ASN1EncodableVector();
- v.add(version);
- v.add(issuerAndSerialNumber);
- v.add(digAlgorithm);
- if (authenticatedAttributes != null) {
- v.add(new DERTaggedObject(false, 0, authenticatedAttributes));
- }
- v.add(digEncryptionAlgorithm);
- v.add(encryptedDigest);
- if (unauthenticatedAttributes != null) {
- v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes));
- }
- return new DERSequence(v);
- }
- /**
- * Describe pkey here.
- */
- private PrivateKey pkey;
- /**
- * Get the <code>Pkey</code> value.
- *
- * @return a <code>PrivateKey</code> value
- */
- public final PrivateKey getPkey() {
- return pkey;
- }
- /**
- * Set the <code>Pkey</code> value.
- *
- * @param newPkey The new Pkey value.
- */
- public final void setPkey(final PrivateKey newPkey) {
- this.pkey = newPkey;
- }
- public void setAuthenticatedAttributes(ASN1Set authAttr) {
- this.authenticatedAttributes = authAttr;
- }
- public void setUnauthenticatedAttributes(ASN1Set unauthAttr) {
- this.unauthenticatedAttributes = unauthAttr;
- }
- public void setEncryptedDigest(ASN1OctetString encryptedDigest) {
- this.encryptedDigest = encryptedDigest;
- }
- /** c: PKCS7_get_signed_attribute
- *
- */
- public DEREncodable getSignedAttribute(int nid) {
- return getAttribute(this.authenticatedAttributes, nid);
- }
- /** c: PKCS7_get_attribute
- *
- */
- public DEREncodable getAttribute(int nid) {
- return getAttribute(this.unauthenticatedAttributes, nid);
- }
- /** c: static get_attribute
- *
- */
- public static DEREncodable getAttribute(ASN1Set sk, int nid) {
- Attribute xa = null;
- DERObjectIdentifier o = ASN1Registry.nid2obj(nid);
- if(null == o || null == sk) {
- return null;
- }
- for(Enumeration e = sk.getObjects(); e.hasMoreElements();) {
- Object val = e.nextElement();
- if(val instanceof Attribute) {
- xa = (Attribute)val;
- } else {
- xa = Attribute.getInstance(val);
- }
- if(o.equals(xa.getAttrType())) {
- if(xa.getAttrValues().size() > 0) {
- return xa.getAttrValues().getObjectAt(0);
- } else {
- return null;
- }
- }
- }
- return null;
- }
- /** c: PKCS7_add_signed_attribute
- *
- */
- public void addSignedAttribute(int atrType, DEREncodable value) {
- this.authenticatedAttributes = addAttribute(this.authenticatedAttributes, atrType, value);
- }
- /** c: PKCS7_add_attribute
- *
- */
- public void addAttribute(int atrType, DEREncodable value) {
- this.unauthenticatedAttributes = addAttribute(this.unauthenticatedAttributes, atrType, value);
- }
- /** c: static add_attribute
- *
- */
- private ASN1Set addAttribute(ASN1Set base, int atrType, DEREncodable value) {
- ASN1EncodableVector vector = new ASN1EncodableVector();
- if(base == null) {
- base = new DERSet();
- }
- Attribute attr = null;
- for(Enumeration e = base.getObjects(); e.hasMoreElements();) {
- Object val = e.nextElement();
- if(val instanceof Attribute) {
- attr = (Attribute)val;
- } else {
- attr = Attribute.getInstance(val);
- }
- if(ASN1Registry.obj2nid(attr.getAttrType()) != atrType) {
- vector.add(attr);
- }
- }
- attr = new Attribute(ASN1Registry.nid2obj(atrType), new DERSet(value));
- vector.add(attr);
- return new DERSet(vector);
- }
- }// SignerInfoWithPkey