Browse Source

Merge pull request #2980 in CORE/base-third from feature/10.0 to release/11.0

* commit '77530b312564f37fc9a36453922d5706b2530064':
  DEC-19773 refactor: itext适配新bouncycastle
persist/jsy11
superman 3 years ago
parent
commit
0a920b30cc
  1. 305
      fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java
  2. 50
      fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
  3. 307
      fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java
  4. 134
      fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java

305
fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java

@ -46,8 +46,11 @@
*/
package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Integer;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.ASN1String;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@ -77,19 +80,15 @@ import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import com.fr.third.org.bouncycastle.asn1.ASN1Encodable;
import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1Sequence;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject;
import com.fr.third.org.bouncycastle.asn1.DEREnumerated;
import com.fr.third.org.bouncycastle.asn1.DERInteger;
import com.fr.third.org.bouncycastle.asn1.ASN1Enumerated;
import com.fr.third.org.bouncycastle.asn1.DERNull;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import com.fr.third.org.bouncycastle.asn1.DERSequence;
import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.DERTaggedObject;
@ -101,12 +100,12 @@ import com.fr.third.org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser;
import com.fr.third.org.bouncycastle.jce.provider.X509CertParser;
import com.fr.third.com.lowagie.text.ExceptionConverter;
import java.security.cert.CertificateParsingException;
import java.util.Date;
import com.fr.third.org.bouncycastle.asn1.ASN1OctetString;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint;
import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions;
//import org.bouncycastle.ocsp.BasicOCSPResp;
//import org.bouncycastle.ocsp.CertificateID;
@ -242,6 +241,7 @@ public class PdfPKCS7 {
/**
* Gets the digest name for a certain id
*
* @param oid an id (for instance "1.2.840.113549.2.5")
* @return a digest name (for instance "MD5")
* @since 2.1.6
@ -256,6 +256,7 @@ public class PdfPKCS7 {
/**
* Gets the algorithm name for a certain id.
*
* @param oid an id (for instance "1.2.840.113549.1.1.1")
* @return an algorithm name (for instance "RSA")
* @since 2.1.6
@ -293,6 +294,7 @@ public class PdfPKCS7 {
/**
* Verifies a signature using the sub-filter adbe.x509.rsa_sha1.
*
* @param contentsKey the /Contents key
* @param certsKey the /Cert key
* @param provider the provider or <code>null</code> for the default provider
@ -313,8 +315,7 @@ public class PdfPKCS7 {
else
sig = Signature.getInstance("SHA1withRSA", provider);
sig.initVerify(signCert.getPublicKey());
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
@ -323,19 +324,19 @@ public class PdfPKCS7 {
/**
* Gets the OCSP basic response if there is one.
*
* @return the OCSP basic response or null
* @since 2.1.6
*/
// public BasicOCSPResp getOcsp() {
// return basicResp;
// }
private void findOcsp(ASN1Sequence seq) throws IOException {
// basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier)
&& ((DERObjectIdentifier)seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
if ((seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
&& ((ASN1ObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
@ -351,8 +352,7 @@ public class PdfPKCS7 {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
}
else
} else
return;
}
}
@ -368,6 +368,7 @@ public class PdfPKCS7 {
/**
* Verifies a signature using the sub-filter adbe.pkcs7.detached or
* adbe.pkcs7.sha1.
*
* @param contentsKey the /Contents key
* @param provider the provider or <code>null</code> for the default provider
*/
@ -383,15 +384,14 @@ public class PdfPKCS7 {
try {
pkcs = din.readObject();
}
catch (IOException e) {
} catch (IOException e) {
throw new IllegalArgumentException("can't decode PKCS7SignedData object");
}
if (!(pkcs instanceof ASN1Sequence)) {
throw new IllegalArgumentException("Not a valid PKCS#7 object - not a sequence");
}
ASN1Sequence signedData = (ASN1Sequence) pkcs;
DERObjectIdentifier objId = (DERObjectIdentifier)signedData.getObjectAt(0);
ASN1ObjectIdentifier objId = (ASN1ObjectIdentifier) signedData.getObjectAt(0);
if (!objId.getId().equals(ID_PKCS7_SIGNED_DATA))
throw new IllegalArgumentException("Not a valid PKCS#7 object - not signed data");
ASN1Sequence content = (ASN1Sequence) ((DERTaggedObject) signedData.getObjectAt(1)).getObject();
@ -403,15 +403,14 @@ public class PdfPKCS7 {
// last - signerInfos
// the version
version = ((DERInteger)content.getObjectAt(0)).getValue().intValue();
version = ((ASN1Integer) content.getObjectAt(0)).getValue().intValue();
// the digestAlgorithms
digestalgos = new HashSet();
Enumeration e = ((ASN1Set) content.getObjectAt(1)).getObjects();
while (e.hasMoreElements())
{
while (e.hasMoreElements()) {
ASN1Sequence s = (ASN1Sequence) e.nextElement();
DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0);
ASN1ObjectIdentifier o = (ASN1ObjectIdentifier) s.getObjectAt(0);
digestalgos.add(o.getId());
}
@ -444,10 +443,10 @@ public class PdfPKCS7 {
// 2 - the digest algorithm
// 3 or 4 - digestEncryptionAlgorithm
// 4 or 5 - encryptedDigest
signerversion = ((DERInteger)signerInfo.getObjectAt(0)).getValue().intValue();
signerversion = ((ASN1Integer) signerInfo.getObjectAt(0)).getValue().intValue();
// Get the signing certificate
ASN1Sequence issuerAndSerialNumber = (ASN1Sequence) signerInfo.getObjectAt(1);
BigInteger serialNumber = ((DERInteger)issuerAndSerialNumber.getObjectAt(1)).getValue();
BigInteger serialNumber = ((ASN1Integer) issuerAndSerialNumber.getObjectAt(1)).getValue();
for (Iterator i = certs.iterator(); i.hasNext(); ) {
X509Certificate cert = (X509Certificate) i.next();
if (serialNumber.equals(cert.getSerialNumber())) {
@ -459,7 +458,7 @@ public class PdfPKCS7 {
throw new IllegalArgumentException("Can't find signing certificate with serial " + serialNumber.toString(16));
}
signCertificateChain();
digestAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
digestAlgorithm = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
next = 3;
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject tagsig = (ASN1TaggedObject) signerInfo.getObjectAt(next);
@ -468,11 +467,10 @@ public class PdfPKCS7 {
for (int k = 0; k < sseq.size(); ++k) {
ASN1Sequence seq2 = (ASN1Sequence) sseq.getObjectAt(k);
if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().equals(ID_MESSAGE_DIGEST)) {
if (((ASN1ObjectIdentifier) seq2.getObjectAt(0)).getId().equals(ID_MESSAGE_DIGEST)) {
ASN1Set set = (ASN1Set) seq2.getObjectAt(1);
digestAttr = ((DEROctetString) set.getObjectAt(0)).getOctets();
}
else if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().equals(ID_ADBE_REVOCATION)) {
} else if (((ASN1ObjectIdentifier) seq2.getObjectAt(0)).getId().equals(ID_ADBE_REVOCATION)) {
ASN1Set setout = (ASN1Set) seq2.getObjectAt(1);
ASN1Sequence seqout = (ASN1Sequence) setout.getObjectAt(0);
for (int j = 0; j < seqout.size(); ++j) {
@ -488,7 +486,7 @@ public class PdfPKCS7 {
throw new IllegalArgumentException("Authenticated attribute is missing the digest.");
++next;
}
digestEncryptionAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
digestEncryptionAlgorithm = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
digest = ((DEROctetString) signerInfo.getObjectAt(next++)).getOctets();
if (next < signerInfo.size() && (signerInfo.getObjectAt(next) instanceof DERTaggedObject)) {
DERTaggedObject taggedObject = (DERTaggedObject) signerInfo.getObjectAt(next);
@ -513,14 +511,14 @@ public class PdfPKCS7 {
else
sig = Signature.getInstance(getDigestAlgorithm(), provider);
sig.initVerify(signCert.getPublicKey());
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Generates a signature.
*
* @param privKey the private key
* @param certChain the certificate chain
* @param crlList the certificate revocation list
@ -534,8 +532,7 @@ public class PdfPKCS7 {
public PdfPKCS7(PrivateKey privKey, Certificate[] certChain, CRL[] crlList,
String hashAlgorithm, String provider, boolean hasRSAdata)
throws InvalidKeyException, NoSuchProviderException,
NoSuchAlgorithmException
{
NoSuchAlgorithmException {
this.privKey = privKey;
this.provider = provider;
@ -570,11 +567,9 @@ public class PdfPKCS7 {
digestEncryptionAlgorithm = privKey.getAlgorithm();
if (digestEncryptionAlgorithm.equals("RSA")) {
digestEncryptionAlgorithm = ID_RSA;
}
else if (digestEncryptionAlgorithm.equals("DSA")) {
} else if (digestEncryptionAlgorithm.equals("DSA")) {
digestEncryptionAlgorithm = ID_DSA;
}
else {
} else {
throw new NoSuchAlgorithmException("Unknown Key Algorithm " + digestEncryptionAlgorithm);
}
}
@ -598,6 +593,7 @@ public class PdfPKCS7 {
/**
* Update the digest with the specified bytes. This method is used both for signing and verifying
*
* @param buf the data buffer
* @param off the offset in the data buffer
* @param len the data length
@ -612,8 +608,9 @@ public class PdfPKCS7 {
/**
* Verify the digest.
* @throws SignatureException on error
*
* @return <CODE>true</CODE> if the signature checks out, <CODE>false</CODE> otherwise
* @throws SignatureException on error
*/
public boolean verify() throws SignatureException {
if (verified)
@ -625,8 +622,7 @@ public class PdfPKCS7 {
messageDigest.update(msd);
}
verifyResult = (Arrays.equals(messageDigest.digest(), digestAttr) && sig.verify(digest));
}
else {
} else {
if (RSAdata != null)
sig.update(messageDigest.digest());
verifyResult = sig.verify(digest);
@ -654,6 +650,7 @@ public class PdfPKCS7 {
/**
* Get all the X.509 certificates associated with this PKCS#7 object in no particular order.
* Other certificates, from OCSP for example, will also be included.
*
* @return the X.509 certificates associated with this PKCS#7 object
*/
public Certificate[] getCertificates() {
@ -664,6 +661,7 @@ public class PdfPKCS7 {
* Get the X.509 sign certificate chain associated with this PKCS#7 object.
* Only the certificates used for the main signature will be returned, with
* the signing certificate first.
*
* @return the X.509 certificates associated with this PKCS#7 object
* @since 2.1.6
*/
@ -696,8 +694,7 @@ public class PdfPKCS7 {
cc.add(oc.get(k));
oc.remove(k);
break;
}
catch (Exception e) {
} catch (Exception e) {
}
}
}
@ -706,6 +703,7 @@ public class PdfPKCS7 {
/**
* Get the X.509 certificate revocation lists associated with this PKCS#7 object
*
* @return the X.509 certificate revocation lists associated with this PKCS#7 object
*/
public Collection getCRLs() {
@ -714,6 +712,7 @@ public class PdfPKCS7 {
/**
* Get the X.509 certificate actually used to sign the digest.
*
* @return the X.509 certificate actually used to sign the digest
*/
public X509Certificate getSigningCertificate() {
@ -722,6 +721,7 @@ public class PdfPKCS7 {
/**
* Get the version of the PKCS#7 object. Always 1
*
* @return the version of the PKCS#7 object. Always 1
*/
public int getVersion() {
@ -730,6 +730,7 @@ public class PdfPKCS7 {
/**
* Get the version of the PKCS#7 "SignerInfo" object. Always 1
*
* @return the version of the PKCS#7 "SignerInfo" object. Always 1
*/
public int getSigningInfoVersion() {
@ -738,6 +739,7 @@ public class PdfPKCS7 {
/**
* Get the algorithm used to calculate the message digest
*
* @return the algorithm used to calculate the message digest
*/
public String getDigestAlgorithm() {
@ -750,6 +752,7 @@ public class PdfPKCS7 {
/**
* Returns the algorithm.
*
* @return the digest algorithm
*/
public String getHashAlgorithm() {
@ -759,6 +762,7 @@ public class PdfPKCS7 {
/**
* Loads the default root certificates at &lt;java.home&gt;/lib/security/cacerts
* with the default provider.
*
* @return a <CODE>KeyStore</CODE>
*/
public static KeyStore loadCacertsKeyStore() {
@ -767,6 +771,7 @@ public class PdfPKCS7 {
/**
* Loads the default root certificates at &lt;java.home&gt;/lib/security/cacerts.
*
* @param provider the provider or <code>null</code> for the default provider
* @return a <CODE>KeyStore</CODE>
*/
@ -784,17 +789,21 @@ public class PdfPKCS7 {
k = KeyStore.getInstance("JKS", provider);
k.load(fin, null);
return k;
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
} finally {
try {
if (fin != null) {
fin.close();
}
} catch (Exception ex) {
}
finally {
try{if (fin != null) {fin.close();}}catch(Exception ex){}
}
}
/**
* Verifies a single certificate.
*
* @param cert the certificate to verify
* @param crls the certificate revocation list or <CODE>null</CODE>
* @param calendar the date or <CODE>null</CODE> for the current date
@ -808,8 +817,7 @@ public class PdfPKCS7 {
return "Has unsupported critical extension";
try {
cert.checkValidity(calendar.getTime());
}
catch (Exception e) {
} catch (Exception e) {
return e.getMessage();
}
if (crls != null) {
@ -823,6 +831,7 @@ public class PdfPKCS7 {
/**
* Verifies a certificate chain against a KeyStore.
*
* @param certs the certificate chain
* @param keystore the <CODE>KeyStore</CODE>
* @param crls the certificate revocation list or <CODE>null</CODE>
@ -851,16 +860,13 @@ public class PdfPKCS7 {
try {
cert.verify(certStoreX509.getPublicKey());
return null;
}
catch (Exception e) {
} catch (Exception e) {
continue;
}
}
catch (Exception ex) {
} catch (Exception ex) {
}
}
}
catch (Exception e) {
} catch (Exception e) {
}
int j;
for (j = 0; j < certs.length; ++j) {
@ -870,8 +876,7 @@ public class PdfPKCS7 {
try {
cert.verify(certNext.getPublicKey());
break;
}
catch (Exception e) {
} catch (Exception e) {
}
}
if (j == certs.length)
@ -942,6 +947,7 @@ public class PdfPKCS7 {
/**
* Retrieves the OCSP URL from the given certificate.
*
* @param certificate the certificate
* @return the URL or null
* @throws CertificateParsingException on error
@ -960,7 +966,7 @@ public class PdfPKCS7 {
if (AccessDescription.size() != 2) {
continue;
} else {
if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
if ((AccessDescription.getObjectAt(0) instanceof ASN1ObjectIdentifier) && ((ASN1ObjectIdentifier) AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
String AccessLocation = getStringFromGeneralName((ASN1Object) AccessDescription.getObjectAt(1));
if (AccessLocation == null) {
return "";
@ -977,6 +983,7 @@ public class PdfPKCS7 {
/**
* Checks if OCSP revocation refers to the document signing certificate.
*
* @return true if it checks false otherwise
* @since 2.1.6
*/
@ -998,7 +1005,6 @@ public class PdfPKCS7 {
// }
// return false;
// }
private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException {
byte[] bytes = cert.getExtensionValue(oid);
if (bytes == null) {
@ -1017,6 +1023,7 @@ public class PdfPKCS7 {
/**
* Get the "issuer" from the TBSCertificate bytes that are passed in
*
* @param enc a TBSCertificate in a byte array
* @return a DERObject
*/
@ -1025,14 +1032,14 @@ public class PdfPKCS7 {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence) in.readObject();
return (ASN1Object) seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
}
catch (IOException e) {
} catch (IOException e) {
throw new ExceptionConverter(e);
}
}
/**
* Get the "subject" from the TBSCertificate bytes that are passed in
*
* @param enc A TBSCertificate in a byte array
* @return a DERObject
*/
@ -1041,42 +1048,42 @@ public class PdfPKCS7 {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence) in.readObject();
return (ASN1Object) seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
}
catch (IOException e) {
} catch (IOException e) {
throw new ExceptionConverter(e);
}
}
/**
* Get the issuer fields from an X509 Certificate
*
* @param cert an X509Certificate
* @return an X509Name
*/
public static X509Name getIssuerFields(X509Certificate cert) {
try {
return new X509Name((ASN1Sequence) getIssuer(cert.getTBSCertificate()));
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Get the subject fields from an X509 Certificate
*
* @param cert an X509Certificate
* @return an X509Name
*/
public static X509Name getSubjectFields(X509Certificate cert) {
try {
return new X509Name((ASN1Sequence) getSubject(cert.getTBSCertificate()));
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Gets the bytes for the PKCS#1 object.
*
* @return a byte array
*/
public byte[] getEncodedPKCS1() {
@ -1092,14 +1099,14 @@ public class PdfPKCS7 {
dout.close();
return bOut.toByteArray();
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Sets the digest/signature to an external calculated value.
*
* @param digest the digest. This is the actual signature
* @param RSAdata the extra data that goes into the data tag in PKCS#7
* @param digestEncryptionAlgorithm the encryption algorithm. It may must be <CODE>null</CODE> if the <CODE>digest</CODE>
@ -1112,17 +1119,16 @@ public class PdfPKCS7 {
if (digestEncryptionAlgorithm != null) {
if (digestEncryptionAlgorithm.equals("RSA")) {
this.digestEncryptionAlgorithm = ID_RSA;
}
else if (digestEncryptionAlgorithm.equals("DSA")) {
} else if (digestEncryptionAlgorithm.equals("DSA")) {
this.digestEncryptionAlgorithm = ID_DSA;
}
else
} else
throw new ExceptionConverter(new NoSuchAlgorithmException("Unknown Key Algorithm " + digestEncryptionAlgorithm));
}
}
/**
* Gets the bytes for the PKCS7SignedData object.
*
* @return the bytes for the PKCS7SignedData object
*/
public byte[] getEncodedPKCS7() {
@ -1132,6 +1138,7 @@ public class PdfPKCS7 {
/**
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
* in the signerInfo can also be set. If either of the parameters is <CODE>null</CODE>, none will be used.
*
* @param secondDigest the digest in the authenticatedAttributes
* @param signingTime the signing time in the authenticatedAttributes
* @return the bytes for the PKCS7SignedData object
@ -1144,6 +1151,7 @@ public class PdfPKCS7 {
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
* in the signerInfo can also be set, OR a time-stamp-authority client
* may be provided.
*
* @param secondDigest the digest in the authenticatedAttributes
* @param signingTime the signing time in the authenticatedAttributes
* @param tsaClient TSAClient - null or an optional time stamp authority client
@ -1156,13 +1164,11 @@ public class PdfPKCS7 {
digest = externalDigest;
if (RSAdata != null)
RSAdata = externalRSAdata;
}
else if (externalRSAdata != null && RSAdata != null) {
} else if (externalRSAdata != null && RSAdata != null) {
RSAdata = externalRSAdata;
sig.update(RSAdata);
digest = sig.sign();
}
else {
} else {
if (RSAdata != null) {
RSAdata = messageDigest.digest();
sig.update(RSAdata);
@ -1174,14 +1180,14 @@ public class PdfPKCS7 {
ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector();
for (Iterator it = digestalgos.iterator(); it.hasNext(); ) {
ASN1EncodableVector algos = new ASN1EncodableVector();
algos.add(new DERObjectIdentifier((String)it.next()));
algos.add(new ASN1ObjectIdentifier((String) it.next()));
algos.add(DERNull.INSTANCE);
digestAlgorithms.add(new DERSequence(algos));
}
// Create the contentInfo.
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_PKCS7_DATA));
v.add(new ASN1ObjectIdentifier(ID_PKCS7_DATA));
if (RSAdata != null)
v.add(new DERTaggedObject(0, new DEROctetString(RSAdata)));
DERSequence contentinfo = new DERSequence(v);
@ -1202,17 +1208,17 @@ public class PdfPKCS7 {
// Add the signerInfo version
//
signerinfo.add(new DERInteger(signerversion));
signerinfo.add(new ASN1Integer(signerversion));
v = new ASN1EncodableVector();
v.add(getIssuer(signCert.getTBSCertificate()));
v.add(new DERInteger(signCert.getSerialNumber()));
v.add(new ASN1Integer(signCert.getSerialNumber()));
signerinfo.add(new DERSequence(v));
// Add the digestAlgorithm
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(digestAlgorithm));
v.add(new DERNull());
v.add(new ASN1ObjectIdentifier(digestAlgorithm));
v.add(DERNull.INSTANCE);
signerinfo.add(new DERSequence(v));
// add the authenticated attribute if present
@ -1221,8 +1227,8 @@ public class PdfPKCS7 {
}
// Add the digestEncryptionAlgorithm
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(digestEncryptionAlgorithm));
v.add(new DERNull());
v.add(new ASN1ObjectIdentifier(digestEncryptionAlgorithm));
v.add(DERNull.INSTANCE);
signerinfo.add(new DERSequence(v));
// Add the digest
@ -1244,7 +1250,7 @@ public class PdfPKCS7 {
// Finally build the body out of all the components above
ASN1EncodableVector body = new ASN1EncodableVector();
body.add(new DERInteger(version));
body.add(new ASN1Integer(version));
body.add(new DERSet(digestAlgorithms));
body.add(contentinfo);
body.add(new DERTaggedObject(false, 0, dercertificates));
@ -1266,7 +1272,7 @@ public class PdfPKCS7 {
// and return it
//
ASN1EncodableVector whole = new ASN1EncodableVector();
whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA));
whole.add(new ASN1ObjectIdentifier(ID_PKCS7_SIGNED_DATA));
whole.add(new DERTaggedObject(0, new DERSequence(body)));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
@ -1276,8 +1282,7 @@ public class PdfPKCS7 {
dout.close();
return bOut.toByteArray();
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
@ -1287,6 +1292,7 @@ public class PdfPKCS7 {
* to start with the timeStampToken (signedData 1.2.840.113549.1.7.2).
* Token is the TSA response without response status, which is usually
* handled by the (vendor supplied) TSA request/response interface).
*
* @param timeStampToken byte[] - time stamp token, DER encoded signedData
* @return ASN1EncodableVector
* @throws IOException
@ -1302,7 +1308,7 @@ public class PdfPKCS7 {
ASN1EncodableVector unauthAttributes = new ASN1EncodableVector();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken
v.add(new ASN1ObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken
ASN1Sequence seq = (ASN1Sequence) tempstream.readObject();
v.add(new DERSet(seq));
@ -1334,6 +1340,7 @@ public class PdfPKCS7 {
* pk7.update(sh, 0, sh.length);
* byte sg[] = pk7.getEncodedPKCS7(hash, cal);
* </pre>
*
* @param secondDigest the content digest
* @param signingTime the signing time
* @return the byte array representation of the authenticatedAttributes ready to be signed
@ -1341,8 +1348,7 @@ public class PdfPKCS7 {
public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) {
try {
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER");
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
@ -1351,36 +1357,35 @@ public class PdfPKCS7 {
try {
ASN1EncodableVector attribute = new ASN1EncodableVector();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_CONTENT_TYPE));
v.add(new DERSet(new DERObjectIdentifier(ID_PKCS7_DATA)));
v.add(new ASN1ObjectIdentifier(ID_CONTENT_TYPE));
v.add(new DERSet(new ASN1ObjectIdentifier(ID_PKCS7_DATA)));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_SIGNING_TIME));
v.add(new ASN1ObjectIdentifier(ID_SIGNING_TIME));
v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_MESSAGE_DIGEST));
v.add(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST));
v.add(new DERSet(new DEROctetString(secondDigest)));
attribute.add(new DERSequence(v));
if (ocsp != null) {
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION));
v.add(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION));
DEROctetString doctet = new DEROctetString(ocsp);
ASN1EncodableVector vo1 = new ASN1EncodableVector();
ASN1EncodableVector v2 = new ASN1EncodableVector();
v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
v2.add(doctet);
DEREnumerated den = new DEREnumerated(0);
ASN1Enumerated den = new ASN1Enumerated(0);
ASN1EncodableVector v3 = new ASN1EncodableVector();
v3.add(den);
v3.add(new DERTaggedObject(true, 0, new DERSequence(v2)));
vo1.add(new DERSequence(v3));
v.add(new DERSet(new DERSequence(new DERTaggedObject(true, 1, new DERSequence(vo1)))));
attribute.add(new DERSequence(v));
}
else if (!crls.isEmpty()) {
} else if (!crls.isEmpty()) {
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION));
v.add(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION));
ASN1EncodableVector v2 = new ASN1EncodableVector();
for (Iterator i = crls.iterator(); i.hasNext(); ) {
ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(((X509CRL) i.next()).getEncoded()));
@ -1390,14 +1395,14 @@ public class PdfPKCS7 {
attribute.add(new DERSequence(v));
}
return new DERSet(attribute);
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Getter for property reason.
*
* @return Value of property reason.
*/
public String getReason() {
@ -1406,6 +1411,7 @@ public class PdfPKCS7 {
/**
* Setter for property reason.
*
* @param reason New value of property reason.
*/
public void setReason(String reason) {
@ -1414,6 +1420,7 @@ public class PdfPKCS7 {
/**
* Getter for property location.
*
* @return Value of property location.
*/
public String getLocation() {
@ -1422,6 +1429,7 @@ public class PdfPKCS7 {
/**
* Setter for property location.
*
* @param location New value of property location.
*/
public void setLocation(String location) {
@ -1430,6 +1438,7 @@ public class PdfPKCS7 {
/**
* Getter for property signDate.
*
* @return Value of property signDate.
*/
public Calendar getSignDate() {
@ -1438,6 +1447,7 @@ public class PdfPKCS7 {
/**
* Setter for property signDate.
*
* @param signDate New value of property signDate.
*/
public void setSignDate(Calendar signDate) {
@ -1446,6 +1456,7 @@ public class PdfPKCS7 {
/**
* Getter for property sigName.
*
* @return Value of property sigName.
*/
public String getSignName() {
@ -1454,6 +1465,7 @@ public class PdfPKCS7 {
/**
* Setter for property sigName.
*
* @param signName New value of property sigName.
*/
public void setSignName(String signName) {
@ -1467,72 +1479,88 @@ public class PdfPKCS7 {
/**
* country code - StringType(SIZE(2))
*/
public static final DERObjectIdentifier C = new DERObjectIdentifier("2.5.4.6");
public static final ASN1ObjectIdentifier C = new ASN1ObjectIdentifier("2.5.4.6");
/**
* organization - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier O = new DERObjectIdentifier("2.5.4.10");
public static final ASN1ObjectIdentifier O = new ASN1ObjectIdentifier("2.5.4.10");
/**
* organizational unit name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier OU = new DERObjectIdentifier("2.5.4.11");
public static final ASN1ObjectIdentifier OU = new ASN1ObjectIdentifier("2.5.4.11");
/**
* Title
*/
public static final DERObjectIdentifier T = new DERObjectIdentifier("2.5.4.12");
public static final ASN1ObjectIdentifier T = new ASN1ObjectIdentifier("2.5.4.12");
/**
* common name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier CN = new DERObjectIdentifier("2.5.4.3");
public static final ASN1ObjectIdentifier CN = new ASN1ObjectIdentifier("2.5.4.3");
/**
* device serial number name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier SN = new DERObjectIdentifier("2.5.4.5");
public static final ASN1ObjectIdentifier SN = new ASN1ObjectIdentifier("2.5.4.5");
/**
* locality name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier L = new DERObjectIdentifier("2.5.4.7");
public static final ASN1ObjectIdentifier L = new ASN1ObjectIdentifier("2.5.4.7");
/**
* state, or province name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier ST = new DERObjectIdentifier("2.5.4.8");
public static final ASN1ObjectIdentifier ST = new ASN1ObjectIdentifier("2.5.4.8");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier SURNAME = new DERObjectIdentifier("2.5.4.4");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier GIVENNAME = new DERObjectIdentifier("2.5.4.42");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier INITIALS = new DERObjectIdentifier("2.5.4.43");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier GENERATION = new DERObjectIdentifier("2.5.4.44");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier UNIQUE_IDENTIFIER = new DERObjectIdentifier("2.5.4.45");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier SURNAME = new ASN1ObjectIdentifier("2.5.4.4");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier GIVENNAME = new ASN1ObjectIdentifier("2.5.4.42");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier INITIALS = new ASN1ObjectIdentifier("2.5.4.43");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier GENERATION = new ASN1ObjectIdentifier("2.5.4.44");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier UNIQUE_IDENTIFIER = new ASN1ObjectIdentifier("2.5.4.45");
/**
* Email address (RSA PKCS#9 extension) - IA5String.
* <p>Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.
*/
public static final DERObjectIdentifier EmailAddress = new DERObjectIdentifier("1.2.840.113549.1.9.1");
public static final ASN1ObjectIdentifier EmailAddress = new ASN1ObjectIdentifier("1.2.840.113549.1.9.1");
/**
* email address in Verisign certificates
*/
public static final DERObjectIdentifier E = EmailAddress;
public static final ASN1ObjectIdentifier E = EmailAddress;
/** object identifier */
public static final DERObjectIdentifier DC = new DERObjectIdentifier("0.9.2342.19200300.100.1.25");
/**
* object identifier
*/
public static final ASN1ObjectIdentifier DC = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25");
/** LDAP User id. */
public static final DERObjectIdentifier UID = new DERObjectIdentifier("0.9.2342.19200300.100.1.1");
/**
* LDAP User id.
*/
public static final ASN1ObjectIdentifier UID = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1");
/** A HashMap with default symbols */
/**
* A HashMap with default symbols
*/
public static HashMap DefaultSymbols = new HashMap();
static {
@ -1552,11 +1580,15 @@ public class PdfPKCS7 {
DefaultSymbols.put(INITIALS, "INITIALS");
DefaultSymbols.put(GENERATION, "GENERATION");
}
/** A HashMap with values */
/**
* A HashMap with values
*/
public HashMap values = new HashMap();
/**
* Constructs an X509 name
*
* @param seq an ASN1 Sequence
*/
public X509Name(ASN1Sequence seq) {
@ -1579,8 +1611,10 @@ public class PdfPKCS7 {
}
}
}
/**
* Constructs an X509 name
*
* @param dirName a directory name
*/
public X509Name(String dirName) {
@ -1613,6 +1647,7 @@ public class PdfPKCS7 {
/**
* gets a field array from the values Hashmap
*
* @param name
* @return an ArrayList
*/
@ -1623,6 +1658,7 @@ public class PdfPKCS7 {
/**
* getter for values
*
* @return a HashMap with the fields of the X509 name
*/
public HashMap getFields() {
@ -1675,24 +1711,19 @@ public class PdfPKCS7 {
if (c == '"') {
if (!escaped) {
quoted = !quoted;
}
else {
} else {
buf.append(c);
}
escaped = false;
}
else {
} else {
if (escaped || quoted) {
buf.append(c);
escaped = false;
}
else if (c == '\\') {
} else if (c == '\\') {
escaped = true;
}
else if (c == ',') {
} else if (c == ',') {
break;
}
else {
} else {
buf.append(c);
}
}

50
fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java

@ -49,11 +49,39 @@
/**
* The below 2 methods are from pdfbox.
*
* <p>
* private DERObject createDERForRecipient(byte[] in, X509Certificate cert) ;
* private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0);
*
* <p>
* 2006-11-22 Aiken Sam.
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
*/
/**
@ -90,7 +118,9 @@
package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@ -110,9 +140,8 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo;
@ -161,7 +190,8 @@ public class PdfPublicKeySecurityHandler {
int index = 0;
if (bytes[0] != '(' && bytes[bytes.length-1] != ')') throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string.");
if (bytes[0] != '(' && bytes[bytes.length - 1] != ')')
throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string.");
while (index < bytes.length) {
if (bytes[index] == '\\') {
@ -249,7 +279,7 @@ public class PdfPublicKeySecurityHandler {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream k = new DEROutputStream(baos);
ASN1OutputStream k = ASN1OutputStream.create(baos);
k.writeObject(obj);
@ -279,8 +309,7 @@ public class PdfPublicKeySecurityHandler {
private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException,
GeneralSecurityException
{
GeneralSecurityException {
String s = "1.2.840.113549.3.2";
@ -298,7 +327,7 @@ public class PdfPublicKeySecurityHandler {
DEROctetString deroctetstring = new DEROctetString(abyte1);
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null);
@ -308,8 +337,7 @@ public class PdfPublicKeySecurityHandler {
}
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
throws GeneralSecurityException, IOException
{
throws GeneralSecurityException, IOException {
ASN1InputStream asn1inputstream =
new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate()));
TBSCertificateStructure tbscertificatestructure =

307
fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java

@ -48,6 +48,7 @@ package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1String;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@ -78,17 +79,16 @@ import java.util.Iterator;
import java.util.Set;
import com.fr.third.v2.lowagie.text.ExceptionConverter;
import com.fr.third.org.bouncycastle.asn1.ASN1Encodable;
import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1Sequence;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject;
import com.fr.third.org.bouncycastle.asn1.DEREnumerated;
import com.fr.third.org.bouncycastle.asn1.DERInteger;
import com.fr.third.org.bouncycastle.asn1.ASN1Enumerated;
import com.fr.third.org.bouncycastle.asn1.ASN1Integer;
import com.fr.third.org.bouncycastle.asn1.DERNull;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DERSequence;
import com.fr.third.org.bouncycastle.asn1.DERSet;
@ -102,16 +102,11 @@ import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser;
import com.fr.third.org.bouncycastle.jce.provider.X509CertParser;
import java.security.cert.CertificateParsingException;
import java.util.Date;
import com.fr.third.org.bouncycastle.asn1.ASN1OctetString;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint;
import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions;
//import org.bouncycastle.ocsp.BasicOCSPResp;
//import org.bouncycastle.ocsp.CertificateID;
//import org.bouncycastle.ocsp.SingleResp;
//import org.bouncycastle.tsp.TimeStampToken;
/**
* This class does all the processing related to signing and verifying a PKCS#7
@ -242,6 +237,7 @@ public class PdfPKCS7 {
/**
* Gets the digest name for a certain id
*
* @param oid an id (for instance "1.2.840.113549.2.5")
* @return a digest name (for instance "MD5")
* @since 2.1.6
@ -256,6 +252,7 @@ public class PdfPKCS7 {
/**
* Gets the algorithm name for a certain id.
*
* @param oid an id (for instance "1.2.840.113549.1.1.1")
* @return an algorithm name (for instance "RSA")
* @since 2.1.6
@ -293,6 +290,7 @@ public class PdfPKCS7 {
/**
* Verifies a signature using the sub-filter adbe.x509.rsa_sha1.
*
* @param contentsKey the /Contents key
* @param certsKey the /Cert key
* @param provider the provider or <code>null</code> for the default provider
@ -313,8 +311,7 @@ public class PdfPKCS7 {
else
sig = Signature.getInstance("SHA1withRSA", provider);
sig.initVerify(signCert.getPublicKey());
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
@ -323,19 +320,19 @@ public class PdfPKCS7 {
/**
* Gets the OCSP basic response if there is one.
*
* @return the OCSP basic response or null
* @since 2.1.6
*/
// public BasicOCSPResp getOcsp() {
// return basicResp;
// }
private void findOcsp(ASN1Sequence seq) throws IOException {
// basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier)
&& ((DERObjectIdentifier)seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
if ((seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
&& ((ASN1ObjectIdentifier) seq.getObjectAt(0)).getId().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic.getId())) {
break;
}
ret = true;
@ -351,8 +348,7 @@ public class PdfPKCS7 {
seq = (ASN1Sequence) tag.getObject();
ret = false;
break;
}
else
} else
return;
}
}
@ -368,6 +364,7 @@ public class PdfPKCS7 {
/**
* Verifies a signature using the sub-filter adbe.pkcs7.detached or
* adbe.pkcs7.sha1.
*
* @param contentsKey the /Contents key
* @param provider the provider or <code>null</code> for the default provider
*/
@ -383,15 +380,14 @@ public class PdfPKCS7 {
try {
pkcs = din.readObject();
}
catch (IOException e) {
} catch (IOException e) {
throw new IllegalArgumentException("can't decode PKCS7SignedData object");
}
if (!(pkcs instanceof ASN1Sequence)) {
throw new IllegalArgumentException("Not a valid PKCS#7 object - not a sequence");
}
ASN1Sequence signedData = (ASN1Sequence) pkcs;
DERObjectIdentifier objId = (DERObjectIdentifier)signedData.getObjectAt(0);
ASN1ObjectIdentifier objId = (ASN1ObjectIdentifier) signedData.getObjectAt(0);
if (!objId.getId().equals(ID_PKCS7_SIGNED_DATA))
throw new IllegalArgumentException("Not a valid PKCS#7 object - not signed data");
ASN1Sequence content = (ASN1Sequence) ((DERTaggedObject) signedData.getObjectAt(1)).getObject();
@ -403,15 +399,14 @@ public class PdfPKCS7 {
// last - signerInfos
// the version
version = ((DERInteger)content.getObjectAt(0)).getValue().intValue();
version = ((ASN1Integer) content.getObjectAt(0)).getValue().intValue();
// the digestAlgorithms
digestalgos = new HashSet();
Enumeration e = ((ASN1Set) content.getObjectAt(1)).getObjects();
while (e.hasMoreElements())
{
while (e.hasMoreElements()) {
ASN1Sequence s = (ASN1Sequence) e.nextElement();
DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0);
ASN1ObjectIdentifier o = (ASN1ObjectIdentifier) s.getObjectAt(0);
digestalgos.add(o.getId());
}
@ -444,10 +439,10 @@ public class PdfPKCS7 {
// 2 - the digest algorithm
// 3 or 4 - digestEncryptionAlgorithm
// 4 or 5 - encryptedDigest
signerversion = ((DERInteger)signerInfo.getObjectAt(0)).getValue().intValue();
signerversion = ((ASN1Integer) signerInfo.getObjectAt(0)).getValue().intValue();
// Get the signing certificate
ASN1Sequence issuerAndSerialNumber = (ASN1Sequence) signerInfo.getObjectAt(1);
BigInteger serialNumber = ((DERInteger)issuerAndSerialNumber.getObjectAt(1)).getValue();
BigInteger serialNumber = ((ASN1Integer) issuerAndSerialNumber.getObjectAt(1)).getValue();
for (Iterator i = certs.iterator(); i.hasNext(); ) {
X509Certificate cert = (X509Certificate) i.next();
if (serialNumber.equals(cert.getSerialNumber())) {
@ -459,7 +454,7 @@ public class PdfPKCS7 {
throw new IllegalArgumentException("Can't find signing certificate with serial " + serialNumber.toString(16));
}
signCertificateChain();
digestAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
digestAlgorithm = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
next = 3;
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject tagsig = (ASN1TaggedObject) signerInfo.getObjectAt(next);
@ -468,11 +463,10 @@ public class PdfPKCS7 {
for (int k = 0; k < sseq.size(); ++k) {
ASN1Sequence seq2 = (ASN1Sequence) sseq.getObjectAt(k);
if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().equals(ID_MESSAGE_DIGEST)) {
if (((ASN1ObjectIdentifier) seq2.getObjectAt(0)).getId().equals(ID_MESSAGE_DIGEST)) {
ASN1Set set = (ASN1Set) seq2.getObjectAt(1);
digestAttr = ((DEROctetString) set.getObjectAt(0)).getOctets();
}
else if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().equals(ID_ADBE_REVOCATION)) {
} else if (((ASN1ObjectIdentifier) seq2.getObjectAt(0)).getId().equals(ID_ADBE_REVOCATION)) {
ASN1Set setout = (ASN1Set) seq2.getObjectAt(1);
ASN1Sequence seqout = (ASN1Sequence) setout.getObjectAt(0);
for (int j = 0; j < seqout.size(); ++j) {
@ -488,7 +482,7 @@ public class PdfPKCS7 {
throw new IllegalArgumentException("Authenticated attribute is missing the digest.");
++next;
}
digestEncryptionAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
digestEncryptionAlgorithm = ((ASN1ObjectIdentifier) ((ASN1Sequence) signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
digest = ((DEROctetString) signerInfo.getObjectAt(next++)).getOctets();
if (next < signerInfo.size() && (signerInfo.getObjectAt(next) instanceof DERTaggedObject)) {
DERTaggedObject taggedObject = (DERTaggedObject) signerInfo.getObjectAt(next);
@ -513,14 +507,14 @@ public class PdfPKCS7 {
else
sig = Signature.getInstance(getDigestAlgorithm(), provider);
sig.initVerify(signCert.getPublicKey());
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Generates a signature.
*
* @param privKey the private key
* @param certChain the certificate chain
* @param crlList the certificate revocation list
@ -534,8 +528,7 @@ public class PdfPKCS7 {
public PdfPKCS7(PrivateKey privKey, Certificate[] certChain, CRL[] crlList,
String hashAlgorithm, String provider, boolean hasRSAdata)
throws InvalidKeyException, NoSuchProviderException,
NoSuchAlgorithmException
{
NoSuchAlgorithmException {
this.privKey = privKey;
this.provider = provider;
@ -570,11 +563,9 @@ public class PdfPKCS7 {
digestEncryptionAlgorithm = privKey.getAlgorithm();
if (digestEncryptionAlgorithm.equals("RSA")) {
digestEncryptionAlgorithm = ID_RSA;
}
else if (digestEncryptionAlgorithm.equals("DSA")) {
} else if (digestEncryptionAlgorithm.equals("DSA")) {
digestEncryptionAlgorithm = ID_DSA;
}
else {
} else {
throw new NoSuchAlgorithmException("Unknown Key Algorithm " + digestEncryptionAlgorithm);
}
}
@ -598,6 +589,7 @@ public class PdfPKCS7 {
/**
* Update the digest with the specified bytes. This method is used both for signing and verifying
*
* @param buf the data buffer
* @param off the offset in the data buffer
* @param len the data length
@ -612,8 +604,9 @@ public class PdfPKCS7 {
/**
* Verify the digest.
* @throws SignatureException on error
*
* @return <CODE>true</CODE> if the signature checks out, <CODE>false</CODE> otherwise
* @throws SignatureException on error
*/
public boolean verify() throws SignatureException {
if (verified)
@ -625,8 +618,7 @@ public class PdfPKCS7 {
messageDigest.update(msd);
}
verifyResult = (Arrays.equals(messageDigest.digest(), digestAttr) && sig.verify(digest));
}
else {
} else {
if (RSAdata != null)
sig.update(messageDigest.digest());
verifyResult = sig.verify(digest);
@ -654,6 +646,7 @@ public class PdfPKCS7 {
/**
* Get all the X.509 certificates associated with this PKCS#7 object in no particular order.
* Other certificates, from OCSP for example, will also be included.
*
* @return the X.509 certificates associated with this PKCS#7 object
*/
public Certificate[] getCertificates() {
@ -664,6 +657,7 @@ public class PdfPKCS7 {
* Get the X.509 sign certificate chain associated with this PKCS#7 object.
* Only the certificates used for the main signature will be returned, with
* the signing certificate first.
*
* @return the X.509 certificates associated with this PKCS#7 object
* @since 2.1.6
*/
@ -696,8 +690,7 @@ public class PdfPKCS7 {
cc.add(oc.get(k));
oc.remove(k);
break;
}
catch (Exception e) {
} catch (Exception e) {
}
}
}
@ -706,6 +699,7 @@ public class PdfPKCS7 {
/**
* Get the X.509 certificate revocation lists associated with this PKCS#7 object
*
* @return the X.509 certificate revocation lists associated with this PKCS#7 object
*/
public Collection getCRLs() {
@ -714,6 +708,7 @@ public class PdfPKCS7 {
/**
* Get the X.509 certificate actually used to sign the digest.
*
* @return the X.509 certificate actually used to sign the digest
*/
public X509Certificate getSigningCertificate() {
@ -722,6 +717,7 @@ public class PdfPKCS7 {
/**
* Get the version of the PKCS#7 object. Always 1
*
* @return the version of the PKCS#7 object. Always 1
*/
public int getVersion() {
@ -730,6 +726,7 @@ public class PdfPKCS7 {
/**
* Get the version of the PKCS#7 "SignerInfo" object. Always 1
*
* @return the version of the PKCS#7 "SignerInfo" object. Always 1
*/
public int getSigningInfoVersion() {
@ -738,6 +735,7 @@ public class PdfPKCS7 {
/**
* Get the algorithm used to calculate the message digest
*
* @return the algorithm used to calculate the message digest
*/
public String getDigestAlgorithm() {
@ -750,6 +748,7 @@ public class PdfPKCS7 {
/**
* Returns the algorithm.
*
* @return the digest algorithm
*/
public String getHashAlgorithm() {
@ -759,6 +758,7 @@ public class PdfPKCS7 {
/**
* Loads the default root certificates at &lt;java.home&gt;/lib/security/cacerts
* with the default provider.
*
* @return a <CODE>KeyStore</CODE>
*/
public static KeyStore loadCacertsKeyStore() {
@ -767,6 +767,7 @@ public class PdfPKCS7 {
/**
* Loads the default root certificates at &lt;java.home&gt;/lib/security/cacerts.
*
* @param provider the provider or <code>null</code> for the default provider
* @return a <CODE>KeyStore</CODE>
*/
@ -784,17 +785,21 @@ public class PdfPKCS7 {
k = KeyStore.getInstance("JKS", provider);
k.load(fin, null);
return k;
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
} finally {
try {
if (fin != null) {
fin.close();
}
} catch (Exception ex) {
}
finally {
try{if (fin != null) {fin.close();}}catch(Exception ex){}
}
}
/**
* Verifies a single certificate.
*
* @param cert the certificate to verify
* @param crls the certificate revocation list or <CODE>null</CODE>
* @param calendar the date or <CODE>null</CODE> for the current date
@ -808,8 +813,7 @@ public class PdfPKCS7 {
return "Has unsupported critical extension";
try {
cert.checkValidity(calendar.getTime());
}
catch (Exception e) {
} catch (Exception e) {
return e.getMessage();
}
if (crls != null) {
@ -823,6 +827,7 @@ public class PdfPKCS7 {
/**
* Verifies a certificate chain against a KeyStore.
*
* @param certs the certificate chain
* @param keystore the <CODE>KeyStore</CODE>
* @param crls the certificate revocation list or <CODE>null</CODE>
@ -851,16 +856,13 @@ public class PdfPKCS7 {
try {
cert.verify(certStoreX509.getPublicKey());
return null;
}
catch (Exception e) {
} catch (Exception e) {
continue;
}
} catch (Exception ex) {
}
catch (Exception ex) {
}
}
}
catch (Exception e) {
} catch (Exception e) {
}
int j;
for (j = 0; j < certs.length; ++j) {
@ -870,8 +872,7 @@ public class PdfPKCS7 {
try {
cert.verify(certNext.getPublicKey());
break;
}
catch (Exception e) {
} catch (Exception e) {
}
}
if (j == certs.length)
@ -942,6 +943,7 @@ public class PdfPKCS7 {
/**
* Retrieves the OCSP URL from the given certificate.
*
* @param certificate the certificate
* @return the URL or null
* @throws CertificateParsingException on error
@ -960,7 +962,7 @@ public class PdfPKCS7 {
if (AccessDescription.size() != 2) {
continue;
} else {
if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
if ((AccessDescription.getObjectAt(0) instanceof ASN1ObjectIdentifier) && ((ASN1ObjectIdentifier) AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
String AccessLocation = getStringFromGeneralName((ASN1Object) AccessDescription.getObjectAt(1));
if (AccessLocation == null) {
return "";
@ -977,6 +979,7 @@ public class PdfPKCS7 {
/**
* Checks if OCSP revocation refers to the document signing certificate.
*
* @return true if it checks false otherwise
* @since 2.1.6
*/
@ -998,7 +1001,6 @@ public class PdfPKCS7 {
// }
// return false;
// }
private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException {
byte[] bytes = cert.getExtensionValue(oid);
if (bytes == null) {
@ -1017,6 +1019,7 @@ public class PdfPKCS7 {
/**
* Get the "issuer" from the TBSCertificate bytes that are passed in
*
* @param enc a TBSCertificate in a byte array
* @return a DERObject
*/
@ -1025,14 +1028,14 @@ public class PdfPKCS7 {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence) in.readObject();
return (ASN1Object) seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
}
catch (IOException e) {
} catch (IOException e) {
throw new ExceptionConverter(e);
}
}
/**
* Get the "subject" from the TBSCertificate bytes that are passed in
*
* @param enc A TBSCertificate in a byte array
* @return a DERObject
*/
@ -1041,42 +1044,42 @@ public class PdfPKCS7 {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence) in.readObject();
return (ASN1Object) seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
}
catch (IOException e) {
} catch (IOException e) {
throw new ExceptionConverter(e);
}
}
/**
* Get the issuer fields from an X509 Certificate
*
* @param cert an X509Certificate
* @return an X509Name
*/
public static X509Name getIssuerFields(X509Certificate cert) {
try {
return new X509Name((ASN1Sequence) getIssuer(cert.getTBSCertificate()));
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Get the subject fields from an X509 Certificate
*
* @param cert an X509Certificate
* @return an X509Name
*/
public static X509Name getSubjectFields(X509Certificate cert) {
try {
return new X509Name((ASN1Sequence) getSubject(cert.getTBSCertificate()));
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Gets the bytes for the PKCS#1 object.
*
* @return a byte array
*/
public byte[] getEncodedPKCS1() {
@ -1092,14 +1095,14 @@ public class PdfPKCS7 {
dout.close();
return bOut.toByteArray();
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Sets the digest/signature to an external calculated value.
*
* @param digest the digest. This is the actual signature
* @param RSAdata the extra data that goes into the data tag in PKCS#7
* @param digestEncryptionAlgorithm the encryption algorithm. It may must be <CODE>null</CODE> if the <CODE>digest</CODE>
@ -1112,17 +1115,16 @@ public class PdfPKCS7 {
if (digestEncryptionAlgorithm != null) {
if (digestEncryptionAlgorithm.equals("RSA")) {
this.digestEncryptionAlgorithm = ID_RSA;
}
else if (digestEncryptionAlgorithm.equals("DSA")) {
} else if (digestEncryptionAlgorithm.equals("DSA")) {
this.digestEncryptionAlgorithm = ID_DSA;
}
else
} else
throw new ExceptionConverter(new NoSuchAlgorithmException("Unknown Key Algorithm " + digestEncryptionAlgorithm));
}
}
/**
* Gets the bytes for the PKCS7SignedData object.
*
* @return the bytes for the PKCS7SignedData object
*/
public byte[] getEncodedPKCS7() {
@ -1132,6 +1134,7 @@ public class PdfPKCS7 {
/**
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
* in the signerInfo can also be set. If either of the parameters is <CODE>null</CODE>, none will be used.
*
* @param secondDigest the digest in the authenticatedAttributes
* @param signingTime the signing time in the authenticatedAttributes
* @return the bytes for the PKCS7SignedData object
@ -1144,6 +1147,7 @@ public class PdfPKCS7 {
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
* in the signerInfo can also be set, OR a time-stamp-authority client
* may be provided.
*
* @param secondDigest the digest in the authenticatedAttributes
* @param signingTime the signing time in the authenticatedAttributes
* @param tsaClient TSAClient - null or an optional time stamp authority client
@ -1156,13 +1160,11 @@ public class PdfPKCS7 {
digest = externalDigest;
if (RSAdata != null)
RSAdata = externalRSAdata;
}
else if (externalRSAdata != null && RSAdata != null) {
} else if (externalRSAdata != null && RSAdata != null) {
RSAdata = externalRSAdata;
sig.update(RSAdata);
digest = sig.sign();
}
else {
} else {
if (RSAdata != null) {
RSAdata = messageDigest.digest();
sig.update(RSAdata);
@ -1174,14 +1176,14 @@ public class PdfPKCS7 {
ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector();
for (Iterator it = digestalgos.iterator(); it.hasNext(); ) {
ASN1EncodableVector algos = new ASN1EncodableVector();
algos.add(new DERObjectIdentifier((String)it.next()));
algos.add(new ASN1ObjectIdentifier((String) it.next()));
algos.add(DERNull.INSTANCE);
digestAlgorithms.add(new DERSequence(algos));
}
// Create the contentInfo.
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_PKCS7_DATA));
v.add(new ASN1ObjectIdentifier(ID_PKCS7_DATA));
if (RSAdata != null)
v.add(new DERTaggedObject(0, new DEROctetString(RSAdata)));
DERSequence contentinfo = new DERSequence(v);
@ -1202,17 +1204,17 @@ public class PdfPKCS7 {
// Add the signerInfo version
//
signerinfo.add(new DERInteger(signerversion));
signerinfo.add(new ASN1Integer(signerversion));
v = new ASN1EncodableVector();
v.add(getIssuer(signCert.getTBSCertificate()));
v.add(new DERInteger(signCert.getSerialNumber()));
v.add(new ASN1Integer(signCert.getSerialNumber()));
signerinfo.add(new DERSequence(v));
// Add the digestAlgorithm
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(digestAlgorithm));
v.add(new DERNull());
v.add(new ASN1ObjectIdentifier(digestAlgorithm));
v.add(DERNull.INSTANCE);
signerinfo.add(new DERSequence(v));
// add the authenticated attribute if present
@ -1221,8 +1223,8 @@ public class PdfPKCS7 {
}
// Add the digestEncryptionAlgorithm
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(digestEncryptionAlgorithm));
v.add(new DERNull());
v.add(new ASN1ObjectIdentifier(digestEncryptionAlgorithm));
v.add(DERNull.INSTANCE);
signerinfo.add(new DERSequence(v));
// Add the digest
@ -1244,7 +1246,7 @@ public class PdfPKCS7 {
// Finally build the body out of all the components above
ASN1EncodableVector body = new ASN1EncodableVector();
body.add(new DERInteger(version));
body.add(new ASN1Integer(version));
body.add(new DERSet(digestAlgorithms));
body.add(contentinfo);
body.add(new DERTaggedObject(false, 0, dercertificates));
@ -1266,7 +1268,7 @@ public class PdfPKCS7 {
// and return it
//
ASN1EncodableVector whole = new ASN1EncodableVector();
whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA));
whole.add(new ASN1ObjectIdentifier(ID_PKCS7_SIGNED_DATA));
whole.add(new DERTaggedObject(0, new DERSequence(body)));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
@ -1276,8 +1278,7 @@ public class PdfPKCS7 {
dout.close();
return bOut.toByteArray();
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
@ -1287,6 +1288,7 @@ public class PdfPKCS7 {
* to start with the timeStampToken (signedData 1.2.840.113549.1.7.2).
* Token is the TSA response without response status, which is usually
* handled by the (vendor supplied) TSA request/response interface).
*
* @param timeStampToken byte[] - time stamp token, DER encoded signedData
* @return ASN1EncodableVector
* @throws IOException
@ -1302,7 +1304,7 @@ public class PdfPKCS7 {
ASN1EncodableVector unauthAttributes = new ASN1EncodableVector();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken
v.add(new ASN1ObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken
ASN1Sequence seq = (ASN1Sequence) tempstream.readObject();
v.add(new DERSet(seq));
@ -1334,6 +1336,7 @@ public class PdfPKCS7 {
* pk7.update(sh, 0, sh.length);
* byte sg[] = pk7.getEncodedPKCS7(hash, cal);
* </pre>
*
* @param secondDigest the content digest
* @param signingTime the signing time
* @return the byte array representation of the authenticatedAttributes ready to be signed
@ -1341,8 +1344,7 @@ public class PdfPKCS7 {
public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) {
try {
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER");
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
@ -1351,36 +1353,35 @@ public class PdfPKCS7 {
try {
ASN1EncodableVector attribute = new ASN1EncodableVector();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_CONTENT_TYPE));
v.add(new DERSet(new DERObjectIdentifier(ID_PKCS7_DATA)));
v.add(new ASN1ObjectIdentifier(ID_CONTENT_TYPE));
v.add(new DERSet(new ASN1ObjectIdentifier(ID_PKCS7_DATA)));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_SIGNING_TIME));
v.add(new ASN1ObjectIdentifier(ID_SIGNING_TIME));
v.add(new DERSet(new DERUTCTime(signingTime.getTime())));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_MESSAGE_DIGEST));
v.add(new ASN1ObjectIdentifier(ID_MESSAGE_DIGEST));
v.add(new DERSet(new DEROctetString(secondDigest)));
attribute.add(new DERSequence(v));
if (ocsp != null) {
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION));
v.add(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION));
DEROctetString doctet = new DEROctetString(ocsp);
ASN1EncodableVector vo1 = new ASN1EncodableVector();
ASN1EncodableVector v2 = new ASN1EncodableVector();
v2.add(OCSPObjectIdentifiers.id_pkix_ocsp_basic);
v2.add(doctet);
DEREnumerated den = new DEREnumerated(0);
ASN1Enumerated den = new ASN1Enumerated(0);
ASN1EncodableVector v3 = new ASN1EncodableVector();
v3.add(den);
v3.add(new DERTaggedObject(true, 0, new DERSequence(v2)));
vo1.add(new DERSequence(v3));
v.add(new DERSet(new DERSequence(new DERTaggedObject(true, 1, new DERSequence(vo1)))));
attribute.add(new DERSequence(v));
}
else if (!crls.isEmpty()) {
} else if (!crls.isEmpty()) {
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_ADBE_REVOCATION));
v.add(new ASN1ObjectIdentifier(ID_ADBE_REVOCATION));
ASN1EncodableVector v2 = new ASN1EncodableVector();
for (Iterator i = crls.iterator(); i.hasNext(); ) {
ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(((X509CRL) i.next()).getEncoded()));
@ -1390,14 +1391,14 @@ public class PdfPKCS7 {
attribute.add(new DERSequence(v));
}
return new DERSet(attribute);
}
catch (Exception e) {
} catch (Exception e) {
throw new ExceptionConverter(e);
}
}
/**
* Getter for property reason.
*
* @return Value of property reason.
*/
public String getReason() {
@ -1406,6 +1407,7 @@ public class PdfPKCS7 {
/**
* Setter for property reason.
*
* @param reason New value of property reason.
*/
public void setReason(String reason) {
@ -1414,6 +1416,7 @@ public class PdfPKCS7 {
/**
* Getter for property location.
*
* @return Value of property location.
*/
public String getLocation() {
@ -1422,6 +1425,7 @@ public class PdfPKCS7 {
/**
* Setter for property location.
*
* @param location New value of property location.
*/
public void setLocation(String location) {
@ -1430,6 +1434,7 @@ public class PdfPKCS7 {
/**
* Getter for property signDate.
*
* @return Value of property signDate.
*/
public Calendar getSignDate() {
@ -1438,6 +1443,7 @@ public class PdfPKCS7 {
/**
* Setter for property signDate.
*
* @param signDate New value of property signDate.
*/
public void setSignDate(Calendar signDate) {
@ -1446,6 +1452,7 @@ public class PdfPKCS7 {
/**
* Getter for property sigName.
*
* @return Value of property sigName.
*/
public String getSignName() {
@ -1454,6 +1461,7 @@ public class PdfPKCS7 {
/**
* Setter for property sigName.
*
* @param signName New value of property sigName.
*/
public void setSignName(String signName) {
@ -1467,72 +1475,88 @@ public class PdfPKCS7 {
/**
* country code - StringType(SIZE(2))
*/
public static final DERObjectIdentifier C = new DERObjectIdentifier("2.5.4.6");
public static final ASN1ObjectIdentifier C = new ASN1ObjectIdentifier("2.5.4.6");
/**
* organization - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier O = new DERObjectIdentifier("2.5.4.10");
public static final ASN1ObjectIdentifier O = new ASN1ObjectIdentifier("2.5.4.10");
/**
* organizational unit name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier OU = new DERObjectIdentifier("2.5.4.11");
public static final ASN1ObjectIdentifier OU = new ASN1ObjectIdentifier("2.5.4.11");
/**
* Title
*/
public static final DERObjectIdentifier T = new DERObjectIdentifier("2.5.4.12");
public static final ASN1ObjectIdentifier T = new ASN1ObjectIdentifier("2.5.4.12");
/**
* common name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier CN = new DERObjectIdentifier("2.5.4.3");
public static final ASN1ObjectIdentifier CN = new ASN1ObjectIdentifier("2.5.4.3");
/**
* device serial number name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier SN = new DERObjectIdentifier("2.5.4.5");
public static final ASN1ObjectIdentifier SN = new ASN1ObjectIdentifier("2.5.4.5");
/**
* locality name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier L = new DERObjectIdentifier("2.5.4.7");
public static final ASN1ObjectIdentifier L = new ASN1ObjectIdentifier("2.5.4.7");
/**
* state, or province name - StringType(SIZE(1..64))
*/
public static final DERObjectIdentifier ST = new DERObjectIdentifier("2.5.4.8");
public static final ASN1ObjectIdentifier ST = new ASN1ObjectIdentifier("2.5.4.8");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier SURNAME = new DERObjectIdentifier("2.5.4.4");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier GIVENNAME = new DERObjectIdentifier("2.5.4.42");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier INITIALS = new DERObjectIdentifier("2.5.4.43");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier GENERATION = new DERObjectIdentifier("2.5.4.44");
/** Naming attribute of type X520name */
public static final DERObjectIdentifier UNIQUE_IDENTIFIER = new DERObjectIdentifier("2.5.4.45");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier SURNAME = new ASN1ObjectIdentifier("2.5.4.4");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier GIVENNAME = new ASN1ObjectIdentifier("2.5.4.42");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier INITIALS = new ASN1ObjectIdentifier("2.5.4.43");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier GENERATION = new ASN1ObjectIdentifier("2.5.4.44");
/**
* Naming attribute of type X520name
*/
public static final ASN1ObjectIdentifier UNIQUE_IDENTIFIER = new ASN1ObjectIdentifier("2.5.4.45");
/**
* Email address (RSA PKCS#9 extension) - IA5String.
* <p>Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.
*/
public static final DERObjectIdentifier EmailAddress = new DERObjectIdentifier("1.2.840.113549.1.9.1");
public static final ASN1ObjectIdentifier EmailAddress = new ASN1ObjectIdentifier("1.2.840.113549.1.9.1");
/**
* email address in Verisign certificates
*/
public static final DERObjectIdentifier E = EmailAddress;
public static final ASN1ObjectIdentifier E = EmailAddress;
/** object identifier */
public static final DERObjectIdentifier DC = new DERObjectIdentifier("0.9.2342.19200300.100.1.25");
/**
* object identifier
*/
public static final ASN1ObjectIdentifier DC = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25");
/** LDAP User id. */
public static final DERObjectIdentifier UID = new DERObjectIdentifier("0.9.2342.19200300.100.1.1");
/**
* LDAP User id.
*/
public static final ASN1ObjectIdentifier UID = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1");
/** A HashMap with default symbols */
/**
* A HashMap with default symbols
*/
public static HashMap DefaultSymbols = new HashMap();
static {
@ -1552,11 +1576,15 @@ public class PdfPKCS7 {
DefaultSymbols.put(INITIALS, "INITIALS");
DefaultSymbols.put(GENERATION, "GENERATION");
}
/** A HashMap with values */
/**
* A HashMap with values
*/
public HashMap values = new HashMap();
/**
* Constructs an X509 name
*
* @param seq an ASN1 Sequence
*/
public X509Name(ASN1Sequence seq) {
@ -1579,8 +1607,10 @@ public class PdfPKCS7 {
}
}
}
/**
* Constructs an X509 name
*
* @param dirName a directory name
*/
public X509Name(String dirName) {
@ -1613,6 +1643,7 @@ public class PdfPKCS7 {
/**
* gets a field array from the values Hashmap
*
* @param name
* @return an ArrayList
*/
@ -1623,6 +1654,7 @@ public class PdfPKCS7 {
/**
* getter for values
*
* @return a HashMap with the fields of the X509 name
*/
public HashMap getFields() {
@ -1675,24 +1707,19 @@ public class PdfPKCS7 {
if (c == '"') {
if (!escaped) {
quoted = !quoted;
}
else {
} else {
buf.append(c);
}
escaped = false;
}
else {
} else {
if (escaped || quoted) {
buf.append(c);
escaped = false;
}
else if (c == '\\') {
} else if (c == '\\') {
escaped = true;
}
else if (c == ',') {
} else if (c == ',') {
break;
}
else {
} else {
buf.append(c);
}
}

134
fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java

@ -49,11 +49,123 @@
/**
* The below 2 methods are from pdfbox.
*
* <p>
* private DERObject createDERForRecipient(byte[] in, X509Certificate cert) ;
* private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0);
*
* <p>
* 2006-11-22 Aiken Sam.
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
* <p>
* Copyright (c) 2003-2006, www.pdfbox.org
* All rights reserved.
* <p>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* <p>
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of pdfbox; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* <p>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* <p>
* http://www.pdfbox.org
*/
/**
@ -90,7 +202,9 @@
package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@ -110,9 +224,8 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo;
@ -161,7 +274,8 @@ public class PdfPublicKeySecurityHandler {
int index = 0;
if (bytes[0] != '(' && bytes[bytes.length-1] != ')') throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string.");
if (bytes[0] != '(' && bytes[bytes.length - 1] != ')')
throw new BadPdfFormatException("Expect '(' and ')' at begin and end of the string.");
while (index < bytes.length) {
if (bytes[index] == '\\') {
@ -249,7 +363,7 @@ public class PdfPublicKeySecurityHandler {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream k = new DEROutputStream(baos);
ASN1OutputStream k = ASN1OutputStream.create(baos);
k.writeObject(obj);
@ -279,8 +393,7 @@ public class PdfPublicKeySecurityHandler {
private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException,
GeneralSecurityException
{
GeneralSecurityException {
String s = "1.2.840.113549.3.2";
@ -298,7 +411,7 @@ public class PdfPublicKeySecurityHandler {
DEROctetString deroctetstring = new DEROctetString(abyte1);
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null);
@ -308,8 +421,7 @@ public class PdfPublicKeySecurityHandler {
}
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
throws GeneralSecurityException, IOException
{
throws GeneralSecurityException, IOException {
ASN1InputStream asn1inputstream =
new ASN1InputStream(new ByteArrayInputStream(x509certificate.getTBSCertificate()));
TBSCertificateStructure tbscertificatestructure =

Loading…
Cancel
Save