opensource
/
fine-third
1
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity
Browse Source

REPORT-30379 bouncycastle存在安全问题,fine-itext、fine-itext-old 适配高版本

release/10.0
Hugh.C 5 years ago
parent
1919a818d6
commit
72d6364e04
12 changed files with 1194 additions and 1192 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 368
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/OcspClientBouncyCastle.java
  2. 268
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java
  3. 45
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
  4. 40
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfReader.java
  5. 460
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/TSAClientBouncyCastle.java
  6. 12
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/crypto/AESCipher.java
  7. 370
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/OcspClientBouncyCastle.java
  8. 266
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java
  9. 45
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
  10. 40
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfReader.java
  11. 460
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/TSAClientBouncyCastle.java
  12. 12
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/crypto/AESCipher.java

368
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/OcspClientBouncyCastle.java
Unescape View File

@ -1,184 +1,184 @@
/*
* $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $
*
* Copyright 2009 Paulo Soares
*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the License.
*
* The Original Code is 'iText, a free JAVA-PDF library'.
*
* The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
* the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
* All Rights Reserved.
* Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
* are Copyright (C) 2009 by Paulo Soares. All Rights Reserved.
*
* Contributor(s): all the names of the contributors are added in the source code
* where applicable.
*
* Alternatively, the contents of this file may be used under the terms of the
* LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
* provisions of LGPL are applicable instead of those above. If you wish to
* allow use of your version of this file only under the terms of the LGPL
* License and not to allow others to use your version of this file under
* the MPL, indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by the LGPL.
* If you do not delete the provisions above, a recipient may use your version
* of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
*
* This library is free software; you can redistribute it and/or modify it
* under the terms of the MPL as stated above or under the terms of the GNU
* Library General Public License as published by the Free Software Foundation;
* either version 2 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
* details.
*
* If you didn't download this code from the following link, you should check if
* you aren't using an obsolete version:
* http://www.lowagie.com/iText/
*/
package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.com.lowagie.text.ExceptionConverter;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Vector;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp;
/**
* OcspClient implementation using BouncyCastle.
* @author psoares
* @since 2.1.6
*/
public class OcspClientBouncyCastle implements OcspClient {
/** root certificate */
private X509Certificate rootCert;
/** check certificate */
private X509Certificate checkCert;
/** OCSP URL */
private String url;
/**
* Creates an instance of an OcspClient that will be using BouncyCastle.
* @param checkCert the check certificate
* @param rootCert the root certificate
* @param url the OCSP URL
*/
public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) {
this.checkCert = checkCert;
this.rootCert = rootCert;
this.url = url;
}
/**
* Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues
* @param serialNumber serial number
* @return an OCSP request
* @throws OCSPException
* @throws IOException
*/
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
// basic request generation with nonce
OCSPReqGenerator gen = new OCSPReqGenerator();
gen.addRequest(id);
// create details for nonce extension
Vector oids = new Vector();
Vector values = new Vector();
oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
gen.setRequestExtensions(new X509Extensions(oids, values));
return gen.generate();
}
/**
* @return a byte array
* @see com.fr.third.com.lowagie.text.pdf.OcspClient#getEncoded()
*/
public byte[] getEncoded() {
try {
OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
byte[] array = request.getEncoded();
URL urlt = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true);
OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
dataOut.write(array);
dataOut.flush();
dataOut.close();
if (con.getResponseCode() / 100 != 2) {
throw new IOException("Invalid HTTP response");
}
//Get Response
InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in);
if (ocspResponse.getStatus() != 0)
throw new IOException("Invalid status: " + ocspResponse.getStatus());
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
if (basicResponse != null) {
SingleResp[] responses = basicResponse.getResponses();
if (responses.length == 1) {
SingleResp resp = responses[0];
Object status = resp.getCertStatus();
if (status == CertificateStatus.GOOD) {
return basicResponse.getEncoded();
}
else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
throw new IOException("OCSP Status is revoked!");
}
else {
throw new IOException("OCSP Status is unknown!");
}
}
}
}
catch (Exception ex) {
throw new ExceptionConverter(ex);
}
return null;
}
}
///*
// * $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $
// *
// * Copyright 2009 Paulo Soares
// *
// * The contents of this file are subject to the Mozilla Public License Version 1.1
// * (the "License"); you may not use this file except in compliance with the License.
// * You may obtain a copy of the License at http://www.mozilla.org/MPL/
// *
// * Software distributed under the License is distributed on an "AS IS" basis,
// * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
// * for the specific language governing rights and limitations under the License.
// *
// * The Original Code is 'iText, a free JAVA-PDF library'.
// *
// * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
// * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
// * All Rights Reserved.
// * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
// * are Copyright (C) 2009 by Paulo Soares. All Rights Reserved.
// *
// * Contributor(s): all the names of the contributors are added in the source code
// * where applicable.
// *
// * Alternatively, the contents of this file may be used under the terms of the
// * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
// * provisions of LGPL are applicable instead of those above. If you wish to
// * allow use of your version of this file only under the terms of the LGPL
// * License and not to allow others to use your version of this file under
// * the MPL, indicate your decision by deleting the provisions above and
// * replace them with the notice and other provisions required by the LGPL.
// * If you do not delete the provisions above, a recipient may use your version
// * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
// *
// * This library is free software; you can redistribute it and/or modify it
// * under the terms of the MPL as stated above or under the terms of the GNU
// * Library General Public License as published by the Free Software Foundation;
// * either version 2 of the License, or any later version.
// *
// * This library is distributed in the hope that it will be useful, but WITHOUT
// * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
// * details.
// *
// * If you didn't download this code from the following link, you should check if
// * you aren't using an obsolete version:
// * http://www.lowagie.com/iText/
// */
//
//package com.fr.third.com.lowagie.text.pdf;
//
//import com.fr.third.com.lowagie.text.ExceptionConverter;
//import java.io.BufferedOutputStream;
//import java.io.DataOutputStream;
//import java.io.IOException;
//import java.io.InputStream;
//import java.io.OutputStream;
//import java.math.BigInteger;
//import java.net.HttpURLConnection;
//import java.net.URL;
//import java.security.Security;
//import java.security.cert.X509Certificate;
//import java.util.Vector;
//import org.bouncycastle.asn1.DEROctetString;
//import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
//import org.bouncycastle.asn1.x509.X509Extension;
//import org.bouncycastle.asn1.x509.X509Extensions;
//import org.bouncycastle.ocsp.BasicOCSPResp;
//import org.bouncycastle.ocsp.CertificateID;
//import org.bouncycastle.ocsp.CertificateStatus;
//import org.bouncycastle.ocsp.OCSPException;
//import org.bouncycastle.ocsp.OCSPReq;
//import org.bouncycastle.ocsp.OCSPReqGenerator;
//import org.bouncycastle.ocsp.OCSPResp;
//import org.bouncycastle.ocsp.SingleResp;
//
///**
// * OcspClient implementation using BouncyCastle.
// * @author psoares
// * @since 2.1.6
// */
//public class OcspClientBouncyCastle implements OcspClient {
// /** root certificate */
// private X509Certificate rootCert;
// /** check certificate */
// private X509Certificate checkCert;
// /** OCSP URL */
// private String url;
//
// /**
// * Creates an instance of an OcspClient that will be using BouncyCastle.
// * @param checkCert the check certificate
// * @param rootCert the root certificate
// * @param url the OCSP URL
// */
// public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) {
// this.checkCert = checkCert;
// this.rootCert = rootCert;
// this.url = url;
// }
//
// /**
// * Generates an OCSP request using BouncyCastle.
// * @param issuerCert certificate of the issues
// * @param serialNumber serial number
// * @return an OCSP request
// * @throws OCSPException
// * @throws IOException
// */
// private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException {
// //Add provider BC
// Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
// // Generate the id for the certificate we are looking for
// CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
//
// // basic request generation with nonce
// OCSPReqGenerator gen = new OCSPReqGenerator();
//
// gen.addRequest(id);
//
// // create details for nonce extension
// Vector oids = new Vector();
// Vector values = new Vector();
//
// oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
// values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
//
// gen.setRequestExtensions(new X509Extensions(oids, values));
//
// return gen.generate();
// }
//
// /**
// * @return a byte array
// * @see com.fr.third.com.lowagie.text.pdf.OcspClient#getEncoded()
// */
// public byte[] getEncoded() {
// try {
// OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
// byte[] array = request.getEncoded();
// URL urlt = new URL(url);
// HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
// con.setRequestProperty("Content-Type", "application/ocsp-request");
// con.setRequestProperty("Accept", "application/ocsp-response");
// con.setDoOutput(true);
// OutputStream out = con.getOutputStream();
// DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
// dataOut.write(array);
// dataOut.flush();
// dataOut.close();
// if (con.getResponseCode() / 100 != 2) {
// throw new IOException("Invalid HTTP response");
// }
// //Get Response
// InputStream in = (InputStream) con.getContent();
// OCSPResp ocspResponse = new OCSPResp(in);
//
// if (ocspResponse.getStatus() != 0)
// throw new IOException("Invalid status: " + ocspResponse.getStatus());
// BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
// if (basicResponse != null) {
// SingleResp[] responses = basicResponse.getResponses();
// if (responses.length == 1) {
// SingleResp resp = responses[0];
// Object status = resp.getCertStatus();
// if (status == CertificateStatus.GOOD) {
// return basicResponse.getEncoded();
// }
// else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
// throw new IOException("OCSP Status is revoked!");
// }
// else {
// throw new IOException("OCSP Status is unknown!");
// }
// }
// }
// }
// catch (Exception ex) {
// throw new ExceptionConverter(ex);
// }
// return null;
// }
//}

268
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java
Unescape View File

@ -46,6 +46,8 @@
*/
package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1String;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@ -75,43 +77,41 @@ import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.jce.provider.X509CertParser;
import com.fr.third.org.bouncycastle.asn1.ASN1Encodable;
import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1Sequence;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject;
import com.fr.third.org.bouncycastle.asn1.DEREnumerated;
import com.fr.third.org.bouncycastle.asn1.DERInteger;
import com.fr.third.org.bouncycastle.asn1.DERNull;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import com.fr.third.org.bouncycastle.asn1.DERSequence;
import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.DERTaggedObject;
import com.fr.third.org.bouncycastle.asn1.DERUTCTime;
import com.fr.third.org.bouncycastle.asn1.cms.AttributeTable;
import com.fr.third.org.bouncycastle.asn1.cms.Attribute;
import com.fr.third.org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import com.fr.third.org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser;
import com.fr.third.org.bouncycastle.jce.provider.X509CertParser;
import com.fr.third.com.lowagie.text.ExceptionConverter;
import java.security.cert.CertificateParsingException;
import java.util.Date;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.tsp.MessageImprint;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.tsp.TimeStampToken;
import com.fr.third.org.bouncycastle.asn1.ASN1OctetString;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint;
import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions;
//import org.bouncycastle.ocsp.BasicOCSPResp;
//import org.bouncycastle.ocsp.CertificateID;
//import org.bouncycastle.ocsp.SingleResp;
//import org.bouncycastle.tsp.TimeStampToken;
/**
* This class does all the processing related to signing and verifying a PKCS#7
@ -167,7 +167,7 @@ public class PdfPKCS7 {
*/
private String signName;
private TimeStampToken timeStampToken;
// private TimeStampToken timeStampToken;
private static final HashMap digestNames = new HashMap();
private static final HashMap algorithmNames = new HashMap();
@ -273,23 +273,23 @@ public class PdfPKCS7 {
* @return the timestamp token or null
* @since 2.1.6
*/
public TimeStampToken getTimeStampToken() {
return timeStampToken;
}
// public TimeStampToken getTimeStampToken() {
// return timeStampToken;
// }
/**
* Gets the timestamp date
* @return a date
* @since 2.1.6
*/
public Calendar getTimeStampDate() {
if (timeStampToken == null)
return null;
Calendar cal = new GregorianCalendar();
Date date = timeStampToken.getTimeStampInfo().getGenTime();
cal.setTime(date);
return cal;
}
// public Calendar getTimeStampDate() {
// if (timeStampToken == null)
// return null;
// Calendar cal = new GregorianCalendar();
// Date date = timeStampToken.getTimeStampInfo().getGenTime();
// cal.setTime(date);
// return cal;
// }
/**
* Verifies a signature using the sub-filter adbe.x509.rsa_sha1.
@ -319,19 +319,19 @@ public class PdfPKCS7 {
}
}
private BasicOCSPResp basicResp;
// private BasicOCSPResp basicResp;
/**
* Gets the OCSP basic response if there is one.
* @return the OCSP basic response or null
* @since 2.1.6
*/
public BasicOCSPResp getOcsp() {
return basicResp;
}
// public BasicOCSPResp getOcsp() {
// return basicResp;
// }
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
// basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier)
@ -362,7 +362,7 @@ public class PdfPKCS7 {
DEROctetString os = (DEROctetString)seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
// basicResp = new BasicOCSPResp(resp);
}
/**
@ -379,7 +379,7 @@ public class PdfPKCS7 {
//
// Basic checks to make sure it's a PKCS#7 SignedData Object
//
DERObject pkcs;
ASN1Object pkcs;
try {
pkcs = din.readObject();
@ -464,7 +464,7 @@ public class PdfPKCS7 {
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
sigAttr = sseq.getEncoded(ASN1Encodable.DER);
sigAttr = sseq.getEncoded("DER");
for (int k = 0; k < sseq.size(); ++k) {
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
@ -499,7 +499,7 @@ public class PdfPKCS7 {
ASN1Set attributeValues = ts.getAttrValues();
ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0));
ContentInfo contentInfo = new ContentInfo(tokenSequence);
this.timeStampToken = new TimeStampToken(contentInfo);
// this.timeStampToken = new TimeStampToken(contentInfo);
}
}
if (RSAdata != null || digestAttr != null) {
@ -641,15 +641,15 @@ public class PdfPKCS7 {
* @return true if it checks false otherwise
* @since 2.1.6
*/
public boolean verifyTimestampImprint() throws NoSuchAlgorithmException {
if (timeStampToken == null)
return false;
MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint();
byte[] md = MessageDigest.getInstance("SHA-1").digest(digest);
byte[] imphashed = imprint.getHashedMessage();
boolean res = Arrays.equals(md, imphashed);
return res;
}
// public boolean verifyTimestampImprint() throws NoSuchAlgorithmException {
// if (timeStampToken == null)
// return false;
// MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint();
// byte[] md = MessageDigest.getInstance("SHA-1").digest(digest);
// byte[] imphashed = imprint.getHashedMessage();
// boolean res = Arrays.equals(md, imphashed);
// return res;
// }
/**
* Get all the X.509 certificates associated with this PKCS#7 object in no particular order.
@ -888,27 +888,27 @@ public class PdfPKCS7 {
* @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6
*/
public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
if (provider == null)
provider = "BC";
try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try {
String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
if (ocsp.verify(certStoreX509.getPublicKey(), provider))
return true;
}
catch (Exception ex) {
}
}
}
catch (Exception e) {
}
return false;
}
// public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
// if (provider == null)
// provider = "BC";
// try {
// for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
// try {
// String alias = (String)aliases.nextElement();
// if (!keystore.isCertificateEntry(alias))
// continue;
// X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
// if (ocsp.verify(certStoreX509.getPublicKey(), provider))
// return true;
// }
// catch (Exception ex) {
// }
// }
// }
// catch (Exception e) {
// }
// return false;
// }
/**
* Verifies a timestamp against a KeyStore.
@ -918,27 +918,27 @@ public class PdfPKCS7 {
* @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6
*/
public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) {
if (provider == null)
provider = "BC";
try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try {
String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
ts.validate(certStoreX509, provider);
return true;
}
catch (Exception ex) {
}
}
}
catch (Exception e) {
}
return false;
}
// public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) {
// if (provider == null)
// provider = "BC";
// try {
// for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
// try {
// String alias = (String)aliases.nextElement();
// if (!keystore.isCertificateEntry(alias))
// continue;
// X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
// ts.validate(certStoreX509, provider);
// return true;
// }
// catch (Exception ex) {
// }
// }
// }
// catch (Exception e) {
// }
// return false;
// }
/**
* Retrieves the OCSP URL from the given certificate.
@ -949,7 +949,7 @@ public class PdfPKCS7 {
*/
public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException {
try {
DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
ASN1Object obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
if (obj == null) {
return null;
}
@ -961,7 +961,7 @@ public class PdfPKCS7 {
continue;
} else {
if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1));
String AccessLocation = getStringFromGeneralName((ASN1Object)AccessDescription.getObjectAt(1));
if ( AccessLocation == null ) {
return "" ;
} else {
@ -980,26 +980,26 @@ public class PdfPKCS7 {
* @return true if it checks false otherwise
* @since 2.1.6
*/
public boolean isRevocationValid() {
if (basicResp == null)
return false;
if (signCerts.size() < 2)
return false;
try {
X509Certificate[] cs = (X509Certificate[])getSignCertificateChain();
SingleResp sr = basicResp.getResponses()[0];
CertificateID cid = sr.getCertID();
X509Certificate sigcer = getSigningCertificate();
X509Certificate isscer = cs[1];
CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber());
return tis.equals(cid);
}
catch (Exception ex) {
}
return false;
}
// public boolean isRevocationValid() {
// if (basicResp == null)
// return false;
// if (signCerts.size() < 2)
// return false;
// try {
// X509Certificate[] cs = (X509Certificate[])getSignCertificateChain();
// SingleResp sr = basicResp.getResponses()[0];
// CertificateID cid = sr.getCertID();
// X509Certificate sigcer = getSigningCertificate();
// X509Certificate isscer = cs[1];
// CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber());
// return tis.equals(cid);
// }
// catch (Exception ex) {
// }
// return false;
// }
private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException {
private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException {
byte[] bytes = cert.getExtensionValue(oid);
if (bytes == null) {
return null;
@ -1010,7 +1010,7 @@ public class PdfPKCS7 {
return aIn.readObject();
}
private static String getStringFromGeneralName(DERObject names) throws IOException {
private static String getStringFromGeneralName(ASN1Object names) throws IOException {
DERTaggedObject taggedObject = (DERTaggedObject) names ;
return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1");
}
@ -1020,11 +1020,11 @@ public class PdfPKCS7 {
* @param enc a TBSCertificate in a byte array
* @return a DERObject
*/
private static DERObject getIssuer(byte[] enc) {
private static ASN1Object getIssuer(byte[] enc) {
try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
}
catch (IOException e) {
throw new ExceptionConverter(e);
@ -1036,11 +1036,11 @@ public class PdfPKCS7 {
* @param enc A TBSCertificate in a byte array
* @return a DERObject
*/
private static DERObject getSubject(byte[] enc) {
private static ASN1Object getSubject(byte[] enc) {
try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
}
catch (IOException e) {
throw new ExceptionConverter(e);
@ -1340,7 +1340,7 @@ public class PdfPKCS7 {
*/
public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) {
try {
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER);
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER");
}
catch (Exception e) {
throw new ExceptionConverter(e);
@ -1575,7 +1575,7 @@ public class PdfPKCS7 {
vs = new ArrayList();
values.put(id, vs);
}
vs.add(((DERString)s.getObjectAt(1)).getString());
vs.add(((ASN1String)s.getObjectAt(1)).getString());
}
}
}

45
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
Unescape View File

@ -89,6 +89,8 @@
package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@ -107,22 +109,21 @@ import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import com.fr.third.org.bouncycastle.asn1.cms.EnvelopedData;
import com.fr.third.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import com.fr.third.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import com.fr.third.org.bouncycastle.asn1.cms.RecipientIdentifier;
import com.fr.third.org.bouncycastle.asn1.cms.RecipientInfo;
import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.fr.third.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure;
/**
* @author Aiken Sam (aikensam@ieee.org)
@ -244,7 +245,7 @@ public class PdfPublicKeySecurityHandler {
pkcs7input[22] = two;
pkcs7input[23] = one;
DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@ -276,7 +277,7 @@ public class PdfPublicKeySecurityHandler {
return EncodedRecipients;
}
private DERObject createDERForRecipient(byte[] in, X509Certificate cert)
private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException,
GeneralSecurityException
{
@ -287,7 +288,7 @@ public class PdfPublicKeySecurityHandler {
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
DERObject derobject = asn1inputstream.readObject();
ASN1Object derobject = asn1inputstream.readObject();
KeyGenerator keygenerator = KeyGenerator.getInstance(s);
keygenerator.init(128);
SecretKey secretkey = keygenerator.generateKey();
@ -300,10 +301,10 @@ public class PdfPublicKeySecurityHandler {
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null);
ContentInfo contentinfo =
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
return contentinfo.getDERObject();
return contentinfo.getContentType();
}
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
@ -318,7 +319,7 @@ public class PdfPublicKeySecurityHandler {
new IssuerAndSerialNumber(
tbscertificatestructure.getIssuer(),
tbscertificatestructure.getSerialNumber().getValue());
Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId());
Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());
cipher.init(1, x509certificate);
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);

40
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfReader.java
Unescape View File

@ -78,8 +78,8 @@ import com.fr.third.com.lowagie.text.exceptions.UnsupportedPdfException;
import com.fr.third.com.lowagie.text.pdf.interfaces.PdfViewerPreferences;
import com.fr.third.com.lowagie.text.pdf.internal.PdfViewerPreferencesImp;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.RecipientInformation;
//import com.fr.third.org.bouncycastle.cms.CMSEnvelopedData;
//import com.fr.third.org.bouncycastle.cms.RecipientInformation;
/** Reads a PDF document.
* @author Paulo Soares (psoares@consiste.pt)
@ -709,24 +709,24 @@ public class PdfReader implements PdfViewerPreferences {
PdfObject recipient = recipients.getPdfObject(i);
strings.remove(recipient);
CMSEnvelopedData data = null;
try {
data = new CMSEnvelopedData(recipient.getBytes());
Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator();
while (recipientCertificatesIt.hasNext()) {
RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next();
if (recipientInfo.getRID().match(certificate) && !foundRecipient) {
envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider);
foundRecipient = true;
}
}
}
catch (Exception f) {
throw new ExceptionConverter(f);
}
// CMSEnvelopedData data = null;
// try {
// data = new CMSEnvelopedData(recipient.getBytes());
//
// Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator();
//
// while (recipientCertificatesIt.hasNext()) {
// RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next();
//
// if (recipientInfo.getRID().match(certificate) && !foundRecipient) {
// envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider);
// foundRecipient = true;
// }
// }
// }
// catch (Exception f) {
// throw new ExceptionConverter(f);
// }
}
if(!foundRecipient || envelopedData == null) {

460
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/TSAClientBouncyCastle.java
Unescape View File

@ -1,230 +1,230 @@
/*
* $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $
*
* Copyright 2009 Martin Brunecky, Aiken Sam
*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the License.
*
* The Original Code is 'iText, a free JAVA-PDF library'.
*
* The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
* the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
* All Rights Reserved.
* Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
* are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved.
*
* Contributor(s): all the names of the contributors are added in the source code
* where applicable.
*
* Alternatively, the contents of this file may be used under the terms of the
* LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
* provisions of LGPL are applicable instead of those above. If you wish to
* allow use of your version of this file only under the terms of the LGPL
* License and not to allow others to use your version of this file under
* the MPL, indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by the LGPL.
* If you do not delete the provisions above, a recipient may use your version
* of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
*
* This library is free software; you can redistribute it and/or modify it
* under the terms of the MPL as stated above or under the terms of the GNU
* Library General Public License as published by the Free Software Foundation;
* either version 2 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
* details.
*
* If you didn't download this code from the following link, you should check if
* you aren't using an obsolete version:
* http://www.lowagie.com/iText/
*/
package com.fr.third.com.lowagie.text.pdf;
import java.io.*;
import java.math.*;
import java.net.*;
import org.bouncycastle.asn1.cmp.*;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.tsp.*;
import com.fr.third.com.lowagie.text.pdf.codec.Base64;
/**
* Time Stamp Authority Client interface implementation using Bouncy Castle
* org.bouncycastle.tsp package.
* <p>
* Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007
* for ease of subclassing.
* </p>
* @since 2.1.6
*/
public class TSAClientBouncyCastle implements TSAClient {
/** URL of the Time Stamp Authority */
protected String tsaURL;
/** TSA Username */
protected String tsaUsername;
/** TSA password */
protected String tsaPassword;
/** Estimate of the received time stamp token */
protected int tokSzEstimate;
/**
* Creates an instance of a TSAClient that will use BouncyCastle.
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
*/
public TSAClientBouncyCastle(String url) {
this(url, null, null, 4096);
}
/**
* Creates an instance of a TSAClient that will use BouncyCastle.
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
* @param username String - user(account) name
* @param password String - password
*/
public TSAClientBouncyCastle(String url, String username, String password) {
this(url, username, password, 4096);
}
/**
* Constructor.
* Note the token size estimate is updated by each call, as the token
* size is not likely to change (as long as we call the same TSA using
* the same imprint length).
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
* @param username String - user(account) name
* @param password String - password
* @param tokSzEstimate int - estimated size of received time stamp token (DER encoded)
*/
public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) {
this.tsaURL = url;
this.tsaUsername = username;
this.tsaPassword = password;
this.tokSzEstimate = tokSzEstimate;
}
/**
* Get the token size estimate.
* Returned value reflects the result of the last succesfull call, padded
* @return an estimate of the token size
*/
public int getTokenSizeEstimate() {
return tokSzEstimate;
}
/**
* Get RFC 3161 timeStampToken.
* Method may return null indicating that timestamp should be skipped.
* @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)
* @param imprint byte[] - data imprint to be time-stamped
* @return byte[] - encoded, TSA signed data of the timeStampToken
* @throws Exception - TSA request failed
* @see com.fr.third.com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.fr.third.com.lowagie.text.pdf.PdfPKCS7, byte[])
*/
public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception {
return getTimeStampToken(imprint);
}
/**
* Get timestamp token - Bouncy Castle request encoding / decoding layer
*/
protected byte[] getTimeStampToken(byte[] imprint) throws Exception {
byte[] respBytes = null;
try {
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.setCertReq(true);
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce);
byte[] requestBytes = request.getEncoded();
// Call the communications layer
respBytes = getTSAResponse(requestBytes);
// Handle the TSA response
TimeStampResponse response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.validate(request);
PKIFailureInfo failure = response.getFailInfo();
int value = (failure == null) ? 0 : failure.intValue();
if (value != 0) {
// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value);
}
// @todo: validate the time stap certificate chain (if we want
// assure we do not sign using an invalid timestamp).
// extract just the time stamp token (removes communication status info)
TimeStampToken tsToken = response.getTimeStampToken();
if (tsToken == null) {
throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString());
}
TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details
byte[] encoded = tsToken.getEncoded();
long stop = System.currentTimeMillis();
// Update our token size estimate for the next call (padded to be safe)
this.tokSzEstimate = encoded.length + 32;
return encoded;
} catch (Exception e) {
throw e;
} catch (Throwable t) {
throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t);
}
}
/**
* Get timestamp token - communications layer
* @return - byte[] - TSA response, raw bytes (RFC 3161 encoded)
*/
protected byte[] getTSAResponse(byte[] requestBytes) throws Exception {
// Setup the TSA connection
URL url = new URL(tsaURL);
URLConnection tsaConnection;
tsaConnection = (URLConnection) url.openConnection();
tsaConnection.setDoInput(true);
tsaConnection.setDoOutput(true);
tsaConnection.setUseCaches(false);
tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query");
//tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64");
tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
if ((tsaUsername != null) && !tsaUsername.equals("") ) {
String userPassword = tsaUsername + ":" + tsaPassword;
tsaConnection.setRequestProperty("Authorization", "Basic " +
new String(Base64.encodeBytes(userPassword.getBytes())));
}
OutputStream out = tsaConnection.getOutputStream();
out.write(requestBytes);
out.close();
// Get TSA response as a byte array
InputStream inp = tsaConnection.getInputStream();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
int bytesRead = 0;
while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) {
baos.write(buffer, 0, bytesRead);
}
byte[] respBytes = baos.toByteArray();
String encoding = tsaConnection.getContentEncoding();
if (encoding != null && encoding.equalsIgnoreCase("base64")) {
respBytes = Base64.decode(new String(respBytes));
}
return respBytes;
}
}
///*
// * $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $
// *
// * Copyright 2009 Martin Brunecky, Aiken Sam
// *
// * The contents of this file are subject to the Mozilla Public License Version 1.1
// * (the "License"); you may not use this file except in compliance with the License.
// * You may obtain a copy of the License at http://www.mozilla.org/MPL/
// *
// * Software distributed under the License is distributed on an "AS IS" basis,
// * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
// * for the specific language governing rights and limitations under the License.
// *
// * The Original Code is 'iText, a free JAVA-PDF library'.
// *
// * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
// * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
// * All Rights Reserved.
// * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
// * are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved.
// *
// * Contributor(s): all the names of the contributors are added in the source code
// * where applicable.
// *
// * Alternatively, the contents of this file may be used under the terms of the
// * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
// * provisions of LGPL are applicable instead of those above. If you wish to
// * allow use of your version of this file only under the terms of the LGPL
// * License and not to allow others to use your version of this file under
// * the MPL, indicate your decision by deleting the provisions above and
// * replace them with the notice and other provisions required by the LGPL.
// * If you do not delete the provisions above, a recipient may use your version
// * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
// *
// * This library is free software; you can redistribute it and/or modify it
// * under the terms of the MPL as stated above or under the terms of the GNU
// * Library General Public License as published by the Free Software Foundation;
// * either version 2 of the License, or any later version.
// *
// * This library is distributed in the hope that it will be useful, but WITHOUT
// * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
// * details.
// *
// * If you didn't download this code from the following link, you should check if
// * you aren't using an obsolete version:
// * http://www.lowagie.com/iText/
// */
//
//package com.fr.third.com.lowagie.text.pdf;
//
//import java.io.*;
//import java.math.*;
//import java.net.*;
//
//import org.bouncycastle.asn1.cmp.*;
//import org.bouncycastle.asn1.x509.*;
//import org.bouncycastle.tsp.*;
//
//import com.fr.third.com.lowagie.text.pdf.codec.Base64;
//
///**
// * Time Stamp Authority Client interface implementation using Bouncy Castle
// * org.bouncycastle.tsp package.
// * <p>
// * Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007
// * for ease of subclassing.
// * </p>
// * @since 2.1.6
// */
//public class TSAClientBouncyCastle implements TSAClient {
// /** URL of the Time Stamp Authority */
// protected String tsaURL;
// /** TSA Username */
// protected String tsaUsername;
// /** TSA password */
// protected String tsaPassword;
// /** Estimate of the received time stamp token */
// protected int tokSzEstimate;
//
// /**
// * Creates an instance of a TSAClient that will use BouncyCastle.
// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
// */
// public TSAClientBouncyCastle(String url) {
// this(url, null, null, 4096);
// }
//
// /**
// * Creates an instance of a TSAClient that will use BouncyCastle.
// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
// * @param username String - user(account) name
// * @param password String - password
// */
// public TSAClientBouncyCastle(String url, String username, String password) {
// this(url, username, password, 4096);
// }
//
// /**
// * Constructor.
// * Note the token size estimate is updated by each call, as the token
// * size is not likely to change (as long as we call the same TSA using
// * the same imprint length).
// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
// * @param username String - user(account) name
// * @param password String - password
// * @param tokSzEstimate int - estimated size of received time stamp token (DER encoded)
// */
// public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) {
// this.tsaURL = url;
// this.tsaUsername = username;
// this.tsaPassword = password;
// this.tokSzEstimate = tokSzEstimate;
// }
//
// /**
// * Get the token size estimate.
// * Returned value reflects the result of the last succesfull call, padded
// * @return an estimate of the token size
// */
// public int getTokenSizeEstimate() {
// return tokSzEstimate;
// }
//
// /**
// * Get RFC 3161 timeStampToken.
// * Method may return null indicating that timestamp should be skipped.
// * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)
// * @param imprint byte[] - data imprint to be time-stamped
// * @return byte[] - encoded, TSA signed data of the timeStampToken
// * @throws Exception - TSA request failed
// * @see com.fr.third.com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.fr.third.com.lowagie.text.pdf.PdfPKCS7, byte[])
// */
// public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception {
// return getTimeStampToken(imprint);
// }
//
// /**
// * Get timestamp token - Bouncy Castle request encoding / decoding layer
// */
// protected byte[] getTimeStampToken(byte[] imprint) throws Exception {
// byte[] respBytes = null;
// try {
// // Setup the time stamp request
// TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
// tsqGenerator.setCertReq(true);
// // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
// BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
// TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce);
// byte[] requestBytes = request.getEncoded();
//
// // Call the communications layer
// respBytes = getTSAResponse(requestBytes);
//
// // Handle the TSA response
// TimeStampResponse response = new TimeStampResponse(respBytes);
//
// // validate communication level attributes (RFC 3161 PKIStatus)
// response.validate(request);
// PKIFailureInfo failure = response.getFailInfo();
// int value = (failure == null) ? 0 : failure.intValue();
// if (value != 0) {
// // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
// throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value);
// }
// // @todo: validate the time stap certificate chain (if we want
// // assure we do not sign using an invalid timestamp).
//
// // extract just the time stamp token (removes communication status info)
// TimeStampToken tsToken = response.getTimeStampToken();
// if (tsToken == null) {
// throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString());
// }
// TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details
// byte[] encoded = tsToken.getEncoded();
// long stop = System.currentTimeMillis();
//
// // Update our token size estimate for the next call (padded to be safe)
// this.tokSzEstimate = encoded.length + 32;
// return encoded;
// } catch (Exception e) {
// throw e;
// } catch (Throwable t) {
// throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t);
// }
// }
//
// /**
// * Get timestamp token - communications layer
// * @return - byte[] - TSA response, raw bytes (RFC 3161 encoded)
// */
// protected byte[] getTSAResponse(byte[] requestBytes) throws Exception {
// // Setup the TSA connection
// URL url = new URL(tsaURL);
// URLConnection tsaConnection;
// tsaConnection = (URLConnection) url.openConnection();
//
// tsaConnection.setDoInput(true);
// tsaConnection.setDoOutput(true);
// tsaConnection.setUseCaches(false);
// tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query");
// //tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64");
// tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
//
// if ((tsaUsername != null) && !tsaUsername.equals("") ) {
// String userPassword = tsaUsername + ":" + tsaPassword;
// tsaConnection.setRequestProperty("Authorization", "Basic " +
// new String(Base64.encodeBytes(userPassword.getBytes())));
// }
// OutputStream out = tsaConnection.getOutputStream();
// out.write(requestBytes);
// out.close();
//
// // Get TSA response as a byte array
// InputStream inp = tsaConnection.getInputStream();
// ByteArrayOutputStream baos = new ByteArrayOutputStream();
// byte[] buffer = new byte[1024];
// int bytesRead = 0;
// while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) {
// baos.write(buffer, 0, bytesRead);
// }
// byte[] respBytes = baos.toByteArray();
//
// String encoding = tsaConnection.getContentEncoding();
// if (encoding != null && encoding.equalsIgnoreCase("base64")) {
// respBytes = Base64.decode(new String(respBytes));
// }
// return respBytes;
// }
//}

12
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/crypto/AESCipher.java
Unescape View File

@ -48,12 +48,12 @@
*/
package com.fr.third.com.lowagie.text.pdf.crypto;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import com.fr.third.org.bouncycastle.crypto.BlockCipher;
import com.fr.third.org.bouncycastle.crypto.engines.AESFastEngine;
import com.fr.third.org.bouncycastle.crypto.modes.CBCBlockCipher;
import com.fr.third.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import com.fr.third.org.bouncycastle.crypto.params.KeyParameter;
import com.fr.third.org.bouncycastle.crypto.params.ParametersWithIV;
/**
* Creates an AES Cipher with CBC and padding PKCS5/7.

370
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/OcspClientBouncyCastle.java
Unescape View File

@ -1,185 +1,185 @@
/*
* $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $
*
* Copyright 2009 Paulo Soares
*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the License.
*
* The Original Code is 'iText, a free JAVA-PDF library'.
*
* The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
* the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
* All Rights Reserved.
* Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
* are Copyright (C) 2009 by Paulo Soares. All Rights Reserved.
*
* Contributor(s): all the names of the contributors are added in the source code
* where applicable.
*
* Alternatively, the contents of this file may be used under the terms of the
* LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
* provisions of LGPL are applicable instead of those above. If you wish to
* allow use of your version of this file only under the terms of the LGPL
* License and not to allow others to use your version of this file under
* the MPL, indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by the LGPL.
* If you do not delete the provisions above, a recipient may use your version
* of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
*
* This library is free software; you can redistribute it and/or modify it
* under the terms of the MPL as stated above or under the terms of the GNU
* Library General Public License as published by the Free Software Foundation;
* either version 2 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
* details.
*
* If you didn't download this code from the following link, you should check if
* you aren't using an obsolete version:
* http://www.lowagie.com/iText/
*/
package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.v2.lowagie.text.ExceptionConverter;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Vector;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp;
/**
* OcspClient implementation using BouncyCastle.
* @author psoares
* @since 2.1.6
*/
public class OcspClientBouncyCastle implements OcspClient {
/** root certificate */
private X509Certificate rootCert;
/** check certificate */
private X509Certificate checkCert;
/** OCSP URL */
private String url;
/**
* Creates an instance of an OcspClient that will be using BouncyCastle.
* @param checkCert the check certificate
* @param rootCert the root certificate
* @param url the OCSP URL
*/
public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) {
this.checkCert = checkCert;
this.rootCert = rootCert;
this.url = url;
}
/**
* Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues
* @param serialNumber serial number
* @return an OCSP request
* @throws OCSPException
* @throws IOException
*/
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
// basic request generation with nonce
OCSPReqGenerator gen = new OCSPReqGenerator();
gen.addRequest(id);
// create details for nonce extension
Vector oids = new Vector();
Vector values = new Vector();
oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
gen.setRequestExtensions(new X509Extensions(oids, values));
return gen.generate();
}
/**
* @return a byte array
* @see OcspClient#getEncoded()
*/
public byte[] getEncoded() {
try {
OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
byte[] array = request.getEncoded();
URL urlt = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true);
OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
dataOut.write(array);
dataOut.flush();
dataOut.close();
if (con.getResponseCode() / 100 != 2) {
throw new IOException("Invalid HTTP response");
}
//Get Response
InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in);
if (ocspResponse.getStatus() != 0)
throw new IOException("Invalid status: " + ocspResponse.getStatus());
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
if (basicResponse != null) {
SingleResp[] responses = basicResponse.getResponses();
if (responses.length == 1) {
SingleResp resp = responses[0];
Object status = resp.getCertStatus();
if (status == CertificateStatus.GOOD) {
return basicResponse.getEncoded();
}
else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
throw new IOException("OCSP Status is revoked!");
}
else {
throw new IOException("OCSP Status is unknown!");
}
}
}
}
catch (Exception ex) {
throw new ExceptionConverter(ex);
}
return null;
}
}
///*
// * $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $
// *
// * Copyright 2009 Paulo Soares
// *
// * The contents of this file are subject to the Mozilla Public License Version 1.1
// * (the "License"); you may not use this file except in compliance with the License.
// * You may obtain a copy of the License at http://www.mozilla.org/MPL/
// *
// * Software distributed under the License is distributed on an "AS IS" basis,
// * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
// * for the specific language governing rights and limitations under the License.
// *
// * The Original Code is 'iText, a free JAVA-PDF library'.
// *
// * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
// * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
// * All Rights Reserved.
// * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
// * are Copyright (C) 2009 by Paulo Soares. All Rights Reserved.
// *
// * Contributor(s): all the names of the contributors are added in the source code
// * where applicable.
// *
// * Alternatively, the contents of this file may be used under the terms of the
// * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
// * provisions of LGPL are applicable instead of those above. If you wish to
// * allow use of your version of this file only under the terms of the LGPL
// * License and not to allow others to use your version of this file under
// * the MPL, indicate your decision by deleting the provisions above and
// * replace them with the notice and other provisions required by the LGPL.
// * If you do not delete the provisions above, a recipient may use your version
// * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
// *
// * This library is free software; you can redistribute it and/or modify it
// * under the terms of the MPL as stated above or under the terms of the GNU
// * Library General Public License as published by the Free Software Foundation;
// * either version 2 of the License, or any later version.
// *
// * This library is distributed in the hope that it will be useful, but WITHOUT
// * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
// * details.
// *
// * If you didn't download this code from the following link, you should check if
// * you aren't using an obsolete version:
// * http://www.lowagie.com/iText/
// */
//
//package com.fr.third.v2.lowagie.text.pdf;
//
//import com.fr.third.v2.lowagie.text.ExceptionConverter;
//
//import java.io.BufferedOutputStream;
//import java.io.DataOutputStream;
//import java.io.IOException;
//import java.io.InputStream;
//import java.io.OutputStream;
//import java.math.BigInteger;
//import java.net.HttpURLConnection;
//import java.net.URL;
//import java.security.Security;
//import java.security.cert.X509Certificate;
//import java.util.Vector;
//import org.bouncycastle.asn1.DEROctetString;
//import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
//import org.bouncycastle.asn1.x509.X509Extension;
//import org.bouncycastle.asn1.x509.X509Extensions;
//import org.bouncycastle.ocsp.BasicOCSPResp;
//import org.bouncycastle.ocsp.CertificateID;
//import org.bouncycastle.ocsp.CertificateStatus;
//import org.bouncycastle.ocsp.OCSPException;
//import org.bouncycastle.ocsp.OCSPReq;
//import org.bouncycastle.ocsp.OCSPReqGenerator;
//import org.bouncycastle.ocsp.OCSPResp;
//import org.bouncycastle.ocsp.SingleResp;
//
///**
// * OcspClient implementation using BouncyCastle.
// * @author psoares
// * @since 2.1.6
// */
//public class OcspClientBouncyCastle implements OcspClient {
// /** root certificate */
// private X509Certificate rootCert;
// /** check certificate */
// private X509Certificate checkCert;
// /** OCSP URL */
// private String url;
//
// /**
// * Creates an instance of an OcspClient that will be using BouncyCastle.
// * @param checkCert the check certificate
// * @param rootCert the root certificate
// * @param url the OCSP URL
// */
// public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) {
// this.checkCert = checkCert;
// this.rootCert = rootCert;
// this.url = url;
// }
//
// /**
// * Generates an OCSP request using BouncyCastle.
// * @param issuerCert certificate of the issues
// * @param serialNumber serial number
// * @return an OCSP request
// * @throws OCSPException
// * @throws IOException
// */
// private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException {
// //Add provider BC
// Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
// // Generate the id for the certificate we are looking for
// CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
//
// // basic request generation with nonce
// OCSPReqGenerator gen = new OCSPReqGenerator();
//
// gen.addRequest(id);
//
// // create details for nonce extension
// Vector oids = new Vector();
// Vector values = new Vector();
//
// oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
// values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
//
// gen.setRequestExtensions(new X509Extensions(oids, values));
//
// return gen.generate();
// }
//
// /**
// * @return a byte array
// * @see OcspClient#getEncoded()
// */
// public byte[] getEncoded() {
// try {
// OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
// byte[] array = request.getEncoded();
// URL urlt = new URL(url);
// HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
// con.setRequestProperty("Content-Type", "application/ocsp-request");
// con.setRequestProperty("Accept", "application/ocsp-response");
// con.setDoOutput(true);
// OutputStream out = con.getOutputStream();
// DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
// dataOut.write(array);
// dataOut.flush();
// dataOut.close();
// if (con.getResponseCode() / 100 != 2) {
// throw new IOException("Invalid HTTP response");
// }
// //Get Response
// InputStream in = (InputStream) con.getContent();
// OCSPResp ocspResponse = new OCSPResp(in);
//
// if (ocspResponse.getStatus() != 0)
// throw new IOException("Invalid status: " + ocspResponse.getStatus());
// BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
// if (basicResponse != null) {
// SingleResp[] responses = basicResponse.getResponses();
// if (responses.length == 1) {
// SingleResp resp = responses[0];
// Object status = resp.getCertStatus();
// if (status == CertificateStatus.GOOD) {
// return basicResponse.getEncoded();
// }
// else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
// throw new IOException("OCSP Status is revoked!");
// }
// else {
// throw new IOException("OCSP Status is unknown!");
// }
// }
// }
// }
// catch (Exception ex) {
// throw new ExceptionConverter(ex);
// }
// return null;
// }
//}

266
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java
Unescape View File

@ -46,6 +46,8 @@
*/
package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1String;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@ -76,42 +78,40 @@ import java.util.Iterator;
import java.util.Set;
import com.fr.third.v2.lowagie.text.ExceptionConverter;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.jce.provider.X509CertParser;
import com.fr.third.org.bouncycastle.asn1.ASN1Encodable;
import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import com.fr.third.org.bouncycastle.asn1.ASN1Sequence;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject;
import com.fr.third.org.bouncycastle.asn1.DEREnumerated;
import com.fr.third.org.bouncycastle.asn1.DERInteger;
import com.fr.third.org.bouncycastle.asn1.DERNull;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DERSequence;
import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.DERTaggedObject;
import com.fr.third.org.bouncycastle.asn1.DERUTCTime;
import com.fr.third.org.bouncycastle.asn1.cms.AttributeTable;
import com.fr.third.org.bouncycastle.asn1.cms.Attribute;
import com.fr.third.org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import com.fr.third.org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser;
import com.fr.third.org.bouncycastle.jce.provider.X509CertParser;
import java.security.cert.CertificateParsingException;
import java.util.Date;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.tsp.MessageImprint;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.tsp.TimeStampToken;
import com.fr.third.org.bouncycastle.asn1.ASN1OctetString;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint;
import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions;
//import org.bouncycastle.ocsp.BasicOCSPResp;
//import org.bouncycastle.ocsp.CertificateID;
//import org.bouncycastle.ocsp.SingleResp;
//import org.bouncycastle.tsp.TimeStampToken;
/**
* This class does all the processing related to signing and verifying a PKCS#7
@ -167,7 +167,7 @@ public class PdfPKCS7 {
*/
private String signName;
private TimeStampToken timeStampToken;
// private TimeStampToken timeStampToken;
private static final HashMap digestNames = new HashMap();
private static final HashMap algorithmNames = new HashMap();
@ -273,23 +273,23 @@ public class PdfPKCS7 {
* @return the timestamp token or null
* @since 2.1.6
*/
public TimeStampToken getTimeStampToken() {
return timeStampToken;
}
// public TimeStampToken getTimeStampToken() {
// return timeStampToken;
// }
/**
* Gets the timestamp date
* @return a date
* @since 2.1.6
*/
public Calendar getTimeStampDate() {
if (timeStampToken == null)
return null;
Calendar cal = new GregorianCalendar();
Date date = timeStampToken.getTimeStampInfo().getGenTime();
cal.setTime(date);
return cal;
}
// public Calendar getTimeStampDate() {
// if (timeStampToken == null)
// return null;
// Calendar cal = new GregorianCalendar();
// Date date = timeStampToken.getTimeStampInfo().getGenTime();
// cal.setTime(date);
// return cal;
// }
/**
* Verifies a signature using the sub-filter adbe.x509.rsa_sha1.
@ -319,19 +319,19 @@ public class PdfPKCS7 {
}
}
private BasicOCSPResp basicResp;
// private BasicOCSPResp basicResp;
/**
* Gets the OCSP basic response if there is one.
* @return the OCSP basic response or null
* @since 2.1.6
*/
public BasicOCSPResp getOcsp() {
return basicResp;
}
// public BasicOCSPResp getOcsp() {
// return basicResp;
// }
private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null;
// basicResp = null;
boolean ret = false;
while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier)
@ -362,7 +362,7 @@ public class PdfPKCS7 {
DEROctetString os = (DEROctetString)seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp);
// basicResp = new BasicOCSPResp(resp);
}
/**
@ -379,7 +379,7 @@ public class PdfPKCS7 {
//
// Basic checks to make sure it's a PKCS#7 SignedData Object
//
DERObject pkcs;
ASN1Object pkcs;
try {
pkcs = din.readObject();
@ -464,7 +464,7 @@ public class PdfPKCS7 {
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
sigAttr = sseq.getEncoded(ASN1Encodable.DER);
sigAttr = sseq.getEncoded("DER");
for (int k = 0; k < sseq.size(); ++k) {
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
@ -499,7 +499,7 @@ public class PdfPKCS7 {
ASN1Set attributeValues = ts.getAttrValues();
ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0));
ContentInfo contentInfo = new ContentInfo(tokenSequence);
this.timeStampToken = new TimeStampToken(contentInfo);
// this.timeStampToken = new TimeStampToken(contentInfo);
}
}
if (RSAdata != null || digestAttr != null) {
@ -641,15 +641,15 @@ public class PdfPKCS7 {
* @return true if it checks false otherwise
* @since 2.1.6
*/
public boolean verifyTimestampImprint() throws NoSuchAlgorithmException {
if (timeStampToken == null)
return false;
MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint();
byte[] md = MessageDigest.getInstance("SHA-1").digest(digest);
byte[] imphashed = imprint.getHashedMessage();
boolean res = Arrays.equals(md, imphashed);
return res;
}
// public boolean verifyTimestampImprint() throws NoSuchAlgorithmException {
// if (timeStampToken == null)
// return false;
// MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint();
// byte[] md = MessageDigest.getInstance("SHA-1").digest(digest);
// byte[] imphashed = imprint.getHashedMessage();
// boolean res = Arrays.equals(md, imphashed);
// return res;
// }
/**
* Get all the X.509 certificates associated with this PKCS#7 object in no particular order.
@ -888,27 +888,27 @@ public class PdfPKCS7 {
* @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6
*/
public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
if (provider == null)
provider = "BC";
try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try {
String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
if (ocsp.verify(certStoreX509.getPublicKey(), provider))
return true;
}
catch (Exception ex) {
}
}
}
catch (Exception e) {
}
return false;
}
// public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
// if (provider == null)
// provider = "BC";
// try {
// for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
// try {
// String alias = (String)aliases.nextElement();
// if (!keystore.isCertificateEntry(alias))
// continue;
// X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
// if (ocsp.verify(certStoreX509.getPublicKey(), provider))
// return true;
// }
// catch (Exception ex) {
// }
// }
// }
// catch (Exception e) {
// }
// return false;
// }
/**
* Verifies a timestamp against a KeyStore.
@ -918,27 +918,27 @@ public class PdfPKCS7 {
* @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6
*/
public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) {
if (provider == null)
provider = "BC";
try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try {
String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
ts.validate(certStoreX509, provider);
return true;
}
catch (Exception ex) {
}
}
}
catch (Exception e) {
}
return false;
}
// public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) {
// if (provider == null)
// provider = "BC";
// try {
// for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
// try {
// String alias = (String)aliases.nextElement();
// if (!keystore.isCertificateEntry(alias))
// continue;
// X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
// ts.validate(certStoreX509, provider);
// return true;
// }
// catch (Exception ex) {
// }
// }
// }
// catch (Exception e) {
// }
// return false;
// }
/**
* Retrieves the OCSP URL from the given certificate.
@ -949,7 +949,7 @@ public class PdfPKCS7 {
*/
public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException {
try {
DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
ASN1Object obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
if (obj == null) {
return null;
}
@ -961,7 +961,7 @@ public class PdfPKCS7 {
continue;
} else {
if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1));
String AccessLocation = getStringFromGeneralName((ASN1Object)AccessDescription.getObjectAt(1));
if ( AccessLocation == null ) {
return "" ;
} else {
@ -980,26 +980,26 @@ public class PdfPKCS7 {
* @return true if it checks false otherwise
* @since 2.1.6
*/
public boolean isRevocationValid() {
if (basicResp == null)
return false;
if (signCerts.size() < 2)
return false;
try {
X509Certificate[] cs = (X509Certificate[])getSignCertificateChain();
SingleResp sr = basicResp.getResponses()[0];
CertificateID cid = sr.getCertID();
X509Certificate sigcer = getSigningCertificate();
X509Certificate isscer = cs[1];
CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber());
return tis.equals(cid);
}
catch (Exception ex) {
}
return false;
}
// public boolean isRevocationValid() {
// if (basicResp == null)
// return false;
// if (signCerts.size() < 2)
// return false;
// try {
// X509Certificate[] cs = (X509Certificate[])getSignCertificateChain();
// SingleResp sr = basicResp.getResponses()[0];
// CertificateID cid = sr.getCertID();
// X509Certificate sigcer = getSigningCertificate();
// X509Certificate isscer = cs[1];
// CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber());
// return tis.equals(cid);
// }
// catch (Exception ex) {
// }
// return false;
// }
private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException {
private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException {
byte[] bytes = cert.getExtensionValue(oid);
if (bytes == null) {
return null;
@ -1010,7 +1010,7 @@ public class PdfPKCS7 {
return aIn.readObject();
}
private static String getStringFromGeneralName(DERObject names) throws IOException {
private static String getStringFromGeneralName(ASN1Object names) throws IOException {
DERTaggedObject taggedObject = (DERTaggedObject) names ;
return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1");
}
@ -1020,11 +1020,11 @@ public class PdfPKCS7 {
* @param enc a TBSCertificate in a byte array
* @return a DERObject
*/
private static DERObject getIssuer(byte[] enc) {
private static ASN1Object getIssuer(byte[] enc) {
try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
}
catch (IOException e) {
throw new ExceptionConverter(e);
@ -1036,11 +1036,11 @@ public class PdfPKCS7 {
* @param enc A TBSCertificate in a byte array
* @return a DERObject
*/
private static DERObject getSubject(byte[] enc) {
private static ASN1Object getSubject(byte[] enc) {
try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
}
catch (IOException e) {
throw new ExceptionConverter(e);
@ -1340,7 +1340,7 @@ public class PdfPKCS7 {
*/
public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) {
try {
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER);
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER");
}
catch (Exception e) {
throw new ExceptionConverter(e);
@ -1575,7 +1575,7 @@ public class PdfPKCS7 {
vs = new ArrayList();
values.put(id, vs);
}
vs.add(((DERString)s.getObjectAt(1)).getString());
vs.add(((ASN1String)s.getObjectAt(1)).getString());
}
}
}

45
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
Unescape View File

@ -89,6 +89,8 @@
package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@ -107,22 +109,21 @@ import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import com.fr.third.org.bouncycastle.asn1.DERSet;
import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import com.fr.third.org.bouncycastle.asn1.cms.EnvelopedData;
import com.fr.third.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import com.fr.third.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import com.fr.third.org.bouncycastle.asn1.cms.RecipientIdentifier;
import com.fr.third.org.bouncycastle.asn1.cms.RecipientInfo;
import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.fr.third.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure;
/**
* @author Aiken Sam (aikensam@ieee.org)
@ -244,7 +245,7 @@ public class PdfPublicKeySecurityHandler {
pkcs7input[22] = two;
pkcs7input[23] = one;
DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@ -276,7 +277,7 @@ public class PdfPublicKeySecurityHandler {
return EncodedRecipients;
}
private DERObject createDERForRecipient(byte[] in, X509Certificate cert)
private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException,
GeneralSecurityException
{
@ -287,7 +288,7 @@ public class PdfPublicKeySecurityHandler {
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
DERObject derobject = asn1inputstream.readObject();
ASN1Object derobject = asn1inputstream.readObject();
KeyGenerator keygenerator = KeyGenerator.getInstance(s);
keygenerator.init(128);
SecretKey secretkey = keygenerator.generateKey();
@ -300,10 +301,10 @@ public class PdfPublicKeySecurityHandler {
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null);
ContentInfo contentinfo =
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
return contentinfo.getDERObject();
return contentinfo.getContentType();
}
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
@ -318,7 +319,7 @@ public class PdfPublicKeySecurityHandler {
new IssuerAndSerialNumber(
tbscertificatestructure.getIssuer(),
tbscertificatestructure.getSerialNumber().getValue());
Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId());
Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());
cipher.init(1, x509certificate);
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);

40
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfReader.java
Unescape View File

@ -79,8 +79,8 @@ import com.fr.third.v2.lowagie.text.pdf.interfaces.PdfViewerPreferences;
import com.fr.third.v2.lowagie.text.pdf.internal.PdfViewerPreferencesImp;
import com.fr.third.v2.lowagie.text.exceptions.BadPasswordException;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.RecipientInformation;
//import org.bouncycastle.cms.CMSEnvelopedData;
//import org.bouncycastle.cms.RecipientInformation;
/** Reads a PDF document.
* @author Paulo Soares (psoares@consiste.pt)
@ -710,24 +710,24 @@ public class PdfReader implements PdfViewerPreferences {
PdfObject recipient = recipients.getPdfObject(i);
strings.remove(recipient);
CMSEnvelopedData data = null;
try {
data = new CMSEnvelopedData(recipient.getBytes());
Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator();
while (recipientCertificatesIt.hasNext()) {
RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next();
if (recipientInfo.getRID().match(certificate) && !foundRecipient) {
envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider);
foundRecipient = true;
}
}
}
catch (Exception f) {
throw new ExceptionConverter(f);
}
// CMSEnvelopedData data = null;
// try {
// data = new CMSEnvelopedData(recipient.getBytes());
//
// Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator();
//
// while (recipientCertificatesIt.hasNext()) {
// RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next();
//
// if (recipientInfo.getRID().match(certificate) && !foundRecipient) {
// envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider);
// foundRecipient = true;
// }
// }
// }
// catch (Exception f) {
// throw new ExceptionConverter(f);
// }
}
if(!foundRecipient || envelopedData == null) {

460
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/TSAClientBouncyCastle.java
Unescape View File

@ -1,230 +1,230 @@
/*
* $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $
*
* Copyright 2009 Martin Brunecky, Aiken Sam
*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the License.
*
* The Original Code is 'iText, a free JAVA-PDF library'.
*
* The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
* the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
* All Rights Reserved.
* Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
* are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved.
*
* Contributor(s): all the names of the contributors are added in the source code
* where applicable.
*
* Alternatively, the contents of this file may be used under the terms of the
* LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
* provisions of LGPL are applicable instead of those above. If you wish to
* allow use of your version of this file only under the terms of the LGPL
* License and not to allow others to use your version of this file under
* the MPL, indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by the LGPL.
* If you do not delete the provisions above, a recipient may use your version
* of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
*
* This library is free software; you can redistribute it and/or modify it
* under the terms of the MPL as stated above or under the terms of the GNU
* Library General Public License as published by the Free Software Foundation;
* either version 2 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
* details.
*
* If you didn't download this code from the following link, you should check if
* you aren't using an obsolete version:
* http://www.lowagie.com/iText/
*/
package com.fr.third.v2.lowagie.text.pdf;
import java.io.*;
import java.math.*;
import java.net.*;
import org.bouncycastle.asn1.cmp.*;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.tsp.*;
import com.fr.third.v2.lowagie.text.pdf.codec.Base64;
/**
* Time Stamp Authority Client interface implementation using Bouncy Castle
* org.bouncycastle.tsp package.
* <p>
* Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007
* for ease of subclassing.
* </p>
* @since 2.1.6
*/
public class TSAClientBouncyCastle implements TSAClient {
/** URL of the Time Stamp Authority */
protected String tsaURL;
/** TSA Username */
protected String tsaUsername;
/** TSA password */
protected String tsaPassword;
/** Estimate of the received time stamp token */
protected int tokSzEstimate;
/**
* Creates an instance of a TSAClient that will use BouncyCastle.
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
*/
public TSAClientBouncyCastle(String url) {
this(url, null, null, 4096);
}
/**
* Creates an instance of a TSAClient that will use BouncyCastle.
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
* @param username String - user(account) name
* @param password String - password
*/
public TSAClientBouncyCastle(String url, String username, String password) {
this(url, username, password, 4096);
}
/**
* Constructor.
* Note the token size estimate is updated by each call, as the token
* size is not likely to change (as long as we call the same TSA using
* the same imprint length).
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
* @param username String - user(account) name
* @param password String - password
* @param tokSzEstimate int - estimated size of received time stamp token (DER encoded)
*/
public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) {
this.tsaURL = url;
this.tsaUsername = username;
this.tsaPassword = password;
this.tokSzEstimate = tokSzEstimate;
}
/**
* Get the token size estimate.
* Returned value reflects the result of the last succesfull call, padded
* @return an estimate of the token size
*/
public int getTokenSizeEstimate() {
return tokSzEstimate;
}
/**
* Get RFC 3161 timeStampToken.
* Method may return null indicating that timestamp should be skipped.
* @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)
* @param imprint byte[] - data imprint to be time-stamped
* @return byte[] - encoded, TSA signed data of the timeStampToken
* @throws Exception - TSA request failed
* @see TSAClient#getTimeStampToken(PdfPKCS7, byte[])
*/
public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception {
return getTimeStampToken(imprint);
}
/**
* Get timestamp token - Bouncy Castle request encoding / decoding layer
*/
protected byte[] getTimeStampToken(byte[] imprint) throws Exception {
byte[] respBytes = null;
try {
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.setCertReq(true);
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce);
byte[] requestBytes = request.getEncoded();
// Call the communications layer
respBytes = getTSAResponse(requestBytes);
// Handle the TSA response
TimeStampResponse response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.validate(request);
PKIFailureInfo failure = response.getFailInfo();
int value = (failure == null) ? 0 : failure.intValue();
if (value != 0) {
// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value);
}
// @todo: validate the time stap certificate chain (if we want
// assure we do not sign using an invalid timestamp).
// extract just the time stamp token (removes communication status info)
TimeStampToken tsToken = response.getTimeStampToken();
if (tsToken == null) {
throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString());
}
TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details
byte[] encoded = tsToken.getEncoded();
long stop = System.currentTimeMillis();
// Update our token size estimate for the next call (padded to be safe)
this.tokSzEstimate = encoded.length + 32;
return encoded;
} catch (Exception e) {
throw e;
} catch (Throwable t) {
throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t);
}
}
/**
* Get timestamp token - communications layer
* @return - byte[] - TSA response, raw bytes (RFC 3161 encoded)
*/
protected byte[] getTSAResponse(byte[] requestBytes) throws Exception {
// Setup the TSA connection
URL url = new URL(tsaURL);
URLConnection tsaConnection;
tsaConnection = (URLConnection) url.openConnection();
tsaConnection.setDoInput(true);
tsaConnection.setDoOutput(true);
tsaConnection.setUseCaches(false);
tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query");
//tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64");
tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
if ((tsaUsername != null) && !tsaUsername.equals("") ) {
String userPassword = tsaUsername + ":" + tsaPassword;
tsaConnection.setRequestProperty("Authorization", "Basic " +
new String(Base64.encodeBytes(userPassword.getBytes())));
}
OutputStream out = tsaConnection.getOutputStream();
out.write(requestBytes);
out.close();
// Get TSA response as a byte array
InputStream inp = tsaConnection.getInputStream();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
int bytesRead = 0;
while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) {
baos.write(buffer, 0, bytesRead);
}
byte[] respBytes = baos.toByteArray();
String encoding = tsaConnection.getContentEncoding();
if (encoding != null && encoding.equalsIgnoreCase("base64")) {
respBytes = Base64.decode(new String(respBytes));
}
return respBytes;
}
}
///*
// * $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $
// *
// * Copyright 2009 Martin Brunecky, Aiken Sam
// *
// * The contents of this file are subject to the Mozilla Public License Version 1.1
// * (the "License"); you may not use this file except in compliance with the License.
// * You may obtain a copy of the License at http://www.mozilla.org/MPL/
// *
// * Software distributed under the License is distributed on an "AS IS" basis,
// * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
// * for the specific language governing rights and limitations under the License.
// *
// * The Original Code is 'iText, a free JAVA-PDF library'.
// *
// * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
// * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
// * All Rights Reserved.
// * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
// * are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved.
// *
// * Contributor(s): all the names of the contributors are added in the source code
// * where applicable.
// *
// * Alternatively, the contents of this file may be used under the terms of the
// * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
// * provisions of LGPL are applicable instead of those above. If you wish to
// * allow use of your version of this file only under the terms of the LGPL
// * License and not to allow others to use your version of this file under
// * the MPL, indicate your decision by deleting the provisions above and
// * replace them with the notice and other provisions required by the LGPL.
// * If you do not delete the provisions above, a recipient may use your version
// * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
// *
// * This library is free software; you can redistribute it and/or modify it
// * under the terms of the MPL as stated above or under the terms of the GNU
// * Library General Public License as published by the Free Software Foundation;
// * either version 2 of the License, or any later version.
// *
// * This library is distributed in the hope that it will be useful, but WITHOUT
// * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
// * details.
// *
// * If you didn't download this code from the following link, you should check if
// * you aren't using an obsolete version:
// * http://www.lowagie.com/iText/
// */
//
//package com.fr.third.v2.lowagie.text.pdf;
//
//import java.io.*;
//import java.math.*;
//import java.net.*;
//
//import org.bouncycastle.asn1.cmp.*;
//import org.bouncycastle.asn1.x509.*;
//import org.bouncycastle.tsp.*;
//
//import com.fr.third.v2.lowagie.text.pdf.codec.Base64;
//
///**
// * Time Stamp Authority Client interface implementation using Bouncy Castle
// * org.bouncycastle.tsp package.
// * <p>
// * Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007
// * for ease of subclassing.
// * </p>
// * @since 2.1.6
// */
//public class TSAClientBouncyCastle implements TSAClient {
// /** URL of the Time Stamp Authority */
// protected String tsaURL;
// /** TSA Username */
// protected String tsaUsername;
// /** TSA password */
// protected String tsaPassword;
// /** Estimate of the received time stamp token */
// protected int tokSzEstimate;
//
// /**
// * Creates an instance of a TSAClient that will use BouncyCastle.
// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
// */
// public TSAClientBouncyCastle(String url) {
// this(url, null, null, 4096);
// }
//
// /**
// * Creates an instance of a TSAClient that will use BouncyCastle.
// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
// * @param username String - user(account) name
// * @param password String - password
// */
// public TSAClientBouncyCastle(String url, String username, String password) {
// this(url, username, password, 4096);
// }
//
// /**
// * Constructor.
// * Note the token size estimate is updated by each call, as the token
// * size is not likely to change (as long as we call the same TSA using
// * the same imprint length).
// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
// * @param username String - user(account) name
// * @param password String - password
// * @param tokSzEstimate int - estimated size of received time stamp token (DER encoded)
// */
// public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) {
// this.tsaURL = url;
// this.tsaUsername = username;
// this.tsaPassword = password;
// this.tokSzEstimate = tokSzEstimate;
// }
//
// /**
// * Get the token size estimate.
// * Returned value reflects the result of the last succesfull call, padded
// * @return an estimate of the token size
// */
// public int getTokenSizeEstimate() {
// return tokSzEstimate;
// }
//
// /**
// * Get RFC 3161 timeStampToken.
// * Method may return null indicating that timestamp should be skipped.
// * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)
// * @param imprint byte[] - data imprint to be time-stamped
// * @return byte[] - encoded, TSA signed data of the timeStampToken
// * @throws Exception - TSA request failed
// * @see TSAClient#getTimeStampToken(PdfPKCS7, byte[])
// */
// public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception {
// return getTimeStampToken(imprint);
// }
//
// /**
// * Get timestamp token - Bouncy Castle request encoding / decoding layer
// */
// protected byte[] getTimeStampToken(byte[] imprint) throws Exception {
// byte[] respBytes = null;
// try {
// // Setup the time stamp request
// TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
// tsqGenerator.setCertReq(true);
// // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
// BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
// TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce);
// byte[] requestBytes = request.getEncoded();
//
// // Call the communications layer
// respBytes = getTSAResponse(requestBytes);
//
// // Handle the TSA response
// TimeStampResponse response = new TimeStampResponse(respBytes);
//
// // validate communication level attributes (RFC 3161 PKIStatus)
// response.validate(request);
// PKIFailureInfo failure = response.getFailInfo();
// int value = (failure == null) ? 0 : failure.intValue();
// if (value != 0) {
// // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
// throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value);
// }
// // @todo: validate the time stap certificate chain (if we want
// // assure we do not sign using an invalid timestamp).
//
// // extract just the time stamp token (removes communication status info)
// TimeStampToken tsToken = response.getTimeStampToken();
// if (tsToken == null) {
// throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString());
// }
// TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details
// byte[] encoded = tsToken.getEncoded();
// long stop = System.currentTimeMillis();
//
// // Update our token size estimate for the next call (padded to be safe)
// this.tokSzEstimate = encoded.length + 32;
// return encoded;
// } catch (Exception e) {
// throw e;
// } catch (Throwable t) {
// throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t);
// }
// }
//
// /**
// * Get timestamp token - communications layer
// * @return - byte[] - TSA response, raw bytes (RFC 3161 encoded)
// */
// protected byte[] getTSAResponse(byte[] requestBytes) throws Exception {
// // Setup the TSA connection
// URL url = new URL(tsaURL);
// URLConnection tsaConnection;
// tsaConnection = (URLConnection) url.openConnection();
//
// tsaConnection.setDoInput(true);
// tsaConnection.setDoOutput(true);
// tsaConnection.setUseCaches(false);
// tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query");
// //tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64");
// tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
//
// if ((tsaUsername != null) && !tsaUsername.equals("") ) {
// String userPassword = tsaUsername + ":" + tsaPassword;
// tsaConnection.setRequestProperty("Authorization", "Basic " +
// new String(Base64.encodeBytes(userPassword.getBytes())));
// }
// OutputStream out = tsaConnection.getOutputStream();
// out.write(requestBytes);
// out.close();
//
// // Get TSA response as a byte array
// InputStream inp = tsaConnection.getInputStream();
// ByteArrayOutputStream baos = new ByteArrayOutputStream();
// byte[] buffer = new byte[1024];
// int bytesRead = 0;
// while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) {
// baos.write(buffer, 0, bytesRead);
// }
// byte[] respBytes = baos.toByteArray();
//
// String encoding = tsaConnection.getContentEncoding();
// if (encoding != null && encoding.equalsIgnoreCase("base64")) {
// respBytes = Base64.decode(new String(respBytes));
// }
// return respBytes;
// }
//}

12
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/crypto/AESCipher.java
Unescape View File

@ -48,12 +48,12 @@
*/
package com.fr.third.v2.lowagie.text.pdf.crypto;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import com.fr.third.org.bouncycastle.crypto.BlockCipher;
import com.fr.third.org.bouncycastle.crypto.engines.AESFastEngine;
import com.fr.third.org.bouncycastle.crypto.modes.CBCBlockCipher;
import com.fr.third.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import com.fr.third.org.bouncycastle.crypto.params.KeyParameter;
import com.fr.third.org.bouncycastle.crypto.params.ParametersWithIV;
/**
* Creates an AES Cipher with CBC and padding PKCS5/7.

Write Preview
Loading…
Cancel
Save