package org.bouncycastle.asn1.cms;
import java.util.Enumeration;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BERSequence;
import org.bouncycastle.asn1.BERSet;
import org.bouncycastle.asn1.BERTaggedObject;
import org.bouncycastle.asn1.DERTaggedObject;
/**
* <a href="http://tools.ietf.org/html/rfc5652#section-5.1">RFC 5652</a>:
* <p>
* A signed data object containing multitude of {@link SignerInfo}s.
* <pre>
* SignedData ::= SEQUENCE {
* version CMSVersion,
* digestAlgorithms DigestAlgorithmIdentifiers,
* encapContentInfo EncapsulatedContentInfo,
* certificates [0] IMPLICIT CertificateSet OPTIONAL,
* crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
* signerInfos SignerInfos
* }
*
* DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
*
* SignerInfos ::= SET OF SignerInfo
* </pre>
* <p>
* The version calculation uses following ruleset from RFC 3852 section 5.1:
* <pre>
* IF ((certificates is present) AND
* (any certificates with a type of other are present)) OR
* ((crls is present) AND
* (any crls with a type of other are present))
* THEN version MUST be 5
* ELSE
* IF (certificates is present) AND
* (any version 2 attribute certificates are present)
* THEN version MUST be 4
* ELSE
* IF ((certificates is present) AND
* (any version 1 attribute certificates are present)) OR
* (any SignerInfo structures are version 3) OR
* (encapContentInfo eContentType is other than id-data)
* THEN version MUST be 3
* ELSE version MUST be 1
* </pre>
* <p>
* @todo Check possible update for this to RFC 5652 level
*/
public class SignedData
extends ASN1Object
{
private static final ASN1Integer VERSION_1 = new ASN1Integer(1);
private static final ASN1Integer VERSION_3 = new ASN1Integer(3);
private static final ASN1Integer VERSION_4 = new ASN1Integer(4);
private static final ASN1Integer VERSION_5 = new ASN1Integer(5);
private ASN1Integer version;
private ASN1Set digestAlgorithms;
private ContentInfo contentInfo;
private ASN1Set certificates;
private ASN1Set crls;
private ASN1Set signerInfos;
private boolean certsBer;
private boolean crlsBer;
/**
* Return a SignedData object from the given object.
* <p>
* Accepted inputs:
* <ul>
* <li> null → null
* <li> {@link SignedData} object
* <li> {@link org.bouncycastle.asn1.ASN1Sequence#getInstance(java.lang.Object) ASN1Sequence} input formats with SignedData structure inside
* </ul>
*
* @param o the object we want converted.
* @exception IllegalArgumentException if the object cannot be converted.
*/
public static SignedData getInstance(
Object o)
{
if (o instanceof SignedData)
{
return (SignedData)o;
}
else if (o != null)
{
return new SignedData(ASN1Sequence.getInstance(o));
}
return null;
}
public SignedData(
ASN1Set digestAlgorithms,
ContentInfo contentInfo,
ASN1Set certificates,
ASN1Set crls,
ASN1Set signerInfos)
{
this.version = calculateVersion(contentInfo.getContentType(), certificates, crls, signerInfos);
this.digestAlgorithms = digestAlgorithms;
this.contentInfo = contentInfo;
this.certificates = certificates;
this.crls = crls;
this.signerInfos = signerInfos;
this.crlsBer = crls instanceof BERSet;
this.certsBer = certificates instanceof BERSet;
}
private ASN1Integer calculateVersion(
ASN1ObjectIdentifier contentOid,
ASN1Set certs,
ASN1Set crls,
ASN1Set signerInfs)
{
boolean otherCert = false;
boolean otherCrl = false;
boolean attrCertV1Found = false;
boolean attrCertV2Found = false;
if (certs != null)
{
for (Enumeration en = certs.getObjects(); en.hasMoreElements();)
{
Object obj = en.nextElement();
if (obj instanceof ASN1TaggedObject)
{
ASN1TaggedObject tagged = ASN1TaggedObject.getInstance(obj);
if (tagged.getTagNo() == 1)
{
attrCertV1Found = true;
}
else if (tagged.getTagNo() == 2)
{
attrCertV2Found = true;
}
else if (tagged.getTagNo() == 3)
{
otherCert = true;
}
}
}
}
if (otherCert)
{
return new ASN1Integer(5);
}
if (crls != null) // no need to check if otherCert is true
{
for (Enumeration en = crls.getObjects(); en.hasMoreElements();)
{
Object obj = en.nextElement();
if (obj instanceof ASN1TaggedObject)
{
otherCrl = true;
}
}
}
if (otherCrl)
{
return VERSION_5;
}
if (attrCertV2Found)
{
return VERSION_4;
}
if (attrCertV1Found)
{
return VERSION_3;
}
if (checkForVersion3(signerInfs))
{
return VERSION_3;
}
if (!CMSObjectIdentifiers.data.equals(contentOid))
{
return VERSION_3;
}
return VERSION_1;
}
private boolean checkForVersion3(ASN1Set signerInfs)
{
for (Enumeration e = signerInfs.getObjects(); e.hasMoreElements();)
{
SignerInfo s = SignerInfo.getInstance(e.nextElement());
if (s.getVersion().getValue().intValue() == 3)
{
return true;
}
}
return false;
}
private SignedData(
ASN1Sequence seq)
{
Enumeration e = seq.getObjects();
version = ASN1Integer.getInstance(e.nextElement());
digestAlgorithms = ((ASN1Set)e.nextElement());
contentInfo = ContentInfo.getInstance(e.nextElement());
while (e.hasMoreElements())
{
ASN1Primitive o = (ASN1Primitive)e.nextElement();
//
// an interesting feature of SignedData is that there appear
// to be varying implementations...
// for the moment we ignore anything which doesn't fit.
//
if (o instanceof ASN1TaggedObject)
{
ASN1TaggedObject tagged = (ASN1TaggedObject)o;
switch (tagged.getTagNo())
{
case 0:
certsBer = tagged instanceof BERTaggedObject;
certificates = ASN1Set.getInstance(tagged, false);
break;
case 1:
crlsBer = tagged instanceof BERTaggedObject;
crls = ASN1Set.getInstance(tagged, false);
break;
default:
throw new IllegalArgumentException("unknown tag value " + tagged.getTagNo());
}
}
else
{
signerInfos = (ASN1Set)o;
}
}
}
public ASN1Integer getVersion()
{
return version;
}
public ASN1Set getDigestAlgorithms()
{
return digestAlgorithms;
}
public ContentInfo getEncapContentInfo()
{
return contentInfo;
}
public ASN1Set getCertificates()
{
return certificates;
}
public ASN1Set getCRLs()
{
return crls;
}
public ASN1Set getSignerInfos()
{
return signerInfos;
}
/**
* Produce an object suitable for an ASN1OutputStream.
*/
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(version);
v.add(digestAlgorithms);
v.add(contentInfo);
if (certificates != null)
{
if (certsBer)
{
v.add(new BERTaggedObject(false, 0, certificates));
}
else
{
v.add(new DERTaggedObject(false, 0, certificates));
}
}
if (crls != null)
{
if (crlsBer)
{
v.add(new BERTaggedObject(false, 1, crls));
}
else
{
v.add(new DERTaggedObject(false, 1, crls));
}
}
v.add(signerInfos);
return new BERSequence(v);
}
}