package org.bouncycastle.jce; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.Signature; import java.security.SignatureException; import java.security.cert.CRL; import java.security.cert.CRLException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import org.bouncycastle.asn1.*; import org.bouncycastle.asn1.pkcs.ContentInfo; import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.SignedData; import org.bouncycastle.asn1.pkcs.SignerInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.CertificateList; import org.bouncycastle.asn1.x509.X509CertificateStructure; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.jce.provider.X509CRLObject; import org.bouncycastle.jce.provider.X509CertificateObject; /** * Represents a PKCS#7 object - specifically the "Signed Data" * type. * <p> * How to use it? To verify a signature, do: * <pre> * PKCS7SignedData pkcs7 = new PKCS7SignedData(der_bytes); // Create it * pkcs7.update(bytes, 0, bytes.length); // Update checksum * boolean verified = pkcs7.verify(); // Does it add up? * * To sign, do this: * PKCS7SignedData pkcs7 = new PKCS7SignedData(privKey, certChain, "MD5"); * pkcs7.update(bytes, 0, bytes.length); // Update checksum * pkcs7.sign(); // Create digest * * bytes = pkcs7.getEncoded(); // Write it somewhere * </pre> * <p> * This class is pretty close to obsolete, for a much better (and more complete) * implementation of PKCS7 have a look at the org.bouncycastle.cms package. */ public class PKCS7SignedData implements PKCSObjectIdentifiers { private int version, signerversion; private Set digestalgos; private Collection certs, crls; private X509Certificate signCert; private byte[] digest; private String digestAlgorithm, digestEncryptionAlgorithm; private Signature sig; private transient PrivateKey privKey; private final String ID_PKCS7_DATA = "1.2.840.113549.1.7.1"; private final String ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2"; private final String ID_MD5 = "1.2.840.113549.2.5"; private final String ID_MD2 = "1.2.840.113549.2.2"; private final String ID_SHA1 = "1.3.14.3.2.26"; private final String ID_RSA = "1.2.840.113549.1.1.1"; private final String ID_DSA = "1.2.840.10040.4.1"; /** * Read an existing PKCS#7 object from a DER encoded byte array using * the BC provider. */ public PKCS7SignedData( byte[] in) throws SecurityException, CRLException, InvalidKeyException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException { this(in, "BC"); } /** * Read an existing PKCS#7 object from a DER encoded byte array */ public PKCS7SignedData( byte[] in, String provider) throws SecurityException, CRLException, InvalidKeyException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException { DERInputStream din = new DERInputStream(new ByteArrayInputStream(in)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // DERObject pkcs; try { pkcs = din.readObject(); } catch (IOException e) { throw new SecurityException("can't decode PKCS7SignedData object"); } if (!(pkcs instanceof ASN1Sequence)) { throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); } ContentInfo content = ContentInfo.getInstance(pkcs); if (!content.getContentType().equals(signedData)) { throw new SecurityException("Not a valid PKCS#7 signed-data object - wrong header " + content.getContentType().getId()); } SignedData data = SignedData.getInstance(content.getContent()); certs = new ArrayList(); if (data.getCertificates() != null) { Enumeration ec = ASN1Set.getInstance(data.getCertificates()).getObjects(); while (ec.hasMoreElements()) { certs.add(new X509CertificateObject(X509CertificateStructure.getInstance(ec.nextElement()))); } } crls = new ArrayList(); if (data.getCRLs() != null) { Enumeration ec = ASN1Set.getInstance(data.getCRLs()).getObjects(); while (ec.hasMoreElements()) { crls.add(new X509CRLObject(CertificateList.getInstance(ec.nextElement()))); } } version = data.getVersion().getValue().intValue(); // // Get the digest algorithm // digestalgos = new HashSet(); Enumeration e = data.getDigestAlgorithms().getObjects(); while (e.hasMoreElements()) { ASN1Sequence s = (ASN1Sequence)e.nextElement(); DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0); digestalgos.add(o.getId()); } // // Get the SignerInfo // ASN1Set signerinfos = data.getSignerInfos(); if (signerinfos.size() != 1) { throw new SecurityException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time"); } SignerInfo signerInfo = SignerInfo.getInstance(signerinfos.getObjectAt(0)); signerversion = signerInfo.getVersion().getValue().intValue(); IssuerAndSerialNumber isAnds = signerInfo.getIssuerAndSerialNumber(); // // Get the signing certificate // BigInteger serialNumber = isAnds.getCertificateSerialNumber().getValue(); X509Principal issuer = new X509Principal(isAnds.getName()); for (Iterator i = certs.iterator();i.hasNext();) { X509Certificate cert = (X509Certificate)i.next(); if (serialNumber.equals(cert.getSerialNumber()) && issuer.equals(cert.getIssuerDN())) { signCert = cert; break; } } if (signCert == null) { throw new SecurityException("Can't find signing certificate with serial "+serialNumber.toString(16)); } digestAlgorithm = signerInfo.getDigestAlgorithm().getObjectId().getId(); digest = signerInfo.getEncryptedDigest().getOctets(); digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId(); sig = Signature.getInstance(getDigestAlgorithm(), provider); sig.initVerify(signCert.getPublicKey()); } /** * Create a new PKCS#7 object from the specified key using the BC provider. * * @param the private key to be used for signing. * @param the certifiacate chain associated with the private key. * @param hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA" */ public PKCS7SignedData( PrivateKey privKey, Certificate[] certChain, String hashAlgorithm) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException { this(privKey, certChain, hashAlgorithm, "BC"); } /** * Create a new PKCS#7 object from the specified key. * * @param privKey the private key to be used for signing. * @param certChain the certificate chain associated with the private key. * @param hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA" * @param provider the provider to use. */ public PKCS7SignedData( PrivateKey privKey, Certificate[] certChain, String hashAlgorithm, String provider) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException { this(privKey, certChain, null, hashAlgorithm, provider); } /** * Create a new PKCS#7 object from the specified key. * * @param privKey the private key to be used for signing. * @param certChain the certificate chain associated with the private key. * @param crlList the crl list associated with the private key. * @param hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA" * @param provider the provider to use. */ public PKCS7SignedData( PrivateKey privKey, Certificate[] certChain, CRL[] crlList, String hashAlgorithm, String provider) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException { this.privKey = privKey; if (hashAlgorithm.equals("MD5")) { digestAlgorithm = ID_MD5; } else if (hashAlgorithm.equals("MD2")) { digestAlgorithm = ID_MD2; } else if (hashAlgorithm.equals("SHA")) { digestAlgorithm = ID_SHA1; } else if (hashAlgorithm.equals("SHA1")) { digestAlgorithm = ID_SHA1; } else { throw new NoSuchAlgorithmException("Unknown Hash Algorithm "+hashAlgorithm); } version = signerversion = 1; certs = new ArrayList(); crls = new ArrayList(); digestalgos = new HashSet(); digestalgos.add(digestAlgorithm); // // Copy in the certificates and crls used to sign the private key. // signCert = (X509Certificate)certChain[0]; for (int i = 0;i < certChain.length;i++) { certs.add(certChain[i]); } if (crlList != null) { for (int i = 0;i < crlList.length;i++) { crls.add(crlList[i]); } } // // Now we have private key, find out what the digestEncryptionAlgorithm is. // digestEncryptionAlgorithm = privKey.getAlgorithm(); if (digestEncryptionAlgorithm.equals("RSA")) { digestEncryptionAlgorithm = ID_RSA; } else if (digestEncryptionAlgorithm.equals("DSA")) { digestEncryptionAlgorithm = ID_DSA; } else { throw new NoSuchAlgorithmException("Unknown Key Algorithm "+digestEncryptionAlgorithm); } sig = Signature.getInstance(getDigestAlgorithm(), provider); sig.initSign(privKey); } /** * Get the algorithm used to calculate the message digest */ public String getDigestAlgorithm() { String da = digestAlgorithm; String dea = digestEncryptionAlgorithm; if (digestAlgorithm.equals(ID_MD5)) { da = "MD5"; } else if (digestAlgorithm.equals(ID_MD2)) { da = "MD2"; } else if (digestAlgorithm.equals(ID_SHA1)) { da = "SHA1"; } if (digestEncryptionAlgorithm.equals(ID_RSA)) { dea = "RSA"; } else if (digestEncryptionAlgorithm.equals(ID_DSA)) { dea = "DSA"; } return da + "with" + dea; } /** * Resets the PKCS7SignedData object to it's initial state, ready * to sign or verify a new buffer. */ public void reset() { try { if (privKey==null) { sig.initVerify(signCert.getPublicKey()); } else { sig.initSign(privKey); } } catch (Exception e) { throw new RuntimeException(e.toString()); } } /** * Get the X.509 certificates associated with this PKCS#7 object */ public Certificate[] getCertificates() { return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]); } /** * Get the X.509 certificate revocation lists associated with this PKCS#7 object */ public Collection getCRLs() { return crls; } /** * Get the X.509 certificate actually used to sign the digest. */ public X509Certificate getSigningCertificate() { return signCert; } /** * Get the version of the PKCS#7 object. Always 1 */ public int getVersion() { return version; } /** * Get the version of the PKCS#7 "SignerInfo" object. Always 1 */ public int getSigningInfoVersion() { return signerversion; } /** * Update the digest with the specified byte. This method is used both for signing and verifying */ public void update(byte buf) throws SignatureException { sig.update(buf); } /** * Update the digest with the specified bytes. This method is used both for signing and verifying */ public void update(byte[] buf, int off, int len) throws SignatureException { sig.update(buf, off, len); } /** * Verify the digest */ public boolean verify() throws SignatureException { return sig.verify(digest); } /** * Get the "issuer" from the TBSCertificate bytes that are passed in */ private DERObject getIssuer(byte[] enc) { try { DERInputStream in = new DERInputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence)in.readObject(); return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); } catch (IOException e) { throw new Error("IOException reading from ByteArray: "+e); } } /** * return the bytes for the PKCS7SignedData object. */ public byte[] getEncoded() { try { digest = sig.sign(); // Create the set of Hash algorithms. I've assumed this is the // set of all hash agorithms used to created the digest in the // "signerInfo" structure. I may be wrong. // ASN1EncodableVector v = new ASN1EncodableVector(); for (Iterator i = digestalgos.iterator(); i.hasNext();) { AlgorithmIdentifier a = new AlgorithmIdentifier( new DERObjectIdentifier((String)i.next()), null); v.add(a); } DERSet algos = new DERSet(v); // Create the contentInfo. Empty, I didn't implement this bit // DERSequence contentinfo = new DERSequence( new DERObjectIdentifier(ID_PKCS7_DATA)); // Get all the certificates // v = new ASN1EncodableVector(); for (Iterator i = certs.iterator();i.hasNext();) { DERInputStream tempstream = new DERInputStream(new ByteArrayInputStream(((X509Certificate)i.next()).getEncoded())); v.add(tempstream.readObject()); } DERSet dercertificates = new DERSet(v); // Create signerinfo structure. // ASN1EncodableVector signerinfo = new ASN1EncodableVector(); // Add the signerInfo version // signerinfo.add(new DERInteger(signerversion)); IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber( new X509Name((ASN1Sequence)getIssuer(signCert.getTBSCertificate())), new DERInteger(signCert.getSerialNumber())); signerinfo.add(isAnds); // Add the digestAlgorithm // signerinfo.add(new AlgorithmIdentifier( new DERObjectIdentifier(digestAlgorithm), new DERNull())); // // Add the digestEncryptionAlgorithm // signerinfo.add(new AlgorithmIdentifier( new DERObjectIdentifier(digestEncryptionAlgorithm), new DERNull())); // // Add the digest // signerinfo.add(new DEROctetString(digest)); // // Finally build the body out of all the components above // ASN1EncodableVector body = new ASN1EncodableVector(); body.add(new DERInteger(version)); body.add(algos); body.add(contentinfo); body.add(new DERTaggedObject(false, 0, dercertificates)); if (crls.size()>0) { v = new ASN1EncodableVector(); for (Iterator i = crls.iterator();i.hasNext();) { DERInputStream t = new DERInputStream(new ByteArrayInputStream((((X509CRL)i.next()).getEncoded()))); v.add(t.readObject()); } DERSet dercrls = new DERSet(v); body.add(new DERTaggedObject(false, 1, dercrls)); } // Only allow one signerInfo // body.add(new DERSet(new DERSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // ASN1EncodableVector whole = new ASN1EncodableVector(); whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA)); whole.add(new DERTaggedObject(0, new DERSequence(body))); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream dout = new DEROutputStream(bOut); dout.writeObject(new DERSequence(whole)); dout.close(); return bOut.toByteArray(); } catch (Exception e) { throw new RuntimeException(e.toString()); } } }